Can we have the below 2 security constraints in web.xml ? auth-methods are
different for the both. In our existing application we have 2nd
security-constraint/login-config is existing. As part of Josso
configuration, we need have the configuration like 1st one. Can we club both
of them with out disturbing the existing one ?
1.
<security-constraint>
<web-resource-collection>
<web-resource-name>Technical Website</web-resource-name>
<url-pattern>/technical/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>manager</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>@APPNAME@ WebUI</realm-name>
</login-config>
2.
<security-constraint>
<web-resource-collection>
<web-resource-name>Single SignOn</web-resource-name>
<url-pattern>/sso</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>sso_role</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Make-To-Order WebUI</realm-name>
<form-login-config>
<form-login-page>/login-redirect.jsp</form-login-page>
<form-error-page>/login-redirect.jsp</form-error-page>
</form-login-config>
</login-config>
******************************************************************************
Pid Ster wrote:
>
> On 15/12/2009 12:44, vramanaj wrote:
>>
>> Yes, I did. I have followed those configuration steps for other
>> applications
>> earlier.
>> Are there any other configurations required to store the cookies in IE
>> browser, if the application is ssl enabled ?
>
> No, Tomcat doesn't need to do anything special for IE.
>
>
> p
>
>> Pid Ster wrote:
>>>
>>> On 15/12/2009 11:25, vramanaj wrote:
>>>>
>>>> The problem is https. For rememberMe in Josso, the site should be in
>>>> ssl.
>>>> I
>>>> configured ssl in tomcat. Now i am getting the following error. I have
>>>> installed the cert. in IE. Please help me if there are tomcat settings
>>>> required for ssl.
>>>
>>> If the problem is setting up HTTPS, have you completed the steps
>>> included on the page below?
>>>
>>> http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html
>>>
>>>
>>> p
>>>
>>>
>>>> 15 Dec 2009 06:14:38,992 DEBUG Error getting client certs
>>>> javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated
>>>> at
>>>> com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:352)
>>>> at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport.java:87)
>>>> at
>>>> org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:141)
>>>> at
>>>> org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1012)
>>>> at org.apache.coyote.Request.action(Request.java:352)
>>>> at
>>>> org.apache.catalina.connector.Request.getAttribute(Request.java:896)
>>>> at
>>>> org.apache.catalina.connector.RequestFacade.getAttribute(RequestFacade.java:263)
>>>> at
>>>> org.josso.gateway.signon.LoginSelectorAction.execute(LoginSelectorAction.java:67)
>>>> at
>>>> org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
>>>> at
>>>> org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
>>>> at
>>>> org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
>>>> at
>>>> org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> at
>>>> org.josso.gateway.filter.ProtocolHandlerFilter.doFilter(ProtocolHandlerFilter.java:86)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>>> at
>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>>> at
>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
>>>> at
>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>>> at
>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
>>>> at
>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>>> at org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:275)
>>>> at
>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>> at
>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>> at
>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>> at
>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>> at
>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>> at java.lang.Thread.run(Thread.java:619)
>>>> 15 Dec 2009 06:14:38,992 DEBUG Looking for cookie:
>>>> JOSSO_REMEMBERME_josso
>>>> 15 Dec 2009 06:14:38,992 DEBUG RemembermeCookie NOT found!
>>>>
>>>>
>>>>
>>>>
>>>> Pid Ster wrote:
>>>>>
>>>>> On 14/12/2009 12:55, vramanaj wrote:
>>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I am through with the Josso configuration. Could be able to see the
>>>>>> sso
>>>>>> logon page, redirecting the authenticated username to the partner
>>>>>> application. Facing problem with rememberMe option. Second time when
>>>>>> i
>>>>>> try
>>>>>> to logon to the application, logon page is showing up again. I set
>>>>>> 'rememberMeEnabled' to true in josso. For rememberMe in sso, i read
>>>>>> that
>>>>>> we
>>>>>> need to set tomcat ssl enabled. I did that. JOSSO_REMEMBERME_josso is
>>>>>> getting created. Still are there any configurations we need to do in
>>>>>> tomcat
>>>>>> ?
>>>>>
>>>>> No idea, but it sounds like a JOSSO problem.
>>>>> Maybe that community can assist.
>>>>>
>>>>>
>>>>> p
>>>>>
>>>>>
>>>>>> Regards
>>>>>>
>>>>>>
>>>>>>
>>>>>> vramanaj wrote:
>>>>>>>
>>>>>>> Resolved AuthenticationFailureException issue. This is coming
>>>>>>> because
>>>>>>> i
>>>>>>> have used basic-authentication scheme. If basic-authentication
>>>>>>> scheme
>>>>>>> used, we need remove hasAlgorithm and hasEnconding properties in
>>>>>>> josso-gateway-auth.xml file.
>>>>>>>
>>>>>>> Now Josso session id is getting created. But getting the below error
>>>>>>> while
>>>>>>> trying to access the application:
>>>>>>>
>>>>>>> java.lang.RuntimeException: Outbound relaying failed. No Principal
>>>>>>> found.
>>>>>>> Verify your SSO Agent Configuration!
>>>>>>>
>>>>>>> org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:502)
>>>>>>>
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>>
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>>
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>> java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>> Tomcat log shows:
>>>>>>>
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-session - info - vjosyula -
>>>>>>> createSession=success -
>>>>>>> ssoSessionId=EF9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:55 AM
>>>>>>> org.josso.gateway.audit.service.handler.LoggerAuditTrailHandler
>>>>>>> handle
>>>>>>> INFO: Tue Dec 01 08:51:55 EST 2009 - sso-user - info - vjosyula -
>>>>>>> authenticationSuccess=success -
>>>>>>> authScheme=basic-authentication,ssoSessionId=E
>>>>>>> F9E9AFEDD935C7366BCA259DCC85577
>>>>>>> Dec 1, 2009 8:51:56 AM org.apache.catalina.realm.JAASRealm
>>>>>>> authenticate
>>>>>>> WARNING: Login exception authenticating username "null"
>>>>>>> javax.security.auth.login.LoginException: Login Failure: all modules
>>>>>>> ignored
>>>>>>> at
>>>>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:921)
>>>>>>> at
>>>>>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>>>>>>> at
>>>>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>>>>>>> at java.security.AccessController.doPrivileged(Native
>>>>>>> Method)
>>>>>>> at
>>>>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>>>>>>> at
>>>>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>>>>>>> at
>>>>>>> org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:363)
>>>>>>> at
>>>>>>> org.josso.tc60.agent.CatalinaSSOAgent.authenticate(CatalinaSSOAgent.java:95)
>>>>>>> at
>>>>>>> org.josso.agent.AbstractSSOAgent.processRequest(AbstractSSOAgent.java:335)
>>>>>>> at
>>>>>>> org.josso.tc60.agent.SSOAgentValve.invoke(SSOAgentValve.java:496)
>>>>>>> at
>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>>>>>> at
>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
>>>>>>> at
>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
>>>>>>> at
>>>>>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
>>>>>>> at
>>>>>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> vramanaj wrote:
>>>>>>>>
>>>>>>>> User name and password are correct only.
>>>>>>>>
>>>>>>>>
>>>>>>>> Pid Ster wrote:
>>>>>>>>>
>>>>>>>>> On 01/12/2009 12:37, vramanaj wrote:
>>>>>>>>>>
>>>>>>>>>> I have passed through this DataSource look up problem. I altered
>>>>>>>>>> context.xml/web.xml of josso webapp. And also used short JNDI
>>>>>>>>>> names
>>>>>>>>>> at
>>>>>>>>>> tomcat/web.xml/context.xml level (e.g. jdbc/DefaultDS), and full
>>>>>>>>>> JNDI
>>>>>>>>>> name
>>>>>>>>>> at Josso configuration level (e.g.
>>>>>>>>>> java:comp/env/jdbc/DefaultDS).
>>>>>>>>>>
>>>>>>>>>> Now when i try to access the application, getting the error
>>>>>>>>>> Invalid
>>>>>>>>>> Authentication Information.
>>>>>>>>>>
>>>>>>>>>> Tomcat log shows as:
>>>>>>>>>> INFO: Tue Dec 01 07:31:45 EST 2009 - sso-user - info - vjosyula -
>>>>>>>>>> authenticationFailed=failure -
>>>>>>>>>> remoteHost=10.104.9.33,authScheme=basic-authent
>>>>>>>>>> ication -
>>>>>>>>>> ERROR:vjosyula:org.josso.auth.exceptions.AuthenticationFailureException
>>>>>>>>>
>>>>>>>>> I guess the user or password information is wrong then.
>>>>>>>>> This would be a JOSSO problem, presumably...
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> p
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> -----------------------------------------------------------------------------------------------------
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>
>>>>>>>>>>> Added context.xml in META-INF directory. And also added
>>>>>>>>>>> resurce-ref
>>>>>>>>>>> in
>>>>>>>>>>> josso webapp. Still getting the same error.
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>> Mikolaj Rydzewski-2 wrote:
>>>>>>>>>>>>
>>>>>>>>>>>> vramanaj wrote:
>>>>>>>>>>>>> I have used jdbc/DefaultDS. Added ResourceLink to
>>>>>>>>>>>>> Catalina/localhost/webapp.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>>> <Context path="/partnerapp"
>>>>>>>>>>>>> docBase="/usr2/tomcat/sso/apache-tomcat-6.0.18-sso/webapps/partnerapp"
>>>>>>>>>>>>> debug="99" reloadable="true"
>>>>>>>>>>>>> antiJARLocking="true"
>>>>>>>>>>>>> antiResourceLocking="false" crossContext="true">
>>>>>>>>>>>>> <ResourceLink global="jdbc/DefaultDS" name="jdbc/DefaultDS"
>>>>>>>>>>>>> type="javax.sql.DataSource"/>
>>>>>>>>>>>>> </Context>
>>>>>>>>>>>>>
>>>>>>>>>>>>> And also added resource-ref to WEB-INF/web.xml.
>>>>>>>>>>>>>
>>>>>>>>>>>> Stacktraces you have posted originate from josso webapp, not
>>>>>>>>>>>> from
>>>>>>>>>>>> test
>>>>>>>>>>>> app. You need to alter context.xml / web.xml of josso webapp.
>>>>>>>>>>>>
>>>>>>>>>>>> --
>>>>>>>>>>>> Mikolaj Rydzewski<[email protected]>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>>>>> To unsubscribe, e-mail: [email protected]
>>>>>>>>>>>> For additional commands, e-mail: [email protected]
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> ---------------------------------------------------------------------
>>>>>>>>> To unsubscribe, e-mail: [email protected]
>>>>>>>>> For additional commands, e-mail: [email protected]
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail: [email protected]
>>>>> For additional commands, e-mail: [email protected]
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: [email protected]
>>> For additional commands, e-mail: [email protected]
>>>
>>>
>>>
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
>
--
View this message in context:
http://old.nabble.com/How-to-access-JNDI-resources-on-Tomcat-level-tp19672443p26842846.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
