SSL and Tomcat Conf. Ques

Similar Messages

• Problem with ssl and tomcat

  Hi to all, I'm trying to do ssl in a intranet. I have tomcat 4.1 and JDK 4.1_02. I have following all steps thats indicate the tomcat ssl documentation, I have copied the jcert.jar jnet.jar and jsse.jar to the directorie jre\lib\ext I have generated the keystore and verisign have sent me the keys. I have modified the server.xml where I have put the new port and the factory tag but I cannot see a page through https.
  I have port 8080 that redirects to 8443, which have the scheme=https.
  if I put http:\\localhost:8080 appear the tomcat home page.
  if I put https:\\localhost:8443 not appear nothing.
  if I put http:\\localhost:8443 not appear error but don't show nothing.
  I have seen the log of tomcat and appear an exception:
  org.apache.commons.digester.Digester error
  Parse Error al line 89 column 11: the content element type "web-app" must match (icon?,display-name?....
  this exception don't appear previously,it seems that is a problem of xerces.
  Any idea or help it is welcome.
  THANKS.

  Obviously you have a syntax error in your one of your .xml files. Most likely in either the global web.xml or the application specific one.

• SSL and tomcat

  how can i configure tomcat to run with SSL? any ideas?

  here you are - http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html

• Java and Tomcat SSL

  I have a java swing application that implements a servlet using Tomcat.  I want to be able to encrypt the data being sent to Tomcat and vice versa and I wasn't exactly sure of the process.  Would I just use HTTPS from the client side and configure SSL on Tomcat?  Any help would be great.
  Thanks in advance.

  Yes, using ssl is the best/simplest option.

• Adding ssl to tomcat directory

  Hi.
  Im running a https://mydomain.com with proper ssl certs and that works fine. But then I need a FileMaker function that activates a https://mydomain.com/zulu/ webpage.
  It does that through apache tomcat (in library/filemaker server/web publishing /cwpe-tomcat/conf/catalina/localhosts/zulu.xlm etc) but when i connect to it it looses the ssl connection. So when i run my function I get a
  java.sql.SQLException: Could not connect to database: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  And that should mean that the function cant locate the ssl certificate. Since my server is running with a certificate, Im wondering how to deploy ssl to all sub sites / tomcat pages?
  Im not sure if anyone will understand the question, but i don't really know how the web server functions, more then what I can se in the server.app
  The FileMaker function is set up according to the producer, and they says its a web server issue.. is it? The site itself is not located under root sites as I would have guessed it should be when its a domain/directoryadress...
  any tips are appreciated.
  thanks.
  Lion server lates build. Mac mini. Java 6.

  Me and google solved it.
  Reason:
  The Java 6 engine (used by tomcat that filemaker uses) on the osx lion cant find your ssl certificate. Java engine does not look for a certificate in the usual apache osx server keystore file. It uses its own keystore file called Cacerts. The location may vary depending on osx version. So when you connect, it cant find a certificate in the keystore file (keystore file is like a vaultwhere you can store certificates) because there is none. The solution is to import a proper signed certificate in to the Cacerts file so that it can be found by Filemaker and the Seecode.
  Solution:
  1. Make sure you have a proper signed ssl certificate intsalled for web in server.app.
  2. Export it from your keychain acces.app so that you get a file called something.cer
  3. Start terminal.app
  4. Run $ Sudo Keytool -import -alias yourdomain.com -file /example/folder/path/yourcertificate.cer -keystore /system/library/Java/Support/CoreDeploy.bundle/Contents/home/lib/security/Cacer ts
  5. Enter system password for the sudo command
  6. Enter Cacerts password, default is: changeit
  7. You will get a long text and a will you trust this question. Say yes.
  8. It should say Certificate has been added to keystore-file

• EDSPermissionError(-14120) problems with LDAP, SSL and Directory Utility

  Hello everyone,
  Apologies for the repost but I think I may have made a mistake by posting this originally in the Installation, Setup and Migration forum instead of the Open Directory forum. At least I think that may be why I didn't receive any responses.
  Anyway, I've been trying to get my head around Open Directory and SSL as they are implemented in Mac OS X Server 10.5 Leopard, and have been having a few issues. I would like to set up a secure internal infrastructure based around a local Certificate Authority that signs certificates for other internal services like LDAP, email, websites, etc.
  I only have one Mac OS X Server and it is kind of a small office so I have gone against best practice and simply made it a CA (through Keychain Utility). I then generated a self-signed SSL certificate through Server Admin, and used the "Generate CSR" option to create a Certificate Signing Request. This went fine, but I did have some problems signing it with the CA, because the server documentation suggested that once I signed it it would pop open a Mail message containing the ASCII version of the signed certificate - it did not, and it took me a loooong time to realize that I could simply export the copy of the signed certificate it put in my local Keychain on the server as a PEM file and paste this back into the "Add Signed or Renewed Certificate from Certificate Authority" dialog box in Server Admin. Hopefully this can be fixed in a forthcoming patch, but I thought I would mention it here in case anyone else is stuck on this issue.
  Once I did this I was able to use this certificate in the web server on the same machine and sure enough I was able to connect to it with with clients who had installed the CA certificate in their system Keychains without getting any error messages - very cool.
  However, I haven't had quite as much luck getting it going with LDAP/Open Directory. I installed the certificate there as well, but have run into a number of problems. At first I could not get clients (also running 10.5.2) to talk to the server at all over SSL, receiving an error in Directory Utility that the server did not support SSL. I eventually discovered that the problem seemed to lie in the fact that the OpenLDAP implementation on Leopard is not tied in with the system Keychain, necessitating some command-line voodoo to install a copy of the CA cert in a local directory and point /etc/openldap/ldap.conf at it, as documented here: http://www.afp548.com/article.php?story=20071203011158936
  This allowed me to do an ldapsearch command over SSL, and seemingly turn SSL on on clients that were previously bound to the directory, and additionally allowed me to run Directory Utility on new clients and put in the server name with the SSL box checked and begin to go through the process of binding. Once this seemed to work, I turned off all plaintext LDAP communication and locked down the service by checking the "Enable authenticated directory binding," "Require authenticated binding," "Disable clear text passwords," and "Encrypt all packets" options in Server Admin. However, I am now running into a new problem, specifically that I cannot successfully bind a local account to a directory account over SSL.
  Here's what happens:
  1) I run Directory Utility, (or it auto-runs) and add a server, typing in the DNS name and clicking the SSL box.
  2) I get asked to authenticate, and type in user credentials, including computer name (incidentally, should this be a FQDN or just a hostname?)
  3) Provided I put admin credentials in here and not user-level credentials, I get taken to the "Do you want to set up Mail, VPN, etc.?" box that normally appears when you autodiscover or connect to an Open Directory server.
  4) I click through, and am asked for a username and password on the server, as well as the password for my local account.
  5) When I put this information in, I get a popup with the dreaded "eDSPermissionError(-14120)" and it fails.
  Checking the logs in Server Admin reveals nothing special, and while I have seen a couple other threads on this error and various other binding problems:
  http://discussions.apple.com/thread.jspa?messageID=5967023
  http://discussions.apple.com/message.jspa?messageID=5982070
  these have not solved the problem. In the Open Directory user name field I am putting the short username. I have tried putting [email protected] and the user's longname but this fails by saying the account does not exist. For some reason it does seem to work if I bind it to the initial admin account I created, but no other user accounts.
  If I turn all the encryption stuff off I am able to join just fine, so I am suspecting that the error may lie in some other "under the hood" piece of software that doesn't get the CA trust settings from the Keychain or the ldap.conf file, but I'm stymied as to which piece of software this might be. Does anyone have any clues on what I might be able to do here?
  Thanks,
  Andrew

  Hard to tell what is happening without looking at the application
  source, knowing what OS & hardware you're using etc. You might want to
  try running with different JVM versions to see if it's actually the VM
  that is the problem. If you have a support contract with BEA you could
  ask support to help you diagnose this.
  Regards,
  /Helena
  Ayub Khan wrote:
  I have an application running on Weblogic 8.1 ( with JRockit as the JVM). This
  application in turns talks to an iPlanet Directory server via LDAP/SSL. The problem
  seems to happen on loading the machine..the performance progressively gets worse
  and after a couple of seconds, all the threads stop responding. I checked the
  heap, cpu and the idle threads in the execute queue and there is nothing there
  to trigger alarms...there are quite a few idle threads still and the heap and
  the cpu utilization seem OK. On doing a thread dump, Is see that all the other
  threads seem to be in a state where they are waiting for data from LDAP and it
  is basically read only data that they are waiting on.
  Does anyone know what it is going on and help point me in the right direction.
  -Ayub

• Apache HTTP server and Tomcat integration using mod_jk

  Hi, I'm trying to get Apache version 2 Server running with Tomcat 7 as the Java Servlet container (I'll be using Solr as the webapp next). Followed the instructions in the wiki articles Tomcat and Apache and Tomcat.
  The applications work fine separately. It's only when I modify the httpd.conf files as instructed that I get this error when I restart httpd and tomcat. This problem seems identical to this topic although the user that posted it does't know how he fixed the problem.
  Terminal wrote::: Starting Apache Web Server                                                                        [BUSY]
                             /usr/sbin/apachectl: line 84:  8640 Bus error               $HTTPD -k $ARGV       [FAIL]
  The only bit that I didn't follow to the letter is the part where it says to set TOMCAT_JAVA_HOME=/opt/java \. I have it as
  TOMCAT_JAVA_HOME=/usr/lib/jvm/java-7-openjdk. No idea why it repeats that the java home is in the /opt directory.
  I installed mod_jk from the AUR version 1.2.37-1.
  Any idea what the problem is?

  download the binary version of TomCat from
  http://jakarta.apache.org/
  and install it. but your need to set the environment variable...pls refer to
  http://www.amazon.com/exec/obidos/tg/stores/detail/-/books/1861002092/reader/18/ref=lib_dp_TT01/103-9996294-0061449#reader-link
  JSP hava some similarity of ASP. ASP is using Personal Web Server.
  heng

• Servlets and Tomcat/Apache

  Okay,
  Tomcat 4.1 running with Apache.
  Installed mod_jk, piece of cake.
  JSPs run through Apache like a dream.
  Tomcat examples ( jsp and servlets) run through Apache perfectly ( that is no :8080 business).
  My JSP's run through Apache no problem. Works great.
  My SERVLETS WILL NOT RUN THROUGH APACHE FOR ANYTHING.
  My context looks like this in server.xml:
  <Context path="/nuweb" docBase="/home/shared/nuweb" debug="0"
  reloadable="true" crossContext="true">
  <Logger className="org.apache.catalina.logger.FileLogger"
  prefix="nuweb" suffix=".log"
  timestamp="true"/>
  </Context>
  Note: that I am not under <TOMCAT_HOME>/webapps.
  The reason is that I will, in production not be the Unix admin on the server. I will only have priviledges within my directory. I will not be able to drop war files in the webapps directory. I will not be able
  to start and stop tomcat or apache ( there are 100 diffrent apache contexts on that machine and someday many of them will be going through tomcat for jsp and servlet support).
  My servlets will only run if I put :8080/nuweb/servlet/HelloServlet in the URL. Take off the 8080 and I get Page not found. Not the tomcat 404 page, the Browswer 404 errror.
  Here is my web.xml which lives in the WEB-INF directory of of /home/shared/nuweb
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE web-app
  PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
  "http://java.sun.com/dtd/web-app_2_3.dtd">
  <web-app>
  <servlet>
  <servlet-name>HelloServlet</servlet-name>
  <servlet-class>org.nu.servlet.HelloServlet</servlet-class>
  </servlet>
  <servlet-mapping>
  <servlet-name>HelloServlet</servlet-name>
  <url-pattern>/hello</url-pattern>
  </servlet-mapping>
  <servlet-mapping>
  <servlet-name>invoker</servlet-name>
  <url-pattern>/servlet/*</url-pattern>
  </servlet-mapping>
  </web-app>
  In devlopment I am on a system that is very close to what the production server will look like ( Tomcat 4.1 same version of Apache, same Unix ). In development I can restart all the servers edit server.xml etc. On the production I would have to schedule that stuff. I want to be able to compile classes and drop them in the WEB-INF/classes... directory and have them run. Is that too much to ask?

  Hi,
  I am also facing same error.
  I am not able to view my servlets via apache web server.
  ie when i do "http://localhost/enlighta/logon"
  I get http 404 page not found error
  but when I do http://localhost:8080/enlighta/logon
  all works fine
  I am using apache 2 and tomcat 4.5
  This is I have done:
  1.I have http server running on port 80
  2. appserver on port 8080
  3. I have a war file enlighta.war deployed on webserevr
  4. The static content like images and html page I have moved to webserver
  5. The servlet context of the app on the app server is /enlighta
  6. In the web.xml I have defined all the servlet maping.
  the port 8009 has the connecter is running/listening.
  the configuration
  sever.xml on tomcat
  <!-- Define an AJP 1.3 Connector on port 8009 -->
  <Connector port="8009"
  enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
  <Host name="localhost" appBase="webapps"
  unpackWARs="true" autoDeploy="true"
  xmlValidation="false" xmlNamespaceAware="false">
  httpd.conf on apache
  # Load mod_jk
  LoadModule jk_module modules/mod_jk.so
  # Configure mod_jk
  JkWorkersFile conf/workers.properties
  JkLogFile logs/mod_jk.log
  JkLogLevel info
  # First Virtual Host.
  <VirtualHost 192.168.1.2:8080>
  ServerAdmin [email protected]
  DocumentRoot /enlighta/
  ServerName localhost
  ErrorLog logs/enlighta_error_log
  TransferLog logs/enlighta_access_log
  JkMount /enlighta/* ajp13
  </VirtualHost>
  workers.properties
  worker.list=ajp13
  # Defining a worker named ajp13w and of type ajp13
  # Note that the name and the type do not have to match.
  worker.ajp13.type=ajp13
  worker.ajp13.host=localhost
  worker.ajp13.port=8009
  Now I feel I am doing something wrong on defining virtual host.
  Or may be something else is wrong.
  I have gone thru the previous thread but I dont have mod_jk.conf file.
  Please help!!!
  Thanks
  Sachin

• "Cannot set up certs for trusted CAs" and Tomcat

  I have succeeded in downloading/installing the JCE component and writing a small java program that ecrypts and decrypts text.
  Now that I've tried to integrate this code into a web application, I'm getting the following exception message:
  java.lang.ExceptionInInitializerError: java.lang.SecurityException: Cannot set up certs for trusted CAs: java.lang.SecurityException: Cannot locate policy and/or framework files for signer restraint check!
       at javax.crypto.SunJCE_b.<clinit>(DashoA6275)
       at javax.crypto.Cipher.a(DashoA6275)
       at javax.crypto.Cipher.getInstance(DashoA6275)
  I've copied the four JAR files into the web-inf/lib directory. I believe that I need to make changes to the appropriate policy file (which I assume is the catalina.policy file under the tomcat/conf folder) but this doesn't seem to make any difference.
  Can anybody help??
  Cheers,
  Ben
  PS - I DON'T want to copy the JARs into <java-home>\lib\ext

  i've been dealing w/ jdk1.3 and jce
  installation, configuration, and exceptions for a day
  now. i've recently upgraded to j2sdk1.4.1 and i have
  the same problems:
  java.lang.reflect.InvocationTargetException:
  java.lang.ExceptionInInitializerError:
  java.lang.SecurityException: Cannot set up certs for
  trusted CAs: java.lang.SecurityException: Cannot
  locate policy and/or framework files for signer
  restraint check!
  can you give me a little more detail around your
  explanation. in particular, i can get my encryption
  code to run as a command line app using the JDK alone.
  its once i try to run the code inside of tomcat that i
  get this exception.
  so far, i've tried putting all the .jars in my
  classpath, as well as web-inf/lib, as well as
  jre/lib/ext, as well as tomcat_home/common/lib and
  nothing works.
  could this still be a provider problem as you indicate
  and how does that explain the fact that it works with
  the JDK alone?Sun's JCE 1.2.2 and their JCE Provider doing a cross checking of the classes and their signatures. In JDK 1.4 that cross validation were removed, but JCE framework still checking the signature of the provider.
  You may also need to check which JRE you are using. On windows you have two of them by default: the one within JDK installation and the another one within "Programm Files". The last one is used by default if you didn't specify the path for java command.
  I've been using BouncyCastle JCE and their provider for a while. It works just fine in web-inf\lib directory under the JRE 1.3.1. They also have the signed jar for J2SE 1.4 that does not includes JCE framework.
  Note that you have to register your provider dynamically if you going to use it in the web application. You also have to make sure that your web app has enough rights for that (check the security properties if you are using security).
  BTW, which app container are you using?

• How to test SSL in tomcat

  hi,
  i need to test whether the SSL in tomcat is secure or not. i need to show some evidence to my supervisor that SSL did encrypt data during transmission.
  therefore, my plan is to sniff out some packet from SSL to show the encrypted data to my supervisor. but i do not know which is the best sniffer tools to help me to do this.
  could anyone suggest me which is the best tool? and how to do it?
  thanks
  eric

  If you're on linux, try ssldump. If you're on windows, try ethereal.

• JWSDP 1.5 and Tomcat for jwsdp

  Hi,
  I downloaded and installed both JWSDP 1.5 and Tomcat for jwsdp.
  I set the variables JWSDP_HOME,JAVA_HOME,CATALINA_HOME,ANT_HOME as usual.
  But, when I launch "catalina.sh run" I have the seguent warning....
  INFO: Processing Context configuration file URL file:/opt/tomcat50-jwsdp/conf/Catalina/localhost/xindice.xml
  10-dic-2004 17.31.48 org.apache.xindice.server.XindiceServlet init
  WARNING: NamingException: javax.naming.NameNotFoundException: Name org.xml.sax.driver is not bound in this Context
  10-dic-2004 17.31.50 org.apache.xindice.core.Database setConfig
  INFO: Database points to /opt/tomcat50-jwsdp/registry-server/Xindice/./db
  10-dic-2004 17.31.51 org.apache.xindice.server.XindiceServlet init
  INFO: Database successfully started
  Does anybody tell me why?
  Thanks, Tony

  Tony:
  I'm seeing the same issue on my system.
  Redhat 9.0
  JDK 1.5.0_01
  JWSDP 1.5
  TOMCAT 5 for JWSDP
  Did a complete system wipe and reinstall and have the same issues.
  Did you get any responses, or discover a solution?
  TIA,
  drjohn

• [svn:bz-trunk] 15533: Back out some local changes to tomcat-users. xml and tomcat-users.xml. install I inadvertently checked in when upgrading ActiveMQ on BlazeDS/trunk .

  Revision: 15533
  Revision: 15533
  Author:   [email protected]
  Date:     2010-04-17 04:20:11 -0700 (Sat, 17 Apr 2010)
  Log Message:
  Back out some local changes to tomcat-users.xml and tomcat-users.xml.install I inadvertently checked in when upgrading ActiveMQ on BlazeDS/trunk.
  Modified Paths:
      blazeds/trunk/servers/apache-tomcat-6.0.14/conf/tomcat-users.xml
      blazeds/trunk/servers/apache-tomcat-6.0.14/conf/tomcat-users.xml.install

  i will not read all that!!!! Format it! Lots of useless information commented.
  java.net.SocketException: java.net.ConnectException: Connection timed out: connect
  at com.mysql.jdbc.StandardSocketFactory.connect(StandardSocketFactory.java:156)
  Tells me you have a connection error on Mysql. Quick search show me this:
  <Resource name="jdbc/passport" auth="Container"
  type="javax.sql.DataSource" driverClassName="com.mysql.jdbc.Driver"
  url="jdbc:mysql://258.1.54.134:3306/xmnext_passport"
  username="dda" password="zhoussda" maxActive="20" maxIdle="10"
  maxWait="-1"/>
  Can you connect to the server using thos setting with a mysql client in the server?

• JNLP and Tomcat JNDI DataSource

  Software
  JDK 1.5 Update 6
  Tomcat 5.5.4
  Requirements
  I have a Client Side requirement and this project is going to be deployed to 5 users initially all in a lan but there are very chances of adding more users simultaneously.
  I am thinking of deploying in JNLP Environment.
  At present the Swing application though in development phase is running a little slow and therefore I required the way by which I could store the references of the Object in some server.Getting Connection Object is also a major time consumer and so I needed some way by which I can use the Tomcat DataSource and use the JNDI facility to store certain intermediate values in the server.
  Can I use the JNDI in the JNLP Application.
  Please provide me the way by which I can do this stuff
  Thanks in advance
  CSJakharia

  .> I am using tomcat 5.5.9 and oracle 9i. I am hosting a
  portal which uses connection pooling.
  I have decided to use the connection pooling through
  tomcat's JNDI naming lookup.Excellent idea.
  for this i have used the following steps --
  1) made entry of <resource-ref> in webapp's web.xml
  2) made relevant and corresponding entry in tomcat's
  ${TOMCAT_HOME}/conf/context.xml (for JNDI
  JDBC-datasource)No, don't do it that way.
  .> my problems are--
  1) making the entry for context.xml in tomcats
  conf folder makes the application war dependent
  on web server which i dont want to make.Yes, it does.
  2) i have to put classes12.jar in tomcats
  ${TOMCAT_HOME}/common/lib folder and only then the
  application connection pooling works else the
  exception coming on tomcat console is --
  org.apache.tomcat.dbcp.dbcp.SQLNestedException.
  Why aren't you using the latest JDBC driver from Oracle? That's in ojdbc14.jar.
  .> I dont want to put classes12.jar in web server i want
  the web server's JNDI lookup to pick the driver frm
  my webapps' internal lib folder. please help me on
  these very pressing and immediate issues. all the
  help coming from anyone in this regard is very much
  welcome.
  thanks in advance!
  VaivYour instinct is correct.
  (1) Put ojdbc14.jar in WEB-INF/lib of your WAR file.
  (2) Edit the <Context> XML into a file named context.xml and put it in META-INF of your WAR. Tomcat should pick up the context information for the JNDI data source from that.
  Everything is in the WAR, and you don't have any dependence on the server that way.
  %

• Directory Editor and Tomcat

  Hey all,
  I am installing Directory Editor 6.0, and following the install documentation, I added some lines to the 'catalina.policy' file in the Tomcat configuration to allow DE to work properly.
  grant codeBase "file:${catalina.home}/webapps/de/-" {
    permission java.security.AllPermission;
  grant codeBase "file:${catalina.home}/webapps/de/-" {
    permission javax.security.auth.AuthPermission "getLoginConfiguration";
    permission javax.security.auth.AuthPermission "setLoginConfiguration";
    permission javax.security.auth.AuthPermission "createLoginContext.SunDirectoryLogin";
    permission javax.security.auth.AuthPermission "modifyPrincipals";
    permission java.util.PropertyPermission "*", "read,write";
    permission java.net.SocketPermission "*", "connect,resolve";
    permission java.io.FilePermission "*", "read, write";
    permission java.util.PropertyPermission "Debug.enable", "read";
  grant {
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.beans.*";
    permission java.lang.RuntimePermission "accessClassInPackage.sun.io";
    permission java.lang.RuntimePermission "accessDeclaredMembers";
  };I deployed the WAR file, and was able to perform the initial configuration of DE (location of the config directory, what suffix to configure, what credentials to connect to the DS as...). Once those steps finish, I can see data in the DS under the newly created "Services" OU for DE, but when I try to login to DE as either a regular user or as an administrative user, I get an error. The catalina.out log show the following:
  2007-06-25 16:00:14,398 [TP-Processor11] WARN  org.apache.struts.action.RequestProcessor - Unhandled Exception thrown: class java.lang.SecurityException
  2007-06-25 16:00:14,398 [TP-Processor11] ERROR com.sun.dml.web.DmlRequestProcessor - No exception handler for java.lang.SecurityException: Unable to locate a login configuration.  Forwarding to error page.
  java.lang.SecurityException: Unable to locate a login configuration
          at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
          at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
          at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
          at java.lang.reflect.Constructor.newInstance(Constructor.java:494)
          at java.lang.Class.newInstance0(Class.java:350)
          at java.lang.Class.newInstance(Class.java:303)
          at javax.security.auth.login.Configuration$3.run(Configuration.java:216)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:210)
          at com.sun.dml.web.LoginAction.execute(LoginAction.java:113)
          at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421)
          at com.sun.dml.web.DmlRequestProcessor.processActionPerform(DmlRequestProcessor.java:180)
          at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226)
          at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1164)
          at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:415)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:709)
          at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
          at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
          at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
          at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
          at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
          at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:199)
          at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:282)
          at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:754)
          at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:684)
          at org.apache.jk.common.ChannelSocket$SocketConnection.runIt(ChannelSocket.java:876)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
          at java.lang.Thread.run(Thread.java:595)
  Caused by: java.io.IOException: Unable to locate a login configuration
          at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
          at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
          ... 32 moreIs there anything else that needs to be done to allow access for DE when using Tomcat?
  TIA, Mark

  here is the info re: Directory Editor and Tomcat 5.5:
  http://docs.sun.com/app/docs/doc/820-2487/de-bugs-fixed-known
  6397929
  When deploying on Tomcat 5.5, login fails due to a missing JAAS configuration file
  To work around this issue, first create tomcat-install-path/bin/setenv.sh containing the following line:
  JAVA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.conf"
  Next create tomcat-install-path/conf/jaas.conf. Edit the file to contain the following lines:
  SunDirectoryLogin {
  com.sun.dml.auth.SunDirectoryLoginModule required;
  };

• Netbeans and Tomcat

  Hello all.
  I have some confusion using Netbeans (v6.1) and Tomcat (v6).
  I have developed a Website that uses a MySql DB. The Website execute on the port 8080 with a DB named "Dev" and in a context call "/Dev" so I can access my application with "http://localhost:8080/Dev/". It works perfectly and everything is beautiful. I think it runs under the Tomcat_base that Netbeans includes (under /home/user/.netbeans/...).
  Then I want to put this Website in a kind of Production environment. So I copy the built .war to the "webapps" of my Tomcat (under /usr/local/tomcat...) and start the Tomcat server. I configured this Tomcat to work on the port 80 and in a context called "/Prod" so I should be able to run the application with "http://localhost/Prod/".
  The question is: I have different Databases for both environments (I mean different DB running on the same Mysql), so I don't know how to do the Dev-Prod change or configure it in an elegant way. I think I can just develop the Website in Development and before copying the .war file to Production, change both the path and the DB name in the "context.xml" file, and then build the WAR. I guess it must be a better way to do it, but I don't know it.
  Can someone give me some advice please?
  I appreciate your help, thank you very much.
  Sarah.

  I believe this is the way to do it:
  If your context is called MyProject, I imagine under tomcat/conf/catalina/localhost there is a file called MyProject.xml. You put configuration information such as database connection info in this file. This file should not be within the war file so when you alter MyProject and deploy it, it doesn't alter this file. In Eclipse IDE, you do not give it permission to alter this file (the option is a checkbox in one of the menu items), note: let it auto-generate it the first time, then yurn off that feature. Your production enviornment will have a different MyProject.xml file than your development enviornemnt. I suggest changing the file to read-only in both production and development so it doesn't accidently get altered.