Can not access Tomcat manager any more

Apr 1, 2011 at 9:11 AM
Edited Apr 1, 2011 at 9:13 AM

I have installed waffle by putting

    <Valve className="waffle.apache.NegotiateAuthenticator" principalFormat="fqn" roleFormat="both" />
    <Realm className="waffle.apache.WindowsRealm" />

into the context.xml and mofiying web.xml.

As soon as I have the above lines in the context.xml I can not access tomcat manager anymore. The admin password that was configured in tomcat-users.xml is not working any more.

Please advise.

Thanks in advance!

Alexander

Coordinator
Apr 1, 2011 at 11:26 AM

That's expected. The valve protects your entire tomcat installation if you put things in the global xml's. You can read this for how to configure tomcat manager with windows auth properly.

Apr 4, 2011 at 9:29 AM
Edited Apr 4, 2011 at 10:15 AM

I followed the description in your link. It does not work. I get "401 Unauthorized".

In the log I am getting "successfully logged in user: ....."

The user is member of the group Bultin\Users.

This is the manager/WEB-INF/web.xml I am using: http://pastie.org/1753705

Please advice.

Thanks in advance!

Alexander

Coordinator
Apr 4, 2011 at 11:56 AM

Follow troubleshooting negotiate, including what to do wafter that fails (paste output from an HTTP trace). 

Apr 4, 2011 at 12:53 PM
Edited Apr 4, 2011 at 12:54 PM

This is the HTTP trace.

 

GET /manager/html HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml+xml, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: de
UA-CPU: x86
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; MS-RTC LM 8)
Host: vm-marvin:8090
Connection: Keep-Alive

HTTP/1.1 401 
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=A7AE1BC4BA55A4234D6B72D5441C21A7; Path=/manager
Content-Type: text/html
Transfer-Encoding: chunked
Date: Mon, 04 Apr 2011 12:51:56 GMT

Please advise.

Thanks in advance

 Alexander

Coordinator
Apr 4, 2011 at 1:12 PM

There're no WAFFLE headers in the 401 response, which means you didn't configure the manager application properly. Re-check those context and server.xml files. I would also delete the work temporary folder, often Tomcat picks up cached versions of the configuration files.

Apr 4, 2011 at 1:47 PM

I belive the work folder only caches application data and not the context.xml and server.xml.

After commenting the error-page in manager/WEB-INF/web.xml it seems to work. No clue why.

<!-- 
  <error-page>
    <error-code>401</error-code>
    <location>/401.jsp</location>
  </error-page>
-->

<!-- 
  <error-page>
    <error-code>401</error-code>
    <location>/401.jsp</location>
  </error-page>
-->

<!-- 
  <error-page>
    <error-code>401</error-code>
    <location>/401.jsp</location>
  </error-page>
-->
Alexander

Coordinator
Apr 4, 2011 at 6:56 PM

See the end of my post that talks about 401.jsp.

Apr 5, 2011 at 8:58 AM

I did follow your recommendation to remove this setHeader line but it did not work. Only after removing the error-page section in the web.xml. No clue why.