Re: problems with web.xml and security

[Jon Eaves]

Rosaria Silipo wrote:

Thanks Carl,

Yes, I tried to see /secure as first thing and I can see it without
authentication.
I tried to close browser and restart it and I still could see it.
Maybe the problem is on the web.xml of /secure. Is it possible?
-- Rosaria
If I'm reading your sentence correctly, then yes.

If /secure is a different web application than / (or ROOT)
then the different contexts will process different web.xml files.
The /* is relative to the root of the web application, not to
the Tomcat installation.
Cheers,
-- jon
--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon
Co-Author of Apache Tomcat Bible, Wiley 2003
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: problems with web.xml and security

[Jon Eaves]

You need 2 web.xml files.

In / (or ROOT) for the context that maps to

http://my.domain.com/

and in the web application defined by the context /secure
which may be in the subdirectory webapps/secure, or it
may be webapps/secure.war, or it may be webapps/somethingelse
and have  Context element in conf/server.xml point to the
appropriate web application.
This will map to http://my.domain.com/secure

Remember, we're talking about web applications, and *not*
directories.
So, in the web application that you have defined to be
the context /secure, put the security constraint of /*
That will apply to all file *in that context*.  Different
contexts have different web.xml files.  Directories are only
relevant _within_ a web application.
Cheers,
-- jon
Rosaria Silipo wrote:

Sorry, my mistake!
It worked because in the meantime I removed /secure.
If I rebuild /secure, I can still access it without being authenticated.
Summary: I have web.xml for / and web.xml for /secure.
Without web.xml in /secure/web/WEB-INF I can not build /secure in the
web application.
How do I include /secure in the root web application?

Thanks

-- Rosaria

-Original Message-
From: Jon Eaves [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, June 17, 2003 3:04 PM
To: Tomcat Users List
Subject: Re: problems with web.xml and security

Rosaria Silipo wrote:


Thanks Carl,

Yes, I tried to see /secure as first thing and I can see it without
authentication.
I tried to close browser and restart it and I still could see it.
Maybe the problem is on the web.xml of /secure. Is it possible?
-- Rosaria


If I'm reading your sentence correctly, then yes.

If /secure is a different web application than / (or ROOT)
then the different contexts will process different web.xml files.
The /* is relative to the root of the web application, not to
the Tomcat installation.
Cheers,
-- jon
--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon
Co-Author of Apache Tomcat Bible, Wiley 2003
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Redirect and Tomcat

[Jon Eaves]

Hi all,

And just to follow up on that, you should always serve your login page under
SSL as otherwise the bad guys can change the FORM action parameter and use it
to grab your usernames and passwords.

So, the initial GET to grab the login page can trigger the http-https
redirect rather than doing it under the POST of the FORM.  Which is the
best course of action anyway.

Cheers,
	-- jon

Daniel Brown wrote:

This was news to me too. But, from the horse's mouth:

RFC 2616HTTP/1.1   June 1999


   If the 302 status code is received in response to a request other
   than GET or HEAD, the user agent MUST NOT automatically redirect the
   request unless it can be confirmed by the user, since this might
   change the conditions under which the request was issued.


[ snip ]

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: (Urgent) SSL Error!

[Jon Eaves]

Anish Mehta wrote:

Hi,

I am in urgent need to solve a problem. 

When attempting to connect from a Java GUI application
to a servlet using the following URL:

http://localhost:8443/examples/servlet/MyUploadServlet?

This should be:
https://localhost:8443/examples/servlet/MyUploadServlet?
^

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Pri-Compiled jsp and war files

[Jon Eaves]

Hi Tony,

Here's an Ant task that will do what you want.  Please be aware
that this will delete all the JSP files from the build directory
as part of the processing.

It also creates a web.xml fragment that represents all the
servlets (that were the jsp files) that needs to be included
in the web.xml prior to creating the WAR file.

It runs jasper first, and expects to find the JSP files in
${web.home} and will output the java files in ${basedir}/gensrc.

These java files are then compiled and put into the build
directory (where all the servlet files are)

  !--  jspc target  --
  taskdef classname=org.apache.jasper.JspC name=jasper 
  classpath refid=compile.classpath /
  /taskdef

  target name=jspc depends=compile
  description=Invoke Jasper JSP compiler 
  mkdir dir=${basedir}/gensrc /

 jasper verbose=0
 uriroot=${web.home}
 webXmlFragment=${basedir}/web.inc
 outputDir=${basedir}/gensrc /

  javac
  srcdir=${basedir}/gensrc
  destdir=${build.home}/WEB-INF/classes 
  classpath refid=compile.classpath /
  /javac

  !-- remove any *.jsp files in the build directory --
  delete
  fileset dir=${build.home} includes=**/*.jsp /
  /delete

  /target

Now, just WAR it up.

  target name=dist depends=compile,javadoc
   description=Create binary distribution

!-- Copy documentation subdirectories --
mkdir   dir=${dist.home}/docs/
copytodir=${dist.home}/docs
  fileset dir=${docs.home}/
/copy

!-- Create application JAR file --
jar jarfile=${dist.home}/${app.name}-${app.version}.war
 basedir=${build.home}/

!-- Copy additional files to ${dist.home} as necessary --

   /target

So, this creates the war file.

ant compile jspc dist

Will do all the good things.  If you want the actual build.xml
that does all this, then let me know.  If you're using an IDE
this should give you the general idea, but you're on your own.

Cheers,
	-- jon


Tony Colson wrote:

After reading the documentation I am unclear how to
package the precompiled jsp pages with a war file so
that Tomcat will see and use them.

Also, do I need to include the actual jsp files
themselves?  When I tried that, Tomcat recompiled them
anyways and put them in the work directory as normal.

I am running Tomcat 4.1.18.

Thanks
Tony

__
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Require a secure connection

[Jon Eaves]

Hi Neal,

  security-constraint
  display-nameWeb Booking/display-name
  web-resource-collection
  web-resource-nameWeb Booking
  /web-resource-name
  url-pattern/web/*/url-pattern
  http-methodGET/http-method
  http-methodPOST/http-method
  /web-resource-collection
  user-data-constraint
  transport-guarantee
  CONFIDENTIAL
  /transport-guarantee
  /user-data-constraint
  /security-constraint

Will do what you want. This will switch the transport to HTTPS.
You can also check programatically using request.isSecure()
in the servlet to make sure the administrator has installed
your application and SSL correctly.


neal wrote:

Does anyone know how to *require* that a page be accessed only via a secure
connection?

For instance, I *can* request a secure connection to a page by going to
https://; and the url ... but how do I prevent a user from going to
http://; to request that same page?

Would this be a proxy thing or is something I can set in Tomcat?  Is there
something that wouldn't require the overhead of reflecting upon every single
request at the Java level?

Thanks.
neal


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [ OT ] what source code control system?

[Jon Eaves]

Noel J. Bergman wrote:

Despite the fact that it is widely used, the list of problems with CVS is
long and distinguished.  

I'll disagree here. CVS is missing some features that other people
find very desirable in a source control system. This doesn't mean it
has a long list of problems.

The only thing that I'd consider a problem with CVS is the lack
of an atomic commit. Having said that, I've been using it for over
10 years, nearly always in client-server mode or remotely tunnelling
over SSH and I have _never_ had a problem.


Since you can't use SourceSafe, I would recommend
that you look at Subversion (http://subversion.tigris.org).  Subversion is
self-hosting, works with database and apache, has an API, and there is a GUI
interface (http://rapidsvn.tigris.org).

Subversion uses WebDAV, and there is even a Wiki using Subversion.

If you were in a corporate environment, perhaps Subversion might not be
ready for you (but then again, you could afford SourceSafe), but in your
environment you might like the possibilities in Subversion.  There is always
CVS if you need it, and don't mind the problems (like the inability to
rename something).


Renaming things is trivial, just get the administrator to rename it
for you.  mv $CVSROOT/src/foo.java,v $CVSROOT/src/bar.java,v. Or if
you don't care about losing your log history, then just delete and
add it.

Sure, it's not the most user friendly approach, but it can be done.

I'm a big, big fan of CVS, it's very stable and it's been used in
technical teams and I've also taught graphic designers to use it.
Throughout that time, I've never had an issue with files being
corrupted, magically deleted or anything else.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: [OFF-TOPIC] RE: RewriteRules and Standalone Tomcat

[Jon Eaves]

Hiya Neal (and others)

As a counterpoint to your argument about search engines and
small sites I have some real numbers:

From my website referrer stats:
(For an Apache HTTP: http://www.eaves.org)

Direct requests : 28%
Google.com : 1.5%
Google images : 0.7%
search.yahoo.com : 0.3%
Google.ca : 0.15%
Google.co.uk : 0.15%
Google.it : 0.11%
Google.de : 0.09%
Google.com.au : 0.08%
Google.co.nz : 0.06%
Google.fr : 0.03%
Google.pl : 0.03%
Google.nl : 0.03%
altavista.com : 0.03%
au.altavista.com : 0.02%

The rest of the traffic is from a whole load of
Java MIDlet portals.

Total search engines combined: ~4%

Now, I'm not running java.sun.com or anything like that but for
a personal website I get an average of 30,000 hits a month, and
I suspect that the only way that people find my site would be:

1. Signature links in email
2. Search engines

It's not like anybody is going to be trying to guess my URL just
to see what is there ;-)

And the best thing is that I have a site that is just running
Tomcat, on a wacky URL to compare this against:
(Tomcat: http://www.eaves.org:28080/)

Direct requests : 55%
looksmart.com : 15%
eaves.org : 9%
google : 6%
search.msn.com : 5%
yahoo.com : 1%
google.ca : 1%

Now, I don't trust these numbers as much because the hits are
so much lower 2000 hits a month, but it's clear in my case that
there is no, or little penalty for whatever behaviour Tomcat might
have.

Of course, YMMV, batteries not includes, offer void where prohibited
by law.

Cheers,
	-- jon


neal wrote:

You're comparing apples and oranges .. and pears (staying with the analogies
;-)).  A high profile site of course does not need the engines to the same
extent as a small site.  Additionally, a small site with a mature link base
(100s or 1000s of grade A links) will not recieve as much traffic from them
either.  For a new site (first year or so) its just the opposite.  Besides,
I was including places like Yahoo!, AOL, when I refer to search engine.
Granted these are CPCs (fake search engines) but nonetheless google probably
has 80% of the search engine market ... as for the 80% of traffic coming
from search engines - its a statistic I recently read in a book.  I can look
it up for you if interested.  If sounds though like the truth of this
statistic has a lot to do with whether you're comparing apples ... oranges
... or pears.

As for switching to Apache with 1hr work ... I'm also bucking that just
because (a) my ISP will want to get involved and charge me hourly for the
setup of an addt'l app and (b) I will have to get another $300 SSL cert from
Trawte if I go that road.  Sigh.

Neal


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: HTTPS to HTTP

[Jon Eaves]

Jacob Kjome wrote:


It is my understanding that if Tomcat allowed you use the same session 
and the session was created under https for a particular user, then once 
it gets to http the session id is now in clear text.  This is what, I 
believe, Craig is talking about when he says that using SSL in this 
manner only creates the appearance of security, not true security.  All 
I'd have to do to wreak some serious havoc is sniff packets, hijack the 
session, and browse back into the secure sections of the site under the 
guise of the user whose session I hijacked.  How is that security?

I'll bite on this one.  But first I'll say that I agree mostly with
your and Craig's position on this because in general most people aren't
experienced enough with security to make good decisions about what
is going on.  However this particular issues that has been raised
can make use of the HTTPS-HTTP switch securely but with fairly
bogus user experience. (My opinion on the user experience, nothing more)

Security is made of a number of components, these are generally:
Authentication, Access Control,Data Integrity and Confidentiality.

Rather than boring people about this,the two important parts to this
discussion are essentially Authentication and Confidentiality.

We want to use Authentication to allow the right person to access the
data and we want to use Confidentiality to make sure that bad people
can't see things in transit.

_Normally_ authentication is handled once and then confidentiality is
used to ensure the tokens remain private. However this is not the only
way to do it.

Here's an example scenario which I believe matches the desired result
and why HTTPS-HTTP _is desirable and secure in this instance_.

1. There are 2 areas of the website, secret stuff and public stuff.
2. Requests and responses from secret stuff is handled by HTTPS
3. Requests and responses from public stuff is handled by HTTP

4. To access the secret stuff, each and every time you try to access
   the secret stuff from the public stuff you are forced to authenticate.
5. The authentication mechanism uses confidentiality to protect the tokens
   and any transfer of secret stuff
6. There is nothing in the public stuff that matters if a session is
   hijacked.

This is desirable under the circumstances where you might wish to
initially authenticate under HTTPS to protect the tokens _only_, switch
to HTTP and keep the session valid either for tracking purposes or
merely to display the user name on the page.

Given that it is possible to force re-presentation of the authentication
tokens each time then I cannot see the security related problem with this
scenario.  (User experience problems, however)  I am happy to have
people poke holes in the scenario and tell me what I've done wrong, but
it seems correct to me.

Would I build it this way ? Probably not, but I generally don't like to
double-guess the constraints or problems my customers might have.
I could see that this might be useful if there is an enormous user base
that accesses a lot of public content and very, very occasionally needs
to access very secret information.  If 99.9% of the traffic doesn't need
to be secured, _and your user base is huge_ and you want the results of
the authentication to be available in the public area then this seems like
a reasonable request.

I will stress however that I feel that providing HTTPS-HTTP session 
migration within Tomcat is a highly dangerous thing as it will be
utilised in the single authentication continued session approach by
most people because they will not be able to understand why it's a
bad thing.

After having said all that, I'm sure it can't be hard to write a
SessionMigration object that can contain the data you want to throw
over the wall store it in the web application context and pass a
parameter through the URL redirection so it can be recovered on
the other side.  Maybe that's the workaround that's required in
this situation.

Cheers,
	-- jon


Jake

At 08:17 PM 1/9/2003 -0800, you wrote:


I'm aware of that.  The tomcat-specific issue is that it won't let you
make the transition from https to http on the same session.  That's
frustrating.





--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: unsubscribing to this mailing list

[Jon Eaves]

Hi Mark, John

These lists are using ezmlm. You can unsubscribe from a
wrong address by sending a blank email to this address:

[EMAIL PROTECTED]

That should end up with the right mail address being sent to ezmlm
and your confirmation email hopefully will end up in your inbox.

Then reply to that and it should work. If it doesn't then you
will need to get a moderator to send an email using the same To
field and that will not require confirmation.

Disclaimer:  I've never tried this, but that's what the manual says
to do.

Cheers,
	-- jon

Mark Goking wrote:

yes. when i first joined this mailing list, i had no problem at all. i
was even able to unsubscribe directly. but when i subscribed for the 2nd
time, i had problems. it took me about 2 days to subscribe again. i
didnt have any idea why it acted that way. within those 2 days i emailed
the admin to manually add me and he said no because my email uses
exchange server and the mailing list has problems dealing with email
addresses that uses the ms exchange server. still, after 2 days i was
able to subscribe myself here. the problem now is unsubscribing.

since i couldnt unsubscribe myself, i dont think it's impossible for the
admin to manually remove me from the mailing list. unsubscribing is as
simple as 1 2 3 but the process just doesnt work for me anymore.

mark

-Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] 
Sent: Tuesday, January 07, 2003 9:23 AM To: 'Tomcat Users List ' 
Subject: RE: unsubscribing to this mailing list



Are you sure you are using the correct from address?  I was able to 
unsubscribe and resubscribe myself twice in the past 6 weeks when going
on vacation.

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Console output in Tomcat

[Jon Eaves]

Hi all, (and Happy New Year)

If you want the System.[out|err] messages use the following:

Logger className=org.apache.catalina.logger.SystemErrLogger /
Logger className=org.apache.catalina.logger.SystemOutLogger /

Cheers,
	-- jon

Shrotriya, Sumit wrote:

Vlad,
  Yes you are right on that. When running as a service your output does get
logged to those files but when trying to run Tomcat as an application it
doesn't log the output. 
 My comments in my previous mail were not to get into an argument of any
sort. I take any words back if you felt anything like that.
Cheers,
Sumit

[ snip ]

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Servlet/Session/Attribute Listeners not very useful ?

[Jon Eaves]

Jason Jonas - ATTBI wrote:

Jon,


Hi Jason,



I've used the SessionListener interface once to write usage stats to a
database when a user logs out explicitly or implicitly when the
session times out. Haven't used it since and not too sure if I would
again. However, the mechanism worked well enough to satisfy our
requirement.


Yeah. That is also a use. Again, it's anonymous in that you can't
identify exactly what session expired, just that a session expired.



If you're trying to access your application objects bound into the
session, perhaps you could wrap them in a single application object.
While this is a kludge, it means the object references are readily
available and would eliminate the IllegalStateExceptions you're
encountering now. Just a thought.


It's more that I want to clean up some application wide data
when the session expires. I can't even work out how to map the
session that has just expired to anything useful either. If I
could get the session id of the session that expired then it
could store the information in application scope and use the ID
as a key.

From my reading of the Servlet Specs and the API documentation it
appears that the intention of the expert group was along those
lines, but it doesn't seem to have carried through in the
implementation.

SRV.10.7 Session Events
Listener classes provide the developer with a way of tracking sessions
within a web application. ... session became invalid because the
container timed out the session, or because a web component .. called
the invalidate() method. The disctinction may be determined indirectly
using listeners and the HTTPSession API methods

and

javax.servlet.http.HttpSessionListener

public void sessionDestroyed(HttpSessionEvent se)

Notification that a session was invalidated.

javax.servlet.http.HttpSessionEvent only has 1 method, to get the
session. Which at that time is invalid.

I might have to try some more obscure options like trying to use
an HttpSessionAttributeListener and the HttpSessionBindingEvent to
see if when a session is invalidated a BindingEvent is emitted.
I'm not thinking I'm going to be all that successful though.

I was half hoping that Craig might be able clarify after he's finished
with his Festive cheer ;-)

Cheers,
	-- jon



Jason

-Original Message-
From: Jon Eaves [mailto:[EMAIL PROTECTED]]
Sent: Saturday, December 28, 2002 6:08 AM
To: Tomcat Users List
Subject: Servlet/Session/Attribute Listeners not very useful ?

Hi all,

Can anybody tell me what possible use these particular interfaces
are ?

After thinking that they would be a good idea to use for web app
session management enhancements (session timeout etc) it turns out
that the invocations of valueUnbound(), sessionDestroyed(),
attributeRemoved() all occur _after_ the event has occurred, and
the values that would possibly be useful are all gone throwning
IllegalStateExceptions left right and centre.

What gives ? Did the Servlet Spec people have some other use for
these Interfaces that I'm not smart enough to work out, or are
they only useful for printing object added|removed|replaced
without being able to actually obtain the object?

The specifications for 2.4 for javax.servlet.http.HttpSession
still say the same things as 2.3, and if implemented in the
same way don't appear to be useful at all

Or is there some special magic that I'm not invoking the right
way ?

Help me, I'm confused ..

Cheers,
-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Servlet/Session/Attribute Listeners not very useful ?

[Jon Eaves]

Hi all,

Can anybody tell me what possible use these particular interfaces
are ?

After thinking that they would be a good idea to use for web app
session management enhancements (session timeout etc) it turns out
that the invocations of valueUnbound(), sessionDestroyed(),
attributeRemoved() all occur _after_ the event has occurred, and
the values that would possibly be useful are all gone throwning
IllegalStateExceptions left right and centre.

What gives ? Did the Servlet Spec people have some other use for
these Interfaces that I'm not smart enough to work out, or are
they only useful for printing object added|removed|replaced
without being able to actually obtain the object?

The specifications for 2.4 for javax.servlet.http.HttpSession
still say the same things as 2.3, and if implemented in the
same way don't appear to be useful at all

Or is there some special magic that I'm not invoking the right
way ?

Help me, I'm confused ..

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: RES: Is there a problem with tomcat JNDI resources (I don't thinkso)

[Jon Eaves]

Iran Marcius wrote:

If I'm not mistaken, I read somewhere that using GlobalNamingResource
with ResourceLink (inside Context) make unnecessary to put resource-ref
in web.xml. Tomcat naming examples didn't use it too.


I may have been the perpetrator of that particular piece of information.
It was while asking a question to Craig.



Is that correct?


His answer was; functionally it is not needed, but you should have it
because it's the right thing to do to make your web application portable.

Cheers,	
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Tomcat Administration Tool

[Jon Eaves]

Hi all,

The Tomcat Admin Tool uses a UserDatabaseRealm for authentication and
for editing as part of the configuration options. This uses the
conf/tomcat-users.xml file for the source of information

I was interested in knowing if anybody has configured Tomcat _and_
the Admin tool to use an alternate Realm, like JDBCRealm or a
close cousin that the Admin Tool can manage ?

I'd be interested in hearing from anybody who has gone down this
path

Cheers,
	-- jon
--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

HTML Manager Application FAIL - Invalid application URL was specified

[Jon Eaves]

Hi all,

First, the preamble:

Tomcat 4.1.12, Windows 2k.

I've searched the archives to no avail.
I've had a million monkeys typing in URLs without success.
I've even read the documentation, but that didn't help.

Can anybody tell me the magic combination that I need to type
into either the Config URL or the WAR URL ?
(Can somebody confirm that Config URL = context.xml URL ?)
WAR works for a foo.war and an unpacked foo.war so I guess
that's the only choice left.

I suspect the HTML Manager App is broken because after it
whines at me (or my monkeys) for what was typed in I can edit
the URL in the browser and generate a line that is valid and
actually install my web application.

Here's how I can make it work...

1. Path: /hello
   Config URL: [ empty ]
   WAR URL: file:c:\devel\jon\hello\build

Results in :
FAIL - Encountered exception java.net.MalformedURLException: no protocol:

2. Edit the browser URL and remove the installConfig=
Results in :
OK - Installed application at context path /hello

So, broken, or is there some magic that I'm missing.

Please hurry, my monkeys are getting tired and I suspect they
will faint from hunger before getting the right combination. ;-)

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Tomcat dies

[Jon Eaves]

If that is the cause, what's wrong with using 'nohup' ?

(Or am I missing something here?)

Cheers,
	-- jon

Matthew Ritenburg wrote:

The logs say nothing.  Tomcat is dying because it is not backgrounding
properly on solaris 8.  The process never detaches it self from the
controlling tty.  You close the console/xterm and Tomcat dies.  My
question is: Why doesn't tomcat background properly on Solaris 8?

Thanks again!

Matt


[ snip ]
--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: where is stderr sent? AND ALSO 'System.err'

[Jon Eaves]

Hi all,

Try these:

Logger className=org.apache.catalina.logger.SystemErrLogger /
Logger className=org.apache.catalina.logger.SystemOutLogger /

Cheers,
	-- jon


Patrick Kosiol wrote:

Hi,

this is a good question. In Java there is also a System.err. So I am 
also interested where the Messages were written. How does Tomcat handle 
those errormessages? Are them be logged in a special file oder easiely 
given out through the console. Are there differences between Linux and 
Windows systems where the Tomcat runs?

thx
Patrick

Fabien Roy wrote:

Hi!

Where is stderr sent? Where is this defined?

I have the following line in my application log (the path is defined in
server.xml)

2002-12-11 12:45:42 cgi: runCGI: 1 lines received on stderr

And I would like to know what that line is...

Thanx

Fabien


--
To unsubscribe, e-mail:   
mailto:[EMAIL PROTECTED]
For additional commands, e-mail: 
mailto:[EMAIL PROTECTED]

 



--
To unsubscribe, e-mail:   
mailto:[EMAIL PROTECTED]
For additional commands, e-mail: 
mailto:[EMAIL PROTECTED]


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Need help using manager of tomcat

[Jon Eaves]

Hi all,

Provided my memory serves me correctly, you can't use the manager
application to deploy.

Deploy requires the use of POST, and the ant task is the only way
to do that.

Use install instead, or the ant deploy task, or copy a context.xml
into the webapps dir, or package up a war and put it into webapps.

So many options, so little time

Cheers,
	-- jon

Boris Folgmann wrote:

Sherif D Mohamad wrote:


Dear All,

I successfully installed tomcat standalone on rehat linux 7.3 and seems
working ok, I am trying to use the manager to I can make changes to sites
without restarting server

When I try the command :
http://www.myserver.com/manager/deploy?path=/firsttest
I have the following error
FAIL - Unknown command /deploy

Although docs says it should respond with : OK - Deployed application at
context path /firsttest



For my local tomcat installation I use the install command for deploying
WAR files:

http://www.myserver.com:8080/manager/install?path=/firsttestwar=jar:file:/home/yourname/firsttest.war!/

And it works. IIRC I had also problems with deploy.

There's also this page:
http://www.myserver.com:8080/manager/html/list

The list of installed apps is nice, but I never managed to use the install
form provided on this page. Does anybody know what has to be entered in the
text fields?



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Need help using manager of tomcat

[Jon Eaves]

Boris Folgmann wrote:

Jon Eaves wrote:


Hi all,

Provided my memory serves me correctly, you can't use the manager
application to deploy.



If you're right, the documentation should be changed.


Well, maybe.  Remember the manager application is talking about
the /manager web application and not only the /manager/html
functionality. (And I was quite sloppy with my response above,
as I should have said Manager Application HTML Interface)
Sorry for adding to the confusion.

It probably needs further highlighting on the actual web
application to assist people in not confusing themselves. ;-)



But what about the text input fields on /manager/html/list?
Is it simply unfinished? The form action missing?


The deploy task takes a war file and places that in a special
place using the HTTP PUT. It's simply not possible from
a web page.

This is all described quite well in the documentation:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/manager-howto.html

Have a look in the section Deploy a New Application and
read the big NOTE: section.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Custom Valves and Administration Tool

[Jon Eaves]

Hi all,

Thanks to Bill Barker, my custom valves now are installed happily
within Tomcat and are valving away nicely without spewing MBean
exceptions into the log.

I was hoping to manage the valves via the Administration tool.

Q1. Is this possible ?
Q2. Do I have to modify the Admin tool ?
Q3. How do I configure it ? (what needs to be in server.xml ?)

I would have thought it was possible, as the Admin tool appears
to parse the server.xml and generate stuff based on that, and my
Valves have implemented the LifecycleListener interfaces so I'm
a tad confused about where to go from here.

Cheers,
	-- jon

PS: I've said it before, and I'll say it again, the documentation
in Tomcat for general users/administrators is first rate. This
stuff is a bit thin, but what they heck, most people don't need
or want to do this.

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Custom Valves and Administration Tool

[Jon Eaves]

Craig R. McClanahan wrote:




First of all as there's been so much beating on the Tomcat developers
I'd like to offer my whole-hearted congratulations to each and every
one of you.  You've done a great job, and what's more, in spite of
the (unwarranted) vitriol that is spewed in your direction, you keep
coming back for more.  You guys and gals are legends.

Secondly, the community here is fantastic and the way that users came
to the defense of the Tomcat team was phenomenal.  Good work one and
all.  As an author involved in a similar effort (www.bouncycastle.org)
there are very few people who take the time to say Thanks, but the
effect on the developers morale is worth it.

Remember everybody on the list, that's all they get paid in, and it
doesn't cost anything to say it

Now, if you don't mind, I've got just one more question ;-)


On Wed, 11 Dec 2002, Jon Eaves wrote:


I was hoping to manage the valves via the Administration tool.

Q1. Is this possible ?



Yes, with some work.


Aha.  I was hoping this wasn't going to be the answer.  Oh well.

[ snip ]

If this is the case, why does the code for the Valve recommend
implementing the Lifecycle interface ? What was the design reason
for that ?h

Additionally, why does the MBeans server barf when loading custom
beans without the mbeans-descriptor.xml file ? Is this due to the
Lifecycle interface being implemented, or just purely because of
the Valve definition in server.xml it is expecting to find a bean
that it can manage.

The reason I ask is because it seems bit of dicking around just to
implement a new Valve.  Writing the code took about 2 hours, it
then took 2 days to get the exception stuff sorted out.

What is the additional information used for ? And was there a better
(read simpler and less mucking around) way to solve my get rid of
the exception than addition of the descriptor, or is that required
for all additional components in Tomcat ?

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Custom Valves and Administration Tool

[Jon Eaves]

Hi again Bill,


Aha.  I was hoping this wasn't going to be the answer.  Oh well.

[ snip ]

If this is the case, why does the code for the Valve recommend 
implementing the Lifecycle interface ? What was the design reason for
that ?h

By implementing Lifecycle, you get well-defined states to allocate and 
release any resources that your Valve may need.  Since the order of
setting attributes is undefined, it makes it much easier to determine
resources that depend on multiple attribute values.  It's pretty much
independent of the MBeans.


Excellent, so the Valves can then conform to an defined
servlet/applet/midlet like behaviour.  I noticed the use of the
start() etc methods in the Valve and guessed that was something to
do with it, but also guessed wrong that it was relating to the MBeans.


It's purely because of the Valve definition in server.xml, when it can't
 find the MBean to manage it.  Actually, the Valve should function fine
even with the error:  It's just noise in the log.


Yup.  My Valves were all working just fine with the errors, but I wanted
to be neat and tidy ;-)




The reason I ask is because it seems bit of dicking around just to 
implement a new Valve.  Writing the code took about 2 hours, it then
took 2 days to get the exception stuff sorted out.

What is the additional information used for ? And was there a better 
(read simpler and less mucking around) way to solve my get rid of the
exception than addition of the descriptor, or is that required for
all additional components in Tomcat ?


With the MBean info, it is possible to use other JMX-enabled tools to
manage Tomcat (including your Valve).  The admin web-app is only one
example of such a tool.  It is also likely that JMX support will improve
in Tomcat 5.x.

Of course, the simplest way to get rid of the exception is to disable
(aka comment out) the MBeans Listeners in server.xml.


OK.  I'll have a play around with that.  I think I tried that originally,
and when I did, the Administration application stopped working, but that
may just have been co-incidence.

Thanks very much Bill and Craig for your patience.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Custom Valve

[Jon Eaves]

Hi all,

I've implemented a custom Valve which wasn't a major effort,
but would like to try and resolve some strange effects that
are part of the standard installation of Tomcat.

I'm using TC 4.1.12, JDK 1.3.1 (just for the record).

When using the custom Valve, (which also has a custom path,
not an org.apache.* path) I get the following exception on
start of Tomcat.

---
ServerLifecycleListener: createMBeans: MBeanException
java.lang.Exception: ManagedBean is not found with MyCustomValve
at 
org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:783)
at 
org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:583)

[ rest snipped ]
-

Now, I presume this is because my server.xml is including the
mbeans.ServerLifecycleListener as part of the configuration.

The code for various valves, and the ValveBase class recommends
implementing the Lifecycle interface, so clearly it should support
that.

However, there doesn't seem to be able to be a way to include an
additional mbeans-descriptors.xml file so that the MBeanUtils doesn't
barf.  The Registry class seems to be loaded with a hard-wired
path for the XML.

Additionally, I'd like to be able to manage MyCustomValve from within
the GUI Administration application, so this support would be very,
very nice.

So, my questions are:

1.  Can I prevent the exception, and if so how ?
2.  Can I implement something to allow the Valve to be configured
using the GUI, and if so what ?
3.  Is this just an error with TC 4.1.12 and is fixed in 4.1.16 ??

Thanks to anybody who can shed some light on these questions...

Cheers all,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Custom Valve

[Jon Eaves]

Bill,

Two words: You legend !


1.  Can I prevent the exception, and if so how ?


You can create your own mbeans-descriptor file, package it in the jar with
your Valve, and set the
descriptors=/com/myfirm/mypackage/mbeans-descriptor.xml attribute on the
ServerLifecycleListener element in server.xml.


Thanks, I didn't think to look for additional attributes here.


2.  Can I implement something to allow the Valve to be configured
using the GUI, and if so what ?
3.  Is this just an error with TC 4.1.12 and is fixed in 4.1.16 ??


In 4.1.12, your Valve has to extend o.a.c.valves.ValveBase to work with the
admin app.  In 4.1.16 this has been relaxed to only requiring that it
implements o.a.c.Contained.


I saw this in the CVS log entries and realised that I was on the
right track, but didn't quite know exactly what to do with that
information.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: SUCCESS w. Tomcat execution!

[Jon Eaves]

Congratulations, I'm very happy for you. It's a great feeling
to achieve something you've struggled with for so long.

Seriously Steve, unless you are a sadist and a masochist then
please go and buy a book on Java Servlet development.

You'll make everybody, including yourself much happier and much
less likely to be snippy towards you.

If you've had that much trouble getting Tomcat running which I
must say basically installs without trouble, then I shudder to
think of the grief you're going to suffer when trying to debug
a Servlet or JSP page.

Maybe everybody on the list could chip in a get Steve an
Amazon voucher for a Servlet book ? I know it would save me
the cost of downloading all the help me messages. ;-)

Cheers,
	-- jon

Steve R Burrus wrote:

 Yes, SUCCESS is what I have finally met with in trying/attempting to get Tomcat
activated!!!  I make a thunderous declaration that I have finally done it, and
of course I thank all those who helped me out, and that even includes Micael!!
Now, I need some help with trying to see a JSP/Servlet in my browser, a long time
problem with me!! I have just now installed Ant. Does that aid me in trying to get
a JSP going or not?


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Logging to catalina logger

[Jon Eaves]

Hi Peter,

I'm rapidly coming to the conclusion that Tomcat is the Perl of the
web application development environments.  For those who aren't
familiar with Larry Wall's quote on doing things in Perl, it's
There's always more than one way to do it.

Starting at the top:

1. Use the log() method
2. Use System.out/err and set Context.swallowOutput to true
3. Use the Standard Error Logger and Standard Output Logger

I suspect you probably want to use 2 or 3.

All this information is available in the wonderful documentation
provided by the Tomcat developers when you download the Tomcat
installation.  It's just a matter of reading them .

The log() method is defined in the ServletContext class in the J2EE
documentation.

#2 is documented in the Reference/Context section of the Tomcat
documentation.

#3 is documented in the Reference/Logger section of the Tomcat
documentation.

Cheers,
	-- jon


Peter Lee wrote:

How  do I produce log output to the catalina loggerwhen my program wants to print out 
some exceptions or messages? Any documents on this?

Thanks

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: tomcat 4.1.12 log of pages hit

[Jon Eaves]

Unless you have implemented an AccessLogValve in the Engine, Host
or Context they will be nowhere.

By default they end up in the logs directory.

Oh, and all that information is in the Tomcat documentation.

Have a look here: 
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/index.html

That's a good starting point, and the specific page to have a look
at is any of the links under Containers.  Each of them has a
section called Access Logs under a heading Special Features that
describes how to use it.  Under that is a hyperlink which describes
how the AccessLogValve works.  That is found on this page:
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/valve.html

The attribute that is important is the 'directory' attribute.

Cheers,
	-- jon


Hanasaki JiJi wrote:
I dont seem to find the web hit logs?  The ones that can be run through 
webtrends.

Where are they?


--
To unsubscribe, e-mail:   
mailto:[EMAIL PROTECTED]
For additional commands, e-mail: 
mailto:[EMAIL PROTECTED]


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: reloadable

[Jon Eaves]

Hi Raja,

The default behaviour setting for the class reloading is a touch
on the slow side, so include a Loader in the Context that
looks like this one:

Context path=/myapp docBase=myapp reloadable=true
	Loader
		className=org.apache.catalina.loader.WebappLoader
		loaderClass=org.apache.catalina.loader.WebappClassLoader
		checkInterval=1  /
/Context

And you'll find that it will now check every second, rather than
the default 15 seconds.

Cheers,
	-- jon

Raja Nasrallah wrote:

Hello,
 
I set the attribute reloadable to true in a sample context tag(Context
in the sever.xml) to monitor the the WEB-INF/classes.
 
But it didn't affect. I make change in a sample class and the server
don't load this class again.
 
I am using jakarta-tomcat-4.0.6 in winow2000 server.
 
Should I have to do other setting to make the reloadable work.
 
Thanks,
raja


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: File Path Problem...

[Jon Eaves]

Use ServletContext.getResourceAsStream() and store the
XML file in WEB-INF/classes

Using a file path is very, very bad for web applications
as the web application may be deployed as a WAR where the
file path just doesn't exist, or it may be deployed into
an environment (such as a database) where a file path makes
no sense.

The Servlet specification is quite clear on this topic.
The only thing you can rely on is that you can deploy your
application as a WAR file, and that you can get access to
a temporary bit of filesystem via the javax.servlet.context.tempdir
context attribute.

Anything else you may want to do is application server
specific and therefore not portable.

Cheers,
	-- jon

Harsha Yalagach wrote:

Hi Andreas,
	That doesnt solve my problem as our client wants the application without
any configuration hassles and moreover the deployment platform is also not
specific. It may be deployed on win32 machines or Solarix machines or Linux
machines... :(

	Any more ideas...

Regards,
Harsha

-Original Message-
From: Andreas Probst [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 21, 2002 17:50
To: Tomcat Users List
Subject: Re: File Path Problem...


Hello,

maybe you could save the absolute path inside a properties file
or pass it as an init parameter in web.xml. For each location of
your app you would have to set this path appropriately. You
could use absolute paths and wouldn't need to change the source
code of the application.

Regards,
Andreas


On 21 Nov 2002 at 14:31, Harsha Yalagach wrote:



Hello,

I am running Tomcat 4.1 on Windows 2000 as a service.

   I have written a JSP page where in I am trying to read an
   XML. If I try
to access the file using absolute path, for eg. c:\abc\xyz.xml,
the page works without any problem. But if i try to access it
thru relative path, for eg. ../data/xyz.xml, the tomcat will
throw a FileNotFoundException saying that xyz.xml doesnt exist in
SYSTEM-ROOT\System32 dir.

   The reason behind this is that the JSP is tring to access the
   file from
where JVM was started according to Java Documentation, ie
SYSTEM-ROOT\System32 directory where the Service Control Manager
starts the Tomcat service which in turn starts the JVM.

   So the question is, is there any other way I can use a
   relative path
inside my application to access a file? (I dont want to use
absolute path as my application has to be distributed in many
places).

Thanks in advance...
Warm Regards,
Harsha Yalagach


--
Cerebra Integrated Technologies Ltd., Bangalore, India



--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED] For
additional commands, e-mail:
mailto:[EMAIL PROTECTED]





--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]





--
Cerebra Integrated Technologies Ltd., Bangalore, India



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: logging versus ant tasks

[Jon Eaves]

Benson Margulies wrote:

I can't figure out how to specify context options such as the existence
of a logger for a context established with the ant tasks.


This does require a little bit of magic, but at the end of the day,
isn't too hard.  Thanks to Jacob Kjome for helping me when I had
the same questions.

Create a file (let's call it context.xml) and in it put something
like this:

Context
path=/myapp
docBase=myapp
reloadable=true
debug=99 

Logger
className=org.apache.catalina.logger.FileLogger
prefix=myapp_log suffix=.txt
debug=99
timestamp=true /

/Context

And in your build.xml add in the following task

target name=cinstall depends=compile
   description=Install to container using context.xml

install url=${manager.url}
username=${manager.username}
password=${manager.password}
config=file:///${build.home}/context.xml/
/target

Where manager.url is the url to the manager app (http://localhost:8080)
and obviously ${build.home} is where the file was created.

Now, start up Tomcat, and use the command:

ant cinstall

and it will install the application with all the context elements and
configuration that are in the context file.  You can also do this with
DB connection pools, as well as adding in specific Loader elements for
use during development (to get faster class change checking).

Removing it with : ant remove

An important note is that the deploy task *DOES NOT* support the
context element.  However, what you can do is just copy the context.xml
into $CATALINA_BASE/webapps and you will end up with the same result.
This is how the admin and manager applications are deployed in the
default Tomcat.  Naming it something better than context.xml is probably
a good idea, or if you have two web applications, bad things will happen
if you try to copy both into the webpps directory.

Cheers,
	-- jon


 


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: problem with Classloader and symbolic links in 4.1.12

[Jon Eaves]

 it would make my life so much easier since I am trying to develop an app
 with thousands of classes and hundreds of packages, modifying my build
 system to send all the classes to the tomcat dir would be a hassle.

The simplest way is to setup the context so that it points to your
development environment.

There is plenty of great examples of exactly how to do this here:

http://jakarta.apache.org/tomcat/tomcat-4.1-doc/appdev/index.html

** Which everybody who is developing web applications really should
read. **

The context element should end up looking something like this:

Context
 path=/myapp
 docBase=/full/path/to/my/build
 reloadable=true
 debug=99 

 Loader
 className=org.apache.catalina.loader.WebappLoader
 debug=0
 loaderClass=org.apache.catalina.loader.WebappClassLoader
 checkInterval=1
 reloadable=true
 delegate=false/

 Logger
 className=org.apache.catalina.logger.FileLogger
 prefix=myapp_log suffix=.txt
 debug=99
 timestamp=true /

/Context

With the Loader element included, once the configuration is
done once, you can just recompile your application directly
into /full/path/to/my/build/WEB-INF/classes and it will update
the classes nicely.

Cheers,
	-- jon


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/



--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: welcome-file-list

[Jon Eaves]

Andoni wrote:

Yes, it is, in as much as any .jsp file IS a servlet.


A servlet may not be specified as a welcome-file.  I suppose
you could re-write your servlet as a JSP and then use that,
but that certainly wouldn't be my recommended course of
action.

There's a fairly simple way to solve this and I posted a
workaround for this a couple of days ago.

Here's the article thread:

http://www.mail-archive.com/tomcat-user@jakarta.apache.org/msg73666.html


Cheers,
	-- jon



Why don't you describe more about what you want to achieve.

For example what URL do you want your users to type in and what do you want
served first?

Andoni.


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: spec compliants vs implementation specific parts?

[Jon Eaves]

Hi,
(B
(BWithout being too flippant, everything in web.xml
(Bis "standard" and everything in server.xml is
(BTomcat specific.
(B
(BYou can rely on most J2EE/Servlet containers to
(Bbe able to provide access to connection pools, and
(Bpotentially JNDI resources and things that Tomcat
(Bprovides in server.xml, however the manner for
(Bconfiguration is generally different (not much)
(Bbetween the various vendors.
(B
(BThe only "code specific" things have generally
(Bbeen:
(B
(B. getting an InitialContext
(B. getting a database connection
(B
(BHowever, if you're really fired up about it, you
(Bcan abstract a lot of that out, or parameterise it.
(B
(BWe've found that the 3 or 4 lines of code that need
(Bto be changed generally haven't been worth the effort.
(B
(BHowever, YMMV.
(B
(BCheers,
(B-- jon
(B
(BPierre-Laurent Ribault wrote:
(B Hi,
(B 
(B I'm in the process of developping a Web application using Tomcat as the
(B development testbed. However, I'd like to be able later to deploy the
(B application on another servlet engine with the same specs level.
(B I know that Tomcat is the reference implementation of the servlet/JSP
(B spec, but is there an easy way (i.e. without reading the whole spec) to
(B know what is part of the spec and what is implementation specific in
(B Tomcat? For example, among the server settings (datasource, realms, etc).
(B 
(B $B!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=!=(B
(B Pierre-Laurent Ribault
(B Fujitsu Info Software Technologies Ltd.
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B 
(B --
(B To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
(B For additional commands, e-mail: mailto:[EMAIL PROTECTED]
(B 
(B
(B-- 
(BJon Eaves [EMAIL PROTECTED]
(Bhttp://www.eaves.org/jon/
(B
(B
(B--
(BTo unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
(BFor additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Coyote Source Code

[Jon Eaves]

Hi Scott,

You can get instructions from here:

http://jakarta.apache.org/site/cvsindex.html

and the CVS-WEB access is here:

http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-connectors/

Cheers,
	-- jon


Scott Goldstein wrote:

Is the Coyote source code available?  If so, where can I get it?

Thanks.

Scott



--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: Servlet Mapping to /

[Jon Eaves]

Trevor MacPhail wrote:

Craig R. McClanahan wrote:



[ big snip ]


Ok, then the question I have now is, how do I set up a welcome-file to 
be a servlet instead of a static file?

You can't.



I've tried welcome-fileHomePage/welcome-file but that didnt work.

I've also tried welcome-fileindex.html/welcome-file combined with:
servlet-mapping
servlet-nameHomePage/servlet-name
url-pattern/index.html/url-pattern
/servlet-mapping

but that didnt work either.


Try this:

welcome-fileredirect.jsp/welcome-file

and

redirect.jsp contains a single line:

jsp:forward page=myservlet /

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Session Cookie

[Jon Eaves]

Hiya Neal,

You could use 2 cookies.

TEN_MINUTE_COOKIE and TRANSIENT_COOKIE

and then check for the existence of both, rather than just checking
for one.

That should do the trick.

Cheers,
	-- jon

neal wrote:


Is it possible to set a cookie at does not last any longer that 10 minutes
*and* will terminate when the browser is closed?


[ snip ]

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: T 3.2.1 - Single JVM?

[Jon Eaves]

And also, just because they are different web apps doesn't mean
they are different hosts.

Provided it's all addressed by:

www.myhost.com/webapp1
www.myhost.com/webapp2
and
www.myhost.com/webapp3

Then you should be fine.

Caveat: I've not used the Tomcat 3.x series in recent times.

Cheers,
	-- jon

Ralph Einfeldt wrote:


You don't have to install 3 JRE's.

You can use several instances of the same JRE.


-Original Message-
From: Andoni [mailto:andoni;indigo.ie]
Sent: Tuesday, November 12, 2002 11:21 AM
To: Tomcat Users List
Subject: T 3.2.1 - Single JVM?

I have not come across a problem because of this yet but as I
go to put 3 applications (web-apps) live at the same time I
begin to panic when I see things like this.  Does this mean
that I have to install 3 JRE's on my live server?


Andoni.





--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: WAR fails to auto expand ?

[Jon Eaves]

Check that the Host element is supporting the expanding of WAR files.

(in server.xml)

Host name=myhostname unpackWARs=true
... stuff ...
/host

Paul Campbell wrote:


I have an context entry in server.xml where I specify
debug=9 and logging to unique log file:
This is the log file:


Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: [tomcat java.io.File] Reading a file from /WEB-INF/classes

[Jon Eaves]

Hiya Garrett,

You're not guaranteed to have a filesystem to read files from.

The WAR file may not be unpacked, or it may be stored in the
brains of a million monkeys which are not directly addressable
using a java.io.File call.

All you know is that you can access this file using:

getResourceAsStream(/confirmation.txt)

Have a look at the javadoc for ServletContext

Cheers,
	-- jon

Garrett Smith wrote:
 Hello Everyone,

 I want to read the file /WEB-INF/classes/confirmation.txt

 The file is read from
 /WEB-INF/classes/com/dhtmlkitchen/reg/mail/FileFormatter.java


--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/



--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: Installing and using manager app in 4.1.12

[Jon Eaves]

Turner, John wrote:

This is my first foray into the world of the Tomcat manager app.  Any help
is appreciated.


[ snip of great example of a good request for help ]



When I access http://some.host.name:8080/manager, I get prompted with a
standard auth request pop-up.  I type in the username and password of the
admin user.

The result is a blank white page and an error message that says FAIL -
Unknown command /.


If you look at : http://some.host.hame:8080/

From a fresh install, the default page gives you the clue you need.
There are 2 links on the LHS of the page to the Administration and the
Manager applications.

You'll find that: http://some.host.name:8080/manager/html

Does exactly what you need in this case.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: Ant Deploy Task

[Jon Eaves]

Jacob Kjome wrote:


Yep,

target name=deploy depends=compile,manager.init
description=Deploy web-app war 
deploy
url=${manager.url}
username=${manager.username}
password=${manager.password}
config=${app.ccf}
path=${app.path} /
/target

the path attribute is moderately redundant since you specify it in the 
Context Configuration File, but, oh well.

I just tried it.

Buildfile: c:\usr\devel\jon\tomcat-book\book\hello\build.xml

cdeploy:
 [copy] Copying 1 file to C:\usr\devel\jon\tomcat-book\book\hello\dist

BUILD FAILED
file:c:/usr/devel/jon/tomcat-book/book/hello/build.xml:549: The deploy 
task doesn't support the config attribute.

My task looks like this:

target name=cdeploy description=Deploy web application
filter token=context.docbase 
value=${dist.home}/${app.name}-${app.version}.war /
filter token=context.path value=${app.path} /
copy todir=${dist.home} filtering=true 
fileset dir=${basedir}
present present=srconly targetdir=${basedir}
mapper type=glob from=sample.* to=* /
/present
/fileset
mapper type=glob from=sample.* to=* /
/copy

  deploy
  url=${manager.url}
  username=${manager.username}
  password=${manager.password}
  path=${app.path}
  config=file:///${dist.home}/context.xml/
/target

I'm using Ant 1.5.1 and Tomcat 4.1.12

Clues ?

Cheers,
	-- jon


Check out the Barracuda project to see this stuff integrated pretty 
transparently into the build.

http://barracuda.enhydra.org/software/cvs/cvsweb.cgi/Projects/EnhydraOrg/toolsTech/Barracuda/src/ 


Jake

At 05:06 PM 10/29/2002 +1100, you wrote:

Hi all,

The Tomcat Ant deploy task can take a WAR file to be installed which
is just great, but I want to be able to configure the Context as
part of the deployment.

Does the deploy task have the capability of taking an optional
config=foo.xml in the same way as the install task ?

Cheers,
-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   
mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: 
mailto:tomcat-user-help;jakarta.apache.org




--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Ant Deploy Task

[Jon Eaves]

Hi all,

The Tomcat Ant deploy task can take a WAR file to be installed which
is just great, but I want to be able to configure the Context as
part of the deployment.

Does the deploy task have the capability of taking an optional
config=foo.xml in the same way as the install task ?

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: multiple servlet instances?

[Jon Eaves]

Craig R. McClanahan wrote:


On Mon, 21 Oct 2002, Nick Wesselman wrote:



Date: Mon, 21 Oct 2002 18:07:42 -0500
From: Nick Wesselman [EMAIL PROTECTED]
Reply-To: Tomcat Users List [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Subject: Re: multiple servlet instances?

the book was actually referring to the case where isThreadSafe=false
... it uses misleading wording, however.

... you also need to be aware that, even if a JSP page sets the
isThreadSafe attribute to false, JSP implementations are still
permitted to create multiple instances of the corresponding servlet...
(my emph)

Web Development with Java Server Pages by Duane Fields and Mark Kolb
... p. 62 ... I just got a fax of the page in reference to a question
from a client. Thanks for your help!



I would need one of the authors to substantiate where in the JSP specs
they see the support for the assertion that multiple instances are
allowed.  I cannot find any evidence to support this in the JSP 1.2
specification (which the current edition purports to cover).

Further, I'm *very* skeptical about any claim that multiple instances of
the servlet running behind your JSP page would actually provide any
performance benefits, even if it were allowed by the specification.


Servlet Specification p22-23
SRV2.2 Number of Instances
The servlet declaration which is part of the deployment descriptor of the 
web application containing the servlet, as described in Chapter SRV.13, 
“Deployment Descriptor”, controls how the servlet container provides 
instances of the servlet. For a servlet not hosted in a distributed 
environment (the default), the servlet container must use only one instance 
per servlet declaration. However, for a servlet implementing the
SingleThreadModel interface, the servlet container may instantiate multiple 
instances to handle a heavy request load and serialize requests
to a particular instance.

I took that section of the specification to mean that multiple instances
of servlets can be created iff the SingleThreadModel interface is implemented.

Of course, that's just a reading of the spec and I'm not part of that JSR
so I could be interpreting it incorrectly.  I would be interested in a
clarification though.

Cheers,
	-- jon

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: problem with session tracking and redirection http--- https

[Jon Eaves]

Henrik Bentel wrote:

One of my problems is that I can't find anything in the servlet or 
tomcat documentation that mentiones any of this behaviour. If there is 
any, please send me the link.


Hi Henrik,

I couldn't find anything specific in the Servlet Spec, but in general
it's just not a good idea, as you may as well not use https at all.
It's not just the servlet spec that you need to be aware of, but this
is a more general HTTP/HTTPS problem.

RFC2109 is not really clear on the topic, other than section 8.3 which
talks about Unexpected Cookie Sharing.  However there is an extension to
this RFC, RFC2965 Port Sensitive Cookies.

Basically, you can't guarantee that the browser is going to send back
the cookie if the ports are different



Also, since any time session tracking is used it can be picked up by 
someone, all use of https should stay strictly under https(ok, I'm over 
doing it). So basically if a webapp has any sensitive information, it 
should solely use https protocol for all transmissions, if using session 
tracking?

You're not over doing it.  If you want to provide some security or
protection of authentication then the entire session _must_ be
encrypted or you may as well not bother.



I don't see why the servlet container should force this behaviour.


You can do your own session tracking if you want to.  Just set your
own cookies and use that.  The servlet container provides a very
convenient way of doing it.  Of course, you'll have the same
transition problems that the inbuild session management has.



Shouldn't it be up to the developer to determine what is a security 
issue and not? Just like JSP doesn't neccesseraly force the separation 
of business logic and content, just allowing it, should the servlet 
container force a restrictive behaviour of session tracking?
A lot of web sites don't want the over head of sending everything over 
https. Only parts of it for secure user validation. But they still want 
session tracking.

They may do, but they're broken if they don't keep an authentication
session safe under ssl.  Of course the session tracking can be used
at different times for non crucial session tracking.



Just as a simple example:
So let's say you use the existence of an http session as a validation 
for a logged in user, but you don't store any vital information.
And you only allow http sessions to be created under https protocol to 
secure the submition of password. Beyond that point, no sensitive data 
is shared, so users can be redirected back to http protocol.

You really need to read up on how HTTP and the servlet spec says sessions
are done.  Basically HTTP is stateless and sessions are faked by
transferring chunks of data between the client and the server.  This may
be via cookies or URL rewriting.   For the sake of convenience, we'll use
the cookie method in the example, but this is _not_ necessarily the only
way that sessions may be tracked.

So, you login securely under username and password admin/secret and
those pieces of information are gone and lost forever.  However, to
maintain the session over the stateless protocol the server sets a
cookie in the browser SECRET_COOKIE=aaa56722derf.  Now, as you
transition to HTTP that piece of information is sent to the server
in plain text that anybody can read.

So, me being the evil wily hacker grabs that information, and sets a
cookie in my evil hacked mozilla browser which will allow me to set
arbitrary cookies and bingo, I'm now you.



With tomcat 4, the only way to use the same method would be to create a 
http seesion for every http request, then redirect to https, add some 
kind of validation flags in the session object, then redirect back. This 
to me is worse, as a DoS attack could force the servlet container to 
create a http session for every Request, really putting a strain on 
your container.

I can't possibly think of any circumstance where you would need to
perform such a contrived mechanism.  In fact, I can't even understand
what you're trying to do here.

[ snip of rest of post ]

--
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:tomcat-user-unsubscribe;jakarta.apache.org
For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org

Re: TC4.1.12 on W2K = service doesn't start!

[Jon Eaves]

 unwanted e-mail and address any problems to
 the MIM Holdings Limited Support Centre.
 
 For general enquires: ++61 7 3833 8000
 Support Centre e-mail:[EMAIL PROTECTED]
 Support Centre phone: Australia 1800500646
   International ++61 7 38338042
 **
 
 
 --
 To unsubscribe, e-mail:
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
 mailto:[EMAIL PROTECTED]
 
 
 
 --
 To unsubscribe, e-mail:
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail:
 mailto:[EMAIL PROTECTED]
 
 
 
 --
 To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: mailto:[EMAIL PROTECTED]
 

-- 
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: nobody processes

[Jon Eaves]

Hi all,

Look in the apache configuration files (normally /etc/httpd/conf)
at the file httpd.conf

There is a stanza in it: (about line 135)
-
# User/Group: The name (or #number) of the user/group to run httpd as.
#  On SCO (ODT 3) use User nouser and Group nogroup
#  On HPUX you may not be able to use shared memory as nobody, and the
#  suggested workaround is to create a user www and use that user.
#  NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
#  when the value of (unsigned)Group is above 6;
#  don't use Group nobody on these systems!

User nobody
Group nobody
-

Mystery solved.

Can we kill this thread now ?  It's not even remotely related to Tomcat.

Cheers,
-- jon

Nikola Milutinovic wrote:
 Skorupski Pawe ,(PZUZ) wrote:
 
 Thanks for advice,

 I find out and processes with 'user nobody' are created by process with
 command inetd.
 
 
 Aha, we are getting somewhere.
 
 I don't know if the processes with command httpd can be started by 
 process
 'inetd' if service http doesn't exist in inetd.conf. 
 
 
 Usually, this is not the case. I don't think that Apache can even work 
 this way. Anyway, big servers, like Sendmail, Apache, Cyrus IMAP 
 (since 2.0) will run as standalone daemons, not from InetD.
 
 Take a look at your /etc/inetd.conf and see what servers are run from it 
 as user nobody and you'll be one step closer to finding your problem 
 source.
 
 Nix.
 
 
 -- 
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]
 

-- 
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: AW: How to validate email address in JSP by using javax.mail?

[Jon Eaves]

Hi Ralph, (and others)

Ralph Einfeldt wrote:
 But keep in mind that this isn't completly safe, as you 
 won't know if the address really exists or the administrator 
 (the fallback receiver) acted as the receiver.

If the administrator isn't the person who initiated the
transaction, he's going to ignore it and the email is
never sent.  (Assuming they have an IQ above ambient
room temperature, and if not, then they are obviously
happy to take responsibility for the words)

 
 So this depends on what you really want to achieve and
 what requirements you have.

Indeed.  That's why there is the long answer in my original
email.  However, it appears the original poster wanted a way
to validate people sending content.  Some of this content was,
let us say, indelicate, and they wanted be reasonably sure
that the content was from the owner of the email address.

Under those circumstances it will work just fine.  In fact,
I'm not sure of any circumstances where it will not work,
unless the person who gets the email just goes ahead and
follows the instructions without thinking.  You can't
do much about that.

Cheers,
-- jon

-- 
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: How to validate email address in JSP by using javax.mail?

[Jon Eaves]

This isn't really a Tomcat question, but more of a general
protocol question.

The long answer is that you should look at mailing list
software and see how they do it using acknowledgements.
A good example of this is ezmlm which uses qmail as
it's transport.

Of course, you'll have to hold onto the message they
wanted to send until they are validated.  Also, have a
look at places like slashdot (www.slashdot.org) to see
how they deal with the anonymous user problem.

The short answer is, send an email to that address with
a magic number in it.  Tell the user to go somewhere and
use the magic number which will validate them.

Exactly how is left as an exercise to the reader.  There
really is a very large body of established code on this,
so searching Google is probably a good start.


Cheers,
-- jon

Kunal Shah wrote:
 suppose there is an domain xyz.com accepting mails for its
 user
 say there are a, b and c users and administrator which will
 recieve mails for unresolve members
 
 i am sending one mail at [EMAIL PROTECTED] dummy is not valid
 mailbox still the mesg will be delivered to administrator of
 xyz.com. so there will be not send fail exception.
 
 what should be done in this case ?
 
 --kunal
 
 
-Original Message-
From: Turner, John [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, October 09, 2002 7:33 PM
To: 'Tomcat Users List'
Subject: RE: How to validate email address in JSP
by using javax.mail?


[ big snip ]

-- 
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Documentation

[Jon Eaves]

Hiya Gustavo (and others)

I'm going to disagree.  The Tomcat docs for the most part are very good.
I was able to read them and setup Tomcat to do all the normal things.
I can create different contexts, map servlets, create database pools,
custom error pages etc.  The 4.1.x documentation is updated from the 3.x
and 4.0.x documentation and I can't remember it being broken in any
real way due to bitrot.  Some of the newer features are a little terse,
but you have to expect that, then again, there aren't that many How do
I configure and create Filters type questions.

I haven't tried to use mod_jk yet, but there seems to be a lot of questions
about that, but I suspect it's because people haven't read that
documentation to start with.

Frankly, my rule of mailing lists are that people would rather ask a
question because they are too lazy to find the answer themselves.  Most
of the questions that are asked do exist in the Tomcat documentation, and
those that aren't there have generally been answered very clearly by
list members.  The list is searchable, and Google (www.google.com) is
_always_ your friend.

This list is certainly one of the most friendly and helpful that I've been
on.  Sadly that tends to be to it's detriment as people abuse that help.

There are definitely areas of the documentation that need work, and
potentially others that need cleaning up, but in general they are pretty
damn good.

Cheers,
-- jon

Gustavo Vegas wrote:
 I agree with Jeff. The Tomcat documentation reminds me of the old times 
 when I had to compile TeX. A lot of the information for things I have 
 needed to configure in my installation have come from the docs from 
 version 3.3, although I am using 4.0.5. This also makes me worry that 
 some of the things I am using may be deprecated.
 
 Cheers,
 
 -- Gustavo Vegas.
 
 Jeff Wishnie wrote:
 
 A pretty high percentage seem to be becuase the docs really are lousy.

 Wouldn't it be nice to answer 'RTFM' to most of them?

 When my time frees up on this project I plan on submitting several 
 documentation changes.

 - Jeff


-- 
Jon Eaves [EMAIL PROTECTED]
http://www.eaves.org/jon/


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]