Hi Luyi, thanks for sharing your experience. Would be great to have this information on our websites. Any interest to share are a patch for the site?
To do so, 1) checkout the site sources via SVN from https://svn.apache.org/repos/asf/stanbol/site/trunk/ 2) Make your changes where you think they would best fit it and create a patch. 3) Create a JIRA issue describing your changes and attach the patch. 4) A Stanbol committer will review the patch and apply it to our website. Would be really great to have this and your contribution! Best, - Fabian 2014-09-08 18:35 GMT+02:00 aj...@virginia.edu <aj...@virginia.edu>: > I think that would be a container-specific concern, but I honestly don't know > enough to comment further. You might want to explore the option of > segregating Stanbol into its own container, although I realize that would > mean extra overhead. > > --- > A. Soroka > The University of Virginia Library > > On Sep 8, 2014, at 11:27 AM, Luyi Wang <wangl...@guitarca.com> wrote: > >> yeah. >> >> only for stanbol. The permission granted right now are available for whole >> site. >> >> >> On Mon, Sep 8, 2014 at 8:14 AM, aj...@virginia.edu <aj...@virginia.edu> >> wrote: >> >>> Do you mean giving only permissions to actions originating in the Stanbol >>> webapp and not to actions originating in other webapps deployed in your web >>> container? >>> >>> --- >>> A. Soroka >>> The University of Virginia Library >>> >>> On Sep 8, 2014, at 11:11 AM, Luyi Wang <wangl...@guitarca.com> wrote: >>> >>>> Does anyone have some idea on giving only codebase permission? >>>> >>>> On Sun, Sep 7, 2014 at 4:07 AM, aj...@virginia.edu <aj...@virginia.edu> >>>> wrote: >>>> >>>>> Another approach here is to move the Stanbol home _out_ of the directory >>>>> of your web container. I think that's a little clearer and safer, and >>>>> that's how I run Stanbol as a web app. You can do that with an init >>> param >>>>> in the Stanbol web application's web.xml file, with an element like >>> this: >>>>> >>>>> </init-param> >>>>> <init-param> <!-- the default sling.home is set to >>> stanbol >>>>> --> >>>>> <param-name>sling.home</param-name> >>>>> <param-value>/my/directory/for/stanbol</param-value> >>>>> </init-param> >>>>> >>>>> And of course you must give the Tomcat user rights to content under that >>>>> directory. >>>>> >>>>> --- >>>>> A. Soroka >>>>> The University of Virginia Library >>>>> >>>>> On Sep 7, 2014, at 1:08 AM, Luyi Wang <wangl...@guitarca.com> wrote: >>>>> >>>>>> Hi all: >>>>>> >>>>>> Would like to share my experience on deploying stanbol war file to >>>>> tomcat7 >>>>>> on ubuntu 14.04 >>>>>> >>>>>> After the full build by following instruction upon >>>>>> http://stanbol.apache.org/docs/trunk/tutorial.html >>>>>> >>>>>> I got the stanbol.war file deployed on tomcat7 but it kept reporting >>>>> error >>>>>> for resource not available as Apache Sling is starting. I checked the >>>>>> access log and found stanbol (actually sling) failed in creating a >>> folder >>>>>> under tomcat folder instead of tomcat webapps folder. An easy hack way >>> is >>>>>> to create a folder named "stanbol" with tomcat7 user/group access >>> under >>>>>> your $CATALINA_BASE folder and restart tomcat7. Then everything is fine >>>>>> except the the link "system/console" would be broken by default >>> setting. >>>>>> >>>>>> The broken link reporting permission error. To solve this, need to edit >>>>> two >>>>>> parts. >>>>>> 1. add permission into your tomcat policy configuration which is under >>>>>> /etc/tomcat7/policy.d folder. You can choose one to edit since later >>> on >>>>>> they all compile to be one file as $CATALINA_BASE/work/catalina.policy >>>>>> (/var/lib/tomcat7/work/catalina.policy) >>>>>> >>>>>> The hack way is to grant permission with careless. >>>>>> >>>>>> grant { >>>>>> permission java.security.AllPermission; >>>>>> }; >>>>>> >>>>>> >>>>>> I tried to make it more robust by adding permission only for stanbol >>>>>> codebase however I failed to make it work. If anyone knows how to do , >>>>> let >>>>>> me know. >>>>>> >>>>>> After that , need to change the tomcat init script in >>> /etc/init.d/tomcat >>>>>> Line 98 to yes. >>>>>> >>>>>> TOMCAT7_SECURITY=yes >>>>>> >>>>>> >>>>>> After all these, every component would work but we need to alter the >>>>> tomcat >>>>>> application memory size. >>>>>> >>>>>> vi /etc/default/tomcat7 >>>>>> >>>>>> change the JAVA_OPTS line. >>>>>> >>>>>> JAVA_OPTS="-Djava.awt.headless=true -Xmx1g -XX:MaxPermSize=256m >>>>>> -XX:+UseConcMarkSweepGC" >>>>>> >>>>>> Then restart tomcat7. >>>>>> >>>>>> >>>>>> Hope this would help people. >>>>>> >>>>>> Thanks. >>>>>> >>>>>> -Luyi. >>>>> >>>>> >>> >>> > -- Fabian http://twitter.com/fctwitt
