Solved

tomcat authentication configuration

Posted on 2013-01-22
8
223 Views
Last Modified: 2013-02-06
Hi:

I am testing an application on my own pc and find that there are a few links from the soruce code are not displayed for me. I don't have the same problem when I run the application on the production server.

It seems to me the production server uses my windows login for authentication and grant me permission to these a few links on the web page, because when I try to open the web page, I am asked for userid and password. My login id is shown on the web page as well.

When I import the application under local tomcat and try to view the web page, I am not asked for my login. I find the login shown as "null" and these a few links are not displayed on the web page.

What is the easiest way to fix this issue? Thanks.
0
Comment
Question by:sdc248
  • 4
  • 4
8 Comments
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38810059
I would suggest going through the tomcat configuration on the production server and seing where your configuration differs, if both configurations are the same, it could be that there is configuration stored within the application that is specific to the production server, this could a connection to an AD server over LDAPS that you are blocked from accessing...
0
 

Author Comment

by:sdc248
ID: 38812416
I have found a web.xml and a dwr.xml file under WEB-INF folder. The web.xml file defines some <security-constraint> items that allow certain user groups in the company to access certain web pages.  After copy it under Root\WEB-INF folder of tomcat, I am now getting prompted for login information, but my totally legitimate login fails to pass.

So looks like my login will be authenticated by production server by looking up some personnel database?  Anyway I can change this configuration so I can test my project locally?

Thanks.
0
 
LVL 36

Expert Comment

by:ArneLovius
ID: 38812585
quite possibly, but the authentication method could be stored in a file or in a database.

if you are testing this application, are you not able to ask the developers ?
0
 

Author Comment

by:sdc248
ID: 38815152
The logins are verified using Active Directory.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 36

Expert Comment

by:ArneLovius
ID: 38815358
Authenticating against AD doesn't tell you how it authenticates against AD

Most authentication using AD as a backend is done with LDAP or LDAPS

Are you able to bind to AD LDAP from your computer, to test I would suggest the Apache Directory Studio.

It could however be using RADIUS, RADIUS requires that RADIUS client (in this case the server running tomcat) to be configured on the RADIUS server with a shared secret.
0
 

Author Comment

by:sdc248
ID: 38831930
I'd like to test to see if I could bind to AD LDAP from my local pc. Could you please elaborate more about how to do that, or provide a link to somewhere onlin perhaps? I have downloaded the Apache Directory Studio.

Thanks.
0
 
LVL 36

Accepted Solution

by:
ArneLovius earned 250 total points
ID: 38832449
Configure the DC name and the credentials to use...

Softerra LDAP browser is an alternative
0
 

Author Closing Comment

by:sdc248
ID: 38860274
I solved the problem by moving the project to another server, which for some reason authenciate correctly. Thank you for your help though I didn't have a chance to work it out.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Java Flight Recorder and Java Mission Control together create a complete tool chain to continuously collect low level and detailed runtime information enabling after-the-fact incident analysis. Java Flight Recorder is a profiling and event collectio…
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.
This video teaches viewers about errors in exception handling.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now