Here's an access log from a successful login using Firefox. Note the post
toj_security_check returns a 302 and the id of the authenticated user shows in
the returned request for a page located in the secured portion of the site.
213.20.160.134 - - [05/Apr/2011:22:44:31 -0700] GET
Hi.
Not knowing the exact layout of your pages, and not knowing exactly what you have in mind
about what /should/ happen, makes this a bit of a guesswork.
In the log, there are a number of URLs being accessed ( /catalog/dealerwelcome.jsp,
/catalog/authControl.jsp,
Hi,
Is there anyone met this kind of error. please see the error stack below.
very tricky,it doesn't always happen, we met it seldom after our server run
for a period.
and the red section is not confused, i don't know what's the meaning
exactly.
i've looked into the generated java file, the
Hi,
Honestly, I don't really know, and this is just a vague suspicion.
But if the original JSP pages are on a Windows PC, and then you are copying them to a
Unix/Linux server to run them, can the problem not be due to wrong line endings ?
(Windows uses CR/LF, but Unix/Linux only LF).
文宝殷
Hi André Warnier,
thanks for your reply.
it's a runtime error, jsp compiler generate the java file then compile it to
class.
i didn't the copy the java file between different systems.my system is
linux.
could the jsp compiler cause this error? the default one is the JDT.
Best Regards
Bryan
On 05.04.2011 22:44, Anthony J. Biacco wrote:
FYI, I have this tentatively working with mod_unique_id by doing:
Apache config:
RequestHeader set UNIQUE_ID %{UNIQUE_ID}e
JkEnvVar UNIQUE_ID
Tomcat accesslogvalve pattern:
%{UNIQUE_ID}i
I might use it like this, I might not.
Hello 文宝殷,
As I failed to mention before, I am not really a java or JSP expert, so I was
just guessing.
The error messages which you are getting seem to suggest that the generated
Java code
(before compilation) contains some line breaks or other confusing characters
where the
compiler is not
On 06/04/2011 10:47, André Warnier wrote:
Hello 文宝殷,
As I failed to mention before, I am not really a java or JSP expert, so I was
just guessing.
The error messages which you are getting seem to suggest that the generated
Java code
(before compilation) contains some line breaks or other
Hi,
We are using an embedded instance of Tomcat and would like to use a FileStore
for Session storage to keep memory requirements low while still allowing to
have many sessions opened. This is a single tomcat instance, sharing sessions
with other instances is not needed.
As I embed Tomcat, I
Andre, I'll get HttpFox and Fidler2. Is there one for Chrome or Safari? I'll
come back when I get some info from them.
Thanks.
Dick
From: André Warnier a...@ice-sa.com
To: Tomcat Users List users@tomcat.apache.org
Sent: Wednesday, April 6, 2011 3:20 AM
I made this Valve, trying to intercept requests going out of my
WebPages context to the Webservices context. Right now they are both
running in the same Tomcat (5.5.33), but that may not be true in the future.
public class TestValve extends org.apache.catalina.valves.ValveBase {
@Override
Dear List,
I´m searching for a integrity measurement module for apache tomcat which
makes a hash (e.g. sha1) from each *.war file before starting/employing it.
Can anyone give me a hint?
Thank you!
Sebastian
-
To unsubscribe,
On Wed, Apr 6, 2011 at 14:29, Sebastian Biedermann
biederm...@seceng.informatik.tu-darmstadt.de wrote:
Dear List,
I´m searching for a integrity measurement module for apache tomcat which
makes a hash (e.g. sha1) from each *.war file before starting/employing it.
Can anyone give me a hint?
From: Dick Eastlake [mailto:dickeastl...@yahoo.com]
Subject: Re: IE Firefox work fine, Mac, Google and Safari don't authenticate
I'll get HttpFox and Fidler2.
Just use Fiddler2; it works with any browser, since it installs as a proxy.
- Chuck
THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL
Folks:
Feedback is needed on a project I worked on to connect IIS to Tomcat.
This is a replacement for the old ISAPI redirectors that have been used
since early 2000.
Nonetheless, the new ones should work for Tomcat 5,6,7 and IIS 5.1,6,7,7.5
combinations.
Looking for feedback (what works, what
On 04/06/2011 03:56 PM, Bilal S wrote:
Folks:
Feedback is needed on a project I worked on to connect IIS to Tomcat.
Connectors can be downloaded from:
http://tomcatiis.riaforge.org/
This not open source AFAICT, but that's fine.
Nevertheless you should follow the ASF Trademark guidelines:
I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to
use getCookie() to retrieve our Omniture cookie data using
request.getCookies(). We are still able to access the cookie name and value
via a request header so we're using this as a work around but I'm still
curious as to
On 06/04/2011 16:35, John Clark wrote:
I recently upgraded my Tomcat cluster from 5 to 6 and am no longer able to
use getCookie() to retrieve our Omniture cookie data using
request.getCookies(). We are still able to access the cookie name and value
via a request header so we're using this as a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dick,
On 4/6/2011 2:52 AM, Dick Eastlake wrote:
Here's an access log from an unsuccessful login using Chrome. Note
the post to j_security_check returns a 200 even though the
id/password entered was a valid one.
Response code 200 means OK. There
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 7.0.12.
Apache Tomcat 7.0.12 includes bug fixes and the following new features
compared to version 7.0.11:
* initial support for SPNEGO/Kerberos authentication (also referred to
as Windows authentication);
* provide a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dominik,
On 4/6/2011 6:21 AM, Dominik Stadler wrote:
We are using an embedded instance of Tomcat and would like to use a
FileStore for Session storage to keep memory requirements low while
still allowing to have many sessions opened. This is a
On Wed, Apr 6, 2011 at 5:19 AM, Sergio ser...@strategos.com.br wrote:
I made this Valve, trying to intercept requests going out of my WebPages
context to the Webservices context.
An outbound request made by your webapp for another resource is
not going to be using a Tomcat connector.
You could
CVE-2011-1183 Apache Tomcat security constraint bypass
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.11
- Earlier versions are not affected
Description:
A regression in the fix for CVE-2011-1088 meant that security
constraints were ignored when no
CVE-2011-1475 Apache Tomcat information disclosure
Severity: Important
Vendor: The Apache Software Foundation
Versions Affected:
- Tomcat 7.0.0 to 7.0.11
- Earlier versions are not affected
Description:
Changes introduced to the HTTP BIO connector to support Servlet 3.0
asynchronous requests
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael,
On 4/5/2011 2:56 AM, Michael McCutcheon wrote:
I have heard that it is not recommended to run the webapp on the same
tomcat instance as Solr, due to potential threading issues of tomcat
calling into itself.
If your webapp and Solr will
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Sergio,
On 4/5/2011 9:03 AM, Sergio wrote:
We have an environment where there will be several instance of the same
webapp running on tomcat (sharing libraries when possible), each
connecting to different database. My idea is to have a webapp
hi,
i'm in need of data replication in a tomcat-cluster.
i set up a tomcat cluster of three tomcats on a single machine with a apache
(mod_jk) front that does the load balacing.
everything works absolutely charming for reading requests, my trouble start
with data input.
what i'm trying to
Chris Dumoulin wrote:
I'm using tomcat 7.0.11 with the following Connector and Host elements in
server.xml:
Connector connectionTimeout=2 port=8080 protocol=HTTP/1.1
redirectPort=8443/
Connector port=8009 protocol=AJP/1.3 redirectPort=8443/
Host appBase=webapps autoDeploy=true
On 4/5/2011 7:31 AM, הילה wrote:
name=jdbc/com/vstechnology/appname
scope=Shareable
type=javax.sql.Datasource
url=jdbc:jtds:sqlserver://SQLServerName:1433/DBname;useCursors=false;sendStringParametersAsUnicode=false
factory=org.apache.tomcat.jdbc.pool.DataSourceFactory
maxActive=200
minIdle=0
Thanks for your response Andre. I'm using AJP between Tomcat and Nginx using
this Nginx module: https://github.com/yaoweibin/nginx_ajp_module
There is definitely AJP traffic, it's just not showing up in the access log.
- Chris
On April 6, 2011 03:24:38 pm André Warnier wrote:
Chris Dumoulin
On 4/6/2011 1:22 PM, Jürgen Jakobitsch wrote:
hi,
i'm in need of data replication in a tomcat-cluster.
i set up a tomcat cluster of three tomcats on a single machine with a apache
(mod_jk) front that does the load balacing.
everything works absolutely charming for reading requests, my trouble
I wanted to add it, bu the company that developed the application that runs
on the tomcat, says that it affect performance and has issues.
what do you mean validates it? what does it do, exactly?
Thanks
Hila
2011/4/6 Filip Hanik - Dev Lists devli...@hanik.com
On 4/5/2011 7:31 AM, הילה wrote:
Jürgen Jakobitsch wrote:
hi,
i'm in need of data replication in a tomcat-cluster.
i set up a tomcat cluster of three tomcats on a single machine with a apache
(mod_jk) front that does the load balacing.
everything works absolutely charming for reading requests, my trouble start
with data
validate == connection is open and working
if they are worried about performance, there is a compromise that gets you best
of both worlds
testOnBorrow=true
validationQuery=select 1
validationInterval=3
this ensures that in a high concurrency environment, the number of validations
are
In looking into this further, it appears that the difference isn't in HTTP vs
AJP, the difference is in async vs synchronous.
The AJP traffic was carrying requests that were being processed asynchronously
in Tomcat. If I switch to using the HTTP connector for this same traffic I
still don't
I wanted to add the last string as well, but they said to forget about it..
:] and they should know best
however, if disconnections will continue (there are some right now) I'll try
it anyway
as for the connection validation = you said that if the DB closes a
connection (why does it happen? can I
On 4/6/2011 1:54 PM, הילה wrote:
I wanted to add the last string as well, but they said to forget about it..
:] and they should know best
however, if disconnections will continue (there are some right now) I'll try
it anyway
as for the connection validation = you said that if the DB closes a
hi, thanks for your input..
1. switching that backend is apparently not an option, i wouldn't have asked
with respect to a non-clusterable data-backend
2. it wouldn't be that two request update one piece of data, but it would be
that the first cluster member that receives
a POST request,
Just in case : have you looked at the 2 earlier [SECURITY] messages on this list, and at
the Change log for Tomcat 7.0.12 ? There are some notes there about asynchronous requests
that may have a bearing on your issue (maybe indirectly).
Chris Dumoulin wrote:
In looking into this further, it
Tomcat 6
http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/catalina/valves/AccessLogValve.java?annotate=1030188
Look at the invoke() method, it logs the data
Tomcat 7
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/valves/AccessLogValve.java?view=annotate
Look
Jürgen Jakobitsch wrote:
...
image you have a simple text file in the WEB-INF directory of a webapp named ClusterApp. this ClusterApp is deployed
on three tomcats in a cluster. now comes a POST request, that updates the text file (adds one line to it).
now of course i need to synchronize the
2011/4/6 Chris Dumoulin ch...@blaze.io:
In looking into this further, it appears that the difference isn't in HTTP vs
AJP, the difference is in async vs synchronous.
The AJP traffic was carrying requests that were being processed
asynchronously in Tomcat. If I switch to using the HTTP
Got it. Thanks
any other suggestions will be great (i'll add these string in a few days)
2011/4/6 Filip Hanik - Dev Lists devli...@hanik.com
On 4/6/2011 1:54 PM, הילה wrote:
I wanted to add the last string as well, but they said to forget about
it..
:] and they should know best
however,
The logging now takes place in the CoyoteAdapter
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/connector/CoyoteAdapter.java?r1=1086351r2=1086352;
Filip
On 4/6/2011 2:26 PM, Filip Hanik - Dev Lists wrote:
Tomcat 6
On 06/04/2011 20:50, Chris Dumoulin wrote:
In looking into this further, it appears that the difference isn't in HTTP vs
AJP, the difference is in async vs synchronous.
When you say asynchronous, do you mean Servlet 3.0 or Comet?
Mark
Am 06.04.2011 um 22:35 schrieb André Warnier:
Jürgen Jakobitsch wrote:
...
image you have a simple text file in the WEB-INF directory of a webapp named
ClusterApp. this ClusterApp is deployed
on three tomcats in a cluster. now comes a POST request, that updates the
text file (adds one
Hi,
I am using grails spring security to secure the url. I specify in
grails:
grails.plugins.springsecurity.secureChannel.definition = [
'/': 'REQUIRES_INSECURE_CHANNEL',
'/**': 'REQUIRES_SECURE_CHANNEL',
]
to make the homepage use http and all other url use https. This works
I meant servlet 3.0 async.
This is from CoyoteAdapter.java:
AsyncContextImpl asyncConImpl =
(AsyncContextImpl)request.getAsyncContext();
if (asyncConImpl != null) {
async = true;
} else if (!comet) {
response.finishResponse();
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
הילה,
On 4/6/2011 3:36 PM, הילה wrote:
I wanted to add it, bu the company that developed the application
that runs on the tomcat, says that it affect performance and has
issues.
What is your RDBMS? If it happens to be MySQL, I know that they
Hi,
I am using Apache Tomcat 5.x and it is having two instances running on it,
one is Flex application and the other one is Java application which is used
by the Flex application to Export the results.
My RAM is 4GB and Tomcat's xmx parameter is set to use from 512MB to 2GB.
Now almost once in
From: Prashant Rajput [mailto:praj...@infocepts.com]
Subject: Apache Tomcat Process is getting killed automatically.
Now almost once in two days my Tomcat process is getting killed
automatically and I have to restart the Tomcat server again and
again to resume the application back.
Start
51 matches
Mail list logo