Re: Security manager and request.getParameter() access error
Check your catalina.policy and see if the following 4 permissions are granted in the default policy: // Required for sevlets and JSP's permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util; permission java.lang.RuntimePermission accessClassInPackage.org.apache.catalina.util.*; permission java.lang.RuntimePermission defineClassInPackage.org.apache.catalina.util; permission java.lang.RuntimePermission defineClassInPackage.org.apache.catalina.util.*; Java 1.4 is more picky about the RuntimePermission accessClassInPackage and defineClassInPackage permissions. Regards, Glenn Dala wrote: When I use the security manager in Tomcat (4.1.12-LE-jdk1.4) some strange problems occur. When I execute the following simple JSP code: % request.getParameter(foo); % I get the following exception: org.apache.jasper.JasperException: org/apache/catalina/util/ParameterMap at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 48) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:289) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:240) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain ... I also start tomcat with security debub info enabled (i.e. CATALINA_OPTS=-Djava.security.debug=failure) but the log files do not report any errors, except for the exception of course. I use the standard policy rules as stated in the file catalina.policy. I even tried to grant the additional following rules, but nothing have helped so far: permission java.lang.RuntimePermission accessClassInPackage.javax.servlet; permission java.lang.RuntimePermission accessClassInPackage.javax.servlet.*; If I grant all permissions (i.e. permission java.security.AllPermission;) to my code base, then everything works fine. What is the problem? Have I missed something obvious here? /Tommy -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Ajp13Processor starting background threads under low load
Once an Apache process opens a socket connection to Tomcat for Ajp that connection remains open until that httpd process dies. That way the httpd process can reuse that connection. For Apache 1.3 there is a one to one mapping between apache httpd processes and Tomcat Ajp13Processors. You can end up with as many Ajp13Processors as you have httpd processes. So the MaxProcessors config needs to be greater than the max number of httpd processes used by apache. And each Ajp13Processor runs in its own thread waiting for a request from Apache. Regards, Glenn Lindsay Patten wrote: Thanks for the pointer Glenn, it was much appreciated! So, I've been doing thread stacktrace dumps, but what I found doesn't make a lot of sense to me. After restarting tomcat there were 5 processor threads all blocked on a monitor: Ajp13Processor[8085][0] daemon prio=1 tid=0x0x4f801b28 nid=0x45ae waiting on m onitor [bd9ff000..bd9ff8ac] at java.lang.Object.wait(Native Method) - waiting on 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at java.lang.Object.wait(Object.java:426) at org.apache.ajp.tomcat4.Ajp13Processor.await(Ajp13Processor.java:305) - locked 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:490) at java.lang.Thread.run(Thread.java:536) I presume these are waiting for the scheduler thread to pass them a request. A while later a bunch of background threads get spawned and I do another dump/trace, now there are a whole bunch of threads in a runnable state trying to read request packets: Ajp13Processor[8085][21] daemon prio=1 tid=0x0x8289b38 nid=0x70d6 runnable [ba fff000..bafff8ac] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:116) at org.apache.ajp.Ajp13.readN(Ajp13.java:429) at org.apache.ajp.Ajp13.receive(Ajp13.java:469) at org.apache.ajp.Ajp13.receiveNextRequest(Ajp13.java:274) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:371 ) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495) at java.lang.Thread.run(Thread.java:536) Despite the name receiveNextRequest, it looks like that method is being called to receive each request including the first. So, the ajp13 processor is sitting blocked waiting for a full ajp13 packet from apache and apache is not sending data and not closing the connection/socket. From the comments in the code it sounds like apache restarts periodically, closing the sockets and unblocking the read calls, at which point these processors return to the pool - so if apache restarts before you reach your threads limit you are ok. What I don't understand is how apache can be starting up ajp13 connections to tomcat and then not sending a full packet without this causing user visible failures. Shouldn't there be users getting page loads timing out on them? That doesn't seem to be happening. Does this indicate a fault in apache or is it normal for apache to send partial requests without closing the connection? Any further guidance? Thanks, Lindsay Glenn Nielsen wrote: One way to start debugging this type of problem is to tell the java process running Tomcat to do a Thread Stacktrace Dump. kill -QUIT java processid Then analyze the stack traces for all threads. Regards, Glenn Lindsay Patten wrote: Hi, I thought I would take a different tack on my problem with the Ajp13Processor using up all of its threads problem. Does anyone know if the Ajp13Processor has a timeout when it is looking for a worker to handle a request? If the worker threads were all swapped out and taking a long time to get going and respond, would the main thread start a new background thread instead of waiting? Or does it just have a list of available workers and blocks until the worker it selects responds? If it is the former that would explain my problem since I have experienced my processes getting swapped out and taking a long time to respond. The question would then become: is a way to specify how long the scheduler should wait before starting a new thread? At least I would have something I could take to my service provider. On the other hand if I knew for sure that the scheduler thread didn't have a timeout on worker threads than I could concentrate on looking elsewhere. Does anyone know? Or know where to look or ask short of reading the source? Thanks, Lindsay Lindsay Patten wrote: Hi, I am having a problem where tomcat keeps intermitantly starting new ajp13 processor threads, eventually it reaches the max and starts refusing connections. My hosting provider (linux machine) provides a private version of tomcat for each user with a single apache web server, there are typically a large number of processes on the machine (4000). My particular tomcat server (v4.0.3) is not being
Admin/Manager problems
Ok here it goes... I am a real newbie to java and tomcat, so please forgive my ignorance. I have tomcat 4.1.12 installed on a Mandrake 9.0 machine using the java sdk version 1.4.1.01. Everything seems to be running ok, tomcat starts and stops with out errors. I can access the tomcat server page on port 8080, but when I try to access the admin or the manager pages. When I try the password is not accepted. I have checked and modified the tomcat4-users.xml to no avail. When I try the admin page I enter the user name tomcat and the same for the password, I get this back. HTTP Status 403 - Access to the requested resource has been denied type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. Apache Tomcat/4.1 I have tried several variations, creating new users that are the same as local users on this box. I have looked for more information but I haven't had any luck. Can someone point me in the right direction? James Whittington -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
dont know whats happening :-(
in server.xml i tried to configure AJP1.3 connector to listen on 12009 port by the following entry in server.xml, but what ever value i enter there for port tomcat still uses 8009 .where is it picking that value from ??? Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=12009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=2 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: RE: John Turner or someone who responsible for Posting -- Re: How to Apache2, Tomcat4.1.2, JK2 ?
I have a working example of Apache 2.0.43 with Tomcat 4.1.2 using JK2 on Red Hat Linux 8.0. I had to fallback to methods used on a previous integration of Apache 1.3.24 with Tomcat 4.0.4 after looking at the Howtos that came with the 4.1.2 documentaton. That enabled me to quickly put together a workers.properties file. I can see why people might want to have some examples. Please let me know if you're interested in a separate post with what I did. After rebuilding apache, I was up and running in just a few minutes. -Original Message- From: yoom nguyen [mailto:ynguyen;e-integration.net] Sent: Friday, October 18, 2002 1:15 PM To: Tomcat Users List Subject: Re: RE: John Turner or someone who responsible for Posting -- Re: How to Apache2, Tomcat4.1.2, JK2 ? John I will be reading Craig McClannahan's email soon. Thanks for the link Yoom - Original Message - From: Turner, John [EMAIL PROTECTED] Date: Friday, October 18, 2002 8:54 am Subject: RE: John Turner or someone who responsible for Posting -- Re: How to Apache2, Tomcat4.1.2, JK2 ? I think what Robert is saying is that there doesn't have to be a big, organized effort in addition to the big, organized effort that is alreadyrunning. There is already a dev team doing documentation. While not perfect, they have a significant amount of documentation already completed. Starting a new project from scratch would be redundant. I think it would be more effective to contribute to the existing project as needed. Doing so doesn't require an organized group...everyone is welcome to get involved on their own, that is the nature of open source. Here is Craig McClanahan's reply on how to get involved in the already existing documentation effort: http://marc.theaimsgroup.com/?l=tomcat-devm=103357462430275w=2 John -Original Message- From: yoom nguyen [mailto:ynguyen;e-integration.net] Sent: Friday, October 18, 2002 12:04 AM To: Tomcat Users List Subject: Re: John Turner or someone who responsible for Posting - - Re: How to Apache2, Tomcat4.1.2, JK2 ? Robert Are you going to assist me to get this going? I would like to get as many volunters as possible if we are going to do this. We want to get it up and running instead of drag it on for many months to come, just because I am not a coder, but I am willing to learn. It sounds do able as Robert Sowders described but I definely need some help. Please send me an email if you know that you can help. Thanks, Yoom - Original Message - From: Robert L Sowders [EMAIL PROTECTED] Date: Thursday, October 17, 2002 10:46 pm Subject: Re: John Turner or someone who responsible for Posting -- Re: How to Apache2, Tomcat4.1.2, JK2 ? Oops, forgot to mention. Once you set everything up as xml then changing the docs to different formats is pretty much a snap. Transformers for http, text, and pdf are very common and available. You could conceivably make the docs available in any format known. Or language for that matter, but that is another topic. rls Robert L Sowders [EMAIL PROTECTED] 10/17/2002 07:24 PM Please respond to Tomcat Users List To: Tomcat Users List tomcat- [EMAIL PROTECTED] cc: Subject:Re: John Turner or someone who responsible for Posting -- Re: How to Apache2, Tomcat4.1.2, JK2 ? Hi Again, I had this discussion a couple of weeks ago and there was allot of interest in helping with the docs. The stumbling point as I see it is people just don't know how to submit changes to existing material or for that matter new material. If you want to write whole chapters then; Basically, very basically, what you do is get the tools necessary to participate in a xml documentation project. Then you'll need the DTDs and style templates that are already being used for the current documentation. These are available via anonymous cvs. If you are making new pages or chapters then you'll need the above stuff to view it locally and see if it's correct. Then you'll have to post it to the Tomcat-dev list and someone there will review it and commit it, if it applies. If your just correcting or extending an existing page; All you need to do is download your target via cvs, do your corrections with any text editor and then diff it using cvs and post it to the Tomcat-dev mailing list. Someone there with commit privs will look at it and commit it, if it's deemed ok. Actually the dev list people are pretty good about accepting the changes when they get them, but there is a gap in showing everyone how to contribute, so they just don't get much to work with. So if you want to start your OWN documentation effort then the first thing you need to do is set up a cvs server.
Realm Screen
hi... I am facing problem to access the realm screen in apache tomcat. I have installed tomact 4.0.4 in htdocs of apache1.3. I am able to get the realm screen when i access the following link in the location bar http://localhost/tomcat4.0/webapps/test/test.jsp; but I could not access my jsp files because the web context is set to webapps/test directory. But my requirement is to get the realm screen (basic authentication is done by Apcahe) when i try to access the following address http://localhost/test/test.jsp; (the web context for jsp files is set to webapps/test directory that is in server.xml).I have set the attribute tomcatAuthentication=false in server.xml of tomcat4.0.4. I have also tried installing tomcat4.0 outside apache, still the same issue U can find my addintions in these files with the string CLanka The following are my httpd.conf and server.xml *httpd.conf = # # Based upon the NCSA server configuration files originally by Rob McCool. # # This is the main Apache server configuration file. It contains the # configuration directives that give the server its instructions. # See URL:http://www.apache.org/docs/ for detailed information about # the directives. # # Do NOT simply read the instructions in here without understanding # what they do. They're here only as hints or reminders. If you are unsure # consult the online docs. You have been warned. # # After this file is processed, the server will look for and process # C:/Apache/conf/srm.conf and then C:/Apache/conf/access.conf # unless you have overridden these with ResourceConfig and/or # AccessConfig directives here. # # The configuration directives are grouped into three basic sections: # 1. Directives that control the operation of the Apache server process as a # whole (the 'global environment'). # 2. Directives that define the parameters of the 'main' or 'default' server, # which responds to requests that aren't handled by a virtual host. # These directives also provide default values for the settings # of all virtual hosts. # 3. Settings for virtual hosts, which allow Web requests to be sent to # different IP addresses or hostnames and have them handled by the # same Apache server process. # # Configuration and logfile names: If the filenames you specify for many # of the server's control files begin with / (or drive:/ for Win32), the # server will use that explicit path. If the filenames do *not* begin # with /, the value of ServerRoot is prepended -- so logs/foo.log # with ServerRoot set to /usr/local/apache will be interpreted by the # server as /usr/local/apache/logs/foo.log. # # NOTE: Where filenames are specified, you must use forward slashes # instead of backslashes (e.g., c:/apache instead of c:\apache). # If a drive letter is omitted, the drive on which Apache.exe is located # will be used by default. It is recommended that you always supply # an explicit drive letter in absolute paths, however, to avoid # confusion. # ### Section 1: Global Environment # # The directives in this section affect the overall operation of Apache, # such as the number of concurrent requests it can handle or where it # can find its configuration files. # # # ServerType is either inetd, or standalone. Inetd mode is only supported on # Unix platforms. # ServerType standalone # # ServerRoot: The top of the directory tree under which the server's # configuration, error, and log files are kept. # # Do NOT add a slash at the end of the directory path. # ServerRoot C:/Apache # # PidFile: The file in which the server should record its process # identification number when it starts. # PidFile logs/httpd.pid # # ScoreBoardFile: File used to store internal server process information. # Not all architectures require this. But if yours does (you'll know because # this file will be created when you run Apache) then you *must* ensure that # no two invocations of Apache share the same scoreboard file. # ScoreBoardFile logs/apache_status # # In the standard configuration, the server will process httpd.conf, # srm.conf, and access.conf in that order. The latter two files are # now distributed empty, as it is recommended that all directives # be kept in a single file for simplicity. The commented-out values # below are the built-in defaults. You can have the server ignore # these files altogether by using /dev/null (for Unix) or # nul (for Win32) for the arguments to the directives. # #ResourceConfig conf/srm.conf #AccessConfig conf/access.conf # # Timeout: The number of seconds before receives and sends time out. # Timeout 300 # # KeepAlive: Whether or not to allow persistent connections (more than # one request per connection). Set to Off to deactivate. # KeepAlive On # # MaxKeepAliveRequests: The maximum number of requests to allow # during a persistent connection. Set to 0 to allow an unlimited amount. # We reccomend you leave this number high, for
servlets stoped working but jsp works
Hi, i'm using tomcat 4.1.12 and mod_jk For some strange reason all servlets stoped working and return messages like: description The requested resource (/catalina/examples/servlet/RequestInfoExample) is not available when called. But the jsp pages work fine(within the same contexts in which servlets don't work). I have NOT changed the mod_jk and the xml files. Also i do not find any error messages in the logs. Does anyone have an idea what could go wrong? Thanks. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Ajp13Processor starting background threads under low load
Thanks again Glenn! Now I've got something concrete to take to my service provider for resolution. Cheers, Lindsay Glenn Nielsen wrote: Once an Apache process opens a socket connection to Tomcat for Ajp that connection remains open until that httpd process dies. That way the httpd process can reuse that connection. For Apache 1.3 there is a one to one mapping between apache httpd processes and Tomcat Ajp13Processors. You can end up with as many Ajp13Processors as you have httpd processes. So the MaxProcessors config needs to be greater than the max number of httpd processes used by apache. And each Ajp13Processor runs in its own thread waiting for a request from Apache. Regards, Glenn Lindsay Patten wrote: Thanks for the pointer Glenn, it was much appreciated! So, I've been doing thread stacktrace dumps, but what I found doesn't make a lot of sense to me. After restarting tomcat there were 5 processor threads all blocked on a monitor: Ajp13Processor[8085][0] daemon prio=1 tid=0x0x4f801b28 nid=0x45ae waiting on m onitor [bd9ff000..bd9ff8ac] at java.lang.Object.wait(Native Method) - waiting on 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at java.lang.Object.wait(Object.java:426) at org.apache.ajp.tomcat4.Ajp13Processor.await(Ajp13Processor.java:305) - locked 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:490) at java.lang.Thread.run(Thread.java:536) I presume these are waiting for the scheduler thread to pass them a request. A while later a bunch of background threads get spawned and I do another dump/trace, now there are a whole bunch of threads in a runnable state trying to read request packets: Ajp13Processor[8085][21] daemon prio=1 tid=0x0x8289b38 nid=0x70d6 runnable [ba fff000..bafff8ac] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:116) at org.apache.ajp.Ajp13.readN(Ajp13.java:429) at org.apache.ajp.Ajp13.receive(Ajp13.java:469) at org.apache.ajp.Ajp13.receiveNextRequest(Ajp13.java:274) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:371 ) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495) at java.lang.Thread.run(Thread.java:536) Despite the name receiveNextRequest, it looks like that method is being called to receive each request including the first. So, the ajp13 processor is sitting blocked waiting for a full ajp13 packet from apache and apache is not sending data and not closing the connection/socket. From the comments in the code it sounds like apache restarts periodically, closing the sockets and unblocking the read calls, at which point these processors return to the pool - so if apache restarts before you reach your threads limit you are ok. What I don't understand is how apache can be starting up ajp13 connections to tomcat and then not sending a full packet without this causing user visible failures. Shouldn't there be users getting page loads timing out on them? That doesn't seem to be happening. Does this indicate a fault in apache or is it normal for apache to send partial requests without closing the connection? Any further guidance? Thanks, Lindsay Glenn Nielsen wrote: One way to start debugging this type of problem is to tell the java process running Tomcat to do a Thread Stacktrace Dump. kill -QUIT java processid Then analyze the stack traces for all threads. Regards, Glenn Lindsay Patten wrote: Hi, I thought I would take a different tack on my problem with the Ajp13Processor using up all of its threads problem. Does anyone know if the Ajp13Processor has a timeout when it is looking for a worker to handle a request? If the worker threads were all swapped out and taking a long time to get going and respond, would the main thread start a new background thread instead of waiting? Or does it just have a list of available workers and blocks until the worker it selects responds? If it is the former that would explain my problem since I have experienced my processes getting swapped out and taking a long time to respond. The question would then become: is a way to specify how long the scheduler should wait before starting a new thread? At least I would have something I could take to my service provider. On the other hand if I knew for sure that the scheduler thread didn't have a timeout on worker threads than I could concentrate on looking elsewhere. Does anyone know? Or know where to look or ask short of reading the source? Thanks, Lindsay Lindsay Patten wrote: Hi, I am having a problem where tomcat keeps intermitantly starting new ajp13 processor threads, eventually it reaches the max and starts refusing connections. My hosting provider (linux machine) provides a private version of tomcat for each user with a
Re: problem with session tracking and redirection http--- https
Henrik Bentel wrote: One of my problems is that I can't find anything in the servlet or tomcat documentation that mentiones any of this behaviour. If there is any, please send me the link. Hi Henrik, I couldn't find anything specific in the Servlet Spec, but in general it's just not a good idea, as you may as well not use https at all. It's not just the servlet spec that you need to be aware of, but this is a more general HTTP/HTTPS problem. RFC2109 is not really clear on the topic, other than section 8.3 which talks about Unexpected Cookie Sharing. However there is an extension to this RFC, RFC2965 Port Sensitive Cookies. Basically, you can't guarantee that the browser is going to send back the cookie if the ports are different Also, since any time session tracking is used it can be picked up by someone, all use of https should stay strictly under https(ok, I'm over doing it). So basically if a webapp has any sensitive information, it should solely use https protocol for all transmissions, if using session tracking? You're not over doing it. If you want to provide some security or protection of authentication then the entire session _must_ be encrypted or you may as well not bother. I don't see why the servlet container should force this behaviour. You can do your own session tracking if you want to. Just set your own cookies and use that. The servlet container provides a very convenient way of doing it. Of course, you'll have the same transition problems that the inbuild session management has. Shouldn't it be up to the developer to determine what is a security issue and not? Just like JSP doesn't neccesseraly force the separation of business logic and content, just allowing it, should the servlet container force a restrictive behaviour of session tracking? A lot of web sites don't want the over head of sending everything over https. Only parts of it for secure user validation. But they still want session tracking. They may do, but they're broken if they don't keep an authentication session safe under ssl. Of course the session tracking can be used at different times for non crucial session tracking. Just as a simple example: So let's say you use the existence of an http session as a validation for a logged in user, but you don't store any vital information. And you only allow http sessions to be created under https protocol to secure the submition of password. Beyond that point, no sensitive data is shared, so users can be redirected back to http protocol. You really need to read up on how HTTP and the servlet spec says sessions are done. Basically HTTP is stateless and sessions are faked by transferring chunks of data between the client and the server. This may be via cookies or URL rewriting. For the sake of convenience, we'll use the cookie method in the example, but this is _not_ necessarily the only way that sessions may be tracked. So, you login securely under username and password admin/secret and those pieces of information are gone and lost forever. However, to maintain the session over the stateless protocol the server sets a cookie in the browser SECRET_COOKIE=aaa56722derf. Now, as you transition to HTTP that piece of information is sent to the server in plain text that anybody can read. So, me being the evil wily hacker grabs that information, and sets a cookie in my evil hacked mozilla browser which will allow me to set arbitrary cookies and bingo, I'm now you. With tomcat 4, the only way to use the same method would be to create a http seesion for every http request, then redirect to https, add some kind of validation flags in the session object, then redirect back. This to me is worse, as a DoS attack could force the servlet container to create a http session for every Request, really putting a strain on your container. I can't possibly think of any circumstance where you would need to perform such a contrived mechanism. In fact, I can't even understand what you're trying to do here. [ snip of rest of post ] -- Jon Eaves [EMAIL PROTECTED] http://www.eaves.org/jon/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
PropertyChangeSupport with tomcat
Hello List I am new with JSP and I have tomcat 4.1.12 running with apache 2.0, IBM JDK 1.3 and mod_webapp under Debian Linux. Now I have written two simple beans to test the PropertyChangeSupport feature of the Java beans. One bean fires a property change and the other bean ist the listener, that should receive the change. Unfortunately it seems to me that this feature is not supported by tomcat. I load both beans in a jsp with the usebean directive (scope='session'). The beans work fine, I can set and get properties but the PorpertyChangeSupport doesn't work. I even do not now whether the property change event ist fired or not. Do I have to do some special confiuration to use the PropertyChangeSupport with tomcat or isn't it possible at all. I am thankful for every kind of help. best regards markus -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Help: Tomcat not reloading classes
I have the following line in server.xml: Context path= docBase=ROOT debug=0 reloadable=true/ This seems to work for jsp files in $TOMCAT_HOME/webapps/ROOT but is not working for class file in $TOMCAT_HOME/webapps/ROOT/WEB-INF/classes Did I miss something? This is tomcat 4.1.2 using jdk 1.3.1_05. Thanks, CC -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Cannot serve a WAV file from a 4.1.12 web application
Hello, I'm developing a web application running under Tomcat 4.1.12. When I try to serve a WAV file from the initial JSP file, the file is not heard. This line was used in the JSP file: EMBED src=/voting/audio/startpage/startpage.wav HIDDEN=true autostart=true/EMBED If I try to access the WAV file directly under IE 5.5, the error is that resource not available. Some possibly relevant facts: - If I put a TXT or GIF file in that same directory under the web app, it is served. - There is no security explicitly set up at this point. - If a WAV file smaller than 4K is used, it does not work either. - I did put a mime-mapping entry into the web.xml file, but it did not work either. - The audio portion of this web app does work under JRun 4.1. Thanks, Ann
Re: Ajp13Processor starting background threads under low load
Thanks for the pointer Glenn, it was much appreciated! So, I've been doing thread stacktrace dumps, but what I found doesn't make a lot of sense to me. After restarting tomcat there were 5 processor threads all blocked on a monitor: Ajp13Processor[8085][0] daemon prio=1 tid=0x0x4f801b28 nid=0x45ae waiting on m onitor [bd9ff000..bd9ff8ac] at java.lang.Object.wait(Native Method) - waiting on 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at java.lang.Object.wait(Object.java:426) at org.apache.ajp.tomcat4.Ajp13Processor.await(Ajp13Processor.java:305) - locked 0x446602c0 (a org.apache.ajp.tomcat4.Ajp13Processor) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:490) at java.lang.Thread.run(Thread.java:536) I presume these are waiting for the scheduler thread to pass them a request. A while later a bunch of background threads get spawned and I do another dump/trace, now there are a whole bunch of threads in a runnable state trying to read request packets: Ajp13Processor[8085][21] daemon prio=1 tid=0x0x8289b38 nid=0x70d6 runnable [ba fff000..bafff8ac] at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:116) at org.apache.ajp.Ajp13.readN(Ajp13.java:429) at org.apache.ajp.Ajp13.receive(Ajp13.java:469) at org.apache.ajp.Ajp13.receiveNextRequest(Ajp13.java:274) at org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:371 ) at org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:495) at java.lang.Thread.run(Thread.java:536) Despite the name receiveNextRequest, it looks like that method is being called to receive each request including the first. So, the ajp13 processor is sitting blocked waiting for a full ajp13 packet from apache and apache is not sending data and not closing the connection/socket. From the comments in the code it sounds like apache restarts periodically, closing the sockets and unblocking the read calls, at which point these processors return to the pool - so if apache restarts before you reach your threads limit you are ok. What I don't understand is how apache can be starting up ajp13 connections to tomcat and then not sending a full packet without this causing user visible failures. Shouldn't there be users getting page loads timing out on them? That doesn't seem to be happening. Does this indicate a fault in apache or is it normal for apache to send partial requests without closing the connection? Any further guidance? Thanks, Lindsay Glenn Nielsen wrote: One way to start debugging this type of problem is to tell the java process running Tomcat to do a Thread Stacktrace Dump. kill -QUIT java processid Then analyze the stack traces for all threads. Regards, Glenn Lindsay Patten wrote: Hi, I thought I would take a different tack on my problem with the Ajp13Processor using up all of its threads problem. Does anyone know if the Ajp13Processor has a timeout when it is looking for a worker to handle a request? If the worker threads were all swapped out and taking a long time to get going and respond, would the main thread start a new background thread instead of waiting? Or does it just have a list of available workers and blocks until the worker it selects responds? If it is the former that would explain my problem since I have experienced my processes getting swapped out and taking a long time to respond. The question would then become: is a way to specify how long the scheduler should wait before starting a new thread? At least I would have something I could take to my service provider. On the other hand if I knew for sure that the scheduler thread didn't have a timeout on worker threads than I could concentrate on looking elsewhere. Does anyone know? Or know where to look or ask short of reading the source? Thanks, Lindsay Lindsay Patten wrote: Hi, I am having a problem where tomcat keeps intermitantly starting new ajp13 processor threads, eventually it reaches the max and starts refusing connections. My hosting provider (linux machine) provides a private version of tomcat for each user with a single apache web server, there are typically a large number of processes on the machine (4000). My particular tomcat server (v4.0.3) is not being loaded at all but the ajp13processor threads don't seem to not get reused under some circumstances that I don't understand. I have added logging statements in my jsp pages and the pages appear to run to completion. Each jsp page accesses some info from a mysql db and displays it (*Summary) or takes some data from a form and sticks it in the db (Page). The system will often run for several hours and hundreds of requests without starting any threads, but then sometimes, as below, it starts new threads for almost every request for a while. Is there a way to determine if the
Re: problem with session tracking and redirection http--- https
my 2 cents: encrypting session information such as encrypted urls or cookies dont buy anything. they can be sniffed , and sent back. or worse things can happen. Security is not cheap so forget finding an inexpensive way. thats one big problem with open protocols, you know exactly where to get the information and the stucture of information. SSL seems to be the cheapest way of doing business online as of now.
Re: My Start and Stop Tomcat windows do not stay up
i get this error when my server.xml is not properly configuered. did u add context element to ur server.xl ? if i am correct, this exception is saying that your server.xml doesnt adheres to dtd. so pls check it [EMAIL PROTECTED] wrote: Hi I have installed Tomcat 4.1.12 on my XP machine. I got the screen telling me that Tomcat was installed successfully. However, neither the Start or Stop DOS windows stay up. I understand that this problem could be overcome by increasing Initial Environment field to 4096. In order to do this, I need to right click the DOS window and click on Properties and then the Memory tab. In Windows XP right clicking on the DOS window and clicking on properties does not bring up a Memory tab. How do I increase the Initial Environment in XP? Also, I checked the logs folder to see if I could get some further information on the state of Tomcat and found the following in the stderr file. Can you tell me what this means and how I can correct it? It appears that logs are written whenever I do a cold start of my PC. Is this correct? Thanks - I am a new user of Tomcat and am taking a course on Internet Server Programming so any help you can give me would be greatly appreciated. Ann Oct 20, 2002 12:53:44 PM org.apache.commons.digester.Digester error SEVERE: Parse Error at line 17 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security -constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*) . org.xml.sax.SAXParseException: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,res ource-env-ref*,resource-ref*,security-constraint*,login-config?,security-role* ,env-entry*,ejb-ref*,ejb-local-ref*). at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandle rWrapper.java:232) at org.apache.xerces.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:173) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:362) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:296) at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(XMLDTDValidator.ja va:1953) at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(XMLDTDValidator.java:878 ) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.handleEndElement(XMLDocu mentFragmentScannerImpl.java:1144) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocume ntFragmentScannerImpl.java:987) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatche r.dispatch(XMLDocumentFragmentScannerImpl.java:1445) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocument FragmentScannerImpl.java:333) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:524) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:580) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1169) at org.apache.commons.digester.Digester.parse(Digester.java:1495) at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java :282) at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:24 3) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport. java:166) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3493) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:821 ) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.jav a:257) at org.apache.catalina.core.StandardHost.install(StandardHost.java:772) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:569) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:411) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:879) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:368) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport. java:166) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1196) at org.apache.catalina.core.StandardHost.start(StandardHost.java:738) at
Re: Multiple Tomcat Security Realms
On Sat, 19 Oct 2002, grenoml wrote: Date: Sat, 19 Oct 2002 13:33:16 -0700 (PDT) From: grenoml [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Subject: Re: Multiple Tomcat Security Realms I went through the REALM HOW-TO also. It just tells you how to setup the various realm types but not how to configure multiple realms. It's there, but sort of subtle. The key point is that you can nest a Realm element in three different places in server.xml, to get three different results: * Nest inside Engine to affect all webapps on all virtual hosts. This is how things are set up in the default Tomcat server.xml file. * Nest inside Host to affect all webapps on that virtual host, but no others. * Nest inside Context to affect only that single webapp. The search for the relevant realm is hierarchical, starting from the most specific to the least specific. So, one way to deal with your scenario would be to simply leave the default setup alone (so that it supports the admin and manager webapps as it does currently), then define a Context element for each of your specific applications -- and nest a Realm inside each of those Context elements to configure its own security setup. An alternate approach would be appropriate if you wanted to use the same JDBCRealm for all apps *except* admin and manager: * Move the existing Realm element from inside the Engine to inside new Context elements for the admin and manager webapps * Make your JDBCRealm the default one (nested in the Engine element) for all other apps. Craig -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
RE: there are type: HTTP Status 404 -/tomcat-docs...
Yufeng, I'm pretty new to this so others may have better info. Check your path to make sure that tomcat-docs is in the webapps folder [%CATALINA_HOME\webapps\tomcat-docs] and that you have a WEB-INF in your tomcat-docs folder. Hope that helps..experienced ones please correct me if needed. Bob -Original Message- From: [mailto:czyf2001;hotmail.com] Sent: Sunday, October 20, 2002 3:37 AM To: [EMAIL PROTECTED] Subject: there are type: HTTP Status 404 -/tomcat-docs... hi tomcat, when I saw tomcat's index.jsp and there is If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations! till I click Tomcat Documentation .there are type: HTTP Status 404 - /tomcat-docs type Status report message /tomcat-docs description The requested resource (/tomcat-docs) is not available. Apache Tomcat/4.1.12-LE-jdk14 what shall i do?Could you will give me some advice and help me to configue it right!! thanks! I will glad to hear form you. yours yufeng _ ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/lccn/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Does tc-4.12 have bugs with nested jsp tags?
Hi, my nested JSP tags (nesting level 3-4) work fine under tc-4.0.4 but they seem to be bugy with tc-4.12. Are there known JSP issues with tc-4.12? Zsolt -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: problem with session tracking and redirection http--- https
On Sat, 19 Oct 2002, Henrik Bentel wrote: Date: Sat, 19 Oct 2002 19:08:35 + From: Henrik Bentel [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: problem with session tracking and redirection http--- https One of my problems is that I can't find anything in the servlet or tomcat documentation that mentiones any of this behaviour. If there is any, please send me the link. It's not specific to servlets at all ... it's a fundamental issue for anything running across http/https that wants to do the equivalent of sessions. Also, since any time session tracking is used it can be picked up by someone, all use of https should stay strictly under https(ok, I'm over doing it). So basically if a webapp has any sensitive information, it should solely use https protocol for all transmissions, if using session tracking? Not necessarily. Consider an ecommerce site. You'd typically maintain the shopping cart as some sort of collection in a session attribute. You could easily make the case that this information is not particularly sensitive (especially if you haven't collected any personal identification information yet). So, it's quite reasonable to run this part of the app across http. However, once you go to the checkout phase of the app, you should switch to https for the screen that submits the credit card details and that sort of thing, so that nobody can snoop that data as it's being transmitted. However, you are not done yet. Once a particular session has been switched from http to https, it MUST contain logic to never accept a subsequent request (for that session) from http again. Otherwise, your app is subject to attacks like repeatedly submitting the Purchase Confirmation form again, and causing multiple orders to be submitted. I don't see why the servlet container should force this behaviour. Shouldn't it be up to the developer to determine what is a security issue and not? The http-https transition is supported by the servlet spec (and by Tomcat). That's what the transport-guarantee element in a security constraint is for. The https-http transition is not supported because it is fundamentally flawed, and it would be irresponsible for the container to allow naive developers to unknowningly create vulnerable applications. Just like JSP doesn't neccesseraly force the separation of business logic and content, just allowing it, should the servlet container force a restrictive behaviour of session tracking? A lot of web sites don't want the over head of sending everything over https. Only parts of it for secure user validation. But they still want session tracking. Just as a simple example: So let's say you use the existence of an http session as a validation for a logged in user, but you don't store any vital information. And you only allow http sessions to be created under https protocol to secure the submition of password. Beyond that point, no sensitive data is shared, so users can be redirected back to http protocol. No you *cannot* do this safely (from a security perspective). The reason is that the session id *itself* is security sensitive information (because you stored state information in the session that login was successful). Once you switch back into http, the session id is transmitted in clear text, and is subject to hijacking. Anyone on the internet can submit requests using that session id, and the requsts will be executed by your app as if they were submitted by the person who was originally authenticated. Developers who feel that it's sufficient to use https only for the login screen, but want to use http for the rest of the session, are fooling themselves that they have accomplished anything useful (from a security perspective). With tomcat 4, the only way to use the same method would be to create a http seesion for every http request, then redirect to https, add some kind of validation flags in the session object, then redirect back. This to me is worse, as a DoS attack could force the servlet container to create a http session for every Request, really putting a strain on your container. The example probably isn't a good example for how a typical website enforces secure validation, but I just want to raise the point that the hole is still there, since sessions created under http are available in all schemes. It could just as easily be misused by a developer. You are correct that the restriction I'm talking about doesn't deal with DoS attacks based on causing lots of sessions to be created. It deals with a completely different issue. Craig -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
there are type: HTTP Status 404 -/tomcat-docs...
hi tomcat, when I saw tomcat's index.jsp and there is If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations! till I click Tomcat Documentation .there are type: HTTP Status 404 - /tomcat-docs type Status report message /tomcat-docs description The requested resource (/tomcat-docs) is not available. Apache Tomcat/4.1.12-LE-jdk14 what shall i do?Could you will give me some advice and help me to configue it right!! thanks! I will glad to hear form you. yours yufeng _ ÓëÁª»úµÄÅóÓѽøÐн»Á÷£¬ÇëʹÓà MSN Messenger: http://messenger.msn.com/lccn/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Error handling in ServletContextListener/investigating tomcat startup errors
Hey, If I have problems in an implementation of ServletContextListener, TC refuses to give me a reason. How can I log the error message? To generate an error, I divided by zero. A more likely (and less avoidable) exception is NamingException (what I expect). [code] public void contextInitialized(ServletContextEvent event) { try{ Database.init(); Mailer.init(); int i = 0; int j = 1/i; } catch (Exception ne){ // doesn't do anything. System.err.println(ne.fillInStackTrace()); //ne.printStackTrace(); } } [/code] Here's the log file: 2002-10-20 03:25:07 [org.apache.catalina.connector.warp.WarpConnector] Error accepting requests java.net.SocketException: Software caused connection abort at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:421) at java.net.ServerSocket.implAccept(ServerSocket.java:243) at java.net.ServerSocket.accept(ServerSocket.java:222) at org.apache.catalina.connector.warp.WarpConnector.run(WarpConnector.java:590) at java.lang.Thread.run(Thread.java:496) In general, it is annoying when TC refuses to start. I'd like to have some sort of meaningful message as to why. How can I get a meaningful exception/error msg? = Garrett Needs A Job __ Do you Yahoo!? Y! Web Hosting - Let the expert host your web site http://webhosting.yahoo.com/ -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: My Start and Stop Tomcat windows do not stay up
Hello AnnWenzel, Are you sure that Tomcat isn't already running as a service? If Tomcat is already listening to the ports that a new instance would try to listen to, then you would get that behavior. The window would just close. For easier debugging, you might want to open a command prompt and cd to where the tomcat startup batch files are and run them via the command line rather than double clicking the batch files. That way, you should see some error messages in the console. Jake Sunday, October 20, 2002, 2:52:55 PM, you wrote: Hi I have installed Tomcat 4.1.12 on my XP machine. I got the screen telling me that Tomcat was installed successfully. However, neither the Start or Stop DOS windows stay up. I understand that this problem could be overcome by increasing Initial Environment field to 4096. In order to do this, I need to right click the DOS window and click on Properties and then the Memory tab. In Windows XP right clicking on the DOS window and clicking on properties does not bring up a Memory tab. How do I increase the Initial Environment in XP? Also, I checked the logs folder to see if I could get some further information on the state of Tomcat and found the following in the stderr file. Can you tell me what this means and how I can correct it? It appears that logs are written whenever I do a cold start of my PC. Is this correct? Thanks - I am a new user of Tomcat and am taking a course on Internet Server Programming so any help you can give me would be greatly appreciated. Ann Oct 20, 2002 12:53:44 PM org.apache.commons.digester.Digester error SEVERE: Parse Error at line 17 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security -constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*) . org.xml.sax.SAXParseException: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,res ource-env-ref*,resource-ref*,security-constraint*,login-config?,security-role* ,env-entry*,ejb-ref*,ejb-local-ref*). at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandle rWrapper.java:232) at org.apache.xerces.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:173) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:362) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:296) at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(XMLDTDValidator.ja va:1953) at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(XMLDTDValidator.java:878 ) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.handleEndElement(XMLDocu mentFragmentScannerImpl.java:1144) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocume ntFragmentScannerImpl.java:987) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatche r.dispatch(XMLDocumentFragmentScannerImpl.java:1445) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocument FragmentScannerImpl.java:333) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:524) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:580) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1169) at org.apache.commons.digester.Digester.parse(Digester.java:1495) at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java :282) at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:24 3) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport. java:166) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3493) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:821 ) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.jav a:257) at org.apache.catalina.core.StandardHost.install(StandardHost.java:772) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:569) at
My Start and Stop Tomcat windows do not stay up
Hi I have installed Tomcat 4.1.12 on my XP machine. I got the screen telling me that Tomcat was installed successfully. However, neither the Start or Stop DOS windows stay up. I understand that this problem could be overcome by increasing Initial Environment field to 4096. In order to do this, I need to right click the DOS window and click on Properties and then the Memory tab. In Windows XP right clicking on the DOS window and clicking on properties does not bring up a Memory tab. How do I increase the Initial Environment in XP? Also, I checked the logs folder to see if I could get some further information on the state of Tomcat and found the following in the stderr file. Can you tell me what this means and how I can correct it? It appears that logs are written whenever I do a cold start of my PC. Is this correct? Thanks - I am a new user of Tomcat and am taking a course on Internet Server Programming so any help you can give me would be greatly appreciated. Ann Oct 20, 2002 12:53:44 PM org.apache.commons.digester.Digester error SEVERE: Parse Error at line 17 column 11: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,resource-env-ref*,resource-ref*,security -constraint*,login-config?,security-role*,env-entry*,ejb-ref*,ejb-local-ref*) . org.xml.sax.SAXParseException: The content of element type web-app must match (icon?,display-name?,description?,distributable?,context-param*,filter*,filte r-mapping*,listener*,servlet*,servlet-mapping*,session-config?,mime-mapping*,w elcome-file-list?,error-page*,taglib*,res ource-env-ref*,resource-ref*,security-constraint*,login-config?,security-role* ,env-entry*,ejb-ref*,ejb-local-ref*). at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandle rWrapper.java:232) at org.apache.xerces.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:173) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:362) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:296) at org.apache.xerces.impl.dtd.XMLDTDValidator.handleEndElement(XMLDTDValidator.ja va:1953) at org.apache.xerces.impl.dtd.XMLDTDValidator.endElement(XMLDTDValidator.java:878 ) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.handleEndElement(XMLDocu mentFragmentScannerImpl.java:1144) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanEndElement(XMLDocume ntFragmentScannerImpl.java:987) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatche r.dispatch(XMLDocumentFragmentScannerImpl.java:1445) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocument FragmentScannerImpl.java:333) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:524) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:580) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1169) at org.apache.commons.digester.Digester.parse(Digester.java:1495) at org.apache.catalina.startup.ContextConfig.applicationConfig(ContextConfig.java :282) at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:639) at org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:24 3) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport. java:166) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3493) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:821 ) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:807) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:579) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.jav a:257) at org.apache.catalina.core.StandardHost.install(StandardHost.java:772) at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:569) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:411) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:879) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:368) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport. java:166) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1196) at org.apache.catalina.core.StandardHost.start(StandardHost.java:738) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347) at
problem building mod_jserv.so
Hi I have been trying to build mod_jserv.so ld -G -o mod_jserv.so mod_jserv.o jserv_wrapper_win.o jserv_wrapper_unix.o jserv_wrapper.o jserv_watchdog.o jserv_utils.o jserv_status.o jserv_protocols.o jserv_mmap.o jserv_image.o jserv_balance.o jserv_ajpv12.o jserv_ajpv11.o autochange.o apxs:Break: Command failed with rc=16777215 this is what i get... can anyone help -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Apache + SSL + TOMCAT4 + mod_jk : problem (Socket Timeout) : Help
Hello, I have surfed the net thourouly, including Tomcat NessGroups, and did not find an answer to my problem ; May I ask : I am running Tomcat4 + Apache + SSL + Mod _JK on RH 8.0; I had configure Apache to and Tomcat to use SSL (including uncommenting the SSL connector lines in server.xml of tomcat , and creating a changeit with alias tomcat with -keytool . I am using the (default) 8543. I am creating an SLLSocket on this port from the client side ; when I am sending a post request. I see (while debugging) that there is a SocketTimeOut exception. (This happens when HttpProcessor calls parseRequest() and we reach the readRequestLine() in the SocketInputStream. When I set connectionTimeout to -1 , to disable timeout , I do not have this Exception , but I see that the data in the input stream does not exist. When I run the same code and just cretae a Non-SSL socket (on a different port, 8180) everyhting is OK. Do you have any idea what the problen can be ? rr ___ Sent by TalkMil WEBMail Server MailVision Inc. http://www.mailvision.net -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: servlets stoped working but jsp works
You need to pay attention to the security notices: http://jakarta.apache.org/site/news.html#0924.1 The invoker servlet has been disabled by default to close a security hole. Basically, the source of your JSP page could be revealed via a specially crafted URL. If you *really* need to enable the servlet invoker, go into $CATALINA_HOME/conf/web.xml and uncomment the servlet-mapping for the invoker servlet. Then restart Tomcat. However, you should be providing servlet mappings for servlet you want to run. Look into an MVC framework like Struts or Barracuda to see how you can map a single servlet which then invokes all your other servlets. Jake At 03:10 PM 10/20/2002 +0200, you wrote: Hi, i'm using tomcat 4.1.12 and mod_jk For some strange reason all servlets stoped working and return messages like: description The requested resource (/catalina/examples/servlet/RequestInfoExample) is not available when called. But the jsp pages work fine(within the same contexts in which servlets don't work). I have NOT changed the mod_jk and the xml files. Also i do not find any error messages in the logs. Does anyone have an idea what could go wrong? Thanks. -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Re: Cannot serve a WAV file from a 4.1.12 web application
Honesty compels me to say that the solution is to make sure the the filename is cased correctly. Tomcat is on Linux, JRun is on Windows 2000, and the files were named *.WAV. 'Nuff said.-))) Thanks, Ann - Original Message - From: Ann Marie Carulli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, October 20, 2002 12:30 AM Subject: Cannot serve a WAV file from a 4.1.12 web application Hello, I'm developing a web application running under Tomcat 4.1.12. When I try to serve a WAV file from the initial JSP file, the file is not heard. This line was used in the JSP file: EMBED src=/voting/audio/startpage/startpage.wav HIDDEN=true autostart=true/EMBED If I try to access the WAV file directly under IE 5.5, the error is that resource not available. Some possibly relevant facts: - If I put a TXT or GIF file in that same directory under the web app, it is served. - There is no security explicitly set up at this point. - If a WAV file smaller than 4K is used, it does not work either. - I did put a mime-mapping entry into the web.xml file, but it did not work either. - The audio portion of this web app does work under JRun 4.1. Thanks, Ann -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org
Sendmail error
While attempting to test the sendmail.jsp example from a Tomcat 4.1.12 installation I keep running the following error: ENCOUNTERED EXCEPTION: javax.mail.SendFailedException: Sending failed; nested exception is: javax.mail.MessagingException: Could not connect to SMTP host: home.hitokiri.com, port: 25; nested exception is: java.net.ConnectException: Connection refused Where would I check to resolve this issue? I don't understand why the connection is being refused since I use the same SMTP host name to send email out from from my email program. And there's no authentication needed to send out emails from that host (which is localhost anyway). Any ideas? -Ben -- To unsubscribe, e-mail: mailto:tomcat-user-unsubscribe;jakarta.apache.org For additional commands, e-mail: mailto:tomcat-user-help;jakarta.apache.org