Open alamakih opened 5 years ago
Anything interesting logged?
These are the only parts logged that caught my eye.
INFO: Starting Servlet Engine: Apache Tomcat/9.0.7
Oct 31, 2018 11:12:33 AM org.apache.catalina.startup.ContextConfig getDefaultWebXmlFragment
INFO: No global web.xml found
11:12:34 DEBUG START: context=/Maintenance, pipeline: StandardPipeline[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Maintenance]] #438760853
11:12:34 DEBUG valves:
11:12:34 DEBUG NonLoginAuthenticator[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Maintenance]] #1170152270
11:12:34 DEBUG StandardContextValve[StandardEngine[Catalina].StandardHost[localhost].StandardContext[/Maintenance]] #278898914
If anyone has a minimal project to reproduce this, please share.
This is also happening in Gretty v3.04. In my case, I'm using Tomcat 9 and need to set up a DataSourceRealm so that the users are read from a DB. I came up with a working configuration that runs as expected when I deploy the WAR file in an external Tomcat instance but running the app with Gretty gives me the Tomcat's 503 error page instead of the configured login page when I try to access a secured page.
I looked at the docs and found that there's a section about Tomcat security realms. Here is described how to set up a MemoryRealm, which is backed by a tomcat-users.xml
file. I gave it a try so I commented out my DataSourceRealm and followed the instructions on that web page which basically consists on adding realm 'auth'
to the gretty configuration in build.gradle
and adding a tomcat-users.xml
with a couple users in my project's root dir (since this is one of the default locations). That done, everything worked as expected. The next step was to figure out how to make it work with the DataSourceRealm.
What I did next was to uncomment my DataSourceRealm in my local context file and removed the tomcat-users.xml
file since I don't need it, right? The result was: I got Tomcat's 503 error page again when trying to access a secured resource. Then, after scratching my head for a while, I put the tomcat-users.xml
file back and 🎉 everything started to work. The users are read from the DataSourceRealm and not from the tomcat-users.xml
though. I think this is misleading behavior (probably an issue) since, if there's a tomcat-users.xml
file, the normal expectation would be, imo, that those users are the ones available.
Last thing I tried was to remove realm 'auth'
from gretty config in build.gradle
but keeping the tomcat-users.xml
file and, to my surprise, the DataSourceRealm kept working. So, it seems that the tomcat-users.xml
is being used as a decide factor for whether setting up a Realm. This seems and issue to me and also seems to me that documentation could be improved. I don't really think we should provide a tomcat-users.xml
file for enabling the usage of a different Realm.
Hope this helps @alamakih @javabrett
@arcesino - thanks for the detailed report. I see that tomcat-users.xml
is mentioned a few times in ProjectUtils.groovy and especially concerning some realms. Perhaps that's why you observe this behavior?
In any case, a PR for updating the documentation and/or fixing the issue will be appreciated. :)
I have a webapp with Form-Based Authentication configured in web.xml and gretty configured to use tomcat9 with a
serverConfigFile
whereRealm
is configured.The the app works fine when run from war on normal tomcat install, but when started with gretty's tomcat, trying to load a secured page shows only a blank page (or browser's own 403 page on chrome). Non-secured pages work as intended.
Gretty version is 2.2.0