Hi Martin
could you briefly explain the need for 2 apache webservers?
I wish I could :) We currently have our secure web apps fronted by an IBM
product, which seems to be a munged version of Apache. This has the
Cleartrust pluin in place and working fine. In the DMZ we have various web
tomcats!, clearly it is time to move onbecause there is a workaround to
this issue by having hibernate manage it's own connection pool. I am not
going to recheck my iurls again and jndi names because they are correct and
my hosting provider has assisted me in checking and found no wrong. for
Everything can be set up via service.bat
You should modify this file only. This way when you install the
service or remove the service, it works gracefully, and all libs,
memory requirements, etc. are recorded in the registry.
On Fri, Jun 18, 2010 at 12:44 AM, Katt katt@gmail.com wrote:
On 22/06/2010 06:09, Andrew Bruno wrote:
Oh sorry, I re-read your answer. Not sure why SSO is not working, be
interested to find out though..
You were right to ask about configuration.
We can't really begin to analyze the problem until we've seen the
cluster config and know the usual OS, JVM,
On 22/06/2010 07:55, yucca...@live.co.za wrote:
tomcats!, clearly it is time to move onbecause there is a workaround to
this issue by having hibernate manage it's own connection pool. I am not
going to recheck my iurls again and jndi names because they are correct
and my hosting provider has
This all sounds very unnecessarily complicated.
Maybe you want to look at authentication at the Tomcat level alone? Writing an
authenticator is rather simple (and there're plenty of examples) provided that
ClearTrust has an API, which I am sure it does.
dB. @ dblock.org
My apologies. Let me try to ask my question in a more specific manner to see
if I can get a response from someone on this list.
Per the ISAPI log, I am getting to my index.jsp page successfully and I also am
able to see the request info that is sent to the ISAPI filter from IIS.
But when I try
I haven't tried this with IIS, but we had quite the discussion on this
last week with Apache tomcat with JK. In your server.xml file add
tomcatAuthentication=false to the AJP connector object. If you look
in the archives of this list for JK_REMOTE_USER there is a very
interesting discussion on
On 22/06/2010 13:05, Marc Boorshtein wrote:
I haven't tried this with IIS, but we had quite the discussion on this
last week with Apache tomcat with JK. In your server.xml file add
tomcatAuthentication=false to the AJP connector object. If you look
in the archives of this list for
Thanks Marc. I actually have that setting in my server.xml file as well.
Actually I did follow your post last week thinking that would help me but the
ISAPI filter is working properly as indicated in my log and IIS has
authenticated the info otherwise, at least it is my understanding and my
On Tue, Jun 22, 2010 at 8:16 AM, Savoy, Melinda
melindasa...@texashealth.org wrote:
Thanks Marc. I actually have that setting in my server.xml file as well.
Hmm, I've only gotten the ISAPI filter working once and not in this
context. Unless there are other ways to do this Pid's idea is
Can you provide a hint on how to perform automatic login using BASIC
authentication?
Or can I somehow modify the class FormAuthenticator? and tell Tomcat to use my
custom class
Thanks!
From: Pid p...@pidster.com
To: Tomcat Users List
Thanks Pid, I did do that as well, but I did not see the user value there
either.
Here is what I got when I did issue the getHeaderNames() and as you can see the
authorization shows the encrypted NTLM value but it is not decrypted and I
cannot get to the info though the ISAPI log shows the
On 22/06/2010 13:25, neo21 zerro wrote:
Can you provide a hint on how to perform automatic login using BASIC
authentication?
Did you look at the link I sent?
Or can I somehow modify the class FormAuthenticator? and tell Tomcat to
use my custom class
FormAuthenticator is a Valve, it is
On 22/06/2010 13:36, Savoy, Melinda wrote:
Thanks Pid, I did do that as well, but I did not see the user value there
either.
Here is what I got when I did issue the getHeaderNames() and as you can see
the authorization shows the encrypted NTLM value but it is not decrypted and
I cannot
On 22/06/2010 13:36, Savoy, Melinda wrote:
Thanks Pid, I did do that as well, but I did not see the user value there
either.
Here is what I got when I did issue the getHeaderNames() and as you can see
the authorization shows the encrypted NTLM value but it is not decrypted and
I cannot
We have a custom filter that we're using because after we get the request and
response info then I need to use the user value info and get the user also
authenticated against a legacy system.
But right now I have that commented out in my web.xml so that I can go directly
to a test index.jsp
Thanks Pid for your time and answers. Clearly that is not an option for
me...I'll wait for Tomcat 7 then :)
Thanks!
From: Pid p...@pidster.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Tue, June 22, 2010 3:41:02 PM
Subject: Re: HTTP Status
Question. I never setup a custom Tomcat REALM and wondered if that is required
by this ISAPI filter as another user at JavaRanch explained the following to me:
You'd have to provide the user principals and roles via a Tomcat Realm in order
for getRemoteUser to work. Filters, IIS
On 22.06.2010 14:16, Savoy, Melinda wrote:
Thanks Marc. I actually have that setting in my server.xml file as well.
Actually I did follow your post last week thinking that would help me but the
ISAPI filter is working properly as indicated in my log and IIS has
authenticated the info
On 22/06/2010 13:59, Savoy, Melinda wrote:
We have a custom filter that we're using because after we get the request and
response info then I need to use the user value info and get the user also
authenticated against a legacy system.
But right now I have that commented out in my web.xml
Actually, what I finally got working was getting IIS to talk to Tomcat and
therefore seeing the request get to the ISAPI filter which after working with a
MS IIS engineer 2 weeks ago I was able to get up and running. I have not to
date been able to get the getRemoteUser() to extract the user
From: Andrew Bruno [mailto:andrew.br...@gmail.com]
Subject: Re: Tomcat 6 64 bits, Java 6 64 bits and -Djava.library.path
Everything can be set up via service.bat
You should modify this file only.
I'd strongly recommend using the tomcat6w.exe program to set any necessary
options and
On 22/06/2010 14:10, Savoy, Melinda wrote:
Question. I never setup a custom Tomcat REALM and wondered if that is
required by this ISAPI filter as another user at JavaRanch explained the
following to me:
You'd have to provide the user principals and roles via a Tomcat Realm in
order for
We had been working with JCIFS and chose the Tomcat Connector for IIS because
we're primarily a MS shop and already had IIS in place here. The team lead who
had written this custom code is no longer with the company and I've had to try
and figure out what all he did and then try to implement
I'm currently running three 6.0.26 tomcat instances on multiple servers to
establish a redundant, HA Tomcat cluster.
Every second in each of the Tomcat instances the following error message is
logged:
org.apache.catalina.ha.tcp.SimpleTcpCluster sendSEVERE: Unable to send message
through
Hi,
I'm using Tomcat 6.0.26. I notice that when I define an error page for my
JSPs
%@ page errorPage=/error-pages/500.jsp %
The error page gets called properly, but the stack trace of the error is no
longer written to my localhost log file, where it used to be output before I
inserted the
On 22/06/2010 14:45, Savoy, Melinda wrote:
We had been working with JCIFS and chose the Tomcat Connector for IIS because
we're primarily a MS shop and already had IIS in place here. The team lead
who had written this custom code is no longer with the company and I've had
to try and figure
Thanks Pid. That is what I'm working on right now. I am in the middle of the
Decoder part of the code again.
My apologies to this list as I understood I could get that directly from the
ISAPI filter as it would decrypt it for me, which it does per the ISAPI log,
and then pass it on to me
From: melindasa...@texashealth.org
To: users@tomcat.apache.org; p...@pidster.com
Date: Tue, 22 Jun 2010 08:45:18 -0500
Subject: RE: Still having problem retrieving user value from ISAPI Filter for
authentication
We had been working with JCIFS and chose the Tomcat Connector for IIS
Hi Andrew
In case of no failover, SSO works for all web applications on the same host.
Upon failover [shutting down one node], a user is routed to the other node, and
TC is asking for a user to re-login when he/she tried to access password
protected area.
I have checked many times on
On 22/06/2010 15:56, Okubo, Yasushi (TSD) wrote:
Hi Andrew
In case of no failover, SSO works for all web applications on the same host.
Upon failover [shutting down one node], a user is routed to the other node,
and TC is asking for a user to re-login when he/she tried to access password
Sorry I should clarify few things:
In case of no failover, SSO works for all web applications on the same node,
not host. Then, session replication upon failover works for non-password
protected area only.
-Original Message-
From: Okubo, Yasushi (TSD)
Has anyone ever placed an application and its content on a redundant DFS
solution?
So as when one DFS server fails, another takes over.
Does anyone see possible problems with this setup?
ie. when dfs server fails does tomcat loose connection to the app or is the
failover fast enough.
regards
Ok
I will try to install the latest apache httpd and test again.
Thanks,
yasushi
-Original Message-
From: Pid [mailto:p...@pidster.com]
Sent: Tuesday, June 22, 2010 8:04 AM
To: Tomcat Users List
Subject: Re: question for sso session replication in tomcat 6.0.26
On 22/06/2010 15:56,
2010/6/18 Mikolaj Rydzewski m...@ceti.pl:
Luca Gervasi wrote:
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
1st thing to do:
run tomcat as user tomcat (or whatever username u like) with
limited rights - that should at
http://moshah-linux.corp.walmart.com/ip/2668255 test
--
View this message in context:
http://old.nabble.com/testing-tp28962091p28962091.html
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To unsubscribe,
This is a similar question to one already being discussed in the list
with the subject Setting the Right Amount of Memory.
We have 160 instances of tomcat on the same server, with most instances
configured to use 64-96MB of RAM. We carefully watch the logs for OOMEs.
If we see any, we increase
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: Does GC Really Matter (Is This Situation)?
Some people say this approach will lead to increased CPU
utilization from frequent GC
If you're referring to what I said, note the numerous caveats I included. Only
if you happened
On 22.06.2010 16:18, Savoy, Melinda wrote:
Thanks Pid. That is what I'm working on right now. I am in the middle of the
Decoder part of the code again.
My apologies to this list as I understood I could get that directly from the
ISAPI filter as it would decrypt it for me, which it does per
Hi, Melinda-
As Pid suggested, the first part of that string after NTLM in the
authorization header decodes in base64 to 'NTLMSSP'.
-Terence Bandoian
Savoy, Melinda wrote:
Thanks Pid, I did do that as well, but I did not see the user value there either.
Here is what I got when I did
Question. As my code is currently blowing up when I setup the Base64Decoder in
my constructor I'm getting an error immediately, at any rate I'm working thru
that, but will this DECODE method show me the USERID that I'm looking for?
That is what I'm needing. Thank you.
-Original
Ranier,
Thanks for your reply.
What I did was comment out the filter from the web.xml and I went straight from
the IE browser (http://localhost/index.jsp) to the index.jsp page that was
comprised of only the following:
%...@page language=java contentType=text/html; charset=ISO-8859-1
In top, my java processes all show an average VIRT size of about 250MB
and an average RES size of about 150MB. Most of them were started with a
64MB heap size. I have two questions:
1. Top shows 0k of swap usage, so the system is not swapping. In that
case, why is there a difference between the
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: Showing Tomcat Memory Utilization with 'top'
1. Top shows 0k of swap usage, so the system is not swapping. In that
case, why is there a difference between the VIRT and RES numbers?
Linux always allocates more virtual space than
Hi, Melinda-
I'm not sure it's going to be that easy. From what I've read, the NTLM
authorization header includes structured data that is encoded using a
server nonce and/or the password. However, AUTH_USER, REMOTE_USER and
LOGON_USER variables should be available to ISAPI applications with
That is definitely the preferred method and the reason for going to the Tomcat
Connector for this authentication process. However, even with the most simple
implementation of my index.jsp and web.xml file I cannot get the
getRemoteUser() to work.
I am hoping that Ranier is able to look at
On 22.06.2010 21:29, Savoy, Melinda wrote:
That is definitely the preferred method and the reason for going to the Tomcat
Connector for this authentication process. However, even with the most simple
implementation of my index.jsp and web.xml file I cannot get the
getRemoteUser() to work.
I
2. Where does the 64MB of java heap show up?
Buried inside the VIRT number.
For example, I have a tomcat configured to use 96MB of heap (export
JAVA_OPTS=-ms96M -mx96M). Top shows VIRT=336396, RES=227264. I'm
guessing that the 96MB of heap is buried in BOTH the VIRT and RES
numbers?
--
Eric
Ranier,
Please see the requested info below and thanks for taking time to look at the
log and for your reply.
Web.xml (1 2 were deleted because they had to do with my filters just in case
you were wondering why 3 was there):
?xml version=1.0 encoding=UTF-8?
web-app
From: Savoy, Melinda [mailto:melindasa...@texashealth.org]
Subject: RE: Still having problem retrieving user value from ISAPI
Filter for authentication
What I did was comment out the filter from the web.xml and I went
straight from the IE browser (http://localhost/index.jsp) to the
index.jsp page
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: RE: Showing Tomcat Memory Utilization with 'top'
For example, I have a tomcat configured to use 96MB of heap (export
JAVA_OPTS=-ms96M -mx96M). Top shows VIRT=336396, RES=227264. I'm
guessing that the 96MB of heap is buried in
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
You'll need to add a security constraint, login-config and security-role to
your web.xml to test getRemoteUser(); in just Tomcat.
This
Sorry, Marc. I'm have no idea what a wireshark packet capture is? I've only
worked with the Fiddler Http Proxy Debugger tool to view what is coming over on
the browser.
Thanks.
-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com]
Sent: Tuesday, June 22, 2010 3:00
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 6/22/2010 3:22 PM, Caldarale, Charles R wrote:
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: Showing Tomcat Memory Utilization with 'top'
1. Top shows 0k of swap usage, so the system is not swapping. In that
case, why
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
On 6/22/2010 12:07 PM, Gregor Schneider wrote:
2010/6/18 Mikolaj Rydzewski m...@ceti.pl:
Luca Gervasi wrote:
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
1st
Also, I believe VIRT includes memory shared with other
processes, so if you have 50MiB of Java system classes
loaded and a modern JVM which shares them among running JVMs,
then you'll see that 50MiB included in every process's VIRT
that is sharing it, which is somewhat misleading.
On 22 June 2010 17:55, Robinson, Eric eric.robin...@psmnv.com wrote:
Sorry, I wasn't referring specifically your comments. Over the years
I've heard the same thing a few times from different sources. It seems
to be the conventional wisdom on the subject.
Fifteen years ago, it was right.
Hi
I downloaded apache apache v2.2.15 and compiled and installed, but the
result was the same.
Session sso replication looked like failed. Upon shutting down the
node, it kicked me out of password protected area and needed to re-loin
on the second node.
On apache, I installed/enabled all
On 22 June 2010 16:10, M.H.G. Emmerig m.h.g.emme...@dnb.nl wrote:
Has anyone ever placed an application and its content on a redundant DFS
solution?
So as when one DFS server fails, another takes over.
Does anyone see possible problems with this setup?
ie. when dfs server fails does tomcat
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Showing Tomcat Memory Utilization with 'top'
Also, I believe VIRT includes memory shared with other processes
Doesn't RES also include shared pages - anything that's in the memory map of
the process? (I can't
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: RE: Showing Tomcat Memory Utilization with 'top'
'top' shows 30-40MB in the 'SHR' column for each java
process. Is that what you're referring to?
That could be any memory (eg, file pages) that's being used in more than one
Has anyone ever placed an application and its content on a redundant
DFS solution?
So as when one DFS server fails, another takes over.
Does anyone see possible problems with this setup?
ie. when dfs server fails does tomcat loose connection to the app or
is the failover fast enough.
Are you using a jvmRoute setting on your BalancerMember definition in
mod_proxy config and on the Engine/ element in server.xml? Your cookie would
have the jvmRoute property added to the end of it (e.g. ALONGMD5HASH.server1)
if so.
From the Almighty Google:
have an application I am trying to move to Tomcat 6.0 from Tomcat 5.5. This
is a VXML Voice Browser application.
In this app, the general flow is:
1. Voice Browser makes http request to jsp
2. jsp might call Service Object
3. Service Object creates new Thread to call external
Hi
There were two cookies created by Tomcat 6.0.26. One is for SSO, and the
other is for regular session between client and tomcat. JSESSIONID is
working fine : it means session replication and failover, but not
JSESSIONIDSSO. JSESSIONIDSSO is updated with new value upon relogin.
yasushi
Hello,
We have a customer that is running Tomcat Server 6.0.18 under Windows 2008 R2.
On this server the Remote Desktop Port (3389) is being changed to port 80 after
X (usually ~3) number of days. If we disable the Apache Tomcat Server and stop
the service, this problem goes away. We opened a
From: Marc Boorshtein [mailto:mboorsht...@gmail.com]
Subject: Re: Still having problem retrieving user value from ISAPI
Filter for authentication
Unless you are going to authenticate via one of Tomcat's
authentication methods; BASIC, FORM, etc, then getRemoteUser() is going
to return null.
From: Aaron Clark [mailto:acl...@intellicominc.com]
Subject: Apache Tomcat 6.0.18 on Windows Server 2008 R2 Changes RDP
Port
We have a customer that is running Tomcat Server 6.0.18 under
Windows 2008 R2. On this server the Remote Desktop Port (3389)
is being changed to port 80 after X
Hi All,
I've got myself in a situation where I need a stopgap quick fix - until we can
respond correctly.
I have the following workers file:
# define the worker list
worker.list=LoadBalancer
# Define the LB worker
worker.LoadBalancer.type=lb
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
Subject: OT RE: Still having problem retrieving user value from ISAPI
Filter for authentication
Doesn't the url mapping in the uriworkermap.properties file interrupt
IIS from passing authentication to Tomcat?
If you restrict
Yes, that's true. You can also use the GUI.
Personally, I like the script, because it can be committed to
repository(SVN, etc), and its easier to replicate and maintain.
AB
On Tue, Jun 22, 2010 at 11:28 PM, Caldarale, Charles R
chuck.caldar...@unisys.com wrote:
From: Andrew Bruno
On 22.06.2010 21:59, Marc Boorshtein wrote:
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
You'll need to add a security constraint, login-config and security-role to
your web.xml to test
On 23.06.2010 01:12, David Fisher wrote:
Hi All,
I've got myself in a situation where I need a stopgap quick fix - until we can
respond correctly.
I have the following workers file:
# define the worker list
worker.list=LoadBalancer
# Define the LB worker
worker.LoadBalancer.type=lb
74 matches
Mail list logo