Q: Does this need refactoring to eliminate jaas.config ref? -- DorothyJaneHoodValiga


  1. if you are in the process of AAA installation do not change configurations too fast, always clear cache and cookies in the browser and try again.
  2. is tomcat HTTP/1.1 connector enabled for port 80 (if you like i18n set URIEncoding="UTF-8")?
    1. check it by viewing http://my.host in your browser
  3. is tomcat enabled for SSL at port 443?
    1. check it by viewing https://my.host in your browser
    2. refer to conf/server.xml if not
  4. make sure you have a realm defined in conf/server.xml
    1. the installation default is ok
    2. forget about JAASRealm for now, it's not ready - at least not easy - to join general OS login with JSPWiki authentication
  5. does tomcat and jspwiki reach the right keystore?
    1. check the keystore referenced in conf/server.xml SSL HTTP/1.1 connector to contain a tomcat alias
      1. e.g.: $>keytool -list -v -keystore /root/.keystore
      2. keytool can be found in .../jdk/jre/bin
    2. check the keystores referenced in conf/catalina.policy to contain a jspwiki alias
    3. check the JSPWiki.jar to be signed by the key aliased with jspwiki in your keystore
      1. e.g. $>jarsigner -verify -verbose -certs -keystore file:///root/.keystore JSPWiki.jar
      2. there have to be the letters "smk" in front of every class name
  6. make sure you have cookies enabled in your browser
  7. check conf/tomcat-user.xml to include the roles "Admin" and "Authenticated"
  8. check conf/tomcat-user.xml to define some users associated to roles "Admin" and/or "Authenticated"
  9. check property jspwiki.xmlUserDatabaseFile in webapps/<JSPWiki>/WEB-INF/jspwiki.properties to point to a good userdatabase.xml file
    1. the file has not to exist, it will be generated the first time it's used
    2. with container-managed authentication you're able to login upon the entries in conf/tomcat-users.xml
  10. check webapps/<JSPWiki>/WEB-INF/web.xml to have the comments removed that disable container-managed authentication otherwise
  11. check that you have a jaas-file in e.g. conf: e.g. conf/jaas.config
    1. you should copy webapps/<JSPWiki>/WEB-INF/jspwiki.jaas to conf/jaas.config for that purpose
  12. check that you've copied the content of webapps/<JSPWiki>/WEB-INF/jspwiki.policy at the end of conf/catalina.policy
  13. check that the runtime variables java.security.auth.login.config and java.security.policy are set prior to start of tomcat
    1. you can do that safely by enhancing the start script of tomcat (bin/startup.sh) by the top line
      1. export CATALINA_OPTS="-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas.config -Djava.security.policy=$CATALINA_HOME/conf/catalina.policy"
      2. if you define this variables elsewhere check whether you are allowed to use $CATALINA_HOME or you should supply the expanded path
      3. for Windows you have to use the Configure Tomcat tool that comes with tomcat
  14. following startup of tomcat check catalina.log and jspwiki.log.
    1. there should be no stack dumps
    2. there should be no lines marked with ERROR (except one if the userdatabase.xml file is generated the first time)
    3. two lines should contain the words leaving it alone... enclosed in brackets
      1. if there is only one leaving it alone... chances are that the jspwiki.jaas (and jspwiki.jks?) of an older JSPWiki installation are paralleled with yours. Get them out of the way.
  15. if you still get the Login screen from your JSPWiki instead of the Main page, check webapps/<JSPWiki>/WEB-INF/jspwiki.properties not to contain two jspwiki.translatorReader.inlinePatternX with the same number X
  16. if you still get the Login screen from your JSPWiki instead of the Main page, please find out why and extend this checklist

--Rolf Schumacher, 20-Apr-2006

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-12) was last changed on 02-Jun-2009 19:45 by DorothyJaneHoodValiga