Re: Tomcat silently shuts down after 10 minutes
On 7/4/24 2:46 PM, Bryan Buchanan wrote:
I'm running Tomcat 9.0.14 on Centos 8 with JDK 15.
Tomcat is loaded in /opt/tomcat, the directory owned by "joe". If I login as
"joe" and start Tomcat, everything is fine.
We have people login to the Centos system to run the business application as "mary", "jane",
"fred" etc. Sometimes they want to shutdown Tomcat, for example if they wish to load a price update to the
DBMS or whatever. To enable them to do this from within the business application, I wrote a setuid() C program which
sets the effective user as "joe" and executes /opt/tomcat/bin/shutdown.sh or /opt/tomcat/bin/startup.sh. This
does startup Tomcat, but 10 minutes later it dies. Nothing is logged that is unusual. These are the last few lines when
it dies:
04-Jul-2024 21:45:01.154 INFO [main] org.apache.catalina.startup.Catalina.start
Server startup in [54,789] milliseconds
04-Jul-2024 21:54:10.149 INFO [Thread-3] org.apache.coyote.AbstractProtocol.pause Pausing
ProtocolHandler ["http-nio-8080"]
04-Jul-2024 21:54:10.157 INFO [Thread-3]
org.apache.catalina.core.StandardService.stopInternal Stopping service
[Catalina]
04-Jul-2024 21:54:10.194 WARNING [Thread-3]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesJdbc The web
application [TPDRESTServer] registered the JDBC driver [org.postgresql.Driver]
but failed to unregister it when the web application was stopped. To prevent a
memory leak, the JDBC Driver has been forcibly unregistered.
04-Jul-2024 21:54:10.196 WARNING [Thread-3]
org.apache.catalina.loader.WebappClassLoaderBase.clearReferencesThreads The web
application [TPDRESTServer] appears to have started a thread named [Tomcat JDBC
Pool Cleaner[862048902:1720093501299]] but has failed to stop it. This is very
likely to create a memory leak. Stack trace of thread:
java.base@15/java.lang.Object.wait(Native Method)
java.base@15/java.util.TimerThread.mainLoop(Timer.java:553)
java.base@15/java.util.TimerThread.run(Timer.java:506)
04-Jul-2024 21:54:10.231 INFO [Thread-3] org.apache.coyote.AbstractProtocol.stop Stopping
ProtocolHandler ["http-nio-8080"]
04-Jul-2024 21:54:10.243 INFO [Thread-3] org.apache.coyote.AbstractProtocol.destroy
Destroying ProtocolHandler ["http-nio-8080"]
My C program is:
int main (int argc, char *argv[]) {
if (argc != 2) {
printf("%s", "Syntax: ManageTomcat START|STOP");
return(0);
}
printf("%s\n", argv[0]);
printf("%s\n", argv[1]);
setuid(1000);
if(strcmp(argv[1], "STOP")) {
system("/opt/apache-tomcat-9.0.14/bin/startup.sh");
} else {
system("/opt/apache-tomcat-9.0.14/bin/shutdown.sh");
} return(1);
}
Any ideas would be appreciated.
Bryan
I think you should check the return value of setuid.
I don't think you can change the uid of a process that easily.
Otherwise you could also write setuid(0), become root and that would look to me
as a huge security hole.
Regards, ~Z
Re: catalina.out, was Re: Connector definitions
On 3/8/23 20:54, James H. H. Lampert wrote: On 3/8/23 11:35 AM, Mark Thomas wrote: Check logging.properties and/or how you have stdout redirected in your start-up scripts. Thanks. All I see different in logging.properties is that on the Midrange box (installed from the ZIP file from Apache's Tomcat site), it has "catalina.org.apache.juli.AsyncFileHandler.maxDays = 90" clauses, whereas on the cloud Linux (probably installed with yum or apt), it doesn't. And if (adopting root authority) I do a "find -name catalina.sh" or a "find -name startup.sh" on a cloud Linux box, I find *nothing.* Which is remarkable in itself. Not that it's of more than academic interest. -- JHHL On the Linux box Tomcat is probably started by systemd, therefore no catalina.out ~Z - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HTTP Status 408!
Hello, I'm using Tomcat 6.0.26 with java 1.5 JDK. I've developed a JAAS login module for my application and when I try to login in my app a strange error occur's: HTTP Status 408:The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser. I've made a little research about the problem and everyone said that it goes away if you enable the cookies(made that and the error still occurs). Another thing is that the actual JAAS login module authenticate the user but when it should display the protected resource the error occurs. So if anyone has some ideas please share! Thank you very much!!!
Re: HTTP Status 408!
Hello Pid , Thanks for your time! I put this in my web.xml : 30 From: Pid To: Tomcat Users List Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: > Hello, > > I'm using Tomcat 6.0.26 with java 1.5 JDK. > > >I've developed a JAAS login module for my application and when I try > to login in my app a strange error occur's: > HTTP Status 408:The time allowed for the login process has been exceeded. If > you wish to continue you must either click back twice and re-click the link > you > requested or close and re-open your browser. > I've made a little research about the problem and everyone said that it > goes away if you enable the cookies(made that and the error still occurs). > Another thing is that the actual JAAS login module authenticate the user but > when it should display the protected resource the error occurs. > > So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Hello , Good news I found a way to get rid of the error with this code in my JASS: session = req.getSession(true); But now I get another strage error : HTTP Status 400 - Invalid direct reference to form login page type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). The response header looks like this: Response Headersview source Server Apache-Coyote/1.1 Content-Type text/html;charset=utf-8 Content-Length 1100 Date Thu, 10 Jun 2010 10:51:56 GMT Connection close Request Headersview source Host localhost:8080 User-Agent Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language en-us,en;q=0.5 Accept-Encoding gzip,deflate Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive 115 Connection keep-alive Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 From: Pid To: Tomcat Users List Sent: Thu, June 10, 2010 12:13:34 PM Subject: Re: HTTP Status 408! On 09/06/2010 21:52, neo21 zerro wrote: > Hello, > > I'm using Tomcat 6.0.26 with java 1.5 JDK. > > >I've developed a JAAS login module for my application and when I try > to login in my app a strange error occur's: > HTTP Status 408:The time allowed for the login process has been exceeded. If > you wish to continue you must either click back twice and re-click the link > you > requested or close and re-open your browser. > I've made a little research about the problem and everyone said that it > goes away if you enable the cookies(made that and the error still occurs). > Another thing is that the actual JAAS login module authenticate the user but > when it should display the protected resource the error occurs. > > So if anyone has some ideas please share! What have you configured the session time to be? p
Re: HTTP Status 408!
Yes every time I want to login! User Application /* user FORM user /forms/login.html /forms/error.html User Role for authentication user From: Pid To: Tomcat Users List Sent: Thu, June 10, 2010 3:43:18 PM Subject: Re: HTTP Status 408! On 10/06/2010 12:06, neo21 zerro wrote: > Hello , > > > Good news I found a way to get rid of the error with this code in my JASS: > session = req.getSession(true); > > > But now I get another strage error : > > HTTP Status 400 - Invalid direct reference to form login page > > > type Status report > message Invalid direct reference to form login page > description The request sent by the client was syntactically incorrect > (Invalid > direct reference to form login page). Does this occur every time you try to log in? Please post the login config from web.xml. p > > > > The response header looks like this: > > Response Headersview source > Server Apache-Coyote/1.1 > Content-Type text/html;charset=utf-8 > Content-Length 1100 > Date Thu, 10 Jun 2010 10:51:56 > GMT > Connection close > Request Headersview source > Host localhost:8080 > User-Agent Mozilla/5.0 (Windows; U; > Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language en-us,en;q=0.5 > Accept-Encoding gzip,deflate > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > Keep-Alive 115 > Connection keep-alive > Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 > > > > > > > > ____ > From: Pid > To: Tomcat Users List > Sent: Thu, June 10, 2010 12:13:34 PM > Subject: Re: HTTP Status 408! > > On 09/06/2010 21:52, neo21 zerro wrote: >> Hello, >> >> I'm using Tomcat 6.0.26 with java 1.5 JDK. >> >> >>I've developed a JAAS login module for my application and when I try >> to login in my app a strange error occur's: >> HTTP Status 408:The time allowed for the login process has been exceeded. >> If you wish to continue you must either click back twice and re-click the >> link you >> requested or close and re-open your browser. >> I've made a little research about the problem and everyone said that >> it goes away if you enable the cookies(made that and the error still >> occurs). Another thing is that the actual JAAS login module authenticate the >> user but when it should display the protected resource the error occurs. >> >> So if anyone has some ideas please share! > > What have you configured the session time to be? > > > p > > >
Re: HTTP Status 408!
Hello, this is my login.html page: From: Martin Gainty To: Tomcat Users List Sent: Thu, June 10, 2010 4:34:11 PM Subject: RE: HTTP Status 408! the form-login-page login.html *should* contain the j_security parameters for your login form e.g.: is this the case? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Thu, 10 Jun 2010 06:19:36 -0700 > From: neo21_ze...@yahoo.com > Subject: Re: HTTP Status 408! > To: users@tomcat.apache.org; p...@pidster.com > > > > Yes every time I want to login! > > > > User Application > /* > > > user > > > > > FORM > user > > /forms/login.html > /forms/error.html > > > > User Role for authentication > user > > > > > > > From: Pid > To: Tomcat Users List > Sent: Thu, June 10, 2010 3:43:18 PM > Subject: Re: HTTP Status 408! > > On 10/06/2010 12:06, neo21 zerro wrote: > > Hello , > > > > > > Good news I found a way to get rid of the error with this code in my JASS: > > session = req.getSession(true); > > > > > > But now I get another strage error : > > > > HTTP Status 400 - Invalid direct reference to form login page > > > > > > type Status report > > message Invalid direct reference to form login page > > description The request sent by the client was syntactically incorrect > > (Invalid > > direct reference to form login page). > > Does this occur every time you try to log in? > > Please post the login config from web.xml. > > > p > > > > > > > > > > > > The response header looks like this: > > > > Response Headersview source > > Server Apache-Coyote/1.1 > > Content-Type text/html;charset=utf-8 > > Content-Length 1100 > > Date Thu, 10 Jun 2010 10:51:56 > > GMT > > Connection close > > Request Headersview source > > Host localhost:8080 > > User-Agent Mozilla/5.0 (Windows; U; > > Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 > > Accept text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > > Accept-Language en-us,en;q=0.5 > > Accept-Encoding gzip,deflate > > Accept-Charset ISO-8859-1,utf-8;q=0.7,*;q=0.7 > > Keep-Alive 115 > > Connection keep-alive > > Cookie JSESSIONID=3AFB0FC0977ABA49563E858035F02617 > > > > > > > > > > > > > > > > > > From: Pid > > To: Tomcat Users List > > Sent: Thu, June 10, 2010 12:13:34 PM > > Subject: Re: HTTP Status 408! > > > > On 09/06/2010 21:52, neo21 zerro wrote: > >> Hello, > >> > >> I'm using Tomcat 6.0.26 with java 1.5 JDK. > >> > >> > >> I've developed a JAAS login module for my application and when I try to > >> login in my app a strange error occur's: > >> HTTP Status 408:The time allowed for the login process has been exceeded. > >> If you wish to continue you must either click back twice and re-click the > >> link you > >> requested or close and re-open your browser. > >> I've made a little research about the problem and everyone said that it > >> goes away if you enable the cookies(made that and the error still occurs). > >> Another thing is that the actual JAAS login module authenticate the user > >> but when it should display the protected resource the error occurs. > >> > >> So if anyone has some ideas please share! > > > > What have you configured the session time to be? > > > > > > p > > > > > > > > > _ Hotmail is redefining busy with tools for the New Busy. Get more from your inbox. http://www.windowslive.com/campaign/thenewbusy?ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_2
Re: HTTP Status 408!
Yes I am requesting a protected resource but I don't know why is this happening. I've tried to set all sort of cookies in my browser but nothing works.The problem is that I'm not using jsp like Pid said and I think I should try to use jsp...for my login page. Are there other versions of Tomcat ? I mean newer versions, like 7 ? Thanks for your time! From: Christopher Schultz To: Tomcat Users List Sent: Thu, June 10, 2010 4:46:16 PM Subject: Re: HTTP Status 408! -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neo21, On 6/9/2010 4:52 PM, neo21 zerro wrote: > I'm using Tomcat 6.0.26 with java 1.5 JDK. > > I've developed a JAAS login module for my application and when I try > to login in my app a strange error occur's: HTTP Status 408:The time > allowed for the login process has been exceeded. If you wish to > continue you must either click back twice and re-click the link you > requested or close and re-open your browser. Are you trying to login without having first requested a protected page? The behavior you describe is how Tomcat acts if it's not expecting a login, but gets one anyway. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwQ7KgACgkQ9CaO5/Lv0PCQIACcDLKAA/VzAlElHHTknzz8XjCW XUcAoLnJOKG/tNhcGf0O2FOIvSrDH9Ss =fnzD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
I installed the Tomcat 7 RC but the problem persists. So it's definitely a bug from my app. After the logout is made the redirect is made from flex(navigateToUrl - function) do you think this could be an issue? From: Mark Thomas To: Tomcat Users List Sent: Thu, June 10, 2010 10:35:48 PM Subject: Re: HTTP Status 408! On 10/06/2010 15:39, neo21 zerro wrote: > > Yes I am requesting a protected resource but I don't know why is this > happening. > > > I've tried to set all sort of cookies in my browser but nothing > works.The problem is that I'm not using jsp like Pid said > and I think I should try to use jsp...for my login page. > Are there other versions of Tomcat ? I mean newer versions, like 7 ? That assumes a) there is a bug in Tomcat and b) that it is fixed in a newer version of 6.0.26. I have yet to see any evidence in this thread that there is a bug in Tomcat. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: HTTP Status 408!
Hello, Problem finally solved :) Pid was right my encoding was not ok and a Cookie was not passed over with the poste of the login page :) I needed to explicity create a servlet and in that servler add to the response object the JSSESIONID as a Cookie :) I have another question can I login from another aplication programmicaly to my app that runs on Tomcat with custom JAAS login module? From: Martin Gainty To: Tomcat Users List Sent: Fri, June 11, 2010 11:16:09 PM Subject: RE: HTTP Status 408! can you post all of the code (including the html that houses the flex components), display the full stacktrace and display environmental variables from SET Martin __ standard caveats apply > Date: Fri, 11 Jun 2010 12:32:44 -0700 > From: neo21_ze...@yahoo.com > Subject: Re: HTTP Status 408! > To: users@tomcat.apache.org > > > > > > I installed the Tomcat 7 RC but the problem persists. > So it's definitely a bug from my app. After the logout is made the redirect > is made from flex(navigateToUrl - function) do you think this could be an > issue? > > > > > > From: Mark Thomas > To: Tomcat Users List > Sent: Thu, June 10, 2010 10:35:48 PM > Subject: Re: HTTP Status 408! > > On 10/06/2010 15:39, neo21 zerro wrote: > > > > Yes I am requesting a protected resource but I don't know why is this > > happening. > > > > > > I've tried to set all sort of cookies in my browser but nothing > > works.The problem is that I'm not using jsp like Pid said > > and I think I should try to use jsp...for my login page. > > Are there other versions of Tomcat ? I mean newer versions, like 7 ? > > That assumes a) there is a bug in Tomcat and b) that it is fixed in a > newer version of 6.0.26. > > I have yet to see any evidence in this thread that there is a bug in Tomcat. > > Mark > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > _ The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
Re: HTTP Status 408!
Ok.I already have send params from my other application to my Tomcat application and everything goes well, I make this with the j_security_check on a post method, and I track down the path with the debug log. The problem is that in the org.apache.catalina.authenticator.FormAuthenticator in the authenticate method the user is getting authenticated but when the user should be redirected to the initial saved request, null is returned. So my problem is that I make programmaticaly just a request to my Tomcat web app authenticating the user per user params but I need somehow to tell the FormAuthenticator what the saved request should be. Any ideas? Thanks!!! From: Pid To: Tomcat Users List Sent: Mon, June 21, 2010 5:30:00 PM Subject: Re: HTTP Status 408! On 21/06/2010 15:20, neo21 zerro wrote: > Hello, > > Problem finally solved :) Pid was right my encoding was not ok and a Cookie > was not passed over with the poste of the login page :) I needed to explicity > create a servlet and in that servler add to the response object the > JSSESIONID as a Cookie :) > > I have another question can I login from another aplication programmicaly to > my app that runs on Tomcat with custom JAAS login module? If the other app knows how to perform whatever custom JAAS login you've built, then I don't see why not. p > > From: Martin Gainty > To: Tomcat Users List > Sent: Fri, June 11, 2010 11:16:09 PM > Subject: RE: HTTP Status 408! > > > can you post all of the code (including the html that houses the flex > components), display the full stacktrace and display environmental variables > from SET > > Martin > __ > standard caveats apply > > > > > >> Date: Fri, 11 Jun 2010 12:32:44 -0700 >> From: neo21_ze...@yahoo.com >> Subject: Re: HTTP Status 408! >> To: users@tomcat.apache.org >> >> >> >> >> >> I installed the Tomcat 7 RC but the problem persists. >> So it's definitely a bug from my app. After the logout is made the redirect >> is made from flex(navigateToUrl - function) do you think this could be an >> issue? >> >> >> >> >> >> From: Mark Thomas >> To: Tomcat Users List >> Sent: Thu, June 10, 2010 10:35:48 PM >> Subject: Re: HTTP Status 408! >> >> On 10/06/2010 15:39, neo21 zerro wrote: >>> >>> Yes I am requesting a protected resource but I don't know why is this >>> happening. >>> >>> >>> I've tried to set all sort of cookies in my browser but nothing >>> works.The problem is that I'm not using jsp like Pid said >>> and I think I should try to use jsp...for my login page. >>> Are there other versions of Tomcat ? I mean newer versions, like 7 ? >> >> That assumes a) there is a bug in Tomcat and b) that it is fixed in a >> newer version of 6.0.26. >> >> I have yet to see any evidence in this thread that there is a bug in Tomcat. >> >> Mark >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > > _ > The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with > Hotmail. > http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5 > > >
Re: HTTP Status 408!
Ok. Something like this ?
URL protectedResource = new URL("http://localhost:8080/resource";);
URLConnection yc = protectedResource.openConnection();
BufferedReader in = new BufferedReader(
new InputStreamReader(
yc.getInputStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
//check if the response is the login page
in.close();
if(The response is login page){
//make another request with to specific params for the authentication
}
My question is that in the second request I need to open a browser so is the
session id of the
first request the same with the session id of the second request? because the
FormAuthenticator need's
the session id of the first request to retrieve the protected resource?
From: Pid
To: Tomcat Users List
Sent: Mon, June 21, 2010 6:19:44 PM
Subject: Re: HTTP Status 408!
On 21/06/2010 15:48, neo21 zerro wrote:
> Ok.I already have send params from my other application to my
> Tomcat application and everything goes well, I make this with the
> j_security_check on a post method, and I track down the path with the
> debug log. The problem is that in the
> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
> method the user is getting authenticated but when the user should be
> redirected to the initial saved request, null is returned.
> So my problem is that I make */programmaticaly
> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1>
> /*just
> a request to my Tomcat web app authenticating the user per user params
> but I need somehow to tell the FormAuthenticator what the saved request
> should be. Any ideas?
The process is:
1. make a request for a protected resource
2. check the response is what you want,
3. if it's not, but contains a login form
4. submit username & password against form url
FormAuthenticator creates the saved request at step 1.
p
> Thanks!!!
>
>
> *From:* Pid
> *To:* Tomcat Users List
> *Sent:* Mon, June 21, 2010 5:30:00 PM
> *Subject:* Re: HTTP Status 408!
>
> On 21/06/2010 15:20, neo21 zerro wrote:
>> Hello,
>>
>> Problem finally solved :) Pid was right my encoding was not ok and a
> Cookie was not passed over with the poste of the login page :) I needed
> to explicity create a servlet and in that servler add to the response
> object the JSSESIONID as a Cookie :)
>>
>> I have another question can I login from another aplication
> programmicaly to my app that runs on Tomcat with custom JAAS login module?
>
> If the other app knows how to perform whatever custom JAAS login you've
> built, then I don't see why not.
>
>
> p
>
>>
>> From: Martin Gainty mailto:mgai...@hotmail.com>>
>> To: Tomcat Users List <mailto:users@tomcat.apache.org>>
>> Sent: Fri, June 11, 2010 11:16:09 PM
>> Subject: RE: HTTP Status 408!
>>
>>
>> can you post all of the code (including the html that houses the flex
> components), display the full stacktrace and display environmental
> variables from SET
>>
>> Martin
>> __
>> standard caveats apply
>>
>>
>>
>>
>>
>>> Date: Fri, 11 Jun 2010 12:32:44 -0700
>>> From: neo21_ze...@yahoo.com <mailto:neo21_ze...@yahoo.com>
>>> Subject: Re: HTTP Status 408!
>>> To: users@tomcat.apache.org <mailto:users@tomcat.apache.org>
>>>
>>>
>>>
>>>
>>>
>>> I installed the Tomcat 7 RC but the problem persists.
>>> So it's definitely a bug from my app. After the logout is made the
> redirect is made from flex(navigateToUrl - function) do you think this
> could be an issue?
>>>
>>>
>>>
>>>
>>>
>>> From: Mark Thomas mailto:ma...@apache.org>>
>>> To: Tomcat Users List <mailto:users@tomcat.apache.org>>
>>> Sent: Thu, June 10, 2010 10:35:48 PM
>>> Subject: Re: HTTP Status 408!
>>>
>>> On 10/06/2010 15:39, neo21 zerro wrote:
>>>>
>>>> Yes I am requesting a protected resource but I don't know why is
> this happening.
>>>>
>>>>
>>>> I've tried to set all sort of cookies in my browser but nothing
> works.The problem is that I'm not us
Re: HTTP Status 408!
Can you provide a hint on how to perform automatic login using BASIC
authentication?
Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my
custom class
Thanks!
From: Pid
To: Tomcat Users List
Sent: Mon, June 21, 2010 7:52:40 PM
Subject: Re: HTTP Status 408!
On 21/06/2010 17:36, neo21 zerro wrote:
>
>
> Ok. Something like this ?
>
>
>
> URL protectedResource = new URL("http://localhost:8080/resource";);
> *URLConnection yc = *protectedResource*.openConnection();*
> BufferedReader in = new BufferedReader(
> new InputStreamReader(
> *yc.getInputStream()*));
> String inputLine;
>
> while ((inputLine = in.readLine()) != null)
> //check if the response is the login page
> in.close();
>
> if(The response is login page){
>
>
>//make another request with to specific params for the
> authentication
> }
It's actually much easier to use BASIC auth if a machine is logging in.
Look at: http://hc.apache.org/
> My question is that in the second request I need to open a browser so is
> the session id of the
> first request the same with the session id of the second request? because the
> FormAuthenticator need's
> the session id of the first request to retrieve the protected resource?
Yes, the session id will be required. If the URLs are encoded properly
as per previous discussion, then the form action attribute will be
re-encoded to incorporate the session id - you'll see how to submit to a
modified URL if you examine the returned HTML for the login form.
p
>
> *From:* Pid
> *To:* Tomcat Users List
> *Sent:* Mon, June 21, 2010 6:19:44 PM
> *Subject:* Re: HTTP Status 408!
>
> On 21/06/2010 15:48, neo21 zerro wrote:
>> Ok.I already have send params from my other application to my
>> Tomcat application and everything goes well, I make this with the
>> j_security_check on a post method, and I track down the path with the
>> debug log. The problem is that in the
>> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
>> method the user is getting authenticated but when the user should be
>> redirected to the initial saved request, null is returned.
>> So my problem is that I make */programmaticaly
>>
> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1
> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1>>
> /*just
>> a request to my Tomcat web app authenticating the user per user params
>> but I need somehow to tell the FormAuthenticator what the saved request
>> should be. Any ideas?
>
> The process is:
>
> 1. make a request for a protected resource
> 2. check the response is what you want,
>
> 3. if it's not, but contains a login form
> 4. submit username & password against form url
>
>
> FormAuthenticator creates the saved request at step 1.
>
>
> p
>
>> Thanks!!!
>>
>>
>> *From:* Pid mailto:p...@pidster.com>>
>> *To:* Tomcat Users List <mailto:users@tomcat.apache.org>>
>> *Sent:* Mon, June 21, 2010 5:30:00 PM
>> *Subject:* Re: HTTP Status 408!
>>
>> On 21/06/2010 15:20, neo21 zerro wrote:
>>> Hello,
>>>
>>> Problem finally solved :) Pid was right my encoding was not ok and a
>> Cookie was not passed over with the poste of the login page :) I needed
>> to explicity create a servlet and in that servler add to the response
>> object the JSSESIONID as a Cookie :)
>>>
>>> I have another question can I login from another aplication
>> programmicaly to my app that runs on Tomcat with custom JAAS login module?
>>
>> If the other app knows how to perform whatever custom JAAS login you've
>> built, then I don't see why not.
>>
>>
>> p
>>
>>>
>>> From: Martin Gainty mailto:mgai...@hotmail.com>
> <mailto:mgai...@hotmail.com <mailto:mgai...@hotmail.com>>>
>>> To: Tomcat Users List <mailto:users@tomcat.apache.org>
>> <mailto:users@tomcat.apache.org <mailto:user
Re: HTTP Status 408!
Thanks Pid for your time and answers. Clearly that is not an option for
me...I'll wait for Tomcat 7 then :)
Thanks!
From: Pid
To: Tomcat Users List
Sent: Tue, June 22, 2010 3:41:02 PM
Subject: Re: HTTP Status 408!
On 22/06/2010 13:25, neo21 zerro wrote:
> Can you provide a hint on how to perform automatic login using BASIC
> authentication?
Did you look at the link I sent?
> Or can I somehow modify the class FormAuthenticator? and tell Tomcat to
> use my custom class
FormAuthenticator is a Valve, it is automatically added to the Valve
pipeline for each Context it's used with. Look at the source for
FormAuthenticator.
You can manually define your own Authenticator implementation, in
META-INF/context.xml.
WEB-INF/web.xml
N.B. Use your own Authenticator and you'll have to make sure every
Tomcat upgrade is thoroughly checked for changes to the related classes.
Tomcat 7.0 will have programmatic login as it implements Servlet 3.0, so
you might only need to do this is a temporary measure.
p
>
> *From:* Pid
> *To:* Tomcat Users List
> *Sent:* Mon, June 21, 2010 7:52:40 PM
> *Subject:* Re: HTTP Status 408!
>
> On 21/06/2010 17:36, neo21 zerro wrote:
>>
>>
>> Ok. Something like this ?
>>
>>
>>
>>URL protectedResource = new URL("http://localhost:8080/resource";);
>>*URLConnection yc = *protectedResource*.openConnection();*
>>BufferedReader in = new BufferedReader(
>>new InputStreamReader(
>>*yc.getInputStream()*));
>>String inputLine;
>>
>>while ((inputLine = in.readLine()) != null)
>>//check if the response is the login page
>>in.close();
>>
>>if(The response is login page){
>>
>>
>>//make another request with to specific params for the
> authentication
>>}
>
> It's actually much easier to use BASIC auth if a machine is logging in.
> Look at: http://hc.apache.org/
>
>> My question is that in the second request I need to open a browser so
> is the session id of the
>> first request the same with the session id of the second request?
> because the FormAuthenticator need's
>> the session id of the first request to retrieve the protected resource?
>
> Yes, the session id will be required. If the URLs are encoded properly
> as per previous discussion, then the form action attribute will be
> re-encoded to incorporate the session id - you'll see how to submit to a
> modified URL if you examine the returned HTML for the login form.
>
>
> p
>
>> ----
>> *From:* Pid mailto:p...@pidster.com>>
>> *To:* Tomcat Users List <mailto:users@tomcat.apache.org>>
>> *Sent:* Mon, June 21, 2010 6:19:44 PM
>> *Subject:* Re: HTTP Status 408!
>>
>> On 21/06/2010 15:48, neo21 zerro wrote:
>>> Ok.I already have send params from my other application to my
>>> Tomcat application and everything goes well, I make this with the
>>> j_security_check on a post method, and I track down the path with the
>>> debug log. The problem is that in the
>>> org.apache.catalina.authenticator.FormAuthenticator in the authenticate
>>> method the user is getting authenticated but when the user should be
>>> redirected to the initial saved request, null is returned.
>>> So my problem is that I make */programmaticaly
>>>
>> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1
>>
>> http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1>
>>
> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1
> <http://www.google.ro/search?hl=ro&ei=IXsfTMiCB46C_AaVtpm9DQ&sa=X&oi=spell&resnum=0&ct=result&cd=1&ved=0CCwQBSgA&q=programmaticaly&spell=1>>>
>> /*just
>>> a request to my Tomcat web app authenticating the user per user params
>>> but I need somehow to tell the FormAuthenticator what the saved request
>>> should be. Any ideas?
>>
>> The process is:
>>
>>
Programatic JAAS login in Tomcat 6.0.26!
Hello, I'm using Tomcat 6.0.26 and java 1.5 SDK and I'm trying to implement a programmatic login in tomcat. I'm using JAAS for the container based security. Is there anyone that has done this before? I've tryied to bypass it by making a post with the username and the password in this request http://localhost:8080/acm/flex/j_security_check&username=test&password=test but it seems that Tomcat caches this request and then expects another request. I don't know what else to do. Please help! Thanks!!!
Re: Programatic JAAS login in Tomcat 6.0.26!
Hi Mikolaj and Mark, Thanks for the replay. The problem is that I read the specifications and I still don't know how to push the login details and the request for the main page in one call. The fact is that I need to open a browser from a swing app with the main page for my other application(that uses JAAS) programatic. So the real problem is how do push the request from the swing app to open an browser with an authenticated user and the main page from my other app. Because as I already said I cannot push to the application that uses JAAS my login credentials and the request to my main app. So I push the credentials as I already said but HTTP Status 400 - Invalid direct reference to form login page because I have no initial request with my main page, so that Tomcat can restore it. I cannot use JSP, my login page is a simple html page. Thanks a lot for your time! From: Mikolaj Rydzewski To: Tomcat Users List Sent: Thu, January 20, 2011 5:53:04 PM Subject: Re: Programatic JAAS login in Tomcat 6.0.26! On Thu, 20 Jan 2011 15:16:15 +, Mark Thomas wrote: > Read up on FORM auth in the Servlet spec. There is a specific sequence > of events that looks roughly like (for a successful auth): > > 1. Browser sends original request > 2. Server saves request, creates session and responds with login page > 3. Browser sends login details to server > 4. Server validates login details > 5. Server restores saved request and processes it > 6. Server sends response to original request to browser. Hi Mark, That explains problem some people complain about: When you invalidate session in second step, server is not able to restore previous request and leaves user with the same login form with URL /j_security_check. Real problem is, that now cryptic error appears: HTTP Status 400 - Invalid direct reference to form login page. It's enough for user to open login form page, wait until session invalidates due to inactivity time, then try to login. One solution is to use HttpSession.isNew() check on login JSP page and perform redirect to e.g. to main page. -- Mikolaj Rydzewski - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Programatic JAAS login in Tomcat 6.0.26!
How do I set it?Is it a configuration is my deployment descriptor or in the server.xml file?In tomcat 7 .. Thanks!
