date:20091110


On 10/11/2009 08:44, fireportal wrote:


Hi, i have this problem of i am able to edit the xml file but when i try to
link it up with a piechart using amchart, the data shown is that of the
previous data before the update. It is only when i open up the xml file to
refresh it that it is able to show the new data.


You are referring to the xml file as if it's something we all know about.


Tried setting cachingAllowed to false and reloadable to true but the problem
still exisit.


The reloadable attribute doesn't do what you think it does.  Read the 
docs for your Tomcat level again.



Tried to add a parameter to the output file like this String
outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml? + new Date();
but there is error.


There's an error because you can't append a query string to an output 
file path.  Query strings are added when you perform a request for a 
path or file, but not when writing inside the file system.


Even if you could make it work, you'd then have a file called:

 fail.txt?x=2

which you couldn't add a query string to when requested in a browser.

 fail.txt?x=2?q=bah



Please help. Thanks a lot!! Really desperate


It would help if you explained yourself properly, rather than jumping in 
and assuming someone happens to suffer from Internet Telepathy.




My code is as below

String inputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml;
 String outputFile = ../Googlipse/twitter.mining/WebContent/Pie.xml;


These are relative paths.

Obviously I can't tell what they're relative to, because I have no idea 
whether this code is running on an Android phone or in a class deployed 
in a Servlet Container.  (Hint: more info required).


I can't tell even if you're updating the right file*.


Document doc =
DocumentBuilderFactory.newInstance().newDocumentBuilder().parse(new
InputSource(inputFile));


This might work, but I can't tell because I don't know where it's 
measuring the relative inputFile path from.*



XPath xpath = 
XPathFactory.newInstance().newXPath();
NodeList nodes =
(NodeList)xpath.evaluate(//sli...@title='Positive'], doc,
XPathConstants.NODESET);

for (int idx = 0; idx  nodes.getLength(); idx++) {
nodes.item(idx).setTextContent(6);
}


Transformer xformer =
TransformerFactory.newInstance().newTransformer();
xformer.transform(new DOMSource(doc), new 
StreamResult(new
File(outputFile)));


Likewise, the relative path might work, or might not.
So, you attempted to update an XML file of some unknown format. (Hint*).


Retrieving the xml file:

script type=text/javascript
//![CDATA[  

var so = new SWFObject(ampie.swf, ampie, 360, 300, 8,
#FF);

so.addVariable(settings_file,
encodeURIComponent(ampie_settings1.xml));
so.addVariable(data_file, encodeURIComponent(Pie.xml));
so.write(flashcontent);
// ]]
/script


I'm not entirely sure what encodeURIComponent() does*, if it doesn't add 
anything to the URL, then it's somewhat pointless.


If you want to add a param to the URL, this is the place to do it, 
assuming encodeURIComponent() doesn't do anything unusual:


 encodeURIComponent(Pie.xml?d=+(new Date()).getTime())


The problem is not Tomcat, the problem is that your browser is caching 
the Flash/XML file.  You need to ensure that the XML file is sent with 
no-cache type headers, which you can do with a simple servlet Filter.


If you have not thoroughly read the Tomcat docs, wiki  examples, now 
would be a good time.



p


* Because you didn't tell us.  Start by assuming that we don't know what 
you've spent the last 24 hours doing.


It's also preferable to tell us Tomcat, OS, JVM version when you ask a 
question to avoid people like me sending snippy replies when we have to 
guess what you're trying to do.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app

Hi P,

Thanks very much for your reasoned helpful response.

I fancied securing only login because I only want logged in users to see the 
service and I want the login to be secure (passwords are safe) but the data 
itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting 
normal data communication? :)

To be honest I'm happy to just encrypt the whole thing if that's just going to 
save me a lot of hassle.

My last stab at this is maybe I could use a scenario of filtering all requests 
and essentially do:

if (logged in) {
  if (https) goto http
} else {
  if (http) goto https
}

And then rely on the security constraint only for requiring login and the Valve 
only for forwarding the request to the login page?

R.

On 9 Nov 2009, at 23:05, Pid wrote:

 On 09/11/2009 22:33, Robert Denison wrote:
 Hi all,
 
 I am trying to have setup my tomcat webapp to be secure for login only.
 It works as you'd expect if the security-constraint for /* is unsecure
 and if I make it secure (using CONFIDENTIAL) for /*.
 
 However if I try to make it secure only for the login page and unsecure
 elsewhere any attempt to go to a page redirects to the login page but
 unsecure - not using the https and higher port. I've seen comments about
 filters to redirect up to the https port but my thoughts are:
 
 1) From what I understand it should be possible with multiple
 constraints for different URLs, and
 2) as I only want to do this if the user is not logged in I'm not sure
 how the filter would work.
 
 I have a working https Connector because I can use the service
 configured for /* to be secure.
 
 So, to summarise, you want *only* the login page to be sent over SSL?
 
 
 The login page isn't ever requested directly, it's forwarded to by the 
 AuthenticationValve.  This means that you can place it out of the way, in, 
 say:
 
 WEB-INF/login/form.jsp
 WEB-INF/login/error.jsp
 
 but it also means that you shouldn't directly request the login page.
 
 When you're using Container managed security, you request a secured resource 
 and the Valve forwards to the form.  Once you authenticate the original 
 request is restored.
 
 Your config won't enforce SSL for the login page because the container 
 forwards the request to the page after it recognises the /* rule requires a 
 login.
 
 
 If you want the whole app to require a login, you can either choose to use 
 SSL, or not, but you can't easily send the login page only over SSL.
 
 If only one part of the app required a login, you could employ a Filter to 
 downgrade to non-SSL when the URL didn't match that path.
 
 Is there a particular reason why you want to downgrade after login?
 
 
 You might look into the Tomcat compatible SecurityFilter project, as it 
 provides very similar functionality to container managed security, but more 
 flexibility.
 
 http://securityfilter.sourceforge.net/
 
 
 p
 
 
 Any offered help appreciated.
 
 The relevant (I think) web.xml snippet is:
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication Login/web-resource-name
 url-pattern/login.jsp/url-pattern
 http-methodGET/http-method
 http-methodPOST/http-method
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint
 /security-constraint
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication/web-resource-name
 url-pattern/*/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 /security-constraint
 
 !-- Define the Login Configuration for this Application --
 login-config
 auth-methodFORM/auth-method
 realm-nameApplication/realm-name
 form-login-config
 form-login-page/jsp/login.jsp/form-login-page
 form-error-page/jsp/error.jsp/form-error-page
 /form-login-config
 /login-config
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Suggested workaround for bug 47316

2009-11-10 Thread Amol Wate (awate)

Hi Mark,
I tried it but the approach did not succeed. As in this thread
http://www.mail-archive.com/users@tomcat.apache.org/msg62626.html

Is there any other workaround?
Thanks
Amol

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org] 
Sent: Tuesday, November 10, 2009 3:33 PM
To: Tomcat Users List
Subject: Re: Suggested workaround for bug 47316

Amol Wate (awate) wrote:
 Is there a suggested workaround for the bug 47316 In config file,
 Service and engine names must match   without building the tomcat
 source. 
  
 https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3
  
 We are using a programmatic interface, not the server.xml.

Use the same name for engine and service name.

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app


On 10/11/2009 10:07, Robert Denison wrote:

Hi P,

Thanks very much for your reasoned helpful response.

I fancied securing only login because I only want logged in users to see the 
service and I want the login to be secure (passwords are safe) but the data 
itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting 
normal data communication? :)


Using SSL can interfere with caching of CSS, images etc.  Getting those 
for each main request could cost the client more time than the 
encryption takes.


Paying attention to static resource caching is a good idea.



To be honest I'm happy to just encrypt the whole thing if that's just going to 
save me a lot of hassle.


Do it, see how it works out.  Then try:


My last stab at this is maybe I could use a scenario of filtering all requests 
and essentially do:

if (logged in) {
   if (https) goto http
} else {
   if (http) goto https
}

And then rely on the security constraint only for requiring login and the Valve 
only for forwarding the request to the login page?


This would probably work out OK, (just remember that the Filter will 
work at a level above/after the Valve has a chance to act).



p




R.

On 9 Nov 2009, at 23:05, Pid wrote:


On 09/11/2009 22:33, Robert Denison wrote:

Hi all,

I am trying to have setup my tomcat webapp to be secure for login only.
It works as you'd expect if the security-constraint for /* is unsecure
and if I make it secure (using CONFIDENTIAL) for /*.

However if I try to make it secure only for the login page and unsecure
elsewhere any attempt to go to a page redirects to the login page but
unsecure - not using the https and higher port. I've seen comments about
filters to redirect up to the https port but my thoughts are:

1) From what I understand it should be possible with multiple
constraints for different URLs, and
2) as I only want to do this if the user is not logged in I'm not sure
how the filter would work.

I have a working https Connector because I can use the service
configured for /* to be secure.


So, to summarise, you want *only* the login page to be sent over SSL?


The login page isn't ever requested directly, it's forwarded to by the 
AuthenticationValve.  This means that you can place it out of the way, in, say:

WEB-INF/login/form.jsp
WEB-INF/login/error.jsp

but it also means that you shouldn't directly request the login page.

When you're using Container managed security, you request a secured resource 
and the Valve forwards to the form.  Once you authenticate the original request 
is restored.

Your config won't enforce SSL for the login page because the container forwards 
the request to the page after it recognises the /* rule requires a login.


If you want the whole app to require a login, you can either choose to use SSL, 
or not, but you can't easily send the login page only over SSL.

If only one part of the app required a login, you could employ a Filter to 
downgrade to non-SSL when the URL didn't match that path.

Is there a particular reason why you want to downgrade after login?


You might look into the Tomcat compatible SecurityFilter project, as it 
provides very similar functionality to container managed security, but more 
flexibility.

http://securityfilter.sourceforge.net/


p



Any offered help appreciated.

The relevant (I think) web.xml snippet is:

security-constraint
web-resource-collection
web-resource-nameApplication Login/web-resource-name
url-pattern/login.jsp/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
role-nameplayer/role-name
/auth-constraint
user-data-constraint
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint

security-constraint
web-resource-collection
web-resource-nameApplication/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameplayer/role-name
/auth-constraint
/security-constraint

!-- Define the Login Configuration for this Application --
login-config
auth-methodFORM/auth-method
realm-nameApplication/realm-name
form-login-config
form-login-page/jsp/login.jsp/form-login-page
form-error-page/jsp/error.jsp/form-error-page
/form-login-config
/login-config


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands,

Re: Secure login only, not rest of app

Ugh, I didn't know about the interference with caching (I am fairly new to 
this) so it seems that adds weight to the idea of not securing anything but the 
login process I'll give these ideas a try and report back so it's public 
info.

Thanks again P.

R.

On 10 Nov 2009, at 10:42, Pid wrote:

 On 10/11/2009 10:07, Robert Denison wrote:
 Hi P,
 
 Thanks very much for your reasoned helpful response.
 
 I fancied securing only login because I only want logged in users to see the 
 service and I want the login to be secure (passwords are safe) but the data 
 itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting 
 normal data communication? :)
 
 Using SSL can interfere with caching of CSS, images etc.  Getting those for 
 each main request could cost the client more time than the encryption takes.
 
 Paying attention to static resource caching is a good idea.
 
 
 To be honest I'm happy to just encrypt the whole thing if that's just going 
 to save me a lot of hassle.
 
 Do it, see how it works out.  Then try:
 
 My last stab at this is maybe I could use a scenario of filtering all 
 requests and essentially do:
 
 if (logged in) {
   if (https) goto http
 } else {
   if (http) goto https
 }
 
 And then rely on the security constraint only for requiring login and the 
 Valve only for forwarding the request to the login page?
 
 This would probably work out OK, (just remember that the Filter will work at 
 a level above/after the Valve has a chance to act).
 
 
 p
 
 
 
 R.
 
 On 9 Nov 2009, at 23:05, Pid wrote:
 
 On 09/11/2009 22:33, Robert Denison wrote:
 Hi all,
 
 I am trying to have setup my tomcat webapp to be secure for login only.
 It works as you'd expect if the security-constraint for /* is unsecure
 and if I make it secure (using CONFIDENTIAL) for /*.
 
 However if I try to make it secure only for the login page and unsecure
 elsewhere any attempt to go to a page redirects to the login page but
 unsecure - not using the https and higher port. I've seen comments about
 filters to redirect up to the https port but my thoughts are:
 
 1) From what I understand it should be possible with multiple
 constraints for different URLs, and
 2) as I only want to do this if the user is not logged in I'm not sure
 how the filter would work.
 
 I have a working https Connector because I can use the service
 configured for /* to be secure.
 
 So, to summarise, you want *only* the login page to be sent over SSL?
 
 
 The login page isn't ever requested directly, it's forwarded to by the 
 AuthenticationValve.  This means that you can place it out of the way, in, 
 say:
 
 WEB-INF/login/form.jsp
 WEB-INF/login/error.jsp
 
 but it also means that you shouldn't directly request the login page.
 
 When you're using Container managed security, you request a secured 
 resource and the Valve forwards to the form.  Once you authenticate the 
 original request is restored.
 
 Your config won't enforce SSL for the login page because the container 
 forwards the request to the page after it recognises the /* rule requires a 
 login.
 
 
 If you want the whole app to require a login, you can either choose to use 
 SSL, or not, but you can't easily send the login page only over SSL.
 
 If only one part of the app required a login, you could employ a Filter to 
 downgrade to non-SSL when the URL didn't match that path.
 
 Is there a particular reason why you want to downgrade after login?
 
 
 You might look into the Tomcat compatible SecurityFilter project, as it 
 provides very similar functionality to container managed security, but more 
 flexibility.
 
 http://securityfilter.sourceforge.net/
 
 
 p
 
 
 Any offered help appreciated.
 
 The relevant (I think) web.xml snippet is:
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication Login/web-resource-name
 url-pattern/login.jsp/url-pattern
 http-methodGET/http-method
 http-methodPOST/http-method
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint
 /security-constraint
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication/web-resource-name
 url-pattern/*/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 /security-constraint
 
 !-- Define the Login Configuration for this Application --
 login-config
 auth-methodFORM/auth-method
 realm-nameApplication/realm-name
 form-login-config
 form-login-page/jsp/login.jsp/form-login-page
 form-error-page/jsp/error.jsp/form-error-page
 /form-login-config
 /login-config
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -
 To unsubscribe, e-mail:

Re: Suggested workaround for bug 47316

2009-11-10 Thread Konstantin Kolinko

2009/11/10 Amol Wate (awate) aw...@cisco.com:
 Hi Mark,
 I tried it but the approach did not succeed. As in this thread
 http://www.mail-archive.com/users@tomcat.apache.org/msg62626.html

 Is there any other workaround?
 Thanks
 Amol

 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org]
 Sent: Tuesday, November 10, 2009 3:33 PM
 To: Tomcat Users List
 Subject: Re: Suggested workaround for bug 47316

 Amol Wate (awate) wrote:
 Is there a suggested workaround for the bug 47316 In config file,
 Service and engine names must match   without building the tomcat
 source.

 https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3

 We are using a programmatic interface, not the server.xml.

 Use the same name for engine and service name.

 Mark


It should be obvious, but start with

http://catb.org/~esr/faqs/smart-questions.html#beprecise
http://catb.org/~esr/faqs/smart-questions.html#explicit

and the rest of the tips there.

It might well be that you face a different problem.


Best regards,
Konstantin Kolinko

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app

I assume that the standard way of dealing with static caching is to have e.g. 
an images (css etc) directory and have that not secure?

Simple question but can you do one /* constraint and then override that with a 
subsequent /images (and css etc) constraint or is there a different preferred 
way to do this kind of setup? It would be mildly annoying if I have to have all 
my main pages under some subdir (lengthening my URLs) just to differentiate, so 
I assume there is a better way?

R.

On 10 Nov 2009, at 10:42, Pid wrote:

 On 10/11/2009 10:07, Robert Denison wrote:
 Hi P,
 
 Thanks very much for your reasoned helpful response.
 
 I fancied securing only login because I only want logged in users to see the 
 service and I want the login to be secure (passwords are safe) but the data 
 itself is irrelevant so I figure why spend cpu cycles encrypting/decrypting 
 normal data communication? :)
 
 Using SSL can interfere with caching of CSS, images etc.  Getting those for 
 each main request could cost the client more time than the encryption takes.
 
 Paying attention to static resource caching is a good idea.
 
 
 To be honest I'm happy to just encrypt the whole thing if that's just going 
 to save me a lot of hassle.
 
 Do it, see how it works out.  Then try:
 
 My last stab at this is maybe I could use a scenario of filtering all 
 requests and essentially do:
 
 if (logged in) {
   if (https) goto http
 } else {
   if (http) goto https
 }
 
 And then rely on the security constraint only for requiring login and the 
 Valve only for forwarding the request to the login page?
 
 This would probably work out OK, (just remember that the Filter will work at 
 a level above/after the Valve has a chance to act).
 
 
 p
 
 
 
 R.
 
 On 9 Nov 2009, at 23:05, Pid wrote:
 
 On 09/11/2009 22:33, Robert Denison wrote:
 Hi all,
 
 I am trying to have setup my tomcat webapp to be secure for login only.
 It works as you'd expect if the security-constraint for /* is unsecure
 and if I make it secure (using CONFIDENTIAL) for /*.
 
 However if I try to make it secure only for the login page and unsecure
 elsewhere any attempt to go to a page redirects to the login page but
 unsecure - not using the https and higher port. I've seen comments about
 filters to redirect up to the https port but my thoughts are:
 
 1) From what I understand it should be possible with multiple
 constraints for different URLs, and
 2) as I only want to do this if the user is not logged in I'm not sure
 how the filter would work.
 
 I have a working https Connector because I can use the service
 configured for /* to be secure.
 
 So, to summarise, you want *only* the login page to be sent over SSL?
 
 
 The login page isn't ever requested directly, it's forwarded to by the 
 AuthenticationValve.  This means that you can place it out of the way, in, 
 say:
 
 WEB-INF/login/form.jsp
 WEB-INF/login/error.jsp
 
 but it also means that you shouldn't directly request the login page.
 
 When you're using Container managed security, you request a secured 
 resource and the Valve forwards to the form.  Once you authenticate the 
 original request is restored.
 
 Your config won't enforce SSL for the login page because the container 
 forwards the request to the page after it recognises the /* rule requires a 
 login.
 
 
 If you want the whole app to require a login, you can either choose to use 
 SSL, or not, but you can't easily send the login page only over SSL.
 
 If only one part of the app required a login, you could employ a Filter to 
 downgrade to non-SSL when the URL didn't match that path.
 
 Is there a particular reason why you want to downgrade after login?
 
 
 You might look into the Tomcat compatible SecurityFilter project, as it 
 provides very similar functionality to container managed security, but more 
 flexibility.
 
 http://securityfilter.sourceforge.net/
 
 
 p
 
 
 Any offered help appreciated.
 
 The relevant (I think) web.xml snippet is:
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication Login/web-resource-name
 url-pattern/login.jsp/url-pattern
 http-methodGET/http-method
 http-methodPOST/http-method
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 user-data-constraint
 transport-guaranteeCONFIDENTIAL/transport-guarantee
 /user-data-constraint
 /security-constraint
 
 security-constraint
 web-resource-collection
 web-resource-nameApplication/web-resource-name
 url-pattern/*/url-pattern
 /web-resource-collection
 auth-constraint
 role-nameplayer/role-name
 /auth-constraint
 /security-constraint
 
 !-- Define the Login Configuration for this Application --
 login-config
 auth-methodFORM/auth-method
 realm-nameApplication/realm-name
 form-login-config
 form-login-page/jsp/login.jsp/form-login-page
 form-error-page/jsp/error.jsp/form-error-page
 /form-login-config
 /login-config
 
 
 -
 To

Re: Secure login only, not rest of app

Just to pick up on the point below. 

If the Valve acts before the filter then I would guess my idea can't work 
because the login will have already happened before I get chance to redirect to 
https. Therefore meaning the login process will have happened unencrypted...

R.

On 10 Nov 2009, at 10:42, Pid wrote:

 My last stab at this is maybe I could use a scenario of filtering all 
 requests and essentially do:
 
 if (logged in) {
   if (https) goto http
 } else {
   if (http) goto https
 }
 
 And then rely on the security constraint only for requiring login and the 
 Valve only for forwarding the request to the login page?
 
 This would probably work out OK, (just remember that the Filter will work at 
 a level above/after the Valve has a chance to act).


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app

2009-11-10 Thread Peter Crowther

2009/11/10 Robert Denison r...@blim.org:
 I assume that the standard way of dealing with static caching is to have e.g. 
 an images (css etc) directory and have that not secure?

No, as on most browsers that will pop up a dialog box with something
like this page contains both secure and insecure items.  Do you want
to display the insecure items?

All content referenced from a secure page should be secure to prevent
this warning.

- Peter

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app

Thanks peter, 

Don't suppose anyone can point me to any documentation that talks about getting 
caching working properly for tomcat and static content can they?

R.

On 10 Nov 2009, at 13:14, Peter Crowther wrote:

 2009/11/10 Robert Denison r...@blim.org:
 I assume that the standard way of dealing with static caching is to have 
 e.g. an images (css etc) directory and have that not secure?
 
 No, as on most browsers that will pop up a dialog box with something
 like this page contains both secure and insecure items.  Do you want
 to display the insecure items?
 
 All content referenced from a secure page should be secure to prevent
 this warning.
 
 - Peter
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about mod_jk 1.2.28 configuration

2009-11-10 Thread thomas2004


Remove the socket_timeout. Please let us know, whether that helped.

I've moved the socket_timeout and the reply_timeout two days ago but it
doesn't help.

My workersproperties looks now as follow:

[code]
worker.worker_portfolio_son1.connection_pool_timeout=600
worker.worker_portfolio_son1.socket_keepalive=True
worker.worker_portfolio_son1.lbfactor=1
worker.worker_portfolio_son1.type=ajp13
worker.worker_portfolio_son1.port=8009
worker.worker_portfolio_son1.host=appl-portfolio-test.proactiv.de
worker.worker_portfolio_son1.sticky_session=True
worker.worker_portfolio_son1.ping_timeout=1
worker.worker_portfolio_son1.ping_mode=A
worker.worker_portfolio_son1.retries=2
worker.worker_portfolio_son1.activation=A
worker.worker_portfolio_son1.recovery_options=7
[/code]


To improve stability you should add a socket-connect_timeout and
cping/cpong. See:

http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html

I will try this later and tell you the result.

Btw, is there any difference between mod_jk 1.2.26 and 1.2.28. I wonder why
it works by 1.2.26 but not by 1.2.28. 


Regards

Thomas


-- 
View this message in context: 
http://old.nabble.com/A-question-about-mod_jk-1.2.28-configuration-tp26264069p26283383.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Secure login only, not rest of app


On 10/11/2009 12:48, Robert Denison wrote:

Just to pick up on the point below.

If the Valve acts before the filter then I would guess my idea can't work 
because the login will have already happened before I get chance to redirect to 
https. Therefore meaning the login process will have happened unencrypted...


Ah, yes, indeed.

p



R.

On 10 Nov 2009, at 10:42, Pid wrote:


My last stab at this is maybe I could use a scenario of filtering all requests 
and essentially do:

if (logged in) {
   if (https) goto http
} else {
   if (http) goto https
}

And then rely on the security constraint only for requiring login and the Valve 
only for forwarding the request to the login page?


This would probably work out OK, (just remember that the Filter will work at a 
level above/after the Valve has a chance to act).



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 5.5.26 hangs

2009-11-10 Thread conrad-tomcat . users . 2009

Hi,

for completeness: the issue seems to have been resolved.
The problems were apparently caused by a misconfigured
router between the webservers and the appservers.

Am Mittwoch, 14. Oktober 2009 schrieb Mark Thomas:

  Any idea how to gain more information?

 Jk debug logs
 wireshark
 compare httpd and Tomcat access logs

netstat was found to be very helpful, because it showed
non-empty send-queues and lots of connections in FIN_WAIT_1
on the webservers. Which proved that the problems were
network-related, and not due to software bugs.

Thanks for your help!

Peter
-- 
Peter Conrad
Tivano Software GmbH
Bahnhofstr. 18
63263 Neu-Isenburg
Tel: 06102 / 8099070
Fax: 06102 / 8099071
HRB 11680, AG Offenbach/Main
Geschäftsführer: Martin Apel


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Having trouble with Tomcat 6.0.20 embedded in Red5

2009-11-10 Thread shaiAhr



Mark Thomas wrote:
 
 Mondain wrote:
 Mark,Thanks for the patch; it works like a champ! Now how can I use this
 with future releases of Tomcat? Will I have to reapply it each time?
 
 Thanks for testing. Assuming it gets the necessary 3 +1s, it will be in
 6.0.21 onwards.
 
 Mark
 
 

Hi
Pardon my ignorance but does this mean that in order to work with embedded
tomcat I must either compile 6.0.20 by myself or wait for 6.0.21?

Thanks
Shai
-- 
View this message in context: 
http://old.nabble.com/Having-trouble-with-Tomcat-6.0.20-embedded-in-Red5-tp23871105p26283608.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat: bandwidth limiter / transfer rate limit ?

2009-11-10 Thread Cae Fernandes


Hello,

Is there any kind of bandwidth limiter ou transfer rate limiter readily
available for tomcat?

I know that for apache 2.2.x there is:

mod_curb - http://www.steve.org.uk/Software/mod_curb/ 
mod_cband - http://codee.pl/cband.html

I know that I can probably come up with a servlet that outputs the limited
amount of bytes per second, making the thread sleep for 1 second after each
flush, but that sounds like it could generate a server performance problem.

Any ideas?

Thansk,
Carlos.
-- 
View this message in context: 
http://old.nabble.com/tomcat%3A-bandwidth-limiter---transfer-rate-limit---tp26283656p26283656.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

Re: Secure login only, not rest of app


On 10/11/2009 13:25, Robert Denison wrote:

Thanks peter,

Don't suppose anyone can point me to any documentation that talks about getting 
caching working properly for tomcat and static content can they?


It's not so much a case of Tomcat, unfortunately your app is also 
affected by browser type, config, version etc.


Tomcat should handle serving static resources perfectly well, but you 
can augment it if needed by employing a Filter that adds headers for 
matching files/requests.


Checking the HTTP Headers that are actually being sent  received by the 
major browsers is an essential step in tuning your app.  Your access log 
will show if files are being returned with HTTP 304 status or not.


Firefox has LiveHTTPHeaders and Firebug, IE has a plugin tool too.



I thought of an alternative, you could only enforce container based 
security on a specific path /login/.


Your Filter could redirect all unauthenticated users to the login app, 
the index page (after successful login) just redirects to the app homepage.


 if (logged in) {
   if (https) goto http
 } else {
   redirect to /login // tomcat takes care of the HTTPS upgrade
 }




p



R.

On 10 Nov 2009, at 13:14, Peter Crowther wrote:


2009/11/10 Robert Denisonr...@blim.org:

I assume that the standard way of dealing with static caching is to have e.g. 
an images (css etc) directory and have that not secure?


No, as on most browsers that will pop up a dialog box with something
like this page contains both secure and insecure items.  Do you want
to display the insecure items?

All content referenced from a secure page should be secure to prevent
this warning.

- Peter

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about mod_jk 1.2.28 configuration

2009-11-10 Thread Rainer Jung

On 10.11.2009 14:26, thomas2004 wrote:

Remove the socket_timeout. Please let us know, whether that helped.

I've moved the socket_timeout and the reply_timeout two days ago but it
doesn't help.

My workersproperties looks now as follow:

[code]
worker.worker_portfolio_son1.connection_pool_timeout=600
worker.worker_portfolio_son1.socket_keepalive=True
worker.worker_portfolio_son1.lbfactor=1
worker.worker_portfolio_son1.type=ajp13
worker.worker_portfolio_son1.port=8009
worker.worker_portfolio_son1.host=appl-portfolio-test.proactiv.de
worker.worker_portfolio_son1.sticky_session=True
worker.worker_portfolio_son1.ping_timeout=1
worker.worker_portfolio_son1.ping_mode=A
worker.worker_portfolio_son1.retries=2
worker.worker_portfolio_son1.activation=A
worker.worker_portfolio_son1.recovery_options=7
[/code]

To improve stability you should add a socket-connect_timeout and
cping/cpong. See:

http://tomcat.apache.org/connectors-doc/generic_howto/timeouts.html

I will try this later and tell you the result.

Btw, is there any difference between mod_jk 1.2.26 and 1.2.28. I wonder why
it works by 1.2.26 but not by 1.2.28.

I checked the code. Your errno 11 shown in the jk log of your original
post is EAGAIN. We removed tolerating EAGAIN while reading from the backend:

http://svn.apache.org/viewvc/tomcat/connectors/trunk/jk/native/common/jk_connect.c?r1=705959r2=705977pathrev=802161diff_format=h

EAGAIN should only be returned by read() when the socket is set to
non-blocking mode. I can't see why this should be the case for your
configuration. Is the log message the same when running without
socket_timeout?

Please provide details on your OS, web server and configuration (e.g Jk
directives for Apache).

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Comet response is set to empty HTTP 200 reply by the framework problem

2009-11-10 Thread georgi danov


 Hi,
   I have a CometProcessor servlet that receives events and queues them for
 processing by separate thread pool (a.k.a. asynchronous processor). I do
 that because I could get 1000s of concurrent requests for job that includes
 IO wait and I don¹t want to have 1000s of threads lying around waiting for
 IO. My IO signals me when the response is ready, so I pull the respective
 CometEvent instance, write to the reply and gracefully close the message.
   I¹ve read number of documents and posts on this mail list and I think I
am doing the things correctly, however 1 out of 500 messages gives me
problem.
   The problem is that the client immediately gets HTTP 200 reply with empty
 body from the server without my application having a chance to write to the
 outputStream. This happens both using the NIO and the regular (with ARP)
 connectors. Both using persistent and non-persistent connections. When
 looking at tcp dump I see that the response is given practically
 immediately. Setting the event timeout to 1 sec does not help.
   I can see also that the client is behaving well, because when I use
 persistent connection, the conversation goes on after the faulty message
and the next messages are OK.
 
   I am pretty sure I am doing something wrong with handling the cometevent,
 but not sure where to start. For one thing I am confused where and when
 should the event.close() invocation be  I've seen on this mailing list
both the advice to put it in the end event handling and right after I finish
 writing to the stream.
 
 Thanks
 Georgi
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Uploading Images - Refresh Directory

2009-11-10 Thread mshowers


Looking for some help - I am using DWR (ajax) to upload image files to my web
app. 

The app is running on Tomcat v6.0.

I'm putting the files into a directory in WebContent\images or
WebContent\images\sub directories

When I upload the images, I then want to display them on my page. heres the
problem.

Even if I reload the page, the images will not appear on the page untill I
go into the eclipse IDE and REFRESH the WebContent or Images directory.

Any suggestions as to how I can get around this?

Thanks!
-- 
View this message in context: 
http://old.nabble.com/Uploading-Images---Refresh-Directory-tp26284142p26284142.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] ConnectionPool question

2009-11-10 Thread Josh Gooding

I'm glad I amuse all of you :P

Chris,

the reason there are multiple recycleConnection methods is because if a RS
is passed to the front presentation layer, I have to have a way to close it,
I have to be able to get the statement and connection somehow, and I don't
want that in my code.

From everything that everyone here has said, to semi fix this right:

1 - Each method that calls the DB for a RS needs to get it's own connection
and close the resources itself (keeping it in the same scope)

2 - The CP wrapper that is here, CAN be used, but could end up causing more
problems in the long run.

Hey again, thanks for everything you all have said.  I feel slightly more
confident now in fixing this conundrum.  :)

- Josh

On Sat, Nov 7, 2009 at 3:17 AM, Elli Albek e...@sustainlane.com wrote:

 Chris, as long as we are having fun its all good. I think this
 question is something many developers ask. I have seen it here and in
 other forums.

 You are correct, everything is wrapped. The connection wrapper spawns
 statment wrappers which spawn result set wrappers, and everything is
 tracked in parent child relationships.

 E

 On Fri, Nov 6, 2009 at 5:54 PM, Christopher Schultz
 ch...@christopherschultz.net wrote:
  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  Elli,
 
  Okay, I think we've hijacked Josh's thread enough to at least mark it as
  off topic. :)
 
  On 11/5/2009 10:37 PM, Elli Albek wrote:
  Christopher Schultz wrote:
  Pooled connections are almost certainly not behaving this way. This has
  been discussed at least twice in the last week or two, and, I believe,
  already once in this thread.
 
  This is certainly not the case for my DBCP library (1.2.2). I just
  stepped through the source code: Calling connection.close() is closing
  result sets and statements.
 
  I'm not sure how calling Connection.close (where the Connection object
  is one from DBCP) would possibly be able to close ResultSet and
  Statement objects created by the underlying connection.
 
  Unless, I suppose, they decided to wrap /everything/ and register all
  the ResultSet and Statement objects handed-out by the underlying
  Connection for the purposes of (possibly) closing them later. I should
  really read the source :)
 
  Below is the DBCP code that keeps track of open statements/result sets
  and closes them when the connection is closed (BDCP 1.2.2).
 
  Yup: it looks like they do wrap/register everything and then close it
  for you. It's nice that they followed the spec, here :)
 
  - -chris

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Coyote HTTP11Protocol Pause

2009-11-10 Thread Arunkumar Janarthanan

Hi Chuk,

Thank you for the assistance, when we looked into the logs the Home page for
this application throws the below exception followed by HTTP 500 error.

Please advice.

#
#
LEVEL: SEVERE
SOURCE CLASS:  com.application.rd.action.OpenLandingPageAction
SOURCE METHOD: execute()
DATE:  Tue Nov 10 07:17:45 EST 2009
STACK TRACE:   net.sf.hibernate.LazyInitializationException: Failed to
lazily initialize a collection
at
net.sf.hibernate.collection.PersistentCollection.initialize(PersistentCollection.java:201)
at
net.sf.hibernate.collection.PersistentCollection.read(PersistentCollection.java:71)
at net.sf.hibernate.collection.List.iterator(List.java:103)
at
com.application.content.dao.FeatureGroupScheduleManager.loadFeatures(FeatureGroupScheduleManager.java:151)
at
com.application.content.dao.FeatureGroupScheduleManager.getScheduleForFeatureGroupAndDate(FeatureGroupScheduleManager.java:98)
at
com.application.content.business.FeatureGroupScheduleHandler.getScheduleForFeatureGroupAndDate(FeatureGroupScheduleHandler.java:47)
at
com.application.rd.action.OpenContentCategoryAction.loadFeatureGroupSchedule(OpenContentCategoryAction.java:157)
at
com.application.rd.action.OpenContentCategoryAction.loadFeatureGroupsInRequest(OpenContentCategoryAction.java:105)
at
com.application.rd.action.OpenContentCategoryAction.execute(OpenContentCategoryAction.java:68)
at
com.application.rd.action.OpenLandingPageAction.execute(OpenLandingPageAction.java:85)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:480)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1420)
at
org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:502)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.rd.filter.SimpleBreadcrumbFilter.doFilter(SimpleBreadcrumbFilter.java:80)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.servlet.filters.DisableUrlSessionFilter.doFilter(DisableUrlSessionFilter.java:59)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.rd.filter.AkamaiExclusionsFilter.doFilter(AkamaiExclusionsFilter.java:68)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.rd.filter.RdAutoLoginFilter.doFilter(RdAutoLoginFilter.java:71)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.ads.OnPageAdvertInitFilter.doFilter(OnPageAdvertInitFilter.java:56)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.servlet.filters.GrabTrackingParametersFilter.doFilter(GrabTrackingParametersFilter.java:81)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.application.servlet.filters.HibernateFilter.doFilter(HibernateFilter.java:77)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
com.opensymphony.oscache.web.filter.CacheFilter.doFilter(CacheFilter.java:175)
at
com.application.rd.filter.GenericWebPageCachingFilter.doFilter(GenericWebPageCachingFilter.java:22)
at
com.application.rd.filter.SessionAwareWebPageCachingFilter.doFilter(SessionAwareWebPageCachingFilter.java:27)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
at

Re: Tomcat Coyote HTTP11Protocol Pause


On 10/11/2009 14:31, Arunkumar Janarthanan wrote:

Hi Chuk,

Thank you for the assistance, when we looked into the logs the Home page for
this application throws the below exception followed by HTTP 500 error.

Please advice.

#
#
LEVEL: SEVERE
SOURCE CLASS:  com.application.rd.action.OpenLandingPageAction
SOURCE METHOD: execute()
DATE:  Tue Nov 10 07:17:45 EST 2009
STACK TRACE:   net.sf.hibernate.LazyInitializationException: Failed to
lazily initialize a collection
 at


snip


Caused by: net.sf.hibernate.UnresolvableObjectException: No row with the
given identifier exists: 1003916, of class:
com.application.content.bean.Feature


snip

That'll be the problem then.

p



#

Regards,
Arun J

On Mon, Nov 9, 2009 at 9:04 PM, Caldarale, Charles R
chuck.caldar...@unisys.com  wrote:


From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com]
Subject: Re: Tomcat Coyote HTTP11Protocol Pause

There was no other error reported apart from sequence of Pause, stop
destroyed messages from catalina.


Something shut down Tomcat, and what you see is the normal result of that.
  If the shutdown was unexpected, then either someone sent the shutdown
password over the shutdown port - or you've got a rogue webapp that's
calling System.exit().  The latter can be prevented by employing a security
manager, such as what's described here:

https://www.securecoding.cert.org/confluence/display/java/EXC04-J.+Prevent+against+inadvertent+calls+to+System.exit%28%29+or+forced+shutdown

  - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
MATERIAL and is thus for use only by the intended recipient. If you received
this in error, please contact the sender and delete the e-mail and its
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Coyote HTTP11Protocol Pause

2009-11-10 Thread Arunkumar Janarthanan

Hi Pid,

Thanks for throwing light on the issue and it is much appreciated, little
keen to know what this error means cause my develoipers debating for a while
now it is
not the application problem.

Could I know what is the Action page is trying to do and gets this
exception, is this possible as this page is my application's Home page and
crashes whole application itself ?

Many thanks.

Arun Janarthanan


On Tue, Nov 10, 2009 at 10:06 AM, Pid p...@pidster.com wrote:

 On 10/11/2009 14:31, Arunkumar Janarthanan wrote:

 Hi Chuk,

 Thank you for the assistance, when we looked into the logs the Home page
 for
 this application throws the below exception followed by HTTP 500 error.

 Please advice.

 #
 #
 LEVEL: SEVERE
 SOURCE CLASS:  com.application.rd.action.OpenLandingPageAction
 SOURCE METHOD: execute()
 DATE:  Tue Nov 10 07:17:45 EST 2009
 STACK TRACE:   net.sf.hibernate.LazyInitializationException: Failed to
 lazily initialize a collection
 at


 snip


  Caused by: net.sf.hibernate.UnresolvableObjectException: No row with the
 given identifier exists: 1003916, of class:
 com.application.content.bean.Feature


 snip

 That'll be the problem then.


 p


  #

 Regards,
 Arun J

 On Mon, Nov 9, 2009 at 9:04 PM, Caldarale, Charles R
 chuck.caldar...@unisys.com  wrote:

  From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com]
 Subject: Re: Tomcat Coyote HTTP11Protocol Pause

 There was no other error reported apart from sequence of Pause, stop
 destroyed messages from catalina.


 Something shut down Tomcat, and what you see is the normal result of
 that.
  If the shutdown was unexpected, then either someone sent the shutdown
 password over the shutdown port - or you've got a rogue webapp that's
 calling System.exit().  The latter can be prevented by employing a
 security
 manager, such as what's described here:


 https://www.securecoding.cert.org/confluence/display/java/EXC04-J.+Prevent+against+inadvertent+calls+to+System.exit%28%29+or+forced+shutdown

  - Chuck


 THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
 MATERIAL and is thus for use only by the intended recipient. If you
 received
 this in error, please contact the sender and delete the e-mail and its
 attachments from all computers.


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure login only, not rest of app

 From: Robert Denison [mailto:r...@blim.org]
 Subject: Re: Secure login only, not rest of app

 Simple question but can you do one /* constraint and then override that
 with a subsequent /images (and css etc) constraint

Yes, that's required by the servlet spec - longest match wins.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Having trouble with Tomcat 6.0.20 embedded in Red5

 From: shaiAhr [mailto:shai.aharonov...@comverse.com]
 Subject: Re: Having trouble with Tomcat 6.0.20 embedded in Red5

 does this mean that in order to work with embedded tomcat
 I must either compile 6.0.20 by myself or wait for 6.0.21?

If the fix is required for your environment, then yes.  Luckily, building 
Tomcat is pretty easy:
http://tomcat.apache.org/tomcat-6.0-doc/building.html

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Coyote HTTP11Protocol Pause

 From: Arunkumar Janarthanan [mailto:arunkumar.webad...@gmail.com]
 Subject: Re: Tomcat Coyote HTTP11Protocol Pause

 little keen to know what this error means cause my develoipers 
 debating for a while now it is not the application problem.

No, it almost certainly *is* an application problem.  The application appears 
to be reacting to the failure to establish a connection by doing a 
System.exit() - which is a capital offense in some places.

 Could I know what is the Action page is trying to do and gets this
 exception, is this possible as this page is my application's Home page
 and crashes whole application itself ?

Everything in the stack trace is related to the application, not to Tomcat, so 
you're going to have to take it up with the developers of the app.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

[OT] Of the dissemination, or globalisation, of Tomcat knowledge

2009-11-10 Thread André Warnier


Mark,

Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen 
in Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API 
unterstützen. Die API-Implementierung ist weit fortgeschritten – soweit 
die API-Definition selbst schon stabil ist. Zu den neuen Funktionen 
gehört unter anderem die asynchronene Requestverarbeitung. Diese erlaubt 
neue Kommunikationsformen in Webanwendungen etwa im AJAX-Umfeld. Der 
Tomcat Manager, über den neue Applikationen deployed werden können, 
wurde vor allem im Hinblick auf Sicherheit überarbeitet. Mit embedded 
Tomcat hat man eine Möglichkeit geschaffen, Tomcat sehr einfach in Java 
Code zu instanziieren und integriert mit der Applikation auszuliefern. 
Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige 
Bibliotheksabhängigkeiten auf.


Waow !  You really did say all that ?
Tomcat rocks !

:-)

Borrowed from the Lucene forum, and more directly from
http://www.heise.de/open/artikel/ApacheCon-2009-Lucene-Hadoop-und-mehr-852929.html


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about mod_jk 1.2.28 configuration

2009-11-10 Thread André Warnier


Rainer Jung wrote:

On 10.11.2009 14:26, thomas2004 wrote:

Remove the socket_timeout. Please let us know, whether that helped.

I've moved the socket_timeout and the reply_timeout two days ago but it
doesn't help.



...
Hi.
Just my Tomcat- and Java-dummy look on this.
As I understand the basic issue, there is a request coming through 
Apache for a document to be served by a Tomcat app. mod_jk forwards the 
request to Tomcat, and the Tomcat app can take upward of 20 minutes to 
produce the response (which is a PDF document).  In the meantime, some 
timeout seems to occur at the front-end Apache or mod_jk level, and the 
user never gets his document.
Now, is the problem not due to the fact that after receiving the 
request, Tomcat + webapp does not send back *anything* for more than 20 
minutes ?
Is there no possibility to have Tomcat + webapp return at least 
*something* in the meantime, to avoid this timeout ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: [OT] Of the dissemination, or globalisation, of Tomcat knowledge


On 10/11/2009 16:01, André Warnier wrote:

Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen
in Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API
unterstützen. Die API-Implementierung ist weit fortgeschritten – soweit
die API-Definition selbst schon stabil ist. Zu den neuen Funktionen
gehört unter anderem die asynchronene Requestverarbeitung. Diese erlaubt
neue Kommunikationsformen in Webanwendungen etwa im AJAX-Umfeld. Der
Tomcat Manager, über den neue Applikationen deployed werden können,
wurde vor allem im Hinblick auf Sicherheit überarbeitet. Mit embedded
Tomcat hat man eine Möglichkeit geschaffen, Tomcat sehr einfach in Java
Code zu instanziieren und integriert mit der Applikation auszuliefern.
Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige
Bibliotheksabhängigkeiten auf.


That and more, apparently, but maybe not so concisely.

 http://java.dzone.com/articles/mark-thomas-apache-tomcat-7


p

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Having trouble with Tomcat 6.0.20 embedded in Red5

2009-11-10 Thread shaiAhr

Caldarale, Charles R wrote:

 From: shaiAhr [mailto:shai.aharonov...@comverse.com]
 Subject: Re: Having trouble with Tomcat 6.0.20 embedded in Red5

 does this mean that in order to work with embedded tomcat
 I must either compile 6.0.20 by myself or wait for 6.0.21?

 If the fix is required for your environment, then yes.  Luckily, building
 Tomcat is pretty easy:
 http://tomcat.apache.org/tomcat-6.0-doc/building.html

  - Chuck

Thanks a lot for the quick reply Chuck. 
Hope it's easy as you say it is.

-- 
View this message in context: 
http://old.nabble.com/Having-trouble-with-Tomcat-6.0.20-embedded-in-Red5-tp23871105p26286017.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Connect tomcat to Active Directory with jndi

2009-11-10 Thread A A

Hi, 

(Sorry for my english) Im trying  to authenticate an application using Windows 
Active Directory, with jndi realm connector. Looking for information Ive seen 
that the realm jndi configuration is able to set up at the server.xml, or in 
the context.xml aplication and web.xml.In my case I want just to authenticate 
an aplication so I use context.xml and web.xml.



When I go to the aplication url, A popup ask me for user and password,
I write my Active Directory User, and password, but returns me this
message:



Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado
mensaje 
descripción Este requerimiento requiere autenticación HTTP 
().


Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.



How can I see what is going wrong?Can I enable any jndi log??

Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.





Im trying this configuration without any results:

Thanks in advance.



context.xml

?xml version=1.0 encoding=UTF-8?

Context docBase=${catalina.home}/webapps/pfirma
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://oid.prpmalaga.es:389;
UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es
roleBase=ou=Groups,dc=prpmalaga,dc=es
roleName=cn
roleSearch=(uniqueMember={0}) /
/Context

--

WEB-INF/web.xml

!-- Security definitions --

!-- Define a Security Constraint on this Application --
security-constraint
web-resource-collection
web-resource-nameContext-aplication-name/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameActive-Directory-Group-Name/role-name
/auth-constraint
/security-constraint

!-- Define the Login Configuration for this Application --
login-config
auth-methodBASIC/auth-method
realm-nameActive-Directory-User/realm-name
/login-config

!-- Security roles referenced by this web application --
security-role
descriptionDescription /description
role-nameActive-directory-Group-Name/role-name
/security-role

RE: [OT] Of the dissemination, or globalisation, of Tomcat knowledge

2009-11-10 Thread Jorge Medina

Ich kann nicht alles verstehen. Mein deutche ist night zu gut.
Could you provide the translation? 

-Original Message-
From: André Warnier [mailto:a...@ice-sa.com] 
Sent: Tuesday, November 10, 2009 11:01 AM
To: Tomcat Users List
Subject: [OT] Of the dissemination, or globalisation, of Tomcat knowledge

Mark,

Nach der Mittagspause stellte Mark Thomas im Tomcat-Track die Neuerungen in 
Tomcat 7 vor. Die neue Tomcat-Version wird die Servlet-3.0-API unterstützen. 
Die API-Implementierung ist weit fortgeschritten - soweit die API-Definition 
selbst schon stabil ist. Zu den neuen Funktionen gehört unter anderem die 
asynchronene Requestverarbeitung. Diese erlaubt neue Kommunikationsformen in 
Webanwendungen etwa im AJAX-Umfeld. Der Tomcat Manager, über den neue 
Applikationen deployed werden können, wurde vor allem im Hinblick auf 
Sicherheit überarbeitet. Mit embedded Tomcat hat man eine Möglichkeit 
geschaffen, Tomcat sehr einfach in Java Code zu instanziieren und integriert 
mit der Applikation auszuliefern. 
Embedded Tomcat ist sehr leichtgewichtig und weist nur wenige 
Bibliotheksabhängigkeiten auf.

Waow !  You really did say all that ?
Tomcat rocks !

:-)

Borrowed from the Lucene forum, and more directly from 
http://www.heise.de/open/artikel/ApacheCon-2009-Lucene-Hadoop-und-mehr-852929.html

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: A question about mod_jk 1.2.28 configuration

2009-11-10 Thread Rainer Jung

On 10.11.2009 17:12, André Warnier wrote:
 Rainer Jung wrote:
 On 10.11.2009 14:26, thomas2004 wrote:
 Remove the socket_timeout. Please let us know, whether that helped.
 I've moved the socket_timeout and the reply_timeout two days ago but it
 doesn't help.

 ...
 Hi.
 Just my Tomcat- and Java-dummy look on this.
 As I understand the basic issue, there is a request coming through
 Apache for a document to be served by a Tomcat app. mod_jk forwards the
 request to Tomcat, and the Tomcat app can take upward of 20 minutes to
 produce the response (which is a PDF document).  In the meantime, some
 timeout seems to occur at the front-end Apache or mod_jk level, and the
 user never gets his document.
 Now, is the problem not due to the fact that after receiving the
 request, Tomcat + webapp does not send back *anything* for more than 20
 minutes ?
 Is there no possibility to have Tomcat + webapp return at least
 *something* in the meantime, to avoid this timeout ?

It's possible, that this would work as a workaround. The usual let some
bits dripple to keep the connection active strategy.

Nevertheless he triggered behaviour that was indeed changed between
1.2.26 and 1.2.28 and we do not yet understand, why the read() call
doesn't block the whole time and instead returns EAGAIN.

Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Connect tomcat to Active Directory with jndi

2009-11-10 Thread Jorge Medina

 
Is that a typo on the role name?
role-nameActive-directory-Group-Name/role-name
Should it be Active-Directory-Group-Name ?

You may ask in Spanish at
http://groups.google.com/group/javasos

-Jorge

-Original Message-
From: A A [mailto:masvalesolo...@yahoo.es] 
Sent: Tuesday, November 10, 2009 11:20 AM
To: users@tomcat.apache.org
Subject: Connect tomcat to Active Directory with jndi 

Hi, 

(Sorry for my english) Im trying  to authenticate an application using Windows 
Active Directory, with jndi realm connector. Looking for information Ive seen 
that the realm jndi configuration is able to set up at the server.xml, or in 
the context.xml aplication and web.xml.In my case I want just to authenticate 
an aplication so I use context.xml and web.xml.



When I go to the aplication url, A popup ask me for user and password, I write 
my Active Directory User, and password, but returns me this
message:



Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje 
descripción Este requerimiento requiere autenticación HTTP ().


Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.



How can I see what is going wrong?Can I enable any jndi log??

Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.





Im trying this configuration without any results:

Thanks in advance.



context.xml

?xml version=1.0 encoding=UTF-8?

Context docBase=${catalina.home}/webapps/pfirma
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://oid.prpmalaga.es:389;
UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es
roleBase=ou=Groups,dc=prpmalaga,dc=es
roleName=cn
roleSearch=(uniqueMember={0}) /
/Context

--

WEB-INF/web.xml

!-- Security definitions --

!-- Define a Security Constraint on this Application -- security-constraint 
web-resource-collection 
web-resource-nameContext-aplication-name/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameActive-Directory-Group-Name/role-name
/auth-constraint
/security-constraint

!-- Define the Login Configuration for this Application -- login-config 
auth-methodBASIC/auth-method realm-nameActive-Directory-User/realm-name
/login-config

!-- Security roles referenced by this web application -- security-role 
descriptionDescription /description 
role-nameActive-directory-Group-Name/role-name
/security-role












  
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat build for the patch https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3

2009-11-10 Thread Krishnamurthi, Venkat


Hi,

Is there an alternative to building from source as mentioned in the workaround? 
Is there a tomcat build available for the patch reported here? If not, will it 
be available anytime soon? Please let us know.

Also, we are not using server.xml to start tomcat. We are use the embedded 
program interface for this process.

Thanks,
Venkat

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat build for the patch https://issues.apache.org/bugzilla/show_bug.cgi?id=47316#c3

2009-11-10 Thread Mark Thomas

Krishnamurthi, Venkat wrote:
 Hi,
 
 Is there an alternative to building from source as mentioned in the 
 workaround?
Pay someone to do it for you?

 Is there a tomcat build available for the patch reported here?
No.

 If not, will it be available anytime soon?
Releases happen when they happen. There may be a 6.0.21 fairly soon to
provide a workaround for CVE-2009-3555.

Mark

 Please let us know.
 
 Also, we are not using server.xml to start tomcat. We are use the embedded 
 program interface for this process.
 
 Thanks,
 Venkat
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Connect tomcat to Active Directory with jndi

2009-11-10 Thread A A

I think this value should be the active directory group name, isn´t it ??

--- El mar, 10/11/09, Jorge Medina jmed...@e-dialog.com escribió:

De: Jorge Medina jmed...@e-dialog.com
Asunto: RE: Connect tomcat to Active Directory with jndi
Para: Tomcat Users List users@tomcat.apache.org
Fecha: martes, 10 de noviembre, 2009 18:55

 
Is that a typo on the role name?
role-nameActive-directory-Group-Name/role-name
Should it be Active-Directory-Group-Name ?

You may ask in Spanish at
http://groups.google.com/group/javasos

-Jorge

-Original Message-
From: A A [mailto:masvalesolo...@yahoo.es] 
Sent: Tuesday, November 10, 2009 11:20 AM
To: users@tomcat.apache.org
Subject: Connect tomcat to Active Directory with jndi 

Hi, 

(Sorry for my english) Im trying  to authenticate an application using Windows 
Active Directory, with jndi realm connector. Looking for information Ive seen 
that the realm jndi configuration is able to set up at the server.xml, or in 
the context.xml aplication and web.xml.In my case I want just to authenticate 
an aplication so I use context.xml and web.xml.



When I go to the aplication url, A popup ask me for user and password, I write 
my Active Directory User, and password, but returns me this
message:



Apache Tomcat/5.5.25 - Informe de Errortype Informe de estado mensaje 
descripción Este requerimiento requiere autenticación HTTP ().


Apache Tomcat/5.5.25
I can´t see any information at catalina.out nor aplication.log.



How can I see what is going wrong?Can I enable any jndi log??

Am I wrong with any parameter or format?What is the best way to do it??
Any suggestion will be welcome.





Im trying this configuration without any results:

Thanks in advance.



context.xml

?xml version=1.0 encoding=UTF-8?

Context docBase=${catalina.home}/webapps/pfirma
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://oid.prpmalaga.es:389;
UserPattern=uid={0},ou=Users,dc=prpmalaga,dc=es
roleBase=ou=Groups,dc=prpmalaga,dc=es
roleName=cn
roleSearch=(uniqueMember={0}) /
/Context

--

WEB-INF/web.xml

!-- Security definitions --

!-- Define a Security Constraint on this Application -- security-constraint 
web-resource-collection 
web-resource-nameContext-aplication-name/web-resource-name
url-pattern/*/url-pattern
/web-resource-collection
auth-constraint
role-nameActive-Directory-Group-Name/role-name
/auth-constraint
/security-constraint

!-- Define the Login Configuration for this Application -- login-config 
auth-methodBASIC/auth-method realm-nameActive-Directory-User/realm-name
/login-config

!-- Security roles referenced by this web application -- security-role 
descriptionDescription /description 
role-nameActive-directory-Group-Name/role-name
/security-role












      
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

tomcat 5.5.25 - Multiple Connectors and performance lost

2009-11-10 Thread Simão Fontes


Hello,

I need help configuring a tomcat server, 5.5.25, running on Redhat EL 5.2.

I have 4 web applications that communicate with each other. My problem 
consists in getting the information form the various applications when 
the number of threads is reached only by one application.
When I contact a application named wayback this searches in an index 
that is served by another application named nutchwax. When I put a 
client making 100 requests to wayback and the maxThreads is configured 
to 100 then the wayback application enters in deadlock. Because tomcat 
cannot create another thread for nutchwax application.

The applications interact in this way:

*Nutchwax - Index - User
*Wayback - *Nutchwax - Index - User
*Wayback - *Nutchwax - Index - *ArcProxy - *Browser - User
* means that this is a application of tomcat

I found a way to resolve the deadlock by separating the applications in 
different connectors, I made 4 connector, one each for application I 
want to use.

This originated a throupt that was of about 1.30sec to 16.30sec.

The new server.xml file is configured with 4 service/engine/host

  1. Service name=reciver  
  2. Connector port=8080 maxHttpHeaderSize=8192 maxThreads=10   
  3.enableLookups=false acceptCount=100  
  4.connectionTimeout=1 disableUploadTimeout=true   
  5.useBodyEncodingForURI=true/  
  6. Engine name=reciver defaultHost=localhost jvmRoute=host1  
  7. Realm className=org.apache.catalina.realm.UserDatabaseRealm  
  8.resourceName=UserDatabase /  
  9. Host name=localhost appBase=webapps unpackWARs=true  
 10.   autoDeploy=false xmlValidation=false  
 11.   xmlNamespaceAware=false  
 12. Context docBase=browser path=/browser reloadable=false/  
 13. /Host  
 14. /Engine  
 15. /Service  
 16. Service name=reciver2  
 17. Connector port=8081 maxHttpHeaderSize=8192 maxThreads=10   
 18.enableLookups=false acceptCount=1  
 19.connectionTimeout=1 disableUploadTimeout=true   
 20.useBodyEncodingForURI=true proxyName=example.pt proxyPort=80/  
 21. Engine name=reciver2 defaultHost=example_app jvmRoute=host2  
 22. Host name=example_app appBase=test_app/example_app unpackWARs=true  
 23.   autoDeploy=false xmlValidation=false  
 24.   xmlNamespaceAware=false  
 25. Context docBase=example_app path=/example_app reloadable=false/  
 26. /Host  
 27. /Engine  
 28. /Service  
 29. (...Repeted 2 more times.)  




Thanks in advance for your help,
Simão

Arquivo da Web Portuguesa | FCCN
Av. do Brasil, n.º 101
1700-066 Lisboa 
Tel.: +351 21 8440100 (facultativo) Fax: +351 21 8472167

www.arquivo.pt | www.fccn.pt

Aviso de Confidencialidade

Esta mensagem é exclusivamente destinada ao seu destinatário, podendo conter 
informação CONFIDENCIAL, cuja divulgação está expressamente vedada nos termos 
da lei. Caso tenha recepcionado indevidamente esta mensagem, solicitamos-lhe 
que nos comunique esse mesmo facto por esta via ou para o telefone +351 
218440100 devendo apagar o seu conteúdo de imediato. This message is intended 
exclusively for its addressee. It may contain CONFIDENTIAL information 
protected by law. If this message has been received by error, please notify us 
via e-mail or by telephone +351 218440100 and delete it immediately.

RE: tomcat 5.5.25 - Multiple Connectors and performance lost

 From: Simão Fontes [mailto:simao.fon...@fccn.pt]
 Subject: tomcat 5.5.25 - Multiple Connectors and performance lost

 I have 4 web applications that communicate with each other. My problem
 consists in getting the information form the various applications when
 the number of threads is reached only by one application.

Perhaps you could create a filter for each webapp that monitors the number of 
concurrent threads for its webapp and rejects (or queues) requests that exceed 
some pre-defined limit.

 - Chuck

THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Hand Authentication to Apache

2009-11-10 Thread Ivan Eulaers

I have set up a basic extranet where clients can browse directories and view 
the files in those directories. Access is handled by basic authentication of 
Apache. In the directories that are open for a specific client I've created a 
.htaccess file (see example below).

Today, Tomcat has been installed on my server. When I now want to access those 
secured directories, I get an error by Tomcat The requested resource is not 
available. How can I repair this?

I've tried adding tomcatAuthentication=false to Connector port=21309 
protocol=AJP/1.3 / and restarted Tomcat, but this was not the solution.

Users should be able to browse certain subdirectories as follow:
- User A, B, C should be able to access https://www.../extranet/client1/ and 
its subdirectories
- User A, D, E, F should be able to access https://www.../extranet/client2/ and 
its subdirectories

.htaccess-listing
=

# STRONG HTACCESS PROTECTION
Files ~ ^.*\.([Hh][Tt][Aa])
 order allow,deny
 deny from all
/Files

# REDIRECT http REQUESTS TO https, BUT AVOID ASKING TWICE FOR PASSWORD
SSLRequireSSL
ErrorDocument 403 https://www.pensionarchitects.be/extranet/docs

AuthType Basic
AuthName Extranet
AuthBasicProvider file
AuthUserFile 
Require valid-user

Options +Indexes
  # SET INDEX OPTIONS
  IndexOptions IgnoreCase FancyIndexing FoldersFirst NameWidth=50 
DescriptionWidth=* SuppressHTMLPreamble SuppressLastModified
  
  # SET DISPLAY ORDER
  IndexOrderDefault Descending Name
  
  HeaderName /extranet/header.html
  ReadmeName /extranet/footer.html



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Hand Authentication to Apache