 | Mailing List | | Home | | Forum Home | | JBoss - Java Application Server | | Struts - A MVC web framework | | Tomcat - JSP/Servlet container | | iText - An open source PDF Java Library | | JDOM - JDOM XML Parser | | J2EE - A mailing list for Java(tm) 2 Platform, Enterprise Edition | | J2EE Pattern - An interest list for Sun Java Center J2EE Pattern Catalog | | Servlet - A mailing list for discussion about Sun Microsystem's Java Servlet API Technology | | JSP - A mailing list about Java Server Pages specification and reference | |
Struts & Hibernate
|
|
|
| | | SSL failure with some browsers - Access denied by access control list | SSL failure with some browsers - Access denied by access control list 2004-01-12 - By Bill Barker
Back
Copy the log4j-1.2.8.jar and commons-logging.jar to
$CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in
$CATALINA_HOME/server/classes with the logging level.
-- -- Original Message -- --
From: <Bruno.Melloni@(protected)>
To: <tomcat-user@(protected)>; <wbarker@(protected)>
Sent: Monday, January 12, 2004 9:24 AM
Subject: RE: SSL failure with some browsers - Access denied by access
control list
Bill,
Where do I find the place to set the debug level for
'org.apache.tomcat.net'?
I apologize for bugging you with this. I already searched the Tomcat docs,
the whole Tomcat 5.0 deployed tree, and the contents of the whole conf
directory (including server.xml) but could not find where Tomcat hides the
log4j config file (or for that matter even the commons-logging jar file!!!).
I know it must be somewhere since the server does actually log its messages,
but I can't find it.
I am familiar with log4j and my application uses it. My application has
log4j-1.2.8 in its lib directory and its own application-specific log4j
configuration file, and it all works wonderfully. Except of course, for the
usual annoying but innocuous well-known Tomcat bug (that no one knows how to
fix) about the "log4j:WARN No appenders could be found for logger
(org.apache.catalina.session.ManagerBase  )" message.
Bruno
-- --Original Message-- --
From: news [mailto:news@(protected)]On Behalf Of ext Bill Barker
Sent: Friday, January 09, 2004 9:33 PM
To: tomcat-user@(protected)
Subject: Re: SSL failure with some browsers - Access denied by access
control list
At a guess, those Mozilla versions don't support TLS, which is Tomcat's
default SSL protocol. Whatever it is, try turning up your commons-logging
debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty
of messages in your Tomcat logs to help you figure out why Tomcat doesn't
like Mozilla.
<Bruno.Melloni@(protected)> wrote in message
news:61C1CA24B8657047893FCF3570BC757D01EFB9CC@(protected)
Problem:
- Making any https call fails with the message "Forbidden. You were denied
access because: Access denied by access control list.".
- The failure happens even accessing https://<host>:8443/tomcat-docs, while
a regular http call succeeds.
- The failure happens with some browsers (i.e.: Mozilla) but now with others
(i.e.: Internet Explorer, and most versions of Netscape).
- The failure appears to only happen when accessing a server on a different
box than the one where the browser is running. It has not happened (so far)
on the same box as the client.
- The failure appears to happen with the Tomcat running on either Windows or
Solaris.
- The failure is not related to the JDK's Verisign Certificate issue
(expired Jan 7). It was happening in December, and it was not corrected by
JDK 1.4.2_03. Also, the certificates being used are self-signed according
to the Tomcat's default instructions.
Questions:
- Is this a configuration issue? Or is it a deeper problem with either
Tomcat or the browsers? I have not seen many postings out there on this
topic, so I assume (and hope) the problem is a dumb configuration snafu.
- Is there a know solution? I have not found any on the Tomcat archives, on
the Mozilla archives, or even after several exchanges with the Mozilla
support people.
- Is there any additional information I can provide that might shed some
light as to why this is happening?
Environment details:
- Tomcat version: 5.
- JDK version 1.4.2 (both _02 and _03).
- Mozilla versions failing (at least 1.4 and 1.5).
- IE version succeeding (at least 6.0)
- Netscape version succeeding (at least 4.5, 4.7, and I believe one of the
7.x versions).
server.xml:
(feel free to comment if you see something wrong even if unrelated)
<Server port="8105" shutdown="SHUTDOWN" debug="0">
<Listener className="org.apache.catalina.mbeans.ServerLifecycleListener "
debug="0"/>
<Listener
className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener "
debug="0"/>
<GlobalNamingResources>
<Environment name="simpleValue" type="java.lang.Integer " value="30"/>
<Resource name="UserDatabase" auth="Container"
type="org.apache.catalina.UserDatabase "
description="User database that can be updated and saved">
</Resource>
<ResourceParams name="UserDatabase">
<parameter>
<name>factory</name>
<value>org.apache.catalina.users.MemoryUserDatabaseFactory </value>
</parameter>
<parameter>
<name>pathname</name>
<value>conf/tomcat-users.xml</value>
</parameter>
</ResourceParams>
</GlobalNamingResources>
<Service name="Catalina">
<Connector port="8089"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" redirectPort="8443" acceptCount="100"
debug="0" connectionTimeout="20000"
disableUploadTimeout="true" />
<Connector port="8443"
maxThreads="150" minSpareThreads="25" maxSpareThreads="75"
enableLookups="false" disableUploadTimeout="true"
acceptCount="100" debug="0" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
<Connector port="8109"
enableLookups="false" redirectPort="8443" debug="0"
protocol="AJP/1.3" />
<Engine name="Catalina" defaultHost="localhost" debug="0">
<Logger className="org.apache.catalina.logger.FileLogger"
prefix="catalina_log." suffix=".txt"
timestamp="true"/>
<Realm className="org.apache.catalina.realm.UserDatabaseRealm "
debug="0" resourceName="UserDatabase"/>
<Host name="localhost" debug="0" appBase="webapps"
unpackWARs="true" autoDeploy="true"
xmlValidation="false" xmlNamespaceAware="false">
<Logger className="org.apache.catalina.logger.FileLogger"
directory="logs" prefix="localhost_log." suffix=".txt"
timestamp="true"/>
</Host>
</Engine>
</Service>
</Server>
Bruno Melloni
eBusiness Application Center, Americas
Nokia, Inc
6000 Connection Drive, Mailstop 4w223
Irving, TX 75039 USA
*Office: +1 (972)894-6120
*Cellular: +1 (469) 939-1067
* SMS: 4699391067@(protected)
* e-mail: bruno.melloni@(protected)
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
-- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ---- ------
To unsubscribe, e-mail: tomcat-user-unsubscribe@(protected)
For additional commands, e-mail: tomcat-user-help@(protected)
|
|
|
