Waffle-Filter Sample Not Working

Apr 10, 2011 at 7:16 PM

Hi,

I'm running on a Windows 2003 Server, utilizing IIS 6 with JRun 4.

When I try to run the included sample (Waffle-Filter sample) on IE 8, I don't get anything back (I receive a 401 Not Authorized).  It comes up with a login page, I login, and then nothing is returned.

I've already followed the client-side instructions, and even ran the ieHTTPHeaders application (see results below).

 

Any suggestions on what to do would be greatly appreciated (as a note, I am able to login via Firefox 4, however, it doesn't automatically log me in, I have to type my username and password).

JRun Server Log File:

Apr 10, 2011 1:59:41 PM waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /waffle-filter/index.jsp, contentlength: -1
Apr 10, 2011 1:59:41 PM waffle.servlet.NegotiateSecurityFilter doFilter
INFO: authorization required
04/10 13:59:41 error jrun.servlet.io.ClosedIOException: Response has been closed
java.lang.RuntimeException: jrun.servlet.io.ClosedIOException: Response has been closed
	at waffle.servlet.NegotiateSecurityFilter.sendUnauthorized(NegotiateSecurityFilter.java:303)
	at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:137)
	at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
	at jrun.servlet.FilterChain.service(FilterChain.java:101)
	at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
	at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
	at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
	at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
	at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
	at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
	at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Caused by: jrun.servlet.io.ClosedIOException: Response has been closed
	at jrun.servlet.io.ClosedOutputStream.flush(ClosedOutputStream.java:28)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
	at jrun.servlet.jrpp.JrppOutputStream.flush(JrppOutputStream.java:45)
	at jrun.servlet.jrpp.ProxyEndpoint.flushBuffer(ProxyEndpoint.java:975)
	at jrun.servlet.JRunResponse.flushBuffer(JRunResponse.java:147)
	at waffle.servlet.NegotiateSecurityFilter.sendUnauthorized(NegotiateSecurityFilter.java:301)
	... 10 more

Apr 10, 2011 1:59:41 PM waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /waffle-filter/index.jsp, contentlength: -1
NtlmServletRequest::: getConnectionId = 127.0.0.1:80
Apr 10, 2011 1:59:41 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: security package: Negotiate, connection id: 127.0.0.1:80
Apr 10, 2011 1:59:41 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: token buffer: 64 byte(s)
Apr 10, 2011 1:59:41 PM waffle.servlet.NegotiateSecurityFilter doFilter
WARNING: error logging in user: The token supplied to the function is invalid

04/10 13:59:41 error jrun.servlet.io.ClosedIOException: Response has been closed
java.lang.RuntimeException: jrun.servlet.io.ClosedIOException: Response has been closed
	at waffle.servlet.NegotiateSecurityFilter.sendUnauthorized(NegotiateSecurityFilter.java:303)
	at waffle.servlet.NegotiateSecurityFilter.doFilter(NegotiateSecurityFilter.java:90)
	at jrun.servlet.FilterChain.doFilter(FilterChain.java:94)
	at jrun.servlet.FilterChain.service(FilterChain.java:101)
	at jrun.servlet.ServletInvoker.invoke(ServletInvoker.java:106)
	at jrun.servlet.JRunInvokerChain.invokeNext(JRunInvokerChain.java:42)
	at jrun.servlet.JRunRequestDispatcher.invoke(JRunRequestDispatcher.java:286)
	at jrun.servlet.ServletEngineService.dispatch(ServletEngineService.java:543)
	at jrun.servlet.jrpp.JRunProxyService.invokeRunnable(JRunProxyService.java:203)
	at jrunx.scheduler.ThreadPool$ThreadThrottle.invokeRunnable(ThreadPool.java:428)
	at jrunx.scheduler.WorkerThread.run(WorkerThread.java:66)
Caused by: jrun.servlet.io.ClosedIOException: Response has been closed
	at jrun.servlet.io.ClosedOutputStream.flush(ClosedOutputStream.java:28)
	at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124)
	at jrun.servlet.jrpp.JrppOutputStream.flush(JrppOutputStream.java:45)
	at jrun.servlet.jrpp.ProxyEndpoint.flushBuffer(ProxyEndpoint.java:975)
	at jrun.servlet.JRunResponse.flushBuffer(JRunResponse.java:147)
	at waffle.servlet.NegotiateSecurityFilter.sendUnauthorized(NegotiateSecurityFilter.java:301)
	... 10 more

Apr 10, 2011 1:59:50 PM waffle.servlet.NegotiateSecurityFilter doFilter
INFO: GET /waffle-filter/index.jsp, contentlength: -1
NtlmServletRequest::: getConnectionId = 127.0.0.1:80
Apr 10, 2011 1:59:50 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: security package: Negotiate, connection id: 127.0.0.1:80
Apr 10, 2011 1:59:50 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: token buffer: 40 byte(s)
Apr 10, 2011 1:59:50 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: continue token: TlRMTVNTUAACAAAAHgAeADgAAAAFgoqiNnHQvIoBfVcAAAAAAAAAAJQAlABWAAAABQEoCgAAAA9DAEgAUgBJAFMAVABPAFAALQA5ADQARAA2AEMAMgACAB4AQwBIAFIASQBTAFQATwBQAC0AOQA0AEQANgBDADIAAQAeAEMASABSAEkAUwBUAE8AUAAtADkANABEADYAQwAyAAQAHgBjAGgAcgBpAHMAdABvAHAALQA5ADQAZAA2AGMAMgADAB4AYwBoAHIAaQBzAHQAbwBwAC0AOQA0AGQANgBjADIABgAEAAEAAAAAAAAA
Apr 10, 2011 1:59:50 PM waffle.servlet.spi.NegotiateSecurityFilterProvider doFilter
INFO: continue required: true

ieHTTPHeaders Results:

 

GET /waffle-filter/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/6
Date: Sun, 10 Apr 2011 17:59:41 GMT
X-Powered-By: ASP.NET
Connection: close
WWW-Authenticate: Basic realm="WaffleFilterDemo"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: keep-alive
Content-Language: en-US
Content-Type: text/html

GET /waffle-filter/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB7IIogkACQA3AAAADwAPACgAAAAFASgKAAAAD0NIUklTVE9QLTk0RDZDMldPUktHUk9VUA==

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/6
Date: Sun, 10 Apr 2011 17:59:41 GMT
X-Powered-By: ASP.NET
Connection: close
WWW-Authenticate: Basic realm="WaffleFilterDemo"
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
Connection: close
Content-Language: en-US
Content-Type: text/html

GET /waffle-filter/index.jsp HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/x-ms-xbap, application/x-ms-application, application/vnd.ms-xpsdocument, */*
Accept-Language: en-us
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
Accept-Encoding: gzip, deflate
Host: localhost
Connection: Keep-Alive
Authorization: Negotiate TlRMTVNTUAABAAAAB4IIogAAAAAAAAAAAAAAAAAAAAAFASgKAAAADw==

HTTP/1.1 401 Unauthorized
Server: Microsoft-IIS/6
Date: Sun, 10 Apr 2011 17:59:50 GMT
X-Powered-By: ASP.NET
Connection: close
WWW-Authenticate: Negotiate TlRMTVNTUAACAAAAHgAeADgAAAAFgoqiNnHQvIoBfVcAAAAAAAAAAJQAlABWAAAABQEoCgAAAA9DAEgAUgBJAFMAVABPAFAALQA5ADQARAA2AEMAMgACAB4AQwBIAFIASQBTAFQATwBQAC0AOQA0AEQANgBDADIAAQAeAEMASABSAEkAUwBUAE8AUAAtADkANABEADYAQwAyAAQAHgBjAGgAcgBpAHMAdABvAHAALQA5ADQAZAA2AGMAMgADAB4AYwBoAHIAaQBzAHQAbwBwAC0AOQA0AGQANgBjADIABgAEAAEAAAAAAAAA
Connection: keep-alive

 

 

Coordinator
Apr 11, 2011 at 4:07 AM

Looks like both the client and the server are talking Negotiate but whatever the client sends to the server is not ok with it. This is usually the lack of a proper SPN or a domain-specific configuration problem. 

The next steps are much harder.

Troubleshooting Kerberos

Troubleshooting NTLM