Re: URGENT: Tomcat 7 Aliases
Thanks Chris! I now get "Document base /dg/local/cots/tomcat/tomcat_8082/webapps/xyz does not exist or is not a readable directory" On Thu, Dec 8, 2016 at 2:50 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Victor, > > On 12/8/16 4:59 PM, Victor Rodriguez wrote: > > THANKS IN ADVANCE FOR YOUR HELP! (not yelling, just emphasizing!) > > > > I have abc.war and I want both /abc and /xyz to work for it. I've > > tried adding aliases="/abc=abc.war,/xyz=abc.war" and > > aliases="/abc=abc,/xyz=abc" but neither of those worked. This is > > how my original context.xml looked like. > > > > > > WEB-INF/web.xml > pathname="" /> > > > > > > > > > > > > Tomcat 7 aliases are intended to map URLs within a single web > application. You can't use it to duplicate the web application on two > base paths. > > Here's what you need to do: > > 1. Put your WAR file in webapps/abc.war. This will deploy as usual. > > 2. Copy webapps/abc.war/META-INF/context.xml into > conf/Catalina/localhost/xyz.xml and modify the element like > this: > > >... > > > Hope that helps, > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJYSeO/AAoJEBzwKT+lPKRYBkIQAKiBaS7HNJrBfROGNu1pif1d > ZPW1pyqXOp879TX9IjhViu8oSMQS1vymG4DrHscRUMlkdNuny+NHKecxKMv1La5i > DtQOt2Hax26QizANh+cp9QHaJejdMpNM3mc4ySYfqi5bL4m3MlO7D+NycFT321/q > mfKtDmH596B8TJRchoPjLCOl2jjPfvHSf2c1BVnztIOXXY/X4PwZfNiLv1uZDGnn > pqK77m6TAiiMjV9lrn2DX7i3wZi1tiG13PoF16CYubmTNixbmZ45gO3dr+VmH+h2 > Q1hlN+MMghpbQ0Ukg1EYldA21ct31OjyG3ipinSHgTPygKV/ZvEIM3Zh67iU0bUn > xOkiQ3G6nACSRP+0+9qFqnSGN283RQKC1eS6/ZnpG+YLOtNbh60+gLyOQk4O9/pw > ZBabh7gOCjozHFmuDgcgec/Ql2kFS86fDBTX1QdjrhTdm/rH4rEAYShbL168gCC0 > vt+kjqR2QPJPkpxeuYiPTdoAI7eOLX1M4JfStF9Dmce5291262t2PJdBYJjulfVS > cXVRjWgPCAiluBcyF2LME5E+jKEGeMtmBbK2+S8UVIXDS0MvKWLDln5PW8MAfWWr > xfSFTBqNOKVtEuz22KpYkbljfXrLxn2uY6TKTjQnwddpH4t1TP0qSpnxCe38j3WT > 3j37VFuqdMGl0f54yk12 > =hk95 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Sent from neither my iPhone nor my iPad.
Re: URGENT: Tomcat 7 Aliases
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Victor, On 12/8/16 4:59 PM, Victor Rodriguez wrote: > THANKS IN ADVANCE FOR YOUR HELP! (not yelling, just emphasizing!) > > I have abc.war and I want both /abc and /xyz to work for it. I've > tried adding aliases="/abc=abc.war,/xyz=abc.war" and > aliases="/abc=abc,/xyz=abc" but neither of those worked. This is > how my original context.xml looked like. > > > WEB-INF/web.xml pathname="" /> > > > > > Tomcat 7 aliases are intended to map URLs within a single web application. You can't use it to duplicate the web application on two base paths. Here's what you need to do: 1. Put your WAR file in webapps/abc.war. This will deploy as usual. 2. Copy webapps/abc.war/META-INF/context.xml into conf/Catalina/localhost/xyz.xml and modify the element like this: ... Hope that helps, - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYSeO/AAoJEBzwKT+lPKRYBkIQAKiBaS7HNJrBfROGNu1pif1d ZPW1pyqXOp879TX9IjhViu8oSMQS1vymG4DrHscRUMlkdNuny+NHKecxKMv1La5i DtQOt2Hax26QizANh+cp9QHaJejdMpNM3mc4ySYfqi5bL4m3MlO7D+NycFT321/q mfKtDmH596B8TJRchoPjLCOl2jjPfvHSf2c1BVnztIOXXY/X4PwZfNiLv1uZDGnn pqK77m6TAiiMjV9lrn2DX7i3wZi1tiG13PoF16CYubmTNixbmZ45gO3dr+VmH+h2 Q1hlN+MMghpbQ0Ukg1EYldA21ct31OjyG3ipinSHgTPygKV/ZvEIM3Zh67iU0bUn xOkiQ3G6nACSRP+0+9qFqnSGN283RQKC1eS6/ZnpG+YLOtNbh60+gLyOQk4O9/pw ZBabh7gOCjozHFmuDgcgec/Ql2kFS86fDBTX1QdjrhTdm/rH4rEAYShbL168gCC0 vt+kjqR2QPJPkpxeuYiPTdoAI7eOLX1M4JfStF9Dmce5291262t2PJdBYJjulfVS cXVRjWgPCAiluBcyF2LME5E+jKEGeMtmBbK2+S8UVIXDS0MvKWLDln5PW8MAfWWr xfSFTBqNOKVtEuz22KpYkbljfXrLxn2uY6TKTjQnwddpH4t1TP0qSpnxCe38j3WT 3j37VFuqdMGl0f54yk12 =hk95 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
URGENT: Tomcat 7 Aliases
THANKS IN ADVANCE FOR YOUR HELP! (not yelling, just emphasizing!) I have abc.war and I want both /abc and /xyz to work for it. I've tried adding aliases="/abc=abc.war,/xyz=abc.war" and aliases="/abc=abc,/xyz=abc" but neither of those worked. This is how my original context.xml looked like. WEB-INF/web.xml
Re: Two Way SSL - SSL Offloading at load balancer
On 02.12.2016 13:27, Bipin Jethwani wrote: We use Spring security and want to use Two Way SSL for a few Jersey based REST APIs exposed for mobile devices. SSL is offloaded at load-balancer or apache level. Can we still get access to client certificate at web app level? On second thought we can live without having access to client cert but can we have load-balancer or apache configured to request for client cert only for a specific urls? On second thought, and after checking the Apache httpd configuration directives, you may want to look at this : http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslverifyclient It seems that, contrary to most SSL-oriented directives, this one /can/ be used at the "directory" level (which means also in a section). So you could specify it only for some URLs, at the Apache httpd front-end level. Is there a standard for this? -Bipin Hi. If indeed "SSL is offloaded at load-balancer or apache level", isn't this more a question for the respective user's list of these products, rather than for the Tomcat user's list ? If you do need some SSL information at the Tomcat back-end level, and if between your Apache httpd front-end, and the Tomcat back-ends, the proxy/balancer module which you are using is mod_jk, then you will find most pertinent information about passing SSL data from the front-end to the back-end Tomcat (even if you "terminate" the SSL at the httpd level), here : http://tomcat.apache.org/connectors-doc/reference/apache.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: UNC access to an tomcat webdav server
> In the "any hints" category : > - in Windows (disk) Explorer, go to "Netzwerkumgebung" > - select "Netzwerkumgebung hinzufügen" > - click "Weiter" (2 X) > - in "Internet- oder Netzwerkadresse", enter your > "https://webserver:port/webdav; >and click "Weiter". Depending on how you set this up in your webserver, > you may have to login. > When you are done, you should have a new link under "Netzwerkumgebung", > without a drive letter. Under that link, > what appears is the content of the > webserver's DAV directories. > You can then drag/drop files to/from there, using Windows Explorer. Yes, thank you very much, that is exactly what I looked and searched for. In the properties of the link I see also the resulting UNC path. I have never recognized this content in the context menu of the 'computer'. It seem s also not possible to get this result with the 'net use' command. Best regards Arno
Re: UNC access to an tomcat webdav server
On 08.12.2016 14:31, Arno Schäfer wrote: I have configured a tomcat (7.0.54) webdav server and try to access via a windows UNC path. If I run WebDAV in an IIS environment I can access this server automaticly from all clients via an UNC path like '\\webserver[@port]\webdav\' if the server side mapping is 'https://webserver[:port]/webdav'. For this I have done nothing. (Windows >= version 7) So it is possible to use this dynamicly in every client website, where I need it. What is to do to get this also on the tomcat server? Is it done with some kind of server configuration or is it a client side action. Til now I mapped the webdav address to a windows drive letter, but this I want to avoid. (and you should not need to do that) Any hints are welcome :-) In the "any hints" category : - in Windows (disk) Explorer, go to "Netzwerkumgebung" - select "Netzwerkumgebung hinzufügen" - click "Weiter" (2 X) - in "Internet- oder Netzwerkadresse", enter your "https://webserver:port/webdav; and click "Weiter". Depending on how you set this up in your webserver, you may have to login. When you are done, you should have a new link under "Netzwerkumgebung", without a drive letter. Under that link, what appears is the content of the webserver's DAV directories. You can then drag/drop files to/from there, using Windows Explorer. Is that what you mean by your (relatively obscure) question ? (Web)DAV is a HTTP "sub-protocol" (or "extension"). Any accesses to a DAV resource are via HTTP commands. Possibly, Windows and IIS allows you to also access an IIS-based DAV server, via a UNC kind of address, and make the translation automatically. But that would then be Windows-specific. Note: the Windows client-side implementation of DAV is full of non-standard particularities and caveats. Do not be surprised if you encounter some issues with this, and search Google and/or the Tomcat list archives for more information. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
UNC access to an tomcat webdav server
I have configured a tomcat (7.0.54) webdav server and try to access via a windows UNC path. If I run WebDAV in an IIS environment I can access this server automaticly from all clients via an UNC path like '\\webserver[@port]\webdav\' if the server side mapping is 'https://webserver[:port]/webdav'. For this I have done nothing. (Windows >= version 7) So it is possible to use this dynamicly in every client website, where I need it. What is to do to get this also on the tomcat server? Is it done with some kind of server configuration or is it a client side action. Til now I mapped the webdav address to a windows drive letter, but this I want to avoid. Any hints are welcome :-) Thanks Arno _ Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) │ Ralph Gillessen (COO) │ René Gawron (CFO) Martin Hodgson (Executive Director Management Consulting) SQS AG │ Stollwerckstraße 11 │ 51149 Köln Sitz der Gesellschaft: Köln │ Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: Tomcat Realm/LDAP - userRoles and Organization Unit name for authenticated users
On 05.12.2016 18:25, Taylor, Larry wrote: Hi Felix If isUserinRole has information to make determination to different component accesses in the application that would be sufficient - although, what I really need to know is what department or Organizational unit they belong to after authentication in order to give them specific page component accesses. Any help on this is appreciated. In the "any help" category : I believe that there are 2 distinct aspects involved, which are somewhat mixed up here : - the user authentication itself - the gathering of additional information about a user (authenticated and current, or not) and that it may be better, from the start, to distinguish them, if only for future portability reasons. Many user authentication schemes will only tell you whether yes or no the current user is authenticated, given the credentials supplied. This may happen, in the background, via some scheme which allows a server (given the *server* credentials), to verify with some back-end authority, that the current webapp user credentials check out. In the big scheme of things, there is nothing however that says that additional user information (such as "groups" or "organisational unit" or "email address" or even name or whatever) can be obtained via the same scheme, or using the same "server credentials". (*) The concept of tomcat "roles" also does not necessarily match the concept of "user groups". The fact that for some authentication schemes, the "isUserInRole" call would return yes/no if the user is/is not in some "user group" is also a kind of convenience, rather than something really solid and portable. What I am saying thus, is that rather than looking for something wich can provide this additional information right within the authentication part of the request cycle, maybe you should look at doing this in two separate steps, such as : - let the authentication verify the credentials and return an authenticated user-id - then later, in a separate "request filter", use this authenticated user-id to access the back-end database system of your choice, to retrieve any additional user information which you require, and add it as some session attribute. (The case where both the authentication and the user data retrieval would use the same back-end, being then merely a coincidence). That would be much more portable if ever the authentication method (or the source of the additional user information) would change in the future. As someone else regularly says here, "just my 2 cent". (*) What I mean precisely here, is that the "server credentials" which the authentication scheme uses to verify that a user is authenticated, may not allow the same server to get any additional information about that user, even with the same back-end "user database" system. The first may need only some "computer account", while the second may need some "admin account" e.g. It may be messy to try to do this in the same bit of code. -Original Message- From: Felix Schumacher [mailto:felix.schumac...@internetallee.de] Sent: Sunday, December 04, 2016 2:17 AM To: users@tomcat.apache.org Subject: Re: Tomcat Realm/LDAP - userRoles and Organization Unit name for authenticated users Am 04.12.2016 um 08:04 schrieb Taylor, Larry: Hello, For Users that have authenticated from the Web Login page through Tomcat Realm LDAP configuration is it possible to get the authenticated user's ou=Organizational Unit or Department name? and also what their role names are? I need this information to pass to a servlet or jsp page. I saw documentation about the java.security.Principal class but could not find any documentation or examples on how to get this type of information after users are authenticated. I am able to get the username with ${pageContext.request.userPrincipal.name} & request.getRemoteUser(); but nothing about how to get the user's member affiliations and roles. The standard way to get the roles is to iterate over your expected roles and ask for request.isUserInRole(role). The servlet spec has no API to get directly a list of roles. If you are willing to bind yourself to the implementation of JNDIRealm you could get the list of roles. But I don't recommend it, as that implementation is not guaranteed to stay stable. Do you really need to get the list, or is isUserInRole enough? Regards, Felix Any information or pointers on this is appreciated. Larry Taylor - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Migration to Tomcat 8.0 Post/PreResources vs VirtualWebappLoader with optional resources
On 07/12/2016 09:01, Berg, R. van den (Robin) wrote: > Hello! > I have an issue that seems not supported anymore with Tomcat 8. > The same problem is also posted in the comments on: > https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html > > PROBLEM: > We used the virtualWebAppLoader to get some extra libraries and classes that > were on the machine on the classloader. > The virtualClasspath-property of the virtualWebAppLoader was a ';'-seperated > list of directories. If one of them was empty, that was not a problem. > We used the fact that non-existing/empty directories were not loaded, without > any exception. MQ were imported on > Test-acceptance-production. However, in a local/dev-setup we do not provide > these libraries, since MQ-services are stubbed out. > > We used the {Jar|File|Dir}ResourceSet in the context.xml as replacement for > the virtualWebAppLoader, as recommended by the migration guide. > However, these fail when the base-property is non-existent. Therefore, it > breaks dev/local. > > In the comments in > https://tomcat.apache.org/tomcat-8.0-doc/config/resources.html a solution was > posted to extend the {Jar|File|Dir}ResourceSet. > However, that solution won't work for us, since we can't provide the > tomcat-instances on test-acc-prd with an extra class/library with the > extended class. (access-rights/cloud-solution only allows default setup). Can you not simply create an empty directory in the right place for dev/local ? Mark > > PREFERRRED SOLUTION: > Just like the tomcat 7 virtualWebAppLoader we would like the ResourceSet to > be optional/non-failing if the resource is not available. Is there any > configuration/property I can use to do that? > > Thanks, > Kind Regards, > > > ATTENTION: > The information in this e-mail is confidential and only meant for the > intended recipient. If you are not the intended recipient, don't use or > disclose it in any way. Please let the sender know and delete the message > immediately. > -- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is there a class or way in Tomcat to write org.apache.catalina.authenticator messages to a different logfile
On 08/12/2016 00:31, Taylor, Larry wrote: > > Hello, > > Is there a class or way in Tomcat to write org.apache.catalina.authenticator > messages to a different logfile? > > I'm using Tomcat 8.0.9 - I have logging turned on for the realm > authentication but i cannot get authentication messages to write to a > different log prefix file other than catalalina.out. > > Is there a way to do this and keep the normal server messages writing to > catalina.out? > In conf/logging.properties - this writes fine to catalina.out > > # Handler specific properties. > # Describes specific configuration info for Handlers . > >org.apache.catalina.realm.level = FINE >org.apache.catalina.realm.useParentHandlers = true >org.apache.catalina.authenticator.level = FINE >org.apache.catalina.authenticator.useParentHandlers = true > > > I did not see any org.apache.catalina.authenticator.juli.AsyncFileHandler > classes to do this - > I need somthing like: > org.apache.catalina.authenticator.juli.AsyncFileHandler.prefix = > authuser. > > > thanks for any information on how to configure this. The following patch applied to a default Tomcat logging configuration should do what you want: http://home.apache.org/~markt/dev/auth-logging.path Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat listener not coming up - no stuck threads
On 07/12/2016 15:21, Christopher Schultz wrote: > John, > > On 12/7/16 7:19 AM, John D. Ament wrote: >> On Wed, Dec 7, 2016 at 3:58 AM Mark Thomas>> wrote: > >>> On 06/12/2016 02:59, John D. Ament wrote: >>> >>> >>> So I was able to identify my issue. It's not specifically a tomcat problem, but tomcat's bootstrapping makes it unique. one of the issues I've observed is that Tomcat's use of multithreading causes some thread deadlocking with some synchronized blocks. I was wondering if there's a way to turn that off? Make tomcat's bootstrap happen in the same thread as the original invocation? >>> >>> What exactly do you mean by Tomcat's bootstrapping? Can you give >>> an example of concurrent execution that is causing issues? >>> > >> I instantiate the Tomcat object and invoke start() on the "main" >> thread. The invocation of ServletContextListeners happens on a >> "localhost-startStop-1" thread. I would like to have that >> invocation happen on the main thread instead. > > Hmm... there is the "startStopThreads" setting on the Engine, but > unfortunately there is not (currently available) setting that says > "don't use multiple threads at all". It looks like Tomcat is always > going to use at least one (separate) thread to launch the various > Hosts (and webapps). It wouldn't be too hard to change that to not use an executor if the default of startStopThreads="1" was being used. However... >> Its nothing within tomcat that is deadlocking, but under the covers >> weld has a synchronized block, its inside that synchronized block >> where Tomcat is instantiated. There's a later point where Weld >> tries getting a lock again. In that case, when its single threaded >> (in other containers) it passes since it has a lock, but in this >> case it can't get that lock. The Weld documentation suggests that it is initialized per web application with a ServletContainerInitializer. This would be fine with Tomcat's current use of an Executor for container start/stop. I don't, therefore, understand how Weld is instantiating Tomcat. Can you expand on this? Mark > Is there any way for you to remove the required monitor on your own > code? Or is Weld so intricately-involved in the whole process that > unwinding it isn't possible? > > -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Connection Pool
On 08/12/2016 07:59, Михаил Ткаченко wrote: > Yes but it description is ambiguous for me. What does it means "active > connection"? In use for request to DB? It is the maximum number of connections the pool will keep open to the database at any point in time. Those connections may be actively processing queries, allocated to an application but not being used or be sat idle in the pool waiting to be allocated. Mark > > 08 дек. 2016 г. 10:53 пользователь "Kaloyan Spiridonov" < > k.i.spirido...@gmail.com> написал: > >> Hello, >> >> As it is described in jdbc connection pool documentation: >> >> maxActive >> >> (int) The maximum number of active connections that can be allocated from >> this pool at the same time. The default value is 100 >> >> Best Regards, >> Kaloyan >> >> On Thu, Dec 8, 2016 at 9:47 AM, Михаил Ткаченко>> wrote: >> >>> Hi! Do you tell me what maxActive option means? Is it the amount of all >>> connection in the pool? Or is it max number of connection which in use at >>> the certain moment? Thanks. >>> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Connection Pool
Yes but it description is ambiguous for me. What does it means "active connection"? In use for request to DB? 08 дек. 2016 г. 10:53 пользователь "Kaloyan Spiridonov" < k.i.spirido...@gmail.com> написал: > Hello, > > As it is described in jdbc connection pool documentation: > > maxActive > > (int) The maximum number of active connections that can be allocated from > this pool at the same time. The default value is 100 > > Best Regards, > Kaloyan > > On Thu, Dec 8, 2016 at 9:47 AM, Михаил Ткаченко> wrote: > > > Hi! Do you tell me what maxActive option means? Is it the amount of all > > connection in the pool? Or is it max number of connection which in use at > > the certain moment? Thanks. > > >