-
1. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
sulfur Oct 19, 2004 12:59 PM (in response to sulfur)Ok I've narrowed it down to a Tomcat 5 bug/feature:
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=27122
About 1/2 way down the comments:
------- Additional Comments From william.barker@wilshire.com 2004-02-25 22:07 -------
And we have finally found the problem. In an attempt to try and work around some broken client (I can't be bothered to go back and see which one), Tomcat5 started adding adding the "don't cache" headers even for SSL requests. I'm in a very small minority of disliking this "feature", so it is unlikely to change.
The work-around is to configure the Authenticator yourself:<Context path="/myapp" docBase="myapp"> <Valve className="org.apache.catalina.authenticator.FormAuthenticator" disableProxyCaching="false" /> </Context>
Does anyone know how & where I can configure this in a JBoss-3.2.5 environemnt? Ie if I have a EAR file to deploy, "myapp.ear" with contents:
- myapp-ejb.jar
- myapp-web.war
- application.xml
- jboss-app.xml
- etc...
Also, this webapp is to be the default context, if it makes a different.
I've tried adding something to jbossweb-tomcat50.sar\server.xml but I can't figure out the correct syntax.
Thanks. -
2. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
starksm64 Oct 19, 2004 8:33 PM (in response to sulfur)jboss-3.2.5 does not support context level overrides. jboss-3.2.6 supports a WEB-INF/context.xml descriptor that allows one to customize a war context. The custom valve would be added by including a myapp-web.war/WEB-INF/context.xml with:
<Context> <Valve className="org.apache.catalina.authenticator.FormAuthenticator" disableProxyCaching="false" /> </Context>
With this the headers for the jmx-console secured using form auth look like:http://localhost:8080/jmx-console/ GET /jmx-console/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: JSESSIONID=73BBE64CC7EE140B8BE9564A3674B5C2 HTTP/1.x 200 OK Set-Cookie: JSESSIONID=544A25A77D9EEBB2AD92719D5B63262F; Path=/jmx-console Etag: W/"711-1098230852000" Last-Modified: Wed, 20 Oct 2004 00:07:32 GMT Content-Type: text/html Content-Length: 711 Date: Wed, 20 Oct 2004 00:24:10 GMT Server: Apache-Coyote/1.1 ----------------------------------------------------------
Without this or with the disableProxyCaching=true there are Pragma: No-cache and Cache-Control: no-cache headers in the replies:http://localhost:8080/jmx-console/ GET /jmx-console/ HTTP/1.1 Host: localhost:8080 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.3) Gecko/20040910 Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: JSESSIONID=544A25A77D9EEBB2AD92719D5B63262F HTTP/1.x 200 OK Pragma: No-cache Cache-Control: no-cache Expires: Wed, 31 Dec 1969 16:00:00 PST Etag: W/"711-1098230852000" Last-Modified: Wed, 20 Oct 2004 00:07:32 GMT Content-Type: text/html Content-Length: 711 Date: Wed, 20 Oct 2004 00:27:13 GMT Server: Apache-Coyote/1.1 ----------------------------------------------------------
-
3. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
sulfur Oct 20, 2004 1:29 PM (in response to sulfur)Many thanks Scott!
That did the trick & I'm sure other developers will be happy to know this as well, since the issue applies to Flash, PDF, MS Office files, etc etc. -
4. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
tklem Sep 26, 2005 3:10 PM (in response to sulfur)I attempted to create a context.xml file with contents as follows:
<?xml version="1.0" encoding="ISO-8859-1"?> <Context reloadable="true"> <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" disableProxyCaching="false" /> </Context>
When I run the server on JBoss 3.2.7 on my Windows XP local machine, the SSL fix for IE only works if the web.xml that does the user name and password is renamed to web.xml.bak, turning off usernames and passwords. The code from that file follows:<?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app> <security-constraint> <web-resource-collection> <web-resource-name>resourcename</web-resource-name> <description>An example security config that only allows users with the role myrole to access the web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>myrole</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>myrealm</realm-name> </login-config> <security-role> <role-name>myrole</role-name> </security-role> </web-app>
Is the problem that I'm using basic authentication, or is there another problem with the code? Both files are in the WEB-INF folder of the application. -
5. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
awclemen Jan 17, 2006 4:27 PM (in response to sulfur)Hello,
So I was getting Pragma: no-cache and Cache-Control: no-cache in my headers with IE6 so, I created the myapp.war/WEB-INF/context.xml with the following content:<Context> <Valve className="org.apache.catalina.authenticator.FormAuthenticator" disableProxyCaching="false" /> </Context>
However, I get the following error:13:46:55,101 WARN [FormAuthenticator] Unexpected error forwarding to login page java.lang.NullPointerException at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:238) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.valves.FastCommonAccessLogValve.invoke(FastCommonAccessLogValve.java:481) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
Now, I am using BASIC authentication, but I am assuming (possibly incorrectly) that my valve should use the form authentication. Becuase, hey, that's what the example is using.
Looking at the FormAuthenticator.java code... line 238 is this:response.sendError(HttpServletResponse.SC_FORBIDDEN,sm.getString("authenticator.requestBodyTooBig"));
in this try/catch block:
// No -- Save this request and redirect to the form login page if (!loginAction) { session = request.getSessionInternal(true); if (log.isDebugEnabled()) log.debug("Save request in session '" + session.getIdInternal() + "'"); try { saveRequest(request, session); } catch (IOException ioe) { log.debug("Request body too big to save during authentication"); response.sendError(HttpServletResponse.SC_FORBIDDEN, sm.getString("authenticator.requestBodyTooBig")); return (false); } forwardToLoginPage(request, response, config); return (false); }
So, it looks like the Authenticator was trying to warn that the request body was too big, but failed because the response was null (which is kind of hard to believe). This is assuming that the tomcat5.5 source matches the jboss 4.0.2 binaries.....
so, I'm kind of stuck as to what to do .... am I missing some small configuration issue? Is there another way to solve the problem of no-cache
if I'm using BASIC authenticator?
Any help would be appreciated! -
6. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
awclemen Jan 17, 2006 4:35 PM (in response to sulfur)Hey Forum Folks!
Well, I found my fix. Appearantly, I incorrectly assumed that FormAuthenticator should be used in the context.xml. Since I am using the BasicAuthenticator for authentication, my context.xml needed to look like this:<Context> <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" disableProxyCaching="false" /> </Context>
and WA-LA, it works!
If you are reading this, I hope it helps.
--Andy -
7. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
tklem Mar 23, 2006 3:02 PM (in response to sulfur)I am having trouble getting this to work. I've put the following code into a context.xml file in the WEB-INF director.
However, I don't know if this is a complete context.xml file. Is there a sample file out there somewhere that I haven't been able to find? -
8. Re: JBoss 3.2.5 Will Not Load Embedded Obj Under JAAS & SSL
tklem Mar 23, 2006 3:07 PM (in response to sulfur)Sorry, I used the instant reply instead of the main reply function. Here's the code for the context.xml file.
<?xml version="1.0" encoding="ISO-8859-1"?> <Context reloadable="true"> <Valve className="org.apache.catalina.authenticator.BasicAuthenticator" disableProxyCaching="false" /> </Context>