Strange request.setAttribute() problem
Hello, I come across a problem with TC4.1.24 and hope fellow list users
can help me...
I set a variable in a servlet by calling:
request.setAttribute(itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
A JSP will then detect if this variable exists or not by:
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
I have two different web browsers opened (say, one IE and one Opera),
and both eventually will come to the page containing the code above.
The strange thing is that if the variable itemnumber is set via IE,
the same itemnumber will be seen at Opera!
This shouldn't happen as both have different session ID, and are
completely unrelated.
Who has come across this problem? How can I work around this?
Thanks!
RE: Re[2]: Running Tomcat as Non-Root
No, this shouldn't be a problem if you setup tomcat correctly. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/proxy-howto.html (Note: I havn't tried it on my own) Most documentation that I found about the configuration of tomcat for running as non root on port 1024 are missing this point: http://www-106.ibm.com/developerworks/java/library/l-secjav.htm http://www.klawitter.de/tomcat80.html Here is one in german that includes this topic: http://3plus4software.de/news/20020617.html (Even without understanding german, you should be able to find the relevant information) -Original Message- From: Anton Tagunov [mailto:[EMAIL PROTECTED] Sent: Thursday, July 24, 2003 7:45 AM To: Tomcat Users List Subject: Re[2]: Running Tomcat as Non-Root Hello Ralph! RE You can run a java service on ports 1024 without being root with RE portmappers, proxies, iptables and several other tools Hmm.., but won't this make the request.getRequestURI() and alike create incorrect URL-s, like http://smth.smth.smth:8080/aaa/b.jsp instead of http://smth.smth.smth:80/aaa/b.jsp or http://smth.smth.smth/aaa/b.jsp This might be a big problem! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apachectl startssl complains about _default_443 (amongst other things...)
Hi. I compiled mod_ssl into my apache2 and got openssl to generate server.key into .../conf/server.key and server.crt into .../conf/server.crt Then I modified httpd.conf IfModule mod_ssl.c Include /path/to/ssl.conf /IfModule Also, I commented out all the explicitly named virtual hosts in VirtualHost blabla ... /VirtualHost because I expect troubles there. In ssl.conf, I modified the following lines so they have the same parameter values as in httpd.conf : VirtualHost _default_:443 DocumentRoot /path/to/html ServerName www.my.domain.com:80 ... In httpd.conf I used the BIOS name e.g. ServerName BIOSNAME:80 ... SSLEngine on ... SSLCertificateFile /path/to/conf/ssl.crt/server.crt SSLCertificateFile /path/to/conf/ssl.key/server.key ... When I start apache again with # apachectl startssl I got the following messages : [error] VirtualHost_default_:443 -- mixing * port and non-* ports with a NameVirtualHost address is not supported: proceeding with unidentified results. Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog) ... Can some kind souls tell me wha I have done wrong now. I didn't use RedHat's default directories in /etc/httpd/conf, but that's hardly a mea culpa. Arrgh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Q] Is it safe to create threads in Tomcat web-apps?
I've mainly worked in BEA WebLogic before and from colleagues and other sources I have heard it is not recommended (and sometimes not allowed, some even said) to create threads in your application. Indeed, when the application went live in a multi-server clustered environment, we got very inconsistent results because of the threads, so we had to remove them. Question is, how safe is it to create threads in a Tomcat web-app? I would assume worker threads are ok, i.e. threads you create to do a specific task and then it terminates. When you are guaranteed the thread will terminate either because of an error or because the assigned task has been completed. But what about monitor threads, i.e. threads that does a Thread.sleep(x) for an hour, check some condition and goes back to sleep... some mechanism you implement to e.g. do a task on a hourly/daily/weekly base. You'd create the thread (and keep a handle to it) in either an InitServlet.init() and then Thread.interrupt() in the InitServlet.destroy(), or you can do it in an ApplicationListener (something like that) class which I think you can define in the web.xml. How else can you implement that (monitoring) in Tomcat? __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[4]: Tomcat: SSL client authentication
Hi Bill,
Thanks for answering.
I did solve the problem.
My client certificate is not self-signed (as I pointed out in 2.-4.).
So I have a certificate signed by my CA.
The problem was solved by setting CATALINA_OPTS system variable before
starting Tomcat:
set CATALINA_OPTS=-Djavax.net.ssl.trustStore=server.truststore
where server.truststore contains only imported CA certificate.
It seems that Tomcat doesn't use %JAVA_HOME%\jre\lib\security\cacerts
as a truststore by default (I did import CA cert into the cacerts) as
I understood from previous discussions.
Thanks!
Dmitry.
BB From your 1., your client cert is self-signed, not signed by your CA cert.
BB Since this amounts to telling the server I am Dmitry, because I said so,
BB it's a security-risk to accept self-signed client certs, so most HTTPS
BB servers won't accept them. (Of course, it is also the same security-risk to
BB accept self-signed server-certs. However, there is a big difference between
BB clicking Ok in the browser's dialog box, and paging the webmaster at 3AM to
BB agree to accept it ;-).
BB The easiest thing would be to get a Thawte client-cert (since you don't have
BB to pay for it), and use that instead of your self-signed one. For testing,
BB that is what I do (except that I use my Verisign cert, since my employer
BB pays for that one :). At least with Sun's JSSE, Thawte's Root cert is
BB installed in cacerts by default. Setting up your own CA is only needed if
BB you have to hand out your own client-certs when you move to production.
BB Dmitry S.Rogulin [EMAIL PROTECTED] wrote in message
BB news:[EMAIL PROTECTED]
But (as I pointed out in 3.,4. and 6) I have client cert and CA cert.
The latter I imported to the cacert.
I tried to do the same without Tomact but with very simple HTTP(s)
server and got the same result. So I suggest that I did something
wrong with creating/importing certs.
But what's wrong?
BB You can't generally use a self-signed client cert with JSSE (you can
BB configure PureTLS to accept it, but another bug means that you'd have
BB to
BB wait for 4.1.26). The work-around is way too much trouble for the
BB sysadmin,
BB and I don't feel like being an enabler for a true hideous design. So,
BB you'll just have to read the JSSE docs for yourself ;-).
BB If you need to issue your own client-certs, I'd suggest setting up
BB your own
BB CA (with OpenSSL or otherwise), and import your CA's cert into
BB cacerts. You
BB can then hand out client certs, and Tomcat will accept them.
BB Dmitry S.Rogulin wrote in message
BB news:[EMAIL PROTECTED]
Hello all,
Sorry for the previous e-mail. %)
This theme was discussed about month ago. I tried to use what I've
found but I'm still having a problem...
I'm trying to do SSL client authentication with Tomcat 4.1.18
BB (clientAuth=true).
1. I've generated a client certificate using keytool:
keytool -genkey -alias tomcat-cl -keyalg RSA -keystore
BB client.keystore
2. Then I created Certificate Signing Request:
keytool -certreq -keyalg RSA -alias tomcat-cl -file
BB certreq.csr -keystore client.keystore
3. I sent it to CA and got a signed certificate and CA Certificate.
4. I imported them to the client keystore:
keytool -import -alias root -keystore client.keystore -file cacert
keytool -import -alias tomcat-cl -keystore client.keystore -file
BB usercert
5. I exported server certificate and imported it as a trusted to the
trusted keystore:
keytool -import -trustcacerts -alias tomcat -file
BB server.cer -keystore
BB trust.keystore
6. I imported CA Certificate to \jre\lib\security\cacerts :
keytool -import -file cacert -keystore
BB %java_home%\jre\lib\security\cacerts -storepass changeit
I'm running Tomcat and test client on the same machine.
Server keystore: %USERHOME%\.keystore
Client keystore: %USERHOME%\client.keystore
Client trusted keystore: %USERHOME%\trust.keystore
Test Client:
import java.net.*;
import java.io.*;
import java.util.*;
import java.security.*;
import javax.net.ssl.*;
public class SimpleClient {
public static void main(String[] args) {
System.setProperty(javax.net.ssl.trustStore,
BB System.getProperty(user.home)+File.separator +trust.keystore);
System.setProperty(javax.net.ssl.keyStore,
BB System.getProperty(user.home)+File.separator +client.keystore);
System.setProperty(javax.net.ssl.keyStorePassword,
BB changeit);
InputStream is = null;
OutputStream os = new ByteArrayOutputStream();
try {
URL url = new
BB URL(https://localhost:8443/readme.txt;);
try {
is = url.openStream();
byte[] buffer = new byte[4096];
int
default admin login/password?
I am trying to use Tomcat installation that comes with JBuilder 9 version: 4.1.24 What is the default admin login and password and where is it stored? I checked tomcat-users.xml but none of the entries from that file work. Tried hunting the documentation but couldnt find the answer. Thanks in advance amol - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: default admin login/password?
Okay. got it. i added a admin role and user with that role to tomcat-users.xml and tried with that. it works. thanks amol - Original Message - From: amol [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:49 PM Subject: default admin login/password? I am trying to use Tomcat installation that comes with JBuilder 9 version: 4.1.24 What is the default admin login and password and where is it stored? I checked tomcat-users.xml but none of the entries from that file work. Tried hunting the documentation but couldnt find the answer. Thanks in advance amol - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
siteminder headers
Hello, Anyone know how to make the IIS-Tomcat connector pass data through shared memory, as mentioned in the following post: http://www.mail-archive.com/[EMAIL PROTECTED]/msg36732.html Specificly, I'm running into the same problem as the original poster where Siteminder header data is not being passed correctly from IIS to Tomcat. Thanks ahead of time for any help, -Holden - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ant question: compile native code
Hi, I want to use ant to compile some native C code (part of my web application). Before searching around: can someone tell me how I have to modify my build.xml (for my web application) to make it automatically compile the C code and create the header file (via javah jni ...) or where to look? Thanks. Astrid - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[newbie] Executing class files
Hello all I would like my tomcat 4.1.24 to execute .class files. Tomcat runs in standalone mode port 8080. No pb with jsp files. I tried several configurations modifying server.xml and tomcat.conf to map my .class files folder. Tomcat never found them (404). I have difficulties to understand all subtilities of Tomcat configuration... Could anyone tell me what modification i have to do in conf files ? Many thanks Olivier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [newbie] Executing class files
You don't map class files to your folder in tomcat. You should pack everything into your own webapp directory and deploy it into the $TOMCAT_HOME/webapps directory. Here's a short article that might help you out : http://jakarta.apache.org/tomcat/tomcat-4.1-doc/appdev/index.html For more info the servlet specification you can get that at http://java.sun.com Olivier Marie wrote: I tried several configurations modifying server.xml and tomcat.conf to map my .class files folder. Tomcat never found them (404). I have difficulties to understand all subtilities of Tomcat configuration... Could anyone tell me what modification i have to do in conf files ? Many thanks Olivier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Strange request.setAttribute() problem
This is the correct behavior. In this scenario, you are operating on the
request, not the session.
request.getParameter -- Get stuff from the query string (or input stream if
post) - a per request thing
request.setAttribute -- Set an attribute in the life of this particular request
-Tim
Charles So wrote:
Hello, I come across a problem with TC4.1.24 and hope fellow list users
can help me...
I set a variable in a servlet by calling:
request.setAttribute(itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
A JSP will then detect if this variable exists or not by:
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
I have two different web browsers opened (say, one IE and one Opera),
and both eventually will come to the page containing the code above.
The strange thing is that if the variable itemnumber is set via IE,
the same itemnumber will be seen at Opera!
This shouldn't happen as both have different session ID, and are
completely unrelated.
Who has come across this problem? How can I work around this?
Thanks!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - If you create threads - what are their scope? Daemon, non-daemon? - If you create non-daemon threads - be prepared for the consequences such as the JVM not going away on tomcat shutdown unless you have taken the needed precautions. - If you create dameon only threads, be prepared for when tomcat shuts down and your daemon still has work to do because the JVM could exit before your thread is ready to complete its unit of work - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? -Tim Riaan Oberholzer wrote: I've mainly worked in BEA WebLogic before and from colleagues and other sources I have heard it is not recommended (and sometimes not allowed, some even said) to create threads in your application. Indeed, when the application went live in a multi-server clustered environment, we got very inconsistent results because of the threads, so we had to remove them. Question is, how safe is it to create threads in a Tomcat web-app? I would assume worker threads are ok, i.e. threads you create to do a specific task and then it terminates. When you are guaranteed the thread will terminate either because of an error or because the assigned task has been completed. But what about monitor threads, i.e. threads that does a Thread.sleep(x) for an hour, check some condition and goes back to sleep... some mechanism you implement to e.g. do a task on a hourly/daily/weekly base. You'd create the thread (and keep a handle to it) in either an InitServlet.init() and then Thread.interrupt() in the InitServlet.destroy(), or you can do it in an ApplicationListener (something like that) class which I think you can define in the web.xml. How else can you implement that (monitoring) in Tomcat? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? --- Tim Funk [EMAIL PROTECTED] wrote: You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - If you create threads - what are their scope? Daemon, non-daemon? - If you create non-daemon threads - be prepared for the consequences such as the JVM not going away on tomcat shutdown unless you have taken the needed precautions. - If you create dameon only threads, be prepared for when tomcat shuts down and your daemon still has work to do because the JVM could exit before your thread is ready to complete its unit of work - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? -Tim Riaan Oberholzer wrote: I've mainly worked in BEA WebLogic before and from colleagues and other sources I have heard it is not recommended (and sometimes not allowed, some even said) to create threads in your application. Indeed, when the application went live in a multi-server clustered environment, we got very inconsistent results because of the threads, so we had to remove them. Question is, how safe is it to create threads in a Tomcat web-app? I would assume worker threads are ok, i.e. threads you create to do a specific task and then it terminates. When you are guaranteed the thread will terminate either because of an error or because the assigned task has been completed. But what about monitor threads, i.e. threads that does a Thread.sleep(x) for an hour, check some condition and goes back to sleep... some mechanism you implement to e.g. do a task on a hourly/daily/weekly base. You'd create the thread (and keep a handle to it) in either an InitServlet.init() and then Thread.interrupt() in the InitServlet.destroy(), or you can do it in an ApplicationListener (something like that) class which I think you can define in the web.xml. How else can you implement that (monitoring) in Tomcat? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
Hello Riaan, you might want to check out jcrontab. http://jcrontab.sourceforge.net Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? --- Tim Funk [EMAIL PROTECTED] wrote: You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - If you create threads - what are their scope? Daemon, non-daemon? - If you create non-daemon threads - be prepared for the consequences such as the JVM not going away on tomcat shutdown unless you have taken the needed precautions. - If you create dameon only threads, be prepared for when tomcat shuts down and your daemon still has work to do because the JVM could exit before your thread is ready to complete its unit of work - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? -Tim Riaan Oberholzer wrote: I've mainly worked in BEA WebLogic before and from colleagues and other sources I have heard it is not recommended (and sometimes not allowed, some even said) to create threads in your application. Indeed, when the application went live in a multi-server clustered environment, we got very inconsistent results because of the threads, so we had to remove them. Question is, how safe is it to create threads in a Tomcat web-app? I would assume worker threads are ok, i.e. threads you create to do a specific task and then it terminates. When you are guaranteed the thread will terminate either because of an error or because the assigned task has been completed. But what about monitor threads, i.e. threads that does a Thread.sleep(x) for an hour, check some condition and goes back to sleep... some mechanism you implement to e.g. do a task on a hourly/daily/weekly base. You'd create the thread (and keep a handle to it) in either an InitServlet.init() and then Thread.interrupt() in the InitServlet.destroy(), or you can do it in an ApplicationListener (something like that) class which I think you can define in the web.xml. How else can you implement that (monitoring) in Tomcat? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Easy question on Tomcat 4.0 and SSL+HTTPS via localhost:8843. Loc k-Icon disappear from the Browser.
Hi Jay, I do not think so because all the application use virtual url, so I just build links as /servelt/ and on IExplorer Status Bar the message browser displays https://localhos:portnumber/and so on... Very abnormal... -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: viernes, 25 de julio de 2003 17:05 To: 'Tomcat Users List' Subject: RE: Easy question on Tomcat 4.0 and SSL+HTTPS via localhost:8843. Loc k-Icon disappear from the Browser. Check the 'next page' link if its http or https -Original Message- From: Zaragoza, Carles [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 6:38 AM To: Tomcat Users List ([EMAIL PROTECTED]) Subject: Easy question on Tomcat 4.0 and SSL+HTTPS via localhost:8843. Loc k-Icon disappear from the Browser. I have installed the SSL support for Tomcat 4.0.4 and almost everything works. I followed all the guidelines from http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html But for instance when I type https://localhost:8443/ https://localhost:8443/ into my browser it works, my Internet Ms-Explorer 6.0 shows me the Certificate form in order to accepted it, on the right-bottom area an lock-icon appears telling me that this transaction In under Secure guide but on the next page, the lock icon disappears. Could somebody help me out? Have a nice weekend, Carles Zaragoza. -- The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps? (JCrontab)
This looks promising, but what do they do differently than just starting a deamon thread and doing some background work? Why bother with this if you can start your own custom thread, or do they do something else? --- Kwok Peng Tuck [EMAIL PROTECTED] wrote: Hello Riaan, you might want to check out jcrontab. http://jcrontab.sourceforge.net Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? --- Tim Funk [EMAIL PROTECTED] wrote: You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - If you create threads - what are their scope? Daemon, non-daemon? - If you create non-daemon threads - be prepared for the consequences such as the JVM not going away on tomcat shutdown unless you have taken the needed precautions. - If you create dameon only threads, be prepared for when tomcat shuts down and your daemon still has work to do because the JVM could exit before your thread is ready to complete its unit of work - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? -Tim Riaan Oberholzer wrote: I've mainly worked in BEA WebLogic before and from colleagues and other sources I have heard it is not recommended (and sometimes not allowed, some even said) to create threads in your application. Indeed, when the application went live in a multi-server clustered environment, we got very inconsistent results because of the threads, so we had to remove them. Question is, how safe is it to create threads in a Tomcat web-app? I would assume worker threads are ok, i.e. threads you create to do a specific task and then it terminates. When you are guaranteed the thread will terminate either because of an error or because the assigned task has been completed. But what about monitor threads, i.e. threads that does a Thread.sleep(x) for an hour, check some condition and goes back to sleep... some mechanism you implement to e.g. do a task on a hourly/daily/weekly base. You'd create the thread (and keep a handle to it) in either an InitServlet.init() and then Thread.interrupt() in the InitServlet.destroy(), or you can do it in an ApplicationListener (something like that) class which I think you can define in the web.xml. How else can you implement that (monitoring) in Tomcat? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements then running your stats program on the logs. This way - tomcat can crash (or other strange occurences may occur) and you lose no data. If the data is already logged, then the first solution (cron + wget) will work well too. -Tim Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
... nice suggestion, but I am delivering an application as a .war file to a 3rd party and they just want the .war (+ context.xml) with everything in it hence, no other applications checking the logs or database. All functionality must come from the .war running in Tomcat. It is very important: all functionality must be encapsulated in the .war file. (I have no idea what cron +wegt is???) I guess a daemon thread will be my choice solution for now... what the thread does, is check a database daily for a certain false condition and send an e-mail to all users in question warning them about the current status. E.g. if you have to submit your timesheet by Friday 17:00, then you'll get a warning on Friday at 12:00 if it is not done yet something like that. --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements then running your stats program on the logs. This way - tomcat can crash (or other strange occurences may occur) and you lose no data. If the data is already logged, then the first solution (cron + wget) will work well too. -Tim Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
jk2 over seperate servers
Hi, I have got jk2 (mod_jk2-2.0.43.so) working with Apache and Tomcat on the same server (Windows XP). Now I want to use a RedHat 8 box for Apache and the XP box for Tomcat. I have setup the workers2.properties file as per some examples I have seen, but I get an Internal Server Error when I try it out. Apache reports: [error] channelSocket.open() connect failed localhost:8009 111 Connection refused Why is it trying to connect to localhost when I have specified otherwise in workers2.properties?? How does the shared memory file work when Apache and Tomcat are on sperate servers??? Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: jk2 over seperate servers
Sorry... thats Apache 2.0.43 and Tomcat 4.1.18-LE-jdk14 -Original Message- Hi, I have got jk2 (mod_jk2-2.0.43.so) working with Apache and Tomcat on the same server (Windows XP). Now I want to use a RedHat 8 box for Apache and the XP box for Tomcat. I have setup the workers2.properties file as per some examples I have seen, but I get an Internal Server Error when I try it out. Apache reports: [error] channelSocket.open() connect failed localhost:8009 111 Connection refused Why is it trying to connect to localhost when I have specified otherwise in workers2.properties?? How does the shared memory file work when Apache and Tomcat are on sperate servers??? Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 over seperate servers
Sorry... That's Apache 2.0.43 and Tomcat 4.1.18-LE-jdk14 - Original Message - Hi, I have got jk2 (mod_jk2-2.0.43.so) working with Apache and Tomcat on the same server (Windows XP). Now I want to use a RedHat 8 box for Apache and the XP box for Tomcat. I have setup the workers2.properties file as per some examples I have seen, but I get an Internal Server Error when I try it out. Apache reports: [error] channelSocket.open() connect failed localhost:8009 111 Connection refused Why is it trying to connect to localhost when I have specified otherwise in workers2.properties?? How does the shared memory file work when Apache and Tomcat are on sperate servers??? Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Ant. Newbie.
Hi, I want to use Ant to build my web-application. I have downloaded the package and unzipped. In the manual it says I have to execute the program build -Ddist.dir=directory_to_contain_Ant_distribution dist in order to build Ant. I do not find this build executable? I have not found any information on how to use Ant to build a web-app? Can I have some help, please Gustavo. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OpenSSL : sign CA with sign.sh
Hi.
My saga to sign my own CA with sign.sh continues, but I encountered this
error :
...
# ./sign.sh server.csr sign.log
Using configuration from ca.config
unable to load CA private key
2124:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:662:Expecting: ANY PRIVATE KEY
server.crt: No such file or directory
2125:error:02001002:system library:fopen:No such file or
directory:bss_file.c:245:fopen('server.crt','r')
2125:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:247:
...
Okay, so people say borrow a tuppence from uncle scrooge and buy one
from Verisign...
But, gee, it would be nice if I could test the signing of my own
certificates.
Quo vadis ?
TIA :{
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 over seperate servers
Sorry guys - school boy error. - Original Message - From: Martin Smith [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:55 PM Subject: Re: jk2 over seperate servers Sorry... That's Apache 2.0.43 and Tomcat 4.1.18-LE-jdk14 - Original Message - Hi, I have got jk2 (mod_jk2-2.0.43.so) working with Apache and Tomcat on the same server (Windows XP). Now I want to use a RedHat 8 box for Apache and the XP box for Tomcat. I have setup the workers2.properties file as per some examples I have seen, but I get an Internal Server Error when I try it out. Apache reports: [error] channelSocket.open() connect failed localhost:8009 111 Connection refused Why is it trying to connect to localhost when I have specified otherwise in workers2.properties?? How does the shared memory file work when Apache and Tomcat are on sperate servers??? Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Filter and servlet mapping problem
I have written a filter for my webapp where i catch the response and Rewrite all URLs with a timestamp for bypassing some proxies that ignore The settings i set on my webserver (e.g. no-cache, no-store,...). The Filter works fine, but i haveto modify the requests when the reache my webserver. I am able to do this, but this only works if i the servlets i access are mapped in the web.xml of tomcat in the conf directory. The servlets that are mapped within the web.xmnl in the current context are not found. For explaining my problem a little more here an example: I have a URL like /myjsp.jsp I rewrite ist with /myjsp_timstamp_in_millis.jsp (timstamp_in_millis is the current timestamp) I filter this to /myjsp.jsp if the user requests the rewritten URL For .jsps that are mapped in the conf/web.xml file (by the default jsp servlet) anything works But i have some more servlet and some special jsp mappings that are mapped within the context and here i recieve an 404 although the servlet pathe and the URI are set correctly. Any advice is welcome Burkard Endres
Re: Apache/Tomcat-RPM Install-how to
You don't. That's the whole point of an RPM. If you want to dictate where things go, download binary versions or source versions. John Hari Om wrote: how can I tell RPM (Red Hat Packet Manager) to install package in a certain directory? I am using Red Hat Linux 7.1 I tried following: -- #rpm -ivh apache.rpm -- How can I tell RPM to install Apache in /usr/local (or any other userdefined directory)? _ Add photos to your e-mail with MSN 8. Get 2 months FREE*. http://join.msn.com/?page=features/featuredemail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
cron = scheduler wget = command line HTTP/HTTPS client The requirement for delivering everything in a WAR file is all nice and dandy, but if you think about it, the requirement automatically breaks the other requirement: scheduling. If you cannot have a log file, and you cannot access a database, how will you ever be able to determine elapsed time, which is the primary requirement for a scheduler? How can you determine status like when was the last time it was run, etc? How can you reset your clock if the app is shutdown? How do you know the app has been shutdown due to an external event? John Riaan Oberholzer wrote: ... nice suggestion, but I am delivering an application as a .war file to a 3rd party and they just want the .war (+ context.xml) with everything in it hence, no other applications checking the logs or database. All functionality must come from the .war running in Tomcat. It is very important: all functionality must be encapsulated in the .war file. (I have no idea what cron +wegt is???) I guess a daemon thread will be my choice solution for now... what the thread does, is check a database daily for a certain false condition and send an e-mail to all users in question warning them about the current status. E.g. if you have to submit your timesheet by Friday 17:00, then you'll get a warning on Friday at 12:00 if it is not done yet something like that. --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements then running your stats program on the logs. This way - tomcat can crash (or other strange occurences may occur) and you lose no data. If the data is already logged, then the first solution (cron + wget) will work well too. -Tim Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: performance of serving static data? apache or tomcat
Do you know of any load testing tools for apache/tomcat that support testing when a mutually authenticated SSL connnection is required ? Tim Funk wrote: yes and no. The browser makes a request to apache. Then the request is proxied to tomcat. When the servlet has been served, the browser issues a keep-alive and reuses the apache socket connection to get any other assets (such as images) needed. 2 requests, one connection. With the numerous speed improvements in tomcat 4.1 and 5 - there might not be much (if any) difference in speed for a low (relative term) volume site. You'll need to load test to see how things scale. -Tim [EMAIL PROTECTED] wrote: I am working on a servlet that will be served from tomcat which is connected to apache. Currently I have the servlet being handled by tomcat, and the image handled by apache. Won't this require 2 get requests by the browser? One being the image, and one being the servlet? Unfortunately, this is an SSL protected site and none of the pages are cached. So my question is, what is the best approach with performance in mind? What is the fasted way to get the image and dynamic HTML back to the browser ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: [Q] Is it safe to create threads in Tomcat web-apps?
Perhaps I should give a better explanation of how the application works: I deliver a .war file. I do have access to an underlying database. The scheduled tasks perform more on a is time reached than has time elapsed principle... eg, it triggers when is it past midnight? instead of has 24 hours elapsed?. I cannot see why creating a daemon thread cannot cater for this. You just start the thread in the init method of the InitServlet (or any servlet you create with start-when-app-starts). What am I missing here? Why can't I use this method? If Tomcat crashes and the app gets restarted, my thread will be restarted as well, so no problem there. The thread should also only be running while the web-app is (LONG story why that is so, so I won't give details... in short, if the web-app is down, it is seen as critical and all else must be halted). --- John Turner [EMAIL PROTECTED] wrote: cron = scheduler wget = command line HTTP/HTTPS client The requirement for delivering everything in a WAR file is all nice and dandy, but if you think about it, the requirement automatically breaks the other requirement: scheduling. If you cannot have a log file, and you cannot access a database, how will you ever be able to determine elapsed time, which is the primary requirement for a scheduler? How can you determine status like when was the last time it was run, etc? How can you reset your clock if the app is shutdown? How do you know the app has been shutdown due to an external event? John Riaan Oberholzer wrote: ... nice suggestion, but I am delivering an application as a .war file to a 3rd party and they just want the .war (+ context.xml) with everything in it hence, no other applications checking the logs or database. All functionality must come from the .war running in Tomcat. It is very important: all functionality must be encapsulated in the .war file. (I have no idea what cron +wegt is???) I guess a daemon thread will be my choice solution for now... what the thread does, is check a database daily for a certain false condition and send an e-mail to all users in question warning them about the current status. E.g. if you have to submit your timesheet by Friday 17:00, then you'll get a warning on Friday at 12:00 if it is not done yet something like that. --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements then running your stats program on the logs. This way - tomcat can crash (or other strange occurences may occur) and you lose no data. If the data is already logged, then the first solution (cron + wget) will work well too. -Tim Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OFF-TOPIC] Re: apachectl startssl complains about _default_443 (amongstother things...)
You CAN'T declare a VirtualHost on port 443 (_default_:443) and then immediately tell it that the ServerName is port 80 (ServerName www.mydomain.com:80). This is no longer a Tomcat issue. My suggestion: take it to an Apache list. John [EMAIL PROTECTED] wrote: Hi. I compiled mod_ssl into my apache2 and got openssl to generate server.key into .../conf/server.key and server.crt into .../conf/server.crt Then I modified httpd.conf IfModule mod_ssl.c Include /path/to/ssl.conf /IfModule Also, I commented out all the explicitly named virtual hosts in VirtualHost blabla ... /VirtualHost because I expect troubles there. In ssl.conf, I modified the following lines so they have the same parameter values as in httpd.conf : VirtualHost _default_:443 DocumentRoot /path/to/html ServerName www.my.domain.com:80 ... In httpd.conf I used the BIOS name e.g. ServerName BIOSNAME:80 ... SSLEngine on ... SSLCertificateFile /path/to/conf/ssl.crt/server.crt SSLCertificateFile /path/to/conf/ssl.key/server.key ... When I start apache again with # apachectl startssl I got the following messages : [error] VirtualHost_default_:443 -- mixing * port and non-* ports with a NameVirtualHost address is not supported: proceeding with unidentified results. Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog) ... Can some kind souls tell me wha I have done wrong now. I didn't use RedHat's default directories in /etc/httpd/conf, but that's hardly a mea culpa. Arrgh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apachectl startssl complains about _default_443 (amongstother things...)
I was going thru this same process last week. It seems that Apache doesn't like NameVirtualHost *. I think you need to use xxx.xxx.xxx.xxx:80 instead and make references to the IP address instead of VirtualHost * Good luck Dov Rosenberg On 7/28/03 1:02 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi. I compiled mod_ssl into my apache2 and got openssl to generate server.key into .../conf/server.key and server.crt into .../conf/server.crt Then I modified httpd.conf IfModule mod_ssl.c Include /path/to/ssl.conf /IfModule Also, I commented out all the explicitly named virtual hosts in VirtualHost blabla ... /VirtualHost because I expect troubles there. In ssl.conf, I modified the following lines so they have the same parameter values as in httpd.conf : VirtualHost _default_:443 DocumentRoot /path/to/html ServerName www.my.domain.com:80 ... In httpd.conf I used the BIOS name e.g. ServerName BIOSNAME:80 ... SSLEngine on ... SSLCertificateFile /path/to/conf/ssl.crt/server.crt SSLCertificateFile /path/to/conf/ssl.key/server.key ... When I start apache again with # apachectl startssl I got the following messages : [error] VirtualHost_default_:443 -- mixing * port and non-* ports with a NameVirtualHost address is not supported: proceeding with unidentified results. Apache/2.0.40 mod_ssl/2.0.40 (Pass Phrase Dialog) ... Can some kind souls tell me wha I have done wrong now. I didn't use RedHat's default directories in /etc/httpd/conf, but that's hardly a mea culpa. Arrgh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
Nobody, from what I can tell, is saying can't. You did ask, though. If you're willing to be diligent about coding your threads, go for it. I think the point of previous posts was that in many cases, there is no need for such a thing as your asking. There are always exceptions to the rule, though. For example: the question is it past midnight would never be asked if you were to use the operating system, since with something like cron (built in scheduler), the operating already knows if its past midnight. Thus, the question becomes not a question but a command: its past midnight, go find all of the people who have a status of X and remind them to change their status to Y. The effort, then, is spent on the business logic, not on trying to figure out if its time to spend time on the business logic. The alternative is to spend resources constantly wondering if a specific time is reached. For one or two events, no problem. Start getting busy, start having 10 or 20 events, and it becomes a problem, not just from a resource standpoint, but from an administration and synchronization standpoint. John Riaan Oberholzer wrote: Perhaps I should give a better explanation of how the application works: I deliver a .war file. I do have access to an underlying database. The scheduled tasks perform more on a is time reached than has time elapsed principle... eg, it triggers when is it past midnight? instead of has 24 hours elapsed?. I cannot see why creating a daemon thread cannot cater for this. You just start the thread in the init method of the InitServlet (or any servlet you create with start-when-app-starts). What am I missing here? Why can't I use this method? If Tomcat crashes and the app gets restarted, my thread will be restarted as well, so no problem there. The thread should also only be running while the web-app is (LONG story why that is so, so I won't give details... in short, if the web-app is down, it is seen as critical and all else must be halted). --- John Turner [EMAIL PROTECTED] wrote: cron = scheduler wget = command line HTTP/HTTPS client The requirement for delivering everything in a WAR file is all nice and dandy, but if you think about it, the requirement automatically breaks the other requirement: scheduling. If you cannot have a log file, and you cannot access a database, how will you ever be able to determine elapsed time, which is the primary requirement for a scheduler? How can you determine status like when was the last time it was run, etc? How can you reset your clock if the app is shutdown? How do you know the app has been shutdown due to an external event? John Riaan Oberholzer wrote: ... nice suggestion, but I am delivering an application as a .war file to a 3rd party and they just want the .war (+ context.xml) with everything in it hence, no other applications checking the logs or database. All functionality must come from the .war running in Tomcat. It is very important: all functionality must be encapsulated in the .war file. (I have no idea what cron +wegt is???) I guess a daemon thread will be my choice solution for now... what the thread does, is check a database daily for a certain false condition and send an e-mail to all users in question warning them about the current status. E.g. if you have to submit your timesheet by Friday 17:00, then you'll get a warning on Friday at 12:00 if it is not done yet something like that. --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements then running your stats program on the logs. This way - tomcat can crash (or other strange occurences may occur) and you lose no data. If the data is already logged, then the first solution (cron + wget) will work well too. -Tim Riaan Oberholzer wrote: Well, that was part of my question if I cannot/don't implement daemon threads to do e.g. automatic daily tasks, what else? E.g, at the end of the day send an e-mail to a (real life) manager with a summary of the day's transactions something like that. Does Tomcat provide some sort of ActionEvent which you can configure to be fired every x milliseconds? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For
Re: jk2 over seperate servers
Hi, How about posting your workers2.properties file? -e On Mon, 28 Jul 2003, Martin Smith wrote: Sorry guys - school boy error. - Original Message - From: Martin Smith [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:55 PM Subject: Re: jk2 over seperate servers Sorry... That's Apache 2.0.43 and Tomcat 4.1.18-LE-jdk14 - Original Message - Hi, I have got jk2 (mod_jk2-2.0.43.so) working with Apache and Tomcat on the same server (Windows XP). Now I want to use a RedHat 8 box for Apache and the XP box for Tomcat. I have setup the workers2.properties file as per some examples I have seen, but I get an Internal Server Error when I try it out. Apache reports: [error] channelSocket.open() connect failed localhost:8009 111 Connection refused Why is it trying to connect to localhost when I have specified otherwise in workers2.properties?? How does the shared memory file work when Apache and Tomcat are on sperate servers??? Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
You're right, no-one said I can't. :) I was hoping someone who has actually used it could give some feedback about it. The (obvious) reason why the scheduled task also cannot be active if the web-app is not active, is that the scheduled task requires users to use web-app. Eg, Friday at 15:00 you get an e-mail to fill in your time-sheet if it has not been done. If the web-app is not active, then there is no point in sending the mail. If you do, then the sysop is going to get 1000 mails/phone call from users saying I need to fill out my timesheet, but the app is down!. Purely a user requirement. I think you can see the logic behind this. When the web-app comes alive again, the first thing that will be done, is to send the warnings and people can get back to filling out timesheets. It won't be a heavy burderned task... thread.sleep for 1 hour eg and then do one date/time check I think that wouldn't be too heavy on performance. Thanks for the feedback, though. --- John Turner [EMAIL PROTECTED] wrote: Nobody, from what I can tell, is saying can't. You did ask, though. If you're willing to be diligent about coding your threads, go for it. I think the point of previous posts was that in many cases, there is no need for such a thing as your asking. There are always exceptions to the rule, though. For example: the question is it past midnight would never be asked if you were to use the operating system, since with something like cron (built in scheduler), the operating already knows if its past midnight. Thus, the question becomes not a question but a command: its past midnight, go find all of the people who have a status of X and remind them to change their status to Y. The effort, then, is spent on the business logic, not on trying to figure out if its time to spend time on the business logic. The alternative is to spend resources constantly wondering if a specific time is reached. For one or two events, no problem. Start getting busy, start having 10 or 20 events, and it becomes a problem, not just from a resource standpoint, but from an administration and synchronization standpoint. John Riaan Oberholzer wrote: Perhaps I should give a better explanation of how the application works: I deliver a .war file. I do have access to an underlying database. The scheduled tasks perform more on a is time reached than has time elapsed principle... eg, it triggers when is it past midnight? instead of has 24 hours elapsed?. I cannot see why creating a daemon thread cannot cater for this. You just start the thread in the init method of the InitServlet (or any servlet you create with start-when-app-starts). What am I missing here? Why can't I use this method? If Tomcat crashes and the app gets restarted, my thread will be restarted as well, so no problem there. The thread should also only be running while the web-app is (LONG story why that is so, so I won't give details... in short, if the web-app is down, it is seen as critical and all else must be halted). --- John Turner [EMAIL PROTECTED] wrote: cron = scheduler wget = command line HTTP/HTTPS client The requirement for delivering everything in a WAR file is all nice and dandy, but if you think about it, the requirement automatically breaks the other requirement: scheduling. If you cannot have a log file, and you cannot access a database, how will you ever be able to determine elapsed time, which is the primary requirement for a scheduler? How can you determine status like when was the last time it was run, etc? How can you reset your clock if the app is shutdown? How do you know the app has been shutdown due to an external event? John Riaan Oberholzer wrote: ... nice suggestion, but I am delivering an application as a .war file to a 3rd party and they just want the .war (+ context.xml) with everything in it hence, no other applications checking the logs or database. All functionality must come from the .war running in Tomcat. It is very important: all functionality must be encapsulated in the .war file. (I have no idea what cron +wegt is???) I guess a daemon thread will be my choice solution for now... what the thread does, is check a database daily for a certain false condition and send an e-mail to all users in question warning them about the current status. E.g. if you have to submit your timesheet by Friday 17:00, then you'll get a warning on Friday at 12:00 if it is not done yet something like that. --- Tim Funk [EMAIL PROTECTED] wrote: Tomcat doesn't provide this but other simple solutions exist such as exposing a URL and using cron + wget. (Some may also say kludge too) As for aggregating statistics - I would recommend using a log file to record the essential measurements
RE: [Q] Is it safe to create threads in Tomcat web-apps?
Howdy, I cannot see why creating a daemon thread cannot cater for this. You just start the thread in the init method of the InitServlet (or any servlet you create with start-when-app-starts). I'm actually a fan of the background daemon-thread approach, and think the user-threading limitations in full J2EE containers is unfortunate (although I know where it comes from). Be careful about starting and stopping threads in the init/destroy methods of servlets, however, as the container can create/destroy your servlets (including load-on-startup servlets) almost whenever it wants to. Consider using a context listener instead. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [Q] Is it safe to create threads in Tomcat web-apps?
Yep, thanks... I've heard from other sources as well that the ServletContextListener approach is better. It gives me some comfort knowing other people find the approach safe and without too many pitfalls. :) --- Shapira, Yoav [EMAIL PROTECTED] wrote: Howdy, I cannot see why creating a daemon thread cannot cater for this. You just start the thread in the init method of the InitServlet (or any servlet you create with start-when-app-starts). I'm actually a fan of the background daemon-thread approach, and think the user-threading limitations in full J2EE containers is unfortunate (although I know where it comes from). Be careful about starting and stopping threads in the init/destroy methods of servlets, however, as the container can create/destroy your servlets (including load-on-startup servlets) almost whenever it wants to. Consider using a context listener instead. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: OnSessionEnd for Tomcat ?
Howdy, I use context listeners fairly heavily and haven't had a problem with their lifecycle, including contextDestroyed. When is it you're expecting the method call and it's not happening? Yoav Shapira Millennium ChemInformatics -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 5:32 PM To: Tomcat Users List Subject: RE: OnSessionEnd for Tomcat ? context destroyed should be expected when you stop tomcat. or if you reload the context, it might call that too Filip -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 1:38 PM To: 'Tomcat Users List' Subject: RE: OnSessionEnd for Tomcat ? thanks for the info, Andrew. The session listener works perfectly fine. However, I am seeing an issue with the ContextListener: It seems as though the contextInitialized() event is fired as expected. But my contextDestroyed() event never gets called. I am starting and stopping Tomcat via Tomcat.exe (the Tomcat Service Executable). Have you (or anyone else) seen this issue? Is this possibly a bug, or am I doing something wrong? -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 11:58 AM To: 'Tomcat Users List' Subject: RE: OnSessionEnd for Tomcat ? Thanks. I will take a look... I do have a question about the Appi -Original Message- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 11:52 AM To: 'Tomcat Users List' Subject: RE: OnSessionEnd for Tomcat ? Look at the HttpSessionListener interface. http://java.sun.com/j2ee/sdk_1.3/techdocs/api/ Create the sessionDestroyed() implementation and add a listener element to web.xml: http://java.sun.com/dtd/web-app_2_3.dtd -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: 25 July 2003 16:50 To: '[EMAIL PROTECTED]' Subject: OnSessionEnd for Tomcat ? Hello All, I am looking for a way to detect when a session ends in tomcat and do a few things such as temp dir clean up, and so on. Can anyone point me to the proper documentation or provide info on this? thanks in advance... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter and servlet mapping problem
Howdy, Taking the Filter out of the equation, can you find and use the servlets in your context? Yoav Shapira Millennium ChemInformatics -Original Message- From: Mailing Listen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: Filter and servlet mapping problem I have written a filter for my webapp where i catch the response and Rewrite all URLs with a timestamp for bypassing some proxies that ignore The settings i set on my webserver (e.g. no-cache, no-store,...). The Filter works fine, but i haveto modify the requests when the reache my webserver. I am able to do this, but this only works if i the servlets i access are mapped in the web.xml of tomcat in the conf directory. The servlets that are mapped within the web.xmnl in the current context are not found. For explaining my problem a little more here an example: I have a URL like /myjsp.jsp I rewrite ist with /myjsp_timstamp_in_millis.jsp (timstamp_in_millis is the current timestamp) I filter this to /myjsp.jsp if the user requests the rewritten URL For .jsps that are mapped in the conf/web.xml file (by the default jsp servlet) anything works But i have some more servlet and some special jsp mappings that are mapped within the context and here i recieve an 404 although the servlet pathe and the URI are set correctly. Any advice is welcome Burkard Endres This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat under load - Use 'java -Xss' to increase default stack size
Howdy, Hmm, haven't seen this one before. What linux flavor? What kernel version? Yoav Shapira Millennium ChemInformatics -Original Message- From: Rau NF [mailto:[EMAIL PROTECTED] Sent: Saturday, July 26, 2003 10:46 PM To: [EMAIL PROTECTED] Subject: Tomcat under load - Use 'java -Xss' to increase default stack size Hi - We have seen this problem showing up on Tomcat 4.1.24 (/JDK 1.4.2 from Sun/Linux) after running tomcat for a few hours. Fatal: Stack size too small. Use 'java -Xss' to increase default stack size. We have set the stack size to 1024k and we still get this error. (-Xms/Xmx is 1.5 Gb) Any pointers will be very helpful Thanks S Rau - Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Where are translated classes stored in Tomcat 5??
Howdy, This setting is not configurable. It was changed due to a couple of issues with JSP naming for JSP 2.0. Yoav Shapira Millennium ChemInformatics -Original Message- From: Julien Martin [mailto:[EMAIL PROTECTED] Sent: Sunday, July 27, 2003 11:13 AM To: Tomcat Users List Subject: Where are translated classes stored in Tomcat 5?? Hello again, I can't find any trace of the translated classes in the $catalina_home\work directory for the web application I am working on. How do I configure tomcat in order for the translated files to go there? Note that I am using jwsdp 1.2. Thanks in adavance, Julien. - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, July 27, 2003 12:45 AM Subject: Re: Where are translated classes stored in Tomcat 5?? Same spot as 4. Somewhere beneath $CATALINA_HOME/work - its just a little deeper in the dir structure. -Tim Julien Martin wrote: Hello, I am having some problems with tomcat5. I don't know where translated files (something_jsp.java) are stored. It used to be stored in %catalina_home%\work\catalina\localhost\myapp for an app called myapp in tomcat 4x and I can't find the file anymore now. Can you help? Thanks in advance, Julien. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Filter and servlet mapping problem
yes Von: Shapira, Yoav [mailto:[EMAIL PROTECTED] Gesendet: Mo 28.07.2003 15:26 An: Tomcat Users List Betreff: RE: Filter and servlet mapping problem Howdy, Taking the Filter out of the equation, can you find and use the servlets in your context? Yoav Shapira Millennium ChemInformatics -Original Message- From: Mailing Listen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 8:19 AM To: [EMAIL PROTECTED] Subject: Filter and servlet mapping problem I have written a filter for my webapp where i catch the response and Rewrite all URLs with a timestamp for bypassing some proxies that ignore The settings i set on my webserver (e.g. no-cache, no-store,...). The Filter works fine, but i haveto modify the requests when the reache my webserver. I am able to do this, but this only works if i the servlets i access are mapped in the web.xml of tomcat in the conf directory. The servlets that are mapped within the web.xmnl in the current context are not found. For explaining my problem a little more here an example: I have a URL like /myjsp.jsp I rewrite ist with /myjsp_timstamp_in_millis.jsp (timstamp_in_millis is the current timestamp) I filter this to /myjsp.jsp if the user requests the rewritten URL For .jsps that are mapped in the conf/web.xml file (by the default jsp servlet) anything works But i have some more servlet and some special jsp mappings that are mapped within the context and here i recieve an 404 although the servlet pathe and the URI are set correctly. Any advice is welcome Burkard Endres This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
From: Tim Funk funkman () joedog ! org Subject: Re: [Q] Is it safe to create threads in Tomcat web-apps? You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? I'm getting the impression that you think multiple threads are never the right answer. :) That's not necessarily true. Suppose that your response to a request contains three steps which are independant of one another; in order to deliver a faster response time, you'd like to execute them concurrently. If these three steps are CPU-bound, then the amount of benefit really depends on the machine; you need multiple CPUs so that the scheduler can run the different threads on different CPUs. With a single CPU, you're not likely to see much benefit. However, if the three steps are IO-bound, using multiple threads to run them concurrently can lead to a big improvement. Most of the time spent doing IO is spent waiting. (Particularly if the IO is network IO, a sub-request to a remote site, for example). If the idle times occur concurrently instead of serially, you'll certainly do better. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
coonnectionTimeout
I have a question about the connectionTimeout attribute of a Connector element in server.xml; from what I've read, the default value is 6 (milliseconds), but the server.xml that came with the 4.1.24 that I downloaded is set to 0. Is there a reason for this? Does 0 do anything special? According to the sample server.xml, -1 disables connection timeouts - under what situations would I want to do that? Thanks! -- Lynn Hollerman. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
I am in total agreement and I have used user created threads on my site. I view user created threads as a dangerous and usually un-needed thing. Dangerous because of the side effects that aren't accounted for by more junior programmers such as concurrency, shutting down the JVM (or lack of being able to), more threads the system may handle, harder to track from a monitoring point of view the activites occuring in the JVM for trouble shooting. User threads are not always a bad thing. But they can easily be abused because they seem like a cool-fun-novel coding solution. -Tim [EMAIL PROTECTED] wrote: From: Tim Funk funkman () joedog ! org - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? I'm getting the impression that you think multiple threads are never the right answer. :) That's not necessarily true. Suppose that your response to a request contains three steps which are independant of one another; in order to deliver a faster response time, you'd like to execute them concurrently. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mysql connection pool
Hi, does anyone know why I have to close the connection retrieved from a mysql database connection pool ? Isn't the connection returned to the pool automatically when the object goes out of scope? And why is the datasource.getNumActive() value always 0 even though I have multiple connections open ? greetz Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
I hate to speak for someone else, but I believe that Tim may have been referring to the tendency of some people to use threads without understanding their limitations. (I've seen attempts to massively thread CPU-bound applications on single CPU machines.) Threads are not magic that can be spread on a program to make it better. That being said. Tim did not say don't he asked why.grin/ That's much politer than I've normally been to people in a similar circumstance. shrug/ G. Wade [EMAIL PROTECTED] wrote: From: Tim Funk funkman () joedog ! org Subject: Re: [Q] Is it safe to create threads in Tomcat web-apps? You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? I'm getting the impression that you think multiple threads are never the right answer. :) That's not necessarily true. Suppose that your response to a request contains three steps which are independant of one another; in order to deliver a faster response time, you'd like to execute them concurrently. If these three steps are CPU-bound, then the amount of benefit really depends on the machine; you need multiple CPUs so that the scheduler can run the different threads on different CPUs. With a single CPU, you're not likely to see much benefit. However, if the three steps are IO-bound, using multiple threads to run them concurrently can lead to a big improvement. Most of the time spent doing IO is spent waiting. (Particularly if the IO is network IO, a sub-request to a remote site, for example). If the idle times occur concurrently instead of serially, you'll certainly do better. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
That doesn't happen under java. You have to explicitly free/close all resources that are more valuable than memory (file handles, db connections, ...) The finalizer is called by the garbage collector, which in turn can run any time or not even at all (if you don't consume enough memory). From the JavaDoc: finalize(): Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: mysql connection pool Hi, does anyone know why I have to close the connection retrieved from a mysql database connection pool ? Isn't the connection returned to the pool automatically when the object goes out of scope? And why is the datasource.getNumActive() value always 0 even though I have multiple connections open ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Strange request.setAttribute() problem
he meant:
use:
HttpSession session = request.getSession( );
session.setAttribute( itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
and then:
session.getAttribute( itemnumber );
---
Fabio Moraes
[EMAIL PROTECTED]
System Engineer
Work Force Management System
+55 21 3088 9548
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 07:53
To: Tomcat Users List
Subject: Re: Strange request.setAttribute() problem
This is the correct behavior. In this scenario, you are operating on the
request, not the session.
request.getParameter -- Get stuff from the query string (or input stream if
post) - a per request thing
request.setAttribute -- Set an attribute in the life of this particular
request
-Tim
Charles So wrote:
Hello, I come across a problem with TC4.1.24 and hope fellow list users
can help me...
I set a variable in a servlet by calling:
request.setAttribute(itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
A JSP will then detect if this variable exists or not by:
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
I have two different web browsers opened (say, one IE and one Opera),
and both eventually will come to the page containing the code above.
The strange thing is that if the variable itemnumber is set via IE,
the same itemnumber will be seen at Opera!
This shouldn't happen as both have different session ID, and are
completely unrelated.
Who has come across this problem? How can I work around this?
Thanks!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: extend j_security_check - filter or event listener?
That's what I'm thinking about implementing. But I'm trying to avoid the overhead of the filter's conditional logic being processed on EVERY request (seems like a lot of unnecessary overhead). Any comments on the feasibility of filtering just the j_security_check URI, or listening for the Principal being bound to the session (if that is indeed where it is stored upon CMA)? TIA, -Sasha Borodin On 7/27/03 18:32, Craig Berry [EMAIL PROTECTED] wrote: I handled this situation by having logged-in users have a UserModel object in the session. In a filter that catches all servlet requests, I check if request.getAuthenticatedUser returns non-null and there is no UserModel obj in the session. If this occurs, I know that a new user just logged in, and do login processing including creating and session-storing their UserModel. Part of logout processing is invalidating the session, so the UM object goes away. -Original Message- From: Sasha Borodin [mailto:[EMAIL PROTECTED] Sent: Sun 7/27/2003 3:54 PM To: [EMAIL PROTECTED] Cc: Subject: extend j_security_check - filter or event listener? Hey All, I'm looking for advise on how to approach a problem: I would like to use Container Managed Authentication for a multitude or reasons; however, I need to be able to perform additional login tasks upon authentication. My first though was to force the next page after j_security_check does it's thing - this way I could point it to an Action that performs my tasks, and only then honor the originally requested URL. However, this seems not possible, as the mechanism for forwarding the user to the requested URL is not part of the Servlet spec, thus proprietary. My second thought was to help j_security_check by either wrapping a filter around it, or having a session attribute listener catch some distinct activity produced by the authentication event. I am curious about the feasibility/side effects of both these approaches. Here's my thoughts so far: Filter: - is it possible to map a filter to just j_security_check...I'd found something about a problem using a filter with that URI: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 - is it good to separate this part of the code into a filter, architecturally speaking Event listener: - the Pricipal object must be bound to the session I would think; what would be it's name? - is this name standard? I did not find any reference to the specifics in the Servlet spec (will it be different with different containers?) - would there be a race condition (don't know if I'm using the term correctly) - is it guaranteed that when the Session Attribute event listener is triggered, it'll be done doing it's thing before the request is passed on to the requested URL? - Or is there a better way to approach post-authentication tasks altogether, while utilizing Container Managed Authentication? Please don't say Sourceforge's Security Filter, because I'm trying to stick to CMA and it's benefits (EJB container authentication for one) :-) TIA, -Sasha Borodin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coonnectionTimeout
Hi, Good question. I always thought of '0' as being infinite and I wasn't aware of -1. One difference I see, and this seems to be Solaris specific, is that when I use '0' I get INFO: connection reset messages in Tomcat from the Connector. When I give it a time out of say 12 I no longer get reset messages but I get INFO: connection timed out in the logs. I'm planning on running a test to see what the user experience is with a timeout. I know that during the resets the user sees HTTP 400 and 500 errors. I'll also now test with -1. -e On Mon, 28 Jul 2003, Geralyn M Hollerman wrote: I have a question about the connectionTimeout attribute of a Connector element in server.xml; from what I've read, the default value is 6 (milliseconds), but the server.xml that came with the 4.1.24 that I downloaded is set to 0. Is there a reason for this? Does 0 do anything special? According to the sample server.xml, -1 disables connection timeouts - under what situations would I want to do that? Thanks! -- Lynn Hollerman. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: buiding 4.24
Still no mod_jk2.so file being created. Has anyone seen this before? Any suggestions on what I can try to determine the cause? Thanks, -Mark Mark F wrote: || Eric J. Pinnell wrote: Hi, For the JK2 connector you should use the 2.0.2 source. Then compile with: ./configure --with-apxs2=/path/to/apxs then make then mod_jk2.so should be in down in the build directory. You need to manually copy the file to the apache modules directory. The complete step by step is in the archives. But that's the long and short of it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
ok great, but why does the lookup for a datasource always return a new pool instance ? I am running tomcat 4.0.1, maybe that is the problem? hope you can help Hans At 04:13 PM 7/28/2003 +0200, Ralph Einfeldt wrote: That doesn't happen under java. You have to explicitly free/close all resources that are more valuable than memory (file handles, db connections, ...) The finalizer is called by the garbage collector, which in turn can run any time or not even at all (if you don't consume enough memory). From the JavaDoc: finalize(): Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: mysql connection pool Hi, does anyone know why I have to close the connection retrieved from a mysql database connection pool ? Isn't the connection returned to the pool automatically when the object goes out of scope? And why is the datasource.getNumActive() value always 0 even though I have multiple connections open ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
realm-howto.html JNDI OpenLDAP example does not work for me
I am not able to get the Example in
tomcat-docs/realm-howto.html#JNDIRealm to run as is.
First i tried to create the LDIF files and import them into OpenLDAP2.
This did not work (some error messages i can't remember). Probably the
example itself is wrong, probably i had been copy/pasting some
non-printing characters into the example, or trailing spaces or
whatever. I don't know. There should have been the ldif sources for
download to avoid these useless problems.
Then i tried to build the directory with a tool called JXplorer. This
did not work, because it ist not possible to set uid to a 'naming value'
with the tool. Obviously because uid is not defined as mandatory (MUST)
in the schema file.
After getting around all this by building my own subclass it still does
not work. The example tells me to set up the JNDIRealm like this:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
userPattern=uid={0},ou=people,dc=mycompany,dc=com
roleBase=ou=groups,dc=mycompany,dc=com
roleName=cn
roleSearch=(uniqueMember={0})
/
As i said, no positive result. But when i set up the JNDIRealm as follows
Realm className=org.apache.catalina.realm.JNDIRealm
debug=9
connectionURL=ldap://localhost:389;
roleBase=ou=people,dc=mycompany,dc=com
roleName=cn
roleSearch=(uniqueMember={0})
userBase=ou=users,dc=mycompany,dc=com
userSearch=(uid={0})
/
the thing works.
I had to read a book about LDAP (LDAP System Administration, O'Reilly),
and experiment a lot. I had to convert from a dumb newbie to an LDAP
expert, just to get this simple example to work.
A good HOW-TO should provide examples running instantly. This HOW-TO
consumed many days of my valuable working time.
Hayo Schmidt
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
Sorry. havn't used mysql or dbcp, so can't help you with this question. To get answers from others I would suggest, that you include more infos about the configuration of the pool and how you access it. (And which version of the pool you use) -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:27 PM To: Tomcat Users List; Tomcat Users List Subject: RE: mysql connection pool ok great, but why does the lookup for a datasource always return a new pool instance ? I am running tomcat 4.0.1, maybe that is the problem? hope you can help Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: realm-howto.html JNDI OpenLDAP example does not work for me
Patches welcome.
John
Hayo Schmidt wrote:
I am not able to get the Example in
tomcat-docs/realm-howto.html#JNDIRealm to run as is.
First i tried to create the LDIF files and import them into OpenLDAP2.
This did not work (some error messages i can't remember). Probably the
example itself is wrong, probably i had been copy/pasting some
non-printing characters into the example, or trailing spaces or
whatever. I don't know. There should have been the ldif sources for
download to avoid these useless problems.
Then i tried to build the directory with a tool called JXplorer. This
did not work, because it ist not possible to set uid to a 'naming value'
with the tool. Obviously because uid is not defined as mandatory (MUST)
in the schema file.
After getting around all this by building my own subclass it still does
not work. The example tells me to set up the JNDIRealm like this:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://localhost:389;
userPattern=uid={0},ou=people,dc=mycompany,dc=com
roleBase=ou=groups,dc=mycompany,dc=com
roleName=cn
roleSearch=(uniqueMember={0})
/
As i said, no positive result. But when i set up the JNDIRealm as follows
Realm className=org.apache.catalina.realm.JNDIRealm
debug=9
connectionURL=ldap://localhost:389;
roleBase=ou=people,dc=mycompany,dc=com
roleName=cn
roleSearch=(uniqueMember={0})
userBase=ou=users,dc=mycompany,dc=com
userSearch=(uid={0})
/
the thing works.
I had to read a book about LDAP (LDAP System Administration, O'Reilly),
and experiment a lot. I had to convert from a dumb newbie to an LDAP
expert, just to get this simple example to work.
A good HOW-TO should provide examples running instantly. This HOW-TO
consumed many days of my valuable working time.
Hayo Schmidt
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm: Authentication Failing
Is 'mail' the naming value?
This means, if you export to an ldif file you should find a line
dn: [EMAIL PROTECTED],ou=People,dc=tritus,dc=ca
Hayo Schmidt
Adam Sherman schrieb:
I am trying to get JNDIRealm to authenticate against my LDAP tree:
Realm className=org.apache.catalina.realm.JNDIRealm
debug=200
connectionURL=ldap://localhost:389;
userBase=ou=People,dc=tritus,dc=ca
userSearch=(mail={0})
roleBase=ou=Groups,dc=tritus,dc=ca
roleName=cn
roleSearch=(member={0})
/
Using a user I can authenticate with the OpenLDAP CLI tools:
2003-07-27 13:44:06 JNDIRealm[Standalone]: Searching for [EMAIL PROTECTED]
2003-07-27 13:44:06 JNDIRealm[Standalone]: base:
ou=People,dc=tritus,dc=ca filter: ([EMAIL PROTECTED])
2003-07-27 13:44:06 JNDIRealm[Standalone]: entry found for
[EMAIL PROTECTED] with dn uid=adam,ou=People,dc=tritus,dc=ca
2003-07-27 13:44:06 JNDIRealm[Standalone]: validating credentials by
binding as the user
2003-07-27 13:44:06 JNDIRealm[Standalone]: binding as
uid=adam,ou=People,dc=tritus,dc=ca
2003-07-27 13:44:06 JNDIRealm[Standalone]: bind attempt failed
2003-07-27 13:44:06 JNDIRealm[Standalone]: Username [EMAIL PROTECTED] NOT
successfully authenticated
The lookup functions correctly, but binding fails. Even though I know
the user can bind.
Info:
Tomcat 4.1.24, OpenLDAP 2.1.x
Any ideas?
A.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
connection pool recreated
Hi, this is a repost of an earlier post, which I hope is a bit clearer. Why, if I run: Context ctx = new InitialContext(); if(ctx == null ) throw new ServletException(Boom - No Context); ds = (DataSource)ctx.lookup(java:comp/env/jdbc/SEDDB); under tomcat 4.0.1 is a NEW DataSource object returned everytime? I thought the idea was to have one pool created on context load that can be accessed through the initial context, but instead a new db pool is returned after each such call... Hope someone can help... Greetz Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
By 'new pool instance' do you mean that: Context ctx = new InitialContext(); DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/TestDB); System.out.println(ds instance : + ds); The result of System.out.println is always a different value ? In this case, it's not a new instance of the pool, it's the new variable that refers to a single instance of the pool. Just double checking. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 9:27 AM To: Tomcat Users List; Tomcat Users List Subject: RE: mysql connection pool ok great, but why does the lookup for a datasource always return a new pool instance ? I am running tomcat 4.0.1, maybe that is the problem? hope you can help Hans At 04:13 PM 7/28/2003 +0200, Ralph Einfeldt wrote: That doesn't happen under java. You have to explicitly free/close all resources that are more valuable than memory (file handles, db connections, ...) The finalizer is called by the garbage collector, which in turn can run any time or not even at all (if you don't consume enough memory). From the JavaDoc: finalize(): Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: mysql connection pool Hi, does anyone know why I have to close the connection retrieved from a mysql database connection pool ? Isn't the connection returned to the pool automatically when the object goes out of scope? And why is the datasource.getNumActive() value always 0 even though I have multiple connections open ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
Hi, you are right, my pool is specified exactly the same as the mysql pool on: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jndi-datasource-examples-howto.html greetz Hans At 04:39 PM 7/28/2003 +0200, Ralph Einfeldt wrote: Sorry. havn't used mysql or dbcp, so can't help you with this question. To get answers from others I would suggest, that you include more infos about the configuration of the pool and how you access it. (And which version of the pool you use) -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:27 PM To: Tomcat Users List; Tomcat Users List Subject: RE: mysql connection pool ok great, but why does the lookup for a datasource always return a new pool instance ? I am running tomcat 4.0.1, maybe that is the problem? hope you can help Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: connection pool recreated
Didn't know you were going to start a new thread.. see my question under the previous one. The DataSource in your code is NOT the pool. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 9:45 AM To: [EMAIL PROTECTED] Subject: connection pool recreated Hi, this is a repost of an earlier post, which I hope is a bit clearer. Why, if I run: Context ctx = new InitialContext(); if(ctx == null ) throw new ServletException(Boom - No Context); ds = (DataSource)ctx.lookup(java:comp/env/jdbc/SEDDB); under tomcat 4.0.1 is a NEW DataSource object returned everytime? I thought the idea was to have one pool created on context load that can be accessed through the initial context, but instead a new db pool is returned after each such call... Hope someone can help... Greetz Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mysql connection pool
Hmm, ok, but why then is the getNumActive always 0 even if I do not explicitly close the connection. Even worse: If I specify I have max 2 connections (as an example) in the pool then I can repeat this : Context ctx = new InitialContext() DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/TestDB); ds.getConnection(); for ever and ever without emptying the pool, however if I do Context ctx = new InitialContext() DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/TestDB); ds.getConnection(); ds.getConnection(); ds.getConnection(); I get an exception. Now this latter behavior is what I expect. The former, if what you say is true, is not what I expect, do you have any ideas? greetz Hans At 09:44 AM 7/28/2003 -0500, Mike Curwen wrote: By 'new pool instance' do you mean that: Context ctx = new InitialContext(); DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/TestDB); System.out.println(ds instance : + ds); The result of System.out.println is always a different value ? In this case, it's not a new instance of the pool, it's the new variable that refers to a single instance of the pool. Just double checking. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 9:27 AM To: Tomcat Users List; Tomcat Users List Subject: RE: mysql connection pool ok great, but why does the lookup for a datasource always return a new pool instance ? I am running tomcat 4.0.1, maybe that is the problem? hope you can help Hans At 04:13 PM 7/28/2003 +0200, Ralph Einfeldt wrote: That doesn't happen under java. You have to explicitly free/close all resources that are more valuable than memory (file handles, db connections, ...) The finalizer is called by the garbage collector, which in turn can run any time or not even at all (if you don't consume enough memory). From the JavaDoc: finalize(): Called by the garbage collector on an object when garbage collection determines that there are no more references to the object. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 4:03 PM To: [EMAIL PROTECTED] Subject: mysql connection pool Hi, does anyone know why I have to close the connection retrieved from a mysql database connection pool ? Isn't the connection returned to the pool automatically when the object goes out of scope? And why is the datasource.getNumActive() value always 0 even though I have multiple connections open ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: connection pool recreated
I am sorry, I thought I was out of luck on that one ;-(, let's kill this thread, I have replied to your other post. Thanks ! At 09:47 AM 7/28/2003 -0500, Mike Curwen wrote: Didn't know you were going to start a new thread.. see my question under the previous one. The DataSource in your code is NOT the pool. -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 9:45 AM To: [EMAIL PROTECTED] Subject: connection pool recreated Hi, this is a repost of an earlier post, which I hope is a bit clearer. Why, if I run: Context ctx = new InitialContext(); if(ctx == null ) throw new ServletException(Boom - No Context); ds = (DataSource)ctx.lookup(java:comp/env/jdbc/SEDDB); under tomcat 4.0.1 is a NEW DataSource object returned everytime? I thought the idea was to have one pool created on context load that can be accessed through the initial context, but instead a new db pool is returned after each such call... Hope someone can help... Greetz Hans - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Education
Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer  Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Education
Hello Ben. There are several (about a half dozen) books available for Struts right now. There is an O'Reilly book called Programming Jakarta Struts and a book by Ted Husted (acknowledged struts guru) called Struts in Action. Both of these should be readily available at your local computer book store. Reg On Mon, 2003-07-28 at 09:11, Ben Johnson wrote: Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Education
Check this out. I haven't looked at it yet, but it looks good http://www.amazon.com/exec/obidos/tg/detail/-/0596003188/qid=1059405090/sr=8 -3/ref=sr_8_3/102-6148295-2460900?v=glances=booksn=507846 -Original Message- From: Reginald Oake [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:09 AM To: Tomcat Users List Subject: Re: Tomcat Education Hello Ben. There are several (about a half dozen) books available for Struts right now. There is an O'Reilly book called Programming Jakarta Struts and a book by Ted Husted (acknowledged struts guru) called Struts in Action. Both of these should be readily available at your local computer book store. Reg On Mon, 2003-07-28 at 09:11, Ben Johnson wrote: Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache / Tomcat RPM
how can I tell RPM (Red Hat Packet Manager) to install package in a certain directory? I am using Red Hat Linux 7.1 I tried following: -- #rpm -ivh apache.rpm -- How can I tell RPM to install Apache in /usr/local (or any other userdefined directory)? _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Education
Wrox Professional Apache Tomcat (covers 4.x) Apache Tomcat Security Handbook Professional Java Servlets 2.3 Wiley - Apache Tomcat Bible Also, the tomcat site (http://jakart.apache.org/tomcat) is a good source of info. I have found that the best/fastest way to find your way to the doco you need within this site is to use Google. Thanks, Scott Stewart [Manager, Software Development] [EMAIL PROTECTED] work: 407-515-8656 cell : 407-435-1036 fax : 407-515-9001 ClearSky Mobile Media, Inc. 56 E. Pine St. Suite 200 Orlando, FL 32801 USA -Original Message- From: Ben Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:12 AM To: Tomcat Users List Subject: Tomcat Education Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer  Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Education
The Professional Apache Tomcat book is a good foundation how Tomcat works but it is intended for more of a sys-admin type than a developer. I thought it was pretty good on that aspect. Not many books cater to the poor admins who could really care less about the inner workings of someones tag library. Various servlet and Struts books can help you with the java. This list is a good place to learn. It is the only source you will find that is up to date. By the time somebody gets around to writing a book and it gets published it's already out of date. -e On Mon, 28 Jul 2003, Ben Johnson wrote: Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer  Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Education
There are several (about a half dozen) books available for Struts right now. To be more specific, we're using Tomcat purely as a data marshalling layer to push database information to the client as either CSV or XML data. I haven't worked with Struts before so I'm not sure if I still have a need for it as I'm only working with the Model and not the View. Also, we're working entirely with servlets so anything biased toward servlets would be preferred. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Education
The Wrox book covers Tomcat 4. I know this because I have a copy of it. It's actually a pretty decent resource. Someone sent me a copy of Mastering Tomcat Development, which looks pretty good from my brief skimming. I think perhaps you should clarify what you mean by integrating with Tomcat. The only thing I know of that causes difficulty with any of the number of servlet books out there is that the books typically use the Invoker servlet which has been disabled by default in Tomcat 4 for months (but is easily enabled if you must use it although it isn't recommended). The Invoker servlet issue is clearly covered in the Tomcat FAQ, which is here: http://jakarta.apache.org/tomcat/faq. There's the Application Development Guide: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/appdev/index.html There's the ClassLoader HOWTO, which will come in handy when you write your own classes and you want to know where to put them and why: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/class-loader-howto.html And the configuration reference: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/index.html You will save yourself a ton of time, effort, and grief if, when you experience a problem and can't solve it after a bit of time, you post here to the list. You'll usually get an answer promptly, typically within an hour or so. So, if you want to start another thread about your admin tool question, I'm pretty confident you will get an answer promptly, assuming your question is clearly worded and your post has specific information in it describing what you are trying to do. John Ben Johnson wrote: Hello all, I'm new to the Tomcat world and I'm desperately trying to find some good resources to learn from. I bought Professional Apache Tomcat (Wrox) and it's decent but it's for version 3.0 or something. I also have a Servlet book from O'Reilly but it doesn't help when integrating with Tomcat. I've spent an inordinate number of hours just trying to figure out how to pull DataSources using the admin tool and I still haven't figured it out. Anybody have any resource or book ideas? Thanks! Ben Johnson Senior Software Developer Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache / Tomcat RPM
First, in general, you don't. That's the whole purpose of an RPM. Second, if you want to install Apache in /usr/local, the easiest thing in the world to do is download Apache from source and build it. This is covered in my HOWTO, step by step: http://www.johnturner.com/howto Third, if you still must use RPM, you might try the man pages for rpm (man rpm) and consult the --relocate option, which may or may not be suitable. John Hari Om wrote: how can I tell RPM (Red Hat Packet Manager) to install package in a certain directory? I am using Red Hat Linux 7.1 I tried following: -- #rpm -ivh apache.rpm -- How can I tell RPM to install Apache in /usr/local (or any other userdefined directory)? _ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Admin DataSource Usage
All, I've seen several places where setting up a DataSource is documented but it's always through the web.xml file. This post is for two questions. First, is it better to setup a DataSource through the web.xml file or is it better to setup through the admin tool and are there benefits to one or the other? We only have one application here so an per-application restricted DataSource is not needed. Second, once I do have the DataSource setup through the admin tool, how do I go about using it through a servlet? Ben Johnson Senior Software Developer  Collect America, LTD. 1999 Broadway, Suite 2150 Denver, CO 80202 [p]: 303.296.3345 x124 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
A problem with configuring tomcat with apache.
Dear all, I am trying to configure tomcat 4.0.4 with apache 1.3.26 on redhat 7.2. The installation of apache is a normal one. i.e. ./configure, make, make install. The installation of tomcat 4.0.4 is also a normal one. And I followed the install.txt come with webapp_module. i.e. (1)copy mod_webapp.so apache directory/libexec/., (2)modified apache httpd.conf with LoadModule webapp_module libexec/mod_webapp.so and AddModule mod_webapp.c, (3)add IfModule mod_webapp.c WebAppConnection warpConn warp localhost:8008 WebAppDeploy examples warpConn /examples WebAppInfo /webapp-info /IfModule to the end of httpd.conf. But when I tried to start the apache, it gave out a warn and couldn't be started. Here is the message. [warn] module mod_webapp.c is already added, skippingSyntax error on line 1037 of /usr/local/apache/conf/httpd.conf: Both of the WebAppDeploy examples warpConn /examples and WebAppInfo /webapp-info can give out this warn message. If I removed them, then the apache can be started. So can anybody help me out with this problem. I guess it is due to some mis-configuration, but I really have no idea what is wrong. Any information will be highly appreciated! Thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session\Security Checking
How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A problem with configuring tomcat with apache.
Are you sure there is only one LoadModule/AddModule pair for mod_webapp? What is on line 1037 of httpd.conf? John J. Joe Wang wrote: Dear all, I am trying to configure tomcat 4.0.4 with apache 1.3.26 on redhat 7.2. The installation of apache is a normal one. i.e. ./configure, make, make install. The installation of tomcat 4.0.4 is also a normal one. And I followed the install.txt come with webapp_module. i.e. (1)copy mod_webapp.so apache directory/libexec/., (2)modified apache httpd.conf with LoadModule webapp_module libexec/mod_webapp.so and AddModule mod_webapp.c, (3)add IfModule mod_webapp.c WebAppConnection warpConn warp localhost:8008 WebAppDeploy examples warpConn /examples WebAppInfo /webapp-info /IfModule to the end of httpd.conf. But when I tried to start the apache, it gave out a warn and couldn't be started. Here is the message. [warn] module mod_webapp.c is already added, skippingSyntax error on line 1037 of /usr/local/apache/conf/httpd.conf: Both of the WebAppDeploy examples warpConn /examples and WebAppInfo /webapp-info can give out this warn message. If I removed them, then the apache can be started. So can anybody help me out with this problem. I guess it is due to some mis-configuration, but I really have no idea what is wrong. Any information will be highly appreciated! Thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDIRealm using LDAP with SSL
Does anyone have any experience getting ldaps working w/ the JDNIRealms in
Tomcat 4.1.24? Regular LDAP is working fine, but when I change the connection
URL to ldaps://ldap-host:636 I get the following error:
2003-07-28 09:40:49 JNDIRealm[Standalone]: Connecting to URL ldaps://10.1.1.50:636
2003-07-28 09:40:50 JNDIRealm[Standalone]: Exception performing authentication
javax.naming.CommunicationException: simple bind failed: 10.1.1.50:636 [Root
exception is javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException:
No trusted certificate found]
My Realm element in server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
resourceName=UserDatabase
connectionURL=ldaps://10.1.1.50:636
connectionName=cn=TOMCAT,ou=WebAppUser,ou=MyOU,o=MyCompany
connectionPassword=password
userBase=o=MyCompany
userSearch=(amp;(cn={0})(objectClass=inetOrgPerson))
userSubtree=true
roleBase=ou=WebAppGrp,ou=MyOU,o=MyCompany
roleSearch=(uniqueMember={0})
roleName=cn
/
Like I said, this works if connectionURL=ldap://10.1.1.50:389;. I can connect
to the LDAP server (Novell eDirectory) via SSL using a Java browser if I accept
the certificate, so I wonder if that might have something to do with it.
I've also successfully followed the Config-SSL-HOWTO, accepted the certificate
from the server and setup the keystore for the connector as described, but I get
the feeling that this is strictly for enabling SSL over HTTP.
Thanks in advance.
Chris
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session\Security Checking
Any of the container authentication methods do this for you. Look into BASIC AUTH, FORM AUTH and JDBC Realm and you should find all you need to know about how that works. Once you decide which AUTH method is best for your situation, we can help you get it working. Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A problem with configuring tomcat with apache.
Hi John, Thanks for the reply! Yeah, there is only one LoadModule/AddModule pair for mod_webapp. Here is the LoadModule/AddModule block in my httpd.conf. LoadModule php4_modulelibexec/libphp4.so LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c The line 1035 is IfModule mod_webapp.c The line 1036 is WebAppConnection warpConn warp localhost:8008 The line 1037 is WebAppDeploy examples warpConn /examples The line 1038 is WebAppInfo /webapp-info And the line 1039 (last line of httpd.conf) /IfModule If I remove line 1037 and 1038, then the apache can be started. Thanks! On Mon, 2003-07-28 at 10:42, John Turner wrote: Are you sure there is only one LoadModule/AddModule pair for mod_webapp? What is on line 1037 of httpd.conf? John J. Joe Wang wrote: Dear all, I am trying to configure tomcat 4.0.4 with apache 1.3.26 on redhat 7.2. The installation of apache is a normal one. i.e. ./configure, make, make install. The installation of tomcat 4.0.4 is also a normal one. And I followed the install.txt come with webapp_module. i.e. (1)copy mod_webapp.so apache directory/libexec/., (2)modified apache httpd.conf with LoadModule webapp_module libexec/mod_webapp.so and AddModule mod_webapp.c, (3)add IfModule mod_webapp.c WebAppConnection warpConn warp localhost:8008 WebAppDeploy examples warpConn /examples WebAppInfo /webapp-info /IfModule to the end of httpd.conf. But when I tried to start the apache, it gave out a warn and couldn't be started. Here is the message. [warn] module mod_webapp.c is already added, skippingSyntax error on line 1037 of /usr/local/apache/conf/httpd.conf: Both of the WebAppDeploy examples warpConn /examples and WebAppInfo /webapp-info can give out this warn message. If I removed them, then the apache can be started. So can anybody help me out with this problem. I guess it is due to some mis-configuration, but I really have no idea what is wrong. Any information will be highly appreciated! Thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session\Security Checking
Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Reload Webapp
Hi All, Sorry to repost this question, but I don't think my first post made it and I haven't figured out how to do this yet. I'm wondering if there is any way to have a servlet (or Struts Action) reload the current web context in a similar way that the ManagerServlet does, or do I need to have a separate webapp (like the manager webapp) to do this? I need to have a user configure some settings through a form, write those settings to a props file and then reload the webapp so that the settings take affect. Any Ideas? -Tony. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with the connector part
Greetings, I'm trying to get mod_jk set up on my apache ssl server running tomcat and I'm having problems with the jakarta-tomcat-connectors-jk-1.2.2-src. When I try to configure .buildconf.sh I get an error message and I was hoping someone could help me out This is what happens cd native # ./buildconf.sh libtoolize --force --automake --copy libtoolize: `configure.ac' does not exist Try `libtoolize --help' for more information. aclocal aclocal: `configure.ac' or `configure.in' is required automake -a --foreign -i --copy automake: `configure.ac' or `configure.in' is required autoconf autoconf: no input file # ./configure ksh: ./configure: not found # chmod 755 buildconf.sh # ./buildconf.sh libtoolize --force --automake --copy libtoolize: `configure.ac' does not exist Try `libtoolize --help' for more information. aclocal aclocal: `configure.ac' or `configure.in' is required automake -a --foreign -i --copy automake: `configure.ac' or `configure.in' is required autoconf autoconf: no input file # Thanks, Bobbie Bobbie Atristain Internet Systems Administrator Media General, INC. 804.649.6156 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
I think using a realm and simply setting up /downloaddir/* as a 'protected resource' is the way to go. The functionality you're looking for has already been implemented by Container-Managed Auth. Also.. if you use a container AUTH scheme, then you don't need the Session ID in the URL. The mere presence of a session will prove that your user is logged in and authenticated. -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:25 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Post-authentication tasks
I'd like to get some suggestions for performing post-authentication tasks while using Container Managed Authentication. Craig Berry suggested a filter that checks the session for necessary attributes, and creates them if they're missing. This check would be performed on every request however. Has anyone implemented a different approach to this problem? I'd like to find a solution in which the extra tasks are performed just ONCE, somehow triggered by the container authentication. Please reference my previous post on a filter vs. session attribute listener approach. Thanks for any suggestions. -Sasha Borodin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A problem with configuring tomcat with apache.
Hi, This is the mod_webapp config that comes with Solaris. I think I ran it for about a day or two. in httpd.conf the last line is: include /etc/apache/tomcat.conf tomcat.conf: LoadModule webapp_modulelibexec/mod_webapp.so AddModule mod_webapp.c WebAppConnectionconnwarplocalhost:8008 WebAppDeployexamplesconn/examples/ # WebAppInfo /webapp-info So not much different from your file except for a trailing slash on /examples/ . They also comment out WebAppInfo by default for security reasons. There is no ifmodule statement. If you want to turn tomcat off you comment out the include from httpd.conf. -e On Mon, 28 Jul 2003, J. Joe Wang wrote: Hi John, Thanks for the reply! Yeah, there is only one LoadModule/AddModule pair for mod_webapp. Here is the LoadModule/AddModule block in my httpd.conf. LoadModule php4_modulelibexec/libphp4.so LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c The line 1035 is IfModule mod_webapp.c The line 1036 is WebAppConnection warpConn warp localhost:8008 The line 1037 is WebAppDeploy examples warpConn /examples The line 1038 is WebAppInfo /webapp-info And the line 1039 (last line of httpd.conf) /IfModule If I remove line 1037 and 1038, then the apache can be started. Thanks! On Mon, 2003-07-28 at 10:42, John Turner wrote: Are you sure there is only one LoadModule/AddModule pair for mod_webapp? What is on line 1037 of httpd.conf? John J. Joe Wang wrote: Dear all, I am trying to configure tomcat 4.0.4 with apache 1.3.26 on redhat 7.2. The installation of apache is a normal one. i.e. ./configure, make, make install. The installation of tomcat 4.0.4 is also a normal one. And I followed the install.txt come with webapp_module. i.e. (1)copy mod_webapp.so apache directory/libexec/., (2)modified apache httpd.conf with LoadModule webapp_module libexec/mod_webapp.so and AddModule mod_webapp.c, (3)add IfModule mod_webapp.c WebAppConnection warpConn warp localhost:8008 WebAppDeploy examples warpConn /examples WebAppInfo /webapp-info /IfModule to the end of httpd.conf. But when I tried to start the apache, it gave out a warn and couldn't be started. Here is the message. [warn] module mod_webapp.c is already added, skippingSyntax error on line 1037 of /usr/local/apache/conf/httpd.conf: Both of the WebAppDeploy examples warpConn /examples and WebAppInfo /webapp-info can give out this warn message. If I removed them, then the apache can be started. So can anybody help me out with this problem. I guess it is due to some mis-configuration, but I really have no idea what is wrong. Any information will be highly appreciated! Thanks, Joe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
But I still need to change how my user are authenticated, correct. I now need to handle that authentication through the realm instead of a Form on our page now, right? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:33 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking I think using a realm and simply setting up /downloaddir/* as a 'protected resource' is the way to go. The functionality you're looking for has already been implemented by Container-Managed Auth. Also.. if you use a container AUTH scheme, then you don't need the Session ID in the URL. The mere presence of a session will prove that your user is logged in and authenticated. -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:25 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual Directories under tomcat?
How do I create a virtual directory under tomcat? For instance /DownloadDir/ - maps to - c:\temp\downloads\ In a url a user would enter something like: http://localhost/myservlet/downloaddir/abc.txtto access the files in c:\temp\downloads I wouldn't use a context for that, would I? Doesn't a Context represent a Web Application, not just a directory? Anyone have any information on setting one up? Thank you in advance... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session\Security Checking
Robert Priest wrote: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. I don't think there is anyway to implement this concept. Because, you can't know the value of session.getID() in advance. Therefore you can't set up the downloaddir as described. I suppose you could figure out a way to do what you want without using container managed authentication, but I can't think of a good reason to not use it. -- *** * Rick Roberts* * Advanced Information Technologies, Inc. * *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
If you've already implemented your own access control, then certainly it might be more feasible to extend that to this set of pages. A filter might be the best, if you can use a 2.3 compliant container. The filter would simply check for the presence of a session. If there isn't one, sendRedirect() to a login page. Else, the filter will just 'pass through' the request. The filter can be mapped to any requests for /downloaddir/* -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:46 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking But I still need to change how my user are authenticated, correct. I now need to handle that authentication through the realm instead of a Form on our page now, right? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:33 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking I think using a realm and simply setting up /downloaddir/* as a 'protected resource' is the way to go. The functionality you're looking for has already been implemented by Container-Managed Auth. Also.. if you use a container AUTH scheme, then you don't need the Session ID in the URL. The mere presence of a session will prove that your user is logged in and authenticated. -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:25 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- *** * Rick Roberts* * Advanced Information Technologies, Inc. *
application scope variable lost
I have three contexts running basically the same application. (one is semi-production, and two sandboxes). All of them having bunch of hasmaps in the application scope to use as a reference. there is only one servlet per application that actually does writing to these hashmaps, the rest of the pages/servlets only read the values. the servlet that creates the hashmaps is loaded on startup and has no doGet, or doPost methods. everything seemed fine until this morning out of blue i noticed that all three contexts have empty hashmaps. they were fine earlier this morning though. this is something i was not ready for.. any clues or suggestions what could be the cause? any help is appreciated.. thanks, Vlad Vladimer Shioshvili QRC Division of Macro International Inc. 7315 Wisconsin Avenue, Suite 400W Bethesda, MD 20814 Phone: (301) 657 3077 ext. 155 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Internal Servlet Error
Hi there, I'm currently running Tomcat 3.2.4 in Redhat 7.3 . The problem only occurs in Linux, if I zip the Tomcat directory and run it in Windows, everything works fine. My frontend system craches with the following exception. Has anyone experienced this before? Thanks in advance, Error: 500 Location: /adsl/layouts/mainLayout.jsp Internal Servlet Error: javax.servlet.ServletException: javax.servlet.jsp.tagext.TagAttributeInfo.(Ljava/lang/String;ZLjava/lang/Str ing;Z)V at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:399) at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.facade.RequestDispatcherImpl.forward(RequestDispatcherImpl .java:194) at org.apache.struts.tiles.ActionComponentServlet.doForward(ActionComponentServ let.java:453) at org.apache.struts.tiles.ActionComponentServlet.processActionForward(ActionCo mponentServlet.java:180) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1596) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:492) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:79 7) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC onnectionHandler.java:210) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Thread.java:534) Root cause: java.lang.NoSuchMethodError: javax.servlet.jsp.tagext.TagAttributeInfo.(Ljava/lang/String;ZLjava/lang/Str ing;Z)V at org.apache.jasper.compiler.TagLibraryInfoImpl.createAttribute(TagLibraryInfo Impl.java:524) at org.apache.jasper.compiler.TagLibraryInfoImpl.createTagInfo(TagLibraryInfoIm pl.java:432) at org.apache.jasper.compiler.TagLibraryInfoImpl.parseTLD(TagLibraryInfoImpl.ja va:385) at org.apache.jasper.compiler.TagLibraryInfoImpl.(TagLibraryInfoImpl.java:233) at org.apache.jasper.compiler.JspParseEventListener.handleDirective(JspParseEve ntListener.java:706) at org.apache.jasper.compiler.DelegatingListener.handleDirective(DelegatingList ener.java:116) at org.apache.jasper.compiler.Parser$Directive.accept(Parser.java:215) at org.apache.jasper.compiler.Parser.parse(Parser.java:1077) at org.apache.jasper.compiler.Parser.parse(Parser.java:1042) at org.apache.jasper.compiler.Parser.parse(Parser.java:1038) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:182) at org.apache.jasper.servlet.JspServlet.doLoadJSP(JspServlet.java:462) at org.apache.jasper.servlet.JasperLoader12.loadJSP(JasperLoader12.java:146) at org.apache.jasper.servlet.JspServlet.loadJSP(JspServlet.java:433) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.loadIfNecessary(JspSe rvlet.java:152) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.ja va:164) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391) at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) at org.apache.tomcat.facade.RequestDispatcherImpl.forward(RequestDispatcherImpl .java:194) at org.apache.struts.tiles.ActionComponentServlet.doForward(ActionComponentServ let.java:453) at org.apache.struts.tiles.ActionComponentServlet.processActionForward(ActionCo mponentServlet.java:180) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1596) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:492) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:865) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) at org.apache.tomcat.core.Handler.service(Handler.java:286)
Re: Strange request.setAttribute() problem
I believe each browser (Opera, Netscape, or whatever) *creates* a
unique Request object in Tomcat. I have checked this, and this is
indeed true.
By the look of things, it seems that although Request objects are not
the same, the variable stored in them will reference the same value.
Tim, are you saying if browser A posts a form to TC, the variables
within the form will be treated as static variables and visible to the
JSP page displaying the variables in browser B, C, D ...
Let me be a bit more specific:
The BillingShippingHome.jsp has this code:
%!
private int itemnumber = -1;
%
%
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
System.out.println(itemnumber is + itemnumber);
%
form name=abc method=post action=/mall/WelcomeServlet
input type=hidden name=itemnumber value=
...
/form
Servlet A:
doPost(HttpServletRequest request, HttpServletResponse response)
throws IOException, ServletException {
gotoPage(/BillingShippingHome.jsp, request, response);
}
Sequence of result :
Browser A displaying BillingShippingHome.jsp
itemnumber = -1
.. change the itemnumber to say, 0 via javascript... and post this
form to Servlet A ...
goes back to BillingShippingHome.jsp
itemnumber now = 0 [correct]
Browser B now displays BillingShippingHome.jsp
itemnumber = 0! [should be -1]
What gives?
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 07:53
To: Tomcat Users List
Subject: Re: Strange request.setAttribute() problem
This is the correct behavior. In this scenario, you are operating on
the
request, not the session.
request.getParameter -- Get stuff from the query string (or input
stream if
post) - a per request thing
request.setAttribute -- Set an attribute in the life of this
particular
request
-Tim
Charles So wrote:
Hello, I come across a problem with TC4.1.24 and hope fellow list
users
can help me...
I set a variable in a servlet by calling:
request.setAttribute(itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
A JSP will then detect if this variable exists or not by:
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
I have two different web browsers opened (say, one IE and one Opera),
and both eventually will come to the page containing the code above.
The strange thing is that if the variable itemnumber is set via IE,
the same itemnumber will be seen at Opera!
This shouldn't happen as both have different session ID, and are
completely unrelated.
Who has come across this problem? How can I work around this?
Thanks!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
Ok. thanks. Do you have any links to the proper documentation for doing this? When you say filter, you are not speaking of a Realm are you? Could you clarify for me? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:55 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking If you've already implemented your own access control, then certainly it might be more feasible to extend that to this set of pages. A filter might be the best, if you can use a 2.3 compliant container. The filter would simply check for the presence of a session. If there isn't one, sendRedirect() to a login page. Else, the filter will just 'pass through' the request. The filter can be mapped to any requests for /downloaddir/* -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:46 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking But I still need to change how my user are authenticated, correct. I now need to handle that authentication through the realm instead of a Form on our page now, right? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:33 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking I think using a realm and simply setting up /downloaddir/* as a 'protected resource' is the way to go. The functionality you're looking for has already been implemented by Container-Managed Auth. Also.. if you use a container AUTH scheme, then you don't need the Session ID in the URL. The mere presence of a session will prove that your user is logged in and authenticated. -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:25 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you download a file, say abc.jar (by using http://localhost/myservlet/downloaddir/abc.jar;), I want to make sure that you have a valid session id. If your session id is invalid, you get an access denied page. if not, a http download is started. so I guess what I want is to intercept any request to that downloaddir and perform session\security checking (by another servlet or jsp page) before allowing access... Now, is adding additional servlet\jsp the best way to go about this, or is there a better way through Tomcat configuration?
Re: JNDIRealm using LDAP with SSL
We've done exactly that. What you need to do is import the root
certificate into a .keystore file. I'm not sure if Tomcat will pick up
the default cacerts file, or if you always have to specify it like we
did (-Djavax.net.ssl.trustStore=sys:/adminsrv/conf/.keystore etc) My
guess is that you can set that in the java.security file in
java\lib\security instead of specifying it on the command line.
If you are doing this on a NetWare server, here is something similar to
what we use to import the certificate:
keytool -import -v -noprompt -trustcacerts -file
sys:/public/RootCert.der -keystore sys:/adminsrv/conf/.keystore
-storepass changeit
If you are running eDirectory on something besides the server, I'm not
exactly sure how to get the RootCert.der file, I'm guessing it can be
done as an export from ConsoleOne.
Oh, I just read the bottom of your message where you said you have done
some work with the keystore. It looks like the documentation is a
little different for just setting up the SSL connector. Try doing the
import of the root certificate and see if it works any better.
Good luck,
Jeff Tulley ([EMAIL PROTECTED])
(801)861-5322
Novell, Inc., The Leading Provider of Net Business Solutions
http://www.novell.com
[EMAIL PROTECTED] 7/28/03 9:49:56 AM
Does anyone have any experience getting ldaps working w/ the JDNIRealms
in
Tomcat 4.1.24? Regular LDAP is working fine, but when I change the
connection
URL to ldaps://ldap-host:636 I get the following error:
2003-07-28 09:40:49 JNDIRealm[Standalone]: Connecting to URL
ldaps://10.1.1.50:636
2003-07-28 09:40:50 JNDIRealm[Standalone]: Exception performing
authentication
javax.naming.CommunicationException: simple bind failed: 10.1.1.50:636
[Root
exception is javax.net.ssl.SSLException: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException:
No trusted certificate found]
My Realm element in server.xml:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
resourceName=UserDatabase
connectionURL=ldaps://10.1.1.50:636
connectionName=cn=TOMCAT,ou=WebAppUser,ou=MyOU,o=MyCompany
connectionPassword=password
userBase=o=MyCompany
userSearch=(amp;(cn={0})(objectClass=inetOrgPerson))
userSubtree=true
roleBase=ou=WebAppGrp,ou=MyOU,o=MyCompany
roleSearch=(uniqueMember={0})
roleName=cn
/
Like I said, this works if connectionURL=ldap://10.1.1.50:389;. I can
connect
to the LDAP server (Novell eDirectory) via SSL using a Java browser if
I accept
the certificate, so I wonder if that might have something to do with
it.
I've also successfully followed the Config-SSL-HOWTO, accepted the
certificate
from the server and setup the keystore for the connector as described,
but I get
the feeling that this is strictly for enabling SSL over HTTP.
Thanks in advance.
Chris
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: A problem with configuring tomcat with apache.
Sounds like you have mod_webapp loaded anyway. Is it statically linked or somehing? Sorry, I don't use mod_webapp (and you shouldn't, either! ;) ), so I can't help much beyond the basic Apache-related config stuff like LoadModule and AddModule. John J. Joe Wang wrote: Hi John, Thanks for the reply! Yeah, there is only one LoadModule/AddModule pair for mod_webapp. Here is the LoadModule/AddModule block in my httpd.conf. LoadModule php4_modulelibexec/libphp4.so LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c The line 1035 is IfModule mod_webapp.c The line 1036 is WebAppConnection warpConn warp localhost:8008 The line 1037 is WebAppDeploy examples warpConn /examples The line 1038 is WebAppInfo /webapp-info And the line 1039 (last line of httpd.conf) /IfModule If I remove line 1037 and 1038, then the apache can be started. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session\Security Checking
Nope, Filters are new to Servlets 2.3 http://java.sun.com/products/servlet/Filters.html Also, download the Servlet spec, it's full of great info, and not just about Filters. http://jcp.org/aboutJava/communityprocess/first/jsr053/index.html -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:13 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking Ok. thanks. Do you have any links to the proper documentation for doing this? When you say filter, you are not speaking of a Realm are you? Could you clarify for me? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:55 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking If you've already implemented your own access control, then certainly it might be more feasible to extend that to this set of pages. A filter might be the best, if you can use a 2.3 compliant container. The filter would simply check for the presence of a session. If there isn't one, sendRedirect() to a login page. Else, the filter will just 'pass through' the request. The filter can be mapped to any requests for /downloaddir/* -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:46 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking But I still need to change how my user are authenticated, correct. I now need to handle that authentication through the realm instead of a Form on our page now, right? -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:33 PM To: 'Tomcat Users List' Subject: RE: Session\Security Checking I think using a realm and simply setting up /downloaddir/* as a 'protected resource' is the way to go. The functionality you're looking for has already been implemented by Container-Managed Auth. Also.. if you use a container AUTH scheme, then you don't need the Session ID in the URL. The mere presence of a session will prove that your user is logged in and authenticated. -Original Message- From: Robert Priest [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 11:25 AM To: 'Tomcat Users List' Subject: RE: Session\Security Checking thanks, rick. I appreciate the info. But I am not sure that we want to use realm for our solution. But I certainly think it is feasible. I think we are more in the market for some sort of simple session guard. Please allow me to explain a little further. Then I would like to hear your opinion about the suggested approach versus adding a REALM: the URL for the download will contain a session id for the user. So if you will allow me to modify my example: Say user A logs in and has a session id of 1 and wants to download abc.jar. He will be redirected to the url: http://localhost/myservlet/downloaddir/1/abc.jar now I would like to put in place a guard servlet. So in myservlet's web.xml I will add servlet-mapping servlet-namecom.myproj.web.GUARD/servlet-name url-pattern/downloaddir/*/url-pattern /servlet-mapping The intention is for the Guard servlet to: 1. Inspect the url for sessionid (1 in this case). 2. Get it and compare it to the current session id (session.getID()). 3. if the two match, then start an http download. 4. If not then, throw up an Access Denied error page. That is pretty much all we need to do. I also don't want to add basic\Form authentication at this point for those directories. We simply want to match whether the session id in the url is the same as the one the current user is using. That way, if another user, who will have a different session number (3 or what have you) tries to paste in: http://localhost/myservlet/downloaddir/1/abc.jar he\she will get an access denied. Is that more understandable? We are trying to prevent cutting and pasting of urls. We are mainly concerned with just providing\denying access to this directory and not security to an entire web application where I think the REALM would be more applicable (i am not sure whether that is right or wrong...). -Original Message- From: Rick Roberts [mailto:[EMAIL PROTECTED] Sent: Monday, July 28, 2003 12:09 PM To: Tomcat Users List Subject: Re: Session\Security Checking Found a link for ya: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html Rick Robert Priest wrote: How can I check for a Valid session id before allowing access to a file? For example: - I have a directory containing files for download: http://localhost/myservlet/downloaddir/ - but before you
RE: Strange request.setAttribute() problem
%!
private int itemnumber = -1;
%
Using a ! makes it scoped globally to all requests. If you check the
source file of your JSP you'll see it's declared outside the service
method.
That's why different browsers will 'appear' as though they are mixing up
things. It's because your variable is available on basically, an
application level.
Also, from your initial post... using getParameter() won't work to
retrieve a value that was set with setAttribute(). You need to use
getAttribute(). That may have been a typo though.
-Original Message-
From: Charles So [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 12:11 PM
To: Tomcat Users List
Subject: Re: Strange request.setAttribute() problem
I believe each browser (Opera, Netscape, or whatever) *creates* a
unique Request object in Tomcat. I have checked this, and this is
indeed true.
By the look of things, it seems that although Request objects
are not
the same, the variable stored in them will reference the same value.
Tim, are you saying if browser A posts a form to TC, the variables
within the form will be treated as static variables and
visible to the
JSP page displaying the variables in browser B, C, D ...
Let me be a bit more specific:
The BillingShippingHome.jsp has this code:
%!
private int itemnumber = -1;
%
%
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
System.out.println(itemnumber is + itemnumber);
% form name=abc method=post
action=/mall/WelcomeServlet input type=hidden
name=itemnumber value= ... /form
Servlet A:
doPost(HttpServletRequest request, HttpServletResponse
response)
throws IOException, ServletException {
gotoPage(/BillingShippingHome.jsp, request, response);
}
--
--
Sequence of result :
Browser A displaying BillingShippingHome.jsp
itemnumber = -1
.. change the itemnumber to say, 0 via javascript... and post this
form to Servlet A ...
goes back to BillingShippingHome.jsp
itemnumber now = 0 [correct]
Browser B now displays BillingShippingHome.jsp
itemnumber = 0! [should be -1]
What gives?
-Original Message-
From: Tim Funk [mailto:[EMAIL PROTECTED]
Sent: Monday, July 28, 2003 07:53
To: Tomcat Users List
Subject: Re: Strange request.setAttribute() problem
This is the correct behavior. In this scenario, you are operating on
the
request, not the session.
request.getParameter -- Get stuff from the query string (or input
stream if
post) - a per request thing
request.setAttribute -- Set an attribute in the life of this
particular
request
-Tim
Charles So wrote:
Hello, I come across a problem with TC4.1.24 and hope fellow list
users
can help me...
I set a variable in a servlet by calling:
request.setAttribute(itemnumber,
Integer.valueOf(Integer.toString(itemnumber)));
A JSP will then detect if this variable exists or not by:
if ( request.getParameter(itemnumber) != null ) {
try {
itemnumber =
Integer.parseInt((String)request.getParameter(itemnumber));
} catch (NumberFormatException ex) {
System.out.println(No);
}
}
I have two different web browsers opened (say, one IE and
one Opera),
and both eventually will come to the page containing the
code above.
The strange thing is that if the variable itemnumber is
set via IE,
the same itemnumber will be seen at Opera!
This shouldn't happen as both have different session ID, and are
completely unrelated.
Who has come across this problem? How can I work around this?
Thanks!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat not working properly
Greetings, My index.jsp page running under tomcat 4.1.12 shows code https://placeanad.classifiedmarketplace.net/AdWebster/ What do I need to do to the conf file to make it process the jsp? Thanks, Bobbie Bobbie Atristain Internet Systems Administrator - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A problem with configuring tomcat with apache.
Hi John, Then what do you think I should use? Thanks, Joe On Mon, 2003-07-28 at 12:17, John Turner wrote: Sounds like you have mod_webapp loaded anyway. Is it statically linked or somehing? Sorry, I don't use mod_webapp (and you shouldn't, either! ;) ), so I can't help much beyond the basic Apache-related config stuff like LoadModule and AddModule. John J. Joe Wang wrote: Hi John, Thanks for the reply! Yeah, there is only one LoadModule/AddModule pair for mod_webapp. Here is the LoadModule/AddModule block in my httpd.conf. LoadModule php4_modulelibexec/libphp4.so LoadModule webapp_module libexec/mod_webapp.so AddModule mod_webapp.c The line 1035 is IfModule mod_webapp.c The line 1036 is WebAppConnection warpConn warp localhost:8008 The line 1037 is WebAppDeploy examples warpConn /examples The line 1038 is WebAppInfo /webapp-info And the line 1039 (last line of httpd.conf) /IfModule If I remove line 1037 and 1038, then the apache can be started. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
