portals-jetspeed-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ate Douma (JIRA)" <jetspeed-...@portals.apache.org>
Subject [jira] Commented: (JS2-828) HTTP 403 immediately after login in Tomcat 5.5.25.
Date Thu, 13 Dec 2007 03:22:43 GMT

    [ https://issues.apache.org/jira/browse/JS2-828?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12551199
] 

Ate Douma commented on JS2-828:
-------------------------------

Confirmed.

And I also found why: http://issues.apache.org/bugzilla/show_bug.cgi?id=40150
This is a patch applied to Tomcat 5.24 (and 6, I haven't yet figured out since which version).
The point of the above issue was detecting invalid Principal classes (which couldn't be loaded)
so to provide proper feedback during startup of Tomcat.
But, this patch didn't cater for another feature of the JAASRealm, namely that these Principal
classes can be located/provided by the specific web application itself (configuration parameter
useContextClassLoader, default *true*).
The check done on the provided classes is *not* done with respect to this configuration parameter,
thus now fails with Jetspeed which depends on this :(
So, our Principal classes are no longer known to Tomcat and thus its container authentication
is completely broken!

I'll pursuit this issue with the Tomcat team and see if we can get this patch reversed or
corrected, but for the time being its difficult to run Jetspeed on Tomcat >= 5.5.24.
A workaround is extracting the JaasReam.class from the catalina-optional.jar from Tomcat 5.5.23
and copy that (in the proper package directory) under $TOMCAT_HOME/server/classes.
I've tested it out and it works (the above patch is the only change to this class so far).

As this issue isn't related to jetspeed at all but really a Tomcat bug, I'm going to remove
the Fix version as its not something we cann fix. 

> HTTP 403 immediately after login in Tomcat 5.5.25.
> --------------------------------------------------
>
>                 Key: JS2-828
>                 URL: https://issues.apache.org/jira/browse/JS2-828
>             Project: Jetspeed 2
>          Issue Type: Bug
>         Environment: Linux, Tomcat 5.5.25, JDK5. jetspeed 2.1.3-dev branch
>            Reporter: Mohan Kannapareddy
>            Assignee: Ate Douma
>            Priority: Critical
>
> Immediately after logging into the portal, the URL address box in the browser displays:
>  http://localhost:20000/jetspeed/login/redirector
> ======================
> And the page displays:
> HTTP Status 403 - Access to the requested resource has been denied
> type Status report
> message Access to the requested resource has been denied
> description Access to the specified resource (Access to the requested resource has been
denied) has been forbidden.
> Apache Tomcat/5.5.25
> ======================
> I believe this is the same behavior in Tomcat 6.0.x and I get the same thing in GlassFish
v2-b58g.
> This does *NOT* happen in Tomcat 5.5.23 or lower versions. Something changed between
5.5.23 and 5.5.25.
> Also, after the login post if you just type in the URL http://<>/jetspeed, the
page appears normally and you can
> function.
> I do not know whether it is relevant but at least GlassFish appears to record the following
in the server.log.
> Unable to set request character encoding to UTF-8 from context /jetspeed, because request
parameters have already been read, or ServletRequest.getReader() has already been called

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: jetspeed-dev-unsubscribe@portals.apache.org
For additional commands, e-mail: jetspeed-dev-help@portals.apache.org


Mime
View raw message