Re: Simulating HTTPS in terminated SSL/Apache 2/Tomcat 6 cluster
Hi, first of all, thanks to everyone that's replied - this is definitely the #1 source for information and expertise! We went with Rainers advice and it's worked a treat, so thanks very much. This thread can be considered resolved. Thanks Rich On Tue, Mar 29, 2011 at 11:09 PM, Stefan Mayr ste...@mayr-stefan.de wrote: Hi Am 29.03.2011 12:28, schrieb Rainer Jung: On 29.03.2011 12:07, Richard Levy wrote: ... The current setup involves two intelligent load-balancers that terminates SSL then hands over to Oracle 10g. The 10g stack has custom Oracle versions of Apache which have configuration options not found in standard Apache and appear to have made configuration simpler. For instance, there is a simulateHttps directive that you can give to a virtual host in Oracle Apache which does not exist in the standard version. Using that option, we simply have 2 virtual hosts defined in Apache, one for http traffic and one for https traffic (with simulateHttps set to on). They both forward to OC4J and it works fine. You can achieve this with standard Apache and mod_jk esily to. That's what we have in production: 1. Our intelligent Loadbalancer controls an additional HTTP-Request-Header Front-End-Https (default off, on when using SSL). 2. Our Apache is one VirtualHost using the following block for SSL detection: IfModule env_module # Fake SSL if Loadbalancer does SSL-Offload SetEnvIf Front-End-Https ^on$ HTTPS=on /IfModule Advantage: 1. as we use the same backend for ssl and non-ssl-traffic the session affinity still works switching between HTTP and HTTPS 2. Reduced Apache configuration as we don't need to double VirtualHosts for SSL 3. Transparent to the Java Applications. The Application won't notice we've cheated :-) With the new architecture we have two load-balancer which round-robin to two Apache servers. These servers connect to two Tomcat servers which are configured with a mod_jk loadbalancer using session affinity. Through config we have separated HTTP HTTPS traffic. We have done this because the application needs to identify when it is secure, which we do by simulating HTTP using settings in the connector in the Tomcat server.xml. This is detailed further down. Obviously we want to keep the same functionality on the Apache/Tomcat stack, and also retain the termination of SSL at the load-balancer, but are having trouble when the application switches to HTTPS. It works fine if we have a single Tomcat instance running, but once the 2nd Tomcat instance is enabled, moving to HTTPS fails because a new session is created. I went only brievly thourgh your configuration list and communication behavior, but thanks for the details! I suggest you try the following: - use only one connector per Tomcat instance, so only one jvmRoute and only one worker per Tomcat - let Apache via mod_jk inform the connector, whether the request came via HTTP or (fake) HTTPS - still do the redirect, but now because of only one connector you have only one jvmRoute and only one worker per Tomcat. So stickyness should work again. How can Apache forward the HTTP vs. (fake) HTTPS info via mod_jk? mod_jk automatically forwards the info whether the request was HTTPS. When the application checks it, the Tomcat AJP connector retrieves the info from what mod_jk forwarded it was and presents it to the application. AJP itself is never encrypted. Where does mod_jk get the info from? By default it checks an Apache environment variable named HTTPS, which is set by Apache whenever it handles an HTTPS request. You can also set the HTTPS environment variable by your Apache config, but it is better to understand not to overload the meaning of the variable. Instead: - tell mod_jk to look for another, private variable which contains the info whether the rquest was HTTP or (fake) HTTPS: JkHTTPSIndicator MyHTTPSVariable (you can choose the name MyHTTPSVariable) - set the variable MyHTTPSVariable to On in the Apache Virtual Host that receives your fake HTTPS requests SetEnv JkHTTPSIndicator On (for this mod_env must be enabled) That's it :) Guess that's cleaner then what we did. I'll put swapping HTTPS with JkHTTPSIndicator on my todo-list. Stefan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat webservices on ISS
Hello, I have application deployed on Tomcat 5.5. on Windows Server 2003 R2. From application we try to connect to webservices hosted on IIS 6.0 on the same machine. Our webservice client is JAX-WS with CXF implementation. Webservices are authorised by NTLM. We have problem with HTTP authentication. It is authenticated by user under which Tomcat service runs not by the user which is speciefied in HTTP conduit setting in CXF. So if we start user Tomcat service the account used for web services, it works. If Tomcat runs standalone (not as a service), or if it runs on different machine the account from CXF setting is used. If we configure IIS to Basic authentication account from CXF settings is used. So the only non working scenario (when service user of Tomcat overrides CXF setting) is Tomcat as service on the same machine as IIS with NTLM authentication. But this is the configuraiton we need to get work. Please help, it's getting me crazy for 3 days now..
Re: Bug Help
Can someone please help? On Tue, Mar 29, 2011 at 6:16 PM, Mohit Anchlia mohitanch...@gmail.com wrote: In order to circimvent this bug https://issues.jboss.org/browse/JBPAPP-366 what should I exactly have in apache 2 properties. We often see cping/cpong after connecting to the backend server failed (errno=110) and bunch of 503s Current worker.properties look something like this: worker.app1.type=ajp13 worker.app1.port=8009 worker.app1.host=app1.data.ie.intuit.net worker.app1.socket_keepalive=true worker.app1.prepost_timeout=5000 worker.app1.connect_timeout=5000 worker.app1.retries=1 worker.app1.socket_connect_timeout=1000 worker.app1.ping_mode=A worker.app1.ping_timeout=5000 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging request parameters - Filter vs Servlet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/29/2011 5:44 PM, Leo Donahue - PLANDEVX wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Logging request parameters - Filter vs Servlet On 3/29/2011 12:57 PM, Leo Donahue - PLANDEVX wrote: Where do you initialize the Logger (Filter or Servlet)? Which logger? I don't know what I don't know... Log4j I guess. That is what everyone recommends. Hmm... The servlet 2.5 spec says you can use filters for logging, but since I'm not modifying the request or response, is logging from within a filter the right approach to logging request parameters? That depends upon your requirements. What are they? I just want to capture the request parameters on a certain web app and log them (time and what they were) in a separate log file from the standard logs, so that I don't have to hunt them down in the standard Tomcat logs. The security tool that our telecom office uses for auditing our sites makes quite a mess of my standard logs periodically. There is an AccessLogValve that you can use if you know which request parameters you want to log. There is also a RequestDumperValve (and RequestDumperFilter in 7.0) that you can use to dump everything from the request. See the docs for details. Would those work for you? Note that reading request parameters in a Filter may trigger parsing of a POST request body which may not be something you want to happen on every request. An example of things I don't know that I don't know... Heh. I suppose you'll know if things stop working. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TRmcACgkQ9CaO5/Lv0PAIBQCfeDY2N9qXHbuijqz5cIOSnkj8 POgAn0ghVWuAkkiEv3cTrOTWsyCRe4IB =c7cf -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mac and Google Authentication Issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dick, On 3/27/2011 6:57 PM, Dick Eastlake wrote: Konstantin Kolinko said: and you are certainly missing closing from the input tag Yup, I mistakenly deleted it trying to clean up the email td width=147 input tabindex=1 type=text name=j_username value= % out.print(dlb.getEmail() + \); % /td It's still missing. :( I would venture a guess that all that whitespace in the value attribute is going to be problematic at some point, too. I would also make sure to use an absolute URL for your form element like this: form method=POST action=%= response.encodeURL(request.getContextPath() + /j_security_check)) % It's obviously not causing a problem, now, but it will if you re-locate the login page and, depending on other factors, if you re-locate your webapp. Here's the access log the entries at 15;34 are using Firefox, the ones at 15:42 are Google's browser NB: it's called Google Chrome. 69.207.4.57 - - [27/Mar/2011:15:34:16 -0700] GET /Dynacorn/catalog/dealerwelcome.jsp HTTP/1.1 200 1870 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] POST /Dynacorn/catalog/authControl.jsp HTTP/1.1 302 - 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1 200 1893 69.207.4.57 - - [27/Mar/2011:15:34:30 -0700] POST /Dynacorn/catalog/dealer/j_security_check HTTP/1.1 302 - 69.207.4.57 - s...@sor.com [27/Mar/2011:15:34:30 -0700] GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1 500 2158 69.207.4.57 - - [27/Mar/2011:15:42:14 -0700] GET /Dynacorn/catalog/dealerwelcome.jsp HTTP/1.1 200 1870 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] POST /Dynacorn/catalog/authControl.jsp HTTP/1.1 302 - 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1 200 1893 69.207.4.57 - - [27/Mar/2011:15:42:23 -0700] POST /Dynacorn/catalog/dealer/j_security_check HTTP/1.1 200 676 What were the 676 bytes returned to Google Chrome after j_security_check was requested? Servlet container-managed security requires a protected resource to be requested in order to show the login page and then invoke j_security_check. Is the protected resource /Dynacorn/catalog/authControl.jsp? If so, it's possible that the POST size is exceeding the maximum allowable cached POST size during login. Any idea how many bytes are being POSTed there? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TSbgACgkQ9CaO5/Lv0PAt0QCghyzZ7ZoXJFI2aa6VY2zwH2rV /ioAoLTvrWuyVLIIkdFBeCgWUzlW1APP =HCpU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: manager app problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, On 3/28/2011 11:43 AM, Propes, Barry L wrote: Here's the content of my context.xml in the /webapps/manager/META-INF directory. FWIW, Chuck asked for server.xml, though context.xml is probably more relevant. Did you check for any manager.xml in your conf/Catalina/localhost/ directory? It's possible that an old deployment descriptor is being used... ?xml version=1.0 encoding=UTF-8? !-- Apache disclaimer commented out here-- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=10\.120\.5\.53/ /Context So, is that your new IP address? What happens if you completely comment-out the Valve declaration? And yes, I did check all the logs and it doesn't include a reference to this. Upon stopping and then restarting Tomcat, this context.xml file properly gets copied out to the conf/Catalina/localhost directory titled manager.xml, with the same contents. That's good. Uhh... sure about the IP? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TSngACgkQ9CaO5/Lv0PB2IgCgsDa9cEPWmDLKY9leHaY8+qP7 k9wAn0z3Tb2KOTnbN7g1mWugogDyjYZ1 =msmj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 3/29/2011 3:06 AM, Rainer Jung wrote: On 23.03.2011 22:29, Lance Campbell wrote: I discovered an issue with mod_jk. In the workers.property file I miss typed lbFactor=2 with lbactor=2. Mod_jk was able to continue to work which I appreciate. But I would have liked to have received an error message letting me know that I had a typo. I am using RedHat 5. So I would be using the same version of mod_jk as what has been deployed by RedHat. Is there something I could do different so that I can see a warning message or error message when I have a typo like this? There is no easy way to do this, because the workers.properties file allows to set arbitrary variables like myvar=123 and reuse those definitions later on with $(myvar). So in your case the typo made lbfactor into the variable lbactor :( It would have been safer to make variables sytactically distinguishable from builtin properties, but it's too late now for compatibility reasons. Any interest in deprecating arbitrary variable declarations in favor of something like this: worker.vars.variablename=foo Or, are arbitrary variable names allowed to contain . and other possible obvious delimiters? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TSw4ACgkQ9CaO5/Lv0PBFKACgsf35eSulH43yb9hUiZYdJSJ2 L2wAoIhAG9bFYheCtkU8ywc49wLsPtFP =yjMa -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Response Swapping
Yep that is it. You are using the old BIO AJP connector based on the classes you are loading. Hmm. Not what I was expecting. It might be worth taking a look at this bug: https://issues.apache.org/bugzilla/show_bug.cgi?id=50189 The problem is that we need a test case to investigate this but the issue is hard to reproduce. Since you have a test environment where you can repeat this, what are the chances of getting a Wireshark trace of the AJP traffic for a connection where this happens? Mark Thanks Mark. I looked at the bug and noticed the 5.5 fix will be included in 5.5.34. Any idea when this comes out? We were going to try to upgrade anyway, but maybe we should just wait for 5.5.34. I would be happy to supply you with a trace, but right now we're unable to reproduce. We're trying, but coming up with nothing. Any ideas/suggestions on how to reproduce would be great. We are unable to reproduce the bugs listed above and are unsure how to proceed at this point. Mark had mentioned that we are using the old BIO AJP connector . Is this something we should change? Anyone have any suggestions on changes to try or ways to reproduce? -- View this message in context: http://old.nabble.com/Response-Swapping-tp31185040p31278390.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: manager app problem
Yes, I didand while it was getting replaced with the new one, for whatever reason, the web.xml file in the manager/WEB-INF sub-dir got deleted. I replaced it and VOILA, it all worked again! Thanks, Chris. However, I guess I thought it a bit odd this didn't seem to log, but maybe that's the way it works? It did not log though. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Wednesday, March 30, 2011 10:21 AM To: Tomcat Users List Subject: Re: manager app problem -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, On 3/28/2011 11:43 AM, Propes, Barry L wrote: Here's the content of my context.xml in the /webapps/manager/META-INF directory. FWIW, Chuck asked for server.xml, though context.xml is probably more relevant. Did you check for any manager.xml in your conf/Catalina/localhost/ directory? It's possible that an old deployment descriptor is being used... ?xml version=1.0 encoding=UTF-8? !-- Apache disclaimer commented out here-- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=10\.120\.5\.53/ /Context So, is that your new IP address? What happens if you completely comment-out the Valve declaration? And yes, I did check all the logs and it doesn't include a reference to this. Upon stopping and then restarting Tomcat, this context.xml file properly gets copied out to the conf/Catalina/localhost directory titled manager.xml, with the same contents. That's good. Uhh... sure about the IP? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TSngACgkQ9CaO5/Lv0PB2IgCgsDa9cEPWmDLKY9leHaY8+qP7 k9wAn0z3Tb2KOTnbN7g1mWugogDyjYZ1 =msmj -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging request parameters - Filter vs Servlet
Chris, -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Logging request parameters - Filter vs Servlet I don't know what I don't know... Log4j I guess. That is what everyone recommends. Hmm... ServletContext logging then? There is an AccessLogValve that you can use if you know which request parameters you want to log. There is also a RequestDumperValve (and RequestDumperFilter in 7.0) that you can use to dump everything from the request. See the docs for details. Would those work for you? The AccessLog pattern I'm using: pattern=%h %l %u %t %r %q %s %b The results: 2.3.4.5 - - [29/Mar/2011:16:02:39 -0700] POST /oppositioncase/oppositioncase.faces HTTP/1.1 200 38621 My web app uses the JSF framework, forgot to mention that. http://planning.maricopa.gov/oppositioncase samples: 211-52-002A 211-74-016 211-53-005C Those are the parameters I'm trying to capture, along with the map image url. A. We'd like to know how many requests actually generated a map image. B. We'd like to know whether this app is searching for parcels primarily in the unincorporated areas of the County, or parcels located within a city jurisdiction. That part I can figure out once I know which parcels people are searching. Note that reading request parameters in a Filter may trigger parsing of a POST request body which may not be something you want to happen on every request. I guess my only option then is to log them from the web app. But somewhere I've read that is the wrong/lazy way to do logging.
Error: The JSP specification requires that an attribute name is preceded by whitespace
Hi, I am getting this error message the app the I recently upgraded to tomcat 7. It may be the bug 49297... How to proceed to correct it? Log is below. 2011-03-30 12:42:10,431 [http-bio-8080-exec-17] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sadAdmAgenciaAdmin].[jsp] - Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: /arquivoForm.jsp(46,85) The JSP specification requires that an attribute name is preceded by whitespace at org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.java:41) at org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407) at org.apache.jasper.compiler.ErrorDispatcher.jspError(ErrorDispatcher.java:88) at org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:164) at org.apache.jasper.compiler.Parser.parseAttributes(Parser.java:153) at org.apache.jasper.compiler.Parser.parseCustomTag(Parser.java:1236) at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1450) at org.apache.jasper.compiler.Parser.parse(Parser.java:138) at org.apache.jasper.compiler.ParserController.doParse(ParserController.java:239) at org.apache.jasper.compiler.ParserController.parse(ParserController.java:102) at org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:197) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:372) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:352) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:339) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:594) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:344) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:391) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684) at org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispatcher.java:593) at org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatcher.java:530) at org.apache.jasper.runtime.JspRuntimeLibrary.include(JspRuntimeLibrary.java:927) at org.apache.jsp.noticiaPageAdd_jsp._jspService(noticiaPageAdd_jsp.java:129) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:419) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:391) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684) at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:471) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:402) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:329) at org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1063) at org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:386) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:229) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432) at javax.servlet.http.HttpServlet.service(HttpServlet.java:641) at javax.servlet.http.HttpServlet.service(HttpServlet.java:722) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:304) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at br.gov.tse.noticia.web.FilterUserControl.doFilter(FilterUserControl.java:36) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at br.gov.tse.noticia.web.FilterHibernateControlSession.doFilter(FilterHibernateControlSession.java:22) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:240) at
Re: Error: The JSP specification requires that an attribute name is preceded by whitespace
On 30/03/2011 17:30, Marcell Manfrin Barbacena wrote: Hi, I am getting this error message the app the I recently upgraded to tomcat 7. It may be the bug 49297... How to proceed to correct it? Log is below. 2011-03-30 12:42:10,431 [http-bio-8080-exec-17] ERROR org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/sadAdmAgenciaAdmin].[jsp] - Servlet.service() for servlet jsp threw exception org.apache.jasper.JasperException: /arquivoForm.jsp(46,85) The JSP specification requires that an attribute name is preceded by whitespace What more information do you need? Tomcat has provided: - the file name - the exact point in the file where the error occurred - a description of the error I'm struggling to see what anyone on this list can do to add to that short of editing the file to insert the whitespace the JSP specification requires before the attribute name for you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with mod_jk
On 30.03.2011 17:23, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 3/29/2011 3:06 AM, Rainer Jung wrote: On 23.03.2011 22:29, Lance Campbell wrote: I discovered an issue with mod_jk. In the workers.property file I miss typed lbFactor=2 with lbactor=2. Mod_jk was able to continue to work which I appreciate. But I would have liked to have received an error message letting me know that I had a typo. I am using RedHat 5. So I would be using the same version of mod_jk as what has been deployed by RedHat. Is there something I could do different so that I can see a warning message or error message when I have a typo like this? There is no easy way to do this, because the workers.properties file allows to set arbitrary variables like myvar=123 and reuse those definitions later on with $(myvar). So in your case the typo made lbfactor into the variable lbactor :( It would have been safer to make variables sytactically distinguishable from builtin properties, but it's too late now for compatibility reasons. Any interest in deprecating arbitrary variable declarations in favor of something like this: worker.vars.variablename=foo Or, are arbitrary variable names allowed to contain . and other possible obvious delimiters? We could do it once we really start 1.3. In 1.2 I don't really like incompatible config file format changes. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
virtual host for apache/tomcat server
I have the following installed on CentOS 5.5 httpd-2.2.3-43.el5.centos.3 tomcat5-5.5.23 I have a small jsp app that I CAN hit through apache like: http://www.mydomain.com/tomcat/myapp.jsp So tomcat in the url above is the apache proxy address for the tomcat server. I want to setup a virtual host in apache to automatically load this app if I type: http://myapp.mydomain.com Looking at many howtos and FAQ's I'm still having trouble figuring this out. My jsp is located at: /usr/share/tomcat5/webapps/ROOT/myapp.jsp I have myapp.jsp added to the httpd/apache DirectoryIndex. I have a DNS entry configured and working for http://myapp.mydomain.com What apache and tomcat config files do I need to modify, and how, to make http://myapp.mydomain.com load my app automatically? Help is appreciated. Thanks, James - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging request parameters - Filter vs Servlet
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Leo, On 3/30/2011 12:28 PM, Leo Donahue - PLANDEVX wrote: -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Logging request parameters - Filter vs Servlet I don't know what I don't know... Log4j I guess. That is what everyone recommends. Hmm... ServletContext logging then? The only logging the ServletContext will do is if you explicitly call ServletContext.log(...) which Tomcat will direct to the appropriate logger (set up using logging.properties or, if you go through the configuration, log4j). There is an AccessLogValve that you can use if you know which request parameters you want to log. There is also a RequestDumperValve (and RequestDumperFilter in 7.0) that you can use to dump everything from the request. See the docs for details. Would those work for you? The AccessLog pattern I'm using: pattern=%h %l %u %t %r %q %s %b The results: 2.3.4.5 - - [29/Mar/2011:16:02:39 -0700] POST /oppositioncase/oppositioncase.faces HTTP/1.1 200 38621 Hmm... sorry to have steered you astray: looking at the documentation, AccessLogValve only allows you to log request headers and attributes, not parameters. That's a shame... My web app uses the JSF framework, forgot to mention that. http://planning.maricopa.gov/oppositioncase samples: 211-52-002A 211-74-016 211-53-005C So you need to log the txtAPN parameter, right? Those are the parameters I'm trying to capture, along with the map image url. A. We'd like to know how many requests actually generated a map image. Can you tell that, just from a parameter value? I would think that the URL itself would more likely tell you if a map was generated. B. We'd like to know whether this app is searching for parcels primarily in the unincorporated areas of the County, or parcels located within a city jurisdiction. That part I can figure out once I know which parcels people are searching. Simply logging the parcels used in searches would allow you to do that, as you've said. The RequestDumperValve logs a /ton/ of information, and probably wouldn't get you what you want. Note that reading request parameters in a Filter may trigger parsing of a POST request body which may not be something you want to happen on every request. I guess my only option then is to log them from the web app. But somewhere I've read that is the wrong/lazy way to do logging. I'm not sure where you read it, but that sounds like a platitude applied as a blanket admonition not to log in your webapp. If it's appropriate for your situation, then feel free to do it. Back to the original filter question: logging using a filter is perfectly acceptable if it's the right solution (see below for questions that might lead you to other options). Writing the filter is trivial: just implement the javax.servlet.Filter interface and be sure to read the javadoc for it before you try: you'll thank yourself, later. You can even use ServletContext.log() to write to the context log if you want. Otherwise, feel free to use your webapp's log4j or other logging facility (you'll have to configure this yourself). Just don't use System.out :) One might argue that blindly logging request parameters is not particularly useful. For instance, a quick look at your interface indicates that you can add several plots of land before performing the search. Those initial add operations may be of little use to you. Instead, you may wish to log them only at a certain point in your workflow. Since most requests go to oppositioncase.faces, you may not be able to map your Filter to a URL pattern that is fine-grained enough. Instead, it might make more sense to log this data when you know there's a reason to log it. Since you're expecting to perform statistical analysis on the data, you might even consider writing it directly to a database instead of to a plain-old log file. Cool webapp, by the way! NB: The ctrl key isn't always the modifier key to use to de-select items from a multi-select list. I think that's a Microsoft Windows convention, but it's CMD-click on Mac and probably something like META-click on *NIX. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TeiYACgkQ9CaO5/Lv0PC3BgCcDrR863az0BctJcOI3gGcjD0J kpcAn3WMLt7MseeErBLAADS6Gh+UNTbS =LZdC -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: manager app problem
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Barry, On 3/30/2011 11:52 AM, Propes, Barry L wrote: Yes, I didand while it was getting replaced with the new one, for whatever reason, the web.xml file in the manager/WEB-INF sub-dir got deleted. I replaced it and VOILA, it all worked again! Thanks, Chris. However, I guess I thought it a bit odd this didn't seem to log, but maybe that's the way it works? It did not log though. It's (strangely) not an error for a web-app not to have a WEB-INF/web.xml file: defaults will be used. However, for anything but static-only webapps, it will render the webapp somewhat inert. Glad you got it working. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TesgACgkQ9CaO5/Lv0PBtLwCfbgkDtzYKNohS8eWVBCNGQYxX xqUAnjFeNHufpY0nj2JFaSBT4/zzllcw =lRox -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: virtual host for apache/tomcat server
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James, On 3/30/2011 2:36 PM, James Pifer wrote: I have the following installed on CentOS 5.5 httpd-2.2.3-43.el5.centos.3 tomcat5-5.5.23 Any opportunity to upgrade? Tomcat 5.5.23, while current and still supported, is basically in maintenance-mode. TC 7 is where the real action is these days :) I have a small jsp app that I CAN hit through apache like: http://www.mydomain.com/tomcat/myapp.jsp So tomcat in the url above is the apache proxy address for the tomcat server. Okay. What proxy are you using mod_proxy_ajp? mod_proxy_http? mod_jk? What are your ProxyPass settings (or JkMounts)? I want to setup a virtual host in apache to automatically load this app if I type: http://myapp.mydomain.com Sounds reasonable. Obviously, you'll have to register that hostname in DNS somewhere. Once you've done that... Looking at many howtos and FAQ's I'm still having trouble figuring this out. My jsp is located at: /usr/share/tomcat5/webapps/ROOT/myapp.jsp Oh, good: you're using the ROOT webapp. So many people want to use mystupidname instead of ROOT and just give themselves headaches when what they really want is ROOT. I have myapp.jsp added to the httpd/apache DirectoryIndex. That's not going to work the way you want it to work. Instead, you want to do a ProxyPass that maps path-less requests to Tomcata, and then set myapp.jsp as a welcome file in your webapp's WEB-INF/web.xml file. I have a DNS entry configured and working for http://myapp.mydomain.com Good. What apache and tomcat config files do I need to modify, and how, to make http://myapp.mydomain.com load my app automatically? Post your relevant httpd configuration, first: we'll start with what you've got. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TfAwACgkQ9CaO5/Lv0PDj9ACgmL9e/g4kDLl5+uS3C57UxETX VaEAn1epTtVa+d6dfOwB1OKaec8wh8xI =Mxzx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: manager app problem
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: manager app problem It's (strangely) not an error for a web-app not to have a WEB-INF/web.xml file: defaults will be used. However, for anything but static-only webapps, it will render the webapp somewhat inert. JSP-only webapps can also get away without a WEB-INF/web.xml (but I probably wouldn't want to maintain such a beast, if it does anything useful at all). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: manager app problem
I didn't know that was the case, but I'd probably not even attempt such a feat! Yikes! -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Wednesday, March 30, 2011 1:55 PM To: Tomcat Users List Subject: RE: manager app problem From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: manager app problem It's (strangely) not an error for a web-app not to have a WEB-INF/web.xml file: defaults will be used. However, for anything but static-only webapps, it will render the webapp somewhat inert. JSP-only webapps can also get away without a WEB-INF/web.xml (but I probably wouldn't want to maintain such a beast, if it does anything useful at all). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: virtual host for apache/tomcat server
On Wed, 2011-03-30 at 14:53 -0400, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 James, On 3/30/2011 2:36 PM, James Pifer wrote: I have the following installed on CentOS 5.5 httpd-2.2.3-43.el5.centos.3 tomcat5-5.5.23 Any opportunity to upgrade? Tomcat 5.5.23, while current and still supported, is basically in maintenance-mode. TC 7 is where the real action is these days :) I have a small jsp app that I CAN hit through apache like: http://www.mydomain.com/tomcat/myapp.jsp So tomcat in the url above is the apache proxy address for the tomcat server. Okay. What proxy are you using mod_proxy_ajp? mod_proxy_http? mod_jk? What are your ProxyPass settings (or JkMounts)? I want to setup a virtual host in apache to automatically load this app if I type: http://myapp.mydomain.com Sounds reasonable. Obviously, you'll have to register that hostname in DNS somewhere. Once you've done that... Looking at many howtos and FAQ's I'm still having trouble figuring this out. My jsp is located at: /usr/share/tomcat5/webapps/ROOT/myapp.jsp Oh, good: you're using the ROOT webapp. So many people want to use mystupidname instead of ROOT and just give themselves headaches when what they really want is ROOT. I have myapp.jsp added to the httpd/apache DirectoryIndex. That's not going to work the way you want it to work. Instead, you want to do a ProxyPass that maps path-less requests to Tomcata, and then set myapp.jsp as a welcome file in your webapp's WEB-INF/web.xml file. I have a DNS entry configured and working for http://myapp.mydomain.com Good. What apache and tomcat config files do I need to modify, and how, to make http://myapp.mydomain.com load my app automatically? Post your relevant httpd configuration, first: we'll start with what you've got. Ok, my httpd.conf is pretty standard. It includes proxy_ajp.conf which has: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass /tomcat/ ajp://localhost:8009/ The rest, worker.properties, server.xml, are pretty standard, so I'm not sure what I should post unless I include everything. Do I need to post everything? ProxyPass for path-less requests sounds fine to me. Thanks for your help. James - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug Help
Can someone please give some pointers? Connector document says that connection_pool_timeout should be same as ConnectionTimeout and I think setting these will help but not sure. Do I need to add connection_pool_timeout? server.xml doesn't have ConnectionTimeout set either so does it mean it will wait forever? Just trying to see what additional settings I need to put in place. On Tue, Mar 29, 2011 at 6:16 PM, Mohit Anchlia mohitanch...@gmail.com wrote: In order to circimvent this bug https://issues.jboss.org/browse/JBPAPP-366 what should I exactly have in apache 2 properties. We often see cping/cpong after connecting to the backend server failed (errno=110) and bunch of 503s Current worker.properties look something like this: worker.app1.type=ajp13 worker.app1.port=8009 worker.app1.host=app1.data.ie.intuit.net worker.app1.socket_keepalive=true worker.app1.prepost_timeout=5000 worker.app1.connect_timeout=5000 worker.app1.retries=1 worker.app1.socket_connect_timeout=1000 worker.app1.ping_mode=A worker.app1.ping_timeout=5000 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging request parameters - Filter vs Servlet
Chris, Thanks for the feedback.. very much appreciated! -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: Logging request parameters - Filter vs Servlet So you need to log the txtAPN parameter, right? Yes. Actually, the contents of the listbox... as you'll see below. Those are the parameters I'm trying to capture, along with the map image url. A. We'd like to know how many requests actually generated a map image. Can you tell that, just from a parameter value? I would think that the URL itself would more likely tell you if a map was generated. No, I couldn't tell that from a parameter value, which is why I knew I had to log from within the webapp somewhere, but I didn't know whether logging should happen in a filter or at a specific place in the model. Or should I log in the fascade (pattern)? I wanted the logs to capture the url so that I knew the model reached a point where it generated an image. http://planning.maricopa.gov/agsoutput/_ags_mapdee1a8d3a28f49a48f44aaf4dc4cc316.jpg Those images are only there for 20 min, so that url is already dead. B. We'd like to know whether this app is searching for parcels primarily in the unincorporated areas of the County, or parcels located within a city jurisdiction. That part I can figure out once I know which parcels people are searching. Simply logging the parcels used in searches would allow you to do that, as you've said. The RequestDumperValve logs a /ton/ of information, and probably wouldn't get you what you want. I'm not sure where you read it, but that sounds like a platitude applied as a blanket admonition not to log in your webapp. If it's appropriate for your situation, then feel free to do it. Back to the original filter question: logging using a filter is perfectly acceptable if it's the right solution (see below for questions that might lead you to other options). Writing the filter is trivial: just implement the javax.servlet.Filter interface and be sure to read the javadoc for it before you try: you'll thank yourself, later. You can even use ServletContext.log() to write to the context log if you want. Otherwise, feel free to use your webapp's log4j or other logging facility (you'll have to configure this yourself). Just don't use System.out :) One might argue that blindly logging request parameters is not particularly useful. For instance, a quick look at your interface indicates that you can add several plots of land before performing the search. Those initial add operations may be of little use to you. You are right. Instead, you may wish to log them only at a certain point in your workflow. Since most requests go to oppositioncase.faces, you may not be able to map your Filter to a URL pattern that is fine-grained enough. Instead, it might make more sense to log this data when you know there's a reason to log it. Since you're expecting to perform statistical analysis on the data, you might even consider writing it directly to a database instead of to a plain-old log file. I'm going this route for now: FacesContext.getCurrentInstance().getExternalContext().log(the string buffer of the parcel listbox); FacesContext.getCurrentInstance().getExternalContext().log(the map URL); Produces: Mar 30, 2011 12:02:35 PM org.apache.catalina.core.ApplicationContext log INFO: PARCEL = '125-27-089' Mar 30, 2011 12:02:45 PM org.apache.catalina.core.ApplicationContext log INFO: http://planning.maricopa.gov/agsoutput/_ags_map08eb57df58224e1884e17a3e8a59b555.jpg Mar 30, 2011 12:03:16 PM org.apache.catalina.core.ApplicationContext log INFO: PARCEL = '125-27-089' OR PARCEL = '125-27-090' OR PARCEL = '125-27-091' Mar 30, 2011 12:03:27 PM org.apache.catalina.core.ApplicationContext log INFO: http://planning.maricopa.gov/agsoutput/_ags_map1a6e940afbd1494794c8d22b36f3a11a.jpg Cool webapp, by the way! Thanks! NB: The ctrl key isn't always the modifier key to use to de-select items from a multi-select list. I think that's a Microsoft Windows convention, but it's CMD-click on Mac and probably something like META-click on *NIX. Sadly, my department wanted that blurb on there. They forget stuff. Leo
[OT] Protecting against HTTP response splitting
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I was playing around with findbugs today and saw a security warning I've never seen before: HTTP parameter directly written to HTTP header output in [somefile.java]. I read a bit more into it and the warning was correct, I was doing something akin to the following: response.sendRedirect(request.getParameter(returnURL)); Aside from not running the redirect through response.encodeRedirectURL, there's another potential problem, there: the user can specify a return URL that breaks the HTTP response and can do some evil things. I verified that I can break my own response in this way by adding %0d%0a and then more stuff to my returnURL parameter and I magically escaped the Location header of the response. The suggested mitigation is to URL-encode the value before putting it into the header. I was wondering if anyone was doing anything like this and has a suggestion for allowing the UI to control it's own return to URLs in a safe way. We'd like to use returnURL values that allow for query parameters to be passed-back to the target URL so we can't just blindly URL-encode the URL otherwise those parameters will become part of the URL and not the query string. I suppose I could also just look for and replace whitespace, which is not legal in a URL anyway. Any other thoughts of suggestions? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk2TjpgACgkQ9CaO5/Lv0PDAwQCfa8sSdRzAE7ZNjv0P1s/qD95L FGEAnjA8ZbobU/8s90lE2huLx/+B2smV =vJ6w -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug Help
Is this an Apache Tomcat problem, or a JBoss problem? If it is a Tomcat version, is it from a repackager or an official http://tomcat.apache.org/? In a new email thread with a descriptive subject provide the Apache HTTPD, mod_jk, Apache Tomcat, JDK and Operating System versions. Then you will likely be asked for logs on both your HTTPD, mod_jk and tomcat sides. I think if you did that, you might get some help. On Mar 30, 2011, at 12:16 PM, Mohit Anchlia wrote: Can someone please give some pointers? Connector document says that connection_pool_timeout should be same as ConnectionTimeout and I think setting these will help but not sure. Do I need to add connection_pool_timeout? server.xml doesn't have ConnectionTimeout set either so does it mean it will wait forever? Just trying to see what additional settings I need to put in place. On Tue, Mar 29, 2011 at 6:16 PM, Mohit Anchlia mohitanch...@gmail.com wrote: In order to circimvent this bug https://issues.jboss.org/browse/JBPAPP-366 what should I exactly have in apache 2 properties. We often see cping/cpong after connecting to the backend server failed (errno=110) and bunch of 503s Current worker.properties look something like this: worker.app1.type=ajp13 worker.app1.port=8009 worker.app1.host=app1.data.ie.intuit.net worker.app1.socket_keepalive=true worker.app1.prepost_timeout=5000 worker.app1.connect_timeout=5000 worker.app1.retries=1 worker.app1.socket_connect_timeout=1000 worker.app1.ping_mode=A worker.app1.ping_timeout=5000 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug Help
This seems to be mod_jk bug. I read in some other thread about this bug and look similar to what I am seeing. But what I am really looking for is to see if I have correct settings. We are using mod_jk 1.2.21 and apache 2 On Wed, Mar 30, 2011 at 1:46 PM, Dave Fisher dave2w...@comcast.net wrote: Is this an Apache Tomcat problem, or a JBoss problem? If it is a Tomcat version, is it from a repackager or an official http://tomcat.apache.org/? In a new email thread with a descriptive subject provide the Apache HTTPD, mod_jk, Apache Tomcat, JDK and Operating System versions. Then you will likely be asked for logs on both your HTTPD, mod_jk and tomcat sides. I think if you did that, you might get some help. On Mar 30, 2011, at 12:16 PM, Mohit Anchlia wrote: Can someone please give some pointers? Connector document says that connection_pool_timeout should be same as ConnectionTimeout and I think setting these will help but not sure. Do I need to add connection_pool_timeout? server.xml doesn't have ConnectionTimeout set either so does it mean it will wait forever? Just trying to see what additional settings I need to put in place. On Tue, Mar 29, 2011 at 6:16 PM, Mohit Anchlia mohitanch...@gmail.com wrote: In order to circimvent this bug https://issues.jboss.org/browse/JBPAPP-366 what should I exactly have in apache 2 properties. We often see cping/cpong after connecting to the backend server failed (errno=110) and bunch of 503s Current worker.properties look something like this: worker.app1.type=ajp13 worker.app1.port=8009 worker.app1.host=app1.data.ie.intuit.net worker.app1.socket_keepalive=true worker.app1.prepost_timeout=5000 worker.app1.connect_timeout=5000 worker.app1.retries=1 worker.app1.socket_connect_timeout=1000 worker.app1.ping_mode=A worker.app1.ping_timeout=5000 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: virtual host for apache/tomcat server
Am Wed, 30 Mar 2011 15:09:12 -0400 schrieb James Pifer j...@obrien-pifer.com: Ok, my httpd.conf is pretty standard. It includes proxy_ajp.conf which has: LoadModule proxy_ajp_module modules/mod_proxy_ajp.so ProxyPass /tomcat/ ajp://localhost:8009/ I only have some experience with Tomcat-6, not Tomcat-5.5, so maybe there are some mistakes in my posting, but AFAIK: - A corresponding ProxyPassReverse is missing. - If you want to redirect requests to http://hostname.domain.tld/ to ROOT then you should simply write / and not /tomcat/. Maybe a chip of our mixed IP- and name-based Apache-vhost-configs gives you an idea of how to setup Apache2 (in this environment hostnames with TLD prod are private IP-adresses for internal access). The setup uses a mix of mod_proxy_http and mod_proxy_ajp. Of course you have to configure tomcat's server.xml to offer ajp-access via Port 8009. Usually mod_proxy_ajp works better (handling of out-buffer, cache ontrol) but in rare cases we had problems with mod_proxy_ajp. Of course httpd.conf of our apache2.2 has got an include-statement for /srv/conf.d/*.conf in order to use this config. ---snip--- [crm@mikesch ~]$ cat /srv/conf.d/crm.conf # # vhost-configuration *.crm.company.* # # Virtual IP-Alias via DNS NameVirtualHost crm.company.prod:80 # # vhost for production # VirtualHost crm.company.prod:80 DocumentRoot /srv/crm/html ServerName crm.company.de ServerAlias crm.company.prod ErrorLog /srv/crm/logs/error_log TransferLog /srv/crm/logs/access_log # Reverse-Proxy for ajp-connector ProxyRequests Off Proxy * Order deny,allow Allow from all /Proxy # avoid public access to mgmt-applications ProxyPass/docs ! ProxyPass/probe ! ProxyPass/manager ! # connecting tomcats ROOT via mod_proxy_http and coyote ProxyPass/ http://crm.company.prod:8080/ ProxyPassReverse / http://crm.company.prod:8080/ # alternative: connecting tomcats ROOT via ajp # ProxyPass/ ajp://crm.company.prod:8009/ # ProxyPassReverse / ajp://crm.company.prod:8009/ /VirtualHost # # allow vhost for management only for users in private network # VirtualHost crm.cataneo.prod:80 DocumentRoot /srv/crm/html/mgmt ServerName mgmt.crm.cataneo.prod ErrorLog /srv/crm/logs/error_log TransferLog /srv/crm/logs/access_log # Displaying Apache vhost-statistics under /usage Alias /usage /srv/crm/html/mgmt/usage Location /usage Order deny,allow Deny from all Allow from 127.0.0.1 Allow from ::1 Allow from company.prod /Location # Reverse-Proxy fuer ajp-connector ProxyRequests Off Proxy * Order deny,allow Deny from all Allow from 127.0.0.1 Allow from ::1 Allow from company.prod /Proxy ProxyPass/probe ajp://crm.cataneo.prod:8009/probe ProxyPassReverse /probe ajp://crm.cataneo.prod:8009/probe ProxyPass/manager ajp://crm.cataneo.prod:8009/manager ProxyPassReverse /manager ajp://crm.cataneo.prod:8009/manager ProxyPass/docsajp://crm.cataneo.prod:8009/docs ProxyPassReverse /docsajp://crm.cataneo.prod:8009/docs /VirtualHost ---snip--- RU, Tobias. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Reg.NoClassDefintionFound Error with Tomcat-4.0.1 and jdk1.5.0_02
Hi, I am using the following configurations details OS: SunSolaris-Sparc Processor. Server: Tomcat-4.0.1 JDk: jdk1.5.0_02 my application is using jaxbapi.jar files.when I deploy the application on test machine it is working pretty fine.The same war file I deployed it in production server it is throwing noclassdefintion found error.here are the exception details. java.lang.NoClassDefFoundError: javax/xml/bind/ValidationEventHandler at net.juniper.engineering.greenfield.srx.controller.SRXServlet.doPost(SRXServlet.java:101) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:190) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2343) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:429) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495) at java.lang.Thread.run(Thread.java:595) Please let me know,is there any issue with tomcat 4.0.1 for loading the jaxb related jars? Regards -Tirumala CAUTION - Disclaimer * This e-mail contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for the use of the addressee(s). If you are not the intended recipient, please notify the sender by e-mail and delete the original message. Further, you are not to copy, disclose, or distribute this e-mail or its contents to any other person and any such actions are unlawful. This e-mail may contain viruses. Infosys has taken every reasonable precaution to minimize this risk, but is not liable for any damage you may sustain as a result of any virus in this e-mail. You should carry out your own virus checks before opening the e-mail or attachment. Infosys reserves the right to monitor and review the content of all messages sent to or from this e-mail address. Messages sent to or from this e-mail address may be stored on the Infosys e-mail system. ***INFOSYS End of Disclaimer INFOSYS***
