Re: Question about BASIC Authentication
On 01/07/2010 02:30, Christopher Schultz wrote: Matthew, On 6/30/2010 8:20 PM, Matthew Mauriello wrote: The behavior seems rather strange to me in fact, I've seen other websites run on what looks to be BASIC Authentication without popping these browser messages when leaving secured sections. Most websites use HTTP AUTH consistently, at least for a particular URL prefix. See the http://user:passw...@website.com/SOLR is only used once and it might actually be http://user:passw...@website.com/SOLR/ I have to look into this. I feel like the authentication cookie is being created for the user and then being forwarded to every page the user visits after that. BASIC auth doesn't create an authentication cookie does it? The browser sends an 'Authorization' header instead. p I am hoping to find some way of preventing this behavior. Well, for starters, what web browser are you using? Can you give me a sample URL that I can use to play with a test version of your webapp? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / There's no need to set SSLProtocol or SSLEnabled (you're not using SSL, remember), they will default to false. The link to the documentation is correct. However the properties of the connector are confusing to me. For example SSLEnabled if fairly obvious but secure it confusing. Not sure under what context I need to set this. You can set these to different values, for instance, to instruct the server to report connections as secure even when they aren't actually tunneled through SSL (as above). The application always uses relative paths so whatever protocol the framework is using will be what is returned in the page. Good. How about redirects? I have also tried setting the redirect port thinking I can redirect requests to 443 to the port 80 internally and scheme to 'https'. This actually had the effect of making one framework (the one with https) work but broke the other. The redirect port is only used when the server decides that a webapp requires a secure connection (see transport-guarantee in web.xml), and the server issues a redirect to the client to upgrade the connection to HTTPS. The default is 443, so if a client arrives on port 80, they will be redirected to the same URL except with https:// on the front and the port added if it's not the default of 443. Now, you have to remember that the port number that does out attached to a redirect URL (say, https://myhost:443/foo/bar) is probably the port on the load-balancer the client will hit, not necessarily the port on the local machine. The following configuration is perfectly legitimate: !-- non-secure connector -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / !-- secure connector -- Connector port=8443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / As you see, redirectPort is set to a port that isn't being handled by Tomcat. That's okay, because the load-balancer is presumably handling requests to myhost:443, terminating the SSL, and proxying the cleartext HTTP request to the 8443 connector, which then reports secure=true to anyone who asks. Are you using a transport-guarantee element in your web.xml? p Hope that helps, -chris
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
No we are not. On 7/1/10, Pid p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / There's no need to set SSLProtocol or SSLEnabled (you're not using SSL, remember), they will default to false. The link to the documentation is correct. However the properties of the connector are confusing to me. For example SSLEnabled if fairly obvious but secure it confusing. Not sure under what context I need to set this. You can set these to different values, for instance, to instruct the server to report connections as secure even when they aren't actually tunneled through SSL (as above). The application always uses relative paths so whatever protocol the framework is using will be what is returned in the page. Good. How about redirects? I have also tried setting the redirect port thinking I can redirect requests to 443 to the port 80 internally and scheme to 'https'. This actually had the effect of making one framework (the one with https) work but broke the other. The redirect port is only used when the server decides that a webapp requires a secure connection (see transport-guarantee in web.xml), and the server issues a redirect to the client to upgrade the connection to HTTPS. The default is 443, so if a client arrives on port 80, they will be redirected to the same URL except with https:// on the front and the port added if it's not the default of 443. Now, you have to remember that the port number that does out attached to a redirect URL (say, https://myhost:443/foo/bar) is probably the port on the load-balancer the client will hit, not necessarily the port on the local machine. The following configuration is perfectly legitimate: !-- non-secure connector -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / !-- secure connector -- Connector port=8443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / As you see, redirectPort is set to a port that isn't being handled by Tomcat. That's okay, because the load-balancer is presumably handling requests to myhost:443, terminating the SSL, and proxying the cleartext HTTP request to the 8443 connector, which then reports secure=true to anyone who asks. Are you using a transport-guarantee element in your web.xml? p Hope that helps, -chris
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / There's no need to set SSLProtocol or SSLEnabled (you're not using SSL, remember), they will default to false. The link to the documentation is correct. However the properties of the connector are confusing to me. For example SSLEnabled if fairly obvious but secure it confusing. Not sure under what context I need to set this. You can set these to different values, for instance, to instruct the server to report connections as secure even when they aren't actually tunneled through SSL (as above). The application always uses relative paths so whatever protocol the framework is using will be what is returned in the page. Good. How about redirects? I have also tried setting the redirect port thinking I can redirect requests to 443 to the port 80 internally and scheme to 'https'. This actually had the effect of making one framework (the one with https) work but broke the other. The redirect port is only used when the server decides that a webapp requires a secure connection (see transport-guarantee in web.xml), and the server issues a redirect to the client to upgrade the connection to HTTPS. The default is 443, so if a client arrives on port 80, they will be redirected to the same URL except with https:// on the front and the port added if it's not the default of 443. Now, you have to remember that the port number that does out attached to a redirect URL (say, https://myhost:443/foo/bar) is probably the port on the load-balancer the client will hit, not necessarily the port on the local machine. The following configuration is perfectly legitimate: !-- non-secure connector -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / !-- secure connector -- Connector port=8443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / As you see, redirectPort is set to a port
Re: JK connector and extra characters showing up
Caldarale, Charles R wrote: From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: JK connector and extra characters showing up Those 4 extra characters are likely to be the chunk size. 31 66 66 38 is, well, 1ff8, which is 792 in decimal. Not on my calculator; would you believe 8184 in decimal? There's an extremely low probability of having a decimal value containing fewer digits than its hex equivalent... Guys, is it me, or you, that is getting a bit confused here ? First of all, what /are/ these captures ? From re-reading David's original post : ... Here are some snippets of packet captures (tcpdump) to show what I mean. ... Tomcat to web server through JK connector, same for Sun One and Apache ... It is not really clear where this data was captured. Between Tomcat and the jk connector (emebedded in the webserver) ? In that case, we are looking at binary data in AJP protocol format, not at HTTP data per se. Not so ? And if so, what's to tell what this 1f f8 might really be there for ? Apologies if I'm the confused one. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Docbase inside the host appBasehas been specified, and will be ignored
Hi, I am using tomcat 5.5 and I have deployed a web application that is working fine, but on tomcat start up I have noticed this message. I have googled around but it seems most people see this message and their web app doesn't work, mine does however work fine. Does anybody know why I am seeing this message? I have an xml file called 'LabCatalogue.xml' in 'apache-tomcat-5.5.23\conf\Catalina\localhost' that looks like: Context crossContext=true docBase=c:\\webapps\LabCatalogue path=/LabCatalogue reloadable=true / The web app is set to reloadable because it is currently in development. Thanks, Paul This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail
Re: Docbase inside the host appBasehas been specified, and will be ignored
On 01/07/2010 09:06, Ockleford Paul (NHS Connecting for Health) wrote: Hi, I am using tomcat 5.5 and I have deployed a web application that is working fine, but on tomcat start up I have noticed this message. I have googled around but it seems most people see this message and their web app doesn't work, mine does however work fine. Does anybody know why I am seeing this message? Because your config is screwy. To use a technical term. I have an xml file called 'LabCatalogue.xml' in 'apache-tomcat-5.5.23\conf\Catalina\localhost' that looks like: Context crossContext=true docBase=c:\\webapps\LabCatalogue path=/LabCatalogue reloadable=true / The web app is set to reloadable because it is currently in development. The appBase on the Host element is where Tomcat looks for apps to deploy. Apps are either a .war or a directory (actually an exploded .war file). For an application placed in the appBase, Tomcat will automatically determine the 'path' it will be deployed at and the 'docBase', so you don't need to specify either attribute. You get the warning if the docBase is present and redundant. As a rule of thumb, setting 'path' or 'docBase' is generally unnecessary - possibly even 'a bad idea'. p Thanks, Paul This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail signature.asc Description: OpenPGP digital signature
RE: Docbase inside the host appBasehas been specified, and will be ignored
Ok, so if I am just working in development and only using classes outside of a war or a jar file how should I configure the application? If I remove those mappings how would tomcat know that a request for /LabCatalogue should be matched to my code in c:\\webapps\LabCatalogue? -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 01 July 2010 09:21 To: Tomcat Users List Subject: Re: Docbase inside the host appBasehas been specified, and will be ignored On 01/07/2010 09:06, Ockleford Paul (NHS Connecting for Health) wrote: Hi, I am using tomcat 5.5 and I have deployed a web application that is working fine, but on tomcat start up I have noticed this message. I have googled around but it seems most people see this message and their web app doesn't work, mine does however work fine. Does anybody know why I am seeing this message? Because your config is screwy. To use a technical term. I have an xml file called 'LabCatalogue.xml' in 'apache-tomcat-5.5.23\conf\Catalina\localhost' that looks like: Context crossContext=true docBase=c:\\webapps\LabCatalogue path=/LabCatalogue reloadable=true / The web app is set to reloadable because it is currently in development. The appBase on the Host element is where Tomcat looks for apps to deploy. Apps are either a .war or a directory (actually an exploded .war file). For an application placed in the appBase, Tomcat will automatically determine the 'path' it will be deployed at and the 'docBase', so you don't need to specify either attribute. You get the warning if the docBase is present and redundant. As a rule of thumb, setting 'path' or 'docBase' is generally unnecessary - possibly even 'a bad idea'. p Thanks, Paul ** ** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail ** ** This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSI recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Using httpd's mod_rewrite with mod_jk
On 30.06.2010 19:00, Christopher Schultz wrote: Slightly off-topic, but relevant. On our development servers, I'm trying to enforce a rule that all our users have the most up-to-date web browser available (yeah, it's an uphill battle, I know... just go with it). I decided to use mod_rewrite to check for a User-Agent pattern and then forward to a bad browser page, which works well for static content, but not for requests destined to be handled by mod_jk. Here's what I've got: # Handle Mozilla Firefox RewriteCond %{HTTP_USER_AGENT} Firefox/ RewriteCond %{HTTP_USER_AGENT} !(Firefox/(3\.0\.19|3\.5\.9|3\.6\.3)($|[^\.0-9])) RewriteRule .* /bad-browser.shtml [L] For dynamic requests, this will happily allow the request to go through to mod_jk. Usually mod_rewrite is perfectly compatible with mod_jk. I must confess, that I'm not 100% sure about the case, where you try to rewrite a request that originally would have been handled by mod_jk to something that should not be handled by it. Two possibilities: if it doesn't actually work, you can set the env var no-jk as a side effect in your rewrite rule. If mod_jk fins this env var set, it will decline to handle the request. Alternatively, if you are fine with redirecting by mod_rewrite instead of rewriting internally, the redirecting should also win over mod_jk. There is a chance though, that it should work out of the box and you are using some indirect mapping to mod_jk that wins. That would be the case if you are either using one of the outdated JkOptions ForwardXXX options, or you are using an indirect mapping like setting the handler to jakarta-servlet, or using the environment variable trick (JK_WORKER_NAME or JkWorkerIndicator) to define the target worker. So you might want to tell us, how you map your dynamic requests (JkMount, setting handler etc.) to mod_jk and what other Jk directives (like JkOptions) you are using. To complete the picture: in cases were the RewriteRule works, but then the request is not forwarded via mod_jk although it should, you need to add the PT flag. In your case I guess its the opposite situation you are looking for. Regards, Rainer I also tried this: RewriteRule .* /bad-browser.shtml [L,H=alias] This works in the sense that I get the page I want, but I also get a 404 error because the URL doesn't map to anything mod_alias can handle successfully. I also tried this: RewriteRule .* /bad-browser.shtml [L,F] This gives me a 403 response code, httpd's standard forbidden page, and a 500 response code in the access log (looks like a runaway redirect... I'll have to fix that). Does anyone have any suggestions for getting: 1. My custom page rendered 2. A 403 (or any specific) response code sent to the browser Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JK connector and extra characters showing up
On 01.07.2010 03:00, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, On 6/30/2010 3:32 PM, David Brown wrote: Problem: Extra characters showing up in some content delivered from tomcat. I believe they are from the JK connector when it breaks up the content into 8k packets. Setup: Tomcat 5.5 - JK 1.2.30 - SunOne 6.1sp11 So you're using mod_jk 1.2.30 to connect Tomcat 5.5 and SunOne? I tested using Apache2 and the problem does not show up there. Using apache is not an option here. Okay. Tomcat to web server through JK connector, same for Sun One and Apache Is this data /from/ Tomcat /to/ Sun One, or from Sun One /to/ Tomcat? That is, are we looking at a request or a response? It kind of looks like a response, but I just want to be sure. 0090 20 47 4d 54 00 00 0c 43 6f 6e 74 65 6e 74 2d 54 GMT...Content-T 00a0 79 70 65 00 00 08 74 65 78 74 2f 63 73 73 00 00 ype...text/css.. 00b0 0e 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 00 .Content-Length. 00c0 00 05 32 32 33 37 33 00 41 42 1f fc 03 1f f8 40 ..22373.AB.@ 00d0 43 48 41 52 53 45 54 20 22 55 54 46 2d 38 22 3b CHARSET UTF-8; 00e0 23 74 70 63 72 7b 62 61 63 6b 67 72 6f 75 6e 64 #tpcr{background 00f0 2d 63 6f 6c 6f 72 3a 57 68 69 74 65 3b 6d 61 72 -color:White;mar 0100 67 69 6e 3a 31 30 70 78 20 30 20 32 30 70 78 20 gin:10px 0 20px Can you dump the whole response? Browser from Apache 0120 76 65 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 ve..Content-Type 0130 3a 20 74 65 78 74 2f 63 73 73 0d 0a 0d 0a 40 43 : text/css@c 0140 48 41 52 53 45 54 20 22 55 54 46 2d 38 22 3b 23 HARSET UTF-8;# 0150 74 70 63 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d tpcr{background- 0160 63 6f 6c 6f 72 3a 57 68 69 74 65 3b 6d 61 72 67 color:White;marg 0170 69 6e 3a 31 30 70 78 20 30 20 32 30 70 78 20 30 in:10px 0 20px 0 Why are the hex offsets different? Differing standard headers? Again, can you post the whole response? Browser from SunOne 00e0 47 4d 54 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 GMT..Content-Typ 00f0 65 3a 20 74 65 78 74 2f 63 73 73 0d 0a 43 6f 6e e: text/css..Con 0100 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 32 32 33 tent-Length: 223 0110 37 33 0d 0a 54 72 61 6e 73 66 65 72 2d 65 6e 63 73..Transfer-enc 0120 6f 64 69 6e 67 3a 20 63 68 75 6e 6b 65 64 0d 0a oding: chunked.. 0130 0d 0a 31 66 66 38 0d 0a 40 43 48 41 52 53 45 54 ..1ff...@charset 0140 20 22 55 54 46 2d 38 22 3b 23 74 70 63 72 7b 62 UTF-8;#tpcr{b 0150 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a ackground-color: 0160 57 68 69 74 65 3b 6d 61 72 67 69 6e 3a 31 30 70 White;margin:10p 0170 78 20 30 20 32 30 70 78 20 30 3b 7d 0a 23 74 70 x 0 20px 0;}.#tp Are all of these dumps from the same response, but at different points in the process? I can see that there is a 1ff8 (in text) in that last dump. What is that? It appears that some component is switching the Transfer-encoding to chunked. Do you know if that's intentional? The first snippet is from between the web server and tomcat through the JK connector. This looks the same for either Apache or SunOne. The thing to note is line 00c0 where the hex is 1f f8. Is that a Greek Omicron? Or something else? The second snippet is when a browser hits Apache. The thing to note is line 0130 where the hex is 0d 0a 0d 0a. (carriage return, line feed, carriage return, line feed) The CR LF CR LF seems to be more likely to be correct. The third snippet is when a browser hits SunOne for the same file. Here on line 0130 there is 0d 0a 31 66 66 38 0d 0a, notice the extra 4 characters between the carriage return/line feeds. Those 4 extra characters are likely to be the chunk size. 31 66 66 38 is, well, 1ff8, which is 792 in decimal. So, the chunk size is 792 bytes. Did you get 792 bytes after the next CR LF? Again, a complete response would be helpful in determining what's happening. And that is where my problem lies. These characters 1ff8 are showing up in the body of the content and is causing errors. Technically speaking, this is not content: it's header. Your client is misinterpreting the data it's receiving from the server. Take a look at http://www.httpwatch.com/httpgallery/chunked/ - the page is chunked with each line of text in a separate chunk. I think it will demonstrate what I'm talking about. If you can't view it any other way, you can do this: $ telnet www.httpwatch.com 80 temp.out GET /httpgallery/chunked/ Connection closed by foreign host. $ less temp.out You should see content like this: [snip] Transfer-Encoding: chunked Cache-Control: no-cache, no-store Pragma: no-cache Expires: -1 Content-Type: text/html 7b !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; 2d html xmlns=http://www.w3.org/1999/xhtml; [and so on] 9 /body 9 /html 2 0 [the 0 indicates the last chunk, which contains no data]. Is this what you're observing, here?
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
On 01.07.2010 03:26, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikita, On 6/30/2010 6:20 PM, Nikita Tovstoles wrote: I'd like to make session cookie domain-wide, and ignore subdomains - in Tomcat 6. You could use the emptySessionPath=true setting in yourConnector. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html The next version of Tomcat 6 to be released will contain configuration options for changing the domain, path and name. Those options will be part of the context element and described on the docs page linked above. The vote for 6.0.28 is happening now, so if nothing bad is found we will have that release in a few days. You can already grab and test it: http://people.apache.org/~jfclere/tomcat-6/v6.0.28/ WARNING: this is not yet an official release! wait for the official release before using it in production. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Docbase inside the host appBasehas been specified, and will be ignored
Ockleford Paul (NHS Connecting for Health) wrote: Ok, so if I am just working in development and only using classes outside of a war or a jar file how should I configure the application? If I remove those mappings how would tomcat know that a request for /LabCatalogue should be matched to my code in c:\\webapps\LabCatalogue? To use another technical term, because. ;-) More technically, because that is the default. Here is a non-authoritative summary explanation. Say a browser requests the URL http://somehost.somedomain.com/somewebapp;. The first part http://somehost.somedomain.com; just tells the browser with which host to make a connection, and to use the HTTP protocol for it. Then the browser, over that connection, sends a request with the rest, like : GET /somewebapp HTTP/1.1 When Tomcat receives a request with that URL /somewebapp, it looks under the directory which is specified as the appBase for that Host (*), for either a directory named somewebapp, or a .war file named somewebapp.war. It will do that /unless/ there is a Context element somewhere which tells it that it should look somewhere else. By default also, under that directory, Tomcat is going to look for a WEB-INF directory, and under that directory, for a directory classes and a directory lib, where it expects to find the .class and .jar files of your application, respectively. (*) by default, there is only one Host named localhost, and its webapps directory is the webapps directory under the Tomcat top installation directory. For a more complete and correct explanation, you should read http://tomcat.apache.org/tomcat-6.0-doc/deployer-howto.html and http://tomcat.apache.org/tomcat-6.0-doc/config/context.html .. and the Servlet Specification. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: EL 2.2 in Tomcat 7 RC1/RC2 does not fully support method invocation, such as #{helloWorldController.doSomething(helloWorldModel)}
On 30/06/2010 09:15, Mark Thomas wrote: On 29/06/2010 22:32, Mark Thomas wrote: On 21/06/2010 15:16, John Wu wrote: Hi Mark, I just got a chance to test it on the Beta release. It's still broken, with a slightly different exception message. Confirmed. I'm pretty sure JSF is doing the right thing here and that I need to read the spec more carefully. I'll post an update when I have a fix. It looks like we are going to have to go with your original proposal. I was trying to avoid the complexity it adds but I can't see a way around it. Done. The method identification code now works in a similar manner (there are a few edge case differences) to how the Java compiler identifies methods. Will be in 7.0.1. No firm date for 7.0.1 but given the issues that are being raised, my current thinking is to start the release process in a couple of weeks or so. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Using httpd's mod_rewrite with mod_jk
Rainer Jung wrote: On 30.06.2010 19:00, Christopher Schultz wrote: Slightly off-topic, but relevant. On our development servers, I'm trying to enforce a rule that all our users have the most up-to-date web browser available (yeah, it's an uphill battle, I know... just go with it). I decided to use mod_rewrite to check for a User-Agent pattern and then forward to a bad browser page, which works well for static content, but not for requests destined to be handled by mod_jk. Here's what I've got: # Handle Mozilla Firefox RewriteCond %{HTTP_USER_AGENT} Firefox/ RewriteCond %{HTTP_USER_AGENT} !(Firefox/(3\.0\.19|3\.5\.9|3\.6\.3)($|[^\.0-9])) RewriteRule .* /bad-browser.shtml [L] For dynamic requests, this will happily allow the request to go through to mod_jk. Usually mod_rewrite is perfectly compatible with mod_jk. I must confess, that I'm not 100% sure about the case, where you try to rewrite a request that originally would have been handled by mod_jk to something that should not be handled by it. Two possibilities: if it doesn't actually work, you can set the env var no-jk as a side effect in your rewrite rule. If mod_jk fins this env var set, it will decline to handle the request. Alternatively, if you are fine with redirecting by mod_rewrite instead of rewriting internally, the redirecting should also win over mod_jk. There is a chance though, that it should work out of the box and you are using some indirect mapping to mod_jk that wins. That would be the case if you are either using one of the outdated JkOptions ForwardXXX options, or you are using an indirect mapping like setting the handler to jakarta-servlet, or using the environment variable trick (JK_WORKER_NAME or JkWorkerIndicator) to define the target worker. So you might want to tell us, how you map your dynamic requests (JkMount, setting handler etc.) to mod_jk and what other Jk directives (like JkOptions) you are using. To complete the picture: in cases were the RewriteRule works, but then the request is not forwarded via mod_jk although it should, you need to add the PT flag. In your case I guess its the opposite situation you are looking for. Hi. I usually find helpful the Apache httpd request processing cycle diagram found here : http://perl.apache.org/docs/2.0/user/handlers/http.html That page is part of the mod_perl documentation, explaining how the Apache/perl integration works. But since mod_perl digs deep inside Apache httpd, the various stages of request processing by mod_perl follow the internal Apache httpd cycle very closely. For example, it helps in figuring out at what stage and in what order things like mod_rewrite, JkMount, Location, content handlers etc.. play a role, how they combine, and at which level you can intervene to do what. It must exist somewhere, but I have not yet found an original Apache httpd document which explains these things so well. Forget the perl-specific stuff that you find there, just follow the explanations and the links. It is really a good tutorial into the insides of Apache httpd's request processing. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
Hi Shay Still having problems with reading html form with servlet. We only have a small number of servlets and would choose not to place them in a package at this point in time. I understand your naming of package com.company.project, can you replace com\mycompany\Myservlet.class. What is the link between them. I noted your comment on web.xml file Have been using tomcat for 3/4 years and have most probably got away with murder using invoker servlet and mapping of. I attach a file with html form action, server start up log, web.xml file and error http 404 We only have a small number of servlets and would choose not to place them in a package at this point in time. I understand your naming of package com.company.project, can you replace com\mycompany\ On 28 June 2010 13:26, Shay Rojansky r...@roji.org wrote: Hi John. Both John and I were right... Moving your directory outside ROOT was the first step. Now, in your web.xml, the servlet-class element is wrong. It should contain a servlet class that should be found under your WEB-INF/classes directory. So if you want to reference the class that you have under comlinks\WEB-INF\classes\com\mycompany\MyServlet.class, simply put com.mycompany.MyServlet in the servlet-class element. By the way, it's hard to tell what your class name and package actually are. It's a good idea to follow conventions and place it in a package called com.company.project Shay On Mon, Jun 28, 2010 at 5:11 AM, John Byrne jbmulti...@gmail.com wrote: Hi Shay copy of directory structure C:\Tomcat 6.0\webapps\comlinks\WEB-INF\classes I have changed this it incorporate your suggestions. I attach a copy of web.xml many thanks for your help. Kind Regards John On 27 June 2010 15:54, Shay Rojansky r...@roji.org wrote: John, Can you please send your web.xml as well? I would be it's a misconfigured servlet in there (the WEB-INF should not be part of the class package name, as it appears in your error log). Shay On Sun, Jun 27, 2010 at 7:55 AM, John Byrne jbmulti...@gmail.com wrote: Hi Have installed tomcat 6.0.26 on windows 7. Have installed jdk1.6.0_20 to use with tomcat The javac and java commands both give correct response at dos prompt. The log for server start up reports no errors. The index page displays ok The manager page displays ok The example HelloWorld works ok The application webpages display ok. The problem appears to be with the servlet that reads the form data in html page. I use default install structure for tomcat. I add a applications folder under TOMCAT 6.0\webapps\ROOT\myfoloder Also add classes folder under tomcat 6.0\webapps\ROOT\WEB-INF\classes I attach copy of server start up log and http 500 error text when I use the submit button on html page to activate servlet. would greatly appreciate your help. John Byrne -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne 01-Jul-2010 10:04:06 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performan e in production environments was not found on the java.library.path: C:\Tomcat .0\bin;.;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:\PROGRAM FILE \Jdk1.6.0_20\BIN 01-Jul-2010 10:04:06 org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-80 01-Jul-2010 10:04:06 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 956 ms 01-Jul-2010 10:04:06 org.apache.catalina.core.StandardService start INFO: Starting service Catalina 01-Jul-2010 10:04:06 org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.26 01-Jul-2010 10:04:06 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor host-manager.xml 01-Jul-2010 10:04:07 org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor manager.xml 01-Jul-2010 10:04:07 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory comlinks 01-Jul-2010 10:04:07 org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory docs
Re: Tomcat 6.0.26
On 01/07/2010 10:48, John Byrne wrote: Hi Shay Still having problems with reading html form with servlet. We only have a small number of servlets and would choose not to place them in a package at this point in time. I understand your naming of package com.company.project, can you replace com\mycompany\Myservlet.class. What is the link between them. I noted your comment on web.xml file Have been using tomcat for 3/4 years and have most probably got away with murder using invoker servlet and mapping of. I attach a file with html form action, server start up log, web.xml file and error http 404 We only have a small number of servlets and would choose not to place them in a package at this point in time. Fail. I understand your naming of package com.company.project, can you replace com\mycompany\ You must put your servlets in a package - it's trivial to do so and bad practice not to. The package corresponds to the directory structure. com.mycompany.webstuff.Form1Servlet is placed: myApp/WEB-INF/classes/com/mycompany/webstuff/Form1Servlet.class You can use any package structure you like, the above is an example of the convention for a COMpany, called 'My Company', with a library of code called 'Web Stuff'. If you don't want a deep folder tree, just use a single directory: package formprocessors; public class Form1Servlet extends HttpServlet { ... Full class reference: formprocessors.Form1Servlet Location: myApp/WEB-INF/classes/formprocessors/Form1Servlet.class p On 28 June 2010 13:26, Shay Rojansky r...@roji.org wrote: Hi John. Both John and I were right... Moving your directory outside ROOT was the first step. Now, in your web.xml, the servlet-class element is wrong. It should contain a servlet class that should be found under your WEB-INF/classes directory. So if you want to reference the class that you have under comlinks\WEB-INF\classes\com\mycompany\MyServlet.class, simply put com.mycompany.MyServlet in the servlet-class element. By the way, it's hard to tell what your class name and package actually are. It's a good idea to follow conventions and place it in a package called com.company.project Shay On Mon, Jun 28, 2010 at 5:11 AM, John Byrne jbmulti...@gmail.com wrote: Hi Shay copy of directory structure C:\Tomcat 6.0\webapps\comlinks\WEB-INF\classes I have changed this it incorporate your suggestions. I attach a copy of web.xml many thanks for your help. Kind Regards John On 27 June 2010 15:54, Shay Rojansky r...@roji.org wrote: John, Can you please send your web.xml as well? I would be it's a misconfigured servlet in there (the WEB-INF should not be part of the class package name, as it appears in your error log). Shay On Sun, Jun 27, 2010 at 7:55 AM, John Byrne jbmulti...@gmail.com wrote: Hi Have installed tomcat 6.0.26 on windows 7. Have installed jdk1.6.0_20 to use with tomcat The javac and java commands both give correct response at dos prompt. The log for server start up reports no errors. The index page displays ok The manager page displays ok The example HelloWorld works ok The application webpages display ok. The problem appears to be with the servlet that reads the form data in html page. I use default install structure for tomcat. I add a applications folder under TOMCAT 6.0\webapps\ROOT\myfoloder Also add classes folder under tomcat 6.0\webapps\ROOT\WEB-INF\classes I attach copy of server start up log and http 500 error text when I use the submit button on html page to activate servlet. would greatly appreciate your help. John Byrne -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly
rahul wrote: 1. Replacing the Windows war file with the one in UNIX, works fine. 2. Replacing the UNIX war file with that in Windows mis-behaves. Please clarify what windows-war and unix-war mean. So, in other words does it mean: If you take old war file, that runs on Tomcat 4.x, from Solaris box and deploy it on new Tomcat on Windows box it runs fine. If you build new war file on Windows box, deploy it on new Tomcat on Windows box it runs fine. But if deploy the same war file on new Tomcat on Solaris box it misbehaves. Is that correct? If so, I guess that either your build process is platform dependant, or there are differences between Tomcat setups (Windows vs Solaris). -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
Hi. pid's right - you should really put your classes in packages (although I'm pretty sure it's not technically mandatory). But looking at your attached files, I think I see another problem - confusion between the Java class package and the servlet mapping. In the web.xml servlet element, you reference a Java class and give it a servlet name. Looking at your web.xml, I see a ukjava1900 servlet with the class com.multitel.ukjava1900. This means that you must have a myApp\WEB-INF\classes\com\multitel\ukjava1900.class in your webapp. All good till now. The web.xml servlet-mapping element maps a servlet name (defined above) to actual URLs that will be used to access that webapp. This URL has nothing to do with the Java class. In your web.xml, I see url-pattern/com/multitel/ukjava1900/url-pattern - this is wrong (unless you want users to access /servlet/com/multitel/ukjava1900). Change this to url-pattern/ukjava1900/url-pattern and it should work. Try to understand the difference between your Java classes, their packages and the directory hierarchy under WEB-INF\classes on the one hand, and the URL namespace of your webapp on the other. Shay On Thu, Jul 1, 2010 at 5:48 AM, John Byrne jbmulti...@gmail.com wrote: Hi Shay Still having problems with reading html form with servlet. We only have a small number of servlets and would choose not to place them in a package at this point in time. I understand your naming of package com.company.project, can you replace com\mycompany\Myservlet.class. What is the link between them. I noted your comment on web.xml file Have been using tomcat for 3/4 years and have most probably got away with murder using invoker servlet and mapping of. I attach a file with html form action, server start up log, web.xml file and error http 404 We only have a small number of servlets and would choose not to place them in a package at this point in time. I understand your naming of package com.company.project, can you replace com\mycompany\ On 28 June 2010 13:26, Shay Rojansky r...@roji.org wrote: Hi John. Both John and I were right... Moving your directory outside ROOT was the first step. Now, in your web.xml, the servlet-class element is wrong. It should contain a servlet class that should be found under your WEB-INF/classes directory. So if you want to reference the class that you have under comlinks\WEB-INF\classes\com\mycompany\MyServlet.class, simply put com.mycompany.MyServlet in the servlet-class element. By the way, it's hard to tell what your class name and package actually are. It's a good idea to follow conventions and place it in a package called com.company.project Shay On Mon, Jun 28, 2010 at 5:11 AM, John Byrne jbmulti...@gmail.com wrote: Hi Shay copy of directory structure C:\Tomcat 6.0\webapps\comlinks\WEB-INF\classes I have changed this it incorporate your suggestions. I attach a copy of web.xml many thanks for your help. Kind Regards John On 27 June 2010 15:54, Shay Rojansky r...@roji.org wrote: John, Can you please send your web.xml as well? I would be it's a misconfigured servlet in there (the WEB-INF should not be part of the class package name, as it appears in your error log). Shay On Sun, Jun 27, 2010 at 7:55 AM, John Byrne jbmulti...@gmail.com wrote: Hi Have installed tomcat 6.0.26 on windows 7. Have installed jdk1.6.0_20 to use with tomcat The javac and java commands both give correct response at dos prompt. The log for server start up reports no errors. The index page displays ok The manager page displays ok The example HelloWorld works ok The application webpages display ok. The problem appears to be with the servlet that reads the form data in html page. I use default install structure for tomcat. I add a applications folder under TOMCAT 6.0\webapps\ROOT\myfoloder Also add classes folder under tomcat 6.0\webapps\ROOT\WEB-INF\classes I attach copy of server start up log and http 500 error text when I use the submit button on html page to activate servlet. would greatly appreciate your help. John Byrne -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design.
Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly
Hello Miki Thanks for your inputs. UNIX war means the war file deployed in UNIX environment and Windows war means the war file deployed in Windows. So, as I said that when I just transfer the war file from Windows to UNIX, it mis-bheaves the way I specified. On the other hand, if I transfer the war file from UNIX to Windows, it works perfectly. So, I guess that refutes the conception that the build process is platform dependent. I can agree with the Tomcat Setup part. But what? I have been unable to figure that out for this is the third day now. Thanks and Regards, Rahul --- On Thu, 7/1/10, Mikolaj Rydzewski m...@ceti.pl wrote: From: Mikolaj Rydzewski m...@ceti.pl Subject: Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly To: Tomcat Users List users@tomcat.apache.org Date: Thursday, July 1, 2010, 4:05 PM rahul wrote: 1. Replacing the Windows war file with the one in UNIX, works fine. 2. Replacing the UNIX war file with that in Windows mis-behaves. Please clarify what windows-war and unix-war mean. So, in other words does it mean: If you take old war file, that runs on Tomcat 4.x, from Solaris box and deploy it on new Tomcat on Windows box it runs fine. If you build new war file on Windows box, deploy it on new Tomcat on Windows box it runs fine. But if deploy the same war file on new Tomcat on Solaris box it misbehaves. Is that correct? If so, I guess that either your build process is platform dependant, or there are differences between Tomcat setups (Windows vs Solaris). -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
On 01/07/2010 13:26, Shay Rojansky wrote: /servlet/com/multitel/ukjava1900). Change this to /servlet/ukjava1900 according to the HTML form 'action' attribute. Also, a minor pedantic note: conventionally, classes are defined with capitalised names. So one would expect to see it called com.multitel.UkJava1900.class p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly
On 01/07/2010 13:34, rahul wrote: Hello Miki Thanks for your inputs. UNIX war means the war file deployed in UNIX environment and Windows war means the war file deployed in Windows. So, as I said that when I just transfer the war file from Windows to UNIX, it mis-bheaves the way I specified. On the other hand, if I transfer the war file from UNIX to Windows, it works perfectly. So, I guess that refutes the conception that the build process is platform dependent. I can agree with the Tomcat Setup part. But what? I have been unable to figure that out for this is the third day now. What are you doing to build the .war, running an Ant script perhaps? Does your build process include OS specific configuration? Where are the OS specific configuration files you mentioned placed on the filing system? What is different about the server.xml, in the two different Tomcat installations? What do the logs says during startup in each Tomcat? (You might clear the logs and start a fresh one for each server) p Thanks and Regards, Rahul --- On Thu, 7/1/10, Mikolaj Rydzewski m...@ceti.pl wrote: From: Mikolaj Rydzewski m...@ceti.pl Subject: Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly To: Tomcat Users List users@tomcat.apache.org Date: Thursday, July 1, 2010, 4:05 PM rahul wrote: 1. Replacing the Windows war file with the one in UNIX, works fine. 2. Replacing the UNIX war file with that in Windows mis-behaves. Please clarify what windows-war and unix-war mean. So, in other words does it mean: If you take old war file, that runs on Tomcat 4.x, from Solaris box and deploy it on new Tomcat on Windows box it runs fine. If you build new war file on Windows box, deploy it on new Tomcat on Windows box it runs fine. But if deploy the same war file on new Tomcat on Solaris box it misbehaves. Is that correct? If so, I guess that either your build process is platform dependant, or there are differences between Tomcat setups (Windows vs Solaris). -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
RE: need help setting up tomcat with ssl client authentication
I changed server.xml to: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=true keystoreFile=/server.ks keystorePass=MC126801$ keystoreType=JKS keyAlias=tomcat truststoreFile=/server.ks truststorePass=MC126801$ truststoreType=JKS sslProtocol=TLS / and now it works with all clients, firefox, openssl s_client, and php client thanks for you all your help, its much appreciated :) From: users-return-214184-racarlson=mediacomcc@tomcat.apache.org [users-return-214184-racarlson=mediacomcc@tomcat.apache.org] On Behalf Of Christopher Schultz [ch...@christopherschultz.net] Sent: Wednesday, June 30, 2010 9:40 PM To: Tomcat Users List Subject: Re: need help setting up tomcat with ssl client authentication -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralph, On 6/30/2010 5:07 PM, Ralph Carlson wrote: (d) have client Authorization on - with it off tomcat ssl works just fine, when its turned on I get this error so far I have been following the steps listed in this tomcat user group message http://marc.info/?l=tomcat-userm=106293430225790w=2 Try something a bit more recent than 2003. I was able to get client certs working with my own CA, and I was manually checking the client cert instead of having Tomcat do it. However, if your code can do it, so can Tomcat. Try reading-through this thread: http://markmail.org/message/kzxsamuiu6bldjmv Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=true keystoreFile=/server.ks keystorePass=[...] sslProtocol=TLS / I think you also need a truststoreFile and friends. Try re-reading the Connector documentation at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html specifically looking for client cert. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwr8f0ACgkQ9CaO5/Lv0PDFxQCcDrMdAJbl0adm44Dgnyd6fWqV aPEAnjPNCOXwmU847G/7IvZuBU9hnK2A =mNS+ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
That wont work either because like I said before, the application is not really using SSL. The SSL is handled by the load balancers. If we use anything that forces SSL it will fail for the other framework which does not use SSL. On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / There's no need to set SSLProtocol or SSLEnabled (you're not using SSL, remember), they will default to false. The link to the documentation is correct. However the properties of the connector are confusing to me. For example SSLEnabled if fairly obvious but secure it confusing. Not sure under what context I need to set this. You can set these to different values, for instance, to instruct the server to report connections as secure even when they aren't actually tunneled through SSL (as above). The application always uses relative paths so whatever protocol the framework is using will be what is returned in the page. Good. How about redirects? I have also tried setting the redirect port thinking I can redirect requests to 443 to the port 80 internally and scheme to 'https'. This actually had the effect of making one framework (the one with https) work but broke the other. The redirect port is only used when the server decides that a webapp requires a secure connection (see transport-guarantee in web.xml), and the server issues a redirect to the client to upgrade the connection to HTTPS. The default is 443, so if a client arrives on port 80, they will be redirected to the same URL except with https:// on the front and the port added if it's not the default of 443. Now, you have to remember that the port number that does out attached to a redirect URL (say, https://myhost:443/foo/bar) is probably the port on the load-balancer the client will hit, not necessarily the port on the local machine. The
Re: need help setting up tomcat with ssl client authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ralph, On 7/1/2010 9:28 AM, Ralph Carlson wrote: I changed server.xml to: Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=true keystoreFile=/server.ks keystorePass=MC126801$ keystoreType=JKS keyAlias=tomcat truststoreFile=/server.ks truststorePass=MC126801$ truststoreType=JKS sslProtocol=TLS / and now it works with all clients, firefox, openssl s_client, and php client thanks for you all your help, its much appreciated :) Glad you got it working. I might separate the keystore from the truststore, just to give you greater flexibility. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwsnSwACgkQ9CaO5/Lv0PA7TgCeMiz/a7dBr/GJudFzWam2K+MG wj0An0l+M/7SNSYi2TOsDpcv+ljp251Z =XwZa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
InvokerServlet
Hello, Tomcat 7 don't have the implementation for the org.apache.catalina.servlets.InvokerServlet, do any reason? Bests regards, Reinaldo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
On 01/07/2010 14:49, John-Paul Ranaudo wrote: That wont work either because like I said before, the application is not really using SSL. The SSL is handled by the load balancers. Either I'm confused, or you are. In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections, but the application must be using it - or you wouldn't need the second connector with 'scheme=https'. Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net mailto:ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1 connectionTimeout=2 scheme=https - so request.getScheme returns correct value secure=true - so request.isSecure returns correct value / There's no need to set SSLProtocol or SSLEnabled (you're not using SSL, remember), they will default to false. The link to the documentation is correct. However the properties of the connector are confusing to me. For example SSLEnabled if fairly obvious but secure it confusing. Not sure under what context I need to set this. You can set these to different values, for instance, to
RE: InvokerServlet
From: Reinaldo [mailto:reinaldo.be...@gmail.com] Subject: InvokerServlet Tomcat 7 don't have the implementation for the org.apache.catalina.servlets.InvokerServlet, do any reason? Because it was a really stupid and dangerous idea from the beginning. Sorry it took so long to get rid of it. http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q2 http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q3 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: InvokerServlet
Reinaldo wrote: Hello, Tomcat 7 don't have the implementation for the org.apache.catalina.servlets.InvokerServlet, do any reason? Maybe because of this : http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q3 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
Hi This is the first line in my java servlet ukjava1900 it compiles OK package formprocessors; is it complete? I attach copy of my web.xml which i think is OK? Kind regards John On 1 July 2010 14:08, Pid p...@pidster.com wrote: On 01/07/2010 13:26, Shay Rojansky wrote: /servlet/com/multitel/ukjava1900). Change this to /servlet/ukjava1900 according to the HTML form 'action' attribute. Also, a minor pedantic note: conventionally, classes are defined with capitalised names. So one would expect to see it called com.multitel.UkJava1900.class p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne ?xml version=1.0 encoding=ISO-8859-1? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 display-nameWelcome to Mult-i-tel International/display-name description Welcome to Mult-i-tel International /description servlet servlet-nameukjava1900/servlet-name servlet-classwebapps/comlinks/WEB-INF/classes/formprocessors/ukjava1900/servlet-class /servlet servlet-mapping servlet-nameukjava1900/servlet-name url-pattern/ukjava1900/url-pattern /servlet-mapping /web-app - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Change Tomcat's bind address?
Hi, to change tomcat's bind adress, add address in connector exemple: Connector port=8080 protocol=HTTP/1.1 address=192.168.1.10 connectionTimeout=2 redirectPort=8443 / then to test, run netstat command [r...@localhost]# netstat -an | grep 8080 tcp0 0 192.168.1.10:80800.0.0.0:* LISTEN [r...@localhost]# Regards, Abdelkader YEDDES -- View this message in context: http://old.nabble.com/Change-Tomcat%27s-bind-address--tp20480282p29046679.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
I am confused no doubt. What you say here is correct: *In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections* * * *I think I understand what you mean by redirecting. Our current configuration. Framework A does not use SSL thus uses connector port 80. Framework B, the problem, uses SSL/port 443. * * * * Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / (Used by framework A) Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / (Used by framework B) Now I could change the port 80 connector to have a redirectPort attribute like so: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443/ The problem with this approach is that framework A which does not use SSL now will use it via he redirect port. We'll then get the same mixed content warnings in the browser. I hope this explains the problem more clearly. * Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net mailto:ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am assuming I do not have to setup SSL (certificates etc) since my load balancer is decoding the connection. So even if the load balancer is decoding the connection I still have to have SSLEnabled=true? No, Pid was saying that setting one of the two options (SSLEnabled and secure) to true makes sense... setting both to false is not particularly useful. However if I do, does this not make Tomcat try and decode the connection? Yes, setting SSLEnabled=true will make the connector try to perform the decryption. *Which is the root of my problem. How to use the HTTPS protocol without having Tomcat decrypt the connection since the load balancer has done this for me. * It sounds like you just want Tomcat to know that the connection is secure, but without actually doing the decryption. You should be able to do it like this: Connector port=443 - this is the port that the LB talks to protocol=HTTP/1.1
Servlet mapping question -- way to include everythign EXCEPT a directory?
Hi, I'm using Tomcat 6.0.26. I want to map all of my /play/sports/* files to a servlet, except the subdirectory, /play/sports/includes/*. I don't know how to specify not in a mapping, so I only have ... servlet-mapping servlet-nameSportsSearchServlet/servlet-name url-pattern/play/sports/*/url-pattern /servlet-mapping What would I need to add to exclude directories matching /play/sports/includes/*? Thanks, - Dave -- View this message in context: http://old.nabble.com/Servlet-mapping-questionway-to-include-everythign-EXCEPT-a-directory--tp29046779p29046779.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.26
From: John Byrne [mailto:jbmulti...@gmail.com] Subject: Re: Tomcat 6.0.26 is it complete? Not sure what you're asking. I attach copy of my web.xml which i think is OK? No, your servlet-class value is very, very wrong. It should be: servlet-classformprocessors.ukjava1900/servlet-class - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
On 01/07/2010 15:52, John Byrne wrote: Hi This is the first line in my java servlet ukjava1900 it compiles OK package formprocessors; is it complete? Yes. It wouldn't compile otherwise. 'UkJava1900' would be better than 'ukjava1900'/pedant I attach copy of my web.xml which i think is OK? The list often strips attachments. Please post inline, with comments removed, in future. It makes it easier to point out edits inline, as below. (It will also preserve the information you supplied for the achives so others can learn too). You posted: web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 display-nameWelcome to Mult-i-tel International/display-name description Welcome to Mult-i-tel International /description servlet servlet-nameukjava1900/servlet-name servlet-classwebapps/comlinks/WEB-INF/classes/formprocessors/ukjava1900/servlet-class ^^ This is incorrect: don't put a path here, just specify the classname, which is currently formprocessors.ukjava1900, a Servlet Container will find it automatically. /servlet servlet-mapping servlet-nameukjava1900/servlet-name url-pattern/ukjava1900/url-pattern /servlet-mapping /web-app Which web.xml is this? The one from comlinks/WEB-INF/web.xml, or somewhere else? p Kind regards John On 1 July 2010 14:08, Pid p...@pidster.com wrote: On 01/07/2010 13:26, Shay Rojansky wrote: /servlet/com/multitel/ukjava1900). Change this to /servlet/ukjava1900 according to the HTML form 'action' attribute. Also, a minor pedantic note: conventionally, classes are defined with capitalised names. So one would expect to see it called com.multitel.UkJava1900.class p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org signature.asc Description: OpenPGP digital signature
Re: JK connector and extra characters showing up
First let me thank everyone for looking at this. Now I'll try to answer some of the questions and clear up the confusion (if I can). All these dumps are from responses and not request. I'll post more complete dumps at he end of this message. The first one is the communications between tomcat and the web server, AJP protocol. Since it was the same for both Apache and SunOne I only posted one of them. The second and third are from between a browser and the web server, Apache and SunOne. The only difference is the web server and the JK connector (mod_jk vs jk_nsapi). Same tomcat, application, file (style sheet), browser, servers, and network. Now here's what I'm seeing. In dump A (tomcat jk) in packet 2 at line 00c0 look at the end of the line's hex. It's 03 1f f8 40. Pay attention to the 1f f8, it shows up latter. In dump B (Apache) in packet 2 at line 0130 towards the end of the line of hex is 0d 0a 0d 0a (CR LF CR LF). Normal Now in dump C (SunOne) in packet 2 at line 0130 towards the beginning is 0d 0a 31 66 66 38 0d 0a or CR LF 1f f8 CR LF. It seems to me that the hex 1f f8 seen the first dump is making its way into the output in the third dump. I'm thinking there's a difference in the behavior of the JK connector between Apache and SunOne. Now for some background. We've been running this setup for 6 or 7 years now without a problem. Browsers, wget, curl, Squid are not affected by this, maybe they see the break between header and body as the second CR LF. Recently we've tried using Varnish as our cache and it seems to see the break as the first CR LF and included the 1f f8 in the body of the response. This is where we are seeing errors. Yes, i am posting to Varnish's mailing list to to see if they can help. So I ether need consistent output from the JK connector or for Varnish to break the header/body at the second CR LF. Here's more dump for your reading pleasure A) Tomcat to web server (response) AJP Packet #1 0e 91 b2 32 3b 90 00 03 ba ec ea 76 08 00 45 00 ...2;..v..E. 0010 01 eb 4e 1a 40 00 40 06 00 00 c0 a8 b6 20 c0 a8 @.@.. .. 0020 b6 1e 80 7c 1f 49 ff 04 18 db e5 67 e9 83 50 18 ...|.I.g..P. 0030 c1 e8 00 00 00 00 12 34 01 bf 02 02 00 08 48 54 ...4..HT 0040 54 50 2f 31 2e 31 00 00 2b 2f 63 6f 6d 70 6f 6e TP/1.1..+/compon 0050 65 6e 74 73 2f 72 65 73 6f 75 72 63 65 73 2f 63 ents/resources/c 0060 73 73 2f 74 70 63 2d 61 67 67 72 65 67 61 74 65 ss/tpc-aggregate 0070 2e 63 73 73 00 00 0e 31 39 32 2e 31 36 38 2e 32 .css...192.168.2 0080 31 30 2e 36 35 00 ff ff 00 08 77 65 62 61 70 70 10.65.webapp 0090 2d 66 00 00 50 00 00 09 a0 0b 00 08 77 65 62 61 -f..P...weba 00a0 70 70 2d 66 00 a0 0e 00 61 4d 6f 7a 69 6c 6c 61 pp-faMozilla 00b0 2f 35 2e 30 20 28 4d 61 63 69 6e 74 6f 73 68 3b /5.0 (Macintosh; 00c0 20 55 3b 20 49 6e 74 65 6c 20 4d 61 63 20 4f 53 U; Intel Mac OS 00d0 20 58 20 31 30 2e 35 3b 20 65 6e 2d 55 53 3b 20 X 10.5; en-US; 00e0 72 76 3a 31 2e 39 2e 31 2e 31 30 29 20 47 65 63 rv:1.9.1.10) Gec 00f0 6b 6f 2f 32 30 31 30 30 35 30 34 20 46 69 72 65 ko/20100504 Fire 0100 66 6f 78 2f 33 2e 35 2e 31 30 00 a0 01 00 3f 74 fox/3.5.10?t 0110 65 78 74 2f 68 74 6d 6c 2c 61 70 70 6c 69 63 61 ext/html,applica 0120 74 69 6f 6e 2f 78 68 74 6d 6c 2b 78 6d 6c 2c 61 tion/xhtml+xml,a 0130 70 70 6c 69 63 61 74 69 6f 6e 2f 78 6d 6c 3b 71 pplication/xml;q 0140 3d 30 2e 39 2c 2a 2f 2a 3b 71 3d 30 2e 38 00 00 =0.9,*/*;q=0.8.. 0150 0f 41 63 63 65 70 74 2d 4c 61 6e 67 75 61 67 65 .Accept-Language 0160 00 00 0e 65 6e 2d 75 73 2c 65 6e 3b 71 3d 30 2e ...en-us,en;q=0. 0170 35 00 00 0f 41 63 63 65 70 74 2d 45 6e 63 6f 64 5...Accept-Encod 0180 69 6e 67 00 00 0c 67 7a 69 70 2c 64 65 66 6c 61 ing...gzip,defla 0190 74 65 00 00 0e 41 63 63 65 70 74 2d 43 68 61 72 te...Accept-Char 01a0 73 65 74 00 00 1e 49 53 4f 2d 38 38 35 39 2d 31 set...ISO-8859-1 01b0 2c 75 74 66 2d 38 3b 71 3d 30 2e 37 2c 2a 3b 71 ,utf-8;q=0.7,*;q 01c0 3d 30 2e 37 00 00 0a 4b 65 65 70 2d 41 6c 69 76 =0.7...Keep-Aliv 01d0 65 00 00 03 33 30 30 00 a0 06 00 0a 6b 65 65 70 e...300.keep 01e0 2d 61 6c 69 76 65 00 a0 08 00 01 30 00 06 00 07 -alive.0 01f0 77 6f 72 6b 65 72 36 00 ff worker6.. Packet #2 00 03 ba ec ea 76 0e 91 b2 32 3b 90 08 00 45 00 .v...2;...E. 0010 05 dc 5b f5 40 00 3c 06 ef 96 c0 a8 b6 1e c0 a8 @.. 0020 b6 20 1f 49 80 7c e5 67 e9 83 ff 04 1a 9e 50 10 . .I.|.g..P. 0030 c1 e8 1b f3 00 00 41 42 00 8e 04 00 c8 00 02 4f ..AB...O 0040 4b 00 00 04 00 04 45 54 61 67 00 00 17 57 2f 22 K.ETag...W/ 0050 32 32 33 37 33 2d 31 32 37 37 34 39 39 37 33 39 22373-1277499739 0060 30 30 30 22 00 00 0d 4c 61 73 74 2d 4d 6f 64 69 000...Last-Modi 0070 66 69 65 64 00 00 1d 46 72 69 2c 20 32 35 20 4a fied...Fri, 25 J 0080 75 6e 20 32 30 31 30 20 32 31 3a 30 32 3a 31 39 un
RE: Servlet mapping question -- way to include everythign EXCEPT a directory?
From: laredotornado [mailto:laredotorn...@gmail.com] Subject: Servlet mapping question -- way to include everythign EXCEPT a directory? I don't know how to specify not in a mapping That's because you can't specify a not. What you can do is specify what should handle /play/sports/includes/* - such as the DefaultServlet or perhaps some error handler. The servlet spec requires that the container match against the longest pattern first, so the more specific will override the more general. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
On 01/07/2010 16:01, John-Paul Ranaudo wrote: I am confused no doubt. What you say here is correct: /In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections/ / / /I think I understand what you mean by redirecting. Our current configuration. Framework A does not use SSL thus uses connector port 80. Framework B, the problem, uses SSL/port 443. / It might help illuminate matters if you explain exactly what Frameworks A B actually are. Are they separate web applications? How do they relate to each other, are they on separate URLs? Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / (Used by framework A) Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / (Used by framework B) Now I could change the port 80 connector to have a redirectPort attribute like so: / Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443/ The problem with this approach is that framework A which does not use SSL now will use it via he redirect port. We'll then get the same mixed content warnings in the browser. It won't use it unless it's told to. So what's telling it to? As far as I can see, there's nothing stopping the whole site running under 443, which would prevent you seeing mixed content errors. Have you identified exactly which resources are being served via HTTP within an HTTPS page? What are they? p I hope this explains the problem more clearly. / / Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My first thought is to create two virtual hosts which will then have 2 different server.xml's. If I do this I can tell tomcat to proxy all HTTP (port 80) requests to port 443 but only for that one virtual host (which contains the problem framework). Any thoughts? Thanks and Regards, John-Paul Ranaudo Application Architect On Fri, Jun 25, 2010 at 2:22 PM, Christopher Schultz ch...@christopherschultz.net mailto:ch...@christopherschultz.net mailto:ch...@christopherschultz.net mailto:ch...@christopherschultz.net wrote: John-Paul, On 6/25/2010 1:40 PM, John-Paul Ranaudo wrote: Ok, so I am
RE: JK connector and extra characters showing up
From: David Brown [mailto:captki...@gmail.com] Subject: Re: JK connector and extra characters showing up Now here's what I'm seeing. In dump A (tomcat jk) in packet 2 at line 00c0 look at the end of the line's hex. It's 03 1f f8 40. Pay attention to the 1f f8, it shows up latter. Rainer already told you what the problem is; the webapp is violating the HTTP spec: It *seems* your application sends a Content-Length header and does chunked encoding at the same time. That's an invalid response. Your Apache snippet shows that it clears that up by dropping the Content-Length header. The SunONE snippet shows that combination send both variants and confuses the client. The root cause though would sit in your webapp, which needs to decide to send Content-Length only if it is not doing Transfer-Encoding chunked. httpd cleans up your error, but SunONE isn't that smart. Fix your webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Servlet mapping question -- way to include everythign EXCEPT a directory?
I like your idea about specifying the DefaultServlet, but what do you mean by the DefaultServlet ? - Dave n828cl wrote: From: laredotornado [mailto:laredotorn...@gmail.com] Subject: Servlet mapping question -- way to include everythign EXCEPT a directory? I don't know how to specify not in a mapping That's because you can't specify a not. What you can do is specify what should handle /play/sports/includes/* - such as the DefaultServlet or perhaps some error handler. The servlet spec requires that the container match against the longest pattern first, so the more specific will override the more general. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/Servlet-mapping-questionway-to-include-everythign-EXCEPT-a-directory--tp29046779p29047783.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet mapping question -- way to include everythign EXCEPT a directory?
On Thu, Jul 1, 2010 at 9:24 AM, laredotornado laredotorn...@gmail.com wrote: I like your idea about specifying the DefaultServlet, but what do you mean by the DefaultServlet ? - Dave http://www.google.com/search?q=tomcat+DefaultServlet -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Servlet mapping question -- way to include everythign EXCEPT a directory?
From: laredotornado [mailto:laredotorn...@gmail.com] Subject: RE: Servlet mapping question -- way to include everythign EXCEPT a directory? I like your idea about specifying the DefaultServlet, but what do you mean by the DefaultServlet ? Tomcat's built-in servlet that handles all static content. It's defined in the global conf/web.xml, and thus included in all deployed webapps: servlet servlet-namedefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class ...snip... /servlet It has this mapping: servlet-mapping servlet-namedefault/servlet-name url-pattern//url-pattern /servlet-mapping so it gets to process anything that doesn't match any other mapping. Just add this to your webapp's WEB-INF/web.xml: servlet-mapping servlet-namedefault/servlet-name url-pattern/play/sports/includes/*/url-pattern servlet-mapping - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
problem in deplyong war file
Hi, I tried to deploying .war file into Tomcat, But when i login to the manager interface page, the running column, it shows fail . How can i make it to become true ? Please advice. Looking forward to hear from you. Thanks in advance, Allen -- View this message in context: http://old.nabble.com/problem-in-deplyong-war-file-tp29047956p29047956.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Servlet mapping question -- way to include everythign EXCEPT a directory?
Caldarale, Charles R wrote: From: laredotornado [mailto:laredotorn...@gmail.com] Subject: RE: Servlet mapping question -- way to include everythign EXCEPT a directory? I like your idea about specifying the DefaultServlet, but what do you mean by the DefaultServlet ? Tomcat's built-in servlet that handles all static content. It's defined in the global conf/web.xml, and thus included in all deployed webapps: servlet servlet-namedefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class ...snip... /servlet It has this mapping: servlet-mapping servlet-namedefault/servlet-name url-pattern//url-pattern /servlet-mapping so it gets to process anything that doesn't match any other mapping. Just add this to your webapp's WEB-INF/web.xml: servlet-mapping servlet-namedefault/servlet-name url-pattern/play/sports/includes/*/url-pattern servlet-mapping - Chuck If it isn't yet the case, this might be worth a short Wiki article, including the short explanation above. While it is true that this can be derived from the page at http://tomcat.apache.org/tomcat-6.0-doc/default-servlet.html I still believe it is not so evident for a beginner. That page gives a complicated example to do with listings, but the OP's question is in fact a fairly basic and recurrent one. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem in deplyong war file
On 01/07/2010 17:39, allensim wrote: Hi, I tried to deploying .war file into Tomcat, But when i login to the manager interface page, the running column, it shows fail . How can i make it to become true ? Please read: http://catb.org/esr/faqs/smart-questions.html ... then provide your exact Tomcat, JVM, OS versions. Information and stack traces from the Tomcat logs will also be useful. p signature.asc Description: OpenPGP digital signature
Re: problem in deplyong war file
Pid wrote: On 01/07/2010 17:39, allensim wrote: Hi, I tried to deploying .war file into Tomcat, But when i login to the manager interface page, the running column, it shows fail . How can i make it to become true ? Please read: http://catb.org/esr/faqs/smart-questions.html ... then provide your exact Tomcat, JVM, OS versions. Information and stack traces from the Tomcat logs will also be useful. Alternatively: it is difficult to do this on a screen. But if you print the screen, you could use tip-ex. I would rather recommend the method above however. Look in the Tomcat logfiles, under the tomcat/logs directory. One of them should tell you why the application fails to load. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
On 1 July 2010 16:25, Pid p...@pidster.com wrote: On 01/07/2010 15:52, John Byrne wrote: Hi Chuck Please find details of setup copied below FORM action=/UkJava1900 method=post name=payform onsubmit = return formCheck() The servlet and servlet-mapping tags both copied from webapps/myapp/WEB-INF/web.xml servlet servlet-nameUkJava1900/servlet-name servlet-classformprocessors.UkJava1900/servlet-class /servlet servlet-mapping servlet-nameUkJava1900/servlet-name url-pattern/UkJava1900/url-pattern /servlet-mapping http status 404 description The requested resource (/UkJava1900d=%22post%22) is not available. I have attempted to comply with your request below, please confirm the format of this email is acceptable. The list often strips attachments. Please post inline, with comments removed, in future. It makes it easier to point out edits inline, as below. (It will also preserve the information you supplied for the achives so others can learn too). Kind Regards John -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.26
From: John Byrne [mailto:jbmulti...@gmail.com] Subject: Re: Tomcat 6.0.26 description The requested resource (/UkJava1900d=%22post%22) is not available. Which it certainly isn't - your URL is invalid. Perhaps you meant to try: /UkJava1900?=%22post%22 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
Caldarale, Charles R wrote: From: John Byrne [mailto:jbmulti...@gmail.com] Subject: Re: Tomcat 6.0.26 description The requested resource (/UkJava1900d=%22post%22) is not available. Which it certainly isn't - your URL is invalid. Perhaps you meant to try: /UkJava1900?=%22post%22 To me, it looks like it is the Form .. tag of the html page that is incorrect, and results in the bizarre target URL. Please try this : FORM action=/UkJava1900 method=post name=payform onsubmit=return formCheck() - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
On 1 July 2010 19:00, Caldarale, Charles R Dear Chuck Sincere apologies HTTP 404 STATUS description The requested resource (/ukjava1900) is not available. jOHN -- Mult-i-tel better by design. http://www.multitel.co.uk tel: 44(0)151 548 8122 fax: 44(0)709 210 1464 skype jcbyrne - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
I did more tracing and remote debugging and I was mistaken (too many late nights). Each framework is sending us the request via port 80. The problem comes from the fact the one of the frameworks uses HTTPS before the load balancers so when we send back a redirect it is using the wrong scheme. HTTP instead of HTTPS. I need a way of knowing which framework made the request so I can alter the scheme on redirect for just the one framework. btw, the frameworks are proprietary and much like existing portal frameworks. So I am wondering if I can do this with virtual hosts or somehow detect the incoming URL to tell which domain its coming from and handle appropriately. Thanks. On Thu, Jul 1, 2010 at 11:31 AM, Pid p...@pidster.com wrote: On 01/07/2010 16:01, John-Paul Ranaudo wrote: I am confused no doubt. What you say here is correct: /In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections/ / / /I think I understand what you mean by redirecting. Our current configuration. Framework A does not use SSL thus uses connector port 80. Framework B, the problem, uses SSL/port 443. / It might help illuminate matters if you explain exactly what Frameworks A B actually are. Are they separate web applications? How do they relate to each other, are they on separate URLs? Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / (Used by framework A) Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / (Used by framework B) Now I could change the port 80 connector to have a redirectPort attribute like so: / Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443/ The problem with this approach is that framework A which does not use SSL now will use it via he redirect port. We'll then get the same mixed content warnings in the browser. It won't use it unless it's told to. So what's telling it to? As far as I can see, there's nothing stopping the whole site running under 443, which would prevent you seeing mixed content errors. Have you identified exactly which resources are being served via HTTP within an HTTPS page? What are they? p I hope this explains the problem more clearly. / / Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP request so when we send back a redirect we send it back with the wrong scheme (HTTP). So here is my current configuration: Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / Port 443 is not really handling the SSL because the load balancer is. I set secure to true to mark the connections as secure to tomcat and not needing SSL decryption as recommended. The one framework in which uses HTTPS will send most request as HTTPS however the load balancer (for unknown reasons) proxies the request as HTTP (port 80). So now when we send a redirect it's to HTTP (port 80) not HTTPS (port 443). It should be port 443. Any idea how I can handle this in a connector configuration? My
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
thanks for the pointers. However, emptySessionPath - from what I can tell - only deals with paths (not domain). how could I use it do ignore subdomains? On Thu, Jul 1, 2010 at 2:07 AM, Rainer Jung rainer.j...@kippdata.de wrote: On 01.07.2010 03:26, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikita, On 6/30/2010 6:20 PM, Nikita Tovstoles wrote: I'd like to make session cookie domain-wide, and ignore subdomains - in Tomcat 6. You could use the emptySessionPath=true setting in yourConnector. http://tomcat.apache.org/tomcat-6.0-doc/config/http.html The next version of Tomcat 6 to be released will contain configuration options for changing the domain, path and name. Those options will be part of the context element and described on the docs page linked above. The vote for 6.0.28 is happening now, so if nothing bad is found we will have that release in a few days. You can already grab and test it: http://people.apache.org/~jfclere/tomcat-6/v6.0.28/ WARNING: this is not yet an official release! wait for the official release before using it in production. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6.0.26
From: John Byrne [mailto:jbmulti...@gmail.com] Subject: Re: Tomcat 6.0.26 HTTP 404 STATUS description The requested resource (/ukjava1900) is not available. So how is the webapp deployed? Location? Contents of its Context element (and its location)? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
On 01/07/2010 19:38, John-Paul Ranaudo wrote: I did more tracing and remote debugging and I was mistaken (too many late nights). Each framework is sending us the request via port 80. The problem comes from the fact the one of the frameworks uses HTTPS before the load balancers so when we send back a redirect it is using the wrong scheme. HTTP instead of HTTPS. I need a way of knowing which framework made the request so I can alter the scheme on redirect for just the one framework. btw, the frameworks are proprietary and much like existing portal frameworks. So I am wondering if I can do this with virtual hosts or somehow detect the incoming URL to tell which domain its coming from and handle appropriately. I wondering too, but mostly because you're not really giving us any real information about what's happening. The word 'framework' might mean something specific to you, but it doesn't help me understand what's happening on your server(s). We can't help you without accurate and detailed information. I /guess/ that virtual hosts won't help you. I /guess/ that the domain it's coming from won't matter so much as the domain requested. p On Thu, Jul 1, 2010 at 11:31 AM, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 16:01, John-Paul Ranaudo wrote: I am confused no doubt. What you say here is correct: /In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections/ / / /I think I understand what you mean by redirecting. Our current configuration. Framework A does not use SSL thus uses connector port 80. Framework B, the problem, uses SSL/port 443. / It might help illuminate matters if you explain exactly what Frameworks A B actually are. Are they separate web applications? How do they relate to each other, are they on separate URLs? Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / (Used by framework A) Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / (Used by framework B) Now I could change the port 80 connector to have a redirectPort attribute like so: / Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443/ The problem with this approach is that framework A which does not use SSL now will use it via he redirect port. We'll then get the same mixed content warnings in the browser. It won't use it unless it's told to. So what's telling it to? As far as I can see, there's nothing stopping the whole site running under 443, which would prevent you seeing mixed content errors. Have you identified exactly which resources are being served via HTTP within an HTTPS page? What are they? p I hope this explains the problem more clearly. / / Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 03:42, John-Paul Ranaudo wrote: I have now realized the root of the problem. The cause of the problem is that the load balancer will sometimes proxy an HTTPS request as an HTTP
Re: Tomcat 6.0.26
On 01/07/2010 18:55, John Byrne wrote: On 1 July 2010 16:25, Pid p...@pidster.com wrote: On 01/07/2010 15:52, John Byrne wrote: Hi Chuck Please find details of setup copied below FORM action=/UkJava1900 method=post name=payform onsubmit = return formCheck() This formCheck javascript function doesn't mangle the URL does it? The servlet and servlet-mapping tags both copied from webapps/myapp/WEB-INF/web.xml servlet servlet-nameUkJava1900/servlet-name servlet-classformprocessors.UkJava1900/servlet-class /servlet The servlet class file is placed: comlinks/WEB-INF/classes/formprocessors/UkJava1900.class ? servlet-mapping servlet-nameUkJava1900/servlet-name url-pattern/UkJava1900/url-pattern /servlet-mapping http status 404 description The requested resource (/UkJava1900d=%22post%22) is not available. I have attempted to comply with your request below, please confirm the format of this email is acceptable. Much better, thanks. p signature.asc Description: OpenPGP digital signature
Re: SSL and non SSL configuration on tomcat 6.0.26, confused
I wish I could provide more information. At least I have narrowed down the problem. I am having a meeting with the architects of both frameworks today so perhaps I'll get some details. Thanks. On Thu, Jul 1, 2010 at 2:54 PM, Pid p...@pidster.com wrote: On 01/07/2010 19:38, John-Paul Ranaudo wrote: I did more tracing and remote debugging and I was mistaken (too many late nights). Each framework is sending us the request via port 80. The problem comes from the fact the one of the frameworks uses HTTPS before the load balancers so when we send back a redirect it is using the wrong scheme. HTTP instead of HTTPS. I need a way of knowing which framework made the request so I can alter the scheme on redirect for just the one framework. btw, the frameworks are proprietary and much like existing portal frameworks. So I am wondering if I can do this with virtual hosts or somehow detect the incoming URL to tell which domain its coming from and handle appropriately. I wondering too, but mostly because you're not really giving us any real information about what's happening. The word 'framework' might mean something specific to you, but it doesn't help me understand what's happening on your server(s). We can't help you without accurate and detailed information. I /guess/ that virtual hosts won't help you. I /guess/ that the domain it's coming from won't matter so much as the domain requested. p On Thu, Jul 1, 2010 at 11:31 AM, Pid p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 16:01, John-Paul Ranaudo wrote: I am confused no doubt. What you say here is correct: /In your description of the issue so far, you've said that the application *is* using SSL. The load-balancers might be terminating it forwarding unencrypted connections/ / / /I think I understand what you mean by redirecting. Our current configuration. Framework A does not use SSL thus uses connector port 80. Framework B, the problem, uses SSL/port 443. / It might help illuminate matters if you explain exactly what Frameworks A B actually are. Are they separate web applications? How do they relate to each other, are they on separate URLs? Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 / (Used by framework A) Connector port=443 protocol=HTTP/1.1 connectionTimeout=2 scheme=https secure=true / (Used by framework B) Now I could change the port 80 connector to have a redirectPort attribute like so: / Connector port=80 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443/ The problem with this approach is that framework A which does not use SSL now will use it via he redirect port. We'll then get the same mixed content warnings in the browser. It won't use it unless it's told to. So what's telling it to? As far as I can see, there's nothing stopping the whole site running under 443, which would prevent you seeing mixed content errors. Have you identified exactly which resources are being served via HTTP within an HTTPS page? What are they? p I hope this explains the problem more clearly. / / Redirecting as I explained below just means that you can upgrade to HTTPS for specific paths. The load-balancer still handles it. If we use anything that forces SSL it will fail for the other framework which does not use SSL. Why? How are you switching back to HTTP for 'the other framework', once the user has been on a page served under HTTPS? p On Thu, Jul 1, 2010 at 3:59 AM, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com wrote: On 01/07/2010 08:49, John-Paul Ranaudo wrote: No we are not. If the SSL-only resources match a specific path, you can add a security-constraint which doesn't have user roles, but does have a transport-guarantee set to 'CONFIDENTIAL'. The container will automatically upgrade a matching request to HTTPS by redirecting it to the port configured in 'redirectPort' on the HTTP connector. p On 7/1/10, Pid p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com mailto:p...@pidster.com
Re: Tomcat DBCP
On 6/9/2010 2:15 AM, Altanis Alexandros wrote: I have been reading about the new Tomcat DBCP in a couple of blogs lately, as I am interested in Connection Pooling for an application I am working on. Here they are: http://vigilbose.blogspot.com/2009/03/apache-commons-dbcp-and-tomcat-jdbc.html http://www.tomcatexpert.com/blog/2010/04/01/configuring-jdbc-pool-high-concurrency http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html (I'm a little behind on the list, and trying to catch up) Interesting. I was not aware of this other connection pool for Tomcat. I'd be very interested in finding something faster than DBCP, which I have found disappointing (I've got a lot of concurrency going on my servers). Based upon those links, it appears that you have to get the SpringSource tc server to get the pool? Is this is a SpringSource commercial (not free) product? That would explain why I don't see any mention of it in the regular Tomcat docs. As near as I can figure, it isn't part of the Apache Foundation site. That last link makes it look like it's part of Tomcat 7, but from what I can tell, it is not. If it is available free, then what is the appropriate method of getting it? If we don't want to buy SpringSource tc, do we need to check it out from SVN and build it? I can't find a normal home page for it. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat DBCP
On 01/07/2010 23:31, Bill Davidson wrote: On 6/9/2010 2:15 AM, Altanis Alexandros wrote: I have been reading about the new Tomcat DBCP in a couple of blogs lately, as I am interested in Connection Pooling for an application I am working on. Here they are: http://vigilbose.blogspot.com/2009/03/apache-commons-dbcp-and-tomcat-jdbc.html http://www.tomcatexpert.com/blog/2010/04/01/configuring-jdbc-pool-high-concurrency http://people.apache.org/~fhanik/jdbc-pool/jdbc-pool.html (I'm a little behind on the list, and trying to catch up) Interesting. I was not aware of this other connection pool for Tomcat. I'd be very interested in finding something faster than DBCP, which I have found disappointing (I've got a lot of concurrency going on my servers). Based upon those links, it appears that you have to get the SpringSource tc server to get the pool? Is this is a SpringSource commercial (not free) product? That would explain why I don't see any mention of it in the regular Tomcat docs. As near as I can figure, it isn't part of the Apache Foundation site. That last link makes it look like it's part of Tomcat 7, but from what I can tell, it is not. If it is available free, then what is the appropriate method of getting it? If we don't want to buy SpringSource tc, do we need to check it out from SVN and build it? I can't find a normal home page for it. It is an unreleased module in trunk. You have to build it from source. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Implementing Connection Pooling
Just started using Tomcat 6.0.26 connected to MySQL 5.1. The MySql server contains a database for each organization. Each user that logs in, specifies an organization and is directed to the corresponding DB. I would like to employ connection pooling, with a small pool allocated to each database. The application authenticates users, users are not authenticated at the database level. Here is the current setup in context.xml: Resource name=jdbc/DB auth=Container type=javax.sql.DataSource maxActive=10 maxIdle=5 maxWait=1 driverClassName=com.mysql.jdbc.Driver url=jdbc:mysql://localhost:3306 / Notice no username or password entry exists. Here's the code to get a connection: Context ctx = new InitialContext(); org.apache.tomcat.dbcp.dbcp.BasicDataSource ds = (org.apache.tomcat.dbcp.dbcp.BasicDataSource)ctx.lookup( java:comp/env/jdbc/DB ); // These must be set before the call to getConnection(), since getConnection actually creates the pool. ds.setDefaultCatalog( orgID ); ds.setUsername( orgID ); ds.setPassword( orgID ); try{ connection = ds.getConnection(); } catch( SQLException e ) ... My question is, does this accomplish the goal of an efficient connection pooling mechanism using multiple databases? Are there glaring errors in the above config? Is there a better method? Best Regards, Andrew
Re: Implementing Connection Pooling
Andrew Laughlin wrote: Notice no username or password entry exists. Here's the code to get a connection: Context ctx = new InitialContext(); org.apache.tomcat.dbcp.dbcp.BasicDataSource ds = (org.apache.tomcat.dbcp.dbcp.BasicDataSource)ctx.lookup( java:comp/env/jdbc/DB ); // These must be set before the call to getConnection(), since getConnection actually creates the pool. ds.setDefaultCatalog( orgID ); ds.setUsername( orgID ); ds.setPassword( orgID ); So let's try to run this code: 1. user A performs request, pool is empty, so it's initialized with credentials of user A 2. user B performs request, pool is already initialized, user B gets connection created with credentials of user A 3. user A releases connection, it goes back to the pool 4. user C performs, request, gets previously released connection I don't think you like this scenario.. Idea is simple: create one pool for database. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat DBCP
From: Bill Davidson [mailto:bill...@gmail.com] Subject: Re: Tomcat DBCP If we don't want to buy SpringSource tc, do we need to check it out from SVN and build it? Not sure what the official status of the package is right now, but you can get it here: http://svn.apache.org/viewvc/tomcat/trunk/modules/jdbc-pool/ http://svn.apache.org/repos/asf/tomcat/trunk/modules/jdbc-pool/ You definitely do not have to pay for it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing Connection Pooling
Thanks for responding Mikolaj. I may not completely understanding your response. The credentials for a database connection are specified per database. That is, user credentials are not used to get an authenticated connection to the database. Notice OrgID is the database name, username and password. These are not the user's credentials. Each database contains a 'Users' table, which the application I'm writing uses to perform the actual user authentication. This is done with application logic not shown in this email. In your example, when user B gets the same, previously MySql authenticated connection to the database as user A, this is the desired behaviour. The application will still authenticate user B at a higher level. The logic shown simply attempts to employ connection pooling a bit dynamically. 2010/7/1 Mikolaj Rydzewski m...@ceti.pl Andrew Laughlin wrote: Notice no username or password entry exists. Here's the code to get a connection: Context ctx = new InitialContext(); org.apache.tomcat.dbcp.dbcp.BasicDataSource ds = (org.apache.tomcat.dbcp.dbcp.BasicDataSource)ctx.lookup( java:comp/env/jdbc/DB ); // These must be set before the call to getConnection(), since getConnection actually creates the pool. ds.setDefaultCatalog( orgID ); ds.setUsername( orgID ); ds.setPassword( orgID ); So let's try to run this code: 1. user A performs request, pool is empty, so it's initialized with credentials of user A 2. user B performs request, pool is already initialized, user B gets connection created with credentials of user A 3. user A releases connection, it goes back to the pool 4. user C performs, request, gets previously released connection I don't think you like this scenario.. Idea is simple: create one pool for database. -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Implementing Connection Pooling
From: Andrew Laughlin [mailto:andrew.laugh...@gmail.com] Subject: Re: Implementing Connection Pooling The credentials for a database connection are specified per database. That is, user credentials are not used to get an authenticated connection to the database. Notice OrgID is the database name, username and password. You're not going to be able to do this with a single Resource element, since one Resource == one connection pool. You'll either have to configure one Resource per OrgID (and know them all up front), or use your own connection pooling with commons-dbcp (or equivalent). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
Nikita Tovstoles wrote: thanks for the pointers. However, emptySessionPath - from what I can tell - only deals with paths (not domain). how could I use it do ignore subdomains? What I do not really understand in all this, is what the point is, of having the same JSESSIONID (and by extension, I suppose, session) for different domains. (And I find the term sub-domain confusing, apart from the fact that technically, there is no such thing). If you have 2 hosts a.somedomain.com and b.somedomain.com, they could be virtual hosts inside the same tomcat, but they could also be entirely distinct hosts with two separate Tomcat's, and the client would/should never know. So having the same session covering the two hosts does not seem to make sense, to me at least. I can understand storing some other information into a separate cookie, which would be valid for the whole somedomain.com, but the session-id ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
I borrowed sub-domain from Google Analytics terminology. I have one server, running one tomcat instance with one virtual host. That host is running one app - a JS/html widget that is embedded on multiple sites. We need to track usage per-deployment (per site embedding the wiget). For (google) analytics purposes, the easiest way to do so is to have a different (sub)domain per deployment. So the same tomcat instance is responding to requests for site1.widget.com, site2.widget.com, etc. a user may interact with 2 widget deployed on 2 different sites (and thus served from different (sub)domains) within 30 minutes. It is for this case that we want user to share the same HttpSession: - go to some site A where our widget is deployed at site1.widget.com - go to some other site B where our widget is deployed at site2.widget.com - reuse the same JSESSIONID because its' domain is set to .widget.com Make sense? On Thu, Jul 1, 2010 at 3:07 PM, André Warnier a...@ice-sa.com wrote: Nikita Tovstoles wrote: thanks for the pointers. However, emptySessionPath - from what I can tell - only deals with paths (not domain). how could I use it do ignore subdomains? What I do not really understand in all this, is what the point is, of having the same JSESSIONID (and by extension, I suppose, session) for different domains. (And I find the term sub-domain confusing, apart from the fact that technically, there is no such thing). If you have 2 hosts a.somedomain.com and b.somedomain.com, they could be virtual hosts inside the same tomcat, but they could also be entirely distinct hosts with two separate Tomcat's, and the client would/should never know. So having the same session covering the two hosts does not seem to make sense, to me at least. I can understand storing some other information into a separate cookie, which would be valid for the whole somedomain.com, but the session-id ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question about BASIC Authentication
Christopher, Great news (for me), seems the problem was that because I was using relative linking and sending the credentials to log the user in to SOLR the links on the landing page were being recreated with the same credentials in them so I just put in direct link locations in and and for the most part the problem is solved. It also is more secure this way because turns out I was revealing the passwords that I was trying to keep hidden. Thanks for the help! ~Matt Christopher, I may have found a problem in the SOLR header.jsp file that I am using in navigation. The header.jsp file might be trying to send headers, unfortunately I am not in the same location as the server so I will have to check this out tomorrow. I'll keep you posted, ~Matt -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew, On 6/30/2010 8:20 PM, Matthew Mauriello wrote: The behavior seems rather strange to me in fact, I've seen other websites run on what looks to be BASIC Authentication without popping these browser messages when leaving secured sections. Most websites use HTTP AUTH consistently, at least for a particular URL prefix. See the http://user:passw...@website.com/SOLR is only used once and it might actually be http://user:passw...@website.com/SOLR/ I have to look into this. I feel like the authentication cookie is being created for the user and then being forwarded to every page the user visits after that. I am hoping to find some way of preventing this behavior. Well, for starters, what web browser are you using? Can you give me a sample URL that I can use to play with a test version of your webapp? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwr76cACgkQ9CaO5/Lv0PACLQCgjmn6kpeN1L3uQPuxpUEbHT8C W/UAn1iaKySqcMfZNuttx7MjHYr6EqX4 =Yxdn -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly
This email contained a .zip file attachment. Raytheon does not allow email attachments that are considered likely to contain malicious code. For your protection this attachment has been removed. If this email is from an unknown source, please simply delete this email. If this email was expected, and it is from a known sender, you may follow the below suggested instructions to obtain these types of attachments. + Instruct the sender to enclose the file(s) in a .zip compressed file, and rename the .zip compressed file with a different extension, such as, .rtnzip. Password protecting the renamed .zip compressed file adds an additional layer of protection. When you receive the file, please rename it with the extension .zip. Additional instructions and options on how to receive these attachments can be found at: http://security.it.ray.com/antivirus/extensions.html http://security.it.ray.com/news/2007/zipfiles.html Should you have any questions or difficulty with these instructions, please contact the Help Desk at 877.844.4712 --- Hi What are you doing to build the .war, running an Ant script perhaps? Does your build process include OS specific configuration? Where are the OS specific configuration files you mentioned placed on the filing system? What is different about the server.xml, in the two different Tomcat installations? What do the logs says during startup in each Tomcat? (You might clear the logs and start a fresh one for each server) Yes, we do run an ANT script to build the war. The ANT script uses the build.properties file that has couple of file system references. The build.xml, however does NOT have any such EXPLICIT references. So, when I build the war it takes the jars and sources from the provided locations and build at the provided target location. Now, I will re-iterate - 1. I tried building the war in Windows and worked fine. I transferred the war to UNIX, it mis-behaves as described earlier. 2. I tried building the war in UNIX, it mis-behaves as described earlier. I transferred the war to Windows and it worked fine. The config files are located in a directory structure, that directory location is provided in the catalina.bat startup script. If they are not provided correctly, it will throw errors while starting up the app. Windows and UNIX startup logs are attached herewith. I do not see any much difference in between the logs except for the file systems. Another additional comment - Its not only the back button that tends to display the Search Result, a refresh of the page also displays the page properly. So, in short, click on search, 404-Page Not Found turns up. Refresh it, or Back Button of browser, Search result turns up. This is the mis-behaviour in UNIX I have been mentioning. Thanks and Regards, Rahul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fw: Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly
In support of my email below, I am attaching the logs. As they are not in zip format, I hop they will not be removed. Else, I need to copy and paste each one of them :) --- On Fri, 7/2/10, rahul iamrahu...@yahoo.com wrote: From: rahul iamrahu...@yahoo.com Subject: Re: Tomcat 6.0.26 with Java 6 update 20 on Sun Solaris 5.8 Sparc - Web application unable to execute properly To: Tomcat Users List users@tomcat.apache.org, p...@pidster.com Date: Friday, July 2, 2010, 4:53 AM Hi What are you doing to build the .war, running an Ant script perhaps? Does your build process include OS specific configuration? Where are the OS specific configuration files you mentioned placed on the filing system? What is different about the server.xml, in the two different Tomcat installations? What do the logs says during startup in each Tomcat? (You might clear the logs and start a fresh one for each server) Yes, we do run an ANT script to build the war. The ANT script uses the build.properties file that has couple of file system references. The build.xml, however does NOT have any such EXPLICIT references. So, when I build the war it takes the jars and sources from the provided locations and build at the provided target location. Now, I will re-iterate - 1. I tried building the war in Windows and worked fine. I transferred the war to UNIX, it mis-behaves as described earlier. 2. I tried building the war in UNIX, it mis-behaves as described earlier. I transferred the war to Windows and it worked fine. The config files are located in a directory structure, that directory location is provided in the catalina.bat startup script. If they are not provided correctly, it will throw errors while starting up the app. Windows and UNIX startup logs are attached herewith. I do not see any much difference in between the logs except for the file systems. Another additional comment - Its not only the back button that tends to display the Search Result, a refresh of the page also displays the page properly. So, in short, click on search, 404-Page Not Found turns up. Refresh it, or Back Button of browser, Search result turns up. This is the mis-behaviour in UNIX I have been mentioning. Thanks and Regards, Rahul - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing Connection Pooling
Thanks for responding Charles. I'm looking at the code here -- http://svn.apache.org/viewvc/commons/proper/dbcp/trunk/src/java/org/apache/commons/dbcp/BasicDataSource.java?view=markup http://svn.apache.org/viewvc/commons/proper/dbcp/trunk/src/java/org/apache/commons/dbcp/BasicDataSource.java?view=markupAccording this code, the connection pool is not initialized until certain methods are called. Here's an excerpt: Note: this method currently has no effect once the pool has been initialized. The pool is initialized the first time one of the following methods is invoked: codegetConnection, setLogwriter, setLoginTimeout, getLoginTimeout, getLogWriter. So in my code I'm doing this: Context ctx = new InitialContext(); org.apache.tomcat.dbcp.dbcp.BasicDataSource ds = (org.apache.tomcat.dbcp.dbcp.BasicDataSource)ctx.lookup( java:comp/env/jdbc/DB ); // These must be set before the call to getConnection(), since getConnection actually creates the pool. ds.setDefaultCatalog( orgID ); ds.setUsername( orgID ); ds.setPassword( orgID ); connection = ds.getConnection(); // then call getConnection() which calls createDataSource(). This should return an existing connection in an extant pool, or create a new pool with username, password andcatalog as parameters for connection in the new pool. Won't this have the effect I'm looking for of creating a pool per database? If I'm misunderstanding could someone please walk me through were I'm going wrong? On Thu, Jul 1, 2010 at 3:06 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Andrew Laughlin [mailto:andrew.laugh...@gmail.com] Subject: Re: Implementing Connection Pooling The credentials for a database connection are specified per database. That is, user credentials are not used to get an authenticated connection to the database. Notice OrgID is the database name, username and password. You're not going to be able to do this with a single Resource element, since one Resource == one connection pool. You'll either have to configure one Resource per OrgID (and know them all up front), or use your own connection pooling with commons-dbcp (or equivalent). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: [OT] Using httpd's mod_rewrite with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 7/1/2010 4:54 AM, Rainer Jung wrote: Usually mod_rewrite is perfectly compatible with mod_jk. I must confess, that I'm not 100% sure about the case, where you try to rewrite a request that originally would have been handled by mod_jk to something that should not be handled by it. It appears that my setup (rewriting a request that normally would go to jk to one that shouldn't go to jk) still ends up being handled by jk. Two possibilities: if it doesn't actually work, you can set the env var no-jk as a side effect in your rewrite rule. If mod_jk fins this env var set, it will decline to handle the request. Alternatively, if you are fine with redirecting by mod_rewrite instead of rewriting internally, the redirecting should also win over mod_jk. Okay, I changed my RewriteRule to this: RewriteRule .* /bad-browser.shtml [L,E=no-jk] ...and the result is that jk still appears to handle the request. There is a chance though, that it should work out of the box and you are using some indirect mapping to mod_jk that wins. That would be the case if you are either using one of the outdated JkOptions ForwardXXX options, or you are using an indirect mapping like setting the handler to jakarta-servlet, or using the environment variable trick (JK_WORKER_NAME or JkWorkerIndicator) to define the target worker. So you might want to tell us, how you map your dynamic requests (JkMount, setting handler etc.) to mod_jk and what other Jk directives (like JkOptions) you are using. My Jk setup is simple like this: JkLogFile /var/log/apache2/mod_jk.log JkLogLevel Info JkShmFile /var/log/apache2/jk-runtime-status JkWorkersFile /etc/apache2/jk_workers.properties JkStripSession On JkMount /context/some-specific-path/foo workerX JkMount /context/some-other-path/bar workerX JkMount /context/*.do workerX JkMount /context/*.jsp workerX I don't currently have any JKOptions explicitly set. I should certainly have mentioned this earlier: I'm working with mod_jk-1.2.30 on Apache httpd 2.2.9 (Debian). To complete the picture: in cases were the RewriteRule works, but then the request is not forwarded via mod_jk although it should, you need to add the PT flag. In your case I guess its the opposite situation you are looking for. Exactly. If there were a !PT flag, I'd use that ;) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtNK4ACgkQ9CaO5/Lv0PA+oQCdFmBHJzW/6LnQTGIdxQfPQ8GD oaAAoJbU5H3qCILqTg9SrMLHXtNs2Pzf =qNKq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Using httpd's mod_rewrite with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Terence, On 6/30/2010 11:14 PM, Terence M. Bandoian wrote: Here's an alternative: RewriteCond %{HTTP_USER_AGENT} Firefox/ RewriteCond %{HTTP_USER_AGENT} !Firefox/(3\.0\.19|3\.5\.9|3\.6\.3)($|[^\.0-9]) RewriteRule .* /bad-browser.jsp [L] And set the status in the JSP. Well, I want this to work even in situations where the servlet container isn't running. By the way, I'm a little confused by the character class in the last pair of alternatives of second condition. Did you want not a '.' or digit or not (a '.' followed by a digit)? That pattern checks for Firefox patch levels for each major, supported version. I look for (3.0|3.5|3.6) to take care of those versions, and then I want to make sure that there are no trailing numbers. For instance, 3.6.3 is okay (and needs to be updated to 3.6.6, I know) but 3.6.6.2 is /not/ okay. So, that last clause checks for end-of-input or anything-that-isnt-a-dot-or-digit. [.] always means a period and not any character like a bare . would. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtNmoACgkQ9CaO5/Lv0PDCaQCfeAxTMU0S/Bktp9ykdwf5CBw3 pjwAoIAtKs4FzZlrPGakvDq5ESGS7Utm =2rqo -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing Connection Pooling
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 7/1/2010 6:06 PM, Caldarale, Charles R wrote: From: Andrew Laughlin [mailto:andrew.laugh...@gmail.com] Subject: Re: Implementing Connection Pooling The credentials for a database connection are specified per database. That is, user credentials are not used to get an authenticated connection to the database. Notice OrgID is the database name, username and password. You're not going to be able to do this with a single Resource element, since one Resource == one connection pool. You'll either have to configure one Resource per OrgID (and know them all up front), or use your own connection pooling with commons-dbcp (or equivalent). I agree with Chuck's analysis: Tomcat's Resource configuration is intended to handle the creation of the DataSource in a fully-initialized state. While Tomcat doesn't directly request a connection from the DataSource, and therefore Andrew's method might actually work, it is likely to cause problems at some level. For instance, if you're using your DataSource for container-managed authentication, you might not be able to set up your DataSource before any authentication attempts are being made. Also, you may get a connection already in the pool rather than a new connection being made, and then your (re-)configuration is a waste of time, and may even trigger a connection pool flush, which is of course the exact opposite of what you want your connection pool to do. You could possibly put the code in your initial post into a ServletContextListener to merely configure the DataSource (and not actually obtain a connection). When obtaining a single connection, don't bother to set any of the properties: the DataSource is already configured. The one question I would have for you is this: why not simply configure a separate DataSource for each application, including all appropriate credentials? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtOQkACgkQ9CaO5/Lv0PChMgCfRm/oDLlgrL8zT6kcJL4/XSHT bwMAn0o6AWFlM1D2FGoK79VEdjXanUov =WDo1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikita, On 7/1/2010 6:37 PM, Nikita Tovstoles wrote: I borrowed sub-domain from Google Analytics terminology. I have one server, running one tomcat instance with one virtual host. That host is running one app - a JS/html widget that is embedded on multiple sites. We need to track usage per-deployment (per site embedding the wiget). For (google) analytics purposes, the easiest way to do so is to have a different (sub)domain per deployment. So the same tomcat instance is responding to requests for site1.widget.com, site2.widget.com, etc. a user may interact with 2 widget deployed on 2 different sites (and thus served from different (sub)domains) within 30 minutes. It is for this case that we want user to share the same HttpSession: - go to some site A where our widget is deployed at site1.widget.com - go to some other site B where our widget is deployed at site2.widget.com - reuse the same JSESSIONID because its' domain is set to .widget.com This sounds like a job for a non-JSESSIONID cookie that is created from your own code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtOg0ACgkQ9CaO5/Lv0PDlagCfTBxbqDKGE4bmQZG3R2ScYnsC oN8Aniy2zW1cIhEab+18E7DvqPC3UsnF =N0Qc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6.0.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, I think we might want to start again and work from the ground up. If you've been working in the dark-ages with the invoker servlet and non-packaged servlets, these things can pile up on you. First of all, make it a point to put all your servlet classes into packages. In fact, make it a point to put /all/ your classes into packages. When you put a class into a package, the source (.java) file should go into a directory that matches it, and when you compile it, the .class file will end up in a similar directory. For instance, if you have a class called MyClass in the package my.package (classes are usually written in CamelCase while package names are usually all lowercase), you should have your files laid out like this: src/my/package/MyClass.java The source code to MyClass should have a package declaration like this: package my.package; when you compile to a directory called build, you'll have: build/my/package/MyClass.class When you create your webapp, this file should go into WEB-INF/classes/my/package/MyClass.class Next, you'll need to map this class to one or more URLs. These URLs are relative to what's known as the context path of a web application. Web applications can be deployed either as a root web application (that is, they will be accessed via a URL like http://host/servlet) or as a non-root application with a non-blank context path (where you'll access the webapp via a URL like http://host/context/servlet). In web.xml, to map your servlet to /UkJava1900, you should have (as it appears you do): web-app servlet-nameUkJava1900/servlet-name servlet-classformprocessors.UkJava1900/servlet-class /web-app servlet-mapping servlet-nameUkJava1900/servlet-name url-pattern/UkJava1900/url-pattern /servlet-mapping Now, when you hit http://host/context/UkJava1900, you'll execute the code in the formprocessors.UkJava1900 class (which came from formprocessors/UkJava1900.java). Note that URL patterns are case-sensitive. Your latest error message says The requested resource (/ukjava1900) is not available.. Note the discrepancy between the url-mapping and the error message: the capitalization is inconsistent. There's nothing that says your URL must be /UkJava1900... you are free to use /ukjava1900 if you choose. Now, we come to the JSP. Here is the best way to write your form tag: form method=post action=%= response.encode(request.getContextPath() + /ukjava1900) % Two things are happening, here: 1. request.getContextPath gets the current context path (like /foo if your webapp is deployed to /foo, or if you are using a ROOT-deployed context). 2. response.encode will add a jsessionid parameter to the end of the URL if the client doesn't support HTTP cookies. The first thing is important because it will allow you to re-deploy your webapp under arbitrary context paths without having to re-write all your links. The second is important if you want to support cookie-less clients, which is always nice to do. For recently-written webapps, I would recommend using the JSTL tag library which has a convenient tag for doing things like this: form method=post action=c:url value=/ukjava1900 / The c:url tag knows how to do all the above stuff with less possibility of typing errors and stuff. Always nice. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtRUUACgkQ9CaO5/Lv0PDdGgCgjlRpxj6X+J+gU2/r8TRJzwoA 2F4An3hHCVfug56MHlC5y93i1UKvJgVP =HiOG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Implementing Connection Pooling
For instance, if you're using your DataSource for container-managed authentication, you might not be able to set up your DataSource before any authentication attempts are being made. Good point Chris. I neglected to point out that I have a custom realm that performs authentication. The one question I would have for you is this: why not simply configure a separate DataSource for each application, including all appropriate credentials? Because I won't have this info until run-time. It appears Apache Commons has a GenericObjectPool class I can used to implement my own connection pooling facility. However I don't want to go to the trouble if the current method actually works. On Thu, Jul 1, 2010 at 5:55 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 7/1/2010 6:06 PM, Caldarale, Charles R wrote: From: Andrew Laughlin [mailto:andrew.laugh...@gmail.com] Subject: Re: Implementing Connection Pooling The credentials for a database connection are specified per database. That is, user credentials are not used to get an authenticated connection to the database. Notice OrgID is the database name, username and password. You're not going to be able to do this with a single Resource element, since one Resource == one connection pool. You'll either have to configure one Resource per OrgID (and know them all up front), or use your own connection pooling with commons-dbcp (or equivalent). I agree with Chuck's analysis: Tomcat's Resource configuration is intended to handle the creation of the DataSource in a fully-initialized state. While Tomcat doesn't directly request a connection from the DataSource, and therefore Andrew's method might actually work, it is likely to cause problems at some level. For instance, if you're using your DataSource for container-managed authentication, you might not be able to set up your DataSource before any authentication attempts are being made. Also, you may get a connection already in the pool rather than a new connection being made, and then your (re-)configuration is a waste of time, and may even trigger a connection pool flush, which is of course the exact opposite of what you want your connection pool to do. You could possibly put the code in your initial post into a ServletContextListener to merely configure the DataSource (and not actually obtain a connection). When obtaining a single connection, don't bother to set any of the properties: the DataSource is already configured. The one question I would have for you is this: why not simply configure a separate DataSource for each application, including all appropriate credentials? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtOQkACgkQ9CaO5/Lv0PChMgCfRm/oDLlgrL8zT6kcJL4/XSHT bwMAn0o6AWFlM1D2FGoK79VEdjXanUov =WDo1 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Application vars -
So it makes sense to go into what disruption means. I'm not 100% sure about the following, it would be good if a tomcat heavyweight would confirm/refute what I say. When you initiate a webapp reload, Tomcat waits for requests that have already started processing to terminate. This ensures that people who accessed your app just before the webapp get a complete response. Once that's done, the application is reloaded and your servlets' init methods are called if necessary. During this time, incoming requests aren't denied, they are just paused until the reload is complete. So the only disruption people see is your application freezing up for the time it takes to reload (which is going to depend on what you your initialization consists of). No ugly server unavailable errors or anything of the sort. If you don't like the idea of your app freezing, think about this. Rereading environment params without reloading has its own risks, namely potential race conditions. Imagine you have 5 parameters, and requests are coming in as you are reading these in and initializing your webapp. A request might be handled while 2 params have been read, but 3 still contain the old values. If you start to think about locking/synchronization to solve this you're definitely better off just using Tomcat's reload mechanism. So my answer would be, trust Tomcat's reloading process unless you absolutely want to avoid your webapp freezing for the time it will take for it to init (this depends on the webapp). If you want to do your own reloading, think long and hard about potential race conditions (which will occur in all except the simplest cases). Again, all this should probably be verified, you can set up very simple test cases with a JSP that sleeps, etc. Shay, I think you made a good case for keeping app vars in web.xml (i.e., seems pretty apparent now that's where they belong). Thanks for taking the time to respond. I sincerely appreciate it! Eric P. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: using Servlet Filter to rewrite domain of JSESSIONID cookie?
Yep, I realized as much and went exactly that route. However, i still think that altering (broadening) domain of JSESSIONID cookie is worthwhile. However, after looking at Tomcat src, it appears that creating a delegate for the internal Request is surprisingly non-trivial as there are protected fields in that class. And wrapping a delegate around ServletResponse is useless, because JSESSIONID cookie is added using an internal method (and not HttpServletResponse.addCookie). oh well... -nikita On Thu, Jul 1, 2010 at 5:59 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikita, On 7/1/2010 6:37 PM, Nikita Tovstoles wrote: I borrowed sub-domain from Google Analytics terminology. I have one server, running one tomcat instance with one virtual host. That host is running one app - a JS/html widget that is embedded on multiple sites. We need to track usage per-deployment (per site embedding the wiget). For (google) analytics purposes, the easiest way to do so is to have a different (sub)domain per deployment. So the same tomcat instance is responding to requests for site1.widget.com, site2.widget.com, etc. a user may interact with 2 widget deployed on 2 different sites (and thus served from different (sub)domains) within 30 minutes. It is for this case that we want user to share the same HttpSession: - go to some site A where our widget is deployed at site1.widget.com - go to some other site B where our widget is deployed at site2.widget.com - reuse the same JSESSIONID because its' domain is set to .widget.com This sounds like a job for a non-JSESSIONID cookie that is created from your own code. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwtOg0ACgkQ9CaO5/Lv0PDlagCfTBxbqDKGE4bmQZG3R2ScYnsC oN8Aniy2zW1cIhEab+18E7DvqPC3UsnF =N0Qc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
SSL Not working on tomcat 5.5.29
Hi All, I am working on upgrading tomcat from 5.5.28 to 5.5.29 for one of the applications. I see that the website renders and works fine in 5.5.29 on port 8080 (non SSL) but with SSL (port 8443) the website doesnot run at all. When I try to see what's going on in Fiddle, I see 502 error. Also nothing is written to the log flies. It is as if tomcat is not even running in port 8443. Under tomcat 5.5.28, the site renders fine with SSL and non SSL. Is there something I could be missing? Regards, Kareem -- View this message in context: http://old.nabble.com/SSL-Not-working-on-tomcat-5.5.29-tp29052531p29052531.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org