[Spacewalk-list] com.redhat.rhn.frontend.servlets.AuthFilter doesn't like CNAME
Steven Kohrs
skohrs at opensourceexperts.com
Mon Nov 29 23:49:06 UTC 2010
For almost two months, I've been trying to resolve an issue through Red Hat
Support for the Satellite 5.3 product. I'm hoping someone here can fill in
the final pieces of the puzzle that I've put together on my own. We have a
pair of Satellite servers, sharing a common Oracle database backend. The
problem is, we can log into the Web GUI if we access the servers by their
individual hostnames, i.e. https://satellite01.example.com or
https://satellite02.example.com. For failover purposes, we have a CNAME
that is updated to point to the primary or secondary server. Every time we
try to access the CNAME, https://satellite.example.com, we are redirected to
the login page, over and over again. All SSL certificates were re-generated
with the CN=satellite.example.com.
The catalina.log outputs are identical, until I hit the following section:
Here the AuthFilter accepts the hostname (https://satellite01.example.com)
HTTP request:
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.frontend.servlets.AuthFilter - ENTER AuthFilter.doFilter:
69.58.243.33 [Mon Nov 29 10:48:17 CST 2010] (/rhn/YourRhn.do)
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.allow_pxt_personalities
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: allow_pxt_personalities
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 0
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_1
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_1
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_2
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_2
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_3
2010-11-29 10:48:17,160 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_3
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_4
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_4
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.manager.session.SessionManager - recomputed
[07902b01e3ffd5a734d599a849bbb54b] cookiekey
[07902b01e3ffd5a734d599a849bbb54b]
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_database_lifetime
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_database_lifetime
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 3600
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.allow_pxt_personalities
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: allow_pxt_personalities
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 0
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_1
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_1
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:48:17,161 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_2
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_2
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_3
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_3
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_4
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_4
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: ssl_available
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: ssl_available
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 1
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getBoolean() - ssl_available is : 1
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getBoolean() - Returning true: 1
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_database_lifetime
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_database_lifetime
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:48:17,162 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 3600
2010-11-29 10:48:17,163 [TP-Processor3] DEBUG
org.apache.struts.util.ModuleUtils - Get module name for path /YourRhn.do
2010-11-29 10:48:17,163 [TP-Processor3] DEBUG
org.apache.struts.util.ModuleUtils - Module name found: default
2010-11-29 10:48:17,163 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Processing a 'GET' for path
'/YourRhn'
2010-11-29 10:48:17,163 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Looking for Action instance for
class com.redhat.rhn.frontend.action.YourRhnAction
2010-11-29 10:48:17,163 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Creating new Action instance
Here the AuthFilter doesn't accept the CNAME (https://satellite.example.com)
HTTP request:
2010-11-29 10:41:39,473 [TP-Processor3] DEBUG
com.redhat.rhn.frontend.servlets.AuthFilter - ENTER AuthFilter.doFilter:
69.58.243.33 [Mon Nov 29 10:41:39 CST 2010] (/rhn/YourRhn.do)
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.allow_pxt_personalities
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: allow_pxt_personalities
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 0
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: dc53916f7ea87d05837c13c3b73f108a
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_2
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_2
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 2b8eecf2f2a3e87a9c3ff6f9ed1046f7
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_3
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_3
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 7fbca0d06172b51b77fe78c083823cc1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_secret_4
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_secret_4
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: fa5b2b5832d2d529ba780cde13f53e13
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: ssl_available
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: ssl_available
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getBoolean() - ssl_available is : 1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getBoolean() - Returning true: 1
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() called
with: web.session_database_lifetime
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> Getting
property: session_database_lifetime
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() -> result:
null
2010-11-29 10:41:39,474 [TP-Processor3] DEBUG
com.redhat.rhn.common.conf.Config - getString() - getString() ->
returning: 3600
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.catalina.core.ApplicationDispatcher - servletPath=/ReLogin.do,
pathInfo=null, queryString=null, name=null
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.catalina.core.ApplicationDispatcher - Path Based Forward
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.util.ModuleUtils - Get module name for path /ReLogin.do
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.util.ModuleUtils - Module name found: default
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Processing a 'GET' for path
'/ReLogin'
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.util.RequestUtils - Looking for ActionForm bean instance
in scope 'request' under attribute key 'loginForm'
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.util.RequestUtils - Creating new DynaActionForm instance
of type 'org.apache.struts.action.DynaActionForm'
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.util.RequestUtils - -->
DynaActionForm[dynaClass=loginForm,username=,url_bounce=,password=]
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Storing ActionForm bean
instance in scope 'request' under attribute key 'loginForm'
2010-11-29 10:41:39,475 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Populating bean properties from
this request
2010-11-29 10:41:39,476 [TP-Processor3] DEBUG
org.apache.commons.beanutils.BeanUtils -
BeanUtils.populate(DynaActionForm[dynaClass=loginForm,username=,url_bounce=,password=],
{})
2010-11-29 10:41:39,476 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - Validating input form
properties
2010-11-29 10:41:39,476 [TP-Processor3] DEBUG
org.apache.struts.action.RequestProcessor - No errors detected, accepting
input
What configuration file or database table contains the server's hostname
which causes "authenticationService.validate((HttpServletRequest)request,
(HttpServletResponse)response)" to either succeed or fail? Can I solve this
with an Apache mod_rewrite rule?
I noticed the latest version of AuthFilter has quite a bit more code
surrounding the HTTP request validation, but I'm hoping I can get the
Satellite 5.3 version working.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/spacewalk-list/attachments/20101129/344685ae/attachment.htm>
More information about the Spacewalk-list
mailing list