Ok i decided to dump this hell and start fresh. So here I am with stock configurations, it is Tomcat 6.0 + MySQL 5.0.
I login to manager app using MemoryRealm and everything is fine. I change the global settings in server.xml to use mysql driver and boom can't login to manager anymore.... So i guess the problem is somewhere between tomcat and mysql. MySQL logs indicate the the connector has connected to the database and quering the right table + fields: 080613 19:40:29 96 Connect [EMAIL PROTECTED] on 96 Query select @@version_comment limit 1 080613 19:40:37 96 Quit 97 Connect [EMAIL PROTECTED] on hamula 080613 19:40:53 97 Query select uid, password, role from users 080613 19:41:05 94 Query SELECT password FROM users WHERE uid = '[EMAIL PROTECTED]' 94 Query commit 080613 19:41:07 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:43:17 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:44:30 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:44:34 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit 080613 19:46:12 94 Query SELECT password FROM users WHERE uid = 'test' 94 Query commit So, clearly seen the connector established a session under root and the history of all it's queries is from there on. My server.xml is stock except for the Real part, so here is what I have: <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" driverName="org.gjt.mm.mysql.Driver" connectionURL="jdbc:mysql://localhost/hamula?user=root&password=skywalker" digest="MD5" userTable="users" userNameCol="uid" userCredCol="password" userRoleTable="users" roleNameCol="role"/> Which is located inside of the <Engine> tag. My databe looks as follows: mysql> select uid, password, role from users; +------------------------+-----------------------------------------------------+---------------+ | uid | password | role | +------------------------+-----------------------------------------------------+---------------+ | [EMAIL PROTECTED] | test | admin | | test | 033bd94b1168d7e4f0d644c3c95e35bf | manager | +------------------------+------------------------------------------------------+---------------+ 2 rows in set (0.00 sec) What's wrong here?? How can I get more details on why and what part of the authentication is failing?? Thanks -Assaf On Fri, Jun 13, 2008 at 4:26 PM, exkor <[EMAIL PROTECTED]> wrote: > Hi Thanks for the feedback Chuck. > I've done the changes you've suggested and I still experience the same > problem. > The after I login I am brought back to the login page. Basiclly this > indicated that the login failed, since my error and login pages are > the same -> index.jsp. I get the following in the access log: > 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET /hamula/ HTTP/1.1" 200 > 2250 "http://127.0.0.1:8080/manager/html/start?path=/hamula" > "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.14) > Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:00 -0400] "GET > /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051 > "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "POST > /hamula/j_security_check HTTP/1.1" 200 2250 > "http://127.0.0.1:8080/hamula/" "Mozilla/5.0 (Windows; U; Windows NT > 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:04 -0400] "GET > /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051 > "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "POST > /hamula/j_security_check HTTP/1.1" 200 2250 > "http://127.0.0.1:8080/hamula/j_security_check" "Mozilla/5.0 (Windows; > U; Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 > Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:07 -0400] "GET > /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051 > "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET /hamula/home.jsp > HTTP/1.1" 200 2250 "null" "Mozilla/5.0 (Windows; U; Windows NT 5.1; > en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:15 -0400] "GET > /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051 > "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "POST > /hamula/j_security_check HTTP/1.1" 200 2250 > "http://127.0.0.1:8080/hamula/home.jsp" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > 127.0.0.1 - - [13/Jun/2008:16:18:18 -0400] "GET > /hamula/images/kubrickbgcolor.jpg HTTP/1.1" 404 1051 > "http://127.0.0.1:8080/hamula/style.css" "Mozilla/5.0 (Windows; U; > Windows NT 5.1; en-GB; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14" > > The kubrik.jpg was actually removed so I can understand tomcat > compaining with error 404 about it. > > this is what I currently have: > > myapps/WEB-INF/web.xml: > <?xml version="1.0" encoding="UTF-8"?> > > <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web > Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> > <web-app> > <display-name>Hamula</display-name> > <distributable/> > > <welcome-file-list> > <welcome-file> > home.jsp > </welcome-file> > </welcome-file-list> > > > <resource-ref> > <description>DB Connection</description> > <res-ref-name>jdbc/hamula</res-ref-name> > <res-type>javax.sql.DataSource</res-type> > <res-auth>Container</res-auth> > </resource-ref> > > <security-constraint> > <web-resource-collection> > <web-resource-name>Hamula</web-resource-name> > <description>Pages accessible by registered users</description> > > <!-- PAGES ACCESIBLE ONLY BY REGISTERED USERS SHOULD BE > ADDED HERE --> > <url-pattern>/home.jsp</url-pattern> > <url-pattern>/events.jsp</url-pattern> > <url-pattern>/profile.jsp</url-pattern> > <url-pattern>/community.jsp</url-pattern> > <!-- > THIS IS AN EXAMPLE OF A PATTERN TO MATCH MANY PAGES > <url-pattern>/protected/*.jsp</url-pattern> > --> > <!-- > ============================================================= --> > > > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > <auth-constraint> > <role-name>admin</role-name> > <role-name>manager</role-name> > </auth-constraint> > </security-constraint> > > <login-config> > <auth-method>FORM</auth-method> > <form-login-config> > <form-login-page>/index.jsp</form-login-page> > <form-error-page>/index.jsp</form-error-page> > </form-login-config> > </login-config> > > <security-role> > <description> > The role that is required to access registered user functions and > pages > </description> > <role-name>admin</role-name> > <role-name>manager</role-name> > </security-role> > </web-app> > > myapp/META-INF/context.xml: > <?xml version="1.0" encoding="UTF-8"?> > <Context reloadable="true" crossContext="true" debug="99"> > > <Realm className="org.apache.catalina.realm.MemoryRealm"/> > > </Context> > > $CATALINA_HOME/conf/server.xml: > <?xml version='1.0' encoding='utf-8'?> > <!-- > Licensed to the Apache Software Foundation (ASF) under one or more > contributor license agreements. See the NOTICE file distributed with > this work for additional information regarding copyright ownership. > The ASF licenses this file to You under the Apache License, Version 2.0 > (the "License"); you may not use this file except in compliance with > the License. You may obtain a copy of the License at > > http://www.apache.org/licenses/LICENSE-2.0 > > Unless required by applicable law or agreed to in writing, software > distributed under the License is distributed on an "AS IS" BASIS, > WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. > See the License for the specific language governing permissions and > limitations under the License. > --> > <!-- Note: A "Server" is not itself a "Container", so you may not > define subcomponents such as "Valves" at this level. > Documentation at /docs/config/server.html > --> > <Server port="8005" shutdown="SHUTDOWN"> > > <!--APR library loader. Documentation at /docs/apr.html --> > <Listener className="org.apache.catalina.core.AprLifecycleListener" > SSLEngine="on" /> > <!--Initialize Jasper prior to webapps are loaded. Documentation at > /docs/jasper-howto.html --> > <Listener className="org.apache.catalina.core.JasperListener" /> > <!-- JMX Support for the Tomcat server. Documentation at > /docs/non-existent.html --> > <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" /> > <Listener > className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" > /> > > <!-- Global JNDI resources > Documentation at /docs/jndi-resources-howto.html > --> > <GlobalNamingResources> > <!-- Editable user database that can also be used by > UserDatabaseRealm to authenticate users > --> > <Resource name="UserDatabase" auth="Container" > type="org.apache.catalina.UserDatabase" > description="User database that can be updated and saved" > factory="org.apache.catalina.users.MemoryUserDatabaseFactory" > pathname="conf/tomcat-users.xml" /> > </GlobalNamingResources> > > <!-- A "Service" is a collection of one or more "Connectors" that share > a single "Container" Note: A "Service" is not itself a "Container", > so you may not define subcomponents such as "Valves" at this level. > Documentation at /docs/config/service.html > --> > <Service name="Catalina"> > > <!--The connectors can use a shared executor, you can define one > or more named thread pools--> > <!-- > <Executor name="tomcatThreadPool" namePrefix="catalina-exec-" > maxThreads="150" minSpareThreads="4"/> > --> > > > <!-- A "Connector" represents an endpoint by which requests are received > and responses are returned. Documentation at : > Java HTTP Connector: /docs/config/http.html (blocking & non-blocking) > Java AJP Connector: /docs/config/ajp.html > APR (HTTP/AJP) Connector: /docs/apr.html > Define a non-SSL HTTP/1.1 Connector on port 8080 > --> > <Connector port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > <!-- A "Connector" using the shared thread pool--> > <!-- > <Connector executor="tomcatThreadPool" > port="8080" protocol="HTTP/1.1" > connectionTimeout="20000" > redirectPort="8443" /> > --> > <!-- Define a SSL HTTP/1.1 Connector on port 8443 > This connector uses the JSSE configuration, when using APR, the > connector should be using the OpenSSL style configuration > described in the APR documentation --> > <!-- > <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" > maxThreads="150" scheme="https" secure="true" > clientAuth="false" sslProtocol="TLS" /> > --> > > <!-- Define an AJP 1.3 Connector on port 8009 --> > <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> > > > <!-- An Engine represents the entry point (within Catalina) that processes > every request. The Engine implementation for Tomcat stand alone > analyzes the HTTP headers included with the request, and passes them > on to the appropriate Host (virtual host). > Documentation at /docs/config/engine.html --> > > <!-- You should set jvmRoute to support load-balancing via AJP ie : > <Engine name="Standalone" defaultHost="localhost" jvmRoute="jvm1"> > --> > <Engine name="Catalina" defaultHost="localhost"> > > <!--For clustering, please take a look at documentation at: > /docs/cluster-howto.html (simple how to) > /docs/config/cluster.html (reference documentation) --> > <!-- > <Cluster className="org.apache.catalina.ha.tcp.SimpleTcpCluster"/> > --> > > <!-- The request dumper valve dumps useful debugging information about > the request and response data received and sent by Tomcat. > Documentation at: /docs/config/valve.html --> > <!-- > <Valve className="org.apache.catalina.valves.RequestDumperValve"/> > --> > > <!-- This Realm uses the UserDatabase configured in the global JNDI > resources under the key "UserDatabase". Any edits > that are performed against this UserDatabase are immediately > available for use by the Realm. > <Realm className="org.apache.catalina.realm.UserDatabaseRealm" > resourceName="UserDatabase"/> > > > > <Realm className="org.apache.catalina.realm.JDBCRealm" debug="99" > driverName="org.gjt.mm.mysql.Driver" > > connectionURL="jdbc:mysql://localhost/hamula?user=root&password=skywalker" > digest="MD5" > userTable="users" > userNameCol="uid" > userCredCol="password" > userRoleTable="users" > roleNameCol="role"/> --> > > <Realm className="org.apache.catalina.realm.MemoryRealm" > resourceName="UserDatabase" /> > > > > <!-- Define the default virtual host > Note: XML Schema validation will not work with Xerces 2.2. > --> > <Host name="localhost" appBase="webapps" > unpackWARs="true" autoDeploy="true" > xmlValidation="false" xmlNamespaceAware="false"> > > <!-- SingleSignOn valve, share authentication between web applications > Documentation at: /docs/config/valve.html --> > <!-- > <Valve className="org.apache.catalina.authenticator.SingleSignOn" /> > --> > > <!-- Access log processes all example. > Documentation at: /docs/config/valve.html --> > > <Valve className="org.apache.catalina.valves.AccessLogValve" > directory="logs" > prefix="localhost_access_log." suffix=".txt" > pattern="combined" resolveHosts="false"/> > > > </Host> > </Engine> > </Service> > </Server> > > > On Fri, Jun 13, 2008 at 1:32 AM, Caldarale, Charles R > <[EMAIL PROTECTED]> wrote: >>> From: exkor [mailto:[EMAIL PROTECTED] >>> Subject: URL is "null" and HTTP 404 error when using FROM >>> authentication >> >> You have some weirdness in your web.xml and context.xml that should be >> straightened out before attempting any further analysis. >> >>> <servlet> >>> <servlet-name></servlet-name> >>> <display-name></display-name> >>> <servlet-class></servlet-class> >>> <load-on-startup>0</load-on-startup> >>> </servlet> >> >> I have no idea what should be done with an empty <servlet> declaration, and >> it's possible Tomcat doesn't either; get rid of it. >> >>> <auth-constraint> >>> <role-name>admin</role-name> >>> <role-name>manager</role-name> >>> </auth-constraint> >> ... >>> <security-role> >>> <role-name>admin</role-name> >>> </security-role> >> >> Either you have an extra role listed in <auth-constraint>, or you're missing >> one under <security-role>; get them in synch. >> >>> My context.xml: >> >> Where is your context.xml file? It should be in your webapp's META-INF >> directory. If you've changed the global one in Tomcat's conf directory, put >> it back the way it was and put your <Context> element in the proper location. >> >>> <Context path="/hamula" reloadable="true" crossContext="true" >>> debug="99"> >> >> The path attribute is not allowed in a <Context> element in context.xml; >> remove it. >> >>> <Logger className="org.apache.catalina.logger.FileLogger" >>> prefix="localhost_hamula_log." suffix=".txt" >>> timestamp="true"/> >> >> There is no <Logger> element in Tomcat 6; remove it. >> >>> <Resource name="jdbc/hamula" >>> auth="Container" >>> type="javax.sql.DataSource" >>> driverClassName="com.mysql.jdbc.Driver" >>> url="jdbc:mysql://localhost:3306/hamula?autoReconnect=true"/> >>> username="root" >>> password="skywalker" >>> digest="MD5" >>> logAbandoned="true" >>> removeAbandoned="true" >>> removeAbandonedTimeout="10" >>> maxActive="20" >>> maxIdle="10" >>> maxWait="-1"/> >> >> The above is obviously broken, since you have terminated the <Resource> >> element twice. Regardless, it seems odd for the <Realm> and the application >> <Resource> to be using the exact same data base; is that what you really >> want? >> >>> <Realm className="org.apache.catalina.realm.JDBCRealm" >> >> Change the <Realm> back to the MemoryRealm for testing with FORM login; once >> you get that working, then move on to the JDBCRealm. One step at a time. >> >> You say you have httpd 2.0 in the mix; don't use it for testing, go straight >> to Tomcat's http port. Only after that works should you introduce any >> further complications. >> >> All of the above may not to fix your problem, but it will remove some >> confusion from your situation. >> >> - Chuck >> >> >> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY >> MATERIAL and is thus for use only by the intended recipient. If you received >> this in error, please contact the sender and delete the e-mail and its >> attachments from all computers. >> >> --------------------------------------------------------------------- >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> >> > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]