On 08/01/2019 18:06, Mark Thomas wrote: > This works for me with a clean install of trunk (with appropriate > configuration). There have been no relevant changes since 9.0.14. > > It looks like the CATALINA_BASE environment variable is not set or can't > be found for some reason. It might be related to running as a Windows > service - that needs further investigation. > > If you want to dig into this you can debug you way through the Tomcat > code (remote debugging with a break-point at line 218 of > JAASCallbackHandler would be the place to start). Alternatively, if you > just want a quick fix, explicitly setting the pathname attribute of the > JAASMemoryLoginModule to the absolute path to the tomcat-users.xml file > should work.
This also works when using a Window service (trunk again, installed via service.bat). This looks like an environmental issue. Debugging is probably your best option to get to the bottom of this. Mark > > Mark > > > > > On 08/01/2019 16:31, PJ Pillai wrote: >> Hi Christopher, >> >> This is no issue with loading jaas.config. The file is loaded fine. I've >> set the java options as below. >> -Djava.security.auth.login.config=C:\Program Files\Apache Software >> Foundation\Tomcat 9.0\conf\jaas.config >> >> The above path is correct. Just to verify if the file is loaded, I changed >> the path to that do not exist and I go the file not exception. This proves >> that the value I've for jaas.config is right. >> Did you look at code below that I pointed out? This code output that >> warning message >> >> https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r >> ealm/JAASMemoryLoginModule.java#L384 >> >> Thanks, >> PJ >> >> >> On Sat, Jan 5, 2019 at 7:04 AM Christopher Schultz < >> [email protected]> wrote: >> >> PJ, >> >> On 1/3/19 12:09, PJ Pillai wrote: >>>>> Hi Christopher, >>>>> >>>>> This is no an issue with locating jaas.config. I've set it in java >>>>> options as -Djava.security.auth.login.config=C:\Program >>>>> Files\Apache Software Foundation\Tomcat 9.0\conf\jaas.config I also >>>>> tested changing a file that do not exist and I got the FileNotFound >>>>> exception so it is not the issue with jaas.config. >>>>> >>>>> From the code what I read is that JAASMemoryLoginModule pathname >>>>> still using the default value (conf/tomcat-users.xml), Tomcat is >>>>> running on Windows so not sure why pathname is >>>>> conf/tomcat-users.xml). >>>>> >>>>> See the line below in the code that log this warning message. >>>>> https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r >> ealm/JAASMemoryLoginModule.java#L384 >> <https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java#L384> >>>>> >>>>> see attached log file. All the JVM arguments in the log are >>>>> correct. >> >> Your attachment was stripped from the mailing list. >> >> conf/tomcat-users.xml is never used as a JAAS configuration file. That >> is a user database. >> >> The slashes are "backward" for you because \ is a metacharacter in >> almost every OS and programming language. Java translates / to \ on >> Windows as necessary. >> >> -chris >> >>>>> On Thu, Jan 3, 2019 at 6:55 AM Christopher Schultz >>>>> <[email protected] >>>>> <mailto:[email protected]>> wrote: >>>>> >>>>> PJ, >>>>> >>>>> On 1/2/19 22:15, PJ Pillai wrote: >>>>>> Here is additional information. 1. Tomcat is running on Windows >>>>>> 2016 server. 2. Tomcat is started as windows service. >>>>> >>>>>> I tried Tomcat 8.5 as well and still get the same warning >>>>>> message and user is not authenticated. >>>>> >>>>> Did you copy all your system properties from your Tomcat 6 service >>>>> to your Tomcat 9 service? Look in thew "JVM Parameters" (or >>>>> whatever) section of the Tomcat service manager (tomcat9w.exe). >>>>> >>>>> Tomcat needs to know where the JAAS config file is, and that's >>>>> done through a system property. If that property wasn't copied from >>>>> the old service, it probably won't work. >>>>> >>>>> -chris >>>>> >>>>>> On Wed, Jan 2, 2019 at 5:00 PM PJ Pillai <[email protected] >>>>> <mailto:[email protected]>> >>>>>> wrote: >>>>> >>>>>>> Hi, >>>>>>> >>>>>>> >>>>>>> I'm using JAASMemoryLoginModule to authenticate users stored >>>>>>> in tomcat-users.xml. The authentication fails on Tomcat 9 with >>>>>>> following warning message in catalina.xx.log. >>>>>>> >>>>>>> org.apache.catalina.realm.JAASMemoryLoginModule.load Unable to >>>>>>> determine Catalina base to load file [conf/tomcat-users.xml] >>>>>>> >>>>>>> >>>>>>> Here is a stack trace from the web application: >>>>>>> >>>>>>> javax.security.auth.login.FailedLoginException: User name or >>>>>>> password is incorrect at >>>>>>> org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLogi >> n >>>>> >>>>>>> >> Module.java:350) >>>>>>> >>>>>>> >>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>>>>> at >>>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl >> . >>>>> >>>>>>> >> java:62) >>>>>>> >>>>>>> >>>>> at >>>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce >> s >>>>> >>>>>>> >> sorImpl.java:43) >>>>>>> >>>>>>> >>>>> at java.lang.reflect.Method.invoke(Method.java:483) >>>>>>> at >>>>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) >>>>>>> >>>>>>> >>>>> >>>>>>> >> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 >>>>> 95) >>>>>>> at >>>>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) >>>>>>> >>>>>>> >>>>> >>>>>>> >> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) >>>>>>> at java.security.AccessController.doPrivileged(Native Method) >>>>>>> at >>>>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java: >> 6 >>>>> >>>>>>> >> 80) >>>>>>> >>>>>>> >>>>> at >>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:587) >>>>>>> >>>>>>> >>>>>>> >>>>> >> Now the same jaas config and same JVM args, it works fine on >>>>>>> Tomcat 6. >>>>>>> >>>>>>> -Djava.security.auth.login.config=C:\Program Files\Apache >>>>>>> Software Foundation\Tomcat 9.0\conf\jaas.config >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Please help. >>>>>>> >>>>>>> Thanks, PJ >>>>>>> >>>>>>> >>>>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> >> To unsubscribe, e-mail: [email protected] >>>>> <mailto:[email protected]> For additional >>>>> commands, e-mail: [email protected] >>>>> <mailto:[email protected]> >>>>> >>>>> >>>>> >>>>> --------------------------------------------------------------------- >>>>> >>>>> >> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
