It's all about the answers!

Ask a question

Can't convert to basic authentication w/ tomcat successfully


Daniel Cox (4261168) | asked Sep 03 '08, 2:52 p.m.
Hi All,

I apologize for asking a question which is most likely just my lack of knowledge of tomcat. In order to enable feed readers I am trying to switch our implementation on top of tomcat to basic authentication. I've made the relevant change in server/tomcat/webapps/jazz/WEB-INF/web.xml:


<login>
<auth>BASIC</auth>
</login>
<!--
<login>
<auth>FORM</auth>
<form>
<form>/auth/authrequired</form>
<form>/auth/authfailed</form>
</form>
</login>
-->


I've shutdown and restarted the server - however I end up with the following exception in the logs:

Sep 3, 2008 12:15:57 PM org.apache.catalina.authenticator.FormAuthenticator forwardToLoginPage

WARNING: Unexpected error forwarding to login page
java.lang.NullPointerException
at org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)


It's obviously still trying to forward to the login page - but that should no longer be being used.

What have I missed?

BTW - everything does work when using form-based authentication. I am using an LDAP realm as well in case there is a remote likelihood that it might affect the situation.

3 answers



permanent link
Matt Lavin (2.7k2) | answered Sep 03 '08, 3:54 p.m.
FORUM MODERATOR / JAZZ DEVELOPER
There is a Tech Note that included instructions on how to setup Basic
auth for Jazz Team Server. The instructions are in the "Configuring the
authentication method" section of:

https://jazz.net/learn/LearnItem.jsp?href=content/tech-notes/jazz-team-server-0_6-authentication-explained/index.html


Matt Lavin
Jazz Server Team


xdcx11 wrote:
Hi All,

I apologize for asking a question which is most likely just my lack of
knowledge of tomcat. In order to enable feed readers I am trying to
switch our implementation on top of tomcat to basic authentication.
I've made the relevant change in
server/tomcat/webapps/jazz/WEB-INF/web.xml:


<login
<auth>BASIC</auth
</login
!--
<login
<auth>FORM</auth
<form
<form>/auth/authrequired</form
<form>/auth/authfailed</form
</form
</login>
-->


I've shutdown and restarted the server - however I end up with the
following exception in the logs:

Sep 3, 2008 12:15:57 PM
org.apache.catalina.authenticator.FormAuthenticator
forwardToLoginPage
WARNING: Unexpected error forwarding to login page
java.lang.NullPointerException
at
org.apache.catalina.authenticator.FormAuthenticator.forwardToLoginPage(FormAuthenticator.java:316)
at
org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:244)


It's obviously still trying to forward to the login page - but that
should no longer be being used.

What have I missed?

BTW - everything does work when using form-based authentication. I am
using an LDAP realm as well in case there is a remote likelihood that
it might affect the situation.

permanent link
Daniel Cox (4261168) | answered Sep 03 '08, 4:37 p.m.
Thanks for the pointer! I see this detail is what I was missing:

If you are using Tomcat, you must also modify "jazz\server\tomcat\conf\Catalina\localhost\jazz.xml" and change the className attribute on the "Valve" element from:

org.apache.catalina.authenticator.FormAuthenticator

to

org.apache.catalina.authenticator.BasicAuthenticator

Apparently the technotes don't get indexed by the search engine as I had carefully searched and reviewed all content with "local-config" and "basic authentication" that had search results.

permanent link
Daniel Cox (4261168) | answered Sep 03 '08, 4:52 p.m.
Oh and BTW - if anyone else does come by this the answer is that BASIC and tomcat will authenticate with every request - so unless you want to flood your LDAP server switch to WebSphere if you must have secure feeds.

Your answer


Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.