apr_pool_get_parent
Hi, I am trying to use the TOMCAT module with the LAMP package. That worked fine on one Suse10.0 Linux machine. Installing the very same package on another machine, also with Suse10.0, it fails. When I try to install the TOMCAT-mod_jk package, I get (when starting Apache HTTP Server): httpd: Syntax error on line 500 of /opt/lampp/etc/httpd.conf: Syntax error on line 1 of /opt/lampp/etc/tomcat.conf: Cannot load /opt/lampp/modules/mod_jk2.so into server: /opt/lampp/modules/mod_jk2.so: undefined symbol: apr_pool_get_parent Can anybody tell me what is wrong on this machine? Thanks Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apr_pool_get_parent
Not the solution, but two hints: - mod_jk2 is deprecated. Only mod_jk is being actively developped. You should switch from mod_jk2 to mod_jk. - The symbol that's reported is part of libapr which is needed for apache2. So I assume you are using Apache httpd 2 and you should check, where you can find libapr. But I think something else must be wrong, because without libapr I would have expected httpd to give up on startup much earlier. You can check for the symbols inlibapr e.g. like this: mysystem% PATH_TO_NM/nm libapr-0.so.0.9.7 | grep apr_pool_get_parent [989] | 171304|36|FUNC |GLOB |0 |11 |apr_pool_get_parent Rainer Klaus-F. Kaal wrote: Hi, I am trying to use the TOMCAT module with the LAMP package. That worked fine on one Suse10.0 Linux machine. Installing the very same package on another machine, also with Suse10.0, it fails. When I try to install the TOMCAT-mod_jk package, I get (when starting Apache HTTP Server): httpd: Syntax error on line 500 of /opt/lampp/etc/httpd.conf: Syntax error on line 1 of /opt/lampp/etc/tomcat.conf: Cannot load /opt/lampp/modules/mod_jk2.so into server: /opt/lampp/modules/mod_jk2.so: undefined symbol: apr_pool_get_parent Can anybody tell me what is wrong on this machine? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and SSL
Hi, I am trying to convice TOMCAT to work on SSL. I use openSSL according to the descriptions on page:http://wiki.apache.org/tomcat/HowTo#head-dda58b28679259196562da84ad73d7b35b41c5c2 No, I have a cetificate and try to generate a keystore. My trouble: This steps asks for a password. All my passwords (from the create-certificate process) do not work. Can anybody tell me what password is needed here? Thanks Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE Tomcat and SSL
maybe changeit ! Klaus-F. Kaal [EMAIL PROTECTED] ogic.com A users@tomcat.apache.org 12/04/2006 11:54 cc Objet Veuillez répondre Tomcat and SSL à Tomcat Users List [EMAIL PROTECTED] che.org Hi, I am trying to convice TOMCAT to work on SSL. I use openSSL according to the descriptions on page: http://wiki.apache.org/tomcat/HowTo#head-dda58b28679259196562da84ad73d7b35b41c5c2 No, I have a cetificate and try to generate a keystore. My trouble: This steps asks for a password. All my passwords (from the create-certificate process) do not work. Can anybody tell me what password is needed here? Thanks Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE RE Tomcat and SSL
You should insert you certificate in the cacerts keystore of your jdk. Klaus-F. Kaal [EMAIL PROTECTED] ogic.com A Tomcat Users List 12/04/2006 12:07 users@tomcat.apache.org cc Veuillez répondre Objet à RE Tomcat and SSL Tomcat Users List [EMAIL PROTECTED] che.org Thanks, I now created a keystore for TOMCAT. But still, when I start TOMCAT, I get the message: -- SCHWERWIEGEND: Error starting endpoint java.io.FileNotFoundException: /root/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:279) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:222) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:141) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75) at org.apache.catalina.connector.Connector.start(Connector.java:1089) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 12:02:36 org.apache.catalina.startup.Catalina start SCHWERWIEGEND: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.FileNotFoundException: /root/.keystore (No such fil e or directory) at org.apache.catalina.connector.Connector.start(Connector.java:1096) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 12:02:36 org.apache.catalina.startup.Catalina start --- Do I need to name the keystore, or so? Thanks Klaus - 8 maybe changeit ! Klaus-F. Kaal [EMAIL PROTECTED] ogic.com A users@tomcat.apache.org 12/04/2006 11:54 cc Objet
Re: RE Tomcat and SSL
Hi, I solved that problem. Now running in a new one: I have changed the file server.xml and set port 8080 to 80. I uncommented the SSL section and configured the port to 443. Now I expect Tomcat to run on port 80 (what is does), and that, when I call the same URL with https, that it calls the same page with that security. But with https it states that it cannot open the page. If I call the URL like this: http://myserver:443, it delivers an empty page with some squares drawn on it (non-printable chars). Who can help me? Thanks Klaus Klaus-F. Kaal schrieb: Thanks, I now created a keystore for TOMCAT. But still, when I start TOMCAT, I get the message: -- SCHWERWIEGEND: Error starting endpoint java.io.FileNotFoundException: /root/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:279) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:222) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:141) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75) at org.apache.catalina.connector.Connector.start(Connector.java:1089) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 12:02:36 org.apache.catalina.startup.Catalina start SCHWERWIEGEND: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.FileNotFoundException: /root/.keystore (No such fil e or directory) at org.apache.catalina.connector.Connector.start(Connector.java:1096) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 12:02:36 org.apache.catalina.startup.Catalina start --- Do I need to name the keystore, or so? Thanks Klaus - 8 maybe changeit ! Klaus-F. Kaal [EMAIL PROTECTED] ogic.com A users@tomcat.apache.org 12/04/2006 11:54 cc Objet Veuillez répondre Tomcat and SSL à Tomcat Users List [EMAIL PROTECTED] che.org Hi, I am trying to convice TOMCAT to work on SSL. I use openSSL according to the descriptions on page: http://wiki.apache.org/tomcat/HowTo#head-dda58b28679259196562da84ad73d7b35b41c5c2 No, I have a cetificate and try to generate a keystore. My trouble: This steps asks for a password. All my passwords (from the create-certificate process) do not work. Can anybody tell me what password is needed here? Thanks Klaus
RE: Error processing TLD listeners
Try removing the leading slash in your TLD path.. Change /WEB-INF/tlds/fmt.tld TO WEB-INF/tlds/fmt.tld Not sure if this will help, but worth a shot. -Original Message- From: A. Alonso Dominguez [mailto:[EMAIL PROTECTED] Sent: Wednesday, April 12, 2006 4:19 AM To: users@tomcat.apache.org Subject: Error processing TLD listeners Hi there, I'm having problems starting tomcat. My current version is 5.5.9 and when it starts it always logs the following error message: SEVERE: Error reading tld listeners javax.servlet.ServletException: Exception processing TLD at resource path /WEB-INF/tlds/fmt.tld in context /portal-webapp javax.servlet.ServletException: Exception processing TLD at resource path /WEB-INF/tlds/fmt.tld in context /portal-webapp at org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java :547) at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:300) at org.apache.catalina.core.StandardContext.processTlds( StandardContext.java:4193) at org.apache.catalina.core.StandardContext.start( StandardContext.java:4049) at org.apache.catalina.core.ContainerBase.addChildInternal( ContainerBase.java:759) at org.apache.catalina.core.ContainerBase.access$000( ContainerBase.java:121) at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run( ContainerBase.java:143) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ContainerBase.addChild( ContainerBase.java:737) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java :524) at org.apache.catalina.startup.HostConfig.deployDirectory( HostConfig.java:894) at org.apache.catalina.startup.HostConfig.deployDirectories( HostConfig.java:857) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java :475) at org.apache.catalina.startup.HostConfig.start(HostConfig.java :1102) at org.apache.catalina.startup.HostConfig.lifecycleEvent( HostConfig.java:311) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent( LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java :1020) at org.apache.catalina.core.StandardHost.start(StandardHost.java :718) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java :1012) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java :442) at org.apache.catalina.core.StandardService.start( StandardService.java:450) at org.apache.catalina.core.StandardServer.start(StandardServer.java :683) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) The webapp at that context path uses servlet spec 2.4 but JSP taglibs 1.0, maybe is there the problem? Regards, Alonso - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE Tomcat and SSL
Hi, I solved that problem. Now running in a new one: I have changed the file server.xml and set port 8080 to 80. I uncommented the SSL section and configured the port to 443. Now I expect Tomcat to run on port 80 (what is does), and that, when I call the same URL with https, that it calls the same page with that security. But with https it states that it cannot open the page. Your connector must look like this: Connector port=443 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=conf/.keystore keystorePass=secret truststoreFile=conf/cacerts/ -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Form Authentication against JNDI Datasource Realm
Hello, I'm new to Tomcat and I need some help. I have to configure tomcat to authenticate users of a single web application against MySql Database tables of users and roles. Following Tomcat guide I made this steps: 1) Create users and roles table as described in tomcat guide and copping Connector/j jar to /CATALINA_HOME/common/lib. 2) Configure MysqlDB and table as DataSourceResource in the application context in /META-INF/context.xml 3) Define Datasource realm to use the Reosource 4) add in /WEB-INF/web.xml a resource-ref to the resource 5) add in /WEB-INF/web.xml security-constraint, login-config and security-role configuration 6) write login.jsp with the standard form action and fields The problem is that I could get the login page correctly whenever i try to request a protected page, but I always get the Error page even if I insert the right username/password. I've tried to reconfigure the DB resource as Global resource in server.xml (jdbc/PMSGlobal instead of jdbc/PMSRead) but I still get the same behaviour...I guess that non authentication ever happen.. These are my server.xml, context.xml and web.xml (sorry, auto comments are in english but the ones adde by myself are in italian :-/ ...) SERVER.XML: ?xml version=1.0 encoding=UTF-8? !-- Example Server Configuration File --!-- Note that component elements are nested corresponding to their parent-child relationships with each other --!-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. --Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in the ClassLoader sense) of files to add to the default list. e.g. descriptors=/com/myfirm/mypackage/mbean-descriptor.xml -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams Resource name=jdbc/PMSGlobal auth=Container type=javax.sql.DataSource scope=Shareable /Resource ResourceParams name=jdbc/PMSGlobal parameter namefactory/name value org.apache.commons.dbcp.BasicDataSourceFactory /value /parameter !-- Don't set this any higher than max_connections on your MySQL server, usually this should be a 10 or a few 10's of connections, not hundreds or thousands -- parameter namemaxActive/name value10/value /parameter !-- You don't want to many idle connections hanging around if you can avoid it, only enough to soak up a spike in the load -- parameter namemaxIdle/name value5/value /parameter !-- Don't use autoReconnect=true, it's going away eventually and it's a crutch for older connection pools that couldn't test connections. You need to decide if your application is supposed to deal with SQLExceptions (hint, it should), and how much of a performance penalty you're willing to pay to ensure 'freshness' of the connection -- parameter namevalidationQuery/name valueSELECT 1/value /parameter !-- The most conservative approach is to test connections before they're given to your application. For most applications this is okay,
Re: RE Tomcat and SSL
Hi Franck, thank you for your hint. But I am not sure, which parameter is which file. To make things clear, here my procedure: openssl req -x509 -newkey rsa:512 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 1095 openssl genrsa -out ./key.pem 512 -days 1095 openssl req -new -key ./key.pem -out ./req.pem -days 1095 openssl ca -in ./req.pem -out ./cert.pem -days 1095 chown -R root:root ./cert chmod -R 700 ./cert then I cleaned cet.pem by hand (take out text before ---BEGIN CERTIFICATE--- The final step: ../java/bin/keytool -import -keystore ../tomcat/conf/.keystore -file ./cert.pem -alias wt24ca -- Setting up SSL is described in diffent documents so differenly, that it is hard to be sure of what to do. The above, I extraced from several descriptions. Could cou please tell me, which file from the above is used in server.xml? Thanks a lot Klaus Franck Borel schrieb: Hi, I solved that problem. Now running in a new one: I have changed the file server.xml and set port 8080 to 80. I uncommented the SSL section and configured the port to 443. Now I expect Tomcat to run on port 80 (what is does), and that, when I call the same URL with https, that it calls the same page with that security. But with https it states that it cannot open the page. Your connector must look like this: Connector port=443 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=conf/.keystore keystorePass=secret truststoreFile=conf/cacerts/ -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Klaus-F. Kaal* Geschäftsführer *TIMO/logic/ GmbH* Singener Str. 42d D-78256 Steisslingen phone +49 7738 97096 fax +49 7738 97094 web www.timologic.com http://www.timologic.com/ mail [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Das hat es bisher noch nicht gegeben:* *WebTresor24* http://www.webtresor24.de * Das Online Backup mit dem innovativen Sorglos - Konzept Wir sorgen dafür, dass Ihr Backup nie wieder vergessen wird!* * *
Re: Form Authentication against JNDI Datasource Realm
Hi Allesandro, take the following example and a clean server.xml and a clean /opt/tomcat/webapps/WEB-INF/web.xml (I really don't what the author of your server.xml/web.xml is trying to do): Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority?user=dbuseramp;password=dbpass userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Search the context element and put your realm inside: Server... Service... Connector ./Connector Engine .. Host ContextInsert here !Context/ | /Host /Service ... /Server Now, change add following to your web.xml: security-constraint web-resource-collection web-resource-nameAuthentication/web-resource-name url-pattern*/url-pattern /web-resource-collection auth-constraint role-namedemo/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTomcat Configuration/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/login-error.jsp/form-error-page /form-login-config /login-config Create a login.jsp and a login-error.jsp like the following example: head titleExample Organization WebLogin/title /head body pPlease login:/p form method=post action=j_security_check table tr tdstrongUID/strong/td tdinput name=j_username type=text id=j_username size=16 //td\/tr tr td strongPassword/strong /td td class=login input name=j_password type= password id=j_password size= 16 //td td class=login input name=Login type=submit id=Login value=Login / /td /tr /table /form /body /html Restart Tomcat and try it! -- Franck | Hello, I'm new to Tomcat and I need some help. I have to configure tomcat to authenticate users of a single web application against MySql Database tables of users and roles. Following Tomcat guide I made this steps: 1) Create users and roles table as described in tomcat guide and copping Connector/j jar to /CATALINA_HOME/common/lib. 2) Configure MysqlDB and table as DataSourceResource in the application context in /META-INF/context.xml 3) Define Datasource realm to use the Reosource 4) add in /WEB-INF/web.xml a resource-ref to the resource 5) add in /WEB-INF/web.xml security-constraint, login-config and security-role configuration 6) write login.jsp with the standard form action and fields The problem is that I could get the login page correctly whenever i try to request a protected page, but I always get the Error page even if I insert the right username/password. I've tried to reconfigure the DB resource as Global resource in server.xml (jdbc/PMSGlobal instead of jdbc/PMSRead) but I still get the same behaviour...I guess that non authentication ever happen.. These are my server.xml, context.xml and web.xml (sorry, auto comments are in english but the ones adde by myself are in italian :-/ ...) SERVER.XML: ?xml version=1.0 encoding=UTF-8? !-- Example Server Configuration File --!-- Note that component elements are nested corresponding to their parent-child relationships with each other --!-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. --Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in the ClassLoader sense) of files to add to the default list. e.g. descriptors=/com/myfirm/mypackage/mbean-descriptor.xml -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams Resource name=jdbc/PMSGlobal
Access Log Question
Hello, When configuring my Tomcat 5.5, I have added a context element to my server.xml for a certain site. Within that tag, I added logging for an access log. The access log rolls each day and shows the IP from user and the page, image, link he is accessing along with a http status code. So it appears this all works well. I would like to add the user-agent tag to this access log. Does anyone have an example of how this is done, or a link of how to accomplish this? Thanks,
Re: RE Tomcat and SSL
Hi Klaus, Hi Franck, thank you for your hint. But I am not sure, which parameter is which file. To make things clear, here my procedure: openssl req -x509 -newkey rsa:512 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 1095 openssl genrsa -out ./key.pem 512 -days 1095 openssl req -new -key ./key.pem -out ./req.pem -days 1095 openssl ca -in ./req.pem -out ./cert.pem -days 1095 chown -R root:root ./cert chmod -R 700 ./cert then I cleaned cet.pem by hand (take out text before ---BEGIN CERTIFICATE--- The final step: ../java/bin/keytool -import -keystore ../tomcat/conf/.keystore -file ./cert.pem -alias wt24ca -- Setting up SSL is described in diffent documents so differenly, that it is hard to be sure of what to do. The above, I extraced from several descriptions. Could cou please tell me, which file from the above is used in server.xml? You made a mix with to different tools (openssl and Java Keytool). I don't now if this is working. Anyway, here is an example of the element Connector with your values: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS/ Don't forget to edit your /webapps/web.xml: security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE Tomcat and SSL
Sorry to disturb you again, but all the entries in my server.xml do not seem to be the problem. *At present, TOMCAT states, that my .keystore was tampered or my password was incorrect.* But I did everything over and over again, and right! My trouble is that there are lots of descriptions of how to produce keys and certificates. One describes the signing of a key, the other descibes how to write a keystore. But all of them do not really fit together. Is there any step-by-step document for the full process? I found a script which looks like: -- openssl req -new -out server.csr openssl rsa -in privkey.pem -out server.key openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 To get the keystore, I added: java/bin/keytool -import -keystore /root/.keystore -file server.crt -alias wt24ca -- Do I need the keystore, or can I go with the server.ke and server.crt? Please help, I am working around and around ... Klaus Franck Borel schrieb: Hi Klaus, Hi Franck, thank you for your hint. But I am not sure, which parameter is which file. To make things clear, here my procedure: openssl req -x509 -newkey rsa:512 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 1095 openssl genrsa -out ./key.pem 512 -days 1095 openssl req -new -key ./key.pem -out ./req.pem -days 1095 openssl ca -in ./req.pem -out ./cert.pem -days 1095 chown -R root:root ./cert chmod -R 700 ./cert then I cleaned cet.pem by hand (take out text before ---BEGIN CERTIFICATE--- The final step: ../java/bin/keytool -import -keystore ../tomcat/conf/.keystore -file ./cert.pem -alias wt24ca -- Setting up SSL is described in diffent documents so differenly, that it is hard to be sure of what to do. The above, I extraced from several descriptions. Could cou please tell me, which file from the above is used in server.xml? You made a mix with to different tools (openssl and Java Keytool). I don't now if this is working. Anyway, here is an example of the element Connector with your values: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS/ Don't forget to edit your /webapps/web.xml: security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Klaus-F. Kaal* Geschäftsführer *TIMO/logic/ GmbH* Singener Str. 42d D-78256 Steisslingen phone +49 7738 97096 fax +49 7738 97094 web www.timologic.com http://www.timologic.com/ mail [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Das hat es bisher noch nicht gegeben:* *WebTresor24* http://www.webtresor24.de * Das Online Backup mit dem innovativen Sorglos - Konzept Wir sorgen dafür, dass Ihr Backup nie wieder vergessen wird!* * *
R: Form Authentication against JNDI Datasource Realm
Thank Franck but it seems it doesn't work anyway.. but I've found some other info.. The defaul server.xml bundled with tomcat installation (i'm Under Windows XP OS :-/) declare a standard in Memory realm based on file /conf/tomcat-users.xml in the Engine element and I can't delete it because otherwise my host, the tomcat manager and the tomcat administration tool won't work; so I try to add my login and my password to that file instead of reading them from Mysql. With this settings authentication work fine!!.. but I can't use that way.. So after that..it seems to me that Context Realm configuration DO NOT override parent (Engine) configuration but.. isn't it incorrect, is it? but Tomcat Guide said that a configuration will be in use UNLESS OVERRIDEN IN CHILD ELEMENT. So what's the problem? Ale -Messaggio originale- Da: Franck Borel [mailto:[EMAIL PROTECTED] Inviato: mercoledì 12 aprile 2006 14.43 A: Tomcat Users List Oggetto: Re: Form Authentication against JNDI Datasource Realm Hi Allesandro, take the following example and a clean server.xml and a clean /opt/tomcat/webapps/WEB-INF/web.xml (I really don't what the author of your server.xml/web.xml is trying to do): Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authority?user=dbuseramp;password=dbp ass userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name/ Search the context element and put your realm inside: Server... Service... Connector ./Connector Engine .. Host ContextInsert here !Context/ | /Host /Service ... /Server Now, change add following to your web.xml: security-constraint web-resource-collection web-resource-nameAuthentication/web-resource-name url-pattern*/url-pattern /web-resource-collection auth-constraint role-namedemo/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTomcat Configuration/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/login-error.jsp/form-error-page /form-login-config /login-config Create a login.jsp and a login-error.jsp like the following example: head titleExample Organization WebLogin/title /head body pPlease login:/p form method=post action=j_security_check table tr tdstrongUID/strong/td tdinput name=j_username type=text id=j_username size=16 //td\/tr tr td strongPassword/strong /td td class=login input name=j_password type= password id=j_password size= 16 //td td class=login input name=Login type=submit id=Login value=Login / /td /tr /table /form /body /html Restart Tomcat and try it! -- Franck | Hello, I'm new to Tomcat and I need some help. I have to configure tomcat to authenticate users of a single web application against MySql Database tables of users and roles. Following Tomcat guide I made this steps: 1) Create users and roles table as described in tomcat guide and copping Connector/j jar to /CATALINA_HOME/common/lib. 2) Configure MysqlDB and table as DataSourceResource in the application context in /META-INF/context.xml 3) Define Datasource realm to use the Reosource 4) add in /WEB-INF/web.xml a resource-ref to the resource 5) add in /WEB-INF/web.xml security-constraint, login-config and security-role configuration 6) write login.jsp with the standard form action and fields The problem is that I could get the login page correctly whenever i try to request a protected page, but I always get the Error page even if I insert the right username/password. I've tried to reconfigure the DB resource as Global resource in server.xml (jdbc/PMSGlobal instead of jdbc/PMSRead) but I still get the same behaviour...I guess that non authentication ever happen.. These are my server.xml, context.xml and web.xml (sorry, auto comments are in english but the ones adde by myself are in italian :-/ ...) SERVER.XML: ?xml version=1.0 encoding=UTF-8? !-- Example Server Configuration File --!-- Note that component elements are nested corresponding to their parent-child relationships with each other --!-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. --Server port=8005 shutdown=SHUTDOWN debug=0 !-- Comment these entries out to disable JMX MBeans support -- !-- You may also configure custom components (e.g. Valves/Realms) by including your own mbean-descriptor file(s), and setting the descriptors attribute to point to a ';' seperated list of paths (in
Re: RE Tomcat and SSL
Sorry to disturb you again, but all the entries in my server.xml do not seem to be the problem. *At present, TOMCAT states, that my .keystore was tampered or my password was incorrect.* But I did everything over and over again, and right! My trouble is that there are lots of descriptions of how to produce keys and certificates. One describes the signing of a key, the other descibes how to write a keystore. But all of them do not really fit together. Is there any step-by-step document for the full process? I found a script which looks like: -- openssl req -new -out server.csr openssl rsa -in privkey.pem -out server.key openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 To get the keystore, I added: java/bin/keytool -import -keystore /root/.keystore -file server.crt -alias wt24ca -- Do I need the keystore, or can I go with the server.ke and server.crt? Please help, I am working around and around ... Klaus Ok, Klaus. I think the problem is that Tomcat don't accept your openssl crt. Tomcat operates only with JKS or PKCS12 (-- OpenSSL) format keystores and there are some limitations on the support for PKCS12. So, try this: 1) keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/bin/.keystore -- creates key 2) keytool -export -alias tomcat -file tomcat-server.crt -keystore /opt/tomcat/bin/.keystore -- creates certificate and signs it with your key 3) keytool -import -file tomcat-server.crt -keystore /opt/tomcat/conf/cacerts -- creates a Keystore cacerts and add your certificate Now, edit your server.xml: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile = conf/.keystore keystorePass = secret truststoreFile = conf/cacerts/ This should work. -- Franck Franck Borel schrieb: Hi Klaus, Hi Franck, thank you for your hint. But I am not sure, which parameter is which file. To make things clear, here my procedure: openssl req -x509 -newkey rsa:512 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 1095 openssl genrsa -out ./key.pem 512 -days 1095 openssl req -new -key ./key.pem -out ./req.pem -days 1095 openssl ca -in ./req.pem -out ./cert.pem -days 1095 chown -R root:root ./cert chmod -R 700 ./cert then I cleaned cet.pem by hand (take out text before ---BEGIN CERTIFICATE--- The final step: ../java/bin/keytool -import -keystore ../tomcat/conf/.keystore -file ./cert.pem -alias wt24ca -- Setting up SSL is described in diffent documents so differenly, that it is hard to be sure of what to do. The above, I extraced from several descriptions. Could cou please tell me, which file from the above is used in server.xml? You made a mix with to different tools (openssl and Java Keytool). I don't now if this is working. Anyway, here is an example of the element Connector with your values: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS/ Don't forget to edit your /webapps/web.xml: security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dipl.-Hyd. Franck Borel Universitaetsbibliothek Freiburg EMail: [EMAIL PROTECTED] EDV-Dezernat Tel. : +49-761 / 203-3908 Werthmannplatz 2 | Postfach 1629 Fax : +49-761 / 203-3987 79098 Freiburg | 79016 Freiburg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE Tomcat and SSL
Hi Franck, still tomcat moans that the keystore was tampered or password was incorrect. I am not sure about the password. With all questions, I gave my own and allways the same. Was that correct? Klaus Franck Borel schrieb: Sorry to disturb you again, but all the entries in my server.xml do not seem to be the problem. *At present, TOMCAT states, that my .keystore was tampered or my password was incorrect.* But I did everything over and over again, and right! My trouble is that there are lots of descriptions of how to produce keys and certificates. One describes the signing of a key, the other descibes how to write a keystore. But all of them do not really fit together. Is there any step-by-step document for the full process? I found a script which looks like: -- openssl req -new -out server.csr openssl rsa -in privkey.pem -out server.key openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365 To get the keystore, I added: java/bin/keytool -import -keystore /root/.keystore -file server.crt -alias wt24ca -- Do I need the keystore, or can I go with the server.ke and server.crt? Please help, I am working around and around ... Klaus Ok, Klaus. I think the problem is that Tomcat don't accept your openssl crt. Tomcat operates only with JKS or PKCS12 (-- OpenSSL) format keystores and there are some limitations on the support for PKCS12. So, try this: 1) keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/bin/.keystore -- creates key 2) keytool -export -alias tomcat -file tomcat-server.crt -keystore /opt/tomcat/bin/.keystore -- creates certificate and signs it with your key 3) keytool -import -file tomcat-server.crt -keystore /opt/tomcat/conf/cacerts -- creates a Keystore cacerts and add your certificate Now, edit your server.xml: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile = conf/.keystore keystorePass = secret truststoreFile = conf/cacerts/ This should work. -- Franck Franck Borel schrieb: Hi Klaus, Hi Franck, thank you for your hint. But I am not sure, which parameter is which file. To make things clear, here my procedure: openssl req -x509 -newkey rsa:512 -keyout ./demoCA/private/cakey.pem -out ./demoCA/cacert.pem -days 1095 openssl genrsa -out ./key.pem 512 -days 1095 openssl req -new -key ./key.pem -out ./req.pem -days 1095 openssl ca -in ./req.pem -out ./cert.pem -days 1095 chown -R root:root ./cert chmod -R 700 ./cert then I cleaned cet.pem by hand (take out text before ---BEGIN CERTIFICATE--- The final step: ../java/bin/keytool -import -keystore ../tomcat/conf/.keystore -file ./cert.pem -alias wt24ca -- Setting up SSL is described in diffent documents so differenly, that it is hard to be sure of what to do. The above, I extraced from several descriptions. Could cou please tell me, which file from the above is used in server.xml? You made a mix with to different tools (openssl and Java Keytool). I don't now if this is working. Anyway, here is an example of the element Connector with your values: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS/ Don't forget to edit your /webapps/web.xml: security-constraint ... user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *Klaus-F. Kaal* Geschäftsführer *TIMO/logic/ GmbH* Singener Str. 42d D-78256 Steisslingen phone +49 7738 97096 fax +49 7738 97094 web www.timologic.com http://www.timologic.com/ mail [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] *Das hat es bisher noch
R: R: Form Authentication against JNDI Datasource Realm
so now these are my config files: server.xml: ?xml version=1.0 encoding=UTF-8? !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0 / !-- Global JNDI resources -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name value org.apache.catalina.users.MemoryUserDatabaseFactory /value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. -- !-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true compression=on compressionMinSize=2048 compressableMimeType=text/html,text/xml / !-- Note : To use gzip compression you could set the following properties : compression=on compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS compression=on / !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). -- !-- You should set jvmRoute to support load-balancing via JK/JK2 ie : Engine name=Standalone defaultHost=localhost debug=0 jvmRoute=jvm1 -- !-- Define the top level container in our container hierarchy -- Engine name=Catalina defaultHost=localhost debug=0 !-- Request dumping is disabled by default. Uncomment the
RE: R: Form Authentication against JNDI Datasource Realm
I suspect from the error msg that your server.xml is non well-formed somewhere, has a syntax error or bad class name. Try checking through it, or comparing it to a fresh server.xml from a Tomcat distro. Frustrating, but that's all it will be I think. Not sure if the carriage return is allowed or not in the value here .. parameter namefactory/name value org.apache.catalina.users.MemoryUserDatabaseFactory /value -Original Message- From: Brambilla Alessandro [mailto:[EMAIL PROTECTED] Sent: 12 April 2006 16:34 To: 'Tomcat Users List' Subject: R: R: Form Authentication against JNDI Datasource Realm so now these are my config files: server.xml: ?xml version=1.0 encoding=UTF-8? !-- Example Server Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0 / !-- Global JNDI resources -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name value org.apache.catalina.users.MemoryUserDatabaseFactory /value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. -- !-- Define a non-SSL Coyote HTTP/1.1 Connector on the port specified during installation -- Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true compression=on compressionMinSize=2048 compressableMimeType=text/html,text/xml / !-- Note : To use gzip compression you could set the following properties : compression=on compressionMinSize=2048 noCompressionUserAgents=gozilla, traviata compressableMimeType=text/html,text/xml -- !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS compression=on / !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine
Re: RE Tomcat and SSL
Klaus-F. Kaal [EMAIL PROTECTED] wrote on 04/12/2006 11:11:16 AM: Hi Franck, still tomcat moans that the keystore was tampered or password was incorrect. I am not sure about the password. With all questions, I gave my own and allways the same. Was that correct? Klaus Franck Borel schrieb: ... Ok, Klaus. I think the problem is that Tomcat don't accept your openssl crt. Tomcat operates only with JKS or PKCS12 (-- OpenSSL) format keystores and there are some limitations on the support for PKCS12. So, try this: 1) keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/bin/.keystore -- creates key 2) keytool -export -alias tomcat -file tomcat-server.crt -keystore /opt/tomcat/bin/.keystore -- creates certificate and signs it with your key 3) keytool -import -file tomcat-server.crt -keystore /opt/tomcat/conf/cacerts -- creates a Keystore cacerts and add your certificate Now, edit your server.xml: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookup=false acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile = conf/.keystore keystorePass = secret truststoreFile = conf/cacerts/ This should work. -- Franck Klaus, I just solved a similar problem (I described it in a message in this forum:Tomcat on AIX, IBM's JVM. Was Re: [OT] AIX filtering Explorer?). I did everything Franck suggested with no luck. I added the full path to the (key|trust)storeFile paramaters and it worked. I'll experiment to find a precise cause of the problem. I have symbolic links in my path to the tomcat distribution, which may cause a problem. BTW I think Franck's instructions should have been either 1) keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/tomcat/conf/.keystore -- creates key or keystoreFile = bin/.keystore and probably he meant the former. Tim S __ This email has been scanned by the MessageLabs Email Security System. Our company accepts no liability for the content of this email, or for the consequences of any actions taken on the basis of the information provided, unless that information is subsequently confirmed in writing. Any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. WARNING: Computer viruses can be transmitted via email. The recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. 11/29/2003 ACE Software, LLC - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Build mod_jk from CVS
Hi, Can somebody point me out how to build mod_jk from the latest CVS tree ? I did really search on the site, but I couldn´t find. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE Tomcat and SSL
Hi, thank you very much for all your effords, but it still does'nt work. That is what I do: CREATE KEY: -- ../../java/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore /opt/wt24/apache-tomcat-5.5.16/conf/.keystore ../../java/bin/keytool -export -alias tomcat -file /opt/wt24/apache-tomcat-5.5.16/conf/tomcat-server.crt -keystore /opt/wt24/apache-tomcat-5.5.16/conf/.keystore ../../java/bin/keytool -import -file /opt/wt24/apache-tomcat-5.5.16/conf/tomcat-server.crt -keystore /opt/wt24/apache-tomcat-5.5.16/conf/cacerts In this process, I use the same password for all -- SERVER.XML looks like this: -- Connector port=443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystorePass=secret debug=0 keystoreFile=/opt/wt24/apache-tomcat-5.5.16/conf/.keystore truststoreFile=/opt/wt24/apache-tomcat-5.5.16/conf/cacerts truststorePass=password as used in key-creation / - When I START TOMCAT, the log shows: INFO: Starting Coyote HTTP/1.1 on http-80 12.04.2006 19:43:55 org.apache.coyote.http11.Http11BaseProtocol start SCHWERWIEGEND: Error starting endpoint java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:768) at java.security.KeyStore.load(KeyStore.java:1150) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:282) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:222) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.getKeyManagers(JSSE14SocketFactory.java:141) at org.apache.tomcat.util.net.jsse.JSSE14SocketFactory.init(JSSE14SocketFactory.java:109) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:88) at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:292) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:312) at org.apache.coyote.http11.Http11BaseProtocol.start(Http11BaseProtocol.java:150) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:75) at org.apache.catalina.connector.Connector.start(Connector.java:1089) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 19:43:55 org.apache.catalina.startup.Catalina start SCHWERWIEGEND: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.io.IOException: Keystore was tampered with, or passwor d was incorrect at org.apache.catalina.connector.Connector.start(Connector.java:1096) at org.apache.catalina.core.StandardService.start(StandardService.java:459) at org.apache.catalina.core.StandardServer.start(StandardServer.java:709) at org.apache.catalina.startup.Catalina.start(Catalina.java:551) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) 12.04.2006 19:43:55 org.apache.catalina.startup.Catalina start INFO: Server startup in 4215 ms I need to find the reason for my problems. Please
compression filter
Gentlemen Any clues where to acquire jar for compressionFilter ??? Thanks, Martin- * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you.
Re: compression filter
On 4/12/06, Martin Gainty [EMAIL PROTECTED] wrote: Any clues where to acquire jar for compressionFilter ??? source and compiled files are in the servlets-examples webapp... HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] How to write/use Tomcat's war classloader
maybe you could give a bit more context to interpret very slow or quickly. like what version of tc and jvm are you using ... etc On 4/12/06, V D [EMAIL PROTECTED] wrote: Anyone have an idea about this? V D wrote: We have a sizable war file (|unpacked|) that needs to be run in certain way outside of Tomcat. To do this, we created a classloader which works Ok except that it's very slow (using JarFile). I know that when deploy apps in Tomcat, I can specify it to not to unpack (|unpackWAR = false). However, Tomcat load and run the apps quickly. I looked into Tomcat source, the org.apache.catalina.loader package and could not find anything like that. I see WebappClassLoader, but it seems to load from an unpacked war, not packed war. Does Tomcat actually unpack the war before loading the app? If not, could someone point me to the right place to look, or give some advice on how to write this thing faster? Thanks, -vd | - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE Tomcat and SSL
Awesome. I had spent like 3 hours fiddling with Tomcat and SSL. I followed the directions at http://tomcat.apache.org/tomcat-5.0-doc/ssl-howto.html, but it turns out if you include the className attribute, you'll get an InvocationTargetException and Tomcat will fail to start =( So make sure you leave that part out like Franck has to prevent hair pulling. Franck Borel wrote: Hi, I solved that problem. Now running in a new one: I have changed the file server.xml and set port 8080 to 80. I uncommented the SSL section and configured the port to 443. Now I expect Tomcat to run on port 80 (what is does), and that, when I call the same URL with https, that it calls the same page with that security. But with https it states that it cannot open the page. Your connector must look like this: Connector port=443 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=conf/.keystore keystorePass=secret truststoreFile=conf/cacerts/ -- Franck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Build mod_jk from CVS
On a unix type platform: run buildconf.sh included in HEAD. It will produce configure. Then use configure and make as usual. buildconf.sh is a short shell script using autoconf/automake/... so you will need these tools installed. Webmaster wrote: Hi, Can somebody point me out how to build mod_jk from the latest CVS tree ? I did really search on the site, but I couldn´t find. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: UserTransaction, JOTM and Tomcat 5.5.x
The java.lang.NoSuchMethodError goes away if you recompile the carol library using JDK 1.5. The JOTM uses the carol stubs, I presume. Anyway, I got the hint from this location: http://jira.ofbiz.org/browse/OFBIZ-737 I compiled JOTM for good measure as well. All seemed to work fine after that. Regards -- View this message in context: http://www.nabble.com/UserTransaction%2C-JOTM-and-Tomcat-5.5.x-t1073172.html#a3891129 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: compression filter
Thanks ! Martin * This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: Hassan Schroeder [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org; Martin Gainty [EMAIL PROTECTED] Sent: Wednesday, April 12, 2006 5:15 PM Subject: Re: compression filter On 4/12/06, Martin Gainty [EMAIL PROTECTED] wrote: Any clues where to acquire jar for compressionFilter ??? source and compiled files are in the servlets-examples webapp... HTH! -- Hassan Schroeder [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Special Character getting converted from ß to SS
Hi All, I am facing a strange problem in my application , wherein I upload data either from xls file or text file , and that support ISO-8859-1 encoding everytime I upload a file with character ªºÀÁÁÂÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞ ß all of my characters are uploaded properly except for the last character(ß--- SS ) see below the output from database ªºÀÁÁÂÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝÞ SS I tried using setting NLS_LANG=AMERICAN_AMERICA.UTF8 and earlier with default setting , in both case I am getting same problem Also my database is supporting ISO-8859-1 encoding Any pointer please ? Thanks Notice: The information contained in this e-mail message and/or attachments to it may contain confidential or privileged information. If you are not the intended recipient, any dissemination, use, review, distribution, printing or copying of the information contained in this e-mail message and/or attachments to it are strictly prohibited. If you have received this communication in error, please notify us by reply e-mail or telephone and immediately and permanently delete the message and any attachments. Thank you - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multi user setup in a non root environnement
François Conil wrote: By trying things here and there, I found that actually, it launches a 404 error on /~user/ when using the www.site.com:8080 address. The www.site.com works just fine, being an apache frontend. Something must prevent it from correctly use the UserConfig directive, but the log doesn't show anything relevant :| 2006-04-06 12:11:52 UserConfig[www.site.com]: UserConfig: Processing START 2006-04-06 12:11:52 UserConfig[www.site.com]: Deploying user web applications When launching it under the root account, I get : 2006-04-06 12:11:52 UserConfig[www.site.com]: UserConfig: Processing START 2006-04-06 12:11:52 UserConfig[www.site.com]: Deploying user web applications 2006-04-06 11:18:06 UserConfig[www.site.com]: Deploying web application for user User 2006-04-06 11:28:27 UserConfig[www.site.com]: UserConfig: Processing STOP Looks kinda fishy to me. Anyone knows of some test I could try to narrow down the problem a bit more ? Thanks by advance, François - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
