1 Reply Latest reply on Sep 13, 2012 9:47 AM by Andrew Cheung

    Problem getting Quickstarts POST binding to work (version 2.1.4)

    Andrew Cheung Newbie

      Hi. I'm using PicketLink version 2.1.4, trying to get the QuickStarts "sales-post" example to work with POST binding. The behaviour I have observed using the following configuration is that when I go to http://localhost:8080/TestSP/sales-post, it redirects to the IDP login page. Then when I enter the credentials of the user "sales", the browser goes into an infinite loop.  Any pointers to help get this work would be appreciated.

       

      Thanks.

       

        -Andrew

       

      ----------------------------

       

      Here is my setup :

       

      IDP : Running on tomcat verison 6.0.35 on port 8180 of my local Windows 7 machine (configuration files will be posted below)

      SP : Running on JBoss EPP 5.2.1 on port 8080 locally

       

      I have also turned up logging. The contents of the log are below the configuration files below.

       

      All other files in the IDP and SP are not modified except for the following xml files:

       

      tomcat-users.xml :

       

      <role rolename="Employee"/>

      <role rolename="Sales"/>

      <role rolename="manager"/>

      <user username="manager" password="manager" roles="manager,Employee,Sales" />

      <user username="sales" password="sales" roles="Employee,Sales" />

      <user username="employee" password="employee" roles="Employee" />

       

       

      -------------------------------

       

      IDP web.xml :

      <?xml version="1.0"?>

      <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

      <description>IDP Web Application for the PicketLink project</description>

      <display-name>IDP</display-name>

      <listener>

        <listener-class>org.picketlink.identity.federation.web.listeners.IDPHttpSessionListener</listener-class>

      </listener>

      <!-- Define a security constraint that gives unlimted access to images -->

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>Images</web-resource-name>

         <url-pattern>/images/*</url-pattern>

        </web-resource-collection>

        <web-resource-collection>

         <web-resource-name>CSS</web-resource-name>

         <url-pattern>/css/*</url-pattern>

        </web-resource-collection>

      </security-constraint>

      <!-- Define a Security Constraint on this Application -->

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>Manager command</web-resource-name>

         <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

         <role-name>manager</role-name>

         <role-name>Sales</role-name>

        </auth-constraint>

      </security-constraint>

      <!-- Define the Login Configuration for this Application -->

      <login-config>

        <auth-method>FORM</auth-method>

        <realm-name>PicketLink IDP Application</realm-name>

        <form-login-config>

         <form-login-page>/jsp/login.jsp</form-login-page>

         <form-error-page>/jsp/login-error.jsp</form-error-page>

        </form-login-config>

      </login-config>

      <!-- Security roles referenced by this web application in the security constraints above-->

      <security-role>

        <role-name>manager</role-name>

      </security-role>

      <security-role>

        <role-name>Sales</role-name>

      </security-role>

      </web-app>

       

       

       

      ------------------------------

      IDP picketlink.xml :

       

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">

          <PicketLinkIDP xmlns="urn:picketlink:identity-federation:config:2.1" StrictPostBinding="true">

              <IdentityURL>http://localhost:8180/IDP/</IdentityURL>

              <Trust>

                  <Domains>localhost,jboss.com,jboss.org,amazonaws.com</Domains>

              </Trust>

          </PicketLinkIDP>

          <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler" />

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />

          </Handlers>

          <!--

              The configuration bellow defines a token timeout and a clock skew. Both configurations will be used during the SAML Assertion creation.

              This configuration is optional. It is defined only to show you how to set the token timeout and clock skew configuration.

           -->

       

          <PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0" TokenTimeout="5000" ClockSkew="0">

              <TokenProviders>

                  <TokenProvider

                      ProviderClass="org.picketlink.identity.federation.core.saml.v1.providers.SAML11AssertionTokenProvider"

                      TokenType="urn:oasis:names:tc:SAML:1.0:assertion"

                      TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion" />

                  <TokenProvider

                      ProviderClass="org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider"

                      TokenType="urn:oasis:names:tc:SAML:2.0:assertion"

                      TokenElement="Assertion" TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion" />

              </TokenProviders>

      </PicketLinkSTS>

       

      </PicketLink>

       

       

      ------------------------------------

      IDP context.xml (in the META-INF folder) :

       

      <Context>

       

          <Valve

              className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPSAMLDebugValve" />

          <Valve

              className="org.picketlink.identity.federation.bindings.tomcat.idp.IDPWebBrowserSSOValve" />

      </Context>

       

       

      ------------------------

      SP web.xml :

       

      <?xml version="1.0" encoding="ISO-8859-1"?>

      <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"

      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

      <description>Just a Test SP for Fedbridge Project</description>

      <display-name>Fedbridge Test SALES Application</display-name>

      <!-- Define a Security Constraint on this Application -->

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>SALES Application</web-resource-name>

         <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

         <role-name>manager</role-name>

        </auth-constraint>

      </security-constraint>

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>SALES Application</web-resource-name>

         <url-pattern>/*</url-pattern>

        </web-resource-collection>

        <auth-constraint>

         <role-name>Sales</role-name>

        </auth-constraint>

      </security-constraint>

      <!-- Define a security constraint that gives unlimted access to freezone -->

      <security-constraint>

        <web-resource-collection>

         <web-resource-name>freezone</web-resource-name>

         <url-pattern>/freezone/*</url-pattern>

        </web-resource-collection>

        <web-resource-collection>

         <web-resource-name>images</web-resource-name>

         <url-pattern>/images/*</url-pattern>

        </web-resource-collection>

        <web-resource-collection>

         <web-resource-name>css</web-resource-name>

         <url-pattern>/css/*</url-pattern>

        </web-resource-collection>

      </security-constraint>

      <!-- Define the Login Configuration for this Application -->

      <login-config>

        <auth-method>FORM</auth-method>

        <realm-name>Tomcat SALES Application</realm-name>

        <form-login-config>

         <form-login-page>/jsp/login.jsp</form-login-page>

         <form-error-page>/jsp/loginerror.jsp</form-error-page>

        </form-login-config>

      </login-config>

      <!-- Security roles referenced by this web application -->

      <security-role>

        <description>The role that is required to log in to this Application</description>

        <role-name>manager</role-name>

      </security-role>

      <security-role>

        <description>The role that is required to log in to this Application</description>

        <role-name>Sales</role-name>

      </security-role>

      </web-app>

       

       

      -------------------

       

      SP picketlink.xml :

       

      <PicketLink xmlns="urn:picketlink:identity-federation:config:2.1">

          <PicketLinkSP xmlns="urn:picketlink:identity-federation:config:1.0"

               BindingType="POST">

              <IdentityURL>http://localhost:8180/IDP/</IdentityURL>

              <ServiceURL>http://localhost:8080/TestSP/sales-post</ServiceURL>

          </PicketLinkSP>

          <Handlers xmlns="urn:picketlink:identity-federation:handler:config:2.1">

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.SAML2LogOutHandler" />

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler" />

              <Handler

                  class="org.picketlink.identity.federation.web.handlers.saml2.RolesGenerationHandler" />

          </Handlers>

      </PicketLink>

       

      --------------------------

       

      SP jboss-web.xml :

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

         <security-domain>sp</security-domain>

         <context-root>TestSP/sales-post</context-root>

       

      </jboss-web>

       

      -------------------------

       

      SP context.xml (in the WEB-INF folder):

       

      <Context>

        <Valve className="org.picketlink.identity.federation.bindings.tomcat.sp.ServiceProviderAuthenticator"

        />

      </Context>

       

      -------------------------

      Logs: server.log for tomcat :

       

      2012-09-12 08:06:16,758 INFO  [org.picketlink.identity.federation] (main) Using logger implementation: org.picketlink.identity.federation.DefaultPicketLinkLogger

      2012-09-12 08:06:16,866 WARN  [org.picketlink.identity.federation] (main) Security Token registry option not specified: Issued Tokens will not be persisted!

      2012-09-12 08:06:16,868 DEBUG [org.picketlink.identity.federation] (main) Revocation registry option not specified: cancelled ids will not be persisted!

      2012-09-12 08:06:16,872 WARN  [org.picketlink.identity.federation] (main) Security Token registry option not specified: Issued Tokens will not be persisted!

      2012-09-12 08:06:16,873 DEBUG [org.picketlink.identity.federation] (main) Revocation registry option not specified: cancelled ids will not be persisted!

      2012-09-12 08:06:28,377 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST

      SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF8zMTVkNDVhOS02NTUwLTRhZDctYTk0Zi04NTY1ZTYwNDdkNzIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjoyOC4yNjNaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=

      SAMLResponse=null

      true

       

      2012-09-12 08:06:29,131 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      2012-09-12 08:06:29,135 DEBUG [org.picketlink.identity.federation] (http-8180-2) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      2012-09-12 08:06:29,174 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      2012-09-12 08:06:34,152 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST

      SAMLRequest=null

      SAMLResponse=null

      true

       

      2012-09-12 08:06:34,185 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = GET

      SAMLRequest=null

      SAMLResponse=null

      true

       

      2012-09-12 08:06:34,365 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c

      2012-09-12 08:06:34,445 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST

      SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF8xODliYTUwMS1lNGUxLTQyNzAtYjlhZS01NmU3ZmViZThkZTciIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC40MTlaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=

      SAMLResponse=null

      true

       

      2012-09-12 08:06:34,466 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c

      2012-09-12 08:06:34,521 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST

      SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF9lN2U3MjUzMi1lMTFjLTQzYjgtYTZkZS00ZTFmMDcyOTBkZDIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC41MDNaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=

      SAMLResponse=null

      true

       

      2012-09-12 08:06:34,558 DEBUG [org.picketlink.identity.federation] (http-8180-1) issueToken::provider=org.picketlink.identity.federation.core.saml.v2.providers.SAML20AssertionTokenProvider@3de6696c

      2012-09-12 08:06:34,612 DEBUG [org.picketlink.identity.federation] (http-8180-1) SP Sent::Method = POST

      SAMLRequest=PHNhbWxwOkF1dGhuUmVxdWVzdCB4bWxuczpzYW1scD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOnByb3RvY29sIiB4bWxucz0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiIgQXNzZXJ0aW9uQ29uc3VtZXJTZXJ2aWNlVVJMPSJodHRwOi8vbG9jYWxob3N0OjgwODAvVGVzdFNQL3NhbGVzLXBvc3QiIERlc3RpbmF0aW9uPSJodHRwOi8vbG9jYWxob3N0OjgxODAvQlJFU0lEUC8iIElEPSJJRF84ZjBhN2M3NS0xZDc2LTQzZTUtOGU4MS0yZTNjNDk2N2M4MTIiIElzc3VlSW5zdGFudD0iMjAxMi0wOS0xMlQxMjowNjozNC41OTJaIiBQcm90b2NvbEJpbmRpbmc9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpiaW5kaW5nczpIVFRQLVBPU1QiIFZlcnNpb249IjIuMCI+PHNhbWw6SXNzdWVyIHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPmh0dHA6Ly9sb2NhbGhvc3Q6ODA4MC9UZXN0U1Avc2FsZXMtcG9zdDwvc2FtbDpJc3N1ZXI+PHNhbWxwOk5hbWVJRFBvbGljeSBBbGxvd0NyZWF0ZT0idHJ1ZSIgRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6bmFtZWlkLWZvcm1hdDp0cmFuc2llbnQiLz48L3NhbWxwOkF1dGhuUmVxdWVzdD4=

      SAMLResponse=null

      true

       

      -----------------------

      catalina.log for tomcat :

       

      Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false

      Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true

      Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false

      Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true

      Sep 12, 2012 8:06:28 AM org.apache.catalina.realm.RealmBase hasUserDataPermission

      FINE:   User data constraint has no restrictions

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /css/idp.css --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /css/idp.css --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/picketlink-banner-1180px.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /images/picketlink-banner-1180px.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /css/idp.css --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/picketlink-banner-1180px.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /css/idp.css --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /images/picketlink-banner-1180px.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission

      FINE:   User data constraint has no restrictions

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission

      FINE:   User data constraint has no restrictions

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE:   Checking roles null

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE:   Checking roles null

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE: Passing all access

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE: Passing all access

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/rh_bg.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /images/rh_bg.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /images/rh_bg.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /images/rh_bg.png --> true

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasUserDataPermission

      FINE:   User data constraint has no restrictions

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE:   Checking roles null

      Sep 12, 2012 8:06:29 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE: Passing all access

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /index.jsp --> false

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /index.jsp --> true

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against GET /index.jsp --> false

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against GET /index.jsp --> true

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasUserDataPermission

      FINE:   User data constraint has no restrictions

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE:   Checking roles GenericPrincipal[sales(Employee,Sales,)]

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE: No role found:  manager

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase hasResourcePermission

      FINE: Role found:  Sales

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Images, CSS]' against POST /index.jsp --> false

      Sep 12, 2012 8:06:34 AM org.apache.catalina.realm.RealmBase findSecurityConstraints

      FINE:   Checking constraint 'SecurityConstraint[Manager command]' against POST /index.jsp --> true

       

      ...and the same content above goes on and on.