Java Mailing List Archive

http://www.junlu.com/

Home » Home (12/2007) » Apache Tomcat »

Re: debug

Rainer Jung

2007-07-25

Replies:

Hi Scott,

your post subject is a little generic :)

The code shows, that the various realm classes only log additional
things for the following debug values:

DataSourceRealm.java: debug >= 2

JAASMemoryLoginModule.java: debug>0

JDBCRealm.java: debug >= 2

JNDIRealm.java: debug 1, 2, 3, 4

UserDatabaseRealm.java: debug >= 2

For the JNDIRalm possible log statements (without the surrounding
context) are (no guarantees):

debug >= 1

"Closing directory context"

"Connecting to URL " + connectionURL

"Connecting to URL " + alternateURL

debug >= 2

"lookupUser(" + username + ")"

sm.getString("jndiRealm.authenticateSuccess",
    user.username)
sm.getString("jndiRealm.authenticateFailure",
    user.username)

" getRoles(" + dn + ")"

" Returning " + list.size() + " roles"
" Found role " + list.get(i)
" getRoles about to return null "

debug >= 3

" dn=" + dn

" username not found"

" entry found for " + username + " with dn " + dn

" validating credentials"

" validating credentials by binding as the user"

" binding as " + dn

" bind attempt failed"

" Searching role base '" + roleBase + "' for attribute '" +
  roleName + "'"
" With filter expression '" + filter + "'"

" retrieving attribute " + attrId

" retrieving values for attribute " + attrId


debug > 3

" Searching for " + username
" base: " + userBase + " filter: " + filter

HTH. TC 5.0 now is only under security maintenance. No real chance to
get the logging in better shape. If you want to have a look at the
class, it is

container/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java

in a download, resp.

http://svn.apache.org/repos/asf/tomcat/container/branches/tc5.0.x/catalina/src/share/org/apache/catalina/realm/JNDIRealm.java

in the subversion code repository.

Regards,

Rainer

Scott McClanahan wrote:
> I've inherited a tomcat 5.0.28 server setup to use ldap as an
> authentication realm. In the server.xml I see this:
>
> <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
>
> What are valid values for debug within a realm? Currently a massive
> amount of ldap lookup and connection details are being logged and I
> don't think it is necessary. Thanks.

---------------------------------------------------------------------
To start a new topic, e-mail: users@(protected)
To unsubscribe, e-mail: users-unsubscribe@(protected)
For additional commands, e-mail: users-help@(protected)

©2008 junlu.com - Jax Systems, LLC, U.S.A.