-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Folks,
I seem to be having a problem trying to use form-based authentication. What worked in 7.0.62 no longer works in 7.0.63. Using 7.0.62 I can successfully authenticate in my toy application and the latest version of Jenkins. Using 7.0.63 I end up on the form error page in my toy application and the latest version of Jenkins. I've not changed any of the configuration files. I run Tomcat using $CATALINA_HOME and $CATALINA_BASE. To upgrade Tomcat, I just install a new version and move some links around. Here is a rundown of my environment: Structure - --------- CentOS 6.6 - latest updates Apache HTTPD 2.2.15-39.el6.centos.x86_64 mod_jk 1.2.40 Tomcat 7.0.62 (7.0.63) JRE 1.8.0_45 uriworkermap.properties - ----------------------- /jenkins|/*=loki /RPets|/*=loki worker.properties - ----------------- worker.list=jk-status,jk-manager,loki worker.jk-status.type=status worker.jk-status.read_only=true worker.jk-manager.type=status worker.template.type=ajp13 worker.template.host=127.0.0.1 worker.template.socket_connect_timeout=5000 worker.template.socket_keepalive=true worker.template.ping_mode=A worker.template.ping_timeout=10000 worker.template.connection_pool_minsize=0 worker.template.connection_pool_timeout=600 worker.template.reply_timeout=300000 worker.template.recovery_options=3 worker.loki.reference=worker.template worker.loki.port=8009 modjk.conf - ---------- LoadModule jk_module modules/mod_jk.so <IfModule jk_module> JkWorkersFile conf.d/workers.properties JkLogFile logs/mod_jk.log JkLogLevel info JkOptions +RejectUnsafeURI JkWatchdogInterval 60 <Location /jk-status> JkMount jk-status Order Deny,Allow Deny from all Allow from 127.0.0.1 Allow from 192.168.0.0/255.255.255.0 </Location> <Location /jk-manager> JkMount jk-manager Order deny,allow Deny from all Allow from 127.0.0.1 Allow from 192.168.0.0/255.255.255.0 </Location> JkMountFile conf.d/uriworkermap.properties </IfModule> server.xml (sorry for the wrapping) - ---------- <?xml version="1.0" encoding="utf-8" standalone="no"?> <Server port="8005" shutdown="SHUTDOWN"> <Listener className="org.apache.catalina.startup.VersionLoggerListener" /> <Listener SSLEngine="on" className="org.apache.catalina.core.AprLifecycleListener" /> <Listener className="org.apache.catalina.core.JasperListener" /> <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" /> <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/ > <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/> <GlobalNamingResources> <Resource auth="Container" description="User database that can be updated and saved" factory="org.apache.catalina.users.MemoryUserDatabaseFactory" name="UserDatabase" pathname="conf/tomcat-users.xml" type="org.apache.catalina.UserDatabase" /> </GlobalNamingResources> <Service name="Catalina"> <Connector URIEncoding="UTF-8" address="192.168.0.202" connectionTimeout="20000" maxConnections="4" port="8080" protocol="HTTP/1.1" redirectPort="8443" /> <Connector URIEncoding="UTF-8" connectionTimeout="600000" maxPostSize="0" port="8009" protocol="AJP/1.3" redirectPort="8443" /> <Engine defaultHost="localhost" name="Catalina"> <Realm className="org.apache.catalina.realm.LockOutRealm"> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase" /> </Realm> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="combined" prefix="localhost-access-" suffix=".log" /> </Host> <Host appBase="/home/tcadmin/Platforms/loki/vhosts/loki/webapps" autoDeploy="true" name="loki" unpackWARs="true"> <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" pattern="combined" prefix="loki-access-" suffix=".log" /> <Alias>loki.mdeggers.org</Alias> </Host> </Engine> </Service> </Server> Working - ------- Browser -- Apache HTTPD -- mod_jk -- Tomcat 7.0.62 -- application Browser -- Tomcat 7.0.62 -- application Browser -- Tomcat 7.0.63 -- application Failing - ------- Browser -- Apache HTTPD -- mod_jk -- Tomcat 7.0.63 -- application I've tried the above with and without Tomcat native being present. The success and failure pattern is the same. If just my application was failing I would say that I need to learn more about J2EE authentication and authorization (probably still do). Unfortunately Jenkins also fails in the same manner. I didn't see anything obvious in Bugzilla or the Changelog. I have network traces for the traffic between the browser and the front end Apache HTTPD server if they might be of use. My toy application is a bit light on logging. I could augment the application (needs to be cleaned up anyway) to generate more logging information. . . . puzzled /mde/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBAgAGBQJVnwVfAAoJEEFGbsYNeTwtGqkH/iMVKywZZIQmtJid6O9PwbZX bR2zLGRulnlkk+VHzaF8bPhPVVKpjEvWW3bLLbR19CchRc1Vgmm0IJMRgKZ9W8UA 70KC9xwAWH8x0tEwnBBRVuH9OuXz23m4PmrtqyB8fZg0LQ/SMXJZynlHDc3sxTje yPMUlqyyfHwWDkxUE2nsP7cDfWX+wFPiRUkTik4pXM4RhMo4P9KD7znlF8IIH5Rr WO+3WcVFl995e32ChWxuNyvBHizDhGvX5n4XKu+5sYjKo0GdbUmb8DlI3kQhZOgI ul8Ly7eph2bgBNvZoSvAYLSAgs7cbM231DVNxKam+dNaH1GwTSIS9FrZEUSLV00= =A7IM -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org