Grouper Developers Forum

[Owen Cliffe <>]

Hi, I've just started testing with grouper 1.3.0 RC1 and I've been
experiencing a problem with tomcat auth which has got me scratching my
head.

For now I'm using HTTP basic auth with the standard "grouper_user" role,
which comes from an LDAP group via a  JNDI realm,  I'm using tomcat 5.5.20.

In 1.2.1 this worked fine, but now I get a "You are not authorised to
use Grouper." error without being prompted for basic auth.

I have the following (standard, I think) security setup in my web.core.xml:
<security-constraint>
                <web-resource-collection>
                        <web-resource-name>Grouper 
Application</web-resource-name>
                        <url-pattern>/login.do</url-pattern>
                </web-resource-collection>
                <auth-constraint>
                        <!-- NOTE:  This role is not present in the default 
users file -->
                        <role-name>grouper_user</role-name>
                </auth-constraint>
        </security-constraint>

        <!-- Define the Login Configuration for this Application -->
        <login-config>
                <auth-method>BASIC</auth-method>
                <realm-name>Grouper Application</realm-name>
        </login-config>

        <!-- Security roles referenced by this web application -->
        <security-role>
                <description>
                        The role that is required to log in to the Manager
                        Application
                </description>
                <role-name>grouper_user</role-name>
        </security-role>

and the following in my tomcat-context.xml
<Context path="@deploy.context.path@" docBase="@deploy.docbase@"
        debug="0" privileged="false" reloadable="false" swallowOutput="true">

        <Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"
                connectionURL="ldap://nuldap.bath.ac.uk:389";
                userPattern="uid={0},ou=people,o=bath.ac.uk"
                roleBase="ou=groups,o=bath.ac.uk" roleName="cn"
                roleSearch="(member={0})" />

</Context>

I don't see any errors in the tomcat output, or in the grouper logs.

Any suggestions?
(grouper-ui/build.properties attached)
--Owen
-- 
Owen Cliffe                    Systems & Networks Administrator
Bath University Computer Services            University of Bath
Tel: 01225 386047
#You can override the default browse stem, however, you must ensure that the 
stem
#exists by creating it using the Grouper API
default.browse.stem=bath

#If you want to save your debug preferences, set debug.prefs.dir to an 
existing directory 
#on you system, where the user Tomcat runs as, has write privilege
#debug.prefs.dir=c:/delete

#If you want a unique ticket to be displayed on the error page,set 
error.ticket=true
#error.ticket=true

#Sets value in media.properties. Note that Grouper cannot guarantee that
#ending the session will log the user out of your authentication system!!!
logout.link.show=false

#Switches to UI specific log4j.properties
#use.local.log4j=true

#Make sure directory exists!
#local.log4j.output-dir=c:/tomcat_5-5/logs/

#If you want to email errors append to grouper_mail - only works with 
use.local.log4j=true
error.append=grouper_log
#error.append=grouper_log,grouper_mail
#Change to valid email addresses


#Change to a valid smtp server
error.mail.host=mailhost.bath.ac.uk
error.mail.threshold=ERROR
error.mail.buffer-size=100
error.mail.subject=Grouper UI Error

#The Grouper UI requires an instance of the Grouper API. This can be a binary 
distribution
#or a source distribution which has had the 'dist' ant target run.
#If a java/src directory is present the Grouper UI ant html task will create 
combined
#Javadoc for the UI and the API
grouper.folder=../grouper

#uncomment and correct path for subject.folder if you want to generate 
Subject API
#Javadoc in with Grouper Javadoc
#subject.folder=C:/delete/subject-2005-07-11/subject

#If you are making changes to the API, make sure to uncomment 
grouper.compile.api=true
#grouper.folder must be set to a source distribution
#grouper.compile.api=true
ui.folder=${basedir}

#Determines the name of the web application
webapp.name=grouper

#Where to build
dist.home=${basedir}/../dist
default.webapp.folder=${basedir}/../build/${webapp.name}
default.webapp.folder.cleanable=true

#You could insr=tead build in situ - see comments in build.xml
#default.webapp.folder=${basedir}/webapp
#default.webapp.folder.cleanable=false


#add an additonal build file to incorporate site specific changes
#additional.build=${basedir}/../bath-grouper-ui/additional-build.xml

#For development keep these if you want to be able to debug the UI Java source
debug=true
debug.level=lines,vars,source

########################################################
#You can provide an additional build file which sets 'webapp.folder' so you 
can build
#to an appropriate location. This provides a way of overriding the 
'default.webapp.folder'
#specified above. The build file could present a choice of locations. You 
must output a file
#called choice.properties and set the property webapp.folder
########################################################
#webapp.choose.build=

##################################################################
#The grouper UI has only been tested with tomcat 4.1x and 5.5. The following 
properties allow stopping and starting
#of the grouper webapp and determine if and where a grouper.xml (context.xml 
format) is copied
##################################################################

####Url for Tomcat manager
#deploy.manager.url=http://localhost:8080/manager

####Who to authenticate as
#deploy.manager.username=<local user name>
#deploy.manager.password=<password>

####Web application context - as seen by end user
deploy.context.path=/${webapp.name}

####Root of Tomcat installation
#deploy.home=c:/tomcat_4-1-18


####Name of context xml file - this will be copied to META-INF and possibly 
to tomcat webapps directory
####Look at template-tomcat-context.xml for example - you can copy this and 
adjust 
deploy.context.xml=tomcat-context.xml

####Where to copy the context xml - note that the location for Tomcat 5-5 
depends on server.xml settings
####Setting this value lets the build script automatically install your 
webapp on a local Tomcat instance 
#deploy.context.dir=c:/tomcat_4-1-18/webapps
#deploy.context.dir=c:/Tomcat_5-5/conf/Catalina/localhost