Problems with Orbeon after Apache RSA Authentication module enabled

> Just when we were getting ready to deploy a system, they decided to  
> install an RSA Authentication module on our Apache server that is  
> preventing all of my Orbeon actions from working.   My Orbeon pages  
> come up fine but most if not all of the actions no longer respond.    
> The orbeon.log file contains the following error:
>
> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server -  
> Received request
> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission -  
> xforms-submit-error throwable:  
> org.orbeon.oxf.xforms.XFormsModelSubmission
> $XFormsSubmissionException: line 24 of oxf:/config/xforms-
> widgets.xsl (processing instance replacement): Body received with  
> non-XML media type for replace="instance": text/html
> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received  
> with non-XML media type for replace="instance": text/html
>
> I'm guessing it's the apache server asking tomcat to authenticate.  
> We had a related problem when we first tried to use a self signed  
> SSL certificate and the xforms-controls example would die but at  
> least you could see the exception from the web browser but this  
> time, we get the following Orbeon error on the web browser.
>
> Fatal error: The element type "img" must be terminated by the  
> matching end-tag "</img>".
>
> The callstack says it's trying to get https://ourhost/orbeon/xforms-controls/services/countries
>
> If they disable the RSA authentication then everything works fine  
> via SSL but they really want to lock things down.
> Is there a way to get Tomcat and/or Orbeon to not use apache when  
> it's doing a "service" call back into itself?  Looks like it's using  
> <hostname> instead of localhost.
>
>
> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)  
> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat 6.0.18.
>
> claude
>
>
> --
> You receive this message as a subscriber of the [hidden email]  
> mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws

> Claude,
>
> If you want the request to go to localhost, you'd have to put
> http://localhost... explicitly in your URL. Otherwise, Orbeon Forms
> will take relative URLs relative to the URL used for the request. I
> would try to figure out what goes wrong with this request. Try this:
>
> 1. In config/log4j.xml, uncomment the category for XFormsServer.
> 2. Add the following to your properties-local.xml:
>     <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>         value="document event action submission submission-details
>         submission-body server server-body control html"/>
> 3. Restart Tomcat, and try the submission again.
>
> This time you should have much more information in the log, and in
> particular the body of the response should be logged. (In development
> mode, I just leave this high level of debugging always on.) I am
> hoping that this will help you see what is wrong.
>
> Alex
>
>
>
> On Jan 13, 2010, at 1:50 PM, claude felizardo
> <[hidden email]> wrote:
>
>> Just when we were getting ready to deploy a system, they decided to
>> install an RSA Authentication module on our Apache server that is
>> preventing all of my Orbeon actions from working.   My Orbeon pages
>> come up fine but most if not all of the actions no longer respond.  
>> The orbeon.log file contains the following error:
>>
>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server -
>> Received request
>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission -
>> xforms-submit-error throwable:
>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException:
>> line 24 of oxf:/config/xforms-widgets.xsl (processing instance
>> replacement): Body received with non-XML media type for
>> replace="instance": text/html
>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received
>> with non-XML media type for replace="instance": text/html
>>
>> I'm guessing it's the apache server asking tomcat to authenticate.  
>> We had a related problem when we first tried to use a self signed SSL
>> certificate and the xforms-controls example would die but at least
>> you could see the exception from the web browser but this time, we
>> get the following Orbeon error on the web browser.
>>
>> Fatal error: The element type "img" must be terminated by the
>> matching end-tag "</img>".
>>
>> The callstack says it's trying to get
>> https://ourhost/orbeon/xforms-controls/services/countries
>>
>> If they disable the RSA authentication then everything works fine via
>> SSL but they really want to lock things down.
>> Is there a way to get Tomcat and/or Orbeon to not use apache when
>> it's doing a "service" call back into itself?  Looks like it's using
>> <hostname> instead of localhost.
>>
>>
>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat 6.0.18.
>>
>> claude
>

> Is there not a global setting for this?   It might not have been clear
> in my initial email but I'm getting exceptions even with the
> xforms-controls example:
>
> 2010-01-14 13:38:29,936 INFO  ProcessorService  - /xforms-controls/ -
> Received request
> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at line
> 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries
> org.orbeon.oxf.common.ValidationException: line 124, column 3 of
> https://MYHOST/ksas/xforms-controls/services/countries: Fatal error:
> The element type "img" must be terminated by the matching end-tag
> "</img>".
> https://MYHOST/ksas/xforms-controls/services/countries, line 124,
> column 3: Fatal error: The element type "img" must be terminated by
> the matching end-tag "</img>".
>        at
> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:342)
>        at
> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>
>        at
> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:351)
>
>        at
> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
>
>        at
> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1459)
>
> ...
> where MYHOST is the fully qualified name of the apache/tomcat server.
>
> Per your suggestion I tried to enable the logging on my development
> machine before sending the request the sysadmin group to modify the
> I&T machine and while I was able to modify config/log4j.xml and see
> more debugging info, when I added the property to my
> properties-local.xml file then orbeon failed to startup.  I get a 404
> resource not available.  If I change xs:NMTOKENS to xs:string, then
> everything comes up fine.  Is there something else I need to enable?  
> Looking at the orbeon.log, about the only thing I notice is the
> following:
>
> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  - System
> property java.protocol.handler.pkgs has not been updated.
>
> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  - Setting
> java.protocol.handler.pkgs to org.exist.protocolhandler.protocols
>
> The first line is if I use xs:string, the 2nd line is if I use
> xs:NMTOKENS.
>
> Again, I'm just trying to execute one of the xforms examples.
> Actually, I have two servlet instances of orbeon running under
> tomcat.  One called orbeon which is my development instance and
> another one that uses the ops name and the one that I modified with
> your debug instructions is not coming up but orbeon instance which was
> not modified is coming up fine.  So the NMTOKENS is definitely causing
> a problem.
>
> oh, looks like xforms-hello works fine with RSA enabled but
> xforms-controls does not.  xforms-bookcast, xforms-todo,  all that i
> tried work fine, it's just xforms-controls and of course my
> application that don't work.   ah, xforms-cart is failing as well with
> the same error about a non-XML media type.  What is it that
> xforms-controls and xforms-cart have in common that is not used by the
> others?
>
>
> claude
>
>
> Alessandro Vernet wrote:
>> Claude,
>>
>> If you want the request to go to localhost, you'd have to put
>> http://localhost... explicitly in your URL. Otherwise, Orbeon Forms
>> will take relative URLs relative to the URL used for the request. I
>> would try to figure out what goes wrong with this request. Try this:
>>
>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>> 2. Add the following to your properties-local.xml:
>>     <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>         value="document event action submission submission-details
>>         submission-body server server-body control html"/>
>> 3. Restart Tomcat, and try the submission again.
>>
>> This time you should have much more information in the log, and in
>> particular the body of the response should be logged. (In development
>> mode, I just leave this high level of debugging always on.) I am
>> hoping that this will help you see what is wrong.
>>
>> Alex
>>
>>
>>
>> On Jan 13, 2010, at 1:50 PM, claude felizardo
>> <[hidden email]> wrote:
>>
>>> Just when we were getting ready to deploy a system, they decided to
>>> install an RSA Authentication module on our Apache server that is
>>> preventing all of my Orbeon actions from working.   My Orbeon pages
>>> come up fine but most if not all of the actions no longer respond.  
>>> The orbeon.log file contains the following error:
>>>
>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server -
>>> Received request
>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission -
>>> xforms-submit-error throwable:
>>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException:
>>> line 24 of oxf:/config/xforms-widgets.xsl (processing instance
>>> replacement): Body received with non-XML media type for
>>> replace="instance": text/html
>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received
>>> with non-XML media type for replace="instance": text/html
>>>
>>> I'm guessing it's the apache server asking tomcat to authenticate.  
>>> We had a related problem when we first tried to use a self signed
>>> SSL certificate and the xforms-controls example would die but at
>>> least you could see the exception from the web browser but this
>>> time, we get the following Orbeon error on the web browser.
>>>
>>> Fatal error: The element type "img" must be terminated by the
>>> matching end-tag "</img>".
>>>
>>> The callstack says it's trying to get
>>> https://ourhost/orbeon/xforms-controls/services/countries
>>>
>>> If they disable the RSA authentication then everything works fine
>>> via SSL but they really want to lock things down.
>>> Is there a way to get Tomcat and/or Orbeon to not use apache when
>>> it's doing a "service" call back into itself?  Looks like it's using
>>> <hostname> instead of localhost.
>>>
>>>
>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat 6.0.18.
>>>
>>> claude
>>
>
>
>

> Sorry, I forgot to clarify my concern.  While I can look into  
> changing our application to prefix localhost on all of our  
> submissions, what if I use something that triggers a submission  
> within orbeon that doesn't have the localhost prefix.  Won't it just  
> die at that point?
>
> Now here's a thought.  What if we setup a a proxy server that  
> forwards to the tomcat http port?  Would tomcat contact itself on  
> the "internal" port or would it still use the apache port?
>
> claude
>
>
> claude felizardo wrote:
>> Is there not a global setting for this? It might not have been  
>> clear in my initial email but I'm getting exceptions even with the  
>> xforms-controls example:
>>
>> 2010-01-14 13:38:29,936 INFO  ProcessorService  - /xforms-controls/  
>> - Received request
>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at line  
>> 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries
>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries: 
>>  Fatal error: The element type "img" must be terminated by the  
>> matching end-tag "</img>".
>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,  
>> column 3: Fatal error: The element type "img" must be terminated by  
>> the matching end-tag "</img>".
>>       at org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError
>> (XMLUtils.java:342)
>>       at orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError
>> (ErrorHandlerWrapper.java:178)
>>       at orbeon.apache.xerces.impl.XMLErrorReporter.reportError
>> (XMLErrorReporter.java:351)
>>       at orbeon.apache.xerces.impl.XMLErrorReporter.reportError
>> (XMLErrorReporter.java:281)
>>       at orbeon.apache.xerces.impl.XMLScanner.reportFatalError
>> (XMLScanner.java:1459)
>> ...
>> where MYHOST is the fully qualified name of the apache/tomcat server.
>>
>> Per your suggestion I tried to enable the logging on my development  
>> machine before sending the request the sysadmin group to modify the  
>> I&T machine and while I was able to modify config/log4j.xml and see  
>> more debugging info, when I added the property to my properties-
>> local.xml file then orbeon failed to startup.  I get a 404 resource  
>> not available.  If I change xs:NMTOKENS to xs:string, then  
>> everything comes up fine.  Is there something else I need to  
>> enable?  Looking at the orbeon.log, about the only thing I notice  
>> is the following:
>>
>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  -  
>> System property java.protocol.handler.pkgs has not been updated.
>>
>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  -  
>> Setting java.protocol.handler.pkgs to  
>> org.exist.protocolhandler.protocols
>>
>> The first line is if I use xs:string, the 2nd line is if I use  
>> xs:NMTOKENS.
>>
>> Again, I'm just trying to execute one of the xforms examples.
>> Actually, I have two servlet instances of orbeon running under  
>> tomcat.  One called orbeon which is my development instance and  
>> another one that uses the ops name and the one that I modified with  
>> your debug instructions is not coming up but orbeon instance which  
>> was not modified is coming up fine.  So the NMTOKENS is definitely  
>> causing a problem.
>>
>> oh, looks like xforms-hello works fine with RSA enabled but xforms-
>> controls does not.  xforms-bookcast, xforms-todo,  all that i tried  
>> work fine, it's just xforms-controls and of course my application  
>> that don't work.   ah, xforms-cart is failing as well with the same  
>> error about a non-XML media type.  What is it that xforms-controls  
>> and xforms-cart have in common that is not used by the others?
>>
>>
>> claude
>>
>>
>> Alessandro Vernet wrote:
>>> Claude,
>>>
>>> If you want the request to go to localhost, you'd have to put http://localhost 
>>> ... explicitly in your URL. Otherwise, Orbeon Forms will take  
>>> relative URLs relative to the URL used for the request. I would  
>>> try to figure out what goes wrong with this request. Try this:
>>>
>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>> 2. Add the following to your properties-local.xml:
>>>    <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>        value="document event action submission submission-details
>>>        submission-body server server-body control html"/>
>>> 3. Restart Tomcat, and try the submission again.
>>>
>>> This time you should have much more information in the log, and in  
>>> particular the body of the response should be logged. (In  
>>> development mode, I just leave this high level of debugging always  
>>> on.) I am hoping that this will help you see what is wrong.
>>>
>>> Alex
>>>
>>>
>>>
>>> On Jan 13, 2010, at 1:50 PM, claude felizardo <[hidden email]
>>> > wrote:
>>>
>>>> Just when we were getting ready to deploy a system, they decided  
>>>> to install an RSA Authentication module on our Apache server that  
>>>> is preventing all of my Orbeon actions from working.   My Orbeon  
>>>> pages come up fine but most if not all of the actions no longer  
>>>> respond.   The orbeon.log file contains the following error:
>>>>
>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server  
>>>> - Received request
>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission  
>>>> - xforms-submit-error throwable:  
>>>> org.orbeon.oxf.xforms.XFormsModelSubmission
>>>> $XFormsSubmissionException: line 24 of oxf:/config/xforms-
>>>> widgets.xsl (processing instance replacement): Body received with  
>>>> non-XML media type for replace="instance": text/html
>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received  
>>>> with non-XML media type for replace="instance": text/html
>>>>
>>>> I'm guessing it's the apache server asking tomcat to  
>>>> authenticate.  We had a related problem when we first tried to  
>>>> use a self signed SSL certificate and the xforms-controls example  
>>>> would die but at least you could see the exception from the web  
>>>> browser but this time, we get the following Orbeon error on the  
>>>> web browser.
>>>>
>>>> Fatal error: The element type "img" must be terminated by the  
>>>> matching end-tag "</img>".
>>>>
>>>> The callstack says it's trying to get https://ourhost/orbeon/xforms-controls/services/countries
>>>>
>>>> If they disable the RSA authentication then everything works fine  
>>>> via SSL but they really want to lock things down.
>>>> Is there a way to get Tomcat and/or Orbeon to not use apache when  
>>>> it's doing a "service" call back into itself?  Looks like it's  
>>>> using <hostname> instead of localhost.
>>>>
>>>>
>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)  
>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat  
>>>> 6.0.18.
>>>>
>>>> claude
>>>
>>
>>
>>
>
>
> --
> You receive this message as a subscriber of the [hidden email]  
> mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws

> Claude,
>
> If you setup a proxy between Apache and Tomcat, then Tomcat will most
> likely see the request coming from the proxy and contact the proxy.
> This would give you:
>
> Apache on HTTPS -> Proxy on HTTP -> Tomcat on HTTP
>
> But if the problem is caused by the self-signed cert on Apache, why
> not just use a real cert? Alternatively you can put that self-signed
> cert in a truststore on the Tomcat box.
>
> Alex
>
>
>
> On Jan 14, 2010, at 4:46 PM, claude felizardo
> <[hidden email]> wrote:
>
>> Sorry, I forgot to clarify my concern.  While I can look into
>> changing our application to prefix localhost on all of our
>> submissions, what if I use something that triggers a submission
>> within orbeon that doesn't have the localhost prefix.  Won't it just
>> die at that point?
>>
>> Now here's a thought.  What if we setup a a proxy server that
>> forwards to the tomcat http port?  Would tomcat contact itself on the
>> "internal" port or would it still use the apache port?
>>
>> claude
>>
>>
>> claude felizardo wrote:
>>> Is there not a global setting for this? It might not have been clear
>>> in my initial email but I'm getting exceptions even with the
>>> xforms-controls example:
>>>
>>> 2010-01-14 13:38:29,936 INFO  ProcessorService  - /xforms-controls/
>>> - Received request
>>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at line
>>> 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries
>>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of
>>> https://MYHOST/ksas/xforms-controls/services/countries: Fatal error:
>>> The element type "img" must be terminated by the matching end-tag
>>> "</img>".
>>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,
>>> column 3: Fatal error: The element type "img" must be terminated by
>>> the matching end-tag "</img>".
>>>       at
>>> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:342)
>>>       at
>>> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>>>
>>>       at
>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:351)
>>>
>>>       at
>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
>>>
>>>       at
>>> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1459)
>>>
>>> ...
>>> where MYHOST is the fully qualified name of the apache/tomcat server.
>>>
>>> Per your suggestion I tried to enable the logging on my development
>>> machine before sending the request the sysadmin group to modify the
>>> I&T machine and while I was able to modify config/log4j.xml and see
>>> more debugging info, when I added the property to my
>>> properties-local.xml file then orbeon failed to startup.  I get a
>>> 404 resource not available.  If I change xs:NMTOKENS to xs:string,
>>> then everything comes up fine.  Is there something else I need to
>>> enable?  Looking at the orbeon.log, about the only thing I notice is
>>> the following:
>>>
>>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  - System
>>> property java.protocol.handler.pkgs has not been updated.
>>>
>>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  -
>>> Setting java.protocol.handler.pkgs to
>>> org.exist.protocolhandler.protocols
>>>
>>> The first line is if I use xs:string, the 2nd line is if I use
>>> xs:NMTOKENS.
>>>
>>> Again, I'm just trying to execute one of the xforms examples.
>>> Actually, I have two servlet instances of orbeon running under
>>> tomcat.  One called orbeon which is my development instance and
>>> another one that uses the ops name and the one that I modified with
>>> your debug instructions is not coming up but orbeon instance which
>>> was not modified is coming up fine.  So the NMTOKENS is definitely
>>> causing a problem.
>>>
>>> oh, looks like xforms-hello works fine with RSA enabled but
>>> xforms-controls does not.  xforms-bookcast, xforms-todo,  all that i
>>> tried work fine, it's just xforms-controls and of course my
>>> application that don't work.   ah, xforms-cart is failing as well
>>> with the same error about a non-XML media type.  What is it that
>>> xforms-controls and xforms-cart have in common that is not used by
>>> the others?
>>>
>>>
>>> claude
>>>
>>>
>>> Alessandro Vernet wrote:
>>>> Claude,
>>>>
>>>> If you want the request to go to localhost, you'd have to put
>>>> http://localhost... explicitly in your URL. Otherwise, Orbeon Forms
>>>> will take relative URLs relative to the URL used for the request. I
>>>> would try to figure out what goes wrong with this request. Try this:
>>>>
>>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>>> 2. Add the following to your properties-local.xml:
>>>>    <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>>        value="document event action submission submission-details
>>>>        submission-body server server-body control html"/>
>>>> 3. Restart Tomcat, and try the submission again.
>>>>
>>>> This time you should have much more information in the log, and in
>>>> particular the body of the response should be logged. (In
>>>> development mode, I just leave this high level of debugging always
>>>> on.) I am hoping that this will help you see what is wrong.
>>>>
>>>> Alex
>>>>
>>>>
>>>>
>>>> On Jan 13, 2010, at 1:50 PM, claude felizardo
>>>> <[hidden email]> wrote:
>>>>
>>>>> Just when we were getting ready to deploy a system, they decided
>>>>> to install an RSA Authentication module on our Apache server that
>>>>> is preventing all of my Orbeon actions from working.   My Orbeon
>>>>> pages come up fine but most if not all of the actions no longer
>>>>> respond.   The orbeon.log file contains the following error:
>>>>>
>>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server -
>>>>> Received request
>>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission
>>>>> - xforms-submit-error throwable:
>>>>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException:
>>>>> line 24 of oxf:/config/xforms-widgets.xsl (processing instance
>>>>> replacement): Body received with non-XML media type for
>>>>> replace="instance": text/html
>>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received
>>>>> with non-XML media type for replace="instance": text/html
>>>>>
>>>>> I'm guessing it's the apache server asking tomcat to
>>>>> authenticate.  We had a related problem when we first tried to use
>>>>> a self signed SSL certificate and the xforms-controls example
>>>>> would die but at least you could see the exception from the web
>>>>> browser but this time, we get the following Orbeon error on the
>>>>> web browser.
>>>>>
>>>>> Fatal error: The element type "img" must be terminated by the
>>>>> matching end-tag "</img>".
>>>>>
>>>>> The callstack says it's trying to get
>>>>> https://ourhost/orbeon/xforms-controls/services/countries
>>>>>
>>>>> If they disable the RSA authentication then everything works fine
>>>>> via SSL but they really want to lock things down.
>>>>> Is there a way to get Tomcat and/or Orbeon to not use apache when
>>>>> it's doing a "service" call back into itself?  Looks like it's
>>>>> using <hostname> instead of localhost.
>>>>>
>>>>>
>>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat 6.0.18.
>>>>>
>>>>> claude
>>>>
>>>
>>>
>>>
>

> Sorry, I forgot to explain what the RSA authentication module does  
> with Apache.  It implements a 2 factor challenge - the user has to  
> supply both a user name and a passcode which includes a 4 digit  
> secret PIN and a 6 digit one time use "random" number which is  
> displayed on a key-fob device that is synced with the server.    
> Because it's interactive, there's no way that Tomcat can deal with  
> this.
>
> The self-signed cert problem I had several months ago was indeed  
> solved by purchasing a real cert and was installed properly.  What  
> they are doing to me know is adding the RSA authentication module on  
> top of it all.
>
> So if the proxy server is out any other suggestions?   Will i have  
> to change all of the submits in orbeon to specifically say localhost?
>
> claude
>
> Alessandro Vernet wrote:
>> Claude,
>>
>> If you setup a proxy between Apache and Tomcat, then Tomcat will  
>> most likely see the request coming from the proxy and contact the  
>> proxy. This would give you:
>>
>> Apache on HTTPS -> Proxy on HTTP -> Tomcat on HTTP
>>
>> But if the problem is caused by the self-signed cert on Apache, why  
>> not just use a real cert? Alternatively you can put that self-
>> signed cert in a truststore on the Tomcat box.
>>
>> Alex
>>
>>
>>
>> On Jan 14, 2010, at 4:46 PM, claude felizardo <[hidden email]
>> > wrote:
>>
>>> Sorry, I forgot to clarify my concern.  While I can look into  
>>> changing our application to prefix localhost on all of our  
>>> submissions, what if I use something that triggers a submission  
>>> within orbeon that doesn't have the localhost prefix.  Won't it  
>>> just die at that point?
>>>
>>> Now here's a thought.  What if we setup a a proxy server that  
>>> forwards to the tomcat http port?  Would tomcat contact itself on  
>>> the "internal" port or would it still use the apache port?
>>>
>>> claude
>>>
>>>
>>> claude felizardo wrote:
>>>> Is there not a global setting for this? It might not have been  
>>>> clear in my initial email but I'm getting exceptions even with  
>>>> the xforms-controls example:
>>>>
>>>> 2010-01-14 13:38:29,936 INFO  ProcessorService  - /xforms-
>>>> controls/ - Received request
>>>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at  
>>>> line 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries
>>>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries: 
>>>>  Fatal error: The element type "img" must be terminated by the  
>>>> matching end-tag "</img>".
>>>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,  
>>>> column 3: Fatal error: The element type "img" must be terminated  
>>>> by the matching end-tag "</img>".
>>>>      at org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError
>>>> (XMLUtils.java:342)
>>>>      at orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError
>>>> (ErrorHandlerWrapper.java:178)
>>>>      at orbeon.apache.xerces.impl.XMLErrorReporter.reportError
>>>> (XMLErrorReporter.java:351)
>>>>      at orbeon.apache.xerces.impl.XMLErrorReporter.reportError
>>>> (XMLErrorReporter.java:281)
>>>>      at orbeon.apache.xerces.impl.XMLScanner.reportFatalError
>>>> (XMLScanner.java:1459)
>>>> ...
>>>> where MYHOST is the fully qualified name of the apache/tomcat  
>>>> server.
>>>>
>>>> Per your suggestion I tried to enable the logging on my  
>>>> development machine before sending the request the sysadmin group  
>>>> to modify the I&T machine and while I was able to modify config/
>>>> log4j.xml and see more debugging info, when I added the property  
>>>> to my properties-local.xml file then orbeon failed to startup.  I  
>>>> get a 404 resource not available.  If I change xs:NMTOKENS to  
>>>> xs:string, then everything comes up fine.  Is there something  
>>>> else I need to enable?  Looking at the orbeon.log, about the only  
>>>> thing I notice is the following:
>>>>
>>>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  -  
>>>> System property java.protocol.handler.pkgs has not been updated.
>>>>
>>>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  -  
>>>> Setting java.protocol.handler.pkgs to  
>>>> org.exist.protocolhandler.protocols
>>>>
>>>> The first line is if I use xs:string, the 2nd line is if I use  
>>>> xs:NMTOKENS.
>>>>
>>>> Again, I'm just trying to execute one of the xforms examples.
>>>> Actually, I have two servlet instances of orbeon running under  
>>>> tomcat.  One called orbeon which is my development instance and  
>>>> another one that uses the ops name and the one that I modified  
>>>> with your debug instructions is not coming up but orbeon instance  
>>>> which was not modified is coming up fine.  So the NMTOKENS is  
>>>> definitely causing a problem.
>>>>
>>>> oh, looks like xforms-hello works fine with RSA enabled but  
>>>> xforms-controls does not.  xforms-bookcast, xforms-todo,  all  
>>>> that i tried work fine, it's just xforms-controls and of course  
>>>> my application that don't work.   ah, xforms-cart is failing as  
>>>> well with the same error about a non-XML media type.  What is it  
>>>> that xforms-controls and xforms-cart have in common that is not  
>>>> used by the others?
>>>>
>>>>
>>>> claude
>>>>
>>>>
>>>> Alessandro Vernet wrote:
>>>>> Claude,
>>>>>
>>>>> If you want the request to go to localhost, you'd have to put http://localhost 
>>>>> ... explicitly in your URL. Otherwise, Orbeon Forms will take  
>>>>> relative URLs relative to the URL used for the request. I would  
>>>>> try to figure out what goes wrong with this request. Try this:
>>>>>
>>>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>>>> 2. Add the following to your properties-local.xml:
>>>>>   <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>>>       value="document event action submission submission-details
>>>>>       submission-body server server-body control html"/>
>>>>> 3. Restart Tomcat, and try the submission again.
>>>>>
>>>>> This time you should have much more information in the log, and  
>>>>> in particular the body of the response should be logged. (In  
>>>>> development mode, I just leave this high level of debugging  
>>>>> always on.) I am hoping that this will help you see what is wrong.
>>>>>
>>>>> Alex
>>>>>
>>>>>
>>>>>
>>>>> On Jan 13, 2010, at 1:50 PM, claude felizardo <[hidden email]
>>>>> > wrote:
>>>>>
>>>>>> Just when we were getting ready to deploy a system, they  
>>>>>> decided to install an RSA Authentication module on our Apache  
>>>>>> server that is preventing all of my Orbeon actions from  
>>>>>> working.   My Orbeon pages come up fine but most if not all of  
>>>>>> the actions no longer respond.   The orbeon.log file contains  
>>>>>> the following error:
>>>>>>
>>>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-
>>>>>> server - Received request
>>>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms -  
>>>>>> submission - xforms-submit-error throwable:  
>>>>>> org.orbeon.oxf.xforms.XFormsModelSubmission
>>>>>> $XFormsSubmissionException: line 24 of oxf:/config/xforms-
>>>>>> widgets.xsl (processing instance replacement): Body received  
>>>>>> with non-XML media type for replace="instance": text/html
>>>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body  
>>>>>> received with non-XML media type for replace="instance": text/
>>>>>> html
>>>>>>
>>>>>> I'm guessing it's the apache server asking tomcat to  
>>>>>> authenticate.  We had a related problem when we first tried to  
>>>>>> use a self signed SSL certificate and the xforms-controls  
>>>>>> example would die but at least you could see the exception from  
>>>>>> the web browser but this time, we get the following Orbeon  
>>>>>> error on the web browser.
>>>>>>
>>>>>> Fatal error: The element type "img" must be terminated by the  
>>>>>> matching end-tag "</img>".
>>>>>>
>>>>>> The callstack says it's trying to get https://ourhost/orbeon/xforms-controls/services/countries
>>>>>>
>>>>>> If they disable the RSA authentication then everything works  
>>>>>> fine via SSL but they really want to lock things down.
>>>>>> Is there a way to get Tomcat and/or Orbeon to not use apache  
>>>>>> when it's doing a "service" call back into itself?  Looks like  
>>>>>> it's using <hostname> instead of localhost.
>>>>>>
>>>>>>
>>>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)  
>>>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat  
>>>>>> 6.0.18.
>>>>>>
>>>>>> claude
>>>>>
>>>>
>>>>
>>>>
>>
>
>
> --
> You receive this message as a subscriber of the [hidden email]  
> mailing list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws

> Claude,
>
> I now better understand what type of authentication / security
> infrastructure you have on the Apache server. Using a proxy might
> work, but I have never done this and it will make your deployment more
> complicated. The oxf.url-rewriting.service.base-uri property might be
> just what you are looking for. See:
>
> http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties/configuration-properties-base#TOC-URL-rewriting 
>
>
> This is something that we added fairly recently, so you'll need a
> nightly build for this. Do you think that this could work for you?
>
> Alex
>
> On Jan 14, 2010, at 10:07 PM, Claude Felizardo
> <[hidden email]> wrote:
>
>> Sorry, I forgot to explain what the RSA authentication module does
>> with Apache.  It implements a 2 factor challenge - the user has to
>> supply both a user name and a passcode which includes a 4 digit
>> secret PIN and a 6 digit one time use "random" number which is
>> displayed on a key-fob device that is synced with the server.  
>> Because it's interactive, there's no way that Tomcat can deal with this.
>>
>> The self-signed cert problem I had several months ago was indeed
>> solved by purchasing a real cert and was installed properly.  What
>> they are doing to me know is adding the RSA authentication module on
>> top of it all.
>>
>> So if the proxy server is out any other suggestions?   Will i have to
>> change all of the submits in orbeon to specifically say localhost?
>>
>> claude
>>
>> Alessandro Vernet wrote:
>>> Claude,
>>>
>>> If you setup a proxy between Apache and Tomcat, then Tomcat will
>>> most likely see the request coming from the proxy and contact the
>>> proxy. This would give you:
>>>
>>> Apache on HTTPS -> Proxy on HTTP -> Tomcat on HTTP
>>>
>>> But if the problem is caused by the self-signed cert on Apache, why
>>> not just use a real cert? Alternatively you can put that self-signed
>>> cert in a truststore on the Tomcat box.
>>>
>>> Alex
>>>
>>>
>>>
>>> On Jan 14, 2010, at 4:46 PM, claude felizardo
>>> <[hidden email]> wrote:
>>>
>>>> Sorry, I forgot to clarify my concern.  While I can look into
>>>> changing our application to prefix localhost on all of our
>>>> submissions, what if I use something that triggers a submission
>>>> within orbeon that doesn't have the localhost prefix.  Won't it
>>>> just die at that point?
>>>>
>>>> Now here's a thought.  What if we setup a a proxy server that
>>>> forwards to the tomcat http port?  Would tomcat contact itself on
>>>> the "internal" port or would it still use the apache port?
>>>>
>>>> claude
>>>>
>>>>
>>>> claude felizardo wrote:
>>>>> Is there not a global setting for this? It might not have been
>>>>> clear in my initial email but I'm getting exceptions even with the
>>>>> xforms-controls example:
>>>>>
>>>>> 2010-01-14 13:38:29,936 INFO  ProcessorService  -
>>>>> /xforms-controls/ - Received request
>>>>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at
>>>>> line 124, column 3 of
>>>>> https://MYHOST/ksas/xforms-controls/services/countries
>>>>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of
>>>>> https://MYHOST/ksas/xforms-controls/services/countries: Fatal
>>>>> error: The element type "img" must be terminated by the matching
>>>>> end-tag "</img>".
>>>>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,
>>>>> column 3: Fatal error: The element type "img" must be terminated
>>>>> by the matching end-tag "</img>".
>>>>>      at
>>>>> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:342)
>>>>>
>>>>>      at
>>>>> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>>>>>
>>>>>      at
>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:351)
>>>>>
>>>>>      at
>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
>>>>>
>>>>>      at
>>>>> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1459)
>>>>>
>>>>> ...
>>>>> where MYHOST is the fully qualified name of the apache/tomcat server.
>>>>>
>>>>> Per your suggestion I tried to enable the logging on my
>>>>> development machine before sending the request the sysadmin group
>>>>> to modify the I&T machine and while I was able to modify
>>>>> config/log4j.xml and see more debugging info, when I added the
>>>>> property to my properties-local.xml file then orbeon failed to
>>>>> startup.  I get a 404 resource not available.  If I change
>>>>> xs:NMTOKENS to xs:string, then everything comes up fine.  Is there
>>>>> something else I need to enable?  Looking at the orbeon.log, about
>>>>> the only thing I notice is the following:
>>>>>
>>>>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  -
>>>>> System property java.protocol.handler.pkgs has not been updated.
>>>>>
>>>>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  -
>>>>> Setting java.protocol.handler.pkgs to
>>>>> org.exist.protocolhandler.protocols
>>>>>
>>>>> The first line is if I use xs:string, the 2nd line is if I use
>>>>> xs:NMTOKENS.
>>>>>
>>>>> Again, I'm just trying to execute one of the xforms examples.
>>>>> Actually, I have two servlet instances of orbeon running under
>>>>> tomcat.  One called orbeon which is my development instance and
>>>>> another one that uses the ops name and the one that I modified
>>>>> with your debug instructions is not coming up but orbeon instance
>>>>> which was not modified is coming up fine.  So the NMTOKENS is
>>>>> definitely causing a problem.
>>>>>
>>>>> oh, looks like xforms-hello works fine with RSA enabled but
>>>>> xforms-controls does not.  xforms-bookcast, xforms-todo,  all that
>>>>> i tried work fine, it's just xforms-controls and of course my
>>>>> application that don't work.   ah, xforms-cart is failing as well
>>>>> with the same error about a non-XML media type.  What is it that
>>>>> xforms-controls and xforms-cart have in common that is not used by
>>>>> the others?
>>>>>
>>>>>
>>>>> claude
>>>>>
>>>>>
>>>>> Alessandro Vernet wrote:
>>>>>> Claude,
>>>>>>
>>>>>> If you want the request to go to localhost, you'd have to put
>>>>>> http://localhost... explicitly in your URL. Otherwise, Orbeon
>>>>>> Forms will take relative URLs relative to the URL used for the
>>>>>> request. I would try to figure out what goes wrong with this
>>>>>> request. Try this:
>>>>>>
>>>>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>>>>> 2. Add the following to your properties-local.xml:
>>>>>>   <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>>>>       value="document event action submission submission-details
>>>>>>       submission-body server server-body control html"/>
>>>>>> 3. Restart Tomcat, and try the submission again.
>>>>>>
>>>>>> This time you should have much more information in the log, and
>>>>>> in particular the body of the response should be logged. (In
>>>>>> development mode, I just leave this high level of debugging
>>>>>> always on.) I am hoping that this will help you see what is wrong.
>>>>>>
>>>>>> Alex
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Jan 13, 2010, at 1:50 PM, claude felizardo
>>>>>> <[hidden email]> wrote:
>>>>>>
>>>>>>> Just when we were getting ready to deploy a system, they decided
>>>>>>> to install an RSA Authentication module on our Apache server
>>>>>>> that is preventing all of my Orbeon actions from working.   My
>>>>>>> Orbeon pages come up fine but most if not all of the actions no
>>>>>>> longer respond.   The orbeon.log file contains the following error:
>>>>>>>
>>>>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server
>>>>>>> - Received request
>>>>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms -
>>>>>>> submission - xforms-submit-error throwable:
>>>>>>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException:
>>>>>>> line 24 of oxf:/config/xforms-widgets.xsl (processing instance
>>>>>>> replacement): Body received with non-XML media type for
>>>>>>> replace="instance": text/html
>>>>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body
>>>>>>> received with non-XML media type for replace="instance": text/html
>>>>>>>
>>>>>>> I'm guessing it's the apache server asking tomcat to
>>>>>>> authenticate.  We had a related problem when we first tried to
>>>>>>> use a self signed SSL certificate and the xforms-controls
>>>>>>> example would die but at least you could see the exception from
>>>>>>> the web browser but this time, we get the following Orbeon error
>>>>>>> on the web browser.
>>>>>>>
>>>>>>> Fatal error: The element type "img" must be terminated by the
>>>>>>> matching end-tag "</img>".
>>>>>>>
>>>>>>> The callstack says it's trying to get
>>>>>>> https://ourhost/orbeon/xforms-controls/services/countries
>>>>>>>
>>>>>>> If they disable the RSA authentication then everything works
>>>>>>> fine via SSL but they really want to lock things down.
>>>>>>> Is there a way to get Tomcat and/or Orbeon to not use apache
>>>>>>> when it's doing a "service" call back into itself?  Looks like
>>>>>>> it's using <hostname> instead of localhost.
>>>>>>>
>>>>>>>
>>>>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>>>>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat
>>>>>>> 6.0.18.
>>>>>>>
>>>>>>> claude
>>>>>>
>>>>>
>>>>>
>>>>>
>>>
>>
>>
>> --
>> You receive this message as a subscriber of the [hidden email]
>> mailing list.
>> To unsubscribe: mailto:[hidden email]
>> For general help: mailto:[hidden email]?subject=help
>> OW2 mailing lists service home page: http://www.ow2.org/wws
>
>
>
>
>

> Setting the property oxf.url-rewriting.service.base-uri property with
> <a href="http://localhost:nnn">http://localhost:nnn where nnn is my tomcat port (we have multiple
> developers on the dev machines) seems to work in my test environment
> but I missed the window for testing on the ops machine so I have to
> wait for someone to enable the RSA module on the test machine.
>
> Only problem is that the orbeon.log is not longer updated, only the
> apache logs that says it got a server request.  If I remove the
> property, then on my system (which does not have the RSA module
> installed) every time I click on a button, I see both logs updated and
> I can see what action it's calling.
>
> I'm using dev-3.7.1.200905272119.
>
> claude
>
>
>
> Alessandro Vernet wrote:
>> Claude,
>>
>> I now better understand what type of authentication / security
>> infrastructure you have on the Apache server. Using a proxy might
>> work, but I have never done this and it will make your deployment
>> more complicated. The oxf.url-rewriting.service.base-uri property
>> might be just what you are looking for. See:
>>
>> http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties/configuration-properties-base#TOC-URL-rewriting 
>>
>>
>> This is something that we added fairly recently, so you'll need a
>> nightly build for this. Do you think that this could work for you?
>>
>> Alex
>>
>> On Jan 14, 2010, at 10:07 PM, Claude Felizardo
>> <[hidden email]> wrote:
>>
>>> Sorry, I forgot to explain what the RSA authentication module does
>>> with Apache.  It implements a 2 factor challenge - the user has to
>>> supply both a user name and a passcode which includes a 4 digit
>>> secret PIN and a 6 digit one time use "random" number which is
>>> displayed on a key-fob device that is synced with the server.  
>>> Because it's interactive, there's no way that Tomcat can deal with
>>> this.
>>>
>>> The self-signed cert problem I had several months ago was indeed
>>> solved by purchasing a real cert and was installed properly.  What
>>> they are doing to me know is adding the RSA authentication module on
>>> top of it all.
>>>
>>> So if the proxy server is out any other suggestions?   Will i have
>>> to change all of the submits in orbeon to specifically say localhost?
>>>
>>> claude
>>>
>>> Alessandro Vernet wrote:
>>>> Claude,
>>>>
>>>> If you setup a proxy between Apache and Tomcat, then Tomcat will
>>>> most likely see the request coming from the proxy and contact the
>>>> proxy. This would give you:
>>>>
>>>> Apache on HTTPS -> Proxy on HTTP -> Tomcat on HTTP
>>>>
>>>> But if the problem is caused by the self-signed cert on Apache, why
>>>> not just use a real cert? Alternatively you can put that
>>>> self-signed cert in a truststore on the Tomcat box.
>>>>
>>>> Alex
>>>>
>>>>
>>>>
>>>> On Jan 14, 2010, at 4:46 PM, claude felizardo
>>>> <[hidden email]> wrote:
>>>>
>>>>> Sorry, I forgot to clarify my concern.  While I can look into
>>>>> changing our application to prefix localhost on all of our
>>>>> submissions, what if I use something that triggers a submission
>>>>> within orbeon that doesn't have the localhost prefix.  Won't it
>>>>> just die at that point?
>>>>>
>>>>> Now here's a thought.  What if we setup a a proxy server that
>>>>> forwards to the tomcat http port?  Would tomcat contact itself on
>>>>> the "internal" port or would it still use the apache port?
>>>>>
>>>>> claude
>>>>>
>>>>>
>>>>> claude felizardo wrote:
>>>>>> Is there not a global setting for this? It might not have been
>>>>>> clear in my initial email but I'm getting exceptions even with
>>>>>> the xforms-controls example:
>>>>>>
>>>>>> 2010-01-14 13:38:29,936 INFO  ProcessorService  -
>>>>>> /xforms-controls/ - Received request
>>>>>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at
>>>>>> line 124, column 3 of
>>>>>> https://MYHOST/ksas/xforms-controls/services/countries
>>>>>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of
>>>>>> https://MYHOST/ksas/xforms-controls/services/countries: Fatal
>>>>>> error: The element type "img" must be terminated by the matching
>>>>>> end-tag "</img>".
>>>>>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,
>>>>>> column 3: Fatal error: The element type "img" must be terminated
>>>>>> by the matching end-tag "</img>".
>>>>>>      at
>>>>>> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:342)
>>>>>>
>>>>>>      at
>>>>>> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>>>>>>
>>>>>>      at
>>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:351)
>>>>>>
>>>>>>      at
>>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
>>>>>>
>>>>>>      at
>>>>>> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1459)
>>>>>>
>>>>>> ...
>>>>>> where MYHOST is the fully qualified name of the apache/tomcat
>>>>>> server.
>>>>>>
>>>>>> Per your suggestion I tried to enable the logging on my
>>>>>> development machine before sending the request the sysadmin group
>>>>>> to modify the I&T machine and while I was able to modify
>>>>>> config/log4j.xml and see more debugging info, when I added the
>>>>>> property to my properties-local.xml file then orbeon failed to
>>>>>> startup.  I get a 404 resource not available.  If I change
>>>>>> xs:NMTOKENS to xs:string, then everything comes up fine.  Is
>>>>>> there something else I need to enable?  Looking at the
>>>>>> orbeon.log, about the only thing I notice is the following:
>>>>>>
>>>>>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  -
>>>>>> System property java.protocol.handler.pkgs has not been updated.
>>>>>>
>>>>>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  -
>>>>>> Setting java.protocol.handler.pkgs to
>>>>>> org.exist.protocolhandler.protocols
>>>>>>
>>>>>> The first line is if I use xs:string, the 2nd line is if I use
>>>>>> xs:NMTOKENS.
>>>>>>
>>>>>> Again, I'm just trying to execute one of the xforms examples.
>>>>>> Actually, I have two servlet instances of orbeon running under
>>>>>> tomcat.  One called orbeon which is my development instance and
>>>>>> another one that uses the ops name and the one that I modified
>>>>>> with your debug instructions is not coming up but orbeon instance
>>>>>> which was not modified is coming up fine.  So the NMTOKENS is
>>>>>> definitely causing a problem.
>>>>>>
>>>>>> oh, looks like xforms-hello works fine with RSA enabled but
>>>>>> xforms-controls does not.  xforms-bookcast, xforms-todo,  all
>>>>>> that i tried work fine, it's just xforms-controls and of course
>>>>>> my application that don't work.   ah, xforms-cart is failing as
>>>>>> well with the same error about a non-XML media type.  What is it
>>>>>> that xforms-controls and xforms-cart have in common that is not
>>>>>> used by the others?
>>>>>>
>>>>>>
>>>>>> claude
>>>>>>
>>>>>>
>>>>>> Alessandro Vernet wrote:
>>>>>>> Claude,
>>>>>>>
>>>>>>> If you want the request to go to localhost, you'd have to put
>>>>>>> http://localhost... explicitly in your URL. Otherwise, Orbeon
>>>>>>> Forms will take relative URLs relative to the URL used for the
>>>>>>> request. I would try to figure out what goes wrong with this
>>>>>>> request. Try this:
>>>>>>>
>>>>>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>>>>>> 2. Add the following to your properties-local.xml:
>>>>>>>   <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>>>>>       value="document event action submission submission-details
>>>>>>>       submission-body server server-body control html"/>
>>>>>>> 3. Restart Tomcat, and try the submission again.
>>>>>>>
>>>>>>> This time you should have much more information in the log, and
>>>>>>> in particular the body of the response should be logged. (In
>>>>>>> development mode, I just leave this high level of debugging
>>>>>>> always on.) I am hoping that this will help you see what is wrong.
>>>>>>>
>>>>>>> Alex
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On Jan 13, 2010, at 1:50 PM, claude felizardo
>>>>>>> <[hidden email]> wrote:
>>>>>>>
>>>>>>>> Just when we were getting ready to deploy a system, they
>>>>>>>> decided to install an RSA Authentication module on our Apache
>>>>>>>> server that is preventing all of my Orbeon actions from
>>>>>>>> working.   My Orbeon pages come up fine but most if not all of
>>>>>>>> the actions no longer respond.   The orbeon.log file contains
>>>>>>>> the following error:
>>>>>>>>
>>>>>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  -
>>>>>>>> /xforms-server - Received request
>>>>>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms -
>>>>>>>> submission - xforms-submit-error throwable:
>>>>>>>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException:
>>>>>>>> line 24 of oxf:/config/xforms-widgets.xsl (processing instance
>>>>>>>> replacement): Body received with non-XML media type for
>>>>>>>> replace="instance": text/html
>>>>>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body
>>>>>>>> received with non-XML media type for replace="instance": text/html
>>>>>>>>
>>>>>>>> I'm guessing it's the apache server asking tomcat to
>>>>>>>> authenticate.  We had a related problem when we first tried to
>>>>>>>> use a self signed SSL certificate and the xforms-controls
>>>>>>>> example would die but at least you could see the exception from
>>>>>>>> the web browser but this time, we get the following Orbeon
>>>>>>>> error on the web browser.
>>>>>>>>
>>>>>>>> Fatal error: The element type "img" must be terminated by the
>>>>>>>> matching end-tag "</img>".
>>>>>>>>
>>>>>>>> The callstack says it's trying to get
>>>>>>>> https://ourhost/orbeon/xforms-controls/services/countries
>>>>>>>>
>>>>>>>> If they disable the RSA authentication then everything works
>>>>>>>> fine via SSL but they really want to lock things down.
>>>>>>>> Is there a way to get Tomcat and/or Orbeon to not use apache
>>>>>>>> when it's doing a "service" call back into itself?  Looks like
>>>>>>>> it's using <hostname> instead of localhost.
>>>>>>>>
>>>>>>>>
>>>>>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>>>>>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat
>>>>>>>> 6.0.18.
>>>>>>>>
>>>>>>>> claude
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>
>>>
>>>
>>> --
>>> You receive this message as a subscriber of the [hidden email]
>>> mailing list.
>>> To unsubscribe: mailto:[hidden email]
>>> For general help: mailto:[hidden email]?subject=help
>>> OW2 mailing lists service home page: http://www.ow2.org/wws
>>
>>
>>
>>
>>
>
>
>
>

> They finally promoted my changes to a dedicated I&T machine with the
> Apache/RSA module enabled sitting behind a firewall that blocks nearly
> everything so I was able to confirm that setting the property
> xf.url-rewriting.service.base-uri to something like <a href="http://localhost:nnn">http://localhost:nnn
> where nnn is the tomcat port fixes the Apache/RSA problem.
> thanks for the help!
> claude
>
>
>
> claude felizardo wrote:
>>
>> Setting the property oxf.url-rewriting.service.base-uri property with
>> <a href="http://localhost:nnn">http://localhost:nnn where nnn is my tomcat port (we have multiple
>> developers on the dev machines) seems to work in my test environment but I
>> missed the window for testing on the ops machine so I have to wait for
>> someone to enable the RSA module on the test machine.
>>
>> Only problem is that the orbeon.log is not longer updated, only the apache
>> logs that says it got a server request.  If I remove the property, then on
>> my system (which does not have the RSA module installed) every time I click
>> on a button, I see both logs updated and I can see what action it's calling.
>>
>> I'm using dev-3.7.1.200905272119.
>>
>> claude
>>
>>
>>
>> Alessandro Vernet wrote:
>>>
>>> Claude,
>>>
>>> I now better understand what type of authentication / security
>>> infrastructure you have on the Apache server. Using a proxy might work, but
>>> I have never done this and it will make your deployment more complicated.
>>> The oxf.url-rewriting.service.base-uri property might be just what you are
>>> looking for. See:
>>>
>>>
>>> http://wiki.orbeon.com/forms/doc/developer-guide/configuration-properties/configuration-properties-base#TOC-URL-rewriting
>>>
>>> This is something that we added fairly recently, so you'll need a nightly
>>> build for this. Do you think that this could work for you?
>>>
>>> Alex
>>>
>>> On Jan 14, 2010, at 10:07 PM, Claude Felizardo <[hidden email]>
>>> wrote:
>>>
>>>> Sorry, I forgot to explain what the RSA authentication module does with
>>>> Apache.  It implements a 2 factor challenge - the user has to supply both a
>>>> user name and a passcode which includes a 4 digit secret PIN and a 6 digit
>>>> one time use "random" number which is displayed on a key-fob device that is
>>>> synced with the server.   Because it's interactive, there's no way that
>>>> Tomcat can deal with this.
>>>>
>>>> The self-signed cert problem I had several months ago was indeed solved
>>>> by purchasing a real cert and was installed properly.  What they are doing
>>>> to me know is adding the RSA authentication module on top of it all.
>>>>
>>>> So if the proxy server is out any other suggestions?   Will i have to
>>>> change all of the submits in orbeon to specifically say localhost?
>>>>
>>>> claude
>>>>
>>>> Alessandro Vernet wrote:
>>>>>
>>>>> Claude,
>>>>>
>>>>> If you setup a proxy between Apache and Tomcat, then Tomcat will most
>>>>> likely see the request coming from the proxy and contact the proxy. This
>>>>> would give you:
>>>>>
>>>>> Apache on HTTPS -> Proxy on HTTP -> Tomcat on HTTP
>>>>>
>>>>> But if the problem is caused by the self-signed cert on Apache, why not
>>>>> just use a real cert? Alternatively you can put that self-signed cert in a
>>>>> truststore on the Tomcat box.
>>>>>
>>>>> Alex
>>>>>
>>>>>
>>>>>
>>>>> On Jan 14, 2010, at 4:46 PM, claude felizardo <[hidden email]>
>>>>> wrote:
>>>>>
>>>>>> Sorry, I forgot to clarify my concern.  While I can look into changing
>>>>>> our application to prefix localhost on all of our submissions, what if I use
>>>>>> something that triggers a submission within orbeon that doesn't have the
>>>>>> localhost prefix.  Won't it just die at that point?
>>>>>>
>>>>>> Now here's a thought.  What if we setup a a proxy server that forwards
>>>>>> to the tomcat http port?  Would tomcat contact itself on the "internal" port
>>>>>> or would it still use the apache port?
>>>>>>
>>>>>> claude
>>>>>>
>>>>>>
>>>>>> claude felizardo wrote:
>>>>>>>
>>>>>>> Is there not a global setting for this? It might not have been clear
>>>>>>> in my initial email but I'm getting exceptions even with the xforms-controls
>>>>>>> example:
>>>>>>>
>>>>>>> 2010-01-14 13:38:29,936 INFO  ProcessorService  - /xforms-controls/ -
>>>>>>> Received request
>>>>>>> 2010-01-14 13:38:30,047 ERROR ProcessorService  - Exception at line
>>>>>>> 124, column 3 of https://MYHOST/ksas/xforms-controls/services/countries
>>>>>>> org.orbeon.oxf.common.ValidationException: line 124, column 3 of
>>>>>>> https://MYHOST/ksas/xforms-controls/services/countries: Fatal error: The
>>>>>>> element type "img" must be terminated by the matching end-tag "</img>".
>>>>>>> https://MYHOST/ksas/xforms-controls/services/countries, line 124,
>>>>>>> column 3: Fatal error: The element type "img" must be terminated by the
>>>>>>> matching end-tag "</img>".
>>>>>>>     at
>>>>>>> org.orbeon.oxf.xml.XMLUtils$ErrorHandler.fatalError(XMLUtils.java:342)
>>>>>>>     at
>>>>>>> orbeon.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:178)
>>>>>>>     at
>>>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:351)
>>>>>>>     at
>>>>>>> orbeon.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:281)
>>>>>>>     at
>>>>>>> orbeon.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1459)
>>>>>>> ...
>>>>>>> where MYHOST is the fully qualified name of the apache/tomcat server.
>>>>>>>
>>>>>>> Per your suggestion I tried to enable the logging on my development
>>>>>>> machine before sending the request the sysadmin group to modify the I&T
>>>>>>> machine and while I was able to modify config/log4j.xml and see more
>>>>>>> debugging info, when I added the property to my properties-local.xml file
>>>>>>> then orbeon failed to startup.  I get a 404 resource not available.  If I
>>>>>>> change xs:NMTOKENS to xs:string, then everything comes up fine.  Is there
>>>>>>> something else I need to enable?  Looking at the orbeon.log, about the only
>>>>>>> thing I notice is the following:
>>>>>>>
>>>>>>> 2010-01-14 13:32:46,492 INFO  eXistURLStreamHandlerFactory  - System
>>>>>>> property java.protocol.handler.pkgs has not been updated.
>>>>>>>
>>>>>>> 2010-01-14 13:34:17,018 INFO  eXistURLStreamHandlerFactory  - Setting
>>>>>>> java.protocol.handler.pkgs to org.exist.protocolhandler.protocols
>>>>>>>
>>>>>>> The first line is if I use xs:string, the 2nd line is if I use
>>>>>>> xs:NMTOKENS.
>>>>>>>
>>>>>>> Again, I'm just trying to execute one of the xforms examples.
>>>>>>> Actually, I have two servlet instances of orbeon running under
>>>>>>> tomcat.  One called orbeon which is my development instance and another one
>>>>>>> that uses the ops name and the one that I modified with your debug
>>>>>>> instructions is not coming up but orbeon instance which was not modified is
>>>>>>> coming up fine.  So the NMTOKENS is definitely causing a problem.
>>>>>>>
>>>>>>> oh, looks like xforms-hello works fine with RSA enabled but
>>>>>>> xforms-controls does not.  xforms-bookcast, xforms-todo,  all that i tried
>>>>>>> work fine, it's just xforms-controls and of course my application that don't
>>>>>>> work.   ah, xforms-cart is failing as well with the same error about a
>>>>>>> non-XML media type.  What is it that xforms-controls and xforms-cart have in
>>>>>>> common that is not used by the others?
>>>>>>>
>>>>>>>
>>>>>>> claude
>>>>>>>
>>>>>>>
>>>>>>> Alessandro Vernet wrote:
>>>>>>>>
>>>>>>>> Claude,
>>>>>>>>
>>>>>>>> If you want the request to go to localhost, you'd have to put
>>>>>>>> http://localhost... explicitly in your URL. Otherwise, Orbeon Forms will
>>>>>>>> take relative URLs relative to the URL used for the request. I would try to
>>>>>>>> figure out what goes wrong with this request. Try this:
>>>>>>>>
>>>>>>>> 1. In config/log4j.xml, uncomment the category for XFormsServer.
>>>>>>>> 2. Add the following to your properties-local.xml:
>>>>>>>>  <property as="xs:NMTOKENS" name="oxf.xforms.logging.debug"
>>>>>>>>      value="document event action submission submission-details
>>>>>>>>      submission-body server server-body control html"/>
>>>>>>>> 3. Restart Tomcat, and try the submission again.
>>>>>>>>
>>>>>>>> This time you should have much more information in the log, and in
>>>>>>>> particular the body of the response should be logged. (In development mode,
>>>>>>>> I just leave this high level of debugging always on.) I am hoping that this
>>>>>>>> will help you see what is wrong.
>>>>>>>>
>>>>>>>> Alex
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> On Jan 13, 2010, at 1:50 PM, claude felizardo
>>>>>>>> <[hidden email]> wrote:
>>>>>>>>
>>>>>>>>> Just when we were getting ready to deploy a system, they decided to
>>>>>>>>> install an RSA Authentication module on our Apache server that is preventing
>>>>>>>>> all of my Orbeon actions from working.   My Orbeon pages come up fine but
>>>>>>>>> most if not all of the actions no longer respond.   The orbeon.log file
>>>>>>>>> contains the following error:
>>>>>>>>>
>>>>>>>>> 2010-01-12 17:51:33,808 INFO  ProcessorService  - /xforms-server -
>>>>>>>>> Received request
>>>>>>>>> 2010-01-12 17:51:33,898 ERROR XFormsServer  - XForms - submission -
>>>>>>>>> xforms-submit-error throwable:
>>>>>>>>> org.orbeon.oxf.xforms.XFormsModelSubmission$XFormsSubmissionException: line
>>>>>>>>> 24 of oxf:/config/xforms-widgets.xsl (processing instance replacement): Body
>>>>>>>>> received with non-XML media type for replace="instance": text/html
>>>>>>>>> oxf:/config/xforms-widgets.xsl, line 24, column -1: Body received
>>>>>>>>> with non-XML media type for replace="instance": text/html
>>>>>>>>>
>>>>>>>>> I'm guessing it's the apache server asking tomcat to authenticate.
>>>>>>>>>  We had a related problem when we first tried to use a self signed SSL
>>>>>>>>> certificate and the xforms-controls example would die but at least you could
>>>>>>>>> see the exception from the web browser but this time, we get the following
>>>>>>>>> Orbeon error on the web browser.
>>>>>>>>>
>>>>>>>>> Fatal error: The element type "img" must be terminated by the
>>>>>>>>> matching end-tag "</img>".
>>>>>>>>>
>>>>>>>>> The callstack says it's trying to get
>>>>>>>>> https://ourhost/orbeon/xforms-controls/services/countries
>>>>>>>>>
>>>>>>>>> If they disable the RSA authentication then everything works fine
>>>>>>>>> via SSL but they really want to lock things down.
>>>>>>>>> Is there a way to get Tomcat and/or Orbeon to not use apache when
>>>>>>>>> it's doing a "service" call back into itself?  Looks like it's using
>>>>>>>>> <hostname> instead of localhost.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> We are using dev-3.7.1.200905272119 with Apache/2.2.11 (Unix)
>>>>>>>>> mod_ssl/2.2.11 OpenSSL/0.9.8k mod_jk/1.2.28 and Apache Tomcat 6.0.18.
>>>>>>>>>
>>>>>>>>> claude
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> You receive this message as a subscriber of the [hidden email]
>>>> mailing list.
>>>> To unsubscribe: mailto:[hidden email]
>>>> For general help: mailto:[hidden email]?subject=help
>>>> OW2 mailing lists service home page: http://www.ow2.org/wws
>>>
>>>
>>>
>>>
>>>
>>
>>
>>
>>
>
>
>
> --
> You receive this message as a subscriber of the [hidden email] mailing
> list.
> To unsubscribe: mailto:[hidden email]
> For general help: mailto:[hidden email]?subject=help
> OW2 mailing lists service home page: http://www.ow2.org/wws
>
>