Q: Does this need refactoring to eliminate jaas.config ref? -- DorothyJaneHoodValiga
- if you are in the process of AAA installation do not change configurations too fast, always clear cache and cookies in the browser and try again.
- is tomcat HTTP/1.1 connector enabled for port 80 (if you like i18n set URIEncoding="UTF-8")?
- check it by viewing http://my.host in your browser
- is tomcat enabled for SSL at port 443?
- check it by viewing https://my.host in your browser
- refer to conf/server.xml if not
- make sure you have a realm
defined in conf/server.xml
- the installation default is ok
- forget about JAASRealm for now, it's not ready - at least not easy - to join general OS login with JSPWiki authentication
- does tomcat and jspwiki reach the right keystore?
- check the keystore referenced in conf/server.xml SSL HTTP/1.1 connector to contain a tomcat alias
- e.g.: $>keytool -list -v -keystore /root/.keystore
- keytool can be found in .../jdk/jre/bin
- check the keystores referenced in conf/catalina.policy to contain a jspwiki alias
- check the JSPWiki.jar to be signed by the key aliased with jspwiki in your keystore
- e.g. $>jarsigner -verify -verbose -certs -keystore file:///root/.keystore JSPWiki.jar
- there have to be the letters "smk" in front of every class name
- check the keystore referenced in conf/server.xml SSL HTTP/1.1 connector to contain a tomcat alias
- make sure you have cookies enabled in your browser
- check conf/tomcat-user.xml to include the roles "Admin" and "Authenticated"
- check conf/tomcat-user.xml to define some users associated to roles "Admin" and/or "Authenticated"
- check property jspwiki.xmlUserDatabaseFile in webapps/<JSPWiki>/WEB-INF/jspwiki.properties to point to a good userdatabase.xml file
- the file has not to exist, it will be generated the first time it's used
- with container-managed authentication you're able to login upon the entries in conf/tomcat-users.xml
- check webapps/<JSPWiki>/WEB-INF/web.xml to have the comments removed that disable container-managed authentication otherwise
- check that you have a jaas-file in e.g. conf: e.g. conf/jaas.config
- you should copy webapps/<JSPWiki>/WEB-INF/jspwiki.jaas to conf/jaas.config for that purpose
- check that you've copied the content of webapps/<JSPWiki>/WEB-INF/jspwiki.policy at the end of conf/catalina.policy
- check that the runtime variables java.security.auth.login.config and java.security.policy are set prior to start of tomcat
- you can do that safely by enhancing the start script of tomcat (bin/startup.sh) by the top line
- export CATALINA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.config -Djava.security.policy=$CATALINA_HOME/conf/catalina.policy"
- if you define this variables elsewhere check whether you are allowed to use $CATALINA_HOME or you should supply the expanded path
- for Windows you have to use the Configure Tomcat tool that comes with tomcat
- you can do that safely by enhancing the start script of tomcat (bin/startup.sh) by the top line
- following startup of tomcat check catalina.log and jspwiki.log.
- there should be no stack dumps
- there should be no lines marked with ERROR (except one if the userdatabase.xml file is generated the first time)
- two lines should contain the words leaving it alone... enclosed in brackets
- if there is only one leaving it alone... chances are that the jspwiki.jaas (and jspwiki.jks?) of an older JSPWiki installation are paralleled with yours. Get them out of the way.
- if you still get the Login screen from your JSPWiki instead of the Main page, check webapps/<JSPWiki>/WEB-INF/jspwiki.properties not to contain two jspwiki.translatorReader.inlinePatternX with the same number X
- if you still get the Login screen from your JSPWiki instead of the Main page, please find out why and extend this checklist
--Rolf Schumacher, 20-Apr-2006
Add new attachment
Only authorized users are allowed to upload new attachments.