Migration Solutions for ColdFusion Applications to ASP.NET
      
New Atlanta Product Forums Profile | Search | Login | RSS
New Topic Reply   Previous Page  Page: 1   Next Page

Thread: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
Created on: 09/06/12 09:50 AM Replies: 5
JPerlmutter


Joined: 08/21/12
Posts: 8
401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/06/12 9:50 AM

Hi Gurus,

I am creating a test environment and am scratching my head, probalby due to lack of familiarity with ServletExec.

Here's the details:

Environment:
OS: Red Hat 6.3
WS: ASF Apache 2.2.22 (modified to be run by the built in apache user; uses port 80)
ServletExec 6.0.0.2_39 seemingly installed right

Detail:
Whenever I access a jsp, and only jsps, i get a "401 permission denied" error in the browser.
Servlet Exec log says:

[Thu Sep 06 09:35:16 EDT 2012] ServletExec: Initializing Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 09:35:16 EDT 2012] ServletExec: Initialized Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 09:35:16 EDT 2012] ServletExec: Initializing Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 09:35:16 EDT 2012] ServletExec: Initialized Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 09:35:16 EDT 2012] ServletExec 6.0.0.2_39 initialized in 00.46 seconds.

[Thu Sep 06 09:35:16 EDT 2012] ServletExec 6.0.0.2_39 was initialized with the following settings:

[Thu Sep 06 09:35:16 EDT 2012] port = 8888

[Thu Sep 06 09:35:16 EDT 2012] backlog = 50

[Thu Sep 06 09:35:16 EDT 2012] name = SMRH6.3x64.smtest.ca.com

[Thu Sep 06 09:35:16 EDT 2012] home = /opt/newatlanta/ServletExecAS/se-SMRH6.3x64.smtest.ca.com/

[Thu Sep 06 09:35:16 EDT 2012] log = /opt/newatlanta/ServletExecAS/se-SMRH6.3x64.smtest.ca.com/

[Thu Sep 06 09:35:16 EDT 2012] mimetypes = /opt/apache/conf/mime.types

[Thu Sep 06 09:35:16 EDT 2012] makeRealPathCallbacks = true

[Thu Sep 06 09:35:16 EDT 2012] useRealPathCache = true

[Thu Sep 06 09:35:16 EDT 2012] useRawRealPaths = false

[Thu Sep 06 09:35:16 EDT 2012] root = /opt/apache/htdocs/

[Thu Sep 06 09:35:16 EDT 2012] allow = 127.0.0.1, [0000:0000:0000:0000:0000:0000:0000:0001]

[Thu Sep 06 09:35:16 EDT 2012] adapter = native

[Thu Sep 06 09:35:16 EDT 2012] portBindTimeout = 15

[Thu Sep 06 09:35:16 EDT 2012]

[Thu Sep 06 09:35:16 EDT 2012] ServletExec is listening for adapter requests on IP [127.0.0.1] port 8888

[Thu Sep 06 09:35:37 EDT 2012] ServletExec: ERROR - no remoteUser field in info header.

[Thu Sep 06 09:35:37 EDT 2012] ServletExec: ERROR - no realPath field in info header.

[Thu Sep 06 09:35:37 EDT 2012] ServletExec: ERROR - no pathInfo field in info header.

[Thu Sep 06 09:35:37 EDT 2012] ServletExec: ERROR - bad info header: [127.0.0.1



127.0.0.1



-1



127.0.0.1



80



ServletExecAS



false







].

[Thu Sep 06 09:35:51 EDT 2012] ServletExec 6.0.0.2_39 is shutting down...

[Thu Sep 06 09:35:51 EDT 2012] ServletExec: Shutting down Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 09:35:51 EDT 2012] ServletExec: Shut down Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 09:35:51 EDT 2012] ServletExec: Shutting down Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 09:35:51 EDT 2012] ServletExec: Shut down Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 09:35:51 EDT 2012] ServletExec 6.0.0.2_39 shutdown complete in 00.00 seconds.



I'm really unsure of what to make of this and how the Servlet Exec log correlates to anything happening.

Could this 401 be related to Servlet Exec?
I was able to access the file, but not have a display prior to adding Servlet Exec...
Link | Top | Bottom
paulbonfanti


Joined: 10/04/07
Posts: 451
RE: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/06/12 12:27 PM

ServletExec has two components: a native module that runs under the Apache process and a separate java process.

The errors in ServletExec.log indicate one of the following:

1. You are sending requests directly to the ServletExec java process on port 8888. You should never do this. This port is only used to receive requests from the ServletExec native module.

or

2. You applied the java portion of the July 2010 hotfix but didn't apply the native module portion. In this case you should apply the native module portion as described in the bottom of the release notes for the hotfix. The hotfixes are at:

http://www.newatlanta.com/c/products/servletexec/download/hotfix/showHotfixes
Paul Bonfanti, New Atlanta
Link | Top | Bottom
JPerlmutter


Joined: 08/21/12
Posts: 8
RE: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/06/12 12:52 PM

Hi Paul,

definitely the second option. I renamed the original files with ".orig" then placed in the patch, but I know i did nothing with a .so file. I do not see that in the patch kit. I am going to take a guess that I have to build it.

After reading your update i did the following:

1: Renamed the /opt/apache/modules/mod_servletexec.so to /opt/apache/modules/mod_servletexec.so.orig

2: ran /opt/apache/bin/apxs -n servletexec -i -a -c -D XP_UNIX /opt/newatlanta/ServletExecAS/bin/mod_servletexec.c from /opt/apache/modules

this had an error. i rechecked files and realized i should use the 22 one.
so i reran it with this modification:

/opt/apache/bin/apxs -n servletexec -i -a -c -D XP_UNIX /opt/newatlanta/ServletExecAS/bin/mod_servletexec22.c


and i still get forbidden, and this time the log has less details. Am I past Servlet Exec now?

[Thu Sep 06 12:50:11 EDT 2012] ServletExec: Initializing Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 12:50:11 EDT 2012] ServletExec: Initialized Session Tracking for virtual server - default, application - default-app

[Thu Sep 06 12:50:11 EDT 2012] ServletExec: Initializing Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 12:50:11 EDT 2012] ServletExec: Initialized Session Tracking for virtual server - default, application - servletexec

[Thu Sep 06 12:50:11 EDT 2012] ServletExec 6.0.0.2_39 initialized in 00.46 seconds.

[Thu Sep 06 12:50:11 EDT 2012] ServletExec 6.0.0.2_39 was initialized with the following settings:

[Thu Sep 06 12:50:11 EDT 2012] port = 8888

[Thu Sep 06 12:50:11 EDT 2012] backlog = 50

[Thu Sep 06 12:50:11 EDT 2012] name = SMRH6.3x64.smtest.ca.com

[Thu Sep 06 12:50:11 EDT 2012] home = /opt/newatlanta/ServletExecAS/se-SMRH6.3x64.smtest.ca.com/

[Thu Sep 06 12:50:11 EDT 2012] log = /opt/newatlanta/ServletExecAS/se-SMRH6.3x64.smtest.ca.com/

[Thu Sep 06 12:50:11 EDT 2012] mimetypes = /opt/apache/conf/mime.types

[Thu Sep 06 12:50:11 EDT 2012] makeRealPathCallbacks = true

[Thu Sep 06 12:50:11 EDT 2012] useRealPathCache = true

[Thu Sep 06 12:50:11 EDT 2012] useRawRealPaths = false

[Thu Sep 06 12:50:11 EDT 2012] root = /opt/apache/htdocs/

[Thu Sep 06 12:50:11 EDT 2012] allow = 127.0.0.1, [0000:0000:0000:0000:0000:0000:0000:0001]

[Thu Sep 06 12:50:11 EDT 2012] adapter = native

[Thu Sep 06 12:50:11 EDT 2012] portBindTimeout = 15

[Thu Sep 06 12:50:11 EDT 2012]

[Thu Sep 06 12:50:11 EDT 2012] ServletExec is listening for adapter requests on IP [127.0.0.1] port 8888
Link | Top | Bottom
JPerlmutter


Joined: 08/21/12
Posts: 8
RE: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/06/12 12:57 PM

more detail: Apache Log
(i think this is saying it's something in the apache configuration, but i'm not sure what... would you like a copy of that?)

Apache Error Log said:
[Thu Sep 06 12:50:11 2012] [notice] Apache/2.2.22 (Unix) configured -- resuming normal operations
[Thu Sep 06 12:50:35 2012] [error] [client 127.0.0.1] client denied by server configuration: /transpolar, referer: http://smrh6.3x64.smtest.ca.com/transpolar/employee/StaticTest.html
[Thu Sep 06 12:50:37 2012] [error] [client 127.0.0.1] client denied by server configuration: /transpolar, referer: http://smrh6.3x64.smtest.ca.com/transpolar/employee/StaticTest.html
[Thu Sep 06 12:50:38 2012] [error] [client 127.0.0.1] client denied by server configuration: /transpolar, referer: http://smrh6.3x64.smtest.ca.com/transpolar/employee/StaticTest.html
[Thu Sep 06 12:51:56 2012] [error] [client 127.0.0.1] client denied by server configuration: /transpolar, referer: http://smrh6.3x64.smtest.ca.com/transpolar/employee/StaticTest.html
[Thu Sep 06 12:51:57 2012] [error] [client 127.0.0.1] client denied by server configuration: /transpolar, referer: http://smrh6.3x64.smtest.ca.com/transpolar/employee/StaticTest.html
Link | Top | Bottom
paulbonfanti


Joined: 10/04/07
Posts: 451
RE: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/07/12 4:10 PM

Yes it sounds like something in your apache config is denying requests from 127.0.0.1. I'd do a google search on this or post to an Apache forum.
Paul Bonfanti, New Atlanta
Link | Top | Bottom
JPerlmutter


Joined: 08/21/12
Posts: 8
RE: 401: Permission Denied with ServletExec 6.0.0.2_39 and Apache 2.2.22 on RHEL 6.3
09/10/12 7:51 AM

in case someoen else hits these two issues, this is what resolved the apache side, though it's not the most secure, ad there is probably a better solution.

look for:
httpd.conf said:
#
# Each directory to which Apache has access can be configured with respect
# to which services and features are allowed and/or disabled in that
# directory (and its subdirectories).
#
# First, we configure the "default" to be a very restrictive set of
# features.
#

Options FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
and change Deny to Allow so you have your directory directive looking like

Options FollowSymLinks
AllowOverride None
Order deny,allow
Allow from all


Note: all my web pages exist under the /<path/to/install>/htdocs/ folder
Link | Top | Bottom

New Post
Please login to post a response.


company media information terms of use privacy policy contact us
This page was dynamically built on the BlueDragon CFML Engine