Tomcat 9 Valve Causing Server Start Failure

六月ゝ 毕业季﹏ 提交于 2019-12-08 03:45:36

问题


I have written a custom tomcat valve to parse HTTP headers and use them to authenticate. The valve works by extending AuthenticatorBase. I compiled it and placed it in $CATALINA_HOME/lib. Here is code:


    public class TomcatLogin extends AuthenticatorBase {

        private String[] roleNames = null;
        private String ivcreds = null;
        private String ivuser = null;
        private String ivgroups = null;
        private GenericPrincipal principal = null;

        // Constructor defers to super class (Authenticator base)
        public TomcatLogin(){
            super();
        }

        protected boolean doAuthenticate(Request request, HttpServletResponse response)
        {
            List<String> groupsList = null;

            System.out.println("Obtaining Headers from Request");
            try {
                ivuser = request.getHeader("iv-user");
                ivcreds = request.getHeader("iv-creds");
                ivgroups = request.getHeader("iv-groups");
            } catch(Exception e) {
                e.printStackTrace();
            }

            // Require all header credentials for proper authentication
            if(ivuser == null || ivcreds == null || ivgroups == null)
                return false;

            // Split ivgroups by comma seporated value
            // Then remove head and tail quotation marks
            roleNames = ivgroups.split(",");
            for(int i=0; i<roleNames.length; i++){
                roleNames[i] = roleNames[i].substring(1, roleNames[i].length()-1 );
                groupsList.add(roleNames[i]);
            }

            principal = new GenericPrincipal(ivuser, ivcreds, groupsList);
            request.setUserPrincipal(principal);

            return true;
        }

        public String getAuthMethod() {
            return "HTTPAuthenticator";
        }

    }

I then tell Tomcat to use the valve in the server.xml. The documentation for extending AuthenticatorBase says When this class is utilized, the Context to which it is attached (or a parent Container in a hierarchy) must have an associated Realm that can be used for authenticating users and enumerating the roles to which they have been assigned. I thought I had configured it correctly, but it throws and error and Tomcat fails to start. Here is the server.xml config:


    <?xml version="1.0" encoding="UTF-8"?>
    ...
      <Server>
        <Service name="Catalina">
          <Engine name="Catalina" defaultHost="localhost">
            <Realm className="org.apache.catalina.realm.LockOutRealm">
              <Realm className="org.apache.catalina.realm.UserDatabaseRealm" 
                     resourceName="UserDatabase"/>
            </Realm>

            <!-- Here is my valve -->
            <Valve className="package.of.my.custom.valve.TomcatLogin" />

            <Host ... >
               ...
            </Host>
          </Engine>
        </Service>
      </Server>

And here is the Error message I am getting:

10-Jan-2019 10:11:03.576 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
 java.lang.reflect.InvocationTargetException
... A bunch of useless stacktrace
Caused by: java.lang.IllegalArgumentException: Configuration error:  Must be attached to a Context at org.apache.catalina.authenticator.AuthenticatorBase.setContainer(AuthenticatorBase.java:278)
at org.apache.catalina.core.StandardPipeline.addValve(StandardPipeline.java:335)
at org.apache.catalina.core.ContainerBase.addValve(ContainerBase.java:1133)
    ... 27 more

10-Jan-2019 10:11:03.579 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (107, 82) : Configuration error:  Must be attached to a Context
10-Jan-2019 10:11:03.579 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.

I think my valve is written correctly, so my guess is that the issue is in the configuration. Not sure why it is not getting a context to attach to. Any ideas?

Edit: I tried putting the valve in my app's META-INF/context.xml (I had to make one since there wasn't one to begin with). Here it is:

<?xml version="1.0"?>
<Context>
    <Valve className="package.of.my.custom.valve.TomcatLogin" />
</Context>

The server then start, but it fails to deploy any of the applications. I am getting similar error to an IBM valve which I originally tried to use over this custom implementation where it cannot find the AuthenticatorBase class from catalina.jar. Here are the SEVERE errors I am getting:

    10-Jan-2019 15:34:06.673 SEVERE [main] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
    org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample-DB]]
...
Stacktrace info
...
        at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:441)
    Caused by: java.lang.ExceptionInInitializerError
        at org.apache.tomcat.util.digester.Digester.startDocument(Digester.java:1102)
    Caused by: java.lang.NullPointerException
        at java.nio.charset.Charset.put(Charset.java:538)
...
Stacktrace
...
    10-Jan-2019 15:34:06.688 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/fmac/deploy/sample.war] has finished in [11] ms
    10-Jan-2019 15:34:06.689 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/fmac/deploy/sample-auth.war]
    10-Jan-2019 15:34:06.692 SEVERE [main] org.apache.tomcat.util.digester.Digester.startElement Begin event threw error
    java.lang.NoClassDefFoundError: org/apache/catalina/authenticator/AuthenticatorBase
...
Stacktrace
The Error Below is the most confusing one. How can it not find this class?
...
    Caused by: java.lang.ClassNotFoundException: org.apache.catalina.authenticator.AuthenticatorBase
        at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
...
Stacktrace
...
    10-Jan-2019 15:34:13.823 SEVERE [https-jsse-nio2-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error processing request
    java.lang.NoClassDefFoundError: Could not initialize class
org.apache.tomcat.util.buf.B2CConverter
        at org.apache.catalina.connector.CoyoteAdapter.convertURI(CoyoteAdapter.java:1072)

回答1:


Put your <Valve> inside of your <Context> element. That should usually be within a META-INF/context.xml file in your web application and not in conf/server.xml.




回答2:


So I was finally able to find out what the issues were. We have a custom tomcat implementation, part of which involves appending the classpath in the java command. For some reason, some of the database drivers that were being used caused the Tomcat to fail to find any of the libraries in CATALINA_HOME/lib. I'm running inside a Docker container and this was some old vestigial stuff from a VM version. We ended up just having to toss those drivers out.

Not really sure why they would completely override the base lib/ directory, but at least these errors when away and I was actually able to use the pre-built authenticator I had instead of fine tuning this custom one.



来源:https://stackoverflow.com/questions/54132227/tomcat-9-valve-causing-server-start-failure

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!