Re: BackupManager vs DeltaManager
On 01/11/2010 14:44, Ossi wrote: On Fri, Oct 29, 2010 at 1:51 PM, Pid p...@pidster.com wrote: On 29/10/2010 11:17, Ossi wrote: Hi! Should BackupManager work well with any number of nodes? Yes. And with large clusters it should work even better than DeltaManager? Yes. *Should*. We have large production clusters (10+) nodes and we have evaluated if we can use BackupManager. In test cluster of 6 nodes it didn't work too well: much higher request latency, with logs full of following errors: 2010-09-24 14:17:34,536 ERROR [tomcat-processor-53] (org.apache.catalina.tribes.tipis.AbstractReplicatedMap) Unable to replicate out data for a LazyReplicatedMap.get operationorg.apache.catalina.tribes.ChannelException: Operation has timed out(3000 ms.).; Faulty members:tcp://{10, 1, 8, 219}:4200; It's timing out for some reason. You could try increasing the timeout. Yes, I noticed that. However it is using same configs that with DeltaManager and we didn't get those same errors with that. It'll be a bit tedious, but it might be beneficial to look at a tcpdump trace of the connection traffic to see what's happening. What could be reason for those timeouts? How to know what operation could be causing the timeout? Like is that on initialization/starting phase (so, it couldn't connect at all) or I something in replication just taking a lot of time. BackupManager doesn't replicate to the whole cluster, it replicates each session to one designated backup node. It does replicate the map of where all the sessions are to the whole cluster, however. Maybe it's the latter which is a problem. I'll test this with different timeouts. Does this occur on all cluster members, or just a few? Sorry, I don't remember it has been awhile when we did those test and apparently the logs are gone. Gotta check this when I test this next time. OK. Let us know. p 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat Maven and Axis 1.5.1 problem
For now I solved the problem adding the Snapshot files: dependency groupIdorg.apache.axis2.wso2/groupId artifactIdaxis2/artifactId version1.6.0.wso2v1-SNAPSHOT/version /dependency But this also required adding some repositories. I don't like this solution but I think it will have to do for now... Ron McNulty-2 wrote: A little googling produces this result: http://www.jarvana.com/jarvana/view/org/apache/axis2/axis2-kernel/1.1.1/axis2-kernel-1.1.1.jar!/org/apache/axis2/transport/local/LocalTransportSender.class?classDetails=ok I suspect that your set of Axis jars are from different versions of Axis - maybe 1.5.1 kernel does not have this class anymore. Winzip will easily confirm this.. Regards Ron - Original Message - From: srd.pl srolek2...@yahoo.com To: users@tomcat.apache.org Sent: Friday, October 29, 2010 8:25 PM Subject: Re: Tomcat Maven and Axis 1.5.1 problem Thanks for the contribution. I have posted on the axis list but no response and I'm running out of time :/ If you can take a look at a list of the .jar files my webservice has: activation-1.1.jar ant-1.7.0.jar ant-launcher-1.7.0.jar antlr-2.7.6.jar apache-maven-2.0.9.jar asm-3.1.jar asm-attrs-1.5.3.jar axiom-api-1.2.8.jar axiom-dom-1.2.8.jar axiom-impl-1.2.8.jar axis-wsdl4j-1.5.1.jar axis2-1.5.1.jar axis2-adb-1.5.1.jar axis2-adb-codegen-1.5.1.jar axis2-codegen-1.5.1.jar axis2-kernel-1.5.1.jar axis2-wsdl2code-maven-plugin-1.5.1.jar axis2-xmlbeans-1.5.1.jar cglib-nodep-2.2.jar classworlds-1.1-alpha-2.jar commons-cli-1.0.jar commons-codec-1.2.jar commons-collections-3.2.1.jar commons-fileupload-1.2.jar commons-httpclient-3.1.jar commons-io-1.4.jar commons-logging-1.1.1.jar dom4j-1.6.1.jar doxia-sink-api-1.0-alpha-10.jar ehcache-1.2.3.jar geronimo-activation_1.1_spec-1.0.1.jar geronimo-javamail_1.4_spec-1.2.jar geronimo-javamail_1.4_spec-1.6.jar geronimo-jta_1.1_spec-1.1.jar geronimo-stax-api_1.0_spec-1.0.1.jar geronimo-ws-metadata_2.0_spec-1.1.2.jar hibernate-3.2.7.ga.jar jaxb-api-2.2.1.jar jaxb-impl-2.2.1.1.jar jaxen-1.1.1.jar jdom-1.0.jar jersey-bundle-1.3.jar jersey-client-1.3.jar jersey-core-1.3.jar jersey-multipart-1.3.jar jsch-0.1.27.jar jsr311-api-1.1.1.jar jtidy-4aug2000r7-dev.jar log4j-1.2.14.jar mail-1.4.jar maven-artifact-2.0.8.jar maven-artifact-manager-2.0.7.jar maven-core-2.0.9.jar maven-error-diagnostics-2.0.9.jar maven-model-2.0.7.jar maven-monitor-2.0.9.jar maven-plugin-api-2.0.7.jar maven-plugin-descriptor-2.0.9.jar maven-plugin-parameter-documenter-2.0.9.jar maven-plugin-registry-2.0.7.jar maven-profile-2.0.7.jar maven-project-2.0.7.jar maven-reporting-api-2.0.9.jar maven-repository-metadata-2.0.7.jar maven-settings-2.0.7.jar maven-toolchain-2.0.9.jar maven-wadl-plugin-1.3.jar mimepull-1.4.jar neethi-2.0.4.jar plexus-container-default-1.0-alpha-9-stable-1.jar plexus-interactivity-api-1.0-alpha-4.jar plexus-utils-1.4.9.jar servlet-api-2.3.jar slf4j-api-1.5.11.jar slf4j-log4j12-1.5.11.jar slide-webdavlib-2.1.jar stax-api-1.0-2.jar wagon-file-1.0-beta-2.jar wagon-http-lightweight-1.0-beta-2.jar wagon-http-shared-1.0-beta-2.jar wagon-provider-api-1.0-beta-2.jar wagon-ssh-1.0-beta-2.jar wagon-ssh-common-1.0-beta-2.jar wagon-ssh-external-1.0-beta-2.jar wagon-webdav-1.0-beta-2.jar woden-api-1.0M8.jar woden-impl-dom-1.0M8.jar wsdl4j-1.6.2.jar wstx-asl-3.2.4.jar xalan-2.7.0.jar xercesImpl-2.6.1.jar xml-apis-1.0.b2.jar xml-apis-1.3.04.jar xml-im-exporter-1.1.jar xmlbeans-2.3.0.jar xmlParserAPIs-2.6.0.jar XmlSchema-1.4.3.jar And this is my pom.xml file: project xmlns=http://maven.apache.org/POM/4.0.0; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd; modelVersion4.0.0/modelVersion groupIdcom.mywebapp/groupId artifactIdWebApp/artifactId packagingwar/packaging nameWebApplication for Axis 2/name version0.1/version dependencies dependency groupIdorg.apache.tomcat/groupId artifactIdcatalina/artifactId version6.0.29/version scopetest/scope /dependency dependency groupIdorg.apache.tomcat/groupId artifactIdcoyote/artifactId version6.0.29/version scopetest/scope /dependency dependency groupIdorg.apache.tomcat/groupId artifactIdjasper/artifactId version6.0.29/version scopetest/scope /dependency dependency groupIdorg.apache.axis2/groupId artifactIdaxis2-adb-codegen/artifactId version1.5.1/version /dependency dependency groupIdorg.apache.axis2/groupId artifactIdaxis2-wsdl2code-maven-plugin/artifactId version1.5.1/version /dependency dependency groupIdcom.sun.jersey.contribs/groupId artifactIdjersey-multipart/artifactId version1.3/version !--version1.0.1/version-- /dependency dependency groupIdcom.sun.jersey/groupId
Connector Setting Problem in tomcat 6.0.29
I am using tomcat 6.0.29 64 bit and java 64 1.6.0 64 bit edition.I configured the http connector minSpareThreads and MaxSpareThreads. While starting the tomcat it is giving the error as follows. 2 Nov, 2010 4:55:24 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. 2 Nov, 2010 4:55:24 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra ndom [true]. 2 Nov, 2010 4:55:24 PM org.apache.catalina.startup.SetAllPropertiesRule begin *WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'minS* *pareThreads' to '500' did not find a matching property.* 2 Nov, 2010 4:55:24 PM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxS pareThreads' to '750' did not find a matching property. 2 Nov, 2010 4:55:25 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 2 Nov, 2010 4:55:25 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 2 Nov, 2010 4:55:25 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 880 ms 2 Nov, 2010 4:55:25 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListen er createMBeans SEVERE: Exception processing Global JNDI Resources javax.naming.NamingException: Could not load resource factory class [Root except ion is java.lang.ClassNotFoundException: oracle.jdbc.pool.OracleDataSourceFactor y] Herewith i attached my server.xml file. !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 *--* *Connector port=8080 protocol=HTTP/1.1 * * connectionTimeout=2 * * maxThreads=1000 minSpareThreads=500 * * maxSpareThreads=750* * enableLookups=false disableUploadTimeout=true* * redirectPort=8443 /* !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=1000 minSpareThreads=500 maxSpareThreads=750 enableLookups=false disableUploadTimeout=true scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- Please guide me to resolve this issue. Regards Rujinraj
Tomcat 5.5: how doesone configure an authenticator valve?
I am trying to help someone with a Tomcat 5.5 implementation of waffle (waffle.codeplex.com). It has authenticator valve that works well with tc6. I declare a valve inside the web app: Context.xml ?xml version='1.0' encoding='utf-8'? Context Valve className=waffle.apache.NegotiateAuthenticator principalFormat=fqn roleFormat=both / Realm className=waffle.apache.WindowsRealm / /Context Web.xml security-constraint display-nameWaffle Security Constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameEveryone/role-name /auth-constraint /security-constraint security-role role-nameEveryone/role-name /security-role I didn't modify anything in Tomcat's conf, but placed the JARs in the right place(s). The Valve starts, but any request to the protected area doesn't invoke it. I get a 401 Access Denied, but no headers added by the valve. Any suggestions? Is this supposed to work with tc5.5 at all? Thx dB. dB. @ dblock.orghttp://www.dblock.org/ Moscow|Geneva|Seattle|New York
Re: Tomcat 5.5: how doesone configure an authenticator valve?
2010/11/2 dB. dbl...@dblock.org: I am trying to help someone with a Tomcat 5.5 implementation of waffle (waffle.codeplex.com). It has authenticator valve that works well with tc6. I declare a valve inside the web app: Context.xml ?xml version='1.0' encoding='utf-8'? Context Valve className=waffle.apache.NegotiateAuthenticator principalFormat=fqn roleFormat=both / Realm className=waffle.apache.WindowsRealm / /Context Note, that META-INF/context.xml (case matters!) is copied to $CATALINA_BASE\conf\Catalina\localhost\yourapp.xml when the webappication starts for the first time. You can have a stale copy there. I would suggest you to enable more detailed logging. Something like adding the following line to conf/logging.properties: waffle.apache.NegotiateAuthenticator.level=FINE BTW, the waffle docs say waffle.apache.NegotiateAuthenticator, but in the source code it is waffle.tomcat.NegotiateAuthenticator, i.e. a different package http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376 Are there any interesting messages in the log filess already? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connector Setting Problem in tomcat 6.0.29
The following link points to something similar to what you have here, perhaps it can guide you to a solution: http://mail-archives.apache.org/mod_mbox/tomcat-users/200705.mbox/%3c4656d0d8.4010...@pidster.com%3e ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: rujin raj [mailto:rujin...@gmail.com] Sent: Tuesday, November 02, 2010 6:51 AM To: Tomcat Users List Subject: Connector Setting Problem in tomcat 6.0.29 I am using tomcat 6.0.29 64 bit and java 64 1.6.0 64 bit edition.I configured the http connector minSpareThreads and MaxSpareThreads. While starting the tomcat it is giving the error as follows. 2 Nov, 2010 4:55:24 PM org.apache.catalina.core.AprLifecycleListener init INFO: Loaded APR based Apache Tomcat Native library 1.1.20. 2 Nov, 2010 4:55:24 PM org.apache.catalina.core.AprLifecycleListener init INFO: APR capabilities: IPv6 [true], sendfile [true], accept filters [false], ra ndom [true]. 2 Nov, 2010 4:55:24 PM org.apache.catalina.startup.SetAllPropertiesRule begin *WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'minS* *pareThreads' to '500' did not find a matching property.* 2 Nov, 2010 4:55:24 PM org.apache.catalina.startup.SetAllPropertiesRule begin WARNING: [SetAllPropertiesRule]{Server/Service/Connector} Setting property 'maxS pareThreads' to '750' did not find a matching property. 2 Nov, 2010 4:55:25 PM org.apache.coyote.http11.Http11AprProtocol init INFO: Initializing Coyote HTTP/1.1 on http-8080 2 Nov, 2010 4:55:25 PM org.apache.coyote.ajp.AjpAprProtocol init INFO: Initializing Coyote AJP/1.3 on ajp-8009 2 Nov, 2010 4:55:25 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 880 ms 2 Nov, 2010 4:55:25 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListen er createMBeans SEVERE: Exception processing Global JNDI Resources javax.naming.NamingException: Could not load resource factory class [Root except ion is java.lang.ClassNotFoundException: oracle.jdbc.pool.OracleDataSourceFactor y] Herewith i attached my server.xml file. !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 *--* *Connector port=8080 protocol=HTTP/1.1 * * connectionTimeout=2 * * maxThreads=1000 minSpareThreads=500 * * maxSpareThreads=750* * enableLookups=false disableUploadTimeout=true* * redirectPort=8443 /* !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=1000 minSpareThreads=500 maxSpareThreads=750 enableLookups=false disableUploadTimeout=true scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- Please guide me to resolve this issue. Regards Rujinraj The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail:
RE: Connector Setting Problem in tomcat 6.0.29
From: rujin raj [mailto:rujin...@gmail.com] Subject: Connector Setting Problem in tomcat 6.0.29 I am using tomcat 6.0.29 64 bit and java 64 1.6.0 64 bit edition.I configured the http connector minSpareThreads and MaxSpareThreads. There are no such settings for the Connector element; read the doc for the level of Tomcat you're using: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html If you want more control over the thread pool, specify an Executor: http://tomcat.apache.org/tomcat-6.0-doc/config/executor.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: ISAPI Redirector Work-Flow
Another question, in particular about this: It's not a redirect. The request data is converted to the AJP13 binary protocol which is received by an AJP connector in Tomcat. How is the request data passed? It is a Remore Procedure Call, an IP port connection, or something else? ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, November 01, 2010 5:40 PM To: Tomcat Users List Subject: Re: ISAPI Redirector Work-Flow On 01/11/2010 21:48, Richard G Curry wrote: I am trying to understand how the ISAPI Redirector functions at an overview level but deeper than this: The request comes into IIS where the ISAPI Redirector filter sends the servlet and JSP requests to the Tomcat server. I know the redirector works with AJP13 to redirect requests to the Tomcat container. What I want to know is HOW that is done. Is it a redirected HTTP request, a 301 redirect or is it a port-to-port connection between the AJP13 processor and the defined instance in the workers.properties file? It's not a redirect. The request data is converted to the AJP13 binary protocol which is received by an AJP connector in Tomcat. As this properties file defines the host name of the server holding the Tomcat instance, this can be on a different server than the IIS server, correct? Yes. Then does AJP13 'connect' directly to the defined server (localhost in all the examples I have seen) and the defined port (8009 in the same examples)? The connector opens multiple connections to the Tomcat server. If you know of a diagram that shows how this works, please share the link to that resouce. I don't sorry. p The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: ISAPI Redirector Work-Flow
From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: ISAPI Redirector Work-Flow How is the request data passed? It is a Remore Procedure Call, an IP port connection, or something else? AJP is analogous to HTTP, in that it passes requests and responses over a TCP/IP connection, but in a much more compact form than HTTP. That's why the Connector element for an AJP connection has address and port attributes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Protecting static resources in IIS
Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash
RE: Protecting static resources in IIS
While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Protecting static resources in IIS
Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images/TestDir/A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java update from Apple broke Tomcat
Rob, We use Tomcat 6.0.28 on Mac OS X 10.6.4 with the latest Java update and it seems to start up just fine. Stephen Caine Soft Breeze Systems, LLC On Nov 1, 2010, at 1:55 PM, Rob Tanner wrote: Hi, While I run production on Linux servers, I do my development on my iMac. Last week, I ran the most recent Apple Java upgrade , and now Tomcat (which is a critical part of my development environment) won't start up. I get the error: Nov 1, 2010 8:58:54 AM org.apache.catalina.startup.Bootstrap initClassLoaders SEVERE: Class loader creation threw exception java.lang.NoSuchFieldError: IS_DIR at org.apache.catalina.startup.Bootstrap.createClassLoader(Bootstrap.java:167) at org.apache.catalina.startup.Bootstrap.initClassLoaders(Bootstrap.java:92) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:207) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:391) Other details: java version 1.6.0_22 Java(TM) SE Runtime Environment (build 1.6.0_22-b04-307-10M3261) Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03-307, mixed mode) Tomcat version: 6.0.18 and 6.0.29 — both fail to start, throwing the same exception From the error, it appears that things are missing from the update (or at least one field is). Has anyone else seen this? Is there a known work-around? Thanks, Rob Tanner Linfield College - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: ISAPI Redirector Work-Flow
That is what I thought and I thank you for your confirmation of this. I appreciate your time and support. ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 02, 2010 8:47 AM To: Tomcat Users List Subject: RE: ISAPI Redirector Work-Flow From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: ISAPI Redirector Work-Flow How is the request data passed? It is a Remore Procedure Call, an IP port connection, or something else? AJP is analogous to HTTP, in that it passes requests and responses over a TCP/IP connection, but in a much more compact form than HTTP. That's why the Connector element for an AJP connection has address and port attributes. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images/Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Protecting static resources in IIS
Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images/Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Protecting static resources in IIS
On Tue, 2 Nov 2010 21:18:02 +0530, Siva prakash I V sivaprakash...@gmail.com wrote: My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. Smells like security by obscurity... Hint: how do you want your legitimate clients to access those images if they are well protected? -- Mikolaj Rydzewski m...@ceti.pl - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
Are you trying to implement some form of Capatcha to stop automated attacks against a logon screen or something similar? If so there is a nice opensource one @ http://jcaptcha.sourceforge.net/ and an alternative from Google http://www.captcha.net/ which support audio (but requires an internet connection and an account). I implemented both so that when the required credentials are available it uses the google one and degrades to the JCaptcha one which works very nice. Otherwise it sounds like you need a security filter within tomcat and let Tomcat serve up these images. Tomcat in my opinion is just as good at serving static content as Apache or IIS is. Regards Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 15:48 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images/Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Protecting static resources in IIS
On 2 Nov 2010, at 15:48, Siva prakash I V sivaprakash...@gmail.com wrote: Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) You've presumably conducted some performance tests which led you to this conclusion? In this case a Servlet Filter which checks the request against the current user's credentials and returns a 403 for unauthorised access would be a low cost option. p and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images/Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java update from Apple broke Tomcat
Rick, Yep, extraneous jar files that didn't belong there. Don't know why it worked before the upgrade and not after, but the problem was easy enough to fix once it was identified. Everything works now. -- Rob On 11/1/10 3:48 PM, Richard G Curry rgcu...@jcpenney.com wrote: Did you check you classpath? __ _ «€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€»§«€»¥«€» __ _ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Monday, November 01, 2010 5:28 PM To: Tomcat Users List Subject: Re: Java update from Apple broke Tomcat On 01/11/2010 17:55, Rob Tanner wrote: Hi, While I run production on Linux servers, I do my development on my iMac. Last week, I ran the most recent Apple Java upgrade , and now Tomcat (which is a critical part of my development environment) won't start up. I get the error: Nov 1, 2010 8:58:54 AM org.apache.catalina.startup.Bootstrap initClassLoaders SEVERE: Class loader creation threw exception java.lang.NoSuchFieldError: IS_DIR at org.apache.catalina.startup.Bootstrap.createClassLoader(Bootstrap.java:167) at org.apache.catalina.startup.Bootstrap.initClassLoaders(Bootstrap.java:92) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:207) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:391) Other details: java version 1.6.0_22 Java(TM) SE Runtime Environment (build 1.6.0_22-b04-307-10M3261) Java HotSpot(TM) 64-Bit Server VM (build 17.1-b03-307, mixed mode) Tomcat version: 6.0.18 and 6.0.29 both fail to start, throwing the same exception From the error, it appears that things are missing from the update (or at least one field is). Has anyone else seen this? Is there a known work-around? I updated too. Works just fine for me, on various 6.0.x and 7.0 trunk. p The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
What if you put your images into a sub-directory of your app directory -- something like images -- and set the access rights on that directory to be only accessible by the SYSTEM account. ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Tuesday, November 02, 2010 11:42 AM To: Tomcat Users List Subject: Re: Protecting static resources in IIS On 2 Nov 2010, at 15:48, Siva prakash I V sivaprakash...@gmail.com wrote: Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) You've presumably conducted some performance tests which led you to this conclusion? In this case a Servlet Filter which checks the request against the current user's credentials and returns a 403 for unauthorised access would be a low cost option. p and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images /Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe,
RE: Protecting static resources in IIS
Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? -Original Message- From: Richard G Curry [mailto:rgcu...@jcpenney.com] Sent: 02 November 2010 17:43 To: Tomcat Users List Subject: RE: Protecting static resources in IIS What if you put your images into a sub-directory of your app directory -- something like images -- and set the access rights on that directory to be only accessible by the SYSTEM account. __ _ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» __ _ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Tuesday, November 02, 2010 11:42 AM To: Tomcat Users List Subject: Re: Protecting static resources in IIS On 2 Nov 2010, at 15:48, Siva prakash I V sivaprakash...@gmail.com wrote: Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) You've presumably conducted some performance tests which led you to this conclusion? In this case a Servlet Filter which checks the request against the current user's credentials and returns a 403 for unauthorised access would be a low cost option. p and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/images /Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader
RE: Protecting static resources in IIS
Yes. ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Sent: Tuesday, November 02, 2010 12:45 PM To: Tomcat Users List Subject: RE: Protecting static resources in IIS Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? -Original Message- From: Richard G Curry [mailto:rgcu...@jcpenney.com] Sent: 02 November 2010 17:43 To: Tomcat Users List Subject: RE: Protecting static resources in IIS What if you put your images into a sub-directory of your app directory -- something like images -- and set the access rights on that directory to be only accessible by the SYSTEM account. __ _ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤ » __ _ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Pid * [mailto:p...@pidster.com] Sent: Tuesday, November 02, 2010 11:42 AM To: Tomcat Users List Subject: Re: Protecting static resources in IIS On 2 Nov 2010, at 15:48, Siva prakash I V sivaprakash...@gmail.com wrote: Hi Rob, My app contains a sequence of images like for eg. A/11.gif, A/12.gif, A/19.gif, B/21.gif... etc. These images are used to identify a valid user of my app. As these images are easily guessable, it may be easy for anyone to download all possible images and may lead to phishing attack. Having said that I can't place my images in Tomcat and get it served by a servlet( a performance penalty ) You've presumably conducted some performance tests which led you to this conclusion? In this case a Servlet Filter which checks the request against the current user's credentials and returns a 403 for unauthorised access would be a low cost option. p and neither I can change my image names to ones which are not easily guessable. My tomcat app jsps should continue using the existing images. On Tue, Nov 2, 2010 at 8:22 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: Hi Siva, The only way I know of protecting an 'actual' request for a specific resource is to remove the resource from the web server. I Can't see why you would want to stop access to something when it is actually requested otherwise what would be the point of deploying it (if nothing can access it). Sorry if I misunderstand the question. -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:44 To: Tomcat Users List Subject: Re: Protecting static resources in IIS Firstly, Thanks for the info. I've done what you've said. Consider my directory structure as below in IIS. IISROOT/images/TestDir/A.gif IISROOT/images/TestDir/index.html (newly introduced one) If I hit the following url, it shows the index.html https://hostname/images/TestDir/ https://%3chostname%3e/images/TestDir/ but if I hit the following url, it shows the image A.gif which needs to be restricted its access. https://hostname/images/TestDir/A.gifhttps://%3chostname%3e/imag es /Te stDir/ A.gif Please let me know if this can be resolved. Thanks, Siva Prakash On Tue, Nov 2, 2010 at 7:49 PM, Rob Gregory rob.greg...@ibsolutions.comwrote: While this is not a forum nor is the mailing list about IIS a quick suggestion and one we implement is to place a blank (or custom) index.html file into every directory within the site. This will then be served up when requests for resources are received. Hope that helps Rob -Original Message- From: Siva prakash I V [mailto:sivaprakash...@gmail.com] Sent: 02 November 2010 14:08 To: users@tomcat.apache.org Subject: Protecting static resources in IIS Hi, Though I know that this forum is not for IIS related questions, It will be great if someone can help me out with the following problem. I need to protect the end user's access (thru a url) to the static resources like images directory in IIS but still allowing my app jsps in Tomcat ROOT. Thanks, Siva Prakash --- -- To unsubscribe, e-mail:
RE: Protecting static resources in IIS
From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: Protecting static resources in IIS From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Subject: RE: Protecting static resources in IIS Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? Yes. That sounds like a really bad idea. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
How so? What am I missing? ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 02, 2010 1:33 PM To: Tomcat Users List Subject: RE: Protecting static resources in IIS From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: Protecting static resources in IIS From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Subject: RE: Protecting static resources in IIS Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? Yes. That sounds like a really bad idea. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: Protecting static resources in IIS From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Subject: RE: Protecting static resources in IIS Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? Yes. That sounds like a really bad idea. How so? What am I missing? Basic security philosophy, known as the principle of least privilege. Running as root/system is like walking around with a kick me sign; just wait till the hackers break into your IIS box running that way... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Release COM Objects
http://j-integra.intrinsyc.com/support/com/doc/gc/index.html #4 com.linar.jintegra.Cleaner.releaseAll(); Can Tomcat call this method prior to shutting down as a windows service? If so where would I configure this? JSF 1.2 (Sun RI) mojarra-1.2 Tomcat running as a windows service Using CATALINA_BASE: C:\apache-tomcat-6.0.29 Using CATALINA_HOME: C:\apache-tomcat-6.0.29 Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.29\temp Using JRE_HOME:C:\Program Files\Java\jdk1.6.0_20 Using CLASSPATH: C:\apache-tomcat-6.0.29\bin\bootstrap.jar Server version: Apache Tomcat/6.0.29 Server built: July 19 2010 1458 Server number: 6.0.0.29 OS Name:Windows 2003 OS Version: 5.2 Architecture: x86 JVM Version:1.6.0_20-b02 JVM Vendor: Sun Microsystems Inc. Leo Donahue
Re: Release COM Objects
Ideally - you would do this as a servlet filter and configured as part of the webapp. So when the filter is destroyed - it unregisters the object. -Tim On 11/2/2010 2:53 PM, Leo Donahue - PLANDEVX wrote: http://j-integra.intrinsyc.com/support/com/doc/gc/index.html #4 com.linar.jintegra.Cleaner.releaseAll(); Can Tomcat call this method prior to shutting down as a windows service? If so where would I configure this? JSF 1.2 (Sun RI) mojarra-1.2 Tomcat running as a windows service Using CATALINA_BASE: C:\apache-tomcat-6.0.29 Using CATALINA_HOME: C:\apache-tomcat-6.0.29 Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.29\temp Using JRE_HOME:C:\Program Files\Java\jdk1.6.0_20 Using CLASSPATH: C:\apache-tomcat-6.0.29\bin\bootstrap.jar Server version: Apache Tomcat/6.0.29 Server built: July 19 2010 1458 Server number: 6.0.0.29 OS Name:Windows 2003 OS Version: 5.2 Architecture: x86 JVM Version:1.6.0_20-b02 JVM Vendor: Sun Microsystems Inc. Leo Donahue - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Protecting static resources in IIS
Good point -- one I did not consider as in my realm of reference I am in a secured zone -- no outside access. Makes a big difference. ___ «¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤»§«¤»¥«¤» ___ Rick Curry Common Services - Software Development E2 - 066, MS 5210 972-431-9178 (Voice) 972-585-7585 (Pager) To send a (short) Text Message to my Pager: 9725857...@page.metrocall.com -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, November 02, 2010 1:48 PM To: Tomcat Users List Subject: RE: Protecting static resources in IIS From: Richard G Curry [mailto:rgcu...@jcpenney.com] Subject: RE: Protecting static resources in IIS From: Rob Gregory [mailto:rob.greg...@ibsolutions.com] Subject: RE: Protecting static resources in IIS Would that then result in having to run Tomcat/Apache/IIS as root/system rather than a restricted user? Yes. That sounds like a really bad idea. How so? What am I missing? Basic security philosophy, known as the principle of least privilege. Running as root/system is like walking around with a kick me sign; just wait till the hackers break into your IIS box running that way... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. If the reader of this message is not the intended recipient, you are hereby notified that your access is unauthorized, and any review, dissemination, distribution or copying of this message including any attachments is strictly prohibited. If you are not the intended recipient, please contact the sender and delete the material from any computer. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 5.5: how doesone configure an authenticator valve?
Thanks for your help. I should have done this (logging) in the first place, sorry. The filter is invoked properly. The new problem is that the headers aren't added (or sent to the client). The code looks like this: response.addHeader(WWW-Authenticate, Negotiate); response.addHeader(WWW-Authenticate, NTLM); response.setHeader(Connection, close); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.flushBuffer(); This is executed for sure (put a logging statement in front of it) but has no effect, the response looks like a boilerplate 401. Where did my WWW-Authenticate headers and Connection: close go? (Maybe it helps, it does work in 6.x). Thx dB. PS: you're looking at some intermediate waffle check-in, the namespace was renamed at some point, it's waffle.apache. dB. @ dblock.org Moscow|Geneva|Seattle|New York -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Tuesday, November 02, 2010 8:39 AM To: Tomcat Users List Subject: Re: Tomcat 5.5: how doesone configure an authenticator valve? 2010/11/2 dB. dbl...@dblock.org: I am trying to help someone with a Tomcat 5.5 implementation of waffle (waffle.codeplex.com). It has authenticator valve that works well with tc6. I declare a valve inside the web app: Context.xml ?xml version='1.0' encoding='utf-8'? Context Valve className=waffle.apache.NegotiateAuthenticator principalFormat=fqn roleFormat=both / Realm className=waffle.apache.WindowsRealm / /Context Note, that META-INF/context.xml (case matters!) is copied to $CATALINA_BASE\conf\Catalina\localhost\yourapp.xml when the webappication starts for the first time. You can have a stale copy there. I would suggest you to enable more detailed logging. Something like adding the following line to conf/logging.properties: waffle.apache.NegotiateAuthenticator.level=FINE BTW, the waffle docs say waffle.apache.NegotiateAuthenticator, but in the source code it is waffle.tomcat.NegotiateAuthenticator, i.e. a different package http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376 Are there any interesting messages in the log filess already? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Release COM Objects
I would use a ServletContextListener. It gets notified when the webapp is initialized and destroyed. -- Len On Tue, Nov 2, 2010 at 14:53, Leo Donahue - PLANDEVX leodona...@mail.maricopa.gov wrote: http://j-integra.intrinsyc.com/support/com/doc/gc/index.html #4 com.linar.jintegra.Cleaner.releaseAll(); Can Tomcat call this method prior to shutting down as a windows service? If so where would I configure this? JSF 1.2 (Sun RI) mojarra-1.2 Tomcat running as a windows service Using CATALINA_BASE: C:\apache-tomcat-6.0.29 Using CATALINA_HOME: C:\apache-tomcat-6.0.29 Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.29\temp Using JRE_HOME: C:\Program Files\Java\jdk1.6.0_20 Using CLASSPATH: C:\apache-tomcat-6.0.29\bin\bootstrap.jar Server version: Apache Tomcat/6.0.29 Server built: July 19 2010 1458 Server number: 6.0.0.29 OS Name: Windows 2003 OS Version: 5.2 Architecture: x86 JVM Version: 1.6.0_20-b02 JVM Vendor: Sun Microsystems Inc. Leo Donahue - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Release COM Objects
-Original Message- From: Len Popp [mailto:len.p...@gmail.com] Subject: Re: Release COM Objects I would use a ServletContextListener. It gets notified when the webapp is initialized and destroyed. -- Len Filter vs ServletContextListener. When does Tomcat tell me in the logs that I might have a memory leak due to some threads not being released upon shutdown? In a Filter or in a ServletContextListener? SRV.9.12 When a web app is deployed, it does the following steps in order... • Instantiate an instance of each event listener identified by a listener element in the deployment descriptor. • For instantiated listener instances that implement ServletContextListener, call the contextInitialized() method. • Instantiate an instance of each filter identified by a filter element in the deployment descriptor and call each filter instance’s init() method. • Instantiate an instance of each servlet identified by a servlet element that includes a load-on-startup element in the order defined by the load-onstartup element values, and call each servlet instance’s init() method. When a web app is shutdown, does it do those same four steps in reverse order? I'm guessing yes according to contextDestroyed() method. (..All servlets and filters have been destroy()ed before any ServletContextListeners are notified of context destruction ...)
RE: Tomcat 5.5: how doesone configure an authenticator valve?
After some more code-reading I found the problem. Looking at the implementation of response.sendError in TC5, it's clear that it dumps whatever headers you added prior to the call. Changing this to setStatus fixed the problem. I assume this means that Tomcat doesn't get a chance to render it's custom 401 page, but I might be speculating. I'd appreciate if someone shed some light on which way the code below should be implemented (setStatus/sendError/something else?) in various versions of Tomcat. Thx dB. dB. @ dblock.org Moscow|Geneva|Seattle|New York -Original Message- From: dB. [mailto:dbl...@dblock.org] Sent: Tuesday, November 02, 2010 4:55 PM To: Tomcat Users List Subject: RE: Tomcat 5.5: how doesone configure an authenticator valve? Thanks for your help. I should have done this (logging) in the first place, sorry. The filter is invoked properly. The new problem is that the headers aren't added (or sent to the client). The code looks like this: response.addHeader(WWW-Authenticate, Negotiate); response.addHeader(WWW-Authenticate, NTLM); response.setHeader(Connection, close); response.sendError(HttpServletResponse.SC_UNAUTHORIZED); response.flushBuffer(); This is executed for sure (put a logging statement in front of it) but has no effect, the response looks like a boilerplate 401. Where did my WWW-Authenticate headers and Connection: close go? (Maybe it helps, it does work in 6.x). Thx dB. PS: you're looking at some intermediate waffle check-in, the namespace was renamed at some point, it's waffle.apache. dB. @ dblock.org Moscow|Geneva|Seattle|New York -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Tuesday, November 02, 2010 8:39 AM To: Tomcat Users List Subject: Re: Tomcat 5.5: how doesone configure an authenticator valve? 2010/11/2 dB. dbl...@dblock.org: I am trying to help someone with a Tomcat 5.5 implementation of waffle (waffle.codeplex.com). It has authenticator valve that works well with tc6. I declare a valve inside the web app: Context.xml ?xml version='1.0' encoding='utf-8'? Context Valve className=waffle.apache.NegotiateAuthenticator principalFormat=fqn roleFormat=both / Realm className=waffle.apache.WindowsRealm / /Context Note, that META-INF/context.xml (case matters!) is copied to $CATALINA_BASE\conf\Catalina\localhost\yourapp.xml when the webappication starts for the first time. You can have a stale copy there. I would suggest you to enable more detailed logging. Something like adding the following line to conf/logging.properties: waffle.apache.NegotiateAuthenticator.level=FINE BTW, the waffle docs say waffle.apache.NegotiateAuthenticator, but in the source code it is waffle.tomcat.NegotiateAuthenticator, i.e. a different package http://waffle.codeplex.com/SourceControl/changeset/view/52761#1097376 Are there any interesting messages in the log filess already? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Release COM Objects
On 02/11/2010 22:05, Len Popp wrote: I would use a ServletContextListener. It gets notified when the webapp is initialized and destroyed. +1 init happens before servlets shutdown, destroy happens after. p -- Len On Tue, Nov 2, 2010 at 14:53, Leo Donahue - PLANDEVX leodona...@mail.maricopa.gov wrote: http://j-integra.intrinsyc.com/support/com/doc/gc/index.html #4 com.linar.jintegra.Cleaner.releaseAll(); Can Tomcat call this method prior to shutting down as a windows service? If so where would I configure this? JSF 1.2 (Sun RI) mojarra-1.2 Tomcat running as a windows service Using CATALINA_BASE: C:\apache-tomcat-6.0.29 Using CATALINA_HOME: C:\apache-tomcat-6.0.29 Using CATALINA_TMPDIR: C:\apache-tomcat-6.0.29\temp Using JRE_HOME:C:\Program Files\Java\jdk1.6.0_20 Using CLASSPATH: C:\apache-tomcat-6.0.29\bin\bootstrap.jar Server version: Apache Tomcat/6.0.29 Server built: July 19 2010 1458 Server number: 6.0.0.29 OS Name:Windows 2003 OS Version: 5.2 Architecture: x86 JVM Version:1.6.0_20-b02 JVM Vendor: Sun Microsystems Inc. Leo Donahue - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Release COM Objects
On 02/11/2010 22:23, Leo Donahue - PLANDEVX wrote: -Original Message- From: Len Popp [mailto:len.p...@gmail.com] Subject: Re: Release COM Objects I would use a ServletContextListener. It gets notified when the webapp is initialized and destroyed. -- Len Filter vs ServletContextListener. When does Tomcat tell me in the logs that I might have a memory leak due to some threads not being released upon shutdown? In a Filter or in a ServletContextListener? Neither. When the app is unloaded, after all of the other processes have (or claimed to have) finished. p SRV.9.12 When a web app is deployed, it does the following steps in order... • Instantiate an instance of each event listener identified by a listener element in the deployment descriptor. • For instantiated listener instances that implement ServletContextListener, call the contextInitialized() method. • Instantiate an instance of each filter identified by a filter element in the deployment descriptor and call each filter instance’s init() method. • Instantiate an instance of each servlet identified by a servlet element that includes a load-on-startup element in the order defined by the load-onstartup element values, and call each servlet instance’s init() method. When a web app is shutdown, does it do those same four steps in reverse order? I'm guessing yes according to contextDestroyed() method. (..All servlets and filters have been destroy()ed before any ServletContextListeners are notified of context destruction ...) 0x62590808.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: Tomcat 5.5: how doesone configure an authenticator valve?
2010/11/3 dB. dbl...@dblock.org: After some more code-reading I found the problem. Looking at the implementation of response.sendError in TC5, it's clear that it dumps whatever headers you added prior to the call. Changing this to setStatus fixed the problem. I assume this means that Tomcat doesn't get a chance to render it's custom 401 page, but I might be speculating. IIRC, this behaviour was tracked as bug 42409. It was fixed by the following commit: http://svn.apache.org/viewvc?view=revisionrevision=721921 The fix was not backported to 5.5. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to stop tomcat to be run more than two times.
Hi all, I have installed apache-tomcat-6.0.29 on my solaris box, then i start the tomcat services succsfully. But my question is, when the tomcat services is running, I try to start it again, the script (startup.sh) don't stop me, and start the second tomcat services. So how can I let tomcat to check, if there are exist tomcat services, do not start? Regards, Bill
Deploying Tomcat app with Ant to non-webapps location (Windows)
Hello I am new to Tomcat and request help with the following problem on Tomcat/Windows. My Tomcat installation is at C:\program files\Tomcat I have created an application as per the instructions in the Tomcat Application Developer's Guide and am able to build and deploy it using Ant. When deployed, the application ends up at C:\program files\Tomcat\lcs (lcs is the application name). I would however like to have the application deployed to a different path ie. c:\lcs. I am able to do this manually, by creating a separate context file in Catalina/localhost/lcs.xml and specifying the C:\lcs path as the Context docbase. However, I would like this to happen automatically. I read that if I place the context fragment in my applications META-INF/context.xml file, then this should happen automatically. However, despite doing this, the application is still always deployed to C:\program files\Tomcat\webapps\lcs instead of C:\lcs. Any advice would be appreciated. TIA. Vikram - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
web.xml cant load because of listener
Hi When I put these lines: listener listener-class org.springframework.web.context.ContextLoaderListener /listener-class /listener my appln can't load at all. When I go to http://localhost:8080/app it's not loaded. But when I remove those lines it loads correctly. I've put the necessary lib containing org.springframework.web.context.ContextLoaderListener in ./app/WEB-INF/lib. My setup is Tomcat 5.5.31. Context-param is set: context-param param-namecontextConfigLocation/param-name param-valueclasspath:springContext.xml/param-value /context-param No stack trace is shown. The error message in log is: 03-Nov-2010 10:21:48 INFO HostConfig:863 - Deploying web application archive wma.war 03-Nov-2010 10:21:49 ERROR StandardContext:4253 - Error listenerStart 03-Nov-2010 10:21:49 ERROR StandardContext:4280 - Context [/wma] startup failed due to previous errors When I set the logging to DEBUG level, I don't see anything extra ordinary. Thanks Will
RE: Deploying Tomcat app with Ant to non-webapps location (Windows)
From: Vikram Vaswani [mailto:vikram.melonf...@gmail.com] Subject: Deploying Tomcat app with Ant to non-webapps location (Windows) When deployed, the application ends up at C:\program files\Tomcat\lcs (lcs is the application name). Not an appropriate spot, so it's good that you want to move it. Better if it were in C:\Program Files\Tomcat\webapps\lcs. I am able to do this manually, by creating a separate context file in Catalina/localhost/lcs.xml and specifying the C:\lcs path as the Context docbase. However, I would like this to happen automatically. What do you want to happen automatically? Once the application and the lcs.xml file are in place, the next deployment should consist only of copying the new version on top of the old one - the Context element in Catalina/[host]/[appName].xml need not change. I read that if I place the context fragment in my applications META-INF/context.xml file, then this should happen automatically. Still don't know what you want to happen. The META-INF/context.xml location for the webapp's Context element is useful only when the webapp is located in the Host appBase directory. Note that the docBase attribute is illegal when the Context element is in META-INF/context.xml. However, despite doing this, the application is still always deployed to C:\program files\Tomcat\webapps\lcs instead of C:\lcs. So fix your script to copy the webapp to the desired location. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat shuts down with exception within few seconds?
Hi Tomcat shuts down with exception within few seconds? SPEC Sun JDK 1.5 TOMCAT 6.0.29 [ Startup port 8090 / Shut down Port 8.91 ] O/s $ uname -a Linux instaroamd 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux $ lsb_release -a LSB Version:1.3 Distributor ID: RedHatEnterpriseAS Description:Red Hat Enterprise Linux AS release 3 (Taroon) Release:3 Codename: Taroon Exception INFO: Deploying web application directory docs Nov 3, 2010 9:45:33 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples Nov 3, 2010 9:45:34 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Nov 3, 2010 9:45:34 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8090 Nov 3, 2010 9:45:34 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 3, 2010 9:45:34 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/55 config=null Nov 3, 2010 9:45:34 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1858 ms Nov 3, 2010 9:45:44 AM org.apache.catalina.core.StandardServer await SEVERE: StandardServer.await: create[8091]: java.net.UnknownHostException: localhost: localhost at java.net.InetAddress.getAllByName0(InetAddress.java:1128) at java.net.InetAddress.getAllByName0(InetAddress.java:1098) at java.net.InetAddress.getAllByName(InetAddress.java:1061) at java.net.InetAddress.getByName(InetAddress.java:958) at org.apache.catalina.core.StandardServer.await(StandardServer.java:373) at org.apache.catalina.startup.Catalina.await(Catalina.java:662) at org.apache.catalina.startup.Catalina.start(Catalina.java:614) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Nov 3, 2010 9:45:44 AM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8090 Nov 3, 2010 9:45:45 AM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Nov 3, 2010 9:45:45 AM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8090 with regards N.S.Karthik
Dispatching request from Servlet to Portlet
Hi, I am new to servlets portlets and I need to set Session timeout at Application level, in portlet somehow i am unable to set session time for Application,( Portlet level session available in Portlet thr RenderRequest object) so i am planning to set Application level Session timeout by using Servlet. If i set Session Timeout in Servlet and then forward the request to portlet will this session timeout value will control application timeout ? or i need to use include() instead of forward() ? -- View this message in context: http://old.nabble.com/Dispatching-request-from-Servlet-to-Portlet-tp30120181p30120181.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat shuts down with exception within few seconds?
From the exception stack. Maybe you should use the command ping localhost to see whether your host can resolve the host-name localhost. 2010/11/3 Karthik Nanjangude karthik.nanjang...@xius-bcgi.com Hi Tomcat shuts down with exception within few seconds? SPEC Sun JDK 1.5 TOMCAT 6.0.29 [ Startup port 8090 / Shut down Port 8.91 ] O/s $ uname -a Linux instaroamd 2.4.21-4.ELsmp #1 SMP Fri Oct 3 17:52:56 EDT 2003 i686 i686 i386 GNU/Linux $ lsb_release -a LSB Version:1.3 Distributor ID: RedHatEnterpriseAS Description:Red Hat Enterprise Linux AS release 3 (Taroon) Release:3 Codename: Taroon Exception INFO: Deploying web application directory docs Nov 3, 2010 9:45:33 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory examples Nov 3, 2010 9:45:34 AM org.apache.catalina.startup.HostConfig deployDirectory INFO: Deploying web application directory ROOT Nov 3, 2010 9:45:34 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8090 Nov 3, 2010 9:45:34 AM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Nov 3, 2010 9:45:34 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/55 config=null Nov 3, 2010 9:45:34 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 1858 ms Nov 3, 2010 9:45:44 AM org.apache.catalina.core.StandardServer await SEVERE: StandardServer.await: create[8091]: java.net.UnknownHostException: localhost: localhost at java.net.InetAddress.getAllByName0(InetAddress.java:1128) at java.net.InetAddress.getAllByName0(InetAddress.java:1098) at java.net.InetAddress.getAllByName(InetAddress.java:1061) at java.net.InetAddress.getByName(InetAddress.java:958) at org.apache.catalina.core.StandardServer.await(StandardServer.java:373) at org.apache.catalina.startup.Catalina.await(Catalina.java:662) at org.apache.catalina.startup.Catalina.start(Catalina.java:614) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Nov 3, 2010 9:45:44 AM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8090 Nov 3, 2010 9:45:45 AM org.apache.catalina.core.StandardService stop INFO: Stopping service Catalina Nov 3, 2010 9:45:45 AM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8090 with regards N.S.Karthik