 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Struts - A MVC web framework | | Tomcat - JSP/Servlet container | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | | JSP - A mailing list about Java Server Pages specification and reference | |
Struts & Hibernate
|
|
|
| | | SSL failure with some browsers - Access denied by access control list | SSL failure with some browsers - Access denied by access control list 2004-01-09 - By Bill Barker
Back
At a guess, those Mozilla versions don't support TLS, which is Tomcat's
default SSL protocol. Whatever it is, try turning up your commons-logging
debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty
of messages in your Tomcat logs to help you figure out why Tomcat doesn't
like Mozilla.
<Bruno.Melloni@(protected)> wrote in message
news:61C1CA24B8657047893FCF3570BC757D01EFB9CC@(protected)
Problem:
- Making any https call fails with the message "Forbidden. You were denied
access because: Access denied by access control list.".
- The failure happens even accessing https://<host>:8443/tomcat-docs, while
a regular http call succeeds.
- The failure happens with some browsers (i.e.: Mozilla) but now with others
(i.e.: Internet Explorer, and most versions of Netscape).
- The failure appears to only happen when accessing a server on a different
box than the one where the browser is running. It has not happened (so far)
on the same box as the client.
- The failure appears to happen with the Tomcat running on either Windows or
Solaris.
- The failure is not related to the JDK's Verisign Certificate issue
(expired Jan 7). It was happening in December, and it was not corrected by
JDK 1.4.2_03. Also, the certificates being used are self-signed according
to the Tomcat's default instructions.
Questions:
- Is this a configuration issue? Or is it a deeper problem with either
Tomcat or the browsers? I have not seen many postings out there on this
topic, so I assume (and hope) the problem is a dumb configuration snafu.
- Is there a know solution? I have not found any on the Tomcat archives, on
the Mozilla archives, or even after several exchanges with the Mozilla
support people.
- Is there any additional information I can provide that might shed some
light as to why this is happening?
Environment details:
- Tomcat version: 5.
- JDK version 1.4.2 (both _02 and _03).
- Mozilla versions failing (at least 1.4 and 1.5).
- IE version succeeding (at least 6.0)
- Netscape version succeeding (at least 4.5, 4.7, and I believe one of the
7.x versions).
server.xml:
(feel free to comment if you see something wrong even if unrelated)
<Server port="8105" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener  "
debug="0"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener "
debug="0"/>
<GlobalNamingResources>
<Environment name="simpleValue" type="java.lang.Integer " value="30"/>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase "
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory </value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8089"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="8109"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost" debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm "
debug="0" resourceName="UserDatabase"/>
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
</Host>
</Engine>
</Service>
</Server>
Bruno Melloni
eBusiness Application Center, Americas
Nokia, Inc
6000 Connection Drive, Mailstop 4w223
Irving, TX 75039 USA
*Office: +1 (972)894-6120
*Cellular: +1 (469) 939-1067
* SMS: 4699391067@(protected)
* e-mail: bruno.melloni@(protected)
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
|
