Tomcat 9 阀门导致服务器启动失败
Tomcat 9 Valve Causing Server Start Failure
我编写了一个自定义 tomcat 阀来解析 HTTP headers 并使用它们进行身份验证。该阀通过扩展 AuthenticatorBase 来工作。我编译它并把它放在$CATALINA_HOME/lib中。这是代码:
public class TomcatLogin extends AuthenticatorBase {
private String[] roleNames = null;
private String ivcreds = null;
private String ivuser = null;
private String ivgroups = null;
private GenericPrincipal principal = null;
// Constructor defers to super class (Authenticator base)
public TomcatLogin(){
super();
}
protected boolean doAuthenticate(Request request, HttpServletResponse response)
{
List<String> groupsList = null;
System.out.println("Obtaining Headers from Request");
try {
ivuser = request.getHeader("iv-user");
ivcreds = request.getHeader("iv-creds");
ivgroups = request.getHeader("iv-groups");
} catch(Exception e) {
e.printStackTrace();
}
// Require all header credentials for proper authentication
if(ivuser == null || ivcreds == null || ivgroups == null)
return false;
// Split ivgroups by comma seporated value
// Then remove head and tail quotation marks
roleNames = ivgroups.split(",");
for(int i=0; i<roleNames.length; i++){
roleNames[i] = roleNames[i].substring(1, roleNames[i].length()-1 );
groupsList.add(roleNames[i]);
}
principal = new GenericPrincipal(ivuser, ivcreds, groupsList);
request.setUserPrincipal(principal);
return true;
}
public String getAuthMethod() {
return "HTTPAuthenticator";
}
}
然后我告诉 Tomcat 使用 server.xml 中的阀门。用于扩展 AuthenticatorBase 的 documentation 表示 当使用此 class 时,它所附加的上下文(或层次结构中的 parent 容器)必须具有关联的领域可用于对用户进行身份验证并枚举分配给他们的角色。我以为我已经正确配置了它,但它抛出错误并且 Tomcat 无法启动。这是 server.xml 配置:
<?xml version="1.0" encoding="UTF-8"?>
...
<Server>
<Service name="Catalina">
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<!-- Here is my valve -->
<Valve className="package.of.my.custom.valve.TomcatLogin" />
<Host ... >
...
</Host>
</Engine>
</Service>
</Server>
这是我收到的错误消息:
10-Jan-2019 10:11:03.576 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
java.lang.reflect.InvocationTargetException
... A bunch of useless stacktrace
Caused by: java.lang.IllegalArgumentException: Configuration error: Must be attached to a Context at org.apache.catalina.authenticator.AuthenticatorBase.setContainer(AuthenticatorBase.java:278)
at org.apache.catalina.core.StandardPipeline.addValve(StandardPipeline.java:335)
at org.apache.catalina.core.ContainerBase.addValve(ContainerBase.java:1133)
... 27 more
10-Jan-2019 10:11:03.579 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (107, 82) : Configuration error: Must be attached to a Context
10-Jan-2019 10:11:03.579 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.
我认为我的阀门写得正确,所以我猜测问题出在配置上。不知道为什么它没有得到附加的上下文。有什么想法吗?
编辑:
我试着把阀门放在我的应用程序的 META-INF/context.xml 中(我不得不制作一个,因为没有一个可以开始)。这是:
<?xml version="1.0"?>
<Context>
<Valve className="package.of.my.custom.valve.TomcatLogin" />
</Context>
服务器随即启动,但无法部署任何应用程序。我遇到了与我最初尝试在此自定义实现上使用的 IBM 阀类似的错误,它无法从 catalina.jar 中找到 AuthenticatorBase class。这是我遇到的 SEVERE 个错误:
10-Jan-2019 15:34:06.673 SEVERE [main] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample-DB]]
...
Stacktrace info
...
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:441)
Caused by: java.lang.ExceptionInInitializerError
at org.apache.tomcat.util.digester.Digester.startDocument(Digester.java:1102)
Caused by: java.lang.NullPointerException
at java.nio.charset.Charset.put(Charset.java:538)
...
Stacktrace
...
10-Jan-2019 15:34:06.688 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/fmac/deploy/sample.war] has finished in [11] ms
10-Jan-2019 15:34:06.689 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/fmac/deploy/sample-auth.war]
10-Jan-2019 15:34:06.692 SEVERE [main] org.apache.tomcat.util.digester.Digester.startElement Begin event threw error
java.lang.NoClassDefFoundError: org/apache/catalina/authenticator/AuthenticatorBase
...
Stacktrace
The Error Below is the most confusing one. How can it not find this class?
...
Caused by: java.lang.ClassNotFoundException: org.apache.catalina.authenticator.AuthenticatorBase
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
...
Stacktrace
...
10-Jan-2019 15:34:13.823 SEVERE [https-jsse-nio2-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error processing request
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.tomcat.util.buf.B2CConverter
at org.apache.catalina.connector.CoyoteAdapter.convertURI(CoyoteAdapter.java:1072)
将 <Valve> 放在 <Context> 元素中。这通常应该在您的网络应用程序的 META-INF/context.xml 文件中,而不是在 conf/server.xml.
中
所以我终于能够找出问题所在。我们有一个自定义的 tomcat 实现,其中一部分涉及在 java 命令中附加类路径。出于某种原因,某些正在使用的数据库驱动程序导致 Tomcat 无法在 CATALINA_HOME/lib 中找到任何库。我在 Docker 容器中 运行,这是 VM 版本中一些旧的残留物。我们最终不得不扔掉那些
司机下车。
不太确定为什么他们会完全覆盖基础 lib/ 目录,但至少在离开时出现这些错误,我实际上能够使用我拥有的 pre-built 身份验证器而不是微调它定制一个。
我编写了一个自定义 tomcat 阀来解析 HTTP headers 并使用它们进行身份验证。该阀通过扩展 AuthenticatorBase 来工作。我编译它并把它放在$CATALINA_HOME/lib中。这是代码:
public class TomcatLogin extends AuthenticatorBase {
private String[] roleNames = null;
private String ivcreds = null;
private String ivuser = null;
private String ivgroups = null;
private GenericPrincipal principal = null;
// Constructor defers to super class (Authenticator base)
public TomcatLogin(){
super();
}
protected boolean doAuthenticate(Request request, HttpServletResponse response)
{
List<String> groupsList = null;
System.out.println("Obtaining Headers from Request");
try {
ivuser = request.getHeader("iv-user");
ivcreds = request.getHeader("iv-creds");
ivgroups = request.getHeader("iv-groups");
} catch(Exception e) {
e.printStackTrace();
}
// Require all header credentials for proper authentication
if(ivuser == null || ivcreds == null || ivgroups == null)
return false;
// Split ivgroups by comma seporated value
// Then remove head and tail quotation marks
roleNames = ivgroups.split(",");
for(int i=0; i<roleNames.length; i++){
roleNames[i] = roleNames[i].substring(1, roleNames[i].length()-1 );
groupsList.add(roleNames[i]);
}
principal = new GenericPrincipal(ivuser, ivcreds, groupsList);
request.setUserPrincipal(principal);
return true;
}
public String getAuthMethod() {
return "HTTPAuthenticator";
}
}
然后我告诉 Tomcat 使用 server.xml 中的阀门。用于扩展 AuthenticatorBase 的 documentation 表示 当使用此 class 时,它所附加的上下文(或层次结构中的 parent 容器)必须具有关联的领域可用于对用户进行身份验证并枚举分配给他们的角色。我以为我已经正确配置了它,但它抛出错误并且 Tomcat 无法启动。这是 server.xml 配置:
<?xml version="1.0" encoding="UTF-8"?>
...
<Server>
<Service name="Catalina">
<Engine name="Catalina" defaultHost="localhost">
<Realm className="org.apache.catalina.realm.LockOutRealm">
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase"/>
</Realm>
<!-- Here is my valve -->
<Valve className="package.of.my.custom.valve.TomcatLogin" />
<Host ... >
...
</Host>
</Engine>
</Service>
</Server>
这是我收到的错误消息:
10-Jan-2019 10:11:03.576 SEVERE [main] org.apache.tomcat.util.digester.Digester.endElement End event threw exception
java.lang.reflect.InvocationTargetException
... A bunch of useless stacktrace
Caused by: java.lang.IllegalArgumentException: Configuration error: Must be attached to a Context at org.apache.catalina.authenticator.AuthenticatorBase.setContainer(AuthenticatorBase.java:278)
at org.apache.catalina.core.StandardPipeline.addValve(StandardPipeline.java:335)
at org.apache.catalina.core.ContainerBase.addValve(ContainerBase.java:1133)
... 27 more
10-Jan-2019 10:11:03.579 WARNING [main] org.apache.catalina.startup.Catalina.load Catalina.start using conf/server.xml: Error at (107, 82) : Configuration error: Must be attached to a Context
10-Jan-2019 10:11:03.579 SEVERE [main] org.apache.catalina.startup.Catalina.start Cannot start server. Server instance is not configured.
我认为我的阀门写得正确,所以我猜测问题出在配置上。不知道为什么它没有得到附加的上下文。有什么想法吗?
编辑:
我试着把阀门放在我的应用程序的 META-INF/context.xml 中(我不得不制作一个,因为没有一个可以开始)。这是:
<?xml version="1.0"?>
<Context>
<Valve className="package.of.my.custom.valve.TomcatLogin" />
</Context>
服务器随即启动,但无法部署任何应用程序。我遇到了与我最初尝试在此自定义实现上使用的 IBM 阀类似的错误,它无法从 catalina.jar 中找到 AuthenticatorBase class。这是我遇到的 SEVERE 个错误:
10-Jan-2019 15:34:06.673 SEVERE [main] org.apache.catalina.core.ContainerBase.addChildInternal ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/sample-DB]]
...
Stacktrace info
...
at org.apache.catalina.util.LifecycleBase.handleSubClassException(LifecycleBase.java:441)
Caused by: java.lang.ExceptionInInitializerError
at org.apache.tomcat.util.digester.Digester.startDocument(Digester.java:1102)
Caused by: java.lang.NullPointerException
at java.nio.charset.Charset.put(Charset.java:538)
...
Stacktrace
...
10-Jan-2019 15:34:06.688 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deployment of web application archive [/fmac/deploy/sample.war] has finished in [11] ms
10-Jan-2019 15:34:06.689 INFO [main] org.apache.catalina.startup.HostConfig.deployWAR Deploying web application archive [/fmac/deploy/sample-auth.war]
10-Jan-2019 15:34:06.692 SEVERE [main] org.apache.tomcat.util.digester.Digester.startElement Begin event threw error
java.lang.NoClassDefFoundError: org/apache/catalina/authenticator/AuthenticatorBase
...
Stacktrace
The Error Below is the most confusing one. How can it not find this class?
...
Caused by: java.lang.ClassNotFoundException: org.apache.catalina.authenticator.AuthenticatorBase
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
...
Stacktrace
...
10-Jan-2019 15:34:13.823 SEVERE [https-jsse-nio2-8443-exec-3] org.apache.coyote.http11.Http11Processor.service Error processing request
java.lang.NoClassDefFoundError: Could not initialize class
org.apache.tomcat.util.buf.B2CConverter
at org.apache.catalina.connector.CoyoteAdapter.convertURI(CoyoteAdapter.java:1072)
将 <Valve> 放在 <Context> 元素中。这通常应该在您的网络应用程序的 META-INF/context.xml 文件中,而不是在 conf/server.xml.
所以我终于能够找出问题所在。我们有一个自定义的 tomcat 实现,其中一部分涉及在 java 命令中附加类路径。出于某种原因,某些正在使用的数据库驱动程序导致 Tomcat 无法在 CATALINA_HOME/lib 中找到任何库。我在 Docker 容器中 运行,这是 VM 版本中一些旧的残留物。我们最终不得不扔掉那些
司机下车。
不太确定为什么他们会完全覆盖基础 lib/ 目录,但至少在离开时出现这些错误,我实际上能够使用我拥有的 pre-built 身份验证器而不是微调它定制一个。