RE: Spam on tomcat-user?
Hi, I contacted the technical and administrative owner of the source (as reported by the mail header) of the spam. (rzone.de and webmailer.de) Let's see what happens. Probably nothing, but it's good to try. I've unsubscribed the address from the list, so hopefully we're all set. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat ports
Hi, You will also have to run Tomcat as root if you use port 80. No, you don't. You can use commons-daemon which ships with tomcat 5 to run either tomcat 5 or tomcat 4.1 on port 80 (or any port 1024) without running as root. Yoav Shapira -Original Message- From: Reynir Þór Hübner [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 2:30 PM To: Tomcat Users List Subject: Re: Tomcat ports Hi, Try opening up /tomcat-home/conf/server.xml there you can set the connector to use what ever port you like. (try searching for 8080). hope it helps -reynir Ralph Merrick wrote: Can anyone tell me, how to configure tomcat to work with a port, less than 1024, port 80 to be exact. Thanks a ton - Do you Yahoo!? Yahoo! Search - Find what you're looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Classloader issues in tomcat 4.1.x (SDK1.4.2), using multi-containers
We are trying to setup a Tomcat Service for our developers. The intention is that our platform is to be consolidated, meaning we will be running multiple Tomcat Containers under a single Tomcat installation (in this case 4.1.29). We work with a number of scientists who have paid for a 3rd Party application that was certified using the LE version of Tomcat. For various reasons, we do not want to manage a seperate Tomcat Platform just for one application. The vendor chose to throw a version of the xerces.jar file into their /WEB-INF/lib directory. Since the LE version does not come with any xerces jars in the /common/endorsed directory, the application works fine in the LE version, but when we try to port it over to our Full Edition, it fails with a java.lang.VerifyError We have kept the default jar files in the /common/endorsed directory (xerces.jar, xercesImpl.jar, and xmlParser.jar), and other applications are referencing them. If I remove the xerces.jar and xercesImpl.jar from the /endorsed directory, the application works, but this is not an acceptable solution, because other applications are using these jar's. I also cannot modify the vendor's code-base, else it nulls our support agreement for the application. SoI need some help :) Is there a way to force the Container to use the applications xerces.jar file without impacting the applications functions? I thought of two possibilities: 1. modify the -D argument for the endorsed.dirs directory, so that I can seperate out their version of the jar file from the install base and not impact other applications. 2. use the loader element to turn delegation to true. Any assistance is appreciated, David Henry - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Re: Apache as Service on Linux - Help
Mathew, Yes. I want to run Apache and Tomcat as servcices. Thanks, Rama Mathew [EMAIL PROTECTED] wrote: As service in Linux ?? In NT U can do that Hi All, Is there any way to install Apache2 and Tomcat4 as service on Linux? If so, please advise me. Your help is greatly appreciated. Regards, Rama - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
hung tomcat problem
Hello, we are currently using the following setup: * Tomcat 4.1.24-LE * Apache 1.3.27 * mod_jk 1.2.4 * Sun JVM 1.4.1_05 * all running on Linux RH 8.0 For quite some time now, our website has been encountering a hung tomcat problem at random times. The symptoms are typically: * Apache server status scoreboard shows a max number of connections in the W state (waiting for reply). * top shows one tomcat process (thread) is using 99.9% of CPU and in S state (sleeping) * Tomcat takes forever to service connections, but it is still running * Even after the server is taken offline and the number of apache connections has dropped to 0, tomcat is still sluggish and still has one thread that is hogging CPU Apparently, this seems to be a common problem based on some googling and digging through the archives. Particularly noteworthy are some new mod_jk additions that will debut in mod_jk 1.2.6. The Tomcat Workers HowTo document (http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk/workershowto.html) lists several parameters that have been added specifically to deal with a hung tomcat problem (eg: connect_timeout, prepost_timeout, reply_timeout, recover_options). This leads me a a few questions: What exactly is the nature of this hung tomcat problem? It is intrinsically a tomcat issue or is it a problem with a badly behaved app? How can I determine what is causing the hang? Is there something in the archives that I am completely missing? Also: Any news on when mod_jk 1.2.6 will be available? Are the new config parameters merely a band-aid or a real solution? Thanks! Mike C - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Development Environment on a pen drive
I am thinking about setting up a development environment on my USB flash drive as I would like to be able to do some work/demonstrate to customers on the move and was wondering if anyone else had done it before or if it was possible. Any assistance would be appreciated Cheers Andrew
RE: Filter causing memory on TC-5.0.18 and 5.0.19
Hi, We also are experiencing memory leaks in tomcat since we upgraded from 5.0.16 to 5.0.19. In particular I found out that web app sessions will not timeout with session-timeout=1 (or rather it will, but not after 1 minute): session-config session-timeout1/session-timeout /session-config using StandardManager. Does 5.0.19 honor session-timeout parameter at all? The output of /manager/sessions?path=/testcontext is: - OK - Session information for application at context path /testcontext Default maximum session inactive interval 1 minutes 60 - 70 minutes:2 sessions - Regards, Vlad Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 1:53 PM To: Tomcat Users List Subject: RE: Filter causing memory on TC-5.0.18 and 5.0.19 Hi, We search hard in the archive and found many, many questions in regards of this. Can you please point out specific messages or threads in the archives that ask about a filter causing a tomcat memory leak? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter causing memory on TC-5.0.18 and 5.0.19
Hi, We also are experiencing memory leaks in tomcat since we upgraded from 5.0.16 to 5.0.19. In particular I found out that web app sessions will not timeout with session-timeout=1 (or rather it will, but not after 1 minute): What is it recently with people hijacking threads? Please use a separate thread for the session timeout question, this one is about filters. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk
Chris Haines said: I spent nine hours trying to get mod_jk to compile properly for Linux but had no luck. I wanted to download the binary but couldn't find one. So, I downloaded the source code. The instructions I had were full of misinformation. Then I got to a point where I seemed to have gotten close when I tried compiling it. I typed: ./configure -with-apxs=/usr/local/apache/bin/apxs -with-apache13=/usr/local/apache but, the program kept failing and would tell me that it couldn't find apxs. Thr problem may be that you didn't first compile Apache with --enable-module=so, if you don't do this you won't be able to build mod_jk (yes, the mod_jk install docs suck big time!), and I have never been able to find a binary for Linux... Here's what works (butchered from my own Apache + ModSSL build instructions) 1) in the Apache (source dist) directory (eg /usr/local/src/apache_1.3.29) ./configure --prefix=/usr/local/apache --enable-module=so make 2) build the mod_jk cd /usr/local/src/jakarta-tomcat-connectors-jk-1.2.5-src/jk/native ./buildconf.sh ./configure --with-apxs=/usr/local/apache/bin/apxs --enable-EAPI [Make sure apache built with --enable-module=so otherwise you get can't find apxs error!] mkdir /usr/local/apache/modules cp apache-1.3/mod_jk.so /usr/local/apache/modules That should help you out. Good luck! John Sidney-Woollett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter causing memory on TC-5.0.18 and 5.0.19
Sorry about that. I was thinking that those issues are related. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:54 PM To: Tomcat Users List Subject: RE: Filter causing memory on TC-5.0.18 and 5.0.19 Hi, We also are experiencing memory leaks in tomcat since we upgraded from 5.0.16 to 5.0.19. In particular I found out that web app sessions will not timeout with session-timeout=1 (or rather it will, but not after 1 minute): What is it recently with people hijacking threads? Please use a separate thread for the session timeout question, this one is about filters. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache as Service on Linux - Help
Rama, What Mathew is talking about is that Linux does not have services as windows does. I think that the term you need to search for is daemon. Or google for run Tomcat daemon. Tomcat 5 has instructions for this on the setup page. I don't know if this can be applied to TC4. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/setup.html Hope this helps. Doug www.parsonstechnical.com - Original Message - From: Apahce Tomact [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, March 08, 2004 10:27 AM Subject: Re: Apache as Service on Linux - Help Mathew, Yes. I want to run Apache and Tomcat as servcices. Thanks, Rama Mathew [EMAIL PROTECTED] wrote: As service in Linux ?? In NT U can do that Hi All, Is there any way to install Apache2 and Tomcat4 as service on Linux? If so, please advise me. Your help is greatly appreciated. Regards, Rama - Do you Yahoo!? Yahoo! Search - Find what you're looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Search - Find what you're looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Arabic encoding problem
Hi, It's likely that request.getCharacterEncoding() is not null at that point(most likely iso-8859-1). A better conditional statement: if (request.getCharacterEncoding()==null) || ! request.getCharacterEncoding().equals(windows-1256)) {} Cheers:). -Yan -Original Message- From: vijaya prasad pala [mailto:[EMAIL PROTECTED] Sent: Sunday, March 07, 2004 2:36 AM To: [EMAIL PROTECTED] Subject: Arabic encoding problem Hi i am reading arabic text from oracle database. if i am displaying that text in that page it ok. if i am passing the same arabic string to another page then in that page it is displaying in ?. i tried like this if(request.getCharacterEncoding()==null) request.setCharacterEncoding(windows-1256); linkString = request.getParameter(linkLine); userString = request.getParameter(userLine); Here my problem is passing string from one page to another page... Thanks in Advance vijay __ Do you Yahoo!? Yahoo! Search - Find what you're looking for faster http://search.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNI?
I have a bean which relies on a native dll (win32). When a page using the bean attempts to use one of the native methods, the page fails org.apache.jasper.JasperException: loadBook at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:254) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) I'm assuming the dll is just not being found since the bean works fine from a command line java app. Where would the correct place to put that dll be? Or even better, anyone know of any documentation/articles about using JNI with tomcat? (I read in digest mode, please reply-to-all, thanks) Thanks, -Marc - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (s ticky sessions) possible ? Yes !
Thanks a lot, Ralph. After some work on the jvmroute-attrib it works. Didn't realize that the names must be exactly equal to the Worker names. But now, thinking about it, it's the only way it makes sense. -- MfG Björn Andersen _ Webservices -Ursprüngliche Nachricht- Von: Ralph Einfeldt [mailto:[EMAIL PROTECTED] Gesendet: Montag, 8. März 2004 13:29 An: Tomcat Users List Betreff: RE: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? I can just answer one question of yours: 'How do these sticky sessions work anyway' Tomcat appends a engine specific postfix to the session id. (That's why you have to define a jvmroute in the engine tag) An incoming request is balanced depending on the included postfix of the session id. (Under mod_jk there is a mapping between jvmroute and the name of the worker) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? How do these sticky sessions work anyway ? Is there a docu or will I have to go through the source ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hotswap servlet code in Tomcat 5?
Thanks. I try this, but it is different from what I expected. In my doGet() of my servlet, I have a Counter object in my session. When I reload the page in my browser, I see the value of the counter increments. (say from 0 to 1 to 2). Then I go to the Tomcat manager web page, and then undeploy the original servlet, and deploy a newer version of the same servlet (context name is the same). The value of the counter starts from 0 again when I reload the page again. The difference between the orginal servlet and the new servlet is the name of the Method inc(). I rename it to newInc() in the new servlet. I am expecting the value of the counter will be 3 when I reload the browser after I undeploy/deploy the servlet. Is this a correct assumption? Here is the portion of the doGet() method in my servlet. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession session = request.getSession(true); Counter sessionCounter = (Counter) session.getAttribute(session_counter); if (sessionCounter == null) { sessionCounter = new Counter(); session.setAttribute(session_counter, sessionCounter); } // rename inc() to newInc() sessionCounter.inc(); out.println(session counter =); out.println(sessionCounter.getValue()); } -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 7:44 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, If the objects in the session is serialized to the disk and then re-serialized when I re-deploy my servlet, what happens if the class in my newer version of my servlet has - added/removed methods/attributes in the class - added/removed static variables in the class How will the hotswap work? One has nothing to with the other, unless you're design is so bad that it places a instance of your servlet class as a session attribute. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hotswap servlet code in Tomcat 5?
Hi, Is Counter Serializable? Yoav Shapira Millennium ChemInformatics -Original Message- From: Samuel Cheung [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 12:15 PM To: 'Tomcat Users List' Subject: RE: Hotswap servlet code in Tomcat 5? Thanks. I try this, but it is different from what I expected. In my doGet() of my servlet, I have a Counter object in my session. When I reload the page in my browser, I see the value of the counter increments. (say from 0 to 1 to 2). Then I go to the Tomcat manager web page, and then undeploy the original servlet, and deploy a newer version of the same servlet (context name is the same). The value of the counter starts from 0 again when I reload the page again. The difference between the orginal servlet and the new servlet is the name of the Method inc(). I rename it to newInc() in the new servlet. I am expecting the value of the counter will be 3 when I reload the browser after I undeploy/deploy the servlet. Is this a correct assumption? Here is the portion of the doGet() method in my servlet. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession session = request.getSession(true); Counter sessionCounter = (Counter) session.getAttribute(session_counter); if (sessionCounter == null) { sessionCounter = new Counter(); session.setAttribute(session_counter, sessionCounter); } // rename inc() to newInc() sessionCounter.inc(); out.println(session counter =); out.println(sessionCounter.getValue()); } -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 7:44 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, If the objects in the session is serialized to the disk and then re-serialized when I re-deploy my servlet, what happens if the class in my newer version of my servlet has - added/removed methods/attributes in the class - added/removed static variables in the class How will the hotswap work? One has nothing to with the other, unless you're design is so bad that it places a instance of your servlet class as a session attribute. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Entity Declarations in JSP/XML
If you really want add internal entity declarations in you jspx, maybe you should enter a feature request at http://issues.apache.org/bugzilla/. And you can change the org.apache.jasper.compiler.JspDocumentParser source, modify the startDTD(...) method to fit your need. and if you don't want to change the Jasper source code, you can implements SAXParserFactory, and set the javax.xml.parsers.SAXParserFactory system property to your owner implemention, and in its newSAXParser() method, return your owner SAXParser, and in SAXParser.getXMLReader() method, return your owner XMLReader and override the setErrorHandler(...) method catch the JspDocumentParser.ENABLE_DTD_VALIDATION_EXCEPTION exception. for more detail, I think you can see JspDocumentParser.getSAXParser(...) method. Thanks for the info. Do you know though what would be the proper approach to deal with that problem. How can I make it so tha the JSP compiler is satisfied with the JSP and the jsp:root declaration and my additional entity declarations? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hotswap servlet code in Tomcat 5?
Sorry, it is my fault. Now I understanding. Sam -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 11:20 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, Is Counter Serializable? Yoav Shapira Millennium ChemInformatics -Original Message- From: Samuel Cheung [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 12:15 PM To: 'Tomcat Users List' Subject: RE: Hotswap servlet code in Tomcat 5? Thanks. I try this, but it is different from what I expected. In my doGet() of my servlet, I have a Counter object in my session. When I reload the page in my browser, I see the value of the counter increments. (say from 0 to 1 to 2). Then I go to the Tomcat manager web page, and then undeploy the original servlet, and deploy a newer version of the same servlet (context name is the same). The value of the counter starts from 0 again when I reload the page again. The difference between the orginal servlet and the new servlet is the name of the Method inc(). I rename it to newInc() in the new servlet. I am expecting the value of the counter will be 3 when I reload the browser after I undeploy/deploy the servlet. Is this a correct assumption? Here is the portion of the doGet() method in my servlet. public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession session = request.getSession(true); Counter sessionCounter = (Counter) session.getAttribute(session_counter); if (sessionCounter == null) { sessionCounter = new Counter(); session.setAttribute(session_counter, sessionCounter); } // rename inc() to newInc() sessionCounter.inc(); out.println(session counter =); out.println(sessionCounter.getValue()); } -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, March 05, 2004 7:44 AM To: Tomcat Users List Subject: RE: Hotswap servlet code in Tomcat 5? Hi, If the objects in the session is serialized to the disk and then re-serialized when I re-deploy my servlet, what happens if the class in my newer version of my servlet has - added/removed methods/attributes in the class - added/removed static variables in the class How will the hotswap work? One has nothing to with the other, unless you're design is so bad that it places a instance of your servlet class as a session attribute. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat monitor comp
Will this allow me to monitor multiple servers at one times? Or is it for localhost only? -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Saturday, March 06, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: tomcat monitor comp http://cvs.apache.org/~woolfel/monitor-comp.gif I've posted a screen shot of the UI, it's just the beginning, but it should give an idea. I'm hoping to have a working version in 3 weeks. peter lin - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
clustering question?
I am getting the following info in my log file. Mar 8, 2004 12:45:10 PM org.apache.catalina.cluster.tcp.SimpleTcpCluster start INFO: Cluster is about to start Mar 8, 2004 12:45:10 PM org.apache.catalina.cluster.tcp.ReplicationListener run SEVERE: Unable to start cluster listener. java.net.SocketException: Address already in use at sun.nio.ch.Net.bind(Native Method) at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:108) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:59) at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:52) at org.apache.catalina.cluster.tcp.ReplicationListener.listen(ReplicationListener.java:148) at org.apache.catalina.cluster.tcp.ReplicationListener.run(ReplicationListener.java:129) at java.lang.Thread.run(Thread.java:534) Mar 8, 2004 12:45:10 PM org.apache.catalina.cluster.mcast.McastService start INFO: Sleeping for 2000 secs to establish cluster membership 2004-03-08 12:45:13,151 [main] DEBUG (ManagerBase.java:671) - Registering Tomcat-Standalone:type=Manager,path=/,host=etrak-plus.com 2004-03-08 12:45:13,156 [main] DEBUG (StandardManager.java:697) - Force random number initialization starting 2004-03-08 12:45:13,157 [main] DEBUG (ManagerBase.java:555) - Opening /dev/urandom 2004-03-08 12:45:13,158 [main] DEBUG (ManagerBase.java:366) - Getting message digest component for algorithm MD5 2004-03-08 12:45:13,158 [main] DEBUG (ManagerBase.java:380) - Completed getting message digest component 2004-03-08 12:45:13,159 [main] DEBUG (ManagerBase.java:383) - getDigest() 1 2004-03-08 12:45:13,160 [main] DEBUG (StandardManager.java:700) - Force random number initialization completed 2004-03-08 12:45:13,161 [main] DEBUG (StandardManager.java:406) - Start: Loading persisted sessions 2004-03-08 12:45:13,161 [main] DEBUG (StandardManager.java:416) - Loading persisted sessions from SESSIONS.ser 2004-03-08 12:45:13,165 [main] DEBUG (StandardManager.java:430) - Creating custom object input stream for class loader 2004-03-08 12:45:13,171 [main] DEBUG (StandardManager.java:460) - Loading 0 persisted sessions 2004-03-08 12:45:13,172 [main] DEBUG (StandardManager.java:507) - Finish: Loading persisted sessions Here is the cluster info that i have in my server.xml. Cluster className=org.apache.catalina.cluster.tcp.SimpleTcpCluster name=etrakCluster1 managerClassName=org.apache.catalina.cluster.session.DeltaManager expireSessionsOnShutdown=false useDirtyFlag=true Membership className=org.apache.catalina.cluster.mcast.McastService mcastAddr=228.0.0.106 mcastPort=45100 mcastFrequency=500 mcastDropTime=3000/ Receiver className=org.apache.catalina.cluster.tcp.ReplicationListener tcpListenAddress=auto tcpListenPort=4001 tcpSelectorTimeout=100 tcpThreadCount=6/ Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ Valve className=org.apache.catalina.cluster.tcp.ReplicationValve filter=.*\.gif;.*\.js;.*\.jpg;.*\.htm;.*\.html;.*\.txt;/ /Cluster my mcastAddr range is from 228.0.0.106 - 228.0.0.115 and the ports run from 45100-45109. Note each host has its own cluster entry and i have 10 different hosts. This is on tomcat 5.0.19 running on slackware 9.X Would i need to reboot the server to clear this up? Is this a problem with clustering or could it be a setup problem on my part. Thanks, Daniel Schulken --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.598 / Virus Database: 380 - Release Date: 2/28/2004
RE: tomcat monitor comp
Great! good work.. -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Saturday, March 06, 2004 4:03 PM To: [EMAIL PROTECTED] Subject: tomcat monitor comp http://cvs.apache.org/~woolfel/monitor-comp.gif I've posted a screen shot of the UI, it's just the beginning, but it should give an idea. I'm hoping to have a working version in 3 weeks. peter lin - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat monitor comp
it will be a standard part of JMeter. If you haven't used JMeter before here's a quick description. 1. you add a monitor to a test plan 2. add the kind of timer you would like to use. for the monitor, a constant timer makes the most sense, but some one could use a random timer 3. add the sampler. JMeter can send ftp, http, jdbc, tcp, java, ldap and webservice requests 4. add other configuration properties like authentication manager for status servlet 5. add the monitor result listener at the top level JMeter wraps the responses in a object called SampleResult. All status results will get added to the health tab using protocol+host+port as the key. I like to run benchmarks regularly on the apps I'm developing, but usually I have to run them manually and use top. I started thinking about a monitor plugin for JMeter, so that I can automate the process when the status servlet was added. As long as the server provides status information and can output the right format, JMeter should be able to send requests to get the information. I hope that answers your question. peter lin Angus Mezick [EMAIL PROTECTED] wrote: Will this allow me to monitor multiple servers at one times? Or is it for localhost only? - Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard
JNDI DataSource clarification questions.
Now I am to the point of needing some clarification on JNDI. Current config. TC 4.1.29 Standalone RH 9 Planned config TC 5 (latest stable) TAO Linux (Approx RH Enterprise) I am running an application and using JNDI against MySQL. All is working fine but! 1. I deploy via a war file. I must restart tomcat in order to see the datasource after I remove and redeploy an app. If someone knows a solution please advise. I am assuming that Tomcat must reread the server.xml in order to pick up the ResourceLink. 2. With TC 5 I understand that the context portion can be contained in the war and thus will be read upon deployment. Does this also mean that a restart is not required? Thanks, Doug www.parsonstechnical.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache as Service on Linux - Help
Hi Doug, Thank you very much for your info. Regards, Rama Parsons Technical Services [EMAIL PROTECTED] wrote: Rama, What Mathew is talking about is that Linux does not have services as windows does. I think that the term you need to search for is daemon. Or google for run Tomcat daemon. Tomcat 5 has instructions for this on the setup page. I don't know if this can be applied to TC4. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/setup.html Hope this helps. Doug www.parsonstechnical.com - Original Message - From: Apahce Tomact To: Tomcat Users List ; Sent: Monday, March 08, 2004 10:27 AM Subject: Re: Apache as Service on Linux - Help Mathew, Yes. I want to run Apache and Tomcat as servcices. Thanks, Rama Mathew wrote: As service in Linux ?? In NT U can do that Hi All, Is there any way to install Apache2 and Tomcat4 as service on Linux? If so, please advise me. Your help is greatly appreciated. Regards, Rama - Do you Yahoo!? Yahoo! Search - Find what you're looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Search - Find what you're looking for faster. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Tomcat 5 and IIS
I am looking for an alternative to our current environment. Currently we = are using JRun 3.0 for our Java needs and IIS for our web configuration. = Our environment requires our use of IIS. With regard to JRun, we = recently installed our upgrade to version 4.0 only to find functionality = we require has been removed and the configuration steps have become more = complicated. We house multiple web applications and have several JRun = server instances running concurrently on our server. With the 4.0 = version we have been told by Macromedia that we need to install a = separate JRE instance for each JRun instance and copy and modify their = jvm.config file as well plus several other steps. This was never the case with the 3.0 version, but the 3.0 version is no = longer capable of supporting our needs. I have been looking at Tomcat 5.0 and replacement but was wondering how = difficult it is to configure with IIS and support multiple web = applications. I did find an article that talked about JK2.0 but it = mentioned the prerequisite of configuring Apache. If this is true, isn't = that a bit cumbersome since IIS has to be our web server? Any clarification would be greatly appreciated. Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JNDI Datasource Reference in DD Not Necessary?
Hello For some time now I have implemented the Tomcat 'JNDI DataSource' How-To on connection pooling, and everything has been fine. I define a resource in the context fragment: Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/postgres ... /ResourceParams And a resource reference to it in the deployment descriptor: resource-ref descriptionDB Connection/description res-ref-namejdbc/postgres/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref And then do a JNDI lookup at runtime: return ( DataSource )new InitialContext(). lookup( java:comp/env/jdbc/postgres ); Magic. The other day I noticed that the resource reference in my deployment descriptor was actually broken - the name did not match that defined in the context - and yet my application was still working - perfectly. When I thought about it, it occurred to me that the resource reference in the deployment descriptor may not actually be necessary. So I deleted the resource reference from the web.xml file, and everything still works as expected. Can anyone enlighten me? Many thanks in anticipation. Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
cookies, second instance of, causing tomcat 500 error
Hi All, any help solving this mystery is more than welcome: problem summary: i am using the identical cookie setting and getting code on different pages within WEBAPPS/ROOT, but second instance of setting and getting cookies is causing undecipherable 500 error in Tomcat. -paul. i have an application in webapps/ROOT that uses cookies to keep track of user session information. within the same directory, i have added independent pages that also set cookies in same manner, eg. response.addCookie(new Cookie(ID, xID)); then the cookie name and value are retrieved as follows on separate page: Cookie[] cookies = request.getCookies(); However, after adding additional cookie pages, whenever i try to submit additional page that sets cookie, and then forwards to next page that retrieves cookie, i get very long HTTP Status 500 error from Apache Tomcat/4.1.27-LE-jdk14 part of which is as follows: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:254) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:684) ...root cause javax.servlet.ServletException at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:536) ...
Tomcat is not finding my classes
Tomat 4.1.27 on Solaris 8 I've spent the past two days reading about classloaders and from what I've read my problem should not exist. Tomcat is not finding classes/jars in $TOMCAT_HOME/shared classes/lib. The only way I can get my classes loaded is to put them in $TOMCAT_HOME/webappx/WEB-INF/classes or $TOMCAT_HOME/webappx/WEB-INF/lib. Does anyone know what could cause this, I've search the bug list but can't find anything. The shared classloader does not seem to be functioning at all. One thing of note. I noticed the Tomcat Docs have a few jar files listed as being default for the shared/lib directory but on my installation they are in common/lib. Is this a problem or out of date docs? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat is not finding my classes
I don't know if this will help but I've had the same problem in the past and I started putting classes in $TOMACT_HOME/common/lib. This has worked great for everything that was not appropriate for the WEB-INF/lib. Ben -Original Message- From: Faine, Mark [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:21 PM To: '[EMAIL PROTECTED]' Subject: Tomcat is not finding my classes Tomat 4.1.27 on Solaris 8 I've spent the past two days reading about classloaders and from what I've read my problem should not exist. Tomcat is not finding classes/jars in $TOMCAT_HOME/shared classes/lib. The only way I can get my classes loaded is to put them in $TOMCAT_HOME/webappx/WEB-INF/classes or $TOMCAT_HOME/webappx/WEB-INF/lib. Does anyone know what could cause this, I've search the bug list but can't find anything. The shared classloader does not seem to be functioning at all. One thing of note. I noticed the Tomcat Docs have a few jar files listed as being default for the shared/lib directory but on my installation they are in common/lib. Is this a problem or out of date docs? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat as a Windows Service and the security manager
Hello All, Platform: Windows XP / Tomcat 4.1 and 5.0 If I invoke Tomcat from the command line as catalina run -security, then the security manager loads, however how do I get the Tomcat running as a service to invoke the security manager? I have tried putting -security in the optional parameters and even in the imagepath in the registry. Please let me know what works. Thanks -A.J. Ostman ajo at dpzone.com --- [This E-mail scanned for viruses by digiposs.com] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
deploying war to tomcat 5.0.19 via manager app
I'm sorry if this is a well known-issue. I've checked the archives and didn't find anything like this description, so here goes. I have a web app in a war file, with a META-INF/context.xml that looks like this: Context path=/dept/post/vale docBase=vale debug=0 reloadable=true crossContext=false Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_vale_log. suffix=.txt timestamp=true/ /Context That is, I want the context to be /dept/post/vale. I don't really care where the docBase is, but I have had major problems trying to make it nested, as in docBase=dept/post/vale...it seems like Tomcat doesn't like webapps that contain nested path names? Or am I wrong here? Anyway, when I upload this war file, I observe two strange things. I will occasionally get an error in the Tomcat logs complaining that the context /dept/post/vale is already in use, even when I have made sure there are no such web apps on the machine (ie. I've deleted the work directory, the conf files, and the actual web app directory and war file.). The actual error is: Mar 8, 2004 1:42:53 PM org.apache.catalina.startup.HostConfig deployDescriptors SEVERE: Error deploying configuration descriptor vale.xml java.io.IOException: java.lang.IllegalStateException: Context path /dept/post/vale is already in use at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.j ava:525) at org.apache.catalina.core.StandardHost.install(StandardHost.java:906) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:527 ) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:472) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1073) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:372) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:166) at org.apache.catalina.core.StandardHost.backgroundProcess(StandardHost.java:84 3) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processC hildren(ContainerBase.java:1662) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processC hildren(ContainerBase.java:1671) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(Cont ainerBase.java:1651) at java.lang.Thread.run(Thread.java:534) Then, the other strange thing I observe, is that there are TWO web apps listed in the manager console after I have uploaded the single war, one named dept/post/vale and one simply named /vale. My main question is, is this normal behavior? If so, why does it work this way? Am I doing something wrong, or not understanding something about deploying a war file via the manager app? Thanks in advance, Rob Ross Senior Software Engineer E! Networks [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5
On 03/08/2004 02:57 PM James Agnew wrote: I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Pardon my ignorance, but what is the problem with that? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5
I just like to reduce as much as possible the amount of information that a server gives out. Letting oppotunist crackers, who run a 1 minute nessus scan, know the version and type of the webserver, should IMO be avoided if possible. Sure, it won't put-off the determined cracker, but it might force some to move onto easier prey. Anyway, back to the matter in hand - do you know how one might go about this? Thanks, James On 03/08/2004 02:57 PM James Agnew wrote: I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Pardon my ignorance, but what is the problem with that? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Hiding Apache-Coyote/1.1 banner in Tomcat 5
I used to work with a guy that had a favourite past-time. He'd grep the source for those strings, and them replace them with a MOTD - usually flavoured with monty python references. So if there's no configuration for this, that's one option. (alter the source to return 'empty string' and recompile). -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:03 PM To: Tomcat Users List Subject: Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5 On 03/08/2004 02:57 PM James Agnew wrote: I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Pardon my ignorance, but what is the problem with that? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
session-timeout
Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
What I was implying is that you have effectively disabled it already this way. Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised. Adam On 03/08/2004 11:24 PM James Agnew wrote: So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Disabling PUT and DELETE methods in Tomcat 5 standalone
You've disabled it in the sense that no matter what you type in, you will not be allowed in, but it's not a blackhole or tarpit situation (ie: the server does NOT respond in ANY way to a PUT or DELETE request). In the case of configuring a null role, the server still responds with an authorization request. -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:40 PM To: Tomcat Users List Subject: Re: Disabling PUT and DELETE methods in Tomcat 5 standalone What I was implying is that you have effectively disabled it already this way. Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised. Adam On 03/08/2004 11:24 PM James Agnew wrote: So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: deploying war to tomcat 5.0.19 via manager app
Hi, Context path=/dept/post/vale docBase=vale debug=0 reloadable=true crossContext=false Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_vale_log. suffix=.txt timestamp=true/ /Context That is, I want the context to be /dept/post/vale. I don't really care Maybe it's a problem for the Mapper, as / is a directory separator per SRV.11.1? Don't know. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
server status from console
Hello, I just installed the 5.0.18 version (upgrading from 4.0.4) and I was impressed by the complete server status in the manager. Is there a way to have the same output from the server console instead from a web page? Simone - Simone Chiaretta http://www.piyosailing.com/S www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic Life is short, play hard
RE: server status from console
Hi, I just installed the 5.0.18 version (upgrading from 4.0.4) and I was impressed by the complete server status in the manager. Is there a way to have the same output from the server console instead from a web page? wget or your favorite network client tool, maybe? ;) There's no script that comes with tomcat for this. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
R: server status from console
The idea was using a console so that I don't access the web page. Simone - Simone Chiaretta www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic Life is short, play hard -Messaggio originale- Da: Shapira, Yoav [mailto:[EMAIL PROTECTED] Inviato: lunedì 8 marzo 2004 23.54 A: Tomcat Users List Oggetto: RE: server status from console Hi, I just installed the 5.0.18 version (upgrading from 4.0.4) and I was impressed by the complete server status in the manager. Is there a way to have the same output from the server console instead from a web page? wget or your favorite network client tool, maybe? ;) There's no script that comes with tomcat for this. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jerald Powel wrote: | Hi all, | | I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. Jerald, I don't know the internals of Tomcat's Session management, but there are a few things to think about here that might help. 1) Just by closing the browser does not cause the session to close. 2) You could be putting some shared object into the Session which is not garbage collected when the session itself dies. 3) I believe you can configure a listener to receive an event when a session dies. You could therefore see if they really are being closed. 4) Be careful what you put in the Session. Usually only place small or transient objects into the Session. Don't put any heavy objects, like database connections into the session. 5) There could be a Tomcat bug. :) (unlikely, though) Hope that helps, Seth -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFATPrI5EIB1scRes8RAn7oAJ43yJLv+9GeaQD7LADIuQfk0N5zuQCeJTDl +aFJNg57g77HwvOATT60kB8= =8yG4 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
There's no implementation of the servlet doPut() and doDelete() methods so nothing can actually be put or deleted, but that's true before even creating the security constraint. Yet, testing for PUT and DELETE methods still show that they're enabled. Our security scanners still flag these methods as being available, albeit not exploitable. Is there any way to prevent the server from responding to these methods? I ran the same scan tests on one of our Apache boxes and it can back complete dead on the PUT and DELETE methods i.e. it didn't respond in any way - that's the behaviour we're looking for. Would the same not be possible on Tomcat standalone? Thanks, David - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 08, 2004 11:39 PM Subject: Re: Disabling PUT and DELETE methods in Tomcat 5 standalone What I was implying is that you have effectively disabled it already this way. Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised. Adam On 03/08/2004 11:24 PM James Agnew wrote: So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JK contra JK2 with IIS-Authentification
Have you tried the setting in jk2.proprties #gets tomcat to obtain authentication from jk which gets from IIS request.tomcatAuthentication=false -lp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, 8 March 2004 10:23 PM To: [EMAIL PROTECTED] Subject: JK contra JK2 with IIS-Authentification Hi Group, We used JK 1.2.5 isapi-redirector in our IIS. The IIS authenticates the Users against the domain, and many applications take this info from request.getremoteuser and work with it. With JK2, this doesn't work any more. There is no Username passed to Tomcat. Why? Or anybody knows a workaround? Thanx for your braintime.. -- Björn Andersen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) -Original Message- From: Jerald Powel [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:38 PM To: Tomcat Users List Subject: session-timeout Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. thanks for your input G. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: session-timeout
At 02:37 PM 3/8/2004, you wrote: Hi all, I am experiencing problems with memory management. I load up my app in 10 or 15 browsers where various stuff is put on a session each time. In Windows Task Manager I can see java.exe incrementing by an amount of memory for each browser/app opened. No problem there. In my web.xml I define session-timeout to be 2 minutes. Why after an inactive period of time exceeding 2 minutes, does the memory being used not appear to lessen please? In fact, even I close all browsers the memory being consumed remains at its peak...until a server restart is necessary. I'm dismayed that this topic keeps coming up ... it really should die. There is not a 1-1 correspondence between the memory that you see your task manager report and the amount of actual memory being consumed by your app. It's a problem of perspective -- from the operating system's perspective, the consumer is the java JVM. From your perspective, the consumer is your webapp. When Tomcat requests more memory, the JVM in turn requests more memory from the OS. Just because Tomcat releases memory doesn't mean that the JVM does. You can't use the Task Manager to (reliably) measure your webapp's memory consumption. There is plenty of information about this in the archives or by reading up on JVM memory management for whatever vendor/platform you're running on. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 03:07 PM 3/8/2004, you wrote: My understanding on this topic is perhaps not clearest, but here's what I've been able to glean from watching tomcat-user (amongst others). The VM will not 'release' back to the OS, any memory it grabs during the run of a program. But that doesn't mean that it is currently in use. ex: You've set the vm to start with 125MB memory, with a max size of 256MB. During normal operations, the vm is at 124.99 MB and then someone new logs in. That forces the VM to increase the memory being used (and reported to the OS), possibly all the way to 256MB. Now it's overnight. No one is using the app. Sessions expire, and are garbage collected. The size of the memory in use has gone done, but the memory in use as reported to the OS is still 256MB. I'm sure someone will correct that if it's fundamentally wrong in the slightest aspect. ;) Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
newbie need help whit server naming
is there a way to rite the server name instead off the ip adress in the adress bar? [EMAIL PROTECTED] administrateur http://entre-nous.qc.tc _ MSN Search, le moteur de recherche qui pense comme vous ! http://fr.ca.search.msn.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Loosing sessions when poping a window
Hmm, the popup is this case is definitely accessing a different domain. We have our main site www.foo.com and a secure site for transactions (secure.foo.com). We actually don't care about sessions on the popup secure site because it uses it's own session. The problem appears to be that once the popup has been fired, the main (www.oursite.com.au) site looses it's session. We are also having problems with people who run two browsers on two of our sites. This also causes session lose. Although I am inclined to think that the real problem is the browsers over writing each others cookies. My real problem is that I have not been able to find much doco which discusses session tracking on multiple sites and multiple browsers. So if you know any please link me to it ;-) I have gotten around most of this by setting the cookies domain to be .foo.com with a path of /, but ideally I would like to not have to do this and let Tomcat do it's thing so that we don't have to have cookies enabled. If it was me, I would never have designed it this way, but the system was built by someone else ;-) Ciao D -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Saturday, 6 March 2004 4:18 AM To: 'Tomcat Users List' Subject: RE: Loosing sessions when poping a window We had a cookie problem here at work, and it was all the same domain, and we couldn't figure it out.. until we recognized that foo.com and www.foo.com were two *different* domains, and therefore the browser would treat them differently. So we have apache set up like so: virtual host name: foo.com alias www.foo.com Someone accesses foo.com they're redirected (internally) to login.jsp (under foo.com) then they put in their user/pass and their session is prepopulated. Then they are issued a sendRedirect to 'www.foo.com'. An apparently authenticated user accesses www.foo.com they're redirected (internally) to login.jsp (under www.foo.com) the second authentication then succeeds. In fact they both did, but to the end user it looks like they have to login twice. And of course, it works fine if you just came in through www.foo.com Is the popup perhaps accessing something like this? (looks like the same domain but isn't)? As for this: This may be part of the problem as my research indicates that tomcat regard path changes as being context changes and therefore issues a new session. Does the popup load something from a completely different webapp context? If this is the case, then the jsessionid wouldn't work, because it's tied to the first context. It's not just a 'simple' path change, like on a web server. It's a whole new app. -Original Message- From: Derek Clarkson [mailto:[EMAIL PROTECTED] Sent: Thursday, March 04, 2004 5:25 PM To: 'Tomcat Users List' Subject: RE: Loosing sessions when poping a window Yes, here is my reply to the postings you linked to: Hello everyone, I just found this posting. I have had the same problem. Opening a window causes the session to change. BIG NOTE: I have reproduced this in FireFox - therefore it is NOT IE specific. I solved it by writing a cookie for JSESSIONID explicitly setting the domain to our domain and the path to the root path /. It seems these two parameters are required to solve this. Interestingly enough, when I monitored the cookies being used through out the program, I would regularly see two cookies called JSESSIONID. One my custom built cookie and the other being Tomcats session tracking one. What interesting is that despite setting the domain and path, both cookies returned nulls in these fields. I'm still trying to figure out how Tomcat sees a new window as a new session, although within my app, we are also loading a jsp from a different path. This may be part of the problem as my research indicates that tomcat regard path changes as being context changes and therefore issues a new session. Hope this helps. Derek. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat is not finding my classes
what about tomcat_home\common\lib\x.jar tomcat_home\common\classes\x\x.class and do you use an %@ page=x.* % type tag in your jsp files? - Original Message - From: Faine, Mark [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 08, 2004 4:20 PM Subject: Tomcat is not finding my classes Tomat 4.1.27 on Solaris 8 I've spent the past two days reading about classloaders and from what I've read my problem should not exist. Tomcat is not finding classes/jars in $TOMCAT_HOME/shared classes/lib. The only way I can get my classes loaded is to put them in $TOMCAT_HOME/webappx/WEB-INF/classes or $TOMCAT_HOME/webappx/WEB-INF/lib. Does anyone know what could cause this, I've search the bug list but can't find anything. The shared classloader does not seem to be functioning at all. One thing of note. I noticed the Tomcat Docs have a few jar files listed as being default for the shared/lib directory but on my installation they are in common/lib. Is this a problem or out of date docs? Thanks, -Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Entity Include Into web.xml w/ Tomcat 5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello, I've been precompiling my JSPs w/ ant, and I would like to include the web.xml snippet that results from the ant task into my web.xml. All of the examples of using a DOCTYPE ENTITY I've see are for servlet spec 2.3, which uses a DTD. Is there a way, with servlet spec 2.4 and its XML Schema, to include an XML snippet into the web.xml? For instance, I've been trying versions of this: !DOCTYPE web-app [ ~ !ENTITY compiled_jsps SYSTEM compiled_jsp.xml ] But no luck. Any ideas or tips? Thanks very much! Seth -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFATRFw5EIB1scRes8RAjfFAJ9k+oxWbO4L12Smx4SIhkz5HgTYwQCffLbo VJ8681O0MSQIo8NK7+wfRGg= =68++ -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? thnx G. Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
cookies and forward tag interact
does anyone know if cookies interact in any way with jsp forward tag? -paul - Original Message - From: Paul [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:43 PM Subject: cookies, second instance of, causing tomcat 500 error Hi All, any help solving this mystery is more than welcome: problem summary: i am using the identical cookie setting and getting code on different pages within WEBAPPS/ROOT, but second instance of setting and getting cookies is causing undecipherable 500 error in Tomcat. -paul. i have an application in webapps/ROOT that uses cookies to keep track of user session information. within the same directory, i have added independent pages that also set cookies in same manner, eg. response.addCookie(new Cookie(ID, xID)); then the cookie name and value are retrieved as follows on separate page: Cookie[] cookies = request.getCookies(); However, after adding additional cookie pages, whenever i try to submit additional page that sets cookie, and then forwards to next page that retrieves cookie, i get very long HTTP Status 500 error from Apache Tomcat/4.1.27-LE-jdk14 part of which is as follows: HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 54) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher. java:684) ...root cause javax.servlet.ServletException at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp l.java:536) ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tar 1.13.93 and jakarta-tomcat-5.0.19.tar.gz errors.
Running version 1.13.93 of tar on linux (debian unstable)... Attempting to untar jakarta-tomcat-5.0.19.tar.gz fails. I confirmed that the file is uncorrupted, and it untars correctly with other versions of tar. This is of course a bug with version 1.13.93 of tar, but I thought I'd point it out to this list, in case anyone else runs into it. And finding some way to package the binary distribution so that the bug didn't matter would also be nice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session-timeout
At 04:50 PM 3/8/2004, you wrote: Hi and thank you to all concerned, Before I close, and consult the doco you talk of (URLs welcome), can you exaplain what you mean by whoever implements the JVM? In this instance, are we talking about Apache/TC developer team? Try these (from a really quick search) to get you started. Look at the terms being used and try searching for other messages along the same lines. http://www.mail-archive.com/[EMAIL PROTECTED]/thrd4.html#119966 http://www.mail-archive.com/[EMAIL PROTECTED]/msg120110.html http://www.mail-archive.com/[EMAIL PROTECTED]/msg111595.html The JVM is the software that you download from Sun. It's the thing that runs *any* java program. Tomcat is one possible program. Point being it's the JVM's responsibility to request memory from the operating system, then provide that memory to the java program running inside it. Just because Tomcat no longer uses the memory (when a session expires, for example), doesn't mean the JVM returns it to the OS. Hope that helps, justin Yes, this is correct. The important point, however, is that memory management is up to whoever implements the JVM. Sun does it one way, another vendor could do it another. This can, of course, also vary between OS's as well. justin __ Justin Ruthenbeck Software Engineer, NextEngine Inc. justinr - AT - nextengine DOT com Confidential. See: http://www.nextengine.com/confidentiality.php __ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RE: NTLM and Post request
String strAuth = request.getHeader(Authorization); if (strAuth == null) { response.setStatus(response.SC_UNAUTHORIZED); response.setHeader(WWW-Authenticate, NTLM); return; } If i return a JSP page with status UNAUTHORIZED, then subsequent POST request will quit working. I don't follow what you are doing. Below is a sample NTLM handshake. 1) C - S GET ... 2) S - C 401 Unauthorized WWW-Authenticate: NTLM 3)C - S GET ... Authorization: NTLM TlRMTVNTUAABA7IAAAoACgApCQAJACBMSUdIVENJVFlVUlNBLU1JTk9S 4)S - C 401 Unauthorized WWW-Authenticate: NTLM TlRMTVNTUAACACgBggAAU3J2Tm9uY2UAAA== 5)C - S GET ... Authorization: NTLM TlRMTVNTUAADGAAYAHIYABgAigAAABQAFABADAAMAFQSABIAYAAA AACiAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMA SQBUAFkArYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT 6)S - C 200 Ok Is the code that you showed was implementing step 2? If so then how have you already authenticated the client, as it the hash is not sent until step 5. Please clarify what step of the NTLM handshake the code is attempting to implement. Better still can you provide the HTTP trace of the conversation between the client and the server. This can be obtained using a TCP sniffer from the Jakarta axis project. OK! -lp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI Datasource Reference in DD Not Necessary?
Harry, Take a look at this page: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/globalresources.html As noted on the page: This is equivalent to the inclusion of the following element in the web application deployment descriptor (/WEB-INF/web.xml): The question is: Is the fragment below inside a context for your application or is in the GlobalNamingResources section? I just swapped mine to Global and dropped the segment in the web.xml. I didn't try it while I had it in the context of the app. Doug www.parsonstechnical.com - Original Message - From: Harry Mantheakis [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:37 PM Subject: JNDI Datasource Reference in DD Not Necessary? Hello For some time now I have implemented the Tomcat 'JNDI DataSource' How-To on connection pooling, and everything has been fine. I define a resource in the context fragment: Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/postgres ... /ResourceParams And a resource reference to it in the deployment descriptor: resource-ref descriptionDB Connection/description res-ref-namejdbc/postgres/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref And then do a JNDI lookup at runtime: return ( DataSource )new InitialContext(). lookup( java:comp/env/jdbc/postgres ); Magic. The other day I noticed that the resource reference in my deployment descriptor was actually broken - the name did not match that defined in the context - and yet my application was still working - perfectly. When I thought about it, it occurred to me that the resource reference in the deployment descriptor may not actually be necessary. So I deleted the resource reference from the web.xml file, and everything still works as expected. Can anyone enlighten me? Many thanks in anticipation. Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple instances of tomcat 4.1.30 with Win2K.
I'm trying to setup multiple instaces of tomcat with Win2K. Here's my directory structure: CATALINA_HOME == C:\programs\jakarta-tomcat-4.1.30 CATALINA_BASE == c:\programs\usr\mo Inside CATALINA_BASE, I have the following directories (using port 8101): conf logs temp webapps work How do I setup 2nd (port 8201) and 3rd (port 8301) instances? Where should I put my startup/shutdown and server.xml files? Thanks, --Kawthar Confidential information may be contained in this e-mail and any files transmitted with it ('Message'). If you are not the addressee indicated in this Message (or responsible for delivery of this Message to such person), you are hereby notified that any dissemination, distribution, printing or copying of this Message or any part thereof is strictly prohibited. In such a case, you should delete this Message immediately and advise the sender by return e-mail. Opinions, conclusions and other information in this Message that do not relate to the official business of Maxis shall be understood as neither given nor endorsed by Maxis. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Steps to follow for SSL
Hi, Can some one tell me what are the steps that I need to follow for installing SSL on Tomcat 5. I have already woked on creating a self cretified certificate and it works good. But when I purchase a certificate what are the steps that I need to do i.e importing the certificate and where to place it so that tomcat can recognize it, etc.. Thank you, Best Regards, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDI Datasource Reference in DD Not Necessary?
Doug, I really hope someone will shed some light on this, because I struggle to make my JNDI DataSource definition working properly with 5.0.19. And it seems the Resources still need to be defined in the server.xml even if the documentation for 5.0.19 is saying you should no longer put your Context definitions in the server.xml, but rather in the context.xml in the META-INF directory packaged with your application. It is supposed to make possible changes in the context without having to restart Tomcat. But, I was not able to make this working as documented... ;-( Since I am a newbie, I sticked as much as possible on the instructions. But, it seems not to work as documented. Le lun 08/03/2004 à 22:21, Parsons Technical Services a écrit : Harry, Take a look at this page: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/globalresources.html As noted on the page: This is equivalent to the inclusion of the following element in the web application deployment descriptor (/WEB-INF/web.xml): The question is: Is the fragment below inside a context for your application or is in the GlobalNamingResources section? I just swapped mine to Global and dropped the segment in the web.xml. I didn't try it while I had it in the context of the app. Doug www.parsonstechnical.com - Original Message - From: Harry Mantheakis [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 08, 2004 3:37 PM Subject: JNDI Datasource Reference in DD Not Necessary? Hello For some time now I have implemented the Tomcat 'JNDI DataSource' How-To on connection pooling, and everything has been fine. I define a resource in the context fragment: Resource name=jdbc/postgres auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/postgres ... /ResourceParams And a resource reference to it in the deployment descriptor: resource-ref descriptionDB Connection/description res-ref-namejdbc/postgres/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref And then do a JNDI lookup at runtime: return ( DataSource )new InitialContext(). lookup( java:comp/env/jdbc/postgres ); Magic. The other day I noticed that the resource reference in my deployment descriptor was actually broken - the name did not match that defined in the context - and yet my application was still working - perfectly. When I thought about it, it occurred to me that the resource reference in the deployment descriptor may not actually be necessary. So I deleted the resource reference from the web.xml file, and everything still works as expected. Can anyone enlighten me? Many thanks in anticipation. Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- === Daniel Savard Consultation Informatique Daniel Savard === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as a Windows Service and the security manager
Try adding '-Djava.security.manager' and '-Djava.security.manager==c:\path\to\catalina\conf\catalina.policy' to your JavaOptions. A.J. Ostman [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello All, Platform: Windows XP / Tomcat 4.1 and 5.0 If I invoke Tomcat from the command line as catalina run -security, then the security manager loads, however how do I get the Tomcat running as a service to invoke the security manager? I have tried putting -security in the optional parameters and even in the imagepath in the registry. Please let me know what works. Thanks -A.J. Ostman ajo at dpzone.com --- [This E-mail scanned for viruses by digiposs.com] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE: NTLM and Post request
Thanks Piccoli. String strAuth = request.getHeader(Authorization); if (strAuth == null) { response.setStatus(response.SC_UNAUTHORIZED); response.setHeader(WWW-Authenticate, NTLM); return; } If i return a JSP page with status UNAUTHORIZED, then subsequent POST request will quit working. I don't follow what you are doing. Below is a sample NTLM handshake. 1) C - S GET ... 2) S - C 401 Unauthorized WWW-Authenticate: NTLM 3)C - S GET ... Authorization: NTLM TlRMTVNTUAABA7IAAAoACgApCQAJACBMSUdIVENJVFlVUlNBLU1JTk9S 4)S - C 401 Unauthorized WWW-Authenticate: NTLM TlRMTVNTUAACACgBggAAU3J2Tm9uY2UAAA== 5)C - S GET ... Authorization: NTLM TlRMTVNTUAADGAAYAHIYABgAigAAABQAFABADAAMAFQSABIAYAAA AACiAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMA SQBUAFkArYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT 6)S - C 200 Ok Is the code that you showed was implementing step 2? If so then how have you already authenticated the client, as it the hash is not sent until step 5. Yes, the following code is for step2 String strAuth = request.getHeader(Authorization);//Check for authorization header if (strAuth == null) { response.setStatus(response.SC_UNAUTHORIZED); //Set the response header to 401 UNAUTHORIZED response.setHeader(WWW-Authenticate, NTLM); //Set WWW-Authenticate to NTLM return; } The above code is equalant to S - C 401 Unauthorized WWW-Authenticate: NTLM If i do the above step, client returns NTLM authorization header and client is authenticated at step 6. After identifying client name and his domain name, I will display a FORM to a user (partially filled),he will fill the remaining entries and submit the form but the problem is im not receiving the data. The main problem is in step 2 part of the code. Just forget about the authentication(step 3 to Step 6), after doing step 2 if i try to do a POST request then it won't work. Regards Ganesh Please clarify what step of the NTLM handshake the code is attempting to implement. Better still can you provide the HTTP trace of the conversation between the client and the server. This can be obtained using a TCP sniffer from the Jakarta axis project. OK! -lp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Disclaimer :- This e-mail message including any attachment may contain confidential, proprietary or legally privileged information.It should not be used by who is not the original intended recipient.If you have erroneously received this message,you are notified that you are strictly prohibited from using, coping, altering or disclosing the content of this message.Please delete it immediatly and notify the sender. Newgen Software Technologies Ltd and / or its subsidiary Companies accept no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of Newgen Software Technologies Ltd and / or its subsidiary Companies, as applicable. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: server status from console
The status page is just a particular JMX dump. You could do the same thing with your favorite JMX console app. Simone - Dev [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] The idea was using a console so that I don't access the web page. Simone - Simone Chiaretta www.piyosailing.com/S Any sufficiently advanced technology is indistinguishable from magic Life is short, play hard -Messaggio originale- Da: Shapira, Yoav [mailto:[EMAIL PROTECTED] Inviato: lunedì 8 marzo 2004 23.54 A: Tomcat Users List Oggetto: RE: server status from console Hi, I just installed the 5.0.18 version (upgrading from 4.0.4) and I was impressed by the complete server status in the manager. Is there a way to have the same output from the server console instead from a web page? wget or your favorite network client tool, maybe? ;) There's no script that comes with tomcat for this. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Application developed for Tomcat 4.1.27 failed to tun with Tomcat 5.0.19....
Dear Tomcat users, I run my web application with Tomcat 4.1.27. My own folder name is myFolder. I put it under webapps folder. I have placed jar , html and jsp pages inside myFolder. I have the folder structure WEB-INF\classes inside myFolder and placed the servelt files there. Its working perfectly. But my client now upgraded his system to have Tomcat 5.0.19. and reported me that the application is not working in the lattest version. Should I configure web.xml/server.xml or change the folder structure specifically to Tomcat 5.0.19? Please suggest me... Thankx Latha - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
RE: RE: NTLM and Post request
If i do the above step, client returns NTLM authorization header and client is authenticated at step 6. No. step 3 the client only send the message contains the host name and the NT domain name of the client. The client is not authenticated at this stage! It requires a further challenge response (step 4-5) before the client is authenticated. The nonce is used by the client to create the LanManager and NT responses. This requires a hashed password which is described in http://www.innovation.ch/java/ntlm.html. All this NTLM stuff is implemented by the jCIFS project. You will have to develop a similar implementation if you don't want to use jCIFS. Good luck! After identifying client name and his domain name, I will display a FORM to a user (partially filled),he will fill the remaining entries and submit the form but the problem is im not receiving the data. My guess is IE is still waiting for the NTLM handshake to complete and hence queuing your submit. -lp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Steps to follow for SSL
Uma Checkout the section entitled 'Installing a Certificate from a Certificate Authority' here: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html You'll need to create a CSR that you send to your Certificate Authority, along with company registration details etc, for the company that has registered the domain name you're securing with a cert. It's important that these details match exactly with the registered owner details for your domain, otherwise there'll be processing delays. I use Thawte for all my secure certs with Tomcat and I've never had any problems. Here are their instructions for setting up a secure cert under Tomcat: http://kb.thawte.com/thawte/thawte/esupport.asp?id=vs15596 If you follow their instructions carefully, you should have no problems, just make sure that you use the same password for the keystore *and* the actual certificate key (just accept default prompt). If you use a password different from the default ('changeit') you'll need to add the keystorePass=your new password attribute to the Connector element. Same thing applies if you choose a different location for your keystore (the default is the home file of the user under whom Tomcat is running). If you change this, then add the keystoreFile=/path/to/keystore attribute to the Connector element. Hope this help, James - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 09, 2004 3:47 AM Subject: Steps to follow for SSL Hi, Can some one tell me what are the steps that I need to follow for installing SSL on Tomcat 5. I have already woked on creating a self cretified certificate and it works good. But when I purchase a certificate what are the steps that I need to do i.e importing the certificate and where to place it so that tomcat can recognize it, etc.. Thank you, Best Regards, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application developed for Tomcat 4.1.27 failed to tun with Tomcat 5.0.19....
Hi, Does your app map all servlets? Or did you (lazily) use the invoker servlet? The invoker servlet comes commented out in Tomcat 5. You have two options: - Correct your app. (My advice, it makes your app more portable) - Uncomment the invoker (Quick kludge, but it also works) Yours, Antonio Fiol S.Latha Kamatchi wrote: Dear Tomcat users, I run my web application with Tomcat 4.1.27. My own folder name is myFolder. I put it under webapps folder. I have placed jar , html and jsp pages inside myFolder. I have the folder structure WEB-INF\classes inside myFolder and placed the servelt files there. Its working perfectly. But my client now upgraded his system to have Tomcat 5.0.19. and reported me that the application is not working in the lattest version. Should I configure web.xml/server.xml or change the folder structure specifically to Tomcat 5.0.19? Please suggest me... Thankx Latha - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster. smime.p7s Description: S/MIME Cryptographic Signature
AW: JK contra JK2 with IIS-Authentification
Hi Piccoli Group, Yes, it works (-ish) with request.tomcatAuthentication=false, but despite of what the switch should do, the Tomcat is still Requesting a full groups-list from the DC / AD every time, even if the IIS has already done the auth. On big systems this creates a not bearable network load and delay. Is this a known prob ? Is my version/config wrong or is it meant to do that ? If yes, why ? -- Björn Andersen _ Webservices -Ursprüngliche Nachricht- Von: Piccoli, Lucio [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 9. März 2004 00:06 An: Tomcat Users List Betreff: RE: JK contra JK2 with IIS-Authentification Have you tried the setting in jk2.proprties #gets tomcat to obtain authentication from jk which gets from IIS request.tomcatAuthentication=false -lp -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, 8 March 2004 10:23 PM To: [EMAIL PROTECTED] Subject: JK contra JK2 with IIS-Authentification Hi Group, We used JK 1.2.5 isapi-redirector in our IIS. The IIS authenticates the Users against the domain, and many applications take this info from request.getremoteuser and work with it. With JK2, this doesn't work any more. There is no Username passed to Tomcat. Why? Or anybody knows a workaround? Thanx for your braintime.. -- Björn Andersen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE: NTLM and Post request
Thanks Piccoli. Ya Im able to authenticate the user. The problem is not in the authentication, it is in the followinng lines of Code. String strAuth = request.getHeader(Authorization); if (strAuth == null) { response.setStatus(response.SC_UNAUTHORIZED); response.setHeader(WWW-Authenticate, NTLM); return; } If i return a JSP page with status UNAUTHORIZED, then subsequent POST request will quit working. //Following are the example code //Try to execute the code and suggest me if there is any problem /*Here i have skipped the steps for authentication bcaz the problem is not in authentication, it is with returning UNAUTHORIZED part of the code.*/ /First.JSP***/ String strAuth = request.getHeader(Authorization); if (strAuth == null) { response.setStatus(response.SC_UNAUTHORIZED); response.setHeader(WWW-Authenticate, NTLM); return; } html form method=post name=frm1 action=/main.jsp target=_self input type=hidden name=Username value= /html /Main.Jsp*/ % System.out.println(Conten Length + request.getContentLength()); //It will be zero String strUsername = request.getParameter(Username); //It will be (null) % html table border=0 width=100% tr td width=50%p align=centerbUsernamme is /b/td td width=50%p align=center%=strUsername%/td /tr /table /html Regards Ganesh - Original Message - From: Piccoli, Lucio [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 08, 2004 6:11 AM Subject: RE: RE: NTLM and Post request Im validating the credentials sent by the IE(Step 3 to Step 6). Successfully got the username and domain name. OK so if I understand you correctly, you are completing step 6 of the NTLM authentication and have returned a HTTP 200 back to IE? Then I will display a form to user in which his name and domain name is filled. user have to fill the remaining entries and submit it. when i try to submit a form, Its data is not received in the subsequent pages. So if I assume that the NTLM auth is complete, then the problem is with some HTTP request on your own servlet. I think from your previous mail, the HTML is using a HTTP POST? If so are any of the values being sent to the servlet? (are you using a servlets ). Might be better if you post the servlet code here so I can have a look OK! -lp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Disclaimer :- This e-mail message including any attachment may contain confidential, proprietary or legally privileged information.It should not be used by who is not the original intended recipient.If you have erroneously received this message,you are notified that you are strictly prohibited from using, coping, altering or disclosing the content of this message.Please delete it immediatly and notify the sender. Newgen Software Technologies Ltd and / or its subsidiary Companies accept no responsibility for loss or damage arising from the use of the information transmitted by this email including damage from virus and further acknowledges that any views expressed in this message are those of the individual sender and no binding nature of the message shall be implied or assumed unless the sender does so expressly with due authority of Newgen Software Technologies Ltd and / or its subsidiary Companies, as applicable. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Disabling PUT and DELETE methods in Tomcat 5 standalone
Running Nessus against our server (Debian Woody + standalone Tomcat 5.0.18) produces a security warning that the PUT and DELETE http methods are enabled in Tomcat. Although these warning were not exploitable, I really need to ensure that these 2 methods are completely disabled. I've spent a good while looking into this, and this is where I'm at so far - I've placed the following in $CATALINA_HOME/conf/web.xml security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Any guidance is very much appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
NT Service terminates
I have Tomcat 4.1.24 running as Windows Service on Windows 2000 Server - hosting a number of applications. I currently have it running When I run a simple load test using Microsoft Stress Tester - as I increase the load I can repeatedly force the Window Service to terminate. I'm only running with a load of 100 users. When I run Tomcat from the command-line as an application and I repeat the test - Tomcat runs fine - performance is fine. No problems. So what is it about running Tomcat as a service that makes it so easy to bring down? I'm tempted to blame the OS - but that doesn't really solve the problem - or explain what the difference is. Has anyone else observed this? Is it possible to get Tomcat to start as an application - on start-up i.e. as if it were a service - but running as an application. Sorry if that's a meaningless question. - Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now
IIS + Tomcat 4.1.x + Load Balancing with session affinity (stick y sessions) possible ?
Hi Group, We got a small webfarm with 2 IIS JK on a WLBS balancer. Behind them are two Tomcat workers on different machines. So we need Session affinity to have the JK choose the right (same) Tomcat for the session. Client (Browser) || WLBS /\ IIS JK IIS JK | \ / | | \/ | | /\ | Tomcat 1 Tomcat 2 It is possible and well described for Apache, like in http://raibledesigns.com/tomcat/ , but I can't find a Howto for IIS. Is this Possible for IIS ? How ? (Versions: IIS v.4, JK 1.2.5, Tomcat 4.1.24, j2sdk 1.4.2) Thanx for your braintime.. -- Björn Andersen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ?
I don't know if your suggested solution works with IIS. But what should work is a solution without sticky sessions. (If that works for you depends on your application) You can use tomcat with session replication: http://www.apache.org/~fhanik/ I'm not aware of the current state of the backport. (The codebase of tc5 had some changes in the last weeks) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 12:49 PM To: [EMAIL PROTECTED] Subject: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? We got a small webfarm with 2 IIS JK on a WLBS balancer. Behind them are two Tomcat workers on different machines. So we need Session affinity to have the JK choose the right (same) Tomcat for the session. Client (Browser) || WLBS /\ IIS JK IIS JK | \ / | | \/ | | /\ | Tomcat 1 Tomcat 2 It is possible and well described for Apache, like in http://raibledesigns.com/tomcat/ , but I can't find a Howto for IIS. Is this Possible for IIS ? How ? (Versions: IIS v.4, JK 1.2.5, Tomcat 4.1.24, j2sdk 1.4.2) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JMX and Model MBean
Hi all, Does Tomcat supports Model Mbean? If so, does it support also the persistence feature of Model MBean? Thanx and regards Marco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (s ticky sessions) possible ?
Thanks, but that is exactly what I need to know. We can't replicate sessions coz our crap Framework can't serialize the sessions. So we depend on sticky sessions to get to the right worker. I thought the code for mod_jk and isapi redirector is quite similar or equal, apart from the interface bit, of cause. So why doesn't it work on IIS ? How do these sticky sessions work anyway ? Is there a docu or will I have to go through the source ? -- Björn Andersen -Ursprüngliche Nachricht- Von: Ralph Einfeldt [mailto:[EMAIL PROTECTED] Gesendet: Montag, 8. März 2004 13:06 An: Tomcat Users List Betreff: RE: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? I don't know if your suggested solution works with IIS. But what should work is a solution without sticky sessions. (If that works for you depends on your application) You can use tomcat with session replication: http://www.apache.org/~fhanik/ I'm not aware of the current state of the backport. (The codebase of tc5 had some changes in the last weeks) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 12:49 PM To: [EMAIL PROTECTED] Subject: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? We got a small webfarm with 2 IIS JK on a WLBS balancer. Behind them are two Tomcat workers on different machines. So we need Session affinity to have the JK choose the right (same) Tomcat for the session. Client (Browser) || WLBS /\ IIS JK IIS JK | \ / | | \/ | | /\ | Tomcat 1 Tomcat 2 It is possible and well described for Apache, like in http://raibledesigns.com/tomcat/ , but I can't find a Howto for IIS. Is this Possible for IIS ? How ? (Versions: IIS v.4, JK 1.2.5, Tomcat 4.1.24, j2sdk 1.4.2) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (s ticky sessions) possible ?
New code in cvs i've found for jk2 isapi fll for IIS5 does support sticky sessions going to multiple tomcat instances using ajp13. All my attempts to check out and compile it into a dll though have failed. On Mon, 8 Mar 2004 [EMAIL PROTECTED] wrote: Date: Mon, 8 Mar 2004 13:16:20 +0100 From: [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (s ticky sessions) possible ? Thanks, but that is exactly what I need to know. We can't replicate sessions coz our crap Framework can't serialize the sessions. So we depend on sticky sessions to get to the right worker. I thought the code for mod_jk and isapi redirector is quite similar or equal, apart from the interface bit, of cause. So why doesn't it work on IIS ? How do these sticky sessions work anyway ? Is there a docu or will I have to go through the source ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JK contra JK2 with IIS-Authentification
Hi Group, We used JK 1.2.5 isapi-redirector in our IIS. The IIS authenticates the Users against the domain, and many applications take this info from request.getremoteuser and work with it. With JK2, this doesn't work any more. There is no Username passed to Tomcat. Why? Or anybody knows a workaround? Thanx for your braintime.. -- Björn Andersen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ?
I can just answer one question of yours: 'How do these sticky sessions work anyway' Tomcat appends a engine specific postfix to the session id. (That's why you have to define a jvmroute in the engine tag) An incoming request is balanced depending on the included postfix of the session id. (Under mod_jk there is a mapping between jvmroute and the name of the worker) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 1:16 PM To: [EMAIL PROTECTED] Subject: AW: IIS + Tomcat 4.1.x + Load Balancing with session affinity (sticky sessions) possible ? How do these sticky sessions work anyway ? Is there a docu or will I have to go through the source ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Spam on tomcat-user?
I contacted the technical and administrative owner of the source (as reported by the mail header) of the spam. (rzone.de and webmailer.de) Let's see what happens. -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Monday, March 08, 2004 6:01 AM To: Tomcat Users List Subject: Re: Spam on tomcat-user? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NT Service terminates
I have a similiarproblem with you, I amusing Tomcat 4.1.18, but currently I'm not running it as a Windows Service on Windows 2000 Server, instead I start the Tomcat service byclicking the Start Tomcatshortcut in the windows desktop. Whenever there is a communication link error or the communication is downbetween the client and the server where Tomcat resides, the Tomcat service just stops by itself. I thought the solution to my problem was to start the Tomcat as a windows service,but you stated otherwise, now I'm confused on how to fix my problem. Is it also true that if the load is too big, the Tomcat service will automatically stop by itself? Can anyone help us on this matter? Thanks. ---Original Message--- From: Tomcat Users List Date: 03/08/04 17:31:40 To: Tomcat Subject: NT Service terminates I have Tomcat 4.1.24 running as Windows Service on Windows 2000 Server- hosting a number of applications.I currently have it running When I run a simple load test using Microsoft Stress Tester - as I increase the load I can repeatedly force the Window Service to terminate.I'm only running with a load of 100 users. When I run Tomcat from the command-line as an application and I repeat the test - Tomcat runs fine - performance is fine.No problems. So what is it about running Tomcat as a service that makes it so easy to bring down?I'm tempted to blame the OS - but that doesn't really solve the problem - or explain what the difference is. Has anyone else observed this? Is it possible to get Tomcat to start as an application - on start-up i.e. as if it were a service - but running as an application.Sorry if that's a meaningless question. - Yahoo! Messenger - Communicate instantly..."Ping" your friends today! Download Messenger Now IncrediMail - Email has finally evolved - Click Here
How to set default charset?
Hi, what is tomcat default charset? How to set default charset in tomocat 4.x please help Vijay __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Vedr.: JK contra JK2 with IIS-Authentification
Hi Björn, I am using IIS 5.0 and JK2, dunno which version though. As in your setup users are authenticated by IIS and the credentials are passed to Tomcat. Since upgrading from JK I have experienced no problems so I assume its NOT a JK2 issue. Cant tell whats wrong but be sure to add request.tomcatAuthentication=false to the jk2.properties file. /Thomas [EMAIL PROTECTED] 08-03-2004 13:23 Besvar venligst til Tomcat Users List Til:[EMAIL PROTECTED] cc: Vedr.: JK contra JK2 with IIS-Authentification Hi Group, We used JK 1.2.5 isapi-redirector in our IIS. The IIS authenticates the Users against the domain, and many applications take this info from request.getremoteuser and work with it. With JK2, this doesn't work any more. There is no Username passed to Tomcat. Why? Or anybody knows a workaround? Thanx for your braintime.. -- Björn Andersen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=Arial___ Vi gør opmærksom på, at denne e-mail kan indeholde fortrolig information. Hvis du ved en fejltagelse modtager e-mailen, beder vi dig venligst informere afsender om fejlen ved at bruge svar-funktionen. Samtidig beder vi dig slette e-mailen i dit system uden at videresende eller kopiere den. Selv om e-mailen og ethvert vedhæftet bilag efter vores overbevisning er fri for virus og andre fejl, som kan påvirke computeren eller it-systemet, hvori den modtages og læses, åbnes den på modtagerens eget ansvar. Vi påtager os ikke noget ansvar for tab og skade, som er opstået i forbindelse med at modtage og bruge e-mailen. ___ Please note that this message may contain confidential information. If you have received this message by mistake, please inform the sender of the mistake by sending a reply, then delete the message from your system without making, distributing or retaining any copies of it. Although we believe that the message and any attachments are free from viruses and other errors that might affect the computer or IT system where it is received and read, the recipient opens the message at his or her own risk. We assume no responsibility for any loss or damage arising from the receipt or use of this message. /FONT
RE: Entity Declarations in JSP/XML
Thanks for the info. Do you know though what would be the proper approach to deal with that problem. How can I make it so tha the JSP compiler is satisfied with the JSP and the jsp:root declaration and my additional entity declarations? -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Eric Suen Sent: Friday, March 05, 2004 12:43 PM To: [EMAIL PROTECTED] Subject: Re: Entity Declarations in JSP/XML Hi, Long time ago, I ask the same question, and got no answer. and I found these in JavaServer Pages Specification 2.0: JSP.6.2.4 JSP Document Validation A JSP Document with a DOCTYPE declaration must be validated by the container in the translation phase. Validation errors must be handled the same way as any other translation phase errors, as described in Section JSP.1.4.1. JSP 2.0 requires only DTD validation for JSP Documents; containers should not perform validation based on other types of schemas, such as XML schema. Maybe the validate should not make for internal DTD declarations, and IMHO, that kind of Specification is stupid, JSP should just be template engine, not XML validator, if I want validate, I think I know how to do it, for template engine, the XML file well-formed is enough. Regards - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Important Notice to Recipients It is important that you do not use e-mail to request, authorize or effect the purchase or sale of any security or commodity, to send fund transfer instructions, or to effect any other transactions. Any such request, orders, or instructions that you send will not be accepted and will not be processed by Morgan Stanley. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
charset issues with jsp include and forward
Hi i am reading arabic text from oracle database. if i am displaying that text in that page its ok. if i am passing the same arabic string to another page then in that page it is displaying in ?. i tried like this if(request.getCharacterEncoding()==null) request.setCharacterEncoding(windows-1256); linkString = request.getParameter(linkLine); userString = request.getParameter(userLine); Here my problem is passing string from one page to another page... how can i set the page encoding and characterset and content type. please help vijay __ Do you Yahoo!? Yahoo! Search - Find what youre looking for faster http://search.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Filter causing memory on TC-5.0.18 and 5.0.19
Hi, We search hard in the archive and found many, many questions in regards of this. Can you please point out specific messages or threads in the archives that ask about a filter causing a tomcat memory leak? Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Hiding Apache-Coyote/1.1 banner in Tomcat 5
I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Any ideas? Thanks, James - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]