-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Folks,
I seem to be having a problem trying to use form-based authentication.
What worked in 7.0.62 no longer works in 7.0.63. Using 7.0.62 I can
successfully authenticate in my toy application and the latest version
of Jenkins. Using 7.0.63 I end up on the form error page in my toy
application and the latest version of Jenkins.
I've not changed any of the configuration files. I run Tomcat using
$CATALINA_HOME and $CATALINA_BASE. To upgrade Tomcat, I just install a
new version and move some links around.
Here is a rundown of my environment:
Structure
- ---------
CentOS 6.6 - latest updates
Apache HTTPD 2.2.15-39.el6.centos.x86_64
mod_jk 1.2.40
Tomcat 7.0.62 (7.0.63)
JRE 1.8.0_45
uriworkermap.properties
- -----------------------
/jenkins|/*=loki
/RPets|/*=loki
worker.properties
- -----------------
worker.list=jk-status,jk-manager,loki
worker.jk-status.type=status
worker.jk-status.read_only=true
worker.jk-manager.type=status
worker.template.type=ajp13
worker.template.host=127.0.0.1
worker.template.socket_connect_timeout=5000
worker.template.socket_keepalive=true
worker.template.ping_mode=A
worker.template.ping_timeout=10000
worker.template.connection_pool_minsize=0
worker.template.connection_pool_timeout=600
worker.template.reply_timeout=300000
worker.template.recovery_options=3
worker.loki.reference=worker.template
worker.loki.port=8009
modjk.conf
- ----------
LoadModule jk_module modules/mod_jk.so
<IfModule jk_module>
JkWorkersFile conf.d/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel info
JkOptions +RejectUnsafeURI
JkWatchdogInterval 60
<Location /jk-status>
JkMount jk-status
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/255.255.255.0
</Location>
<Location /jk-manager>
JkMount jk-manager
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.0.0/255.255.255.0
</Location>
JkMountFile conf.d/uriworkermap.properties
</IfModule>
server.xml (sorry for the wrapping)
- ----------
<?xml version="1.0" encoding="utf-8" standalone="no"?>
<Server port="8005"
shutdown="SHUTDOWN">
<Listener
className="org.apache.catalina.startup.VersionLoggerListener" />
<Listener SSLEngine="on"
className="org.apache.catalina.core.AprLifecycleListener" />
<Listener className="org.apache.catalina.core.JasperListener" />
<Listener
className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/
>
<Listener
className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<GlobalNamingResources>
<Resource auth="Container"
description="User database that can be updated and saved"
factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
name="UserDatabase"
pathname="conf/tomcat-users.xml"
type="org.apache.catalina.UserDatabase" />
</GlobalNamingResources>
<Service name="Catalina">
<Connector URIEncoding="UTF-8"
address="192.168.0.202"
connectionTimeout="20000"
maxConnections="4"
port="8080"
protocol="HTTP/1.1"
redirectPort="8443" />
<Connector URIEncoding="UTF-8"
connectionTimeout="600000"
maxPostSize="0"
port="8009"
protocol="AJP/1.3"
redirectPort="8443" />
<Engine defaultHost="localhost"
name="Catalina">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
</Realm>
<Host appBase="webapps"
autoDeploy="true"
name="localhost"
unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
pattern="combined"
prefix="localhost-access-"
suffix=".log" />
</Host>
<Host appBase="/home/tcadmin/Platforms/loki/vhosts/loki/webapps"
autoDeploy="true"
name="loki"
unpackWARs="true">
<Valve className="org.apache.catalina.valves.AccessLogValve"
directory="logs"
pattern="combined"
prefix="loki-access-"
suffix=".log" />
<Alias>loki.mdeggers.org</Alias>
</Host>
</Engine>
</Service>
</Server>
Working
- -------
Browser -- Apache HTTPD -- mod_jk -- Tomcat 7.0.62 -- application
Browser -- Tomcat 7.0.62 -- application
Browser -- Tomcat 7.0.63 -- application
Failing
- -------
Browser -- Apache HTTPD -- mod_jk -- Tomcat 7.0.63 -- application
I've tried the above with and without Tomcat native being present. The
success and failure pattern is the same.
If just my application was failing I would say that I need to learn
more about J2EE authentication and authorization (probably still do).
Unfortunately Jenkins also fails in the same manner.
I didn't see anything obvious in Bugzilla or the Changelog.
I have network traces for the traffic between the browser and the
front end Apache HTTPD server if they might be of use.
My toy application is a bit light on logging. I could augment the
application (needs to be cleaned up anyway) to generate more logging
information.
. . . puzzled
/mde/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBAgAGBQJVnwVfAAoJEEFGbsYNeTwtGqkH/iMVKywZZIQmtJid6O9PwbZX
bR2zLGRulnlkk+VHzaF8bPhPVVKpjEvWW3bLLbR19CchRc1Vgmm0IJMRgKZ9W8UA
70KC9xwAWH8x0tEwnBBRVuH9OuXz23m4PmrtqyB8fZg0LQ/SMXJZynlHDc3sxTje
yPMUlqyyfHwWDkxUE2nsP7cDfWX+wFPiRUkTik4pXM4RhMo4P9KD7znlF8IIH5Rr
WO+3WcVFl995e32ChWxuNyvBHizDhGvX5n4XKu+5sYjKo0GdbUmb8DlI3kQhZOgI
ul8Ly7eph2bgBNvZoSvAYLSAgs7cbM231DVNxKam+dNaH1GwTSIS9FrZEUSLV00=
=A7IM
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
