from:"Wolfgang Stein"

CoyoteConnector: What means the attribute 'useURIValidationHack'

2002-12-02 Thread Wolfgang Stein

as Catalina 4.1.12 shows in server.xml:

...

!-- Define a non-SSL Coyote HTTP/1.1 Connector on port 8080 --
Connector className=org.apache.coyote.tomcat4.CoyoteConnector
port=9080 minProcessors=5 maxProcessors=75
enableLookups=true redirectPort=8443
acceptCount=10 debug=0 connectionTimeout=2
useURIValidationHack=false /

...


Thanks in advance,
Wolfgang Stein

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Tomcat with SSL and Client certificate

2002-10-17 Thread Wolfgang Stein



Start Tomcat with the additional option
   -Djavax.net.debug=all  
and watch the console. Although you will get a lot
of output, it might help you in identifying the problem.

Good luck,
Wolfgang Stein

 -Original Message-
 From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, October 17, 2002 8:39 AM
 To: Tomcat Users List
 Subject: Tomcat with SSL and Client certificate
 
 
 I made an SSL connection between Tomcat server and IE client. 
 It seems to
 work, but by the way Tomcat get an exception :
 Handshake failed
 javax.net.ssl.SSLException: error while writing to socket
 , although the client certificate is well recognized and SSL 
 is enabled.
 Somebody knows whats wrong?
 
 Thanks
 
 Fredd

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Tomcat with SSL and Client certificate

2002-10-17 Thread Wolfgang Stein


No i am not. It was a while ago when i used
the option successfully for debugging SSL
on Tomcat 3.2.X. at least. 

Not sure whether i were running on jdk 1.3 or 1.2

It triggered a lot of output about the SSL-handshake
into the WinNT console window. 

Don't have the Catalina startup scripts at hand,
but you might try setting the option in ctatlina.bat
resp. in the environment var CATALINA_OPTS or so.

Cheers,
Wolfgang Stein


 -Original Message-
 From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, October 17, 2002 9:45 AM
 To: Tomcat Users List
 Subject: Re: Tomcat with SSL and Client certificate
 
 
 are you sure of the syntax?
 Because startup -Djavax.net.debug=all  didn't do anything


 - Original Message -
 From: Wolfgang Stein [EMAIL PROTECTED]
 To: [EMAIL PROTECTED]
 Sent: Thursday, October 17, 2002 9:40 AM
 Subject: Re: Tomcat with SSL and Client certificate
 
 
 
 Start Tomcat with the additional option
-Djavax.net.debug=all
 and watch the console. Although you will get a lot
 of output, it might help you in identifying the problem.
 
 Good luck,
 Wolfgang Stein
 
  -Original Message-
  From: Frédéric LE MAISTRE [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, October 17, 2002 8:39 AM
  To: Tomcat Users List
  Subject: Tomcat with SSL and Client certificate
 
 
  I made an SSL connection between Tomcat server and IE client.
  It seems to
  work, but by the way Tomcat get an exception :
  Handshake failed
  javax.net.ssl.SSLException: error while writing to socket
  , although the client certificate is well recognized and SSL
  is enabled.
  Somebody knows whats wrong?
 
  Thanks
 
  Fredd
 
 --


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Multiple certificates in virtual host setup

2002-10-09 Thread Wolfgang Stein


Hi Donie,

AFAIK you may have only cert per Tomcat,
identified by alias 'tomcat'. More certs 
selected by differing aliases would not work
due restrictions of the ssl-protocol (as some guys
stated in this list).

Did you already try wildcard certs, e.g. '*.subdomain.tld' 
or even '*.tld' ?
They might be expensive, but maybe they fit your needs.

Good luck,
Wolfgang Stein

 -Original Message-
 From: Donie Kelly [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, October 09, 2002 12:03 PM
 To: 'Tomcat Users List'
 Subject: Multiple certificates in virtual host setup
 
 
 Hi all
 
 I have a server hosting multiple sites and each wants to use 
 ssl. Can I use
 a single keystore for all sites? How do I get each site to extract the
 correct certificate from the keystore?
 
 Any help is appreciated.
 Donie
 
 
 --
 To unsubscribe, e-mail:   
 mailto:[EMAIL PROTECTED]
 For additional commands, e-mail: 
 mailto:[EMAIL PROTECTED]


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: I need to run a servlet periodically

2002-10-09 Thread Wolfgang Stein


Hi Filip,

i think this it is a bad idea, to invoke 
a (Runnable) servlet via start().

In what state will be the servlet context, 
what about the ServletRequest or the log()
method for example ? 
I think the result will depend on server implementation
details, but it is very likely to get IllegalStateExceptions
at least.

As already being said:
a) If you need servlet functionality periodically 
   let a cron job do servlet requests periodically 
b) If you don't need servlet functionality
   just let a cron job do the job

Greetings
Wolfgang Stein



 -Original Message-
 From: Cato, Christopher [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, October 09, 2002 3:04 PM
 To: '[EMAIL PROTECTED]'
 Subject: SV: I need to run a servlet periodically
 
 
 What you really need to do is to design your periodical 
 servlet to implement
 Runnable. Add another servlet that starts the periodical 
 servlet and load
 that servlet during startup. The periodical then does its 
 thing and sleeps
 for x amount of time. Then wakes up and so on...
 
 /Christopher
 
 -Ursprungligt meddelande-
 Fran: Raj Saini
 Till: Tomcat Users List
 Skickat: 2002-10-07 23:24
 Amne: Re: I need to run a servlet periodically
 
 To need the servlet run periodically you need a client calling the 
 servlet periodically. Make your client to run periodically 
 and it will 
 cause the servlet to run.
 
 We can suggest you a solution if you let us know what exactly 
 you want 
 your servlet to do.
 
 Raj Saini
 Filip Rachunek wrote:
  Hello,
  is it possible to have a servlet in Tomcat container
  which is invoked automatically each gived time period?
  [e.g. each 10 minutes]  And I would also need this
  special servlet to access other resources of my web
  application [connection pool, ...].
  
  Thanks.
  Filip Rachunek
  


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: SSL clientAuth=optional ?!?!?

2002-10-07 Thread Wolfgang Stein


Hi,
 
don't have the spec at hand, but have you already
tried something like:

...
error-page
error-code401/error-code
location/IfNoClientCertThenRegister/location
/error-page
...
security-constraint
...
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
...
/security-constraint
...


in your web.wml ?

You might also use a filter or front controler
as an alternative.

Cheers,
Wolfgang

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
 Sent: Monday, October 07, 2002 10:32 AM
 To: [EMAIL PROTECTED]
 Subject: SSL clientAuth=optional ?!?!?
 
 
 hi!
 
 first of all: i'm using tomcat 4.0.4
 
 i need a client authentication based on a certificate. if the 
 user is new he
 should be able to register and receive his personal key.
 
 when the clientAuth is set to true the user has no chance to 
 be redirected
 to a register page 
 
 maybe there is a path out there?
 is it possible with other versions of tomcat: 4.1.x?
 
 PLEASE help me!
 blip

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Do two listeners entail double context intialization ?

2002-10-04 Thread Wolfgang Stein


I want to enable non-enrypted HTTP-communication for most servlets
of a context, but also enforce HTTPS-communication for SOME
servlets of the same context.

I remember some postings about multiple connectors
entailing multiple context-intialization.
But i'm not able to find the postings again.

Was this a problem in Tomcat 3.2 or do i mix up something ?

Thanks in advance
Wolfgang

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Catalina doesn't like JRE, but works fine with JDK

2002-09-11 Thread Wolfgang Stein



I just installed JRE 1.3.1_04 and JDK 1.3.1_04 successively.

Pointing JAVA_HOME to JDK for Tomcat 4.1.10 works fine,
setting JAVA_HOME to JRE gives the error message:

The JAVA_HOME environment variable is not defined correctly

I found the message often in tomcat-users list but 
in the context of misspellings.

In my case i can eliminate a misspelling.

So,
what makes the difference between JDK and JRE for Tomcat 4.1.10 ?

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

SSL on Tomcat standalone not working

2002-09-11 Thread Wolfgang Stein


Just a silly suggestion from my own silly experiences with 
Tomcat 3:

If i typed http:// instead of https://  
then i always got some   

Maybe that helps
Wolfgang

 -Original Message-
 From: Ratner, Ian [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 5:55 PM
 To: 'Tomcat Users List'
 Subject: RE: SSL on Tomcat standalone not working
 
 
 I'm having the same problem.  Can you let me know if you find 
 a solution?
 
 Thanks,
 Ian
 
 -Original Message-
 From: Michael Petres [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 10, 2002 6:51 PM
 To: [EMAIL PROTECTED]
 Subject: SSL on Tomcat standalone not working
 
 
 I have a tomcat standalone deployment I am trying to enable 
 SSL on. I have
 faithfully followed the SSL-how to. When I start tomcat the error logs
 indicate NO errors. The port 8443 has an HTTP connector loaded on it.
 
 The problem is that when I try to access a webapp on port 
 8443 (works on
 port 8080), the reply the browser gets is: 

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Re: Catalina doesn't like JRE, but works fine with JDK

2002-09-11 Thread Wolfgang Stein


Thanks for all your replies. Now i remember having installed
JRE\lib\ext\tools.jar for TC 3.2. in the past.

Following Jean-Francois' and Donie's hints i repeated
this for TC 4.1. with no success.

Additinally i installed javac.exe at JRE_HOME\bin   and
tools.jar in any lib-directory i've found
... again, no success.

Following Ralph's suggestion about Tomcat/bin/setclasspath.[sh|bat]
i realized that also the java debugger jdb.exe has
to be in JRE\bin. 

Apart from the fact that SUN gives no explicit permission
for redistribution of jdb.exe (in contrary to javac.exe
and tools.jar), i would not expect its presence as mandatory.
(at least in a production environment :-)

So i commented the corresponding line out and Tomcat runs fine.
I don't know much about jdb.exe and hope this works as long as i
don't start Tomcat in debug mode. 

I'll watch out (also concerning Jean-Francois' hint
about the Admin tool)

May thanks for all suggestions,
Wolfgang


 -Original Message-
 From: Jean-Francois Arcand [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 5:40 PM
 To: Tomcat Users List
 Subject: Re: AW: Catalina doesn't like JRE, but works fine with JDK
 
 
 The Admin tool that comes with Tomcat contains a lot of JSP 
 and use Struts.
 
 -- Jeanfrancois


 -Original Message-
 From: Ralph Einfeldt [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 4:49 PM
 To: Tomcat Users List
 Subject: AW: Catalina doesn't like JRE, but works fine with JDK
 
 
 I don't have tomcat 4.10 at hand, but have a look at
 bin/setclasspath.[sh|bat] to see the requirements
 for the JAVA_HOME. 
 
 In tomcat 4.0.3 it was just the existence of
 $JAVA_HOME/bin/java. (Under linux/unix this
 file is also checked for readability)
 
 
 -Original Message-
 From: Ralph Einfeldt [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 4:48 PM
 To: Tomcat Users List
 Subject: AW: Catalina doesn't like JRE, but works fine with JDK
 
 
 Nevertheless tomcat should run with the JRE unless
 tomcat doesn't have to compile jsp's at runtime.
 (if you don't use jsp's or use just precompiled jsp's).


 -Original Message-
 From: Jean-Francois Arcand [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 3:59 PM
 To: Tomcat Users List
 Subject: Re: Catalina doesn't like JRE, but works fine with JDK
 
 
 Actually, Jasper (the JSP compiler) use classes that comes 
 with the JDK 
 and are not included with the JRE. Specifically, it uses the 
 tools.jar 
 file included with the JDK.
 
 -- Jeanfrancois


 -Original Message-
 From: Donie Kelly [mailto:[EMAIL PROTECTED]]
 Sent: Wednesday, September 11, 2002 3:28 PM
 To: 'Tomcat Users List'
 Subject: RE: Catalina doesn't like JRE, but works fine with JDK
 
 
 Tomcat needs the JDK to compile JSP pages. The JRE does not 
 include the
 compiler.
 
 Donie



  -Ursprüngliche Nachricht-
  Von: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
  Gesendet: Mittwoch, 11. September 2002 15:29
  An: [EMAIL PROTECTED]
  Betreff: Catalina doesn't like JRE, but works fine with JDK
  
  Pointing JAVA_HOME to JDK for Tomcat 4.1.10 works fine,
  setting JAVA_HOME to JRE gives the error message:
  
  The JAVA_HOME environment variable is not defined correctly
  
  I found the message often in tomcat-users list but 
  in the context of misspellings.
 
  what makes the difference between JDK and JRE for Tomcat 4.1.10 ?
 

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Wolfgang Stein



Migrating from Jdk1.3 to Jdk1.4 we encountered a significant 
performance decrease on SSL-communications (server certs) between 
Applets and Tomcat 3.2.4.

Did anybody experience similar performance losses ?

Does this happen because of a low SSL implementation in jdk1.4 ?
Did anybody successfully provide a faster implementation?


We used jdk1.4 on client and server-side.



Thanks in advance,
Wolfgang

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL

2002-09-10 Thread Wolfgang Stein


I realize you are also a German resident and
remember the download of JSSE were differing
for non-US citizens.
I assume we are victims of a hidden key escrow
or Echelon's information gathering efforts :-)

But, all joking(?) aside:
This seems to be a known jdk1.4 issue. There are
some related postings at the developer connection
forums, e.g.
http://forum.java.sun.com/thread.jsp?forum=2thread=239231)

It ends up in the recommendation to use a commercial product
but also states that SUN's implementation were
one of the better implementations ...

So, 
did anybody succeed in using a third party JSSE that works
with tomcat and sufficient performance? Any suggestions ?


Thanks in advance,
Wolfgang
 

 -Original Message-
 From: Andreas Mohrig [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 10, 2002 2:20 PM
 To: 'Tomcat Users List'
 Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
 
 
 I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and 
 Windows NT
 client) and worrying about a quite similar problem. The 
 server is extremely
 fast (I'd say the answer takes some milliseconds) when I 
 access it with a
 browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) 
 when I try a
 request using java code like this:
 
   URL url = new URL(https://myserver/myresource;);
   URLConnection con = url.openConnection();
   BufferedReader reader = new BufferedReader(new
 InputStreamReader(con.getInputStream()));
   StringBuffer resultbuffer = new StringBuffer();
   String result = reader.readLine();
   while (result!=null) {
   resultbuffer.append(result);
   resultbuffer.append(\n);
   result = reader.readLine();
   }
   reader.close();
 
 This is true for subsequent requests as well. The content 
 consists of about
 100 bytes which should be no problem. 
 
 So: yes, I'm experiencing a heavy performance problem. I 
 can't say if it is
 a performance decrease, though, since I did not test with 
 older Jdk's and
 jsse (perhaps I should...). Any solutions, hints or 
 suggestions would be
 very welcome!
 
 greetings
 
 Andreas Mohrig
 -Original Message-
 From: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, September 10, 2002 12:15 PM
 To: [EMAIL PROTECTED]
 Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL
 
 
 
 Migrating from Jdk1.3 to Jdk1.4 we encountered a significant 
 performance decrease on SSL-communications (server certs) between 
 Applets and Tomcat 3.2.4.
 
 Did anybody experience similar performance losses ?
 
 Does this happen because of a low SSL implementation in jdk1.4 ?
 Did anybody successfully provide a faster implementation?
 
 
 We used jdk1.4 on client and server-side.
 
 
 
 Thanks in advance,
 Wolfgang
 
 --
 To unsubscribe, e-mail:   
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: http session survival

2002-05-30 Thread Wolfgang Stein


Tomcat 4.0 provides for http session persistence.

Gruss,
Wolfgang
 

 -Original Message-
 From: Jim Clayson [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, May 30, 2002 11:43 AM
 To: '[EMAIL PROTECTED]'
 Subject: http session survival
 
 
 Hi,
  
 Does tomcat provide support for http session persistence?
 Does an http session survive a server restart automatically?
 If not, what is the suggested approach for persisting http 
 sessions in the
 web tier?.
  
 Thanks
 Jim
 
 __ 
 
 ?xml:namespace prefix = o ns = 
 urn:schemas-microsoft-com:office:office /
 
 Jim Clayson
 
 
 Infogain Limited
 
 
 tel: 01628 580600
 fax: 01628 580610
 email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]  
 web: www.infogain.com http://www.infogain.com/  
 
  
 
 Disclaimer:  Neither this e-mail nor any attachment places 
 any legal or
 contractual obligations on Infogain Limited. Any 
 reproduction, disclosure or
 dissemination beyond the intended addressees is strictly 
 prohibited save for
 the legitimate business purposes of Infogain Limited and its 
 clients or
 partners.
 
 __ 
 
  
  


--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

RE: http session survival

2002-05-30 Thread Wolfgang Stein


TC 3.2.x doesn't provide persistent sessions.
Don't know about TC 3.3.x

Gruss,
Wolfgang
 

 -Original Message-
 From: Jim Clayson [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, May 30, 2002 12:41 PM
 To: 'Tomcat Users List'
 Subject: RE: http session survival
 
 
 Thanks.
 
 Do you know to what extent it exists/doesn't in tomcat 3?
 
 Jim
 
 -Original Message-
 From: Wolfgang Stein [mailto:[EMAIL PROTECTED]]
 Sent: 30 May 2002 11:12
 To: [EMAIL PROTECTED]
 Subject: RE: http session survival
 
 
 Tomcat 4.0 provides for http session persistence.
 
 Gruss,
 Wolfgang
  
 
  -Original Message-
  From: Jim Clayson [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, May 30, 2002 11:43 AM
  To: '[EMAIL PROTECTED]'
  Subject: http session survival
  
  
  Hi,
   
  Does tomcat provide support for http session persistence?
  Does an http session survive a server restart automatically?
  If not, what is the suggested approach for persisting http 
  sessions in the
  web tier?.
   
  Thanks
  Jim
 

--
To unsubscribe, e-mail:   mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]

OT: RE: oci8 driver problem on Linux

2002-04-25 Thread Wolfgang Stein


 -Original Message-
 From: Reynir Hübner [mailto:[EMAIL PROTECTED]]
 First of all, the classes12.zip is not the same for Oracle9i 
 and 8i, so
 you must ensure that you've downloaded the correct one (from
 otn.oracle.com).
 


Hi,
we have a problem with our jdbc-connection
(sql-exception: protocol violation). 
We plan to use a newer jdbc driver.

Oracle recommends to upgrade to the *latest* 
jdbc-driver (see quoting below).

Do you have practical experiences that backup your 
suggestion to use an exact *version matching* driver ?

Thanks in advance
Wolfgang Stein


 quoting from metalink.oracle.com 
Last Revision Date:  21-JAN-2002 

Problem Solution


Upgrade the JDBC Driver to the latest version available. 

Note, if you are using the JDBC OCI driver, you are limited by the
Oracle client 
version on your machine.

If you are using the JDBC Thin driver, you are not constrained by the
client 
software version and the latest JDBC Thin driver has been certified 
to run against all prior database versions from 7.3.3, as long as you do
not
try and use features related to a later database version.
 /quoting from metalink.oracle.com 



 

 -Original Message-
 From: Reynir Hübner [mailto:[EMAIL PROTECTED]]
 Sent: Tuesday, April 23, 2002 5:16 PM
 To: Tomcat Users List
 Subject: RE: oci8 driver problem on Linux
 
 
 hi, 
 maybe some of these comments you've seen in previous replies to your
 question. 
 
 First of all, the classes12.zip is not the same for Oracle9i 
 and 8i, so
 you must ensure that you've downloaded the correct one (from
 otn.oracle.com).
 
 You must install the Oracle Client Software to use OCI driver 
 and set up
 connections and such, as it uses TNSNames.ora to create connection to
 the database server.
 
 There are two drivers in the classes12.zip one is the OCI and 
 the other
 is the thin driver. 
 
 I have used the thin driver most the time, it works fine, and I think
 most cases it is sufficient to use that one.
 
 
 remember to rename the zip file to .jar.
 
 hope it helps
 -reynir
 
 
 
 
 
 


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: SSL Logs

2002-04-19 Thread Wolfgang Stein




Start Tomcat with the additional option
(set in tomcat.bat) -Djavax.net.debug=all
and watch the console.


Gruss,
Wolfgang
 

 -Original Message-
 From: Todd Lekan [mailto:[EMAIL PROTECTED]]
 Sent: Friday, April 19, 2002 12:11 AM
 To: '[EMAIL PROTECTED]'
 Subject: SSL Logs
 
 
 My self-signed certificate works perfectly but when I restart 
 Tomcat with a
 Verisign certificate, I suddenly get a server error in my 
 browser when I try
 to connect. There are no errors logged on start up, in fact 
 catalina_log
 contains the following:
  
 2002-04-18 16:55:12 HttpConnector[8443] Starting background thread
 2002-04-18 16:55:12 HttpProcessor[8443][0] Starting background thread
 2002-04-18 16:55:12 HttpProcessor[8443][1] Starting background thread
 2002-04-18 16:55:12 HttpProcessor[8443][2] Starting background thread
 2002-04-18 16:55:12 HttpProcessor[8443][3] Starting background thread
 2002-04-18 16:55:12 HttpProcessor[8443][4] Starting background thread
  
 I assume an error must be getting thrown somewhere right? I'm 
 hoping someone
 can point where this would show up so I can figure out what 
 tomcat doesn't
 like about my certificate.
  
 Thanks for any help
  
 Todd Lekan
  


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: tomcat https security: is it possible to steal sessions?

2002-03-15 Thread Wolfgang Stein


It depends on the circumstances. I believe one widespread risk
among others might be the use of self-signed server certs
to establish a secure (ssl) communication.

If you use self-generated server certs,
someone could do a man-in-the-middle-attack,
making the client believe to communicate with the right server.
(I believe 'DNS spoofing' or manipulation of etc/hosts are ways
to place yourself betweena client and a server).

Since the client sends the symetric encryption key
to the wrong server (encrypted with the wrong public key),
it does not matter anymore whether the communication
were encrypted or not.
All data will be visible to the malicious server (not only
session ids).

The malicious server could additionally establish himself a
ssl connection to the originally intended server, using the
previously recorded login data for example.

From now on, the man in the middle could forward client data
to the server and vice versa. This will all be done over ssl,
making the endpoints believe in a 'secure' connection.

One way to avoid trusting malicious servers is to use
certs issued be an 'official' certification agency (CA).
Another way might be to deliver selfsigned server certs to all
clients in a secure way (by messenger for example) and ask
the clients to import the server cert into their browser.

Too expensive ?! Thats why official CAs exist :-)

If you are concerned about someone stealing your information
(as your posting suggests) and just solved the problem of
trusting a malicious server, you might also wonder about
malicious clients ...

This will finally lead to client certs, smartcards etc.

But in the end even these security mechanisms have their weakness
(e.g. browser infection, social engineering). 

I wouldn't even totally trust in biometric techniques like
fingerprints or retina analysis. Imagine a you were an 
authorized client meeting a criminal surgeon  :-)

 ... I do not pass any confidential information
 as url parameters (ie. all forms are using post method).

Using the post or get method makes no difference 
in man-in-the-middle attacks.

Gruss,
Wolfgang
___

 Even paranoids have enemies
  -- Anonymous
___


 

 -Ursprüngliche Nachricht-
 Von: Taavi Tiirik [mailto:[EMAIL PROTECTED]]
 Gesendet: Freitag, 15. März 2002 11:37
 An: Tomcat Users List
 Betreff: tomcat https security: is it possible to steal sessions?
 
 
 Hello,
 
 What kind of security risks are there if I use tomcat over https
 (http connector is disabled).
 
 Would it be ok to assume that nobody can listen traffic between
 tomcat and browser? I do not pass any confidential information
 as url parameters (ie. all forms are using post method).
 
 Is it still possible to (somehow) steal session info and act as
 somebody else?
 
 with best wishes,
 Taavi

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: How to Unsubscribe?

2002-03-07 Thread Wolfgang Stein


Try to send send a mail to
[EMAIL PROTECTED]

Gruss,
Wolfgang

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

RE: Tomcat4 standalone keystore - existing private

2002-02-27 Thread Wolfgang Stein


 Looks like we will be going through apache then.
 

Or use a utility written in java available with source from
http://www.comu.de.

It doesn't really import but generates a new keystore containing
the cert with priv key. Since you only need one entry for a 
ssl server cert (alias tomcat) it is sufficient.

I used it with success.

Gruss,
Wolfgang
 

 -Ursprüngliche Nachricht-
 Von: Chris Campbell [mailto:[EMAIL PROTECTED]]
 Gesendet: Mittwoch, 27. Februar 2002 07:53
 An: 'Tomcat Users List'
 Betreff: RE: Tomcat4 standalone keystore - existing private 
 key problem
 
 
 
 To answer my own question and perhaps help someone searching 
 archives on
 similar problems, the page at
 http://www.cs.indiana.edu/~chiuk/security/ssl/jsse/certificate
 s/ tells me
 Though sufficient for some tasks, a major deficiency of the 
 keytool utility
 is its inability to import a private key. Great. Looks like 
 we will be
 going through apache then.
 
 ChrisC
 
 
  -Original Message-
  From: Chris Campbell 
  Sent: Monday, February 25, 2002 12:38 PM
  To: '[EMAIL PROTECTED]'
  Subject: Tomcat4 standalone keystore - existing private key problem
  
  
  
  Hi
  
  I am trying to setup Tomcat 4.0.1 standalone to serve ssl 
  pages certified by
  Verisign. I can use (self signed) certificates generated by 
  keytool with no
  problem, but I can't set up the keystore to work with Verisign's.
  To explain a little more, the private key I have was 
  generated by openssl
  (openssl genrsa -rand rand.dat -des 1024  key.pem) and is of 
  the type:
  
  -BEGIN RSA PRIVATE KEY-
  Proc-Type: 4,ENCRYPTED
  DEK-Info: DES-CBC,91B2224E3C5D1BA5
  
  If I try to import this into my keystore like 
  
  keytool -import -file /root/key.pem
  
  I get the error 'Input not an X.509 certificate'. Importing 
  the certificate
  reply from Verisign in the same way works no problem, but I 
 know from
  setting up Apache that the private key is also necessary 
  right? And for
  tomcat, it seems that it must be in the keystore (no other 
  configuration
  options as far as I know). I think everything would work if I 
  could just get
  that private key into a form that keytool understands, then into the
  keystore... is this possible?
  
  Thanks, 
  
  ChrisC
  
  --
  To unsubscribe:   
 mailto:[EMAIL PROTECTED]
  For additional commands: 
 mailto:[EMAIL PROTECTED]
  Troubles with the list: 
 mailto:[EMAIL PROTECTED]
  
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: SSL Client authentication with standalone Tomcat

2002-02-26 Thread Wolfgang Stein


Imagine an online banking system with some thousand clients

I can't believe that you have to import each
client cert into the keystore file.

If you start tomcat with the -Djavax.net.debug=all option
you should be able to verify that tomcat initially sends a list 
of trusted CAs taken from the cacert file. 
This file should contain one CA (or more) that signed 
a client certificat signing request (or groups of them).

But Anton Brazhnyk's suggestion could be an alternative way.
If anybody succeeded in establishing the ssl client cert handhake
after importing client certs into the keystore file only,
please let us know.


Gruß,
Wolfgang
 

Anton Brazhnyk wrote
 
 I'm not sure its necessary, but I'd import last certificate with 
 following command:
 
   keytool -import -trustcacerts -file my.crt -alias tomcat
 


Wolfgang Stein wrote:
 
 As far as i understand the client-auth handshake,
 the server sends a list of trusted CAs to the client.

 This list is taken from
 JAVA_HOME_set_in_your_tomcat\lib\security\cacerts
 So you have to import your CA-cert into that file,
 instead of your .keystore .
 There is no need to import the client cert into cacerts or keystore.
 

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Reposting: SSL Client authentication with standalone Tomcat

2002-02-26 Thread Wolfgang Stein


I repost this because it didn't show up on the list but
a subsequent posting already did:

 The client browser scans his (previously imported) client certs
 for a matching cert isssuer/signer and sends (?) this to the server.

This part should read:
The client browser scans his (previously imported) client certs
for a matching cert issuer/signer, fills / pops up a choice dialog
box to select a client cert from, 
and sends (?) the users selection back to the server.

This choice box was usually empty in MS IE. Read my previous
posting Any success with Tomcat 4.0.2 and client
certificates in MS IE ?


Wolfgang Stein wrote:
 
 As far as i understand the client-auth handshake,
 the server sends a list of trusted CAs to the client.
 
 This list is take from
 JAVA_HOME_set_in_your_tomcat\lib\security\cacerts
 So you have to import your CA-cert into that file,
 instead of your .keystore .
 There is no need to import the client cert into cacerts or keystore.
 
 The client browser scans his (previously imported) client certs
 for a matching cert isssuer/signer and sends (?) this to the server.
 
 You will face a difference in comparism of the ca certs between
 nestcape / MS IE.
 
 Gruß,
 Wolfgang
 
 
  -Ursprüngliche Nachricht-
  Von: Brian Palmer [mailto:[EMAIL PROTECTED]]
  Gesendet: Dienstag, 26. Februar 2002 11:58
  An: [EMAIL PROTECTED]
  Betreff: SSL Client authentication with standalone Tomcat
 
 
  I'm trying to set up for a simple project client-authentication and CA
  abilities, using standalone tomcat and openssl. I'm not having
  luck. The short version is, when I enable clientAuth, I am unable to
  connect to the server, getting various messages (in Mozilla 0.9.8, I
  get no error messages but the page will not load, using openssl
  s_client I get a write error).
 
  Forgive me in advance for this long message, but my hope is that by
  explicitly stating what I'm doing, it will be easy for someone more
  experienced to see where I'm going wrong. I've spent much of the last
  2 days searching online for information and trying different
  approaches; most of the problems/solutions don't give a lot of details
 
  I've done the following:
 
  Step 1: Generate the tomcat request for certificate
  keytool -genkey -alias tomcat -keyalg RSA
 
  keytool -certreq -alias tomcat -file my.csr
 
  Step 2: Generate the ca certificate
  openssl req -new -newkey rsa:512 -nodes -out ca.req \
  -keyout ca.key
 
  openssl x509 -trustout -signkey ca.key -days 365  \
   -req -in ca.req -out ca.crt
 
  Step 3: Sign the tomcat request to generate tomcat certificate
  openssl x509 -CA ca.crt -CAkey ca.key -in my.csr \
   -out my.crt -req -CAcreateserial
 
  Step 4: Import both into my keystore
  keytool -import -file ca.crt -alias RootCert
 
  keytool -import -file my.crt -alias tomcat
 
  I can then stop and restart tomcat, and non-client-authenticated https
  works. I then go on to
 
  Step 5: Generate a client certificate
  openssl req -new -newkey rsa:512 -nodes \
  -out client.req -keyout client.key
 
  openssl x509 -CA ca.crt -CAkey ca.key \
   -req -in client.req \
-out client.crt
 
  I then enable clientAuth=true, and try to connect to tomcat using
  the openssl s_client:
  openssl s_client -cert client.crt -key client.key \
   -connect localhost:8443
  and get the following output:
  CONNECTED(0003)
  depth=1 /C=US/ST=California/L=Stanford/O=Stanford
  University/OU=CSD/CN=UStorit [EMAIL PROTECTED]
  verify error:num=19:self signed certificate in certificate chain
  verify return:0
  write:errno=104
 
  Any ideas? Or ideas on how to debug this? (I'm coming up against a
  deadline, so any hints much appreciated)
 
  --
  Brian Palmer
  Whoever fights monsters should see to it that in the process he does
  not become a monster. And when you look long into an abyss, the abyss
  also looks into you  - Nietzsche
 
 
  --
  To unsubscribe:   mailto:[EMAIL PROTECTED]
  For additional commands: mailto:[EMAIL PROTECTED]
  Troubles with the list: mailto:[EMAIL PROTECTED]
 

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: SSL Client authentication with standalone Tomcat

2002-02-26 Thread Wolfgang Stein


 The client browser scans his (previously imported) client certs
 for a matching cert isssuer/signer and sends (?) this to the server.

This part should read:
The client browser scans his (previously imported) client certs
for a matching cert issuer/signer, fills / pops up a choice dialog
box to select a client cert from, 
and sends (?) the users selection back to the server.

This choice box was usually empty in MS IE. Read my previous
posting Any success with Tomcat 4.0.2 and client
certificates in MS IE ?


Wolfgang Stein wrote:
 
 As far as i understand the client-auth handshake,
 the server sends a list of trusted CAs to the client.
 
 This list is take from
 JAVA_HOME_set_in_your_tomcat\lib\security\cacerts
 So you have to import your CA-cert into that file,
 instead of your .keystore .
 There is no need to import the client cert into cacerts or keystore.
 
 The client browser scans his (previously imported) client certs
 for a matching cert isssuer/signer and sends (?) this to the server.
 
 You will face a difference in comparism of the ca certs between
 nestcape / MS IE.
 
 Gruß,
 Wolfgang
 
 
  -Ursprüngliche Nachricht-
  Von: Brian Palmer [mailto:[EMAIL PROTECTED]]
  Gesendet: Dienstag, 26. Februar 2002 11:58
  An: [EMAIL PROTECTED]
  Betreff: SSL Client authentication with standalone Tomcat
 
 
  I'm trying to set up for a simple project client-authentication and CA
  abilities, using standalone tomcat and openssl. I'm not having
  luck. The short version is, when I enable clientAuth, I am unable to
  connect to the server, getting various messages (in Mozilla 0.9.8, I
  get no error messages but the page will not load, using openssl
  s_client I get a write error).
 
  Forgive me in advance for this long message, but my hope is that by
  explicitly stating what I'm doing, it will be easy for someone more
  experienced to see where I'm going wrong. I've spent much of the last
  2 days searching online for information and trying different
  approaches; most of the problems/solutions don't give a lot of details
 
  I've done the following:
 
  Step 1: Generate the tomcat request for certificate
  keytool -genkey -alias tomcat -keyalg RSA
 
  keytool -certreq -alias tomcat -file my.csr
 
  Step 2: Generate the ca certificate
  openssl req -new -newkey rsa:512 -nodes -out ca.req \
  -keyout ca.key
 
  openssl x509 -trustout -signkey ca.key -days 365  \
   -req -in ca.req -out ca.crt
 
  Step 3: Sign the tomcat request to generate tomcat certificate
  openssl x509 -CA ca.crt -CAkey ca.key -in my.csr \
   -out my.crt -req -CAcreateserial
 
  Step 4: Import both into my keystore
  keytool -import -file ca.crt -alias RootCert
 
  keytool -import -file my.crt -alias tomcat
 
  I can then stop and restart tomcat, and non-client-authenticated https
  works. I then go on to
 
  Step 5: Generate a client certificate
  openssl req -new -newkey rsa:512 -nodes \
  -out client.req -keyout client.key
 
  openssl x509 -CA ca.crt -CAkey ca.key \
   -req -in client.req \
-out client.crt
 
  I then enable clientAuth=true, and try to connect to tomcat using
  the openssl s_client:
  openssl s_client -cert client.crt -key client.key \
   -connect localhost:8443
  and get the following output:
  CONNECTED(0003)
  depth=1 /C=US/ST=California/L=Stanford/O=Stanford
  University/OU=CSD/CN=UStorit [EMAIL PROTECTED]
  verify error:num=19:self signed certificate in certificate chain
  verify return:0
  write:errno=104
 
  Any ideas? Or ideas on how to debug this? (I'm coming up against a
  deadline, so any hints much appreciated)
 
  --
  Brian Palmer
  Whoever fights monsters should see to it that in the process he does
  not become a monster. And when you look long into an abyss, the abyss
  also looks into you  - Nietzsche
 
 
  --
  To unsubscribe:   mailto:[EMAIL PROTECTED]
  For additional commands: mailto:[EMAIL PROTECTED]
  Troubles with the list: mailto:[EMAIL PROTECTED]
 

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: High startup and shutdown time of tomcat 4

2002-02-26 Thread Wolfgang Stein


Hi,

the startup time will even increase if you enable a SSL-connector.
But you don't have to restart the whole tomcat to restart
an application (compared with TC 3.2, don't know 3.3),
if you use the manager app instead.

You can also enable dynamic servlet reloading during development.

I suppose the startup time is a tribute to the better
catalina architecture, new features and servlet 2.3 spec conformity.

I also removed all unused applications (e.g. examples, doc ...)
to reduce the start up time. 

I didn't notice a slower shutdown.

Gruss,
Wolfgang
 

 -Ursprüngliche Nachricht-
 Von: Jürgen Weber [mailto:[EMAIL PROTECTED]]
 Gesendet: Dienstag, 26. Februar 2002 19:34
 An: [EMAIL PROTECTED]
 Betreff: High startup and shutdown time of tomcat 4
 
 
 Hello,
 
 jakarta-tomcat-3.3a has a startup time of 4s (jdk 1.4, NT),
 wheras jakarta-tomcat-4.0.2-LE-jdk14 needs 10s.
 
 Shutdown is also much slower.
 
 The fast startup/shutdown made tomcat 3 so great for development.
 Why is it that catalina is so much slower in startup?
 Can anything be done to make it faster?
 
 Thanks,
 Juergen
 
 _
 Testen Sie MSN Messenger für Ihren Online-Chat mit Freunden: 
 http://messenger.msn.de
 
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Any success with Tomcat 4.0.2 and client certificates in MS IE ?

2002-02-22 Thread Wolfgang Stein


Did anybody ever succeed in using client certs using MS IE ?

I tried with an openssl generated client cert,
also tried with a Thawte Freemail client cert,
all without success.

MS Internet Explorer always comes up with an empty
dialog box asking to select a client certificate.

The client certs work fine in Netscape Communicator.

I searched the archives and the WWW. A lot of people
encountered the same problem. Some guy talked about
differences in the ssl-handshake (search within 
  http://groups.google.com/
for
  SSL Client Authentication to Tomcat Web Server
)

His solution was a DN without eMail address generated
with a Microsoft cert authority. I dont't have such
programm and cant generate such a request with openssl.

Any hints ? My boss will fire me if i spend some more
weeks on that problem :-).  I am tired of it, anyway.

Again: Did anybody ever succeed with MS IE + client certs + Tomcat?

Thanks in advance
Wolfgang Stein

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Re: I get an exception java.io.FileNotFoundException: Tomcat 4 ssl

2002-02-22 Thread Wolfgang Stein


Seems you have to much double quotes in th entry
  keystoreFile=C:\WINDOWS\Profile\chucka\.keystore

Gruß,
Wolfgang
 

 -Ursprüngliche Nachricht-
 Von: Chuck Amadi [mailto:[EMAIL PROTECTED]]
 Gesendet: Freitag, 22. Februar 2002 14:38
 An: tomcat
 Betreff: I get an exception java.io.FileNotFoundException: 
 Tomcat 4 ssl
 
 
 When Tomcat -4.0.2 starts up I get an exception 
 java.io.FileNotFoundException:
 
 System cannot find file etc etc I have added a keystoreFile 
 attribute 
 keystoreFile=C:\WINDOWS\Profile\chucka\.keystore
 
 It still claims it can't find it - Thus basically how do i 
 add it to the 
 keystoreFile attribute as i am missing something quite obvisouly.
 
 C:\WINDOWS\Profile\chucka\.keystore is the absolute path of my 
 .keystore File
 
  !-- Define an SSL HTTP/1.1 Connector on port 8443 () --
 Connector 
 className=org.apache.catalina.connector.http.HttpConnector
port= minProcessors=5 maxProcessors=75
enableLookups=true
acceptCount=10 debug=0 scheme=https secure=true
   Factory 
 className=org.apache.catalina.net.SSLServerSocketFactory
clientAuth=false
 keystoreFile=C:\WINDOWS\Profile\chucka\.keystore
 keystorePass=test123
 protocol=TLS/
 /Connector
 
 Any suggestions
 Cheers Chuck Amadi
 Systems Programmer
 
 
 --
 To unsubscribe:   mailto:[EMAIL PROTECTED]
 For additional commands: mailto:[EMAIL PROTECTED]
 Troubles with the list: mailto:[EMAIL PROTECTED]


--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

Tomcat 3.2.2 sometimes slow. Does he DNS lookup ?

2001-11-23 Thread Wolfgang Stein


My Tomcat is sometimes very slow if 
clients connect from the internet.

It gets faster if the remote client has an entry
in the WINNT\system32\drivers\etc\hosts file.  (??!)

Does Tomcat make a DNS lookup ?

This already happens if tomcat serves static
files only.

Any ideas ?

Thanks in advance,
Wolfgang Stein

--
To unsubscribe:   mailto:[EMAIL PROTECTED]
For additional commands: mailto:[EMAIL PROTECTED]
Troubles with the list: mailto:[EMAIL PROTECTED]

TC4: stopping/starting an application works, reloading does not

2001-10-25 Thread Wolfgang Stein


Are there any known problems related to 
reloading of an application with the 'manager' app ?

E.g. a servlet request did not load a servlet
since i forgot to deploy the corresponding servlet class.

After deploying it and reloading the application 'myapp' with
  http://localhost:8080/manager/reload?path=/myapp
the servlet is still not found.

After doing successively 
  http://localhost:8080/manager/stop?path=/myapp
  http://localhost:8080/manager/start?path=/myapp
the servlet of application 'myapp' is loaded successfully.

The corresponding servlet entry/mapping in myapp/WEB-INF/web.xml
was already present on the first attempt.

Any similar experiences ?
Wolfgang Stein

RE: Launching subprocess under Tomcat as a Service

2001-10-25 Thread Wolfgang Stein


I encountered some problems on file i/o
due the fact that the WINs current working
directory differs if tomcat is started as a NT service.

HTH
Wolfgang Stein

 -Original Message-
 From: Robert Casto [mailto:[EMAIL PROTECTED]]
 Sent: Thursday, October 25, 2001 4:40 AM
 To: [EMAIL PROTECTED]
 Subject: Launching subprocess under Tomcat as a Service
 
 
 To all,
 
 I have a servlet that spawns a process to generate PDF 
 reports. When I run
 Tomcat 3.2.3 using the startup.bat method, everything works fine. The
 subprocess runs, completes its task, and my Servlet returns 
 and completes
 its processing. The problem comes when running Tomcat as a 
 service using
 jk_nt_service.exe. My Servlet will run, all of my webpages 
 will work, but
 when my Servlet spawns the subprocess to generate the PDF 
 file, it hangs. I
 have tried changing the settings of the service to log in as 
 various users
 with no luck. Any suggestions on how to ensure that the 
 subprocess will
 execute while running Tomcat as a service. NOTE: This problem 
 occurs whether
 I am using NT4 SP6 or Win2k.
 
 Robert Casto
 
 
 .
  CinciJava | Java Development and Training
 
 Robert Casto | [EMAIL PROTECTED]
 513-349-JAVA | www.cincijava.com

Where are the public keys for tomcat signature files ?

2001-10-22 Thread Wolfgang Stein


How can i verify the signatures for the tomcat binaries ?

Thanks in advance
Wolfgang

How to disable automatic context loading in Tomcat 4 ?

2001-10-05 Thread Wolfgang Stein


How can I disable automatic context loading
AKA 'Automatic Application Deployment' in Tomcat 4 ? 

Thanks in advance,
Wolfgang Stein

RE: multiple instances of tomcat

2001-05-04 Thread Wolfgang Stein


We run two tomcats on WinNT.
- Make Two tomcat directory trees e.g. Tomcat1, Tomcat2.
- in each tomcat.bat set a specific TOMCAT_HOME directly
  e.g.  set TOMCAT_HOME=D:\Tomcat1
set TOMCAT_HOME=D:\Tomcat2
  instead of using a predefined System var TOMCAT_HOME.
- modify each server.xml for the specific port.

If you start tomcat as a NT service you have to
modify in each wrapper.properties 
the var 'wrapper.tomcat_home' analogously

Good luck,
Wolfgang Stein


 -Original Message-
 From: Peter Hrastnik [mailto:[EMAIL PROTECTED]]
 Sent: Friday, May 04, 2001 4:05 PM
 To: [EMAIL PROTECTED]
 Subject: Re: multiple instances of tomcat
 
 
 It is possible: You must have two different server.xml files. In the
 server.xml file you can configure that port in the http connector
 element. You also need to have 2 startup-scripts that call tomcat with
 the appropriate server.xml file. You don't need Apache to do this.
 
 Bye,
   Peter.
 
 -- 
 Mag. Peter Hrastnik
 tele.ring Telekom Service GmbH
 A-1030 Wien, Hainburgerstr. 33
 Tel.: +43/1/931012/3277, Mobil: +43/650/6503277
 
 
 teh j wrote:
  
  Hello all
  
  I was just wondering whether it would be possible to
  have two different tomcat processes (running on
  different ports) simultaneously?
  
  From looking at the 'Minimalistic Usres Guide' it
  seems this can be done with Apache, but can it be done
  with Tomcat as a standalond JSP server?
  
  thanks!
  Jason
  
  
 __
 ___
  http://store.yahoo.com.au - Yahoo! Store
  - It's time you had your business online!

Deploying a JSP among servlets

2001-03-22 Thread Wolfgang Stein


Tomcat 3.2.1

1) Is it possible to put (and access directly) a JSP among servlets
located beneath WEB-INF/classes ?

2) Is it possible to package (and access directly) a JSP 
along with other classes located beneath WEB-INF/classes ?

or

3) Is JSP access generally restricted to directories
above WEB-INF ?


All my servlets inherit from a superclass that 
provides pooled connections, sophisticated logging and collects 
some statistical data (time of first servlet instantiation,
concurrent requests, duration of request handling etc.)

The superclass is contained in a package along with
a connection manager, a logger class etc.

I want to build an admin web interface for that superclass
(or the deriving servlets respectivly), providing output
of formatted statistics and dynamic adjustment of some values
(pool size, log level etc.).

I would like to implement that web interface using JSP technology
in a quick and dirty manner - which is sufficient for admin 
purposes  :-)


I struggled with web.xml for hours without success,
but I am a JSP newbie.


Thanks in advance,
Wolfgang Stein

READ THIS First! Mailing-list archive and good tips

2000-11-06 Thread Wolfgang Stein


  To unsubscribe from this list
mailto:[EMAIL PROTECTED]

  To stop subscription for an alternate account
  (e.g. [EMAIL PROTECTED]) send an eMail to
[EMAIL PROTECTED]


 Before posting any questions ---

+ We welcome open discussion of Tomcat issues at both advanced
  and beginner levels of expertise. However, please be respectful
  of other people's time. Before posting questions, do your own
  reading and research. As the saying goes, "There are no stupid
  questions"... except the ones you could have answered by yourself!

  Before posting a question, perform the following steps.

+ Be familiar with servlets in general. See:
  http://java.sun.com/products/servlet/
  http://java.sun.com/products/jsp/

+ Read any of the several published books about servlets or JSP.

+ Read the Servlet API 2.2 Specification.

  Download a copy of the spec in PostScript or Acrobat PDF formats:
  http://java.sun.com/products/servlet/download.html#specs

  The spec is currently not available online; you must download a copy.
  You may obtain free Acrobat PDF reader software from:
  http://www.adobe.com/products/acrobat/readstep.html
  
  Tomcat implements this spec, so think of it as one of Tomcat's
  manuals.

+ Read Tomcat's other documentation:
  http://jakarta.apache.org/tomcat/index.html

+ Study the Tomcat examples.

  First use the servlets found in the /examples context.
  Read their source code.

  Then try your own first servlets in the /examples context, and
  add an entry into /example/WEB-INF/web.xml

+ Search either of these two archives for past discussions.
  
  Contributed by Bob Tanner:
  http://archives.real-time.com/rte-tomcat/
  
  Contributed by Philip J. Mikal:
  http://mikal.org/interests/java/tomcat/index.html

  Search for short phrases, such as your server error messages.
  Search the archive again with better or different phrases.

  Many beginner questions have already been asked, so please
  make several attempts at finding your question in the archive.

+ Read the FAQ:
  http://jakarta.apache.org/jyve-faq/Turbine/screen/DisplayTopics/
  Click the Jakarta link.

+ Search the bug report facility
  http://znutar.cortexity.com:
  provided by Nick Bauman.

+ Read this mailing list regularly, not just when you have a problem.
  
+ Examine your error messages problems not directly related to Tomcat,
  such as CLASSPATH problems. Write, compile, and run a "Hello World"
  application to be sure your problem is related to servlets or Tomcat.
  
+ Ask an expert in your company, school class, or local Java users
  group.
  http://industry.java.sun.com/jug/

+ Do not treat this list as a dumping ground for your problems. Think of
  the list as a volunteer community of people engaging in respectful
  discussion.
 
== THE MORAL OF THE STORY 
Help yourself first.
Be responsible for your own learning.
   Try to solve your own problem.
   If you are still suffering, then post to this list.
==

+ Be aware: This mailing list may contain viruses.

  Don't trust anybody. If your are not absolutely sure, do not open
  any attachments. Do not read the postings with a JavaScript-enabled
  email client.

  Microsoft Windows users:
  Disable all stuff like ActiveScripting etc.
  in your mail reader.  Be careful with attachments,
  especially of type .exe .vbs or some virus attachments like
  "livestages.txt.shs".
  The .shs extension disappears/is not visible under Windows but
  represents an executable script which will execute when opened
  separately.

+ Other resources:
  - An archive of the mailing list for the developers building Tomcat
discussing bugs, future releases, etc.
http://www.metronet.com/~wjm/tomcat/
  
  - Sun's mailing list for general servlet information:
Search its archive at:
http://archives.java.sun.com/archives/servlet-interest.html
Subscribe only, if you are willing to receive hundred messages
per day!
   
  - Search DejaNews at http://www.deja.com/home_ps.shtml

  - Look at jGuru, JCentral etc.

  - Search the whole Web with a popular search engine.
As a developer of server applications you should know
all about it.  :-)
You can find entire websites dedicated to Java servlets.
Find the online versions of Java magazines with past articles
on servlets and JSP.
   
-- end --

READ THIS First! Mailing-list archive and good tips

2000-11-02 Thread Wolfgang Stein


  To unsubscribe from this list
mailto:[EMAIL PROTECTED]

  To stop subscription for an alternate account
  (e.g. [EMAIL PROTECTED]) send an eMail to
[EMAIL PROTECTED]


 Before posting any questions ---

+ We welcome open discussion of Tomcat issues at both advanced
  and beginner levels of expertise. However, please be respectful
  of other people's time. Before posting questions, do your own
  reading and research. As the saying goes, "There are no stupid
  questions"... except the ones you could have answered by yourself!

  Before posting a question, perform the following steps.

+ Be familiar with servlets in general. See:
  http://java.sun.com/products/servlet/
  http://java.sun.com/products/jsp/

+ Read any of the several published books about servlets or JSP.

+ Read the Servlet API 2.2 Specification.

  Download a copy of the spec in PostScript or Acrobat PDF formats:
  http://java.sun.com/products/servlet/download.html#specs

  The spec is currently not available online; you must download a copy.
  You may obtain free Acrobat PDF reader software from:
  http://www.adobe.com/products/acrobat/readstep.html
  
  Tomcat implements this spec, so think of it as one of Tomcat's
  manuals.

+ Read Tomcat's other documentation:
  http://jakarta.apache.org/tomcat/index.html

+ Study the Tomcat examples.

  First use the servlets found in the /examples context.
  Read their source code.

  Then try your own first servlets in the /examples context, and
  add an entry into /example/WEB-INF/web.xml

+ Search either of these two archives for past discussions.
  
  Contributed by Bob Tanner:
  http://archives.real-time.com/rte-tomcat/
  
  Contributed by Philip J. Mikal:
  http://mikal.org/interests/java/tomcat/index.html

  Search for short phrases, such as your server error messages.
  Search the archive again with better or different phrases.

  Many beginner questions have already been asked, so please
  make several attempts at finding your question in the archive.

+ Read the FAQ:
  http://jakarta.apache.org/jyve-faq/Turbine/screen/DisplayTopics/
  Click the Jakarta link.

+ Search the bug report facility
  http://znutar.cortexity.com:
  provided by Nick Bauman.

+ Read this mailing list regularly, not just when you have a problem.
  
+ Examine your error messages problems not directly related to Tomcat,
  such as CLASSPATH problems. Write, compile, and run a "Hello World"
  application to be sure your problem is related to servlets or Tomcat.
  
+ Ask an expert in your company, school class, or local Java users
  group.
  http://industry.java.sun.com/jug/

+ Do not treat this list as a dumping ground for your problems. Think of
  the list as a volunteer community of people engaging in respectful
  discussion.
 
== THE MORAL OF THE STORY 
Help yourself first.
Be responsible for your own learning.
   Try to solve your own problem.
   If you are still suffering, then post to this list.
==

+ Be aware: This mailing list may contain viruses.

  Don't trust anybody. If your are not absolutely sure, do not open
  any attachments. Do not read the postings with a JavaScript-enabled
  email client.

  Microsoft Windows users:
  Disable all stuff like ActiveScripting etc.
  in your mail reader.  Be careful with attachments,
  especially of type .exe .vbs or some virus attachments like
  "livestages.txt.shs".
  The .shs extension disappears/is not visible under Windows but
  represents an executable script which will execute when opened
  separately.

+ Other resources:
  - An archive of the mailing list for the developers building Tomcat
discussing bugs, future releases, etc.
http://www.metronet.com/~wjm/tomcat/
  
  - Sun's mailing list for general servlet information:
Search its archive at:
http://archives.java.sun.com/archives/servlet-interest.html
Subscribe only, if you are willing to receive hundred messages
per day!
   
  - Search DejaNews at http://www.deja.com/home_ps.shtml

  - Look at jGuru, JCentral etc.

  - Search the whole Web with a popular search engine.
As a developer of server applications you should know
all about it.  :-)
You can find entire websites dedicated to Java servlets.
Find the online versions of Java magazines with past articles
on servlets and JSP.
   
-- end --

READ THIS First! Mailing-list archive and good tips

2000-10-31 Thread Wolfgang Stein


  To unsubscribe from this list
mailto:[EMAIL PROTECTED]

  To stop subscription for an alternate account
  (e.g. [EMAIL PROTECTED]) send an eMail to
[EMAIL PROTECTED]


 Before posting any questions ---

+ We welcome open discussion of Tomcat issues at both advanced
  and beginner levels of expertise. However, please be respectful
  of other people's time. Before posting questions, do your own
  reading and research. As the saying goes, "There are no stupid
  questions"... except the ones you could have answered by yourself!

  Before posting a question, perform the following steps.

+ Be familiar with servlets in general. See:
  http://java.sun.com/products/servlet/
  http://java.sun.com/products/jsp/

+ Read any of the several published books about servlets or JSP.

+ Read the Servlet API 2.2 Specification.

  Download a copy of the spec in PostScript or Acrobat PDF formats:
  http://java.sun.com/products/servlet/download.html#specs

  The spec is currently not available online; you must download a copy.
  You may obtain free Acrobat PDF reader software from:
  http://www.adobe.com/products/acrobat/readstep.html
  
  Tomcat implements this spec, so think of it as one of Tomcat's
  manuals.

+ Read Tomcat's other documentation:
  http://jakarta.apache.org/tomcat/index.html

+ Study the Tomcat examples.

  First use the servlets found in the /examples context.
  Read their source code.

  Then try your own first servlets in the /examples context, and
  add an entry into /example/WEB-INF/web.xml

+ Search either of these two archives for past discussions.
  
  Contributed by Bob Tanner:
  http://archives.real-time.com/rte-tomcat/
  
  Contributed by Philip J. Mikal:
  http://mikal.org/interests/java/tomcat/index.html

  Search for short phrases, such as your server error messages.
  Search the archive again with better or different phrases.

  Many beginner questions have already been asked, so please
  make several attempts at finding your question in the archive.

+ Read the FAQ (temporary(?) unavailable):
  http://jakarta.apache.org/jyve-faq/Turbine/screen/DisplayTopics/
  Click the Jakarta link.

+ Search the bug report facility
  http://znutar.cortexity.com:
  provided by Nick Bauman.

+ Read this mailing list regularly, not just when you have a problem.
  
+ Examine your error messages problems not directly related to Tomcat,
  such as CLASSPATH problems. Write, compile, and run a "Hello World"
  application to be sure your problem is related to servlets or Tomcat.
  
+ Ask an expert in your company, school class, or local Java users
  group.
  http://industry.java.sun.com/jug/

+ Do not treat this list as a dumping ground for your problems. Think of
  the list as a volunteer community of people engaging in respectful
  discussion.
 
== THE MORAL OF THE STORY 
Help yourself first.
Be responsible for your own learning.
   Try to solve your own problem.
   If you are still suffering, then post to this list.
==

+ Be aware: This mailing list may contain viruses.

  Don't trust anybody. If your are not absolutely sure, do not open
  any attachments. Do not read the postings with a JavaScript-enabled
  email client.

  Microsoft Windows users:
  Disable all stuff like ActiveScripting etc.
  in your mail reader.  Be careful with attachments,
  especially of type .exe .vbs or some virus attachments like
  "livestages.txt.shs".
  The .shs extension disappears/is not visible under Windows but
  represents an executable script which will execute when opened
  separately.

+ Other resources:
  - An archive of the mailing list for the developers building Tomcat
discussing bugs, future releases, etc.
http://www.metronet.com/~wjm/tomcat/
  
  - Sun's mailing list for general servlet information:
Search its archive at:
http://archives.java.sun.com/archives/servlet-interest.html
Subscribe only, if you are willing to receive hundred messages
per day!
   
  - Search DejaNews at http://www.deja.com/home_ps.shtml

  - Look at jGuru, JCentral etc.

  - Search the whole Web with a popular search engine.
As a developer of server applications you should know
all about it.  :-)
You can find entire websites dedicated to Java servlets.
Find the online versions of Java magazines with past articles
on servlets and JSP.
   
-- end --

READ THIS First! Mailing-list archive and good tips

2000-10-30 Thread Wolfgang Stein


  To unsubscribe from this list
mailto:[EMAIL PROTECTED]

  To stop subscription for an alternate account
  (e.g. [EMAIL PROTECTED]) send an eMail to
[EMAIL PROTECTED]


 Before posting any questions ---

+ We welcome open discussion of Tomcat issues at both advanced
  and beginner levels of expertise. However, please be respectful
  of other people's time. Before posting questions, do your own
  reading and research. As the saying goes, "There are no stupid
  questions"... except the ones you could have answered by yourself!

  Before posting a question, perform the following steps.

+ Be familiar with servlets in general. See:
  http://java.sun.com/products/servlet/
  http://java.sun.com/products/jsp/

+ Read any of the several published books about servlets or JSP.

+ Read the Servlet API 2.2 Specification.

  Download a copy of the spec in PostScript or Acrobat PDF formats:
  http://java.sun.com/products/servlet/download.html#specs

  The spec is currently not available online; you must download a copy.
  You may obtain free Acrobat PDF reader software from:
  http://www.adobe.com/products/acrobat/readstep.html
  
  Tomcat implements this spec, so think of it as one of Tomcat's
  manuals.

+ Read Tomcat's other documentation:
  http://jakarta.apache.org/tomcat/index.html

+ Study the Tomcat examples.

  First use the servlets found in the /examples context.
  Read their source code.

  Then try your own first servlets in the /examples context, and
  add an entry into /example/WEB-INF/web.xml

+ Search either of these two archives for past discussions.
  
  Contributed by Bob Tanner:
  http://archives.real-time.com/rte-tomcat/
  
  Contributed by Philip J. Mikal:
  http://mikal.org/interests/java/tomcat/index.html

  Search for short phrases, such as your server error messages.
  Search the archive again with better or different phrases.

  Many beginner questions have already been asked, so please
  make several attempts at finding your question in the archive.

+ Read the FAQ (temporary(?) unavailable):
  http://jakarta.apache.org/jyve-faq/Turbine/screen/DisplayTopics/
  Click the Jakarta link.

+ Search the bug report facility
  http://znutar.cortexity.com:
  provided by Nick Bauman.

+ Read this mailing list regularly, not just when you have a problem.
  
+ Examine your error messages problems not directly related to Tomcat,
  such as CLASSPATH problems. Write, compile, and run a "Hello World"
  application to be sure your problem is related to servlets or Tomcat.
  
+ Ask an expert in your company, school class, or local Java users
  group.
  http://industry.java.sun.com/jug/

+ Do not treat this list as a dumping ground for your problems. Think of
  the list as a volunteer community of people engaging in respectful
  discussion.
 
== THE MORAL OF THE STORY 
Help yourself first.
Be responsible for your own learning.
   Try to solve your own problem.
   If you are still suffering, then post to this list.
==

+ Be aware: This mailing list may contain viruses.

  Don't trust anybody. If your are not absolutely sure, do not open
  any attachments. Do not read the postings with a JavaScript-enabled
  email client.

  Microsoft Windows users:
  Disable all stuff like ActiveScripting etc.
  in your mail reader.  Be careful with attachments,
  especially of type .exe .vbs or some virus attachments like
  "livestages.txt.shs".
  The .shs extension disappears/is not visible under Windows but
  represents an executable script which will execute when opened
  separately.

+ Other resources:
  - An archive of the mailing list for the developers building Tomcat
discussing bugs, future releases, etc.
http://www.metronet.com/~wjm/tomcat/
  
  - Sun's mailing list for general servlet information:
Search its archive at:
http://archives.java.sun.com/archives/servlet-interest.html
Subscribe only, if you are willing to receive hundred messages
per day!
   
  - Search DejaNews at http://www.deja.com/home_ps.shtml

  - Look at jGuru, JCentral etc.

  - Search the whole Web with a popular search engine.
As a developer of server applications you should know
all about it.  :-)
You can find entire websites dedicated to Java servlets.
Find the online versions of Java magazines with past articles
on servlets and JSP.
   
-- end --

READ THIS First! Mailing-list archive and good tips

2000-10-24 Thread Wolfgang Stein


  To unsubscribe from this list
mailto:[EMAIL PROTECTED]

  To stop subscription for an alternate account
  (e.g. [EMAIL PROTECTED]) send an eMail to
[EMAIL PROTECTED]


 Before posting any questions ---

+ We welcome open discussion of Tomcat issues at both advanced
  and beginner levels of expertise. However, please be respectful
  of other people's time. Before posting questions, do your own
  reading and research. As the saying goes, "There are no stupid
  questions"... except the ones you could have answered by yourself!

  Before posting a question, perform the following steps.

+ Be familiar with servlets in general. See:
  http://java.sun.com/products/servlet/
  http://java.sun.com/products/jsp/

+ Read any of the several published books about servlets or JSP.

+ Read the Servlet API 2.2 Specification.

  Download a copy of the spec in PostScript or Acrobat PDF formats:
  http://java.sun.com/products/servlet/download.html#specs

  The spec is currently not available online; you must download a copy.
  You may obtain free Acrobat PDF reader software from:
  http://www.adobe.com/products/acrobat/readstep.html
  
  Tomcat implements this spec, so think of it as one of Tomcat's
  manuals.

+ Read Tomcat's other documentation:
  http://jakarta.apache.org/tomcat/index.html

+ Study the Tomcat examples.

  First use the servlets found in the /examples context.
  Read their source code.

  Then try your own first servlets in the /examples context, and
  add an entry into /example/WEB-INF/web.xml

+ Search either of these two archives for past discussions.
  
  Contributed by Bob Tanner:
  http://archives.real-time.com/rte-tomcat/
  
  Contributed by Philip J. Mikal:
  http://mikal.org/interests/java/tomcat/index.html

  Search for short phrases, such as your server error messages.
  Search the archive again with better or different phrases.

  Many beginner questions have already been asked, so please
  make several attempts at finding your question in the archive.

+ Read the FAQ:
  http://jakarta.apache.org/jyve-faq/Turbine/screen/DisplayTopics/
  Click the Jakarta link.

+ Search the bug report facility
  http://znutar.cortexity.com:
  provided by Nick Bauman.

+ Read this mailing list regularly, not just when you have a problem.
  
+ Examine your error messages problems not directly related to Tomcat,
  such as CLASSPATH problems. Write, compile, and run a "Hello World"
  application to be sure your problem is related to servlets or Tomcat.
  
+ Ask an expert in your company, school class, or local Java users
  group.
  http://industry.java.sun.com/jug/

+ Do not treat this list as a dumping ground for your problems. Think of
  the list as a volunteer community of people engaging in respectful
  discussion.
 
== THE MORAL OF THE STORY 
Help yourself first.
Be responsible for your own learning.
   Try to solve your own problem.
   If you are still suffering, then post to this list.
==

+ Be aware: This mailing list may contain viruses.

  Don't trust anybody. If your are not absolutely sure, do not open
  any attachments. Do not read the postings with a JavaScript-enabled
  email client.

  Microsoft Windows users:
  Disable all stuff like ActiveScripting etc.
  in your mail reader.  Be careful with attachments,
  especially of type .exe .vbs or some virus attachments like
  "livestages.txt.shs".
  The .shs extension disappears/is not visible under Windows but
  represents an executable script which will execute when opened
  separately.

+ Other resources:
  - An archive of the mailing list for the developers building Tomcat
discussing bugs, future releases, etc.
http://www.metronet.com/~wjm/tomcat/
  
  - Sun's mailing list for general servlet information:
Search its archive at:
http://archives.java.sun.com/archives/servlet-interest.html
Subscribe only, if you are willing to receive hundred messages
per day!
   
  - Search DejaNews at http://www.deja.com/home_ps.shtml

  - Look at jGuru, JCentral etc.

  - Search the whole Web with a popular search engine.
As a developer of server applications you should know
all about it.  :-)
You can find entire websites dedicated to Java servlets.
Find the online versions of Java magazines with past articles
on servlets and JSP.
   
-- end --

37 matches

Mail list logo