Re: mod_webapp connector on linux
I recognize this problem, and it seems like a connector-problem. The Apache Server can not connect to Tomcat. I solved it with starting Tomcat before starting Apache. This means that everytime I have to restart Tomcat, I have to restart Apache. // Matias - Original Message - From: James Williamson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 03, 2001 9:50 AM Subject: Re: mod_webapp connector on linux Have you tried restarting Apache? - Original Message - From: Aksel Schmidt [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, October 03, 2001 6:30 AM Subject: RE: mod_webapp connector on linux However, I'm still having a problem where I can reach my deployed web applications via port 8080 (directly to tomcat), but I can't reach it via port 80 (through Apache). The error message is: WebApp: Error 404 (File: wa_request.c Line: 197) --- Web-application not yet deployed --- which is lame since I KNOW the app IS deployed (otherwise, I wouldn't be able to access it at 8080)!!! I guess I have the exact same problem. I expect it to be caused be the fact that you deploy your web app in another directory than $CATALINA_HOME/webapps which is fine when deploying to be used by tomcat alone. But the WebApp module expects every deployment made to reside in the default web apps directory I'm afraid. This is just an assumption. Does anyone know better? Can we go around this? An alternative is to go back using mod_jk and the server.xml contexts. I haven't tried this yet though. /aksel
Re: HTTP Status 500
Hi Lee, I recognize this. I solved the problem with a Host inside the Engine element in the server.xml. See below: Server port=8005 shutdown=SHUTDOWN debug=0 !-- Some information of the stand-alone service, tomcat web-server -- !-- I you do not use this service, I suggest you comment it all -- !-- Define an Apache-Connector Service -- Service name=Tomcat-Apache Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 / !-- Replace localhost with what your Apache ServerName is set to -- Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache defaultHost=www.company.com debug=0 appBase=webapps !-- Global logger unless overridden at lower levels -- Logger className=org.apache.catalina.logger.FileLogger prefix=apache_log. suffix=.txt timestamp=true/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=apache_access_log. suffix=.txt pattern=common/ !-- Because this Realm is here, an instance will be shared globally -- Realm className=org.apache.catalina.realm.MemoryRealm / !-- Be sure that the name is the same as ServerName in httpd.conf -- Host name=www.company.com appBase=webapps Context path= docBase=ROOT crossContext=false reloadable=true / /Host /Engine /Service /Server - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 26, 2001 4:46 PM Subject: HTTP Status 500 Does anyone know why i get the message HTTP Status 500 - No Host matches server name www.xxx.co.uk When i use ajp13 to connect to tomcat 4 from apache 1.3.20 I am using the same method i would have used when i was using tomcat 3.x (I.e nothing has changed on the apache side Only the Connetor stuff in server.xml has changed ! Any obvious ideas anyone ? Cheers in advance Lee (Embedded image moved to file: pic00041.pcx)
Re: Tomcat 4.0 Apache with Client Certs
Hi, I have tried to get the client certificate information too, but with no success. I use Apache 1.3.19 with Tomcat 4.0. I have been told that when using a connector with Apache mod_ssl it is essential to specify SSLOptions +StdEnvVars +ExportCertData. Otherwise mod_ssl will not produce the neccessary environment variables for the connector. When I use a connector to JRun, I use the below code to get the client-information: --- java.security.cert.X509Certificate certApache = null; String certData = request.getHeader(SSL_CLIENT_CERT); if(certData!=null) { ByteArrayInputStream inStream = new ByteArrayInputStream(certData.getBytes()); java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance(X.509); certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream); inStream.close(); } if(certApache!=null) { certSubject = certApache.getSubjectDN().getName(); certIssuer = certApache.getIssuerDN().getName(); certSerialNumber = certApache.getSerialNumber().toString(); } --- Unfortunately, it seems like the mod_webapp-connector (warp) does not support the export of client certificate information. They have told me that Tomcat 4.0 can be accessed by using the mod_jk (ajp13) as a connector. I have not get it worked yet. If someone makes it work, please let me (us) knowan how!!! // Matias - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 24, 2001 5:58 PM Subject: Tomcat 4.0 Apache with Client Certs Scenario I have apache passing any calls to servlets through to Tomcat 4 via the mod_webapp connector. My Server certificate and my client certificates work fine to allow specific users onto the system. ProblemProblemProblemProblemProblem In Tomcat 3.2.3 it was possible using AJP13 to access Client Certificate information via request.getAttribute(javax.servlet.request.X509Certificate) from within my tomcat servlet. In Release 4.0 using the warp connector this doesn`t appear to be the case. When i debug/view my request object for it`s attributes there are none present. No CIPHER_SUITE or X509Certificate. Please can someone tell me how i should be accessing client certificate information from within Tomcat 4.0 via apache. My System Apache-ssl 1.3 Tomcat 4.0 mod_webapp.so Linux Redhat 7.1 Here is an extract of my httpd.conf VirtualHost www.xx.co.uk:443 SSLEnable SSLCertificateFile /usr/local/ssl/www.xxx.crt SSLCertificateKeyFile /usr/local/ssl/www.xxx.key SSLCACertificateFile /usr/local/ssl/xxx.pem SSLVerifyClient 2 SSLVerifyDepth 10 SSLFakeBasicAuth SSLExportClientCertificates SSLCacheServerPort /usr/logs/gcache_port SSLCacheServerPath ./bin/gcache SSLSessionCacheTimeout 30 SSLRequiredCiphers RC4-MD5 SSLCacheServerPath ./bin/gcache SSLCacheServerPort logs/gcache_port SSLCacheServerRunDir /tmp Serveradmin xx@xx ServerName xxx WebAppConnection warpConnection warp localhost:8008 WebAppDeploy testcert warpConnection /testcert/ /VirtualHost and my server.xml to receive the warp connector !-- Define an Apache-Connector Service -- Service name=Tomcat-Apache Connector className=org.apache.catalina.connector.warp.WarpConnector port=8008 minProcessors=5 maxProcessors=75 enableLookups=true scheme=https secure=true acceptCount=10 debug=0/ /Connector !-- Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ -- !-- Replace localhost with what your Apache ServerName is set to -- Engine className=org.apache.catalina.connector.warp.WarpEngine name=Apache defaultHost=localhost debug=0 appBase=webapps . Any help or advise greatly appreciated Lee Lovell
SSL environment variables in Tomcat 4.0?
Hi, How do I obtain information of the Apache additional environment variables: SSL_CLIENT_CERT and SSL_SERVER_CERT in Tomcat 4.0? I am using Tomcat 4.0 (final release) as servlet-container, connected via mod_webapp (WarpConnector) to Apache Web Server 1.3.19. The Apache Server is configured to handle all SSL, with a secure virtual host on port 443. In the httpd.conf there is an SSL option, which allows Apache and external connectors, such as JRun and Tomcat, to get information about client and server certificates: SSLOptions +ExportCertData +CompatEnvVars +StrictRequire Everything works fine, the double authentication works fine, but I do not get any information of the client certificate via Tomcat 4.0. To obtain the client certificate information, I use the following code: java.security.cert.X509Certificate certApache = null; String certData = request.getHeader(SSL_CLIENT_CERT); if(certData!=null) { ByteArrayInputStream inStream = new ByteArrayInputStream(certData.getBytes()); java.security.cert.CertificateFactory cf = java.security.cert.CertificateFactory.getInstance(X.509); certApache = (java.security.cert.X509Certificate)cf.generateCertificate(inStream); inStream.close(); } if(certApache!=null) { certSubject = certApache.getSubjectDN().getName(); certIssuer = certApache.getIssuerDN().getName(); certSerialNumber = certApache.getSerialNumber().toString(); } I have also tried the above code with Apache-JRun, and it works fine. Does anyone knows if the connector mod_webapp supports the additional environment variables? - If so...how? - If not...is there another connector, which supports SSL variables? Can mod_jk be used as a connector between Apache 1.3.* and Tomcat 4.0? Matias