Member Avatar for probedb
probedb 0 Newbie Poster

Hi all,

I've just joined but have been coding a while longer :)

I'm having trouble migrating a webapp that works fine under Tomcat 5.0.28 to 5.5. I've done several others without any problem. This one, however uses SingleSignOn. I can't see anything wrong with my setup (config below) from reading the docs. All the webapps are using Alterian's Mediasurface CMS.

The problem arises when you do a successful signon, rather than getting the relevant Mediasurface page I get a Tomcat 403: Access Denied page. On 5.0 it shows me the correct Mediasurface page. have *ed out passwords and stuff.

server.xml snippet:

<Host name="intranet" debug="0" appBase="webapps/intranet" unpackWARs="true" autoDeploy="true"
	xmlValidation="false" xmlNamespaceAware="false">
	<Alias>intranet-psolecki</Alias>
	<Valve className="org.apache.catalina.valves.FastCommonAccessLogValve" directory="logs"
		prefix="intranet_access_log." suffix=".txt" pattern="common" resolveHosts="false"/>
	<Valve className="org.apache.catalina.authenticator.SingleSignOn"/>
	<Realm className="org.apache.catalina.realm.JNDIRealm"
			connectionURL="ldap://**********/"
			connectionName="*************"
			connectionPassword="*********"
			protocol="DIGEST-MD5"
			userBase="OU=******,DC=**,DC=***,DC=com***"
			userSearch="(sAMAccountName={0})"
			userRoleName="memberOf"
			roleSubtree="true"
			userSubtree="true"					
		/>
	<Context path="" docBase="${catalina.home}/webapps/intranet" debug="0" allowLinking="true">
		<Resources className="org.apache.naming.resources.FileDirContext" />
	</Context>
</Host>

webapp's web.xml SSO snippet:

<security-constraint>
	<web-resource-collection>
		<web-resource-name>Nrt</web-resource-name>
		<url-pattern>/global/loginregister/</url-pattern>
		<url-pattern>/global/footer/contact/</url-pattern>
		<url-pattern>/runningourbusiness/information/dataprotection/</url-pattern>
		<http-method>GET</http-method>
		<http-method>POST</http-method>
		<http-method>PUT</http-method>
		<http-method>DELETE</http-method>
	</web-resource-collection>
	<auth-constraint>
		<role-name>*</role-name>
	</auth-constraint>
</security-constraint>

<login-config>
	<auth-method>FORM</auth-method>
	<realm-name>Unifi</realm-name>
	<form-login-config>
		<form-login-page>/WEB-INF/security/login.jsp</form-login-page>
		<form-error-page>/WEB-INF/security/error.jsp</form-error-page>
	</form-login-config>
</login-config>

<security-role>
	<description>Only 'tomcat' role is allowed to access this web application</description>
	<role-name>tomcat</role-name>
</security-role>

Any thoughts?

Thanks in advance,

Paul.

  • 1 Contributor
  • 0 Replies
  • 59 Views
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.