Re: Reading Address Book
Ravi,
I want something so that user no need to export in any formay. In some cases
user may be slow...i might not be aware of exporting idea.
I want to run some code (JavaScript) to read the address book.
RNivas
- Original Message -
From: Ravishankar S [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 11:50 AM
Subject: Re: Reading Address Book
one way is to export the address book to CSV file format..u can then
parse this CSV file using either the regexp package or the custom jdk1.4
classeseven better if u know a perl guru tell him to write a script
to
get the job done..after all
TMTOWTDI:-))
try this sample class... from JGURU...
How can I correctly parse CSV ( comma separated values ) files?
StringTokenizer doesn't seem to fit many conditions.
Location: http://www.jguru.com/faq/view.jsp?EID=809266
Created: Mar 23, 2002
Author: Joe Sam Shirah (http://www.jguru.com/guru/viewbio.jsp?EID=42100)
Question originally posed by steven mccartey
(http://www.jguru.com/guru/viewbio.jsp?EID=792888
Ian Darwin has two classes ( CSV.java and CSVRE.java ) to handle CSV files
in his Java Cookbook, including a way with regular expressions. You can
download the code from his site, probably best to do so from the examples
by
chapter ( see Chapter 3, Strings and Things ) page. Not a bad idea to
buy
the book, either.
Comments and alternative answers
use this class
Author: Amardeep Singh (http://www.jguru.com/guru/viewbio.jsp?EID=811616),
Mar 25, 2002
import java.util.*;
public class WStringTokenizer extends StringTokenizer
{
private String tbt;
private String d;
private int startpos=0;
public WStringTokenizer(String str,String delim)
{
super(str,delim);
tbt=new String(str);
d=new String(delim);
}
public int countTokens()
{
int tokens=0;
int temp=startpos;
while(true)
{
try
{
nextToken();
tokens++;
}
catch(NoSuchElementException e) {break;}
}
startpos=temp;
return tokens;
}
public boolean hasMoreElements() {
return hasMoreTokens();
}
public boolean hasMoreTokens() {
if(countTokens()0) return true;
else return false;
}
public Object nextElement() {
return (Object) d;
}
public String nextToken() throws NoSuchElementException {
int result=0;
String s;
if(startpostbt.length()) throw(new NoSuchElementException ());
result=tbt.indexOf(d,startpos);
if(result0) result=tbt.length();
s=new String(tbt.substring(startpos,result));
startpos=result+d.length();
return s;
}
public String nextToken (String delim) throws NoSuchElementException {
d=delim;
return nextToken();
}
}
Another CSVReader
Author: Roshan Shrestha
(http://www.jguru.com/guru/viewbio.jsp?EID=130068),
Mar 26, 2002
Ian Darwin's class parses the file one line at a time. Many times, a field
may span multiple lines. I think a better class is the CSVReader described
in http://www.objectmentor.com/resources/articles/tfd.pdf. As an added
bonus, it also desscribes unit testing with JUnit!
CSV Libraries
Author: Stephen Ostermiller
(http://www.jguru.com/guru/viewbio.jsp?EID=576685), Apr 17, 2002
There are free open source libraries for parsing and printing CSV files
available here: http://ostermiller.org/utils/CSVLexer.html
ravi
- Original Message -
From: RNivas [EMAIL PROTECTED]
To: Tomcat-User [EMAIL PROTECTED]
Sent: Monday, June 24, 2002 11:36 AM
Subject: Reading Address Book
My Apologies to start a new discussion!
I have one application running on tomcat (Servlet+JSP). Tomcat+winNT4.0
All my clients running on win98 or win2000.
I want to develop one utility to read there Email address book (from
Client)
and save that address book on database(server).
So that in future they can use the email list on web it self.
If anyone have idea please share with me.
Regards
Rnivas
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
about importing the existing certificate.
hi. I want to use Tomcat SSL standalone, and I have a certificate for the apache + mod_ssl generated by openssl and verified by verisign. Can it use the existing certificate ? I'm using Tomcat 3.3 and JDK-1.3.1 and I also tried J2SDK-1.4. If it can, please tell me how can I do it or some pointers. I already read the tomcat SSL howto documents. http://jakarta.apache.org/tomcat/tomcat-3.2-doc/tomcat-ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html Actually I could import the certificate into my keystore but I could not make certificate chain. This is what I do. key.pem - This is key generated with openssl. csr.pem - This is csr used when I applied to verisign. gsid.crt - This is global server ID returned from verisign. $ openssl req -x509 -in csr.pem -key key.pem -out cert.pem I entered passphrase and cert.pem was created and .. the key was certificated by Intermediate CA certificate so I have to import it. $ keytool -import -trustcacerts -alias intermediateca -file intermediate.pem and I import the certificate. $ keytool -import -trustcacerts -alias tomcat -file cert.pem $ keytool -list -v -keystore ./keystore Enter keystore password: Keystore type: jks Keystore provider: SUN Your keystore contains 2 entries Alias name: intermediateca Creation date: Jun 12, 2002 Entry type: trustedCertEntry Owner: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU=VeriSign, Inc., O=VeriSign Trust Network Issuer: OU=Class 3 Public Primary Certification Authority, O=VeriSign, Inc., C=US Serial number: 236c971e2bc60d0bf97460def108c3c3 Valid from: Thu Apr 17 09:00:00 JST 1997 until: Thu Jan 08 08:59:59 JST 2004 Certificate fingerprints: MD5: 18:87:5C:CB:F8:20:5D:24:4A:BF:19:C7:13:0E:FD:B4 SHA1: 8B:24:CD:8D:8B:58:C6:DA:72:AC:E0:97:C7:B1:E3:CE:A4:DC:3D:C6 *** *** Alias name: tomcat Creation date: Jun 12, 2002 Entry type: trustedCertEntry Owner: CN=www.example.com, O=Current, Inc., OU=Member, VeriSign Trust Network, OU=Authenticated by VeriSign Japan K.K., OU=Terms of use a t www.verisign.co.jp/RPA (c)00, L=CHIYODA-KU, ST=TOKYO, C=JP Issuer: OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA - Class 3, OU=VeriSign, Inc., O=VeriSign Trust Network Serial number: Valid from: Tue Apr 23 09:00:00 JST 2002 until: Thu May 08 08:59:59 JST 2003 Certificate fingerprints: MD5: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SHA1: xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx *** *** thank you in advance for your help. KeigoTANAKA [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
restarting tomcat programatically
hi, i am trying to restart tomcat from my web application. Is there anyway i can do it programmatically? Does Tomcat provide any class to allow restart(I know about org.apache.tomcat.startup.Tomcat, i have tried this, It does not work b,coz once VM dies it does not call start)? Thanx in advance Ankit Chansoriya Software Engineer Lisle Technology Partners 45/3 Gopalkrishna Complex, Residency Cross Road, Bangalore-25 ph:5595636
Re: flush=false not working?
On Wed, 12 Jun 2002, Jim Michael wrote: Date: Wed, 12 Jun 2002 13:14:05 -0500 From: Jim Michael [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: flush=false not working? Thanks... that totally sucks! I found at least five web sites that claim the new 1.2 JSP spec allows a included servlet to modify header... of course, the actual spec from Sun says otherwise, as you point out. Can't help it if people won't read the actual rules :-). If an included servelt can't modify headers, what's the point of enabling flush=false anyway? Its totally useless! What if you want to read the content of the included servlet (or JSP page) response into a buffer, possibly modify it (say, with an XSLT transform), and then write some other sort of output to the current response? Then, this capability is *very* valuable ... Oh well, I guess creating a dynamic site that can be indexed with real dates is impossible. Why something so obvious and basic has been disabled in the spec is beyond me! What would you propose a servlet container do when a page has three different includes, each of which wants to set the same header to some different value? Remember that, as far as the client is concerned, this is a single request, so there is no such thing as a last modified timestamp for only part of the page. Jim Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
browser image caching problem
All- For some reason, Tomcat seems to be preventing my browser from caching images. Has anyone had this problem or know how to fix it? thanks in advance -will -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: restarting tomcat programatically
Try to call shell/DOS script (startup.bat/sh) from Java. tom -Original Message- From: Ankit [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: restarting tomcat programatically hi, i am trying to restart tomcat from my web application. Is there anyway i can do it programmatically? Does Tomcat provide any class to allow restart(I know about org.apache.tomcat.startup.Tomcat, i have tried this, It does not work b,coz once VM dies it does not call start)? Thanx in advance Ankit Chansoriya Software Engineer Lisle Technology Partners 45/3 Gopalkrishna Complex, Residency Cross Road, Bangalore-25 ph:5595636 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Authenticating against Microsoft ActiveDirectory
Me too I would really love to see a little more detail about how you did this if you don't mind. Much thanks, Michael Teter --- Don Sauer [EMAIL PROTECTED] wrote: You can script your JSP/servlets to do this with application code -- another way would be in the server.xml to configure the credentialInterpretor to make the LDAP link (this is a little more difficult)and I have got it to work consistently under high traffic -Original Message- From: Galbraith, Paul [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 2:49 PM To: Tomcat Users List Subject: RE: Authenticating against Microsoft ActiveDirectory Don, are you talking about application code to do this, or can Tomcat be configured to do this? -Original Message- From: Don Sauer [mailto:[EMAIL PROTECTED]] Sent: May 10, 2002 3:47 PM To: 'Tomcat Users List' Subject: RE: Authenticating against Microsoft ActiveDirectory Sure, the easiest way is to do a LDAP query to a DC -Original Message- From: Galbraith, Paul [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 2:35 PM To: [EMAIL PROTECTED] Subject: Authenticating against Microsoft ActiveDirectory Can anyone tell me if it's possible to configure tomcat to authenticate users against MS ActiveDirectory? Cheers, Paul -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Solaris 2.6
Hi, I have installed Tomcat 4.0.3 (jakarta-tomcat-4.0.3.tar.gz) on Solaris 2.6. When running shutdown.sh the following exception is thrown: Bootstrap: Class loader creation threw exception java.lang.NoClassDefFoundError: java/util/ArrayList at org.apache.catalina.startup.ClassLoaderFactory.createClassLoader(Compiled Code) at org.apache.catalina.startup.Bootstrap.main(Compiled Code) I believe the machine is running Java 1.3.1. Has anyone come across this problem before? Many thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Multiple IP addresses
Hi, I am running Tomcat on a machine with multiple IP addresses, how do I tell Tomcat which of these addresses it should be running on? Do I add the IP address to the connector tag in server.xml? i.e.: Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=6 address=ip address/ Many thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: restarting tomcat programatically
u can execute DOS/shell scripts like this Runtime rt = new Runtime(); Process p = rt.exec(command); int status=p.exitValue(); status is 0 if command executes successfully but i don't know if it is really necessary to start the server from an application.. ravi - Original Message - From: Marek, Tomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 12:24 PM Subject: RE: restarting tomcat programatically Try to call shell/DOS script (startup.bat/sh) from Java. tom -Original Message- From: Ankit [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 8:36 AM To: [EMAIL PROTECTED] Subject: restarting tomcat programatically hi, i am trying to restart tomcat from my web application. Is there anyway i can do it programmatically? Does Tomcat provide any class to allow restart(I know about org.apache.tomcat.startup.Tomcat, i have tried this, It does not work b,coz once VM dies it does not call start)? Thanx in advance Ankit Chansoriya Software Engineer Lisle Technology Partners 45/3 Gopalkrishna Complex, Residency Cross Road, Bangalore-25 ph:5595636 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Authenticating against Microsoft ActiveDirectory
Subject: Re: Authenticating against Microsoft ActiveDirectory From: Vic C. [EMAIL PROTECTED] === Another way is to have create a view in MS SQL against the Active Directory. Then use that SQL table for JDBC relms. Vic Alberto Bolchini wrote: Me too I would really love to see a little more detail about how you did this if you don't mind. Much thanks, Michael Teter --- Don Sauer [EMAIL PROTECTED] wrote: You can script your JSP/servlets to do this with application code -- another way would be in the server.xml to configure the credentialInterpretor to make the LDAP link (this is a little more difficult)and I have got it to work consistently under high traffic -Original Message- From: Galbraith, Paul [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 2:49 PM To: Tomcat Users List Subject: RE: Authenticating against Microsoft ActiveDirectory Don, are you talking about application code to do this, or can Tomcat be configured to do this? -Original Message- From: Don Sauer [mailto:[EMAIL PROTECTED]] Sent: May 10, 2002 3:47 PM To: 'Tomcat Users List' Subject: RE: Authenticating against Microsoft ActiveDirectory Sure, the easiest way is to do a LDAP query to a DC -Original Message- From: Galbraith, Paul [mailto:[EMAIL PROTECTED]] Sent: Friday, May 10, 2002 2:35 PM To: [EMAIL PROTECTED] Subject: Authenticating against Microsoft ActiveDirectory Can anyone tell me if it's possible to configure tomcat to authenticate users against MS ActiveDirectory? Cheers, Paul -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Announce: Upcoming Struts training in NYC on 8/2.
Subject: Re: Announce: Upcoming Struts training in NYC on 8/2. From: Vic C. [EMAIL PROTECTED] === Upcoming Struts training in NYC on 8/2. http://www.basebeans.com/classReservation.jsp More info on MVC-programmers mail list as the data approaches. August 2nd at 7:45 AM in NYC at the East Side Marriott we will have a 4 hour lecture on Best (good and bad) practices Struts for leads + example Portal application. We will cover MVC, CRUD, MasterDetail, Validation, Tiles, Security, Portal approval, DB, OS, Development Process, etc. As it gets closer we will provide more details. For location information click on Marriott, located at 525 Lexington. We will start at 7:45 and go till at lest noon. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Must I restart Tomcat every time I install a new app?
Hello everybody! I have installed Tomcat 4 as plug-in of IIS to support JSP/SErvlets, following the instructions indicated at URL: http://members.ozemail.com.au/~lampante/howto/tomcat/iisnt/index.html All works fine but every time I modify the file uriworkermap.properties to add or remove an url to redirect I must restart Tomcat's service is it the same thing for you too or I have some error in my configuration? In fact it isn't a good thing to restart Tomcat's service every time the administrator must do a modification in Tomcat's configuration...in fact there could be many user connected to the web sites managed by Tomcat (they could be executing important transction in that moment!) and they would be disconnected! The same thing happens when I use Tomcat in standalone mode (i.e. as Web-server and not as plug-in of IIS): in fact it seems that every time I install or remove a new site in webapps folder (and modify the related web.xml file for example) I must restart Tomcat? How come? Is it possible that the biggest Companies (Amazon, ecc) on the net that use Tomcat, IIS or Apache as Web Server or Servlet Container must restart their Web services after each modification in the configuration? :-(( Or maybe they use more server and mirroring techniques? I would like to know if all that I explained to you is correct and how I can avoid this situation... Thanks a lot in advance! Luca -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Changing Default Websites???
Hi Everyone, I've configured TomCat to run off port 80, however I'm not sure how I change the website so that it starts up my website instead of the default examples/jsp/index.html page. I've checked the server.xml and web.xml configuration files but still no luck. Any help would be greatly appreciated, Thank you!!! __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Reading Address Book
Are you asking on how to write your own nimda virus or something in that
art? Funny question, but this isn't the right mailing list for that, i
think.
Regards,
Ilya
-Original Message-
From: RNivas [mailto:[EMAIL PROTECTED]]
Sent: Montag, 24. Juni 2002 08:25
To: Tomcat Users List
Subject: Re: Reading Address Book
Ravi,
I want something so that user no need to export in any formay. In some
cases user may be slow...i might not be aware of exporting idea. I want
to run some code (JavaScript) to read the address book.
RNivas
- Original Message -
From: Ravishankar S [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 11:50 AM
Subject: Re: Reading Address Book
one way is to export the address book to CSV file format..u can
then parse this CSV file using either the regexp package or the custom
jdk1.4 classeseven better if u know a perl guru tell him to write
a script
to
get the job done..after all
TMTOWTDI:-))
try this sample class... from JGURU...
How can I correctly parse CSV ( comma separated values ) files?
StringTokenizer doesn't seem to fit many conditions.
Location: http://www.jguru.com/faq/view.jsp?EID=809266
Created: Mar 23, 2002
Author: Joe Sam Shirah
(http://www.jguru.com/guru/viewbio.jsp?EID=42100)
Question originally posed by steven mccartey
(http://www.jguru.com/guru/viewbio.jsp?EID=792888
Ian Darwin has two classes ( CSV.java and CSVRE.java ) to handle CSV
files in his Java Cookbook, including a way with regular expressions.
You can download the code from his site, probably best to do so from
the examples
by
chapter ( see Chapter 3, Strings and Things ) page. Not a bad idea
to
buy
the book, either.
Comments and alternative answers
use this class
Author: Amardeep Singh
(http://www.jguru.com/guru/viewbio.jsp?EID=811616),
Mar 25, 2002
import java.util.*;
public class WStringTokenizer extends StringTokenizer
{
private String tbt;
private String d;
private int startpos=0;
public WStringTokenizer(String str,String delim)
{
super(str,delim);
tbt=new String(str);
d=new String(delim);
}
public int countTokens()
{
int tokens=0;
int temp=startpos;
while(true)
{
try
{
nextToken();
tokens++;
}
catch(NoSuchElementException e) {break;}
}
startpos=temp;
return tokens;
}
public boolean hasMoreElements() {
return hasMoreTokens();
}
public boolean hasMoreTokens() {
if(countTokens()0) return true;
else return false;
}
public Object nextElement() {
return (Object) d;
}
public String nextToken() throws NoSuchElementException { int
result=0; String s;
if(startpostbt.length()) throw(new NoSuchElementException ());
result=tbt.indexOf(d,startpos);
if(result0) result=tbt.length();
s=new String(tbt.substring(startpos,result));
startpos=result+d.length();
return s;
}
public String nextToken (String delim) throws NoSuchElementException
{ d=delim; return nextToken();
}
}
Another CSVReader
Author: Roshan Shrestha
(http://www.jguru.com/guru/viewbio.jsp?EID=130068),
Mar 26, 2002
Ian Darwin's class parses the file one line at a time. Many times, a
field may span multiple lines. I think a better class is the CSVReader
described in http://www.objectmentor.com/resources/articles/tfd.pdf.
As an added bonus, it also desscribes unit testing with JUnit!
CSV Libraries
Author: Stephen Ostermiller
(http://www.jguru.com/guru/viewbio.jsp?EID=576685), Apr 17, 2002 There
are free open source libraries for parsing and printing CSV files
available here: http://ostermiller.org/utils/CSVLexer.html
ravi
- Original Message -
From: RNivas [EMAIL PROTECTED]
To: Tomcat-User [EMAIL PROTECTED]
Sent: Monday, June 24, 2002 11:36 AM
Subject: Reading Address Book
My Apologies to start a new discussion!
I have one application running on tomcat (Servlet+JSP).
Tomcat+winNT4.0
All my clients running on win98 or win2000.
I want to develop one utility to read there Email address book (from
Client)
and save that address book on database(server).
So that in future they can use the email list on web it self.
If anyone have idea please share with me.
Regards
Rnivas
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Changing Default Websites???
Hi S W, Take a look in the tomcat.conf file. There you will find the following entries: ApJServMount default /root and ApJServMount /examples /root. You need to change these to whatever paths you want or require. good luck. -Original Message- From: S W [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 9:53 AM To: [EMAIL PROTECTED] Subject: Changing Default Websites??? Hi Everyone, I've configured TomCat to run off port 80, however I'm not sure how I change the website so that it starts up my website instead of the default examples/jsp/index.html page. I've checked the server.xml and web.xml configuration files but still no luck. Any help would be greatly appreciated, Thank you!!! __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Security - Attack
Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura
AW: Multiple IP addresses
Yes, that's exactly what to do. You can also configure different Tomcat services on different IP addresses if you want. Sven -Ursprüngliche Nachricht- Von: Matthew Oatham [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 09:13 An: '[EMAIL PROTECTED]' Betreff: Multiple IP addresses Hi, I am running Tomcat on a machine with multiple IP addresses, how do I tell Tomcat which of these addresses it should be running on? Do I add the IP address to the connector tag in server.xml? i.e.: Connector className=org.apache.catalina.connector.http.HttpConnector port=8080 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=6 address=ip address/ Many thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
I think they are code red attacks. These shouldn't be anything to worry about on a Tomcat server if I am correct in my thinking. They only affect IIS. -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 09:35 To: Tomcat Users List Subject: Security - Attack Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Trouble Compiling mod_webapp
I have apache 2.0.36 compiled and installed on RedHat 7.3 I'm using the following two source archives: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/webapp/release/v1.2.0/src/apr_APACHE_2_0_35.tar.gz http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.3/src/jakarta-tomcat-connectors-4.0.2-01-src.tar.gz Step 1. /bin/sh ./support/buildconf.sh output looks fine... Creating configure ... --- All done Step 2. ./configure --with-apxs=/usr/local/apache2/bin/apxs output looks fine...till here... APR location checking for APR sources... /root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/apr checking for APR libraries... no checking for APR includes... no --Does this mean I copied the apr to the wrong location?-- more OK output... All done. Now you can issue make. Good luck. Step 3. make output looks fine...till the end... /usr/local/apache2/build/libtool: /root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/support/install.sh: /bin/sh: bad interpreter: Permission denied make[2]: *** [/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/lib/libwebapp.a] Error 126 make[2]: Leaving directory `/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/lib' make[1]: Exiting directory lib make[1]: *** [template] Error 2 make[1]: Leaving directory `/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp' make: *** [lib-build] Error 2 I am running this as root...why do I get Permission denied??? Any thoughts??? Thanks in advance
Restart a single Tomcat service out of several running services?
Hi, Our server runs several Tomcat services for different websites. Every time I change a Java class for my my applications, I must restart Tomcat. All my websites are then down for up to 30 seconds, even the ones that don't use the changed classes. Is it possible to only restart one of the services? Thanks, Sven -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Reading Address Book
Oh No not at all.
Let me tell you my exact problem.
My Web based Application running on Tomcat+WinNT4.0. Application is having
facility to email document to the other users(This is same like 'Email This'
on some other portal also).
Right now sender (Register User) of document type full address of receiver.
What I want is If application can read the address book of registered
sender, he can only select the email from that list in browser popup...so
not much typing, only few clicks for selecting receivers.
Did you got what I my problem is exacly.
RNivas
- Original Message -
From: Ilya Khandamirov [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 1:41 PM
Subject: RE: Reading Address Book
Are you asking on how to write your own nimda virus or something in that
art? Funny question, but this isn't the right mailing list for that, i
think.
Regards,
Ilya
-Original Message-
From: RNivas [mailto:[EMAIL PROTECTED]]
Sent: Montag, 24. Juni 2002 08:25
To: Tomcat Users List
Subject: Re: Reading Address Book
Ravi,
I want something so that user no need to export in any formay. In some
cases user may be slow...i might not be aware of exporting idea. I want
to run some code (JavaScript) to read the address book.
RNivas
- Original Message -
From: Ravishankar S [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 11:50 AM
Subject: Re: Reading Address Book
one way is to export the address book to CSV file format..u can
then parse this CSV file using either the regexp package or the custom
jdk1.4 classeseven better if u know a perl guru tell him to write
a script
to
get the job done..after all
TMTOWTDI:-))
try this sample class... from JGURU...
How can I correctly parse CSV ( comma separated values ) files?
StringTokenizer doesn't seem to fit many conditions.
Location: http://www.jguru.com/faq/view.jsp?EID=809266
Created: Mar 23, 2002
Author: Joe Sam Shirah
(http://www.jguru.com/guru/viewbio.jsp?EID=42100)
Question originally posed by steven mccartey
(http://www.jguru.com/guru/viewbio.jsp?EID=792888
Ian Darwin has two classes ( CSV.java and CSVRE.java ) to handle CSV
files in his Java Cookbook, including a way with regular expressions.
You can download the code from his site, probably best to do so from
the examples
by
chapter ( see Chapter 3, Strings and Things ) page. Not a bad idea
to
buy
the book, either.
Comments and alternative answers
use this class
Author: Amardeep Singh
(http://www.jguru.com/guru/viewbio.jsp?EID=811616),
Mar 25, 2002
import java.util.*;
public class WStringTokenizer extends StringTokenizer
{
private String tbt;
private String d;
private int startpos=0;
public WStringTokenizer(String str,String delim)
{
super(str,delim);
tbt=new String(str);
d=new String(delim);
}
public int countTokens()
{
int tokens=0;
int temp=startpos;
while(true)
{
try
{
nextToken();
tokens++;
}
catch(NoSuchElementException e) {break;}
}
startpos=temp;
return tokens;
}
public boolean hasMoreElements() {
return hasMoreTokens();
}
public boolean hasMoreTokens() {
if(countTokens()0) return true;
else return false;
}
public Object nextElement() {
return (Object) d;
}
public String nextToken() throws NoSuchElementException { int
result=0; String s;
if(startpostbt.length()) throw(new NoSuchElementException ());
result=tbt.indexOf(d,startpos);
if(result0) result=tbt.length();
s=new String(tbt.substring(startpos,result));
startpos=result+d.length();
return s;
}
public String nextToken (String delim) throws NoSuchElementException
{ d=delim; return nextToken();
}
}
Another CSVReader
Author: Roshan Shrestha
(http://www.jguru.com/guru/viewbio.jsp?EID=130068),
Mar 26, 2002
Ian Darwin's class parses the file one line at a time. Many times, a
field may span multiple lines. I think a better class is the CSVReader
described in http://www.objectmentor.com/resources/articles/tfd.pdf.
As an added bonus, it also desscribes unit testing with JUnit!
CSV Libraries
Author: Stephen Ostermiller
(http://www.jguru.com/guru/viewbio.jsp?EID=576685), Apr 17, 2002 There
are free open source libraries for parsing and printing CSV files
available here: http://ostermiller.org/utils/CSVLexer.html
ravi
- Original Message -
From: RNivas [EMAIL PROTECTED]
To: Tomcat-User [EMAIL PROTECTED]
Sent: Monday, June 24, 2002 11:36 AM
Subject: Reading Address Book
My Apologies to start a new discussion!
I have one application running on tomcat (Servlet+JSP).
Tomcat+winNT4.0
All my clients running on win98 or win2000.
I want to develop one utility to read there Email address book (from
Client)
and save
Re: Reading Address Book
Lets see if I understand ...
You have registered users of your application.
When your user (lets call him fred) comes to your site and
wants to send a message to his friend (bill) he clicks on EMAIL THIS
You want a form that has fred's address book, so that fred only need
click on
'bill' to send the message to bill
If I understand this correctly ?
Question ( if I have the above correct...)
Does your application have fred's address book ?
Lets assume that it does...
Assuming that the address book is in the database you could then display
the address book as
FORM ACTION=..
SELECT NAME=addressBookEntries
OPTION VALUE=[EMAIL PROTECTED]Bill/OPTION
OPTION VALUE=[EMAIL PROTECTED]Mary/OPTION
etc
/SELECT
INPUT TYPE=TEXT NAME=emailAddress VALUE=
/FORM
You could ouput the address book into the html page with just a simple
print from the address book
object
Does this help ?
D
RNivas wrote:
Oh No not at all.
Let me tell you my exact problem.
My Web based Application running on Tomcat+WinNT4.0. Application is having
facility to email document to the other users(This is same like 'Email This'
on some other portal also).
Right now sender (Register User) of document type full address of receiver.
What I want is If application can read the address book of registered
sender, he can only select the email from that list in browser popup...so
not much typing, only few clicks for selecting receivers.
Did you got what I my problem is exacly.
RNivas
- Original Message -
From: Ilya Khandamirov [EMAIL PROTECTED]
To: 'Tomcat Users List' [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 1:41 PM
Subject: RE: Reading Address Book
Are you asking on how to write your own nimda virus or something in that
art? Funny question, but this isn't the right mailing list for that, i
think.
Regards,
Ilya
-Original Message-
From: RNivas [mailto:[EMAIL PROTECTED]]
Sent: Montag, 24. Juni 2002 08:25
To: Tomcat Users List
Subject: Re: Reading Address Book
Ravi,
I want something so that user no need to export in any formay. In some
cases user may be slow...i might not be aware of exporting idea. I want
to run some code (JavaScript) to read the address book.
RNivas
- Original Message -
From: Ravishankar S [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, June 13, 2002 11:50 AM
Subject: Re: Reading Address Book
one way is to export the address book to CSV file format..u can
then parse this CSV file using either the regexp package or the custom
jdk1.4 classeseven better if u know a perl guru tell him to write
a script
to
get the job done..after all
TMTOWTDI:-))
try this sample class... from JGURU...
How can I correctly parse CSV ( comma separated values ) files?
StringTokenizer doesn't seem to fit many conditions.
Location: http://www.jguru.com/faq/view.jsp?EID=809266
Created: Mar 23, 2002
Author: Joe Sam Shirah
(http://www.jguru.com/guru/viewbio.jsp?EID=42100)
Question originally posed by steven mccartey
(http://www.jguru.com/guru/viewbio.jsp?EID=792888
Ian Darwin has two classes ( CSV.java and CSVRE.java ) to handle CSV
files in his Java Cookbook, including a way with regular expressions.
You can download the code from his site, probably best to do so from
the examples
by
chapter ( see Chapter 3, Strings and Things ) page. Not a bad idea
to
buy
the book, either.
Comments and alternative answers
use this class
Author: Amardeep Singh
(http://www.jguru.com/guru/viewbio.jsp?EID=811616),
Mar 25, 2002
import java.util.*;
public class WStringTokenizer extends StringTokenizer
{
private String tbt;
private String d;
private int startpos=0;
public WStringTokenizer(String str,String delim)
{
super(str,delim);
tbt=new String(str);
d=new String(delim);
}
public int countTokens()
{
int tokens=0;
int temp=startpos;
while(true)
{
try
{
nextToken();
tokens++;
}
catch(NoSuchElementException e) {break;}
}
startpos=temp;
return tokens;
}
public boolean hasMoreElements() {
return hasMoreTokens();
}
public boolean hasMoreTokens() {
if(countTokens()0) return true;
else return false;
}
public Object nextElement() {
return (Object) d;
}
public String nextToken() throws NoSuchElementException { int
result=0; String s;
if(startpostbt.length()) throw(new NoSuchElementException ());
result=tbt.indexOf(d,startpos);
if(result0) result=tbt.length();
s=new String(tbt.substring(startpos,result));
startpos=result+d.length();
return s;
}
public String nextToken (String delim) throws NoSuchElementException
{ d=delim; return nextToken();
}
}
Another CSVReader
Author: Roshan Shrestha
(http://www.jguru.com/guru/viewbio.jsp?EID=130068),
Mar 26, 2002
Ian Darwin's class parses the file one line at a time. Many times, a
field may span multiple lines. I think a better class is the CSVReader
described in
Re: Security - Attack
It's the usual muppet that has been infected... Apart from cloging up your logs they do nothing on an apache server :) Of course if you are daft enough to run IIS .. :- D Stuart Stephen wrote: I think they are code red attacks. These shouldn't be anything to worry about on a Tomcat server if I am correct in my thinking. They only affect IIS. -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 09:35 To: Tomcat Users List Subject: Security - Attack Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
R: Client session problems when MSIE is run within Outlook
Hi Jeff, just for information, the problem is caused by a bug (?) of MSIE: that occurs when you have access to your application clicking on a hyperlink (for example if you have a custom local homepage with links to your frequently used applications/sites, or you click on a hyperlink in an outlook mail preview) instead of writing the complete address in IE's addressbar. Under this condition the application works fine, but if you open a popup the main window forgets the sessionid and doesn't supply it to the httpserver, so your session becomes invalid. You can find more clicking here: http://support.microsoft.com/search/preview.aspx?scid=kb;en-us;Q300895 Regards Alessio [EMAIL PROTECTED] -Messaggio originale- Da: Jeff Larsen [mailto:[EMAIL PROTECTED]] Inviato: mercoledì 12 giugno 2002 18.33 A: tomcat-user Oggetto: Client session problems when MSIE is run within Outlook I don't have MS Outlook myself, so I can't do any testing on this. But I have a customer who has been running a browser session from within Outlook. Some of my pages have javascript links that open a new browser window to view a page. When she accesses one of these popups from within Outlook, the newly popped-up window fails to supply the correct session cookie and a new session is created for that window. Needless to say, this really screws up the application. Is it possible to *force* the encoding of the session ID in the page which contains the link that generates the popup even if cookies are used for the session ID? Right now, I'm using response.encodeURL(), but that does nothing when cookies are used. I would rather not use an encoded session ID for all links, just ones that open new windows. Jeff -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] - Disclaimer - This email and any attachments thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) or the taking of any action in reliance on the contents, by persons other than the designated recipient(s) is strictly prohibited. If you have received this email in error, please notify the sender either by telephone or by email and delete the material from any computer. Thank you for your cooperation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Other question
Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura
Re: Other question
Laura, there are at least 2 ways... have a look in the ps list - there should be mention of a process running with a name that includes Tomcat (?!!!) The other way - far better as it actually tests that the system is working ... use wget or curl - use your fave and make an access to your site... eg wget http://www.myserver.com/ this will then actually get something from the server... You could make a page called say testTheServer.jsp which tests that the database is running etc. Your script that runs wget / curl can then email /SMS etc you if it doesn't get something it's expecting for example if the words SYSTEM UP AND OK don't come out in the output then you know your system is stuffed ... Hope this helps D Laura wrote: Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
hi Laura, when tomcat runs an instance of java is always running..try ps -ax | grep 'java*' it should give a bunch of java instances depending on the no of threadshere's what my redhat 6.2 said 21619 pts/3S 0:14 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21664 pts/3S 0:08 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21665 pts/3S 0:21 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21666 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21667 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21668 pts/3S 0:34 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21669 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21670 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21671 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21672 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21673 pts/3S 0:01 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21674 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21675 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21676 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21677 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21678 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21679 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21680 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 9085 pts/8S 0:00 grep java ravi - Original Message - From: Laura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:56 PM Subject: Other question Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
Hey Ravi, Try doing ps auxwwwf it'll give you alot more detail the ps -ax won't let you actually see what java is running David Ravishankar S wrote: hi Laura, when tomcat runs an instance of java is always running..try ps -ax | grep 'java*' it should give a bunch of java instances depending on the no of threadshere's what my redhat 6.2 said 21619 pts/3S 0:14 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21664 pts/3S 0:08 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21665 pts/3S 0:21 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21666 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21667 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21668 pts/3S 0:34 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21669 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21670 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21671 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21672 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21673 pts/3S 0:01 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21674 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21675 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21676 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21677 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21678 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21679 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21680 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 9085 pts/8S 0:00 grep java ravi - Original Message - From: Laura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:56 PM Subject: Other question Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Other question
One solution is to look at the open ports. Onother is to look at the process tree. How to do that, depends on your operation system. E.g.: if tomcat is configured to use port 8007 under linux you can use something like that: lsof -i :8007 -Ursprüngliche Nachricht- Von: Laura [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 11:26 An: Tomcat Users List Betreff: Other question But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: REMOVING EXAMPLES AND WEBDAV PERMANENTLY
-Original Message- From: Charles Sanders [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 21:59 To: Tomcat Users List (E-mail) Subject:REMOVING EXAMPLES AND WEBDAV PERMANENTLY I need some help with getting the paths to /examples and /webdav removed at startup. I have tried removing all context from the server.xml file and they still will display as installed and running under /manager/list?. I can remove them manually with the /manager/remove? command, but I don't want them installed on startup. Any help would be greatly appreciated. Thanks, Charles File: ATT07261.txt Charles Are the examples and webdav directories still in place below webapps? If so, you'll need to remove them: any directories under webapps have contexts automatically generated at Tomcat-startup, even if you've removed the Context... tags from server.xml. Hope that helps, John -- John Niven Please reply through mailing list -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
ah yes another intresting cmd... nmap localhost or nmap IP gives u http-proxy 8080 jserv 8007 this of course is in linux...i dn't know if it's available in solaris...and also i believe it has some export restrictions ravi - Original Message - From: David Cassidy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 3:11 PM Subject: Re: Other question Hey Ravi, Try doing ps auxwwwf it'll give you alot more detail the ps -ax won't let you actually see what java is running David Ravishankar S wrote: hi Laura, when tomcat runs an instance of java is always running..try ps -ax | grep 'java*' it should give a bunch of java instances depending on the no of threadshere's what my redhat 6.2 said 21619 pts/3S 0:14 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21664 pts/3S 0:08 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21665 pts/3S 0:21 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21666 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21667 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21668 pts/3S 0:34 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21669 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21670 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21671 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21672 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21673 pts/3S 0:01 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21674 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21675 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21676 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21677 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21678 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21679 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21680 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 9085 pts/8S 0:00 grep java ravi - Original Message - From: Laura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:56 PM Subject: Other question Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Where is workers.properties???
Hi everybody, I'm an absolute beginner with Tomcat and I'm installing Tomcat 4.0.3 on a Linux RedHat 7.2 (kernel 2.4.7-10). I'm trying to use AJP connector 1.3 to make Tomcat work with Apache 1.3.24. Tomcat works great in standalone mode: no problems (Ive tested with http:/192.168.254.1:8080) Now I'd like to integrate Tomcat with Apache. I've inserted the following directives in the server.xml file: Listener className=org.apache.ajp.tomcat4.config.ApacheConfig / under Server port=8005... and a similar Listener directive under Host name=localhost... and indeed this have created 2 directories under $CATALINA_HOME/conf, called auto and jk. In $CATALINA_HOME/conf/auto I find the file mod_jk.conf (correct: I'll use it in an include statement in my httpd.conf later...) But the $CATALINA_HOME/conf/jk directory is empty. My question is: where is the workers.properties file??? Is it not generated automatically??? I've downloaded a binary version of mod_jk (mod_jk-01.so) and therefore I've not compiled it: I've simply copied it in /usr/local/apache/libexec/mod_jk.so... Probably I'm missing something... Thank you very much for your help. Bye, Luca __ Luca Zancan Logica S.r.l. e-mail [EMAIL PROTECTED] URL http://www.logicaonline.com __ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
How good is Tomcat to Attacks
Hi All I was reading the security attack posting and I was very interested to know also; 1) How good is Tomcat to attacks? 2) Is their a web site which rates web servers on how robust a server is to attacks? 3)Is it possible to attack tomcat if you have Apache as the web server on one machine and tomcat as the jsp/servlet handler on a separate machine with mod_jk? I would be most interested to see how Tomcat weights upto some of its commercial counterparts. Is Tomcat any good or should we just use it to test our jsp/servlets and so on? thanxs. Regards Amran -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: How good is Tomcat to Attacks
it's really one of those 'what type of attack' questions. Tomcat / Apache / IIS / IPlanet / etc are all open to attack ( some -IIS- more than others :-^) ) You can for example generate a DOS attack that will take down any/all of them. You can try various buffer overflow attacks to take down some etc etc... Of course if **your** code has security issues then there's really nothing that any of them can do D [EMAIL PROTECTED] wrote: Hi All I was reading the security attack posting and I was very interested to know also; 1) How good is Tomcat to attacks? 2) Is their a web site which rates web servers on how robust a server is to attacks? 3)Is it possible to attack tomcat if you have Apache as the web server on one machine and tomcat as the jsp/servlet handler on a separate machine with mod_jk? I would be most interested to see how Tomcat weights upto some of its commercial counterparts. Is Tomcat any good or should we just use it to test our jsp/servlets and so on? thanxs. Regards Amran -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Where is workers.properties???
My question is: where is the workers.properties file??? Is it not generated automatically??? I've downloaded a binary version of mod_jk (mod_jk-01.so) and therefore I've not compiled it: I've simply copied it in /usr/local/apache/libexec/mod_jk.so... AFAIK workers.properties is not create automically. Simply copy exist file from # jakarta-tomcat-connectors-4.0.2-01-src/jk/conf/workers.properties or i miss something. regards -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
I have one other question: If Tomcat shouts down for some cause, how can I know it? I think the best method is (on linux systems) # netstat -a -n | grep LISTEN if tomcat work ok, you'll get: tcp0 0 0.0.0.0:80010.0.0.0:* LISTEN tcp0 0 127.0.0.1:8005 0.0.0.0:* LISTEN tcp0 0 0.0.0.0:80080.0.0.0:* LISTEN tcp0 0 0.0.0.0:80090.0.0.0:* LISTEN tcp0 0 0.0.0.0:80100.0.0.0:* LISTEN if not, Tomcat broke. regards -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Fw: Reading Address Book
Dear David you bang on target. How do application can read fred's address book of Microsoft Outlook. As Fred click on Email this. There should be one pop with email addresses from Microsoft Outlook or Outlook Express not from data base. My application do not have the address of Bill in database, but it is in Microsoft Address book. So at Run time I want to read the email address of bill from address book. Thanks a lot. Rnivas - Original Message - From: David Cassidy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:36 PM Subject: Re: Reading Address Book Lets see if I understand ... You have registered users of your application. When your user (lets call him fred) comes to your site and wants to send a message to his friend (bill) he clicks on EMAIL THIS You want a form that has fred's address book, so that fred only need click on 'bill' to send the message to bill If I understand this correctly ? Question ( if I have the above correct...) Does your application have fred's address book ? Lets assume that it does... Assuming that the address book is in the database you could then display the address book as FORM ACTION=.. SELECT NAME=addressBookEntries OPTION VALUE=[EMAIL PROTECTED]Bill/OPTION OPTION VALUE=[EMAIL PROTECTED]Mary/OPTION etc /SELECT INPUT TYPE=TEXT NAME=emailAddress VALUE= /FORM You could ouput the address book into the html page with just a simple print from the address book object Does this help ? D -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
How can I get rid of tomcat's redirect to its own ip address?
We want to use a reverse proxy server (relay server) to shield the actual IIS/Tomcat server from direct internet access (- two physical server, one for reverse proxy and the other for IIS/Tomcat). But the IIS/Tomcat redirects requests to its own ip, which is not accessible through the internet. How can I get rid of tomcat's redirect to its own ip address? All traffic should go over the reverse proxy server. if i just access a html page in a pure IIS directory, the forward does not take place, so the problem has to be related to the tomcat. thx, michael - Gesendet von http://mail.yahoo.de. Kreative Köpfe gesucht! Machen Sie mit beim Yahoo! SMS Literatur Wettbewerb und gewinnen Sie tolle Preise - http://smswettbewerb.yahoo.de.
RE: Security - Attack
You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :) -Original Message- From: Stuart Stephen [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 10:43 To: Tomcat Users List Subject: RE: Security - Attack I think they are code red attacks. These shouldn't be anything to worry about on a Tomcat server if I am correct in my thinking. They only affect IIS. -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 09:35 To: Tomcat Users List Subject: Security - Attack Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat not redirecting request from HTTP to HTTPS
I found the problem... Put the following somewhere in your code System.setProperty(java.protocol.handler.pkgs, com.sun.net.ssl.internal.www.protocol); Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); http redirects now work. Maybe these packages should be installed by default seen as Tomcat supports HTTP. Maybe there is an easier way?? Donie -Original Message- From: Donie Kelly [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 16:44 Subject:RE: Tomcat not redirecting request from HTTP to HTTPS I'm using tomcat standalone. I can access the /info resource over https but when I access it over http I get the error. I wan the http request to automatically transfer over automatically to https. In the servlet specs it says that the switch over is automatic. I think that's where I read it anyway... Thanks Donie -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 16:43 To: 'Tomcat Users List' Subject:RE: Tomcat not redirecting request from HTTP to HTTPS An HTTP 500 Internal Server error is usually from the web server, not from Tomcat. Are you sure your Apache SSL configuration is correct? Is mod_ssl included and available? John Turner [EMAIL PROTECTED] http://www.aas.com -Original Message- From: Donie Kelly [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 11:36 AM To: 'Tomcat Users List' Subject: Tomcat not redirecting request from HTTP to HTTPS Hi all Here is my server.xml and web.xml. When I request the page at /info I expected the page to requested over SSL but it returns HTTP 500 Internal server error Why is this? Web.xml servlet servlet-nameinfo/servlet-name jsp-file/onm/index.jsp/jsp-file /servlet servlet-mapping servlet-nameinfo/servlet-name url-pattern/info/url-pattern /servlet-mapping security-constraint web-resource-collection web-resource-namesecure/web-resource-name url-pattern/info/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint server.xml Service name=Tomcat-Standalone !-- Define an SSL HTTP/1.1 Connector on port 443 -- Connector className=org.apache.catalina.connector.http.HttpConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS keystoreFile=c:\tomcat4.0\.keystore keystorePass=changit / /Connector !-- Define a non-SSL HTTP/1.1 Connector on port 80 -- Connector className=org.apache.catalina.connector.http.HttpConnector port=80 minProcessors=5 maxProcessors=75 enableLookups=false redirectPort=443 acceptCount=10 debug=0 connectionTimeout=6 allowChunking=false/ Engine name=Standalone defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.MemoryRealm / Host name=localhost debug=0 appBase=webapps unpackWARs=false Context path= docBase=c:\mmsdev\dev\mms\webapps\mms/Context Context path=/images docBase=c:\mmsdev\dev\mms\webapps\mms\onm\images/Context Context path=/tp docBase=c:\mmsdev\dev\mms\webapps\tp/Context /Host /Engine /Service -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Security - Attack
I have doubts that the viruses will follow the redirect. I prefer to to answer with a 400/403/406 (still will be logged) or 204 (No log entry). I also have doubts that this is legal, so be carefull what you do. -Ursprüngliche Nachricht- Von: Cato, Christopher [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 13:38 An: 'Tomcat Users List' Betreff: RE: Security - Attack You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
Gaah it doesn't matter. I have strong doubts about Microsoft being legal also. Anyways, t'was on a home machine that got hammered by viruses all the time. -Original Message- From: Ralph Einfeldt [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 14:01 To: Tomcat Users List Subject: AW: Security - Attack I have doubts that the viruses will follow the redirect. I prefer to to answer with a 400/403/406 (still will be logged) or 204 (No log entry). I also have doubts that this is legal, so be carefull what you do. -Ursprüngliche Nachricht- Von: Cato, Christopher [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 13:38 An: 'Tomcat Users List' Betreff: RE: Security - Attack You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat and an xml file for repository of texts
Hi, I'm actually developping a web application for the european market, translated in a couple of different languages. In order to allow the translators and content writers access the designers layouts without modifying it, I'm thinking about making an xml file acting as a repository of all the different texts included in the pages. I'm going to generate the xml page using a database, so I could allow a default language text to be set for those not translated yet. Does anybody tried a solution like this before ? Do you think I will encounter performances' problems ? Any advice would be more than welcome, Regards, Sébastien Dui
Re: Tomcat and an xml file for repository of texts
that would depend on how it's going to be used. If you're talking about a content management system which has multi-lingual support, you're not going to need super fast response time. On the otherhand, if it's a portal like site which support multiple languages, then you're better off using bundles to grab the text in some generic/standardize format. peter Sébastien Dui wrote: Hi, I'm actually developping a web application for the european market, translated in a couple of different languages. In order to allow the translators and content writers access the designers layouts without modifying it, I'm thinking about making an xml file acting as a repository of all the different texts included in the pages. I'm going to generate the xml page using a database, so I could allow a default language text to be set for those not translated yet. Does anybody tried a solution like this before ? Do you think I will encounter performances' problems ? Any advice would be more than welcome, Regards, Sébastien Dui -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Reading Address Book
Dear David you bang on target. How do application can read fred's address book of Microsoft Outlook. As Fred click on Email this. There should be one pop with email addresses from Microsoft Outlook or Outlook Express not from data base. My application do not have the address of Bill in database, but it is in Microsoft Address book. So at Run time I want to read the email address of bill from address book. Thanks a lot. Rnivas - Original Message - From: David Cassidy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:36 PM Subject: Re: Reading Address Book Lets see if I understand ... You have registered users of your application. When your user (lets call him fred) comes to your site and wants to send a message to his friend (bill) he clicks on EMAIL THIS You want a form that has fred's address book, so that fred only need click on 'bill' to send the message to bill If I understand this correctly ? Question ( if I have the above correct...) Does your application have fred's address book ? Lets assume that it does... Assuming that the address book is in the database you could then display the address book as FORM ACTION=.. SELECT NAME=addressBookEntries OPTION VALUE=[EMAIL PROTECTED]Bill/OPTION OPTION VALUE=[EMAIL PROTECTED]Mary/OPTION etc /SELECT INPUT TYPE=TEXT NAME=emailAddress VALUE= /FORM You could ouput the address book into the html page with just a simple print from the address book object Does this help ? D -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
I prefer to to answer with a 400/403/406 (still will be logged) or 204 (No log entry). For my part I chose not to answer at all this kind of requests and shut down the socket connexion. (I had this problem while testing a home made web server). Christophe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat and an xml file for repository of texts
It's a 'somethink like a' portal application. Do you think that the performance bottle neck would happen with the disk issue (reading the same file over and over...) or with the XML treatment (I'm thinking about using Xerces) ? Maybe caching the XML repository in memory could help ? Regards, Sébastien Dui -Message d'origine- De : peter lin [mailto:[EMAIL PROTECTED]] Envoyé : jeu. 13 juin 2002 14:16 À : Tomcat Users List Objet : Re: Tomcat and an xml file for repository of texts that would depend on how it's going to be used. If you're talking about a content management system which has multi-lingual support, you're not going to need super fast response time. On the otherhand, if it's a portal like site which support multiple languages, then you're better off using bundles to grab the text in some generic/standardize format. peter Sébastien Dui wrote: Hi, I'm actually developping a web application for the european market, translated in a couple of different languages. In order to allow the translators and content writers access the designers layouts without modifying it, I'm thinking about making an xml file acting as a repository of all the different texts included in the pages. I'm going to generate the xml page using a database, so I could allow a default language text to be set for those not translated yet. Does anybody tried a solution like this before ? Do you think I will encounter performances' problems ? Any advice would be more than welcome, Regards, Sébastien Dui -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Security - Attack
apache and tomcat aren't vulnerable, but putting up a firewall to block the IP might be a good idea. For my own server I zone alarm pro, which will block IP trying this exact type of exploit. peter Laura wrote: Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
changing default home page
How can i change Tomcat's default home page ? Now it looks at a.. /path/to/tomcat/webapps/ROOT/index.html Regards Altug. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Security - Attack
On which level did you implement this ? - apache/iis configuration - tomcat configuration - tomcat filter/valve Or where else ? -Ursprüngliche Nachricht- Von: Jean Christophe Rousseau [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 14:21 An: Tomcat Users List Betreff: RE: Security - Attack For my part I chose not to answer at all this kind of requests and shut down the socket connexion. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: changing default home page
ROOT is the default application (/) and it can be changed in conf/server.xml. Search your files for the node : welcome-file-list. It may be defined in the web.xml of ROOT or in conf/web.xml. -Original Message- From: Altug B. Altintas [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:31 To: Tomcat Users List Subject: changing default home page How can i change Tomcat's default home page ? Now it looks at a.. /path/to/tomcat/webapps/ROOT/index.html Regards Altug. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] DISCLAIMER This e-mail and any attachments thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Connection pooling doesn't work for me ... Help !!
anthony.dodd wrote: Hi I've posted a solution see Generic DataSource Resource Factory Available. JDBC Data Source on the tomcat user maillist. Tony Yes, but... Like many others on this list, I too have been unable to get the std JNDI DataSource thingy working; as an interim measure, I implemented a workaround (which does at least work!), but I refuse to be defeated! My understanding is that the standard naming factory wotsit is Tyrex - if I implement Anthony Dodd's offering, do I chuck out Tyrex? My latest attempt is based on the suggestions offered by Les Hughes, which uses the Jakarta Commons DBCP, collections, and pool libraries. However, when I run my application, I get the (by now, all too familiar) following exception thrown: 2002-06-13 13:37:15 static: Error! javax.naming.NamingException: Exception creating DataSource: org.hsql.jdbcDriver at org.apache.naming.factory.TyrexDataSourceFactory.getObjectInstance(TyrexDataSourceFactory.java:227) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:165) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304) at org.apache.naming.NamingContext.lookup(NamingContext.java:835) at org.apache.naming.NamingContext.lookup(NamingContext.java:181) at org.apache.naming.NamingContext.lookup(NamingContext.java:822) at org.apache.naming.NamingContext.lookup(NamingContext.java:181) at org.apache.naming.NamingContext.lookup(NamingContext.java:822) at org.apache.naming.NamingContext.lookup(NamingContext.java:181) at org.apache.naming.NamingContext.lookup(NamingContext.java:822) at org.apache.naming.NamingContext.lookup(NamingContext.java:194) at org.apache.naming.SelectorContext.lookup(SelectorContext.java:183) at javax.naming.InitialContext.lookup(InitialContext.java:350) at com.terma.martin.drs.StaticPage.handleRequest(Unknown Source) at org.apache.velocity.servlet.VelocityServlet.doRequest(VelocityServlet.java:331) at org.apache.velocity.servlet.VelocityServlet.doGet(VelocityServlet.java:292) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) It seems as though Tyrex is trying to use org.hsql.jdbcDriver, which I don't want - I'm using MySQL - or am I not interpreting the stack trace properly? Here is the relevant part of server.xml: Resource name=jdbc/RadiationDB auth=Container type=javax.sql.DataSource/ Resource-params name=jdbc/RadiationDB parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter namemaxActive/namevalue100/value /parameter parameter namemaxIdle/namevalue3/value /parameter parameter namemaxWait/namevalue100/value /parameter parameter nameuser/name valueme/value /parameter parameter namepassword/name valuesecret!/value /parameter parameter namedriverClassName/name valueorg.gjt.mm.mysql.Driver/value /parameter parameter nameurl/name valuejdbc:mysql://localhost/radiation/value /parameter /Resource-params My configuration is: Tomcat 4.0.4b1 mm.MySQL 2.0.12 latest DBCP from nightly build mySQL 3.23.46 running on Mac OS X (10.1.5) JDK 1.3.1 All suggestions gratefully received! Thanks, Martin PS Sorry about the length of the post :-( -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Debugging
if u have some fancy IDE... What!?! No, no, no. Go to www.netbeans.org, and download netbeans. It is free, has an excellent JPDA debugger, is free, works great with cvs, is free, has some really excellent (free) plugins (xml editing, database explorer, junit integration, etc...), and it is FREE! Larry PS: Um, did I mention that netbeans is free? It is. An open-source too. ;-) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Security - Attack
Blocking the IP can be a dangerous thing: - If there are several people behind a proxy, you will disable all. - If the attacking pc has a provider wih dynamic IP's it dousn't help at all, it will just diable all user users that get this IP in the future. - It makes you vulnerable to dos attack. As it is possible to fake IP adresses an attacker can disable the acces to your site for a ig amount of people -Ursprüngliche Nachricht- Von: peter lin [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 14:32 An: Tomcat Users List Betreff: Re: Security - Attack apache and tomcat aren't vulnerable, but putting up a firewall to block the IP might be a good idea. For my own server I zone alarm pro, which will block IP trying this exact type of exploit. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: changing default home page
This is not true for every version of Tomcat though. I believe Andre is refering to 4.0.3 and 4.1.X. In 3.2.X and 3.3.X you need to change/alter the following entries: ApJServMount default /root and ApJServMount /examples /root. in the file tomcat.conf. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 2:38 PM To: [EMAIL PROTECTED] Subject: RE: changing default home page ROOT is the default application (/) and it can be changed in conf/server.xml. Search your files for the node : welcome-file-list. It may be defined in the web.xml of ROOT or in conf/web.xml. -Original Message- From: Altug B. Altintas [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:31 To: Tomcat Users List Subject: changing default home page How can i change Tomcat's default home page ? Now it looks at a.. /path/to/tomcat/webapps/ROOT/index.html Regards Altug. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] DISCLAIMER This e-mail and any attachments thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Connection pooling doesn't work for me ... Help !!
I'm using the JNDI Datasource setup fine with Tomcat 4.0.3 and Sybase. In server.xml I have: Resource name=jdbc/db auth=Container type=javax.sql.ConnectionPoolDataSource/ ResourceParams name=jdbc/db parameter namedriverClassName/name valuecom.sybase.jdbc2.jdbc.SybDriver/value /parameter parameter nameuser/name valueuser/value/parameter !-- other driver specific db params... -- parameter nameinitialPoolSize/name value5/value/parameter /ResourceParams There's no need to specify a factory as Tomcat has a Datasource resource factory built in. Note that I've used the ConnectionPoolDataSource class - not sure if this makes a difference. HTH Neil. - Original Message - from: Martin Jacobson [EMAIL PROTECTED] date: Thursday, June 13, 2002 1:40 pm subject: Re: Connection pooling doesn't work for me ... Help !! anthony.dodd wrote: Hi I've posted a solution see Generic DataSource Resource Factory Available. JDBC Data Source on the tomcat user maillist. Tony Yes, but... Like many others on this list, I too have been unable to get the std JNDI DataSource thingy working; as an interim measure, I implemented a workaround (which does at least work!), but I refuse to be defeated! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -Original Message- From: Cato, Christopher [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 6:38 AM To: 'Tomcat Users List' Subject: RE: Security - Attack You should do what I did. For Code Red and similar exploits, create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com instead. After all, they ARE responsible, aren't they? :) -Original Message- From: Stuart Stephen [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 10:43 To: Tomcat Users List Subject: RE: Security - Attack I think they are code red attacks. These shouldn't be anything to worry about on a Tomcat server if I am correct in my thinking. They only affect IIS. -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 09:35 To: Tomcat Users List Subject: Security - Attack Hi all, well I have, in my opinion, a very interesting question. Last week we went in a production enviroment: we have apache + tomcat with an important web application xxx (http.conf has JkMount /xxx worker). Well, this morning I have discovered that somebody has tried to attack my server: in the Apache error log I have found calls as /scripts/..%5c%5c../winnt/system32/cmd.exe, /scripts/., and so on. My question is: is Tomcat secure? How can I do Tomcat secure? Is all my system secure? ( my machine is a solaris 8). Thanks Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: AW: Security - Attack
it's my home system, so I don't care if some one I don't know gets blocked. For production system it would be better to just filter as some one else said earlier. I run both tomcat and orion, so neither are vulnerable, but I rather not clean up logs every week because of stupid IIS exploits. Another thing which admins should do is filter out going traffic from their network for this type of virus/trojan. Atleast I would, but not every has the time or inclination to do so. In any case, you could write a request filter in tomcat that will filter out all requests with .exe. peter Ralph Einfeldt wrote: Blocking the IP can be a dangerous thing: - If there are several people behind a proxy, you will disable all. - If the attacking pc has a provider wih dynamic IP's it dousn't help at all, it will just diable all user users that get this IP in the future. - It makes you vulnerable to dos attack. As it is possible to fake IP adresses an attacker can disable the acces to your site for a ig amount of people -Ursprüngliche Nachricht- Von: peter lin [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 14:32 An: Tomcat Users List Betreff: Re: Security - Attack apache and tomcat aren't vulnerable, but putting up a firewall to block the IP might be a good idea. For my own server I zone alarm pro, which will block IP trying this exact type of exploit. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Security - Attack
Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
Moreover, 99.99 % of these request come from standard WNT / W2K users who started their IIS service to test what it can be and who never stopped it. They are not likely to clean their computer because they don't know they are infected... -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 15:04 To: Tomcat Users List Subject: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] DISCLAIMER This e-mail and any attachments thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the recipient(s) named above. Any use of the information contained herein (including, but not limited to, total or partial reproduction, communication or distribution in any form) by persons other than the designated recipient(s) is prohibited. If you have received this e-mail in error, please notify the sender either by telephone or by e-mail and delete the material from any computer. Thank you for your cooperation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: changing default home page
You probably have something like this: Context path= docBase=ROOT debug=0/ In your server.xml This means if a user does not specify anything after /path/to/tomcat it takes ROOT as the default webapp. Furthermore you can specify welcome-pages for each webapp in your web.xml's (see the DTD). If you specify nothing it looks for index.html in the target webapp. Hope this is of help, Dennis. -Original Message- From: Altug B. Altintas [mailto:[EMAIL PROTECTED]] Sent: donderdag 13 juni 2002 14:31 To: Tomcat Users List Subject: changing default home page How can i change Tomcat's default home page ? Now it looks at a.. /path/to/tomcat/webapps/ROOT/index.html Regards Altug. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
a simple purpose - since it's my home machine, i did it just for fun. Since M$ allowed Code Red and similar viruses to thrive on Windows systems, while saying that Windows is perfectly secure, why not try a redirect to their systems. At least I got a laugh out of it. christopher - a bored guy. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 15:04 To: Tomcat Users List Subject: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Reading Address Book
Title: RE: Reading Address Book Hi there If you are running Exchange Server, you can access Contacts stored in address lists on the server via LDAP (assuming the Exchange Server has the LDAP protocol enabled). I'm not sure that you can get at the addresses in a user's personal Address Book quite so easily. Look on the MSDN for info on using LDAP with Exchange. cheers Rory -Original Message- From: RNivas [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 5:28 AM To: Tomcat Users List Subject: Re: Reading Address Book Dear David you bang on target. How do application can read fred's address book of Microsoft Outlook. As Fred click on Email this. There should be one pop with email addresses from Microsoft Outlook or Outlook Express not from data base. My application do not have the address of Bill in database, but it is in Microsoft Address book. So at Run time I want to read the email address of bill from address book. Thanks a lot. Rnivas - Original Message - From: David Cassidy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:36 PM Subject: Re: Reading Address Book Lets see if I understand ... You have registered users of your application. When your user (lets call him fred) comes to your site and wants to send a message to his friend (bill) he clicks on EMAIL THIS You want a form that has fred's address book, so that fred only need click on 'bill' to send the message to bill If I understand this correctly ? Question ( if I have the above correct...) Does your application have fred's address book ? Lets assume that it does... Assuming that the address book is in the database you could then display the address book as FORM ACTION=.. SELECT NAME=addressBookEntries OPTION VALUE=[EMAIL PROTECTED]Bill/OPTION OPTION VALUE=[EMAIL PROTECTED]Mary/OPTION etc /SELECT INPUT TYPE=TEXT NAME=emailAddress VALUE= /FORM You could ouput the address book into the html page with just a simple print from the address book object Does this help ? D -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
I think it makes sense to filter these out. They're easy to identify by looking for the .exe extension. I think its less demanding on the server to do a redirect than it is to display an error page and write an entry to the log file. Why should I let my log files fill up w/ garbage? And what better place to redirect them to than M$? Mike -Original Message- From: Cato, Christopher [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 9:11 AM To: 'Tomcat Users List' Subject: RE: Security - Attack a simple purpose - since it's my home machine, i did it just for fun. Since M$ allowed Code Red and similar viruses to thrive on Windows systems, while saying that Windows is perfectly secure, why not try a redirect to their systems. At least I got a laugh out of it. christopher - a bored guy. -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 15:04 To: Tomcat Users List Subject: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Multiple Processes for Tomcat
Dear Friends, How can configure Tomcat so that it starts multiple processes instead of just one? I have heavy load and a single process can attach to more than 3 Gig of memory. If I could spawn multiple processes for a single Tomcat instance, I could use more memory. Apache has similar configuration diretive. Regards. Ravi Verma 916 705 3261 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
Warning: this may start flame war - but its my opinion. Don't worry, you are entitled to your opinion and I'll defend your right to express it (I may not agree, but that doesn't matter). What is the purpose of detecting and trying to prevent these attacks? I didn't plan to do it, I just wanted to know how to do it. Sort of like building an A-bomb. You would never do it, but Its neat to know how to. - Now I've done it, Aschroft will be kicking down my office door because I mentioned the b word in an email. :) Jim Urban - [EMAIL PROTECTED] Park City Solutions Inc. Clinical Connectivity Suite Product Manager Suite 295 500 Park Blvd. Itasca, IL 60143 Voice: (630) 250-3045 x106 Fax: (630) 250-3046 CONFIDENTIALITY NOTICE This message and any included attachments are from Park City Solutions Inc. and are intended only for the entity to which it is addressed. The contained information is confidential and privileged material. If you are not the intended recipient, you are hereby notified that any use, dissemination, or copying of this communication is strictly prohibited and may be unlawful. If you have received this communication in error please notify the sender of the delivery error by e-mail or call Park City Solutions Inc. corporate offices at (435) 654-0621 -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 8:04 AM To: Tomcat Users List Subject: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Security - Attack
I wouldn't say that they do no harm: - They mess up your statistics If you don't change your configuration it's not possible to distinguish the 404 from the viruses from others that might indicated errors in your site. (I always get nervous if a server has a 'file not found' count 0) - They (sometimes) kill your log file space In high noon of nimda and code red, those viruses produced serveral megabytes on logfiles for each site we are hosting. So it makes some sense to change the configuration for apache. -Ursprüngliche Nachricht- Von: Tim Funk [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 15:04 An: Tomcat Users List Betreff: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: restarting tomcat programatically
Howdy, If your own webapp is running on the tomcat instance you're trying to restart, then HUH? ;) One VM can always restart another, as others have proposed. So you can have a command line program, shell scripts, another webapp running on another tomcat instance, etc. Alternatively, look at how JBoss manages its embedded tomcat ;) You'll have to do a bit more work, and need to know some JMX MBeans stuff. (I'm no longer bitter about 4.0.2 removing the System.exit() to accommodate JBoss -- long live my System.exit() context listener! ;)) Yoav Shapira Millennium ChemInformatics -Original Message- From: Ankit [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 2:36 AM To: [EMAIL PROTECTED] Subject: restarting tomcat programatically hi, i am trying to restart tomcat from my web application. Is there anyway i can do it programmatically? Does Tomcat provide any class to allow restart(I know about org.apache.tomcat.startup.Tomcat, i have tried this, It does not work b,coz once VM dies it does not call start)? Thanx in advance Ankit Chansoriya Software Engineer Lisle Technology Partners 45/3 Gopalkrishna Complex, Residency Cross Road, Bangalore-25 ph:5595636 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Java version
Hi, I've downloaded Tomcat 4.0.3 for Solaris 2.6 but not sure it's starting up correctly, when I run shutdown.sh I get a Java exception. My first thought is the JVM version does anyone know which version Tomcat 4.0.3 needs? I'm using 1.1.3. Many thanks Matt. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Java version
do you mean jvm 1.1.3 or 1.3.1 ? if the former I suspect thats the problem. John. -Original Message- From: Matthew Oatham [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:34 To: '[EMAIL PROTECTED]' Subject: Java version Hi, I've downloaded Tomcat 4.0.3 for Solaris 2.6 but not sure it's starting up correctly, when I run shutdown.sh I get a Java exception. My first thought is the JVM version does anyone know which version Tomcat 4.0.3 needs? I'm using 1.1.3. Many thanks Matt. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ Common Services Agency Disclaimer The information contained in this message may be confidential or legally privileged and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat4.1.2 shutdown error
Howdy, I actually disagree with the interpretation of the error: if you try to shutdown tomcat when it's not running, you'll get a ConnectionRefused exception from when it tries to connect to the shutdown port. But I don't have an answer to the original question ;) Is Remy watching this thread? Yoav Shapira Millennium ChemInformatics -Original Message- From: Yousef Shemisa [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 6:09 PM To: Tomcat Users List Subject: Re: Tomcat4.1.2 shutdown error Mike, Is it possible that Tomcat is not running when you execute shutdown.sh? This is what it looks like from the error response. Cheers. --- Yousef Shemisa 650-365-9704 ext 12 http://www.netunderdogs.com Menlo Park, CA ~Savin' the Web Doggie Style~ We GUARANTEE our Web Development will exceed your expectations. - Original Message - From: Mike Niemaz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, June 12, 2002 3:30 AM Subject: Tomcat4.1.2 shutdown error I'm getting this error when I try to stop Tomcat. Any idea? Thanx, -mike java.lang.NullPointerException at org.apache.catalina.core.NamingContextListener.lifecycleEvent(NamingCon text L istener.java:343) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleS uppo r t.java:166) at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2216) at org.apache.catalina.startup.Catalina.start(Catalina.java:541) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
mod_jk and Mapping configuration error
I can't for the life of me figure out my problem. I have apache running
all peachy, and added in mod_jk to service *.jsp to tomcat.
I'm trying to first get a single Virtual host working with this config,
and my webroot is /opt/web/www.ialex.net
In my VirtualHost i have my JkMount
JkMount /*.jsp ajp13
and in my server.xml
!-- Define an AJP 1.3 Connector on port 8009 --
Connector className=org.apache.ajp.tomcat4.Ajp13Connector
port=8009 minProcessors=5 maxProcessors=75
acceptCount=10 debug=0/
Host name=www.ialex.net
Context path= docBase=/opt/web/www.ialex.net debug=0/
/Host
No errors on startup for either apache or tomcat (I start tomcat first)
and when i try going to a file index.jsp in /opt/web/www.ialex.net from my
browser i get a
htmlheadtitleApache Tomcat/4.0.3 - Error
report/titleSTYLE!--H1{font-family : sans-serif,Arial,Tahoma;color :
white;background-color : #0086b2;} BODY{font-family :
sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color :
white;background-color : #0086b2;} HR{color : #0086b2;} --/STYLE
/headbodyh1Apache Tomcat/4.0.3 - HTTP Status 404 -
/index.jsp/h1HR size=1 noshadepbtype/b Status
report/ppbmessage/b u/index.jsp/u/ppbdescription/b
uThe requested resource (/index.jsp) is not available./u/pHR
size=1 noshade/body/html
And this in my tomcat logs
2002-06-13 09:09:35 StandardHost[localhost]: MAPPING configuration error
for request URI
Help please
Alex
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Java version
Yea I've got 1.1.3 just read in RUNNING.txt that 1.2 at the least is required. Thanks. -Original Message- From: Heap, John [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:30 To: 'Tomcat Users List' Subject: RE: Java version do you mean jvm 1.1.3 or 1.3.1 ? if the former I suspect thats the problem. John. -Original Message- From: Matthew Oatham [mailto:[EMAIL PROTECTED]] Sent: 13 June 2002 14:34 To: '[EMAIL PROTECTED]' Subject: Java version Hi, I've downloaded Tomcat 4.0.3 for Solaris 2.6 but not sure it's starting up correctly, when I run shutdown.sh I get a Java exception. My first thought is the JVM version does anyone know which version Tomcat 4.0.3 needs? I'm using 1.1.3. Many thanks Matt. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ Common Services Agency Disclaimer The information contained in this message may be confidential or legally privileged and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Simple j_security_check example not working
Replying to my own message .. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=8976 Don't know if it applies in my situation .. Jas -- Jaspreet Singh Application Solutions Developer The Ultimate People Company Phone/Fax: 0113 20 10 641/666 Mobile: 07866 260204 Web: www.upco.co.uk -Original Message- From: Jaspreet.Singh [mailto:[EMAIL PROTECTED]] Sent: 12 June 2002 08:36 To: 'Tomcat Users List' Subject: Simple j_security_check example not working Hi Guys Attached is a simple example of form based login I'm trying to get working on Tomcat 4.0.3 and it doesn't!!! I've checked the archives and noticed someone else had the same problem and never got past it! Anyway if you type the url http://localhost:8080/SCJWD/servlet/secret You get re-directed to the form based login page and if you type in the correct username and password (tomcat, tomcat) you get an error - and I quote type Status report message Invalid direct reference to form login page description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page). Am I missing something somewhere .. Because I copied this example straight out of the java servlets book. If you use incorrect credentials then the behaviour is as expected. Cheers Jas -- Jaspreet Singh Application Solutions Developer The Ultimate People Company Phone/Fax: 0113 20 10 641/666 Mobile: 07866 260204 Web: www.upco.co.uk The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. The contents of this email are intended only for the named addressees and may contain confidential and/or privileged material. If received in error please contact UPCO on +44 (0) 113 201 0600 and then delete the entire e-mail from your system. Unauthorised review, distribution, disclosure or other use of this information could constitute a breach of confidence. Your co-operation in this matter is greatly appreciated. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Java version
I might be wrong but wouldn't you need at least a 1.2 jvm for the servlet/jsp architecture. I'm pretty sure others will agree. Give that a whirl. 1.3.1 is the latest fully supported JVM. From: Matthew Oatham [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Subject: Java version Date: Thu, 13 Jun 2002 14:33:32 +0100 Hi, I've downloaded Tomcat 4.0.3 for Solaris 2.6 but not sure it's starting up correctly, when I run shutdown.sh I get a Java exception. My first thought is the JVM version does anyone know which version Tomcat 4.0.3 needs? I'm using 1.1.3. Many thanks Matt. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] _ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Security - Attack
Hi all, thanks for your help. What do you suggest me to do? Whe you say :So it makes some sense to change the configuration for apache, what do you mean? Laura - Original Message - From: Ralph Einfeldt [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 3:22 PM Subject: AW: Security - Attack I wouldn't say that they do no harm: - They mess up your statistics If you don't change your configuration it's not possible to distinguish the 404 from the viruses from others that might indicated errors in your site. (I always get nervous if a server has a 'file not found' count 0) - They (sometimes) kill your log file space In high noon of nimda and code red, those viruses produced serveral megabytes on logfiles for each site we are hosting. So it makes some sense to change the configuration for apache. -Ursprüngliche Nachricht- Von: Tim Funk [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 15:04 An: Tomcat Users List Betreff: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Solaris 2.6
Howdy, Simple test: go to your $JAVA_HOME/jre/lib, do jar tvf rt.jar | grep ArrayList if you're running 1.3.1, you should see two lines, one for java/util/ArrayList and one for java/util/Arrays$ArrayList. If they're not there, you're not using 1.3.1. ;) I think I saw an earlier post from you saying you were getting this error using java 1.1.3. That JDK does not have the Collections framework (to which ArrayList belongs). Tomcat 4.x needs the collections framework, hence use JDK 1.2 or later. Yoav Shapira Millennium ChemInformatics -Original Message- From: Matthew Oatham [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 3:09 AM To: '[EMAIL PROTECTED]' Subject: Solaris 2.6 Hi, I have installed Tomcat 4.0.3 (jakarta-tomcat-4.0.3.tar.gz) on Solaris 2.6. When running shutdown.sh the following exception is thrown: Bootstrap: Class loader creation threw exception java.lang.NoClassDefFoundError: java/util/ArrayList at org.apache.catalina.startup.ClassLoaderFactory.createClassLoader(Compil ed Code) at org.apache.catalina.startup.Bootstrap.main(Compiled Code) I believe the machine is running Java 1.3.1. Has anyone come across this problem before? Many thanks. -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Scheduling Servlet
Howdy, Check out Flux (a stand-alone commercial product), or maybe Turbine Fulcrum which has a scheduling service and is free (under the apache license). Yoav Shapira Millennium ChemInformatics -Original Message- From: Adrian [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 12, 2002 8:50 PM To: Tomcat Users List Subject: Scheduling Servlet Looking for ideas. I`m going to write a web interface for appointment scheduling etc.. Anyone seen anything promising, or working on something similar. Kind of like the team calendar in Outlook. Adrian I`ve got enough guilt to start my own religion -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: flush=false not working?
What would you propose a servlet container do when a page has three different includes, each of which wants to set the same header to some different value? Remember that, as far as the client is concerned, this is a single request, so there is no such thing as a last modified timestamp for only part of the page. I would suggest that the last one to write the header wins right up until the point that the page gets returned to the browser, any part of the complete page (including includes) should be able to modify any header info, and simply the last one to write info wins. It would of course be up to the developer to design an intelligent page so that the wanted results are obtained... but with the current API, we developers have NO WAY to do this without resorting to @ includes, which have their own terrible problems... Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Security - Attack
Everyone has their preference, but the reason I do it is because of maintenance. I can think of other reasons why a person may want to filter the traffic. 1. keep weblog clean 2. reduce bandwidth usage There are lots of ways to filter out the stuff for weblog analysis, so writing a filter isn't necessarily easier or better. On the other hand, if you're connection has a cap, then writing a filter will save your bandwidth. Most production sites don't have bandwidth caps, but with enough nimda requests, it can slow down the site performance. everyone has different requirements, so use your own judgement as to what makes the most sense technically and financially :) peter Tim Funk wrote: Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Where is workers.properties???
Thank you very much, I've downloaded jakarta-tomcat-connectors...src.tar.gz and now I'll try to setup it. (first I'll read all the documentation I've found in the jk/doc subdiretory) Thanks again. Luca zibie wrote: My question is: where is the workers.properties file??? Is it not generated automatically??? I've downloaded a binary version of mod_jk (mod_jk-01.so) and therefore I've not compiled it: I've simply copied it in /usr/local/apache/libexec/mod_jk.so... AFAIK workers.properties is not create automically. Simply copy exist file from # jakarta-tomcat-connectors-4.0.2-01-src/jk/conf/workers.properties or i miss something. regards -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- __ Luca Zancan Logica S.r.l. e-mail [EMAIL PROTECTED] URL http://www.logicaonline.com __ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: REMOVING EXAMPLES AND WEBDAV PERMANENTLY
Thanks John - After removing them from the webapps directory they no longer are installed. Thanks again. Charles -Original Message- From: John Niven Sent: Thursday, June 13, 2002 5:08 AM To: 'Tomcat Users List' Subject: RE: REMOVING EXAMPLES AND WEBDAV PERMANENTLY -Original Message- From: Charles Sanders Sent: 12 June 2002 21:59 To: Tomcat Users List (E-mail) Subject:REMOVING EXAMPLES AND WEBDAV PERMANENTLY I need some help with getting the paths to /examples and /webdav removed at startup. I have tried removing all context from the server.xml file and they still will display as installed and running under /manager/list?. I can remove them manually with the /manager/remove? command, but I don't want them installed on startup. Any help would be greatly appreciated. Thanks, Charles File: ATT07261.txt Charles Are the examples and webdav directories still in place below webapps? If so, you'll need to remove them: any directories under webapps have contexts automatically generated at Tomcat-startup, even if you've removed the Context... tags from server.xml. Hope that helps, John -- John Niven Please reply through mailing list -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Security - Attack
Basically do one of these: 1) ignore the code red lines 2) read up on mod_rewrite and write a couple of filters. documentation is at the www.apache.org site -Original Message- From: Laura [mailto:[EMAIL PROTECTED]] Sent: den 13 juni 2002 15:35 To: Tomcat Users List Subject: Re: Security - Attack Hi all, thanks for your help. What do you suggest me to do? Whe you say :So it makes some sense to change the configuration for apache, what do you mean? Laura - Original Message - From: Ralph Einfeldt [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 3:22 PM Subject: AW: Security - Attack I wouldn't say that they do no harm: - They mess up your statistics If you don't change your configuration it's not possible to distinguish the 404 from the viruses from others that might indicated errors in your site. (I always get nervous if a server has a 'file not found' count 0) - They (sometimes) kill your log file space In high noon of nimda and code red, those viruses produced serveral megabytes on logfiles for each site we are hosting. So it makes some sense to change the configuration for apache. -Ursprüngliche Nachricht- Von: Tim Funk [mailto:[EMAIL PROTECTED]] Gesendet: Donnerstag, 13. Juni 2002 15:04 An: Tomcat Users List Betreff: Re: Security - Attack Warning: this may start flame war - but its my opinion. What is the purpose of detecting and trying to prevent these attacks? If someone code reds (or similar) you - they get a 404 error. Why waste the extra processing power and extra config maintenance on something that does no harm. When the next type of attack comes out - should the config be changed to address that? Its a waste of time. -Tim Jim Urban wrote: create a bunch of mod_rewrite filters (in httpd.conf - for Apache) that redirects all those requests to www.microsoft.com Can you provide an example? Jim -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
jakarta-servlet error
hi all, Setup. w2k sp2; Apache 2.0.36; Tomcat 4.0.3 or 4.0.4-b3; jakarta-tomcat-connectors 4.0.2-01 or 4.0.4-b3. (apache using OpenSSL) using the mod_jk.dll connector, type ajp13 Tomcat works fine as a standalone but when attempting to access *.jsp through apache it returns the error, Error message: handler jakarta-servlet not found for: index.jsp The lastest CVS of mod_jk.c (v1.45) seems to tidy up the error but not prevent it. ideas anybody? cheers John. [EMAIL PROTECTED] --- mod_jk.log - or the interesting bit at least. [Thu Jun 13 13:02:44 2002] [mod_jk.c (1223)]: Into handler r-proxyreq=0 r-handler=jakarta-servlet r-notes=5692944 worker=ajp13 [Thu Jun 13 13:02:44 2002] [jk_worker.c (132)]: Into wc_get_worker_for_name ajp13 [Thu Jun 13 13:02:44 2002] [jk_worker.c (136)]: wc_get_worker_for_name, done did not found a worker [Thu Jun 13 13:02:44 2002] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker _ Common Services Agency Disclaimer The information contained in this message may be confidential or legally privileged and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. _ -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Restart a single Tomcat service out of several running services?
Here is what you do: First, follow the directions in Manager App HOW-TO included with the tomcat documentation. Once this is done, you can use the manager app reload function to reload the web app. This also refreshes any newly compiled classes (e.g. javabeans) that you may have included in the JSPs. To use the reload, do the following: http://IP Address/manager/reload?path=web app You can also use the manager to deploy new web apps, un-deploy web apps, start/stop web apps. --- Sven Woltmann [EMAIL PROTECTED] wrote: Hi, Our server runs several Tomcat services for different websites. Every time I change a Java class for my my applications, I must restart Tomcat. All my websites are then down for up to 30 seconds, even the ones that don't use the changed classes. Is it possible to only restart one of the services? Thanks, Sven -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Reading Address Book
Title: Re: Reading Address Book Sorry about the HTML in my last post!! Hi there If you are running Exchange Server, you can access Contacts stored in address lists on the server via LDAP (assuming the Exchange Server has the LDAP protocol enabled). I'm not sure that you can get at the addresses in a user's personal Address Book quite so easily. Look on the MSDN for info on using LDAP with Exchange. cheers Rory -Original Message- From: RNivas [mailto:[EMAIL PROTECTED]] Sent: Monday, June 24, 2002 5:28 AM To: Tomcat Users List Subject: Re: Reading Address Book Dear David you bang on target. How do application can read fred's address book of Microsoft Outlook. As Fred click on Email this. There should be one pop with email addresses from Microsoft Outlook or Outlook Express not from data base. My application do not have the address of Bill in database, but it is in Microsoft Address book. So at Run time I want to read the email address of bill from address book. Thanks a lot. Rnivas - Original Message - From: David Cassidy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:36 PM Subject: Re: Reading Address Book Lets see if I understand ... You have registered users of your application. When your user (lets call him fred) comes to your site and wants to send a message to his friend (bill) he clicks on EMAIL THIS You want a form that has fred's address book, so that fred only need click on 'bill' to send the message to bill If I understand this correctly ? Question ( if I have the above correct...) Does your application have fred's address book ? Lets assume that it does... Assuming that the address book is in the database you could then display the address book as FORM ACTION=.. SELECT NAME=addressBookEntries OPTION VALUE=[EMAIL PROTECTED]Bill/OPTION OPTION VALUE=[EMAIL PROTECTED]Mary/OPTION etc /SELECT INPUT TYPE=TEXT NAME=emailAddress VALUE= /FORM You could ouput the address book into the html page with just a simple print from the address book object Does this help ? D -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Coyote, tomcat4 and apache, catalina.Connector not found
Im trying to connect tomcat4 and apache with coyote and when I launch tomcat here is what I get: java.lang.reflect.InvocationTargetException: java.lang.NoClassDefFoundError: org/apache/catalina/Connector at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:694) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:133) at java.net.URLClassLoader.defineClass(URLClassLoader.java:319) at java.net.URLClassLoader.access$400(URLClassLoader.java:92) at java.net.URLClassLoader$ClassFinder.run(URLClassLoader.java:677) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:238) at org.apache.catalina.loader.StandardClassLoader.findClass(StandardClassLoader.java(Compiled Code)) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1093) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:992) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:1076) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader.java:992) at java.lang.Class.forName1(Native Method) at java.lang.Class.forName(Class.java:142) at org.apache.catalina.util.xml.ObjectCreate.start(XmlMapper.java:616) at org.apache.catalina.util.xml.XmlMapper.matchStart(XmlMapper.java:412) at org.apache.catalina.util.xml.XmlMapper.startElement(XmlMapper.java:91) at org.xml.sax.helpers.XMLReaderAdapter.startElement(XMLReaderAdapter.java:329) at org.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1376) at org.apache.xerces.validators.common.XMLValidator.callStartElement(XMLValidator.java:1284) at org.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumentScanner.java:1806) at org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.dispatch(XMLDocumentScanner.java:1182) at org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner.java:381) at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1098) at org.xml.sax.helpers.XMLReaderAdapter.parse(XMLReaderAdapter.java:223) at javax.xml.parsers.SAXParser.parse(SAXParser.java:362) at javax.xml.parsers.SAXParser.parse(SAXParser.java:301) at org.apache.catalina.util.xml.XmlMapper.readXml(XmlMapper.java:228) at org.apache.catalina.startup.Catalina.start(Catalina.java:725) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) Has anyone an Idea ? I don't know where that Connector class is and should be. Any help welcome. Thx in advance -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: mod_jk and Mapping configuration error
Alex,
What version of Tomcat are you using? Also, I'm trying to resolve an issue I
have (mod_jk not working). Do you have a procedure on how to get mod_jk
working?
Thanks..
Quoting Alex Short [EMAIL PROTECTED]:
I can't for the life of me figure out my problem. I have apache running
all peachy, and added in mod_jk to service *.jsp to tomcat.
I'm trying to first get a single Virtual host working with this config,
and my webroot is /opt/web/www.ialex.net
In my VirtualHost i have my JkMount
JkMount /*.jsp ajp13
and in my server.xml
!-- Define an AJP 1.3 Connector on port 8009 --
Connector className=org.apache.ajp.tomcat4.Ajp13Connector
port=8009 minProcessors=5 maxProcessors=75
acceptCount=10 debug=0/
Host name=www.ialex.net
Context path= docBase=/opt/web/www.ialex.net debug=0/
/Host
No errors on startup for either apache or tomcat (I start tomcat first)
and when i try going to a file index.jsp in /opt/web/www.ialex.net from my
browser i get a
htmlheadtitleApache Tomcat/4.0.3 - Error
report/titleSTYLE!--H1{font-family : sans-serif,Arial,Tahoma;color :
white;background-color : #0086b2;} BODY{font-family :
sans-serif,Arial,Tahoma;color : black;background-color : white;} B{color :
white;background-color : #0086b2;} HR{color : #0086b2;} --/STYLE
/headbodyh1Apache Tomcat/4.0.3 - HTTP Status 404 -
/index.jsp/h1HR size=1 noshadepbtype/b Status
report/ppbmessage/b u/index.jsp/u/ppbdescription/b
uThe requested resource (/index.jsp) is not available./u/pHR
size=1 noshade/body/html
And this in my tomcat logs
2002-06-13 09:09:35 StandardHost[localhost]: MAPPING configuration error
for request URI
Help please
Alex
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: browser image caching problem
I wouldn't think this is a Tomcat problem - Is it possible that your pages are setting one or all of the nocache headers? O'Reilly has a commonly used JSP tag that includes this in a page. Does the same browser cache images from other sites? Eric Everman At 01:45 AM 6/13/2002, you wrote: All- For some reason, Tomcat seems to be preventing my browser from caching images. Has anyone had this problem or know how to fix it? thanks in advance -will -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
Hi Laura, Tomcat actually does have a pid. It is a java application. Under Solaris if you do a ps -elf |grep nativ you will see a listing beginning with your JAVA_HOME and ending with ../bin/sparc/nativ_t. That's the pid of the java virtual machine. If you have multiple java apps running each will have a JVM so you may need to sort out which java pid is Tomcat. You can also use top after starting Tomcat. You will see an entry for java in the table along with the pid and memory and cpu usage info. Rick - Original Message - From: Laura [EMAIL PROTECTED] Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
Under Solaris you have to use /usr/ucb/ps -ax |grep 'java*' to use the Berkeley version of ps. This gives a nice listing of the command line flags too. Rick - Original Message - hi Laura, when tomcat runs an instance of java is always running..try ps -ax | grep 'java*' it should give a bunch of java instances depending on the no of threadshere's what my redhat 6.2 said 21619 pts/3S 0:14 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21664 pts/3S 0:08 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21665 pts/3S 0:21 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21666 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21667 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21668 pts/3S 0:34 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21669 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21670 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21671 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21672 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21673 pts/3S 0:01 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21674 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21675 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21676 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21677 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21678 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21679 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 21680 pts/3S 0:00 /usr/java/jdk1.3.1/bin/i386/native_threads/java -clas 9085 pts/8S 0:00 grep java ravi - Original Message - From: Laura [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, June 13, 2002 2:56 PM Subject: Other question Hi all, thanks for your reply (Security - Attack): you are telling me that I shouldn't worry because Apache is secure. (I hope it) I have one other question: If Tomcat shouts down for some cause, how can I know it? For example, Apache has a PID and so you can control if the apache process, with that PID, is alive. But Tomcat doesn't write any PID: how can I know if Tomcat is alive or not? Is there any script for that? Thanks for your help Laura -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: browser image caching problem
My browser is caching images from other pages. Also, I reduced my test case to just requesting an image file directly from tomcat and watching tomcat serve it over and over again. -will Eric Everman writes: I wouldn't think this is a Tomcat problem - Is it possible that your pages are setting one or all of the nocache headers? O'Reilly has a commonly used JSP tag that includes this in a page. Does the same browser cache images from other sites? Eric Everman At 01:45 AM 6/13/2002, you wrote: All- For some reason, Tomcat seems to be preventing my browser from caching images. Has anyone had this problem or know how to fix it? thanks in advance -will -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Other question
For what its worth - I created (and use) a LifecycleListener that runs
on startup which logs the process ID into a file called tomcat.pid.
Which is created by a shell script called writepid.sh. Below is all the
code to get this to work. This code also assumes your current working
directory is $CATALINA_HOME.
--Begin code
import org.apache.catalina.LifecycleEvent;
/**
* A helper for getting the PID of java so shutting down tomcat is MUCH
* easier.
*/
public class PidLifeCycle implements org.apache.catalina.LifecycleListener {
public void lifecycleEvent(LifecycleEvent event) {
if (start.equals(event.getType())) {
try {
Runtime.getRuntime().exec(/bin/sh bin/writepid.sh);
} catch(Throwable e) {
e.printStackTrace();
}
}
}
}
--End Code
The code above will launch the following shell script. Should be in the
bin/ directory of your tomcat installation.
--Begin Shell script
echo $PPID logs/tomcat.pid
--End Shell script
Then add the following into server.xml
--Begin server.xml snippet
Listener className=PidLifeCycle /
--End server.xml snippet
-Tim
Rick Fincher wrote:
Hi Laura,
Tomcat actually does have a pid. It is a java application. Under Solaris
if you do a ps -elf |grep nativ you will see a listing beginning with your
JAVA_HOME and ending with ../bin/sparc/nativ_t. That's the pid of the java
virtual machine. If you have multiple java apps running each will have a
JVM so you may need to sort out which java pid is Tomcat.
You can also use top after starting Tomcat. You will see an entry for java
in the table along with the pid and memory and cpu usage info.
Rick
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Trouble Compiling mod_webapp
I got the same error last week. I fixed it by getting and installing APR from CVS according to the mod_webapp README.txt. Also make sure that the apxs your install is finding is the Apache 2 apxs...if this is a machine that also has Apache 1.x, the buildconf script may be picking up the Apache 1.x apxs instead of the Apache 2 apxs. You can explicitly declare which apxs to use. John Turner [EMAIL PROTECTED] http://www.aas.com -Original Message- From: Bruce Wright [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 4:44 AM To: [EMAIL PROTECTED] Subject: Trouble Compiling mod_webapp I have apache 2.0.36 compiled and installed on RedHat 7.3 I'm using the following two source archives: http://jakarta.apache.org/builds/jakarta-tomcat-connectors/webapp/release/v1 .2.0/src/apr_APACHE_2_0_35.tar.gz http://jakarta.apache.org/builds/jakarta-tomcat-4.0/release/v4.0.3/src/jakar ta-tomcat-connectors-4.0.2-01-src.tar.gz Step 1. /bin/sh ./support/buildconf.sh output looks fine... Creating configure ... --- All done Step 2. ./configure --with-apxs=/usr/local/apache2/bin/apxs output looks fine...till here... APR location checking for APR sources... /root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/apr checking for APR libraries... no checking for APR includes... no --Does this mean I copied the apr to the wrong location?-- more OK output... All done. Now you can issue make. Good luck. Step 3. make output looks fine...till the end... /usr/local/apache2/build/libtool: /root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/supp ort/install.sh: /bin/sh: bad interpreter: Permission denied make[2]: *** [/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/lib /libwebapp.a] Error 126 make[2]: Leaving directory `/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp/lib ' make[1]: Exiting directory lib make[1]: *** [template] Error 2 make[1]: Leaving directory `/root/riapps/Tomcat.4.0.3/jakarta-tomcat-connectors-4.0.2-01-src/webapp' make: *** [lib-build] Error 2 I am running this as root...why do I get Permission denied??? Any thoughts??? Thanks in advance
mapping upper-case to lower !
hi again, i use Tomcat4.0.3 with Apache2.0.36 on win2k.. i have a silly problem .. if i have a page WORK.jsp [capital letters] and i try to request it by http://localhost/work.jsp [small letters] .. i got an 404 error : The requested resource is not available (/work.jsp). i must request it as WORK.jsp!.. is there any way to tell Tomcat to map the name from upper case to lower and vice-versa ?! .. specially in Tomcat3.1 i didn't face like that ! .. thanks in advance .. Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: mapping upper-case to lower !
Just rename your .jsp files using non-capital letters. -Original Message- From: Walid Al-Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 5:27 PM To: [EMAIL PROTECTED] Subject: mapping upper-case to lower ! hi again, i use Tomcat4.0.3 with Apache2.0.36 on win2k.. i have a silly problem .. if i have a page WORK.jsp [capital letters] and i try to request it by http://localhost/work.jsp [small letters] .. i got an 404 error : The requested resource is not available (/work.jsp). i must request it as WORK.jsp!.. is there any way to tell Tomcat to map the name from upper case to lower and vice-versa ?! .. specially in Tomcat3.1 i didn't face like that ! .. thanks in advance .. Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: mapping upper-case to lower !
i know that easy solution .. but i want a general one to my application , so any user can type Capital/small letters to request the page without any limitation on only using small letters ! Marek, Tomas writes: Just rename your .jsp files using non-capital letters. -Original Message- From: Walid Al-Abbadi [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 13, 2002 5:27 PM To: [EMAIL PROTECTED] Subject: mapping upper-case to lower ! hi again, i use Tomcat4.0.3 with Apache2.0.36 on win2k.. i have a silly problem .. if i have a page WORK.jsp [capital letters] and i try to request it by http://localhost/work.jsp [small letters] .. i got an 404 error : The requested resource is not available (/work.jsp). i must request it as WORK.jsp!.. is there any way to tell Tomcat to map the name from upper case to lower and vice-versa ?! .. specially in Tomcat3.1 i didn't face like that ! .. thanks in advance .. Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Walid Al-Abbadi -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: JNDIRealm authentication
Josh,
It depsnds on your LDAP server, if you are running
openldap, look at you slapd.conf file and you should
see a rootpw entry, which is what you should use for
you connectionPassword.
Ryan
--- Josh Fenlason [EMAIL PROTECTED] wrote:
Does anyone know what the value of
connectionPassword, in Realm/, should
be? I tried it with a value of secret, but I get
an error when Tomcat
starts:
javax.naming.AuthenticationException: [LDAP: error
code 48 - Inappropriate
Authentication]
I'm trying to do LDAP authentication with Tomcat
4.1.3. I've read
through
the how to docs on Tomcat's site,
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#JNDIRealm,
and tried to follow the example. My site loads
fine, but I never get an
authentication prompt when I enter my site. If
anyone could sees
anything
wrong with my Realm/ or has any ideas of where
else I should need to
change things, I would greatly appreciate it.
Thanks.
,
Josh.
Here's what I entered for the Realm element in
tomcat4.1.3_home/conf/server.xml
Realm
className=org.apache.catalina.realm.JNDIRealm
connectionName=ou=People,ou=jfenlason_r62DC,ou=jfenlason,l=Arden
Hills,o=Bethel
connectionPassword=secret
connectionURL=ldap://corvette.mn.ptc.com:389;
roleName=oid
roleSearch=(uniqueMember={0})
userPassword=userPassword
userPattern=oid={0},ou=People,ou=jfenlason_r62DC,ou=jfenlason,l=Arden
Hills,o=Bethel
debug=99/
Here's the AuthLDAPURL that works with Apache1
doing the authentication
ldap://corvette.mn.ptc.com:389/ou=People,ou=jfenlason_r62DC,ou=jfenlason,l=A
rden Hills,o=Bethel
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
__
Do You Yahoo!?
Yahoo! - Official partner of 2002 FIFA World Cup
http://fifaworldcup.yahoo.com
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
front controller pattern and security
Hi all. I've been thinking about how the j2ee front controller pattern (used by Struts et al.) does/does not take advantage of url-based authorization constraints in web.xml. I want to avoid having to check roles in my own code as much as possible. At first I thought I could declare a URL like /somewebapp/somerole/* to require the somerole role before being allowed access to my controller servlet. Another URL would be /somewebapp/someotherrole/* but would map to the same servlet. That servlet would then pick off the action at the end of the URL and execute it. However, while I can restrict access to the servlet, or whatever other physical resource I'm trying to protect, what I really want to protect is the action that's executed. Am I just stuck with enumerating all possible actions in by web.xml (/somewebapp/somerole/someaction, /somewebapp/somerole/someotheraction, etc.)? Should I instead make a filter that enforces this for me? I'm facing the same problem with Apache SOAP's rpcrouter. thanks john -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
