Re: HTTP AUTH
SH Solutions [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Can you explain yourself here? It is not obvious to me. How does the number of users make any difference here. Just set up BASIC Auth in web.xml. You don't have to define your users and roles in web.xml, if that's what you are implying. Alright, that is what I was thinking. So, is it possible, to use web.xml security together with our own login handler? Especially with certificates? Tomcat's MemoryRealm and UserDatabaseRealm work with CLIENT-CERT auth-type, as long as you don't need anything fancy (The user name is the cert Subject). You could also create your own Realm that would allow you to authenticate any way you like. Of course, this means that your app would now depend on Tomcat, and so would be less portable. To do programatic security, the easiest is to set 'clientAuth=true' on the Connector (Tomcat 5) or the Factory (Tomcat 4). This forces the browser to send the cert on all SSL requests. In newer Tomcat 5 versions (and JDK 1.4+), you can also specify 'clientAuth=want' to simply ask nicely :). Of course, this assumes that you are using the HTTP/1.1 Connector. For the JK Connector, you would configure this on Apache/IIS/SunOne. If this isn't good enough for you, then there is always the Tomcat-specific: request.getAttribute(org.apache.coyote.request.X509Certificate); which will re-negotiate the connection if necessary to get the client to send the cert. This works for the Coyote-HTTP/1.1 in TC 4.1.x and TC 5.0.x. However, I'd really like to drop this feature in 5.1.x. Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ljk2 logger
These both use commons-logging to print the messages. This means that you would configure the logging levels in your log4j settings if you happen to have log4j in your classpath. Otherwise, you would configure it in your JDK 1.4 logging settings. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm running Tomcat 4.1.29 with apache2 under linux. I'm using jk2 and everything works(almost) fine. When I start tomcat, I've some logging instruction from org.apache.jk.server.JkMain and org.apache.jk.common.ChannelSocket both a DEBUG level. I would like to configure the logger for log instruction received by the connector. can someone tells me if it is possible to do it. thanks in advance ___ NATEXIS ASSET MANAGEMENT Meissa SAKHO 01 58 19 45 71. . . . . . . . . . . . (84571) [EMAIL PROTECTED] L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents.Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 Hung!!! With High Traffic
Innovest Ken wrote: I only use tomcat, without using Apache... Because my site are mainly jsp. Yes, I have a script to kill the tomcat server before starting again. And yes, I saw the 'All threads(150) are busy' error message. Innovest As Denise said, you seem to be maxing out your threads. Possible reasons include, but are most likely not limited to: - Too high load. --- Check with netstat -n --tcp if there are about so many (150) ESTABLISHED connections. If so, your load is too high. If not, suspect on servlets taking too long to respond and clients going away. - Servlet instances not finishing execution of doGet or doPost or whatever. --- Trace their starts and ends (possibly using a filter), and detect whether the number of still executing servlets is steadily increasing or not. If so, it will raise 150 and then you'll start getting errors and Tomcat will start not responding. The thread dump should tell you where the processors are stuck. Most of them in the same place? Then you know where to look at. - Database connections not working properly because of the firewall. --- Not only you have to check that your app is using connections properly, but also that your firewall does not drop them. There are some properties for DBCP (testWhileIdle, validationQuery, and all the eviction series, which I do not remember off-hand) that will help you attack this problem. Set testWhileIdle, and make it test connections every so often (say 3-5 minutes). Use a very simple query like SELECT 1 FROM DUAL (Oracle) or SELECT 1 (others that support it). This will refresh your firewall's activity maps. Also check that your firewall supports as many concurrent conenctions traversing it as you have (more than likely it does, but would be fatal if it does not). HTH, Antonio Fiol smime.p7s Description: S/MIME Cryptographic Signature
RE: Can I change Tomcat's default character encoding?
-Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:57 PM To: 'Tomcat Users List' Subject: RE: Can I change Tomcat's default character encoding? Also you may have to change your OS default locale since JVM and Java Runtime uses system default language environment. Is there any way to set default encoding for created writers? For instance - class OutputStreamWriter has constructors with or without charset parameter. If no charset is specified, the default one will be used. And it depends on the system. It makes problems when same (web) application should run on different platforms (Windows, Linux, etc.). I have not system under my control but I have Tomcat web servers under control. So, question is - can I configure JAVA VM (or Tomcat itself) to create OutputStreamWriter(s) with my default character encoding? Thank you, Lipi. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Frames vs Tables, I think Tables are the future! HTML examples please !
Dear list, I think most of us need to have a mechanism where we can have multiple elements, or jsp pages in our jsp solutions. We have a web solution based on frames, (and tomcat) and have realised that on a normal sesion time-out, we get 404 on some of the frames, and could lead to major confusion ( jscript errors)for the user [to be more precise we have a data entry tool with a series of buttons in a left frame which then load the various jsp pages into the center frame]. Could anyone give me a sample table solution? which runs on all browsers. I have read around a little and still not sure what the simplest/best/most effective cross-browser solution is. i.e. Netscape prefers layers, and IE prefers DIV. Would appreciate any help, and some HTML samples would be great regards Ben - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP Compiling - painted in a corner?
Jason Palmatier wrote: Thank you for your reply. I need the JSPs precompiled for performance and security reasons. Performanace because we don't want the end user to have a bad first impression when attempting to access our application the first time and having to wait for each page to compile first. Are you sure your users have network connection fast enough to see the difference? Security because we don't want to ship out our source jsp files, we'd rather just ship out class files. Hm, interesting point. Are you ready to precompile your application for each and every version of each and every container? I believe the ${tomcat}/work/Catalina/localhost/${context name} directory is where Tomcat places the class files when it compiles them on the first access to a non-compiled jsp. Is this correct? We have compiled jsps in the past and run them by placing them in the WEB-INF/classes directory but the current app has many subdirectories which is where I think we're getting hung up. My guess is that I need to compile my jsps to .java files in such a way as to have their directory structure included in their package statement. Then do the compile from .java to .class files. Is having the subdirectories in the package statement the crucial step I need to solve this? Yes in general but it depends on application server version used. In Tomcat 4.x series the directory structure is not reflected in generated .java files - they all placed in org.apache.jsp package. Newer Tomcat (5.x) reflect directory structure in package names, e.g. org.apache.jsp.WEB_002dINF.jsp.survey_002dgroup package is used for file in WEB-INF/jsp/survey-group directory. -- Illya Kysil, software developer Delphi/C/C++/C#/Java/Forth/Assembler - No trees were harmed in the generation of this e-mail. A significant number of electrons were, however, severely inconvenienced. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Réf. : mod_jk error with Apache 2.0.49
Barry, make sure you have built the right jk module. I've exactly the same config than you. Redhat ES 3.0, apache 2.0.49 jk2 and jboss 3.2.3 that comes with tomcat 3.2.3 my httpd.conf file contains : LoadModule jk2_module modules/mod_jk2.so IfModule mod_jk2.c JKSet config.file /opt/apachessl-2.0.49/inet/conf/workers2.properties /IfModule the workers2 file may contains [shm] file=/var/log/apache/inet/jk2.shm [channel.socket:localhost:8009] port=8009 host=127.0.0.1 [ajp13:localhost:8009] channel=channel.socket:localhost:8009 # Uri mapping [uri:/apps/*] worker=ajp13:localhost:8009 and it works fine. ___ NATEXIS ASSET MANAGEMENT Meissa SAKHO 01 58 19 45 71. . . . . . . . . . . . (84571) [EMAIL PROTECTED] Barry Roberts [EMAIL PROTECTED] 25/05/2004 21:14 Veuillez répondre à Tomcat Users List Pour : [EMAIL PROTECTED] cc : Objet : mod_jk error with Apache 2.0.49 I'm trying to get mod_jk working with apache 2.0.49 built from source on RedHat ES 3.0. I've got the module built and in the modules directory, and my httpd.conf contains: LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/local/apache2/conf/workers.properties JkLogFile /var/log/mod_jk.log JkLogLevel debug JkMount /apps/* xsappa JkMount /admin xsappa This is towards the top of the file outside of any virtualhost or directory elements (I have also tried putting this at the bottom of the file). My workers.properties is: worker.list=xsappa worker.xsappa.port=139 worker.xsappa.host=192.168.2.42 worker.xsappa.type=ajp13 worker.xsappa.lbfactor=1 Every time I try to hit a servlet or jsp I get the following in my mod_jk.log: [Tue May 25 12:45:38 2004] [jk_worker.c (136)]: wc_get_worker_for_name, done did not found a worker And of course a 500 in the browser. The tomcat server works fine. I can put jk2 into the web server and it mostly works (I get Broken Pipe exceptions when I KNOW it's not a user pressing cancel in the browser, but that's another issue). I can hit the tomcat server on port 8080 and it's just fine. I can't use jk2 because of the spurious broken pipes, and now I can't get jk1 working at all. I have this suspicion that I'm missing something obvious, but I can't find it. Any help would be greatly appreciated. Thanks, Barry Roberts - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents.Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
RE: API for authenticating user
Hi Matt, application under your link is not running. Lipi -Original Message- From: Matt Raible [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 4:26 AM To: Tomcat Users List Subject: Re: API for authenticating user Unfortunately, there is not an API for this in J2EE or container-managed authentication. I accomplish this in an example app that I wrote - using cookies and a redirect to j_security_check. For a demo, see http://demo.raibledesigns.com/appfuse. Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Frames vs Tables, I think Tables are the future! HTML examples please !
Don't use frames, frames are bad! ;-) -Original Message- From: Ben Bookey [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 08:26 To: Tomcat User List Subject: Frames vs Tables, I think Tables are the future! HTML examples please ! Dear list, I think most of us need to have a mechanism where we can have multiple elements, or jsp pages in our jsp solutions. We have a web solution based on frames, (and tomcat) and have realised that on a normal sesion time-out, we get 404 on some of the frames, and could lead to major confusion ( jscript errors)for the user [to be more precise we have a data entry tool with a series of buttons in a left frame which then load the various jsp pages into the center frame]. Could anyone give me a sample table solution? which runs on all browsers. I have read around a little and still not sure what the simplest/best/most effective cross-browser solution is. i.e. Netscape prefers layers, and IE prefers DIV. Would appreciate any help, and some HTML samples would be great regards Ben - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.btsyntegra.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SynchronizerToken pattern
We recently brought a Tapestry app into operation, about 80 pages and components. My colleague Bernhard Woditschka implemented the SynchronizerToken there from Core J2EE Patterns by Alur, Crupi and Malks (http://www.refactoring.com/catalog/introduceSynchronizerToken.html), addressing the following issues: - prevent use of browser Back button - prevent multiple concurrent submissions of a form - prevent operation in multiple browser windows using the same HTTP session The implementation is 100% server side, and it is somewhat strict in that upon detecting disallowed action on any page, an error page is activated in any case. Design summary: --- The Visit object holds a FlowSynchronizer object responsible for generating and comparing a unique token. On every protected page, a hidden field is included in the form: input jwcid=@Hidden value=ognl:visit.flowSynchronizer.token/ This field holds a token which is generated by the FlowSynchronizer when the page is rendered. Upon form submission, the token parameter passed with the form is compared to the token recently generated. A discrepancy triggers a FlowSequenceException resulting in the Exception page rendered. A match consumes the token so a subsequent duplicate submission fails. The Exception page renders, depending on the exception thrown, either the general error text, or an error text specific to the FlowSequenceException. Feel free to utilise or comment on this posting. Paul Ivancsics -- Anecon Software Design und Beratung G.m.b.H. Vienna, Austria FlowSynchronizer.java: -- import java.io.Serializable; /** * Implementation of Synchronizer Token J2EE Patterns for Tapestry. * * Inclusion in Tapestry page template: * code * lt;input jwcid=@Hidden value=ognl:visit.flowSynchronizer.token/gt; * /code * * In case of a 2nd form in the same page: * code * lt;input jwcid=@Hidden value=ognl:visit.flowSynchronizer.tokenCopy/gt; * /code * * @author Bernhard Woditschka */ public class FlowSynchronizer implements Serializable { private long sequence; private String token; public FlowSynchronizer() { // initialize the sequence randomly sequence = (long) (Math.random() * Long.MAX_VALUE / 2l); } public String getToken() { // generate a new token token = Long.toHexString(++sequence); return token; } public String getTokenCopy() { return token; } public void setToken(String token) throws FlowSequenceException { // first compare the token if (this.token == null || ! this.token.equals(token)) throw new FlowSequenceException(); // reset token on match - subsequent duplicate submission will fail this.token = null; } public void setTokenCopy(String tokenCopy) throws FlowSequenceException { setToken(token); } } FlowSequenceException.java: --- /** * Signals a page flow exception. * * @author Bernhard Woditschka */ public class FlowSequenceException extends Exception { public FlowSequenceException() { } } Exception.html: --- span jwcid=@Border span jwcid=@Conditional condition=ognl:!flowSequenceError !--Block Start: Unhandled Error ++-- General error text bla bla !--Block End: Unhandled Error ++-- /span span jwcid=@Conditional condition=ognl:flowSequenceError !--Block Start: Flow sequence Error ++-- You have been using your browser's Back button, or jadda jadda !--Block End: Flow sequence Error ++-- /span /span ExceptionPage.java: --- import org.apache.tapestry.IRequestCycle; import org.apache.tapestry.event.PageEvent; import org.apache.tapestry.event.PageRenderListener; import org.apache.tapestry.html.BasePage; import org.apache.tapestry.util.exception.ExceptionAnalyzer; import org.apache.tapestry.util.exception.ExceptionDescription; /** * The Tapestry Exception page. * * @author Bernhard Woditschka */ public class ExceptionPage extends BasePage implements PageRenderListener { // Causing exception private Throwable exception; // Flag signaling a FlowSequenceException private boolean flowSequenceError = false; public void pageBeginRender(PageEvent event) { IRequestCycle cycle = getRequestCycle(); if (! cycle.isRewinding() getException() != null) { // find the root cause ExceptionDescription[] ed = new ExceptionAnalyzer().analyze(getException()); String rootCauseExceptionName = ed[ed.length - 1].getExceptionClassName(); // check for FlowSequenceException flowSequenceError = FlowSequenceException.class.getName().equals(rootCauseExceptionName); } } public boolean isFlowSequenceError() { return flowSequenceError;
Re: SynchronizerToken pattern
Sorry, wrong list Paul Ivancsics schrieb: We recently brought a Tapestry app into operation, about 80 pages and components... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Frames vs Tables, I think Tables are the future! HTML examples please !
This probably isn't the right list for this sort of question but here goes anyway. The problems with netscape and layers/divs is probably out of date now as most folk aren't silly enough to use it. And its reasonable to give a NS4 user a gracfully degraded version of a page, rather then a bells and whistles version. The traditional problem was along these lines. div id=outerLayer div id=innerLayer to drill to innerLayer in ie4 would be something like this (forgive me any inaccuracies its been a while.) document.all['innerLayer'] but in ns4 document.layers['outerLayer'].document.layers['innerLayer'] newer browsers (mozilla, ns7+, ie5+, safari, opera) support getElementById document.getElementById(innerLayer) However this problem has little to do with tables, and my advise would be stay away from all this div stuff unless you just want to enhance something you already have running in all browsers. In terms of tables just about everything supports tables, NS4 had problems if you nested to many in one another, but it was more that it effected rendering speed rather than didn't work. table summary= tr td table summary= tr tdThis is in a nested table/td /table /td /tr /table If you don't go mad on the table nesting you'll be fine, and this for most folk is the way to lay pages out. You can use includes or useful stuff like tiles (see struts.jakarta.org), to allow you to organise your files like you would with frames. How you go about this is of course upto you. You'll find a lot of folk more that happy to help on an appropriate list that deals with site building type issues. Cheers Mark On 26 May 2004, at 09:26, Ben Bookey wrote: Dear list, I think most of us need to have a mechanism where we can have multiple elements, or jsp pages in our jsp solutions. We have a web solution based on frames, (and tomcat) and have realised that on a normal sesion time-out, we get 404 on some of the frames, and could lead to major confusion ( jscript errors)for the user [to be more precise we have a data entry tool with a series of buttons in a left frame which then load the various jsp pages into the center frame]. Could anyone give me a sample table solution? which runs on all browsers. I have read around a little and still not sure what the simplest/best/most effective cross-browser solution is. i.e. Netscape prefers layers, and IE prefers DIV. Would appreciate any help, and some HTML samples would be great regards Ben - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Frames vs Tables, I think Tables are the future! HTML examples please !
I whole heartedly agree! Frames are bad! I don't expect everyone to agree but they have been nothing but trouble for me... I know we are off topic but frames make me RANT! My last project forced me to use frames (because thats what the web designers liked) and it was nothing but pain... and dobs of javascript were needed all over the place to make the site work the way that they wanted. And since I was using struts its not as if a wholy non-frame approach was going to make things harder. Harder for the web designers, most probably but who cares about those people! :) Regards, Shane. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, 26 May 2004 4:19 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: Frames vs Tables, I think Tables are the future! HTML examples please ! Don't use frames, frames are bad! ;-) -Original Message- From: Ben Bookey [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 08:26 To: Tomcat User List Subject: Frames vs Tables, I think Tables are the future! HTML examples please ! Dear list, I think most of us need to have a mechanism where we can have multiple elements, or jsp pages in our jsp solutions. We have a web solution based on frames, (and tomcat) and have realised that on a normal sesion time-out, we get 404 on some of the frames, and could lead to major confusion ( jscript errors)for the user [to be more precise we have a data entry tool with a series of buttons in a left frame which then load the various jsp pages into the center frame]. Could anyone give me a sample table solution? which runs on all browsers. I have read around a little and still not sure what the simplest/best/most effective cross-browser solution is. i.e. Netscape prefers layers, and IE prefers DIV. Would appreciate any help, and some HTML samples would be great regards Ben - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This email may contain information which is privileged or confidential. If you are not the intended recipient of this email, please notify the sender immediately and delete it without reading, copying, storing, forwarding or disclosing its contents to any other person Thank you Check us out at http://www.btsyntegra.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Hung!!! Help needed
Hi Emerson, Yep, for some reason I did think you were the original poster ;) I do not think there would be any benefit by setting this in your case. Regards, Ryan. -Original Message- From: Emerson Cargnin [mailto:[EMAIL PROTECTED] Sent: 25 May 2004 18:10 To: Tomcat Users List Subject: Re: Tomcat Hung!!! Help needed actually, my problem is memory consuming, I think you thought I had questioned first :) I'm using suse 9.1, does this export help in something in my case? thaks Emerson Ryan Lissack wrote: Hi, Yes it will more than likely fix your problem. It is a problem with RedHat 9 and NPTL. Search the archives for further information. Also you are probably better off using the following: export LD_ASSUME_KERNEL=2.4.1 Ryan. -Original Message- From: Emerson Cargnin [mailto:[EMAIL PROTECTED] Sent: 25 May 2004 17:28 To: Tomcat Users List Subject: Re: Tomcat Hung!!! Help needed my kernel is 2.4.21-99, does help using this export? :) Zsolt Koppany wrote: Did you try: export LD_ASSUME_KERNEL=2.2.5 ... start tomcat now Zsolt -Original Message- From: Innovest Ken [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 6:08 AM To: [EMAIL PROTECTED] Subject: Tomcat Hung!!! Help needed hello all, Currently, I have Tomcat 4.1.30 running on Linux Redhat 9, using jdk 1.4.2_03. It is now running live and every day it will hang at least once. We are unable to see any error message in the log file. The site is having a hit of 20 request per second with most of the requests need the database connection. I did a thread dump before the tomcat hangs, but it is too big to be displayed here. I can post any more info upon request. Any help??? Thanks Here is part of the server.xml: Connector className=org.apache.coyote.tomcat4.CoyoteConnector acceptCount=150 bufferSize=2048 compression=off connectionLinger=-1 connectionTimeout=2 connectionUploadTimeout=30 debug=0 disableUploadTimeout=true enableLookups=false maxKeepAliveRequests=100 maxProcessors=150 minProcessors=50 port=80 protocolHandlerClassName=org.apache.coyote.http11.Http11Protocol proxyPort=0 redirectPort=8443 scheme=http secure=false serverSocketTimeout=0 tcpNoDelay=true useURIValidationHack=false Factory className=org.apache.catalina.net.DefaultServerSocketFactory / /Connector innovest __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP Servlet - How to use the same connection for GET URL?
Hi, Thanks for replying me! Unfortunatly the HTTP call is the only way I have to submit my information... Ideal would be to send a POST HTTP to tht URL with the same connection, I mean the same socket where the HTTP service is up. The strange is that using a php program, I can POST the HTTP using the same connection for all my requests. But I have to use the HTTP Servlet in stead of this php program. I believe that the performance of my machine will increase if I avoid a huge amount of sockets connected/disconnected. Can any one help me? Citando QM [EMAIL PROTECTED]: On Tue, May 25, 2004 at 12:28:04PM +0100, [EMAIL PROTECTED] wrote: : I have an HTTP Servlet that treats somes information and then make a : GET URL with that information, the problem is that everytime the HTTP Servlet : is requested to treat the information and then do a GET URL I'm opening a new : connection to that URL and than close the connection. So if I have 1 : requests I will open and close about 1 sockets to GET the URL. Is there a : way to avoid this? If I understand your question, there's no good way around this if you *must* use an HTTP call. HTTP is all about stateless, quick-hit requests, and it sounds like you're aiming for more of a stateful, constant-connection protocol. Furthermore, if you're opening connections to different hosts each time, then reusing the same socket is moot anyhow. Is it a requirement that you perform an HTTP call? Could you get this information, say, from a database? -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Quanto gasta de Acesso à Internet? Faça as contas! http://acesso.portugalmail.pt/contas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Worker2.properties VS Workers.properties
Can any one please explain what is the difference between Worker2.properties VS Workers.properties? I could not understand that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:40 AM To: Tomcat Users List; QM Subject: Re: HTTP Servlet - How to use the same connection for GET URL? Hi, Thanks for replying me! Unfortunatly the HTTP call is the only way I have to submit my information... Ideal would be to send a POST HTTP to tht URL with the same connection, I mean the same socket where the HTTP service is up. The strange is that using a php program, I can POST the HTTP using the same connection for all my requests. But I have to use the HTTP Servlet in stead of this php program. I believe that the performance of my machine will increase if I avoid a huge amount of sockets connected/disconnected. Can any one help me? Citando QM [EMAIL PROTECTED]: On Tue, May 25, 2004 at 12:28:04PM +0100, [EMAIL PROTECTED] wrote: : I have an HTTP Servlet that treats somes information and then make a : GET URL with that information, the problem is that everytime the HTTP Servlet : is requested to treat the information and then do a GET URL I'm opening a new : connection to that URL and than close the connection. So if I have 1 : requests I will open and close about 1 sockets to GET the URL. Is there a : way to avoid this? If I understand your question, there's no good way around this if you *must* use an HTTP call. HTTP is all about stateless, quick-hit requests, and it sounds like you're aiming for more of a stateful, constant-connection protocol. Furthermore, if you're opening connections to different hosts each time, then reusing the same socket is moot anyhow. Is it a requirement that you perform an HTTP call? Could you get this information, say, from a database? -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Quanto gasta de Acesso à Internet? Faça as contas! http://acesso.portugalmail.pt/contas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Worker2.properties VS Workers.properties
workers2.properties is for the jk2 connector and workers.properties is for the jk connector, they have slightly different syntax I think but you'd best look up the jakarta site for that. Ta Matt -Original Message- From: Kommuru, Bhaskar [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 09:43 To: 'Tomcat Users List' Subject: Worker2.properties VS Workers.properties Can any one please explain what is the difference between Worker2.properties VS Workers.properties? I could not understand that. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:40 AM To: Tomcat Users List; QM Subject: Re: HTTP Servlet - How to use the same connection for GET URL? Hi, Thanks for replying me! Unfortunatly the HTTP call is the only way I have to submit my information... Ideal would be to send a POST HTTP to tht URL with the same connection, I mean the same socket where the HTTP service is up. The strange is that using a php program, I can POST the HTTP using the same connection for all my requests. But I have to use the HTTP Servlet in stead of this php program. I believe that the performance of my machine will increase if I avoid a huge amount of sockets connected/disconnected. Can any one help me? Citando QM [EMAIL PROTECTED]: On Tue, May 25, 2004 at 12:28:04PM +0100, [EMAIL PROTECTED] wrote: : I have an HTTP Servlet that treats somes information and then make a : GET URL with that information, the problem is that everytime the HTTP Servlet : is requested to treat the information and then do a GET URL I'm opening a new : connection to that URL and than close the connection. So if I have 1 : requests I will open and close about 1 sockets to GET the URL. Is there a : way to avoid this? If I understand your question, there's no good way around this if you *must* use an HTTP call. HTTP is all about stateless, quick-hit requests, and it sounds like you're aiming for more of a stateful, constant-connection protocol. Furthermore, if you're opening connections to different hosts each time, then reusing the same socket is moot anyhow. Is it a requirement that you perform an HTTP call? Could you get this information, say, from a database? -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Quanto gasta de Acesso à Internet? Faça as contas! http://acesso.portugalmail.pt/contas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please
Exception starting filter BalancerFilter
dear all i have the following error in the log of tomcat, but the website seems working fine. how to fix it please? 2004-05-26 09:28:08 StandardContext[/balancer]Exception starting filter BalancerFilter java.lang.NoClassDefFoundError: org/apache/commons/digester/Digester = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Worker2.properties VS Workers.properties
Hi Matt, Thanks for helping. So You mean we can ignore completely workers.properties when using JK2! Regards, Bhaskar -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:44 AM To: Tomcat Users List Subject: RE: Worker2.properties VS Workers.properties workers2.properties is for the jk2 connector and workers.properties is for the jk connector, they have slightly different syntax I think but you'd best look up the jakarta site for that. Ta Matt __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Worker2.properties VS Workers.properties
Yup, I dont even have the file and working fine with jk2. -Original Message- From: Kommuru, Bhaskar [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 10:11 To: 'Tomcat Users List' Subject: RE: Worker2.properties VS Workers.properties Hi Matt, Thanks for helping. So You mean we can ignore completely workers.properties when using JK2! Regards, Bhaskar -Original Message- From: Dale, Matt [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:44 AM To: Tomcat Users List Subject: RE: Worker2.properties VS Workers.properties workers2.properties is for the jk2 connector and workers.properties is for the jk connector, they have slightly different syntax I think but you'd best look up the jakarta site for that. Ta Matt __ For information about the Standard Bank group visit our web site www.standardbank.co.za __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relating to the official business of Standard Bank Group Limited is proprietary to the group. It is confidential, legally privileged and protected by law. Standard Bank does not own and endorse any other content. Views and opinions are those of the sender unless clearly stated as being that of the group. The person addressed in the e-mail is the sole authorised recipient. Please notify the sender immediately if it has unintentionally reached you and do not read, disclose or use the content in any way. Standard Bank can not assure that the integrity of this communication has been maintained nor that it is free of errors, virus, interception or interference. ___ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: RMI Problem
Hi Yoav, thank you very much for this reference. As pointed out there, the solution was to unexport the registry itself with: UnicastRemoteObject.unexportObject(registry, force); Chris On Tue, 25 May 2004, Shapira, Yoav wrote: Hi, I think you're doing the right thing. See also http://archives.java.sun.com/cgi-bin/wa?A2=ind0104L=rmi-usersP=R25414; I= Yoav Shapira Millennium Research Informatics -Original Message- From: Christoph Mangold [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 1:55 PM To: Tomcat Users List Subject: RE: RMI Problem Thanks for your reply. Unfortunately shutting down the registry seems not to work (although I tried hard I could not find a way to do this). Instead, on shutdown (i.e. in my ServletContextListener.contextDestroyed()-method), I unexport my remote objects and unbind them in the registry. Does anyone know of a better way to do this? Chris On Tue, 25 May 2004, Shapira, Yoav wrote: Hi, You have to shutdown your RMI registery properly during the webapp's shutdown (the first part of the reload is a shutdown). Use a ServletContextListener's contextDestroyed method for this. Yoav Shapira Millennium Research Informatics -Original Message- From: Christoph Mangold [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 3:22 AM To: [EMAIL PROTECTED] Subject: RMI Problem I am trying to run an rmi registry as part of a servlet context in tomcat 5.0.19. When I startup tomcat the first time everything works fine. However, if I redeploy my application using tomcat's ant-reload-target I get the following exception (server side) when trying to connect from the (RMI) client: Exception dispatching call to [0:0:0, 0] in thread RMI TCP Connection(7)-129.69.216.97 at Wed May 19 15:45:06 CEST 2004: java.lang.NullPointerException at org.apache.catalina.loader.WebappClassLoader.getURLs(WebappClassLoader. java :1431) at sun.rmi.server.LoaderHandler.getClassAnnotation(LoaderHandler.java:221) at java.rmi.server.RMIClassLoader$2.getClassAnnotation(RMIClassLoader.java :650 ) at java.rmi.server.RMIClassLoader.getClassAnnotation(RMIClassLoader.java:3 80) at sun.rmi.server.MarshalOutputStream.annotateClass(MarshalOutputStream.ja va:7 8) at java.io.ObjectOutputStream.writeNonProxyDesc(ObjectOutputStream.java:11 47) at java.io.ObjectOutputStream.writeClassDesc(ObjectOutputStream.java:1100) at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java: 1241 ) at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1052) at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:278) at sun.rmi.registry.RegistryImpl_Skel.dispatch(Unknown Source) at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:342) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:207) at sun.rmi.transport.Transport$1.run(Transport.java:148) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:144) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460 ) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.j ava: 701) at java.lang.Thread.run(Thread.java:534) Exception dispatching call to [0:0:0, 0] in thread RMI TCP Connection(7)-129.69.216.97 at Wed May 19 15:45:06 CEST 2004: java.rmi.UnmarshalException: error unmarshalling call header; nested exception is: java.io.StreamCorruptedException: result already in progress at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:217) at sun.rmi.transport.Transport$1.run(Transport.java:148) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:144) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460 ) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.j ava: 701) at java.lang.Thread.run(Thread.java:534) Caused by: java.io.StreamCorruptedException: result already in progress at sun.rmi.transport.StreamRemoteCall.getResultStream(StreamRemoteCall.jav a:16 1) at sun.rmi.server.UnicastServerRef.oldDispatch(UnicastServerRef.java:347) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:207) ... 6 more Any idea how I can deal with this? Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any
Re: How does Tomcat manage sesssions ?
Hi, I've read the documentation but I don't understand clearly where can I configure TOmcat to use *PersistentManager* instead of *StandardManager*. Do you know it ? Xavier Shapira, Yoav a écrit : Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/manager.html http://jakarta.apache.org/tomcat/faq/misc.html#persist Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:29 AM To: Tomcat Users List Subject: How does Tomcat manage sesssions ? Hello, I'm instested to know how does Tomcat manage user sessions. I'd like to build a robust application that can survive after server's crashes. Thereby, I'd like that the application is able to recover the session to allow users to go on their work where they were. I've searched information on tomcat's website and I've read that in using clustering features it would be possible to share sessions with differents Tomcat instances by storing them in a shared storage such as DBMS or XML file. Thus, I thought my application could save sessions in a DBMS to recover them after crashes or network failure. However I don't know how to do this. Does somebody could bring me more documentation or tell me more about it. I would like to know : - how should I configure Tomcat for doing that ? - how tomcat save sessions and what does it do of objets linked to the session ? - how can I recover sessions and get it back to the right user? Thanks for your help. Xavier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
To address this a little further. Think about this, if a new hole is found that allow the attacker to put code on your machine, then think about all the possibilities of what that code could be programmed to do. Write files, read file, delete files or even run native code, just to name a few. As root there would be no limit to where the code could access, but as a lesser user the damage would be contained to just the users environment/permissions. As for the sandbox, I am inclined to disagree as this in itself does not prevent the java code from accessing things outside the jvm (see above). It does prevent jvm crashes and most problems from escaping the sandbox. Also don't get the applet sandbox, running in a clients browser, confused with the server. It does have restrictions on what the java code can do and access. So bottom line is why take a chance. Doug www.parsonstechnical.com - Original Message - From: David Smith [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 4:01 PM Subject: Re: Tomcat as 'root' insecure? (again) Let's see if I can offer a direct answer. I don't believe tomcat is insecure, but there are always those holes that haven't been found yet and a chance that the bad guys will find them first. The best practice approach to system security is to run all processes (tomcat included) at the minimum privilege level necessary to function. That way if an as yet unknown vulnerability is discovered and the attacker achieves the same privilege level as the service, he/she still shouldn't be able to get very far. The only benefit I've ever seen to running as root is the ability to bind to privilege ports below 1024 (web port 80 is one of them). In my opinion, not a big enough gain to warrant root privilege on the tomcat process. I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. --David Barnet Wagman wrote: This issue has been (tangentially) addressed in a number of threads on several lists, but the answers I've found are not exactly consistent. I'd appreciate this list's opinion. So, is it insecure to run standalone Tomcat as a root process on a Linux system? By 'running Tomcat as a root process', I mean running the startup.sh script while logged in as the su (presumably with nohup). Some people seem to think that running a server as a root process in inherently insecure. But I've also seen it argued that because standalone Tomcat runs in Java sandbox, it is very secure independent of how its running. This makes sense to me, but I'm not very knowledable about this sort of things. Thanks, bw PS The purpose of running as root is, of course, so that Tomcat can listen to ports 80 and 443. I know that there are other ways of accomplishing this (using netfilter, etc.) but I'd prefer to avoid them if possible. I need to run Tomcat in an evironment that I don't know very well (a vps under redhat) - so the less I have to screw around with the operating system the better. Setting Tomcat to listent to port 80, etc. is simple and portable, which is a big advantage for me. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Client-certificate issues
Hi, I want to use client-certificate authentication in our webapplication. There are two things that I really don't understand: First: Why is it necessary to set clientAuth = true in the Factory-tag when configuring a Connector for SSL in server.xml, when only a certain part of the application should be protected for unauthorized access. It seems to me that this flag only should indicate whether mutual authentication (server and client authentication) should occur during the SSL-handshake or not. Consider the situation that I set this flag to false and setting a security role constraint for a certain servlet whith authentication method CLIENT-CERT. I would then expect that Tomcat asks the webbrowser to present the client certificate (and bind it as a attribute to the request object) the moment I try to to connect to this protected servlet. Instead I get the error No certificate chain found in this request. The only possible moment to authenticate a user is during the mutual authentication (i.e. setting the clientAuth flag to yes) when the user is connected to the application for the first time . I think this not conforms to any of Sun's servlet specifications. Is this really a restriction to Tomcat or not? Second: When I set a security role constraint for a servlet with CLIENT-CERT as a authentication method, Tomcat forces me to put a CONFIDENTIAL transport garantee constraint for this servlet in web.xml. Although I understand that for the client certificate authentication process a SSL connection is used, I don't understand why the access to the servlet itself also must occur over a SSL-connection. I only want the CLIENT-CERT as a secure authenticating mechanism, but I do'nt always want a confidential transport (which puts a heavy load on the overall performance of my webapplication). Is this also a restriction to Tomcat? If not, what should I do to accomplish this? Thanks in advance, Ron Blom
Problems migrating from windows to linux
dear users: I hava a servlet working fine in an windows environment (5.0.16).This servlet does a trnsformation whit xml files to other xml files through a xsl file. But when I migrate to my linux server the server returns me an error about find the files. In my windows server the files are in $CATALALINA_HOME, (same at Linux Server) but the servlet don't find any file in my linux environment. I suposse that I must modify something about StandardContextValve but I don't know what.Can anyboy help me?
RE: Problems migrating from windows to linux
Maybe its because you use \ instead of /, or? -Original Message- From: Francisco José Arnau Vives [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: Problems migrating from windows to linux dear users: I hava a servlet working fine in an windows environment (5.0.16).This servlet does a trnsformation whit xml files to other xml files through a xsl file. But when I migrate to my linux server the server returns me an error about find the files. In my windows server the files are in $CATALALINA_HOME, (same at Linux Server) but the servlet don't find any file in my linux environment. I suposse that I must modify something about StandardContextValve but I don't know what.Can anyboy help me? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does Tomcat manage sesssions ?
Hi, Yes, I know it: in server.xml. Take a close read through that file, it contains further comments on configuring the session manager. Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 6:32 AM To: Tomcat Users List Subject: Re: How does Tomcat manage sesssions ? Hi, I've read the documentation but I don't understand clearly where can I configure TOmcat to use *PersistentManager* instead of *StandardManager*. Do you know it ? Xavier Shapira, Yoav a écrit : Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/manager.html http://jakarta.apache.org/tomcat/faq/misc.html#persist Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:29 AM To: Tomcat Users List Subject: How does Tomcat manage sesssions ? Hello, I'm instested to know how does Tomcat manage user sessions. I'd like to build a robust application that can survive after server's crashes. Thereby, I'd like that the application is able to recover the session to allow users to go on their work where they were. I've searched information on tomcat's website and I've read that in using clustering features it would be possible to share sessions with differents Tomcat instances by storing them in a shared storage such as DBMS or XML file. Thus, I thought my application could save sessions in a DBMS to recover them after crashes or network failure. However I don't know how to do this. Does somebody could bring me more documentation or tell me more about it. I would like to know : - how should I configure Tomcat for doing that ? - how tomcat save sessions and what does it do of objets linked to the session ? - how can I recover sessions and get it back to the right user? Thanks for your help. Xavier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Exception starting filter BalancerFilter
Hi, You have a different version of Digester in your runtime classpath than was found at compile-time, most likely. Check your classpath for multiple copies of the Digester jar and keep only one. 1.6 (the latest stable one) is the one you should use. Yoav Shapira Millennium Research Informatics -Original Message- From: zhicheng wang [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 4:45 AM To: [EMAIL PROTECTED] Subject: Exception starting filter BalancerFilter dear all i have the following error in the log of tomcat, but the website seems working fine. how to fix it please? 2004-05-26 09:28:08 StandardContext[/balancer]Exception starting filter BalancerFilter java.lang.NoClassDefFoundError: org/apache/commons/digester/Digester = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problems migrating from windows to linux
Hi, If you're using the File API to read your files, STFA or http://jakarta.apache.org/tomcat/faq/misc.html#getResourceAsStream. Yoav Shapira Millennium Research Informatics -Original Message- From: Søren Neigqaard [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 8:06 AM To: 'Tomcat Users List' Subject: RE: Problems migrating from windows to linux Maybe its because you use \ instead of /, or? -Original Message- From: Francisco José Arnau Vives [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 2:01 PM To: [EMAIL PROTECTED] Subject: Problems migrating from windows to linux dear users: I hava a servlet working fine in an windows environment (5.0.16).This servlet does a trnsformation whit xml files to other xml files through a xsl file. But when I migrate to my linux server the server returns me an error about find the files. In my windows server the files are in $CATALALINA_HOME, (same at Linux Server) but the servlet don't find any file in my linux environment. I suposse that I must modify something about StandardContextValve but I don't know what.Can anyboy help me? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SynchronizerToken pattern
Hi, sarcastic Your users are really going to like this... /sarcastic ;) Yoav Shapira Millennium Research Informatics -Original Message- From: Paul Ivancsics [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 4:24 AM To: [EMAIL PROTECTED] Subject: SynchronizerToken pattern We recently brought a Tapestry app into operation, about 80 pages and components. My colleague Bernhard Woditschka implemented the SynchronizerToken there from Core J2EE Patterns by Alur, Crupi and Malks (http://www.refactoring.com/catalog/introduceSynchronizerToken.html), addressing the following issues: - prevent use of browser Back button - prevent multiple concurrent submissions of a form - prevent operation in multiple browser windows using the same HTTP session The implementation is 100% server side, and it is somewhat strict in that upon detecting disallowed action on any page, an error page is activated in any case. Design summary: --- The Visit object holds a FlowSynchronizer object responsible for generating and comparing a unique token. On every protected page, a hidden field is included in the form: input jwcid=@Hidden value=ognl:visit.flowSynchronizer.token/ This field holds a token which is generated by the FlowSynchronizer when the page is rendered. Upon form submission, the token parameter passed with the form is compared to the token recently generated. A discrepancy triggers a FlowSequenceException resulting in the Exception page rendered. A match consumes the token so a subsequent duplicate submission fails. The Exception page renders, depending on the exception thrown, either the general error text, or an error text specific to the FlowSequenceException. Feel free to utilise or comment on this posting. Paul Ivancsics -- Anecon Software Design und Beratung G.m.b.H. Vienna, Austria FlowSynchronizer.java: -- import java.io.Serializable; /** * Implementation of Synchronizer Token J2EE Patterns for Tapestry. * * Inclusion in Tapestry page template: * code * lt;input jwcid=@Hidden value=ognl:visit.flowSynchronizer.token/gt; * /code * * In case of a 2nd form in the same page: * code * lt;input jwcid=@Hidden value=ognl:visit.flowSynchronizer.tokenCopy/gt; * /code * * @author Bernhard Woditschka */ public class FlowSynchronizer implements Serializable { private long sequence; private String token; public FlowSynchronizer() { // initialize the sequence randomly sequence = (long) (Math.random() * Long.MAX_VALUE / 2l); } public String getToken() { // generate a new token token = Long.toHexString(++sequence); return token; } public String getTokenCopy() { return token; } public void setToken(String token) throws FlowSequenceException { // first compare the token if (this.token == null || ! this.token.equals(token)) throw new FlowSequenceException(); // reset token on match - subsequent duplicate submission will fail this.token = null; } public void setTokenCopy(String tokenCopy) throws FlowSequenceException { setToken(token); } } FlowSequenceException.java: --- /** * Signals a page flow exception. * * @author Bernhard Woditschka */ public class FlowSequenceException extends Exception { public FlowSequenceException() { } } Exception.html: --- span jwcid=@Border span jwcid=@Conditional condition=ognl:!flowSequenceError !--Block Start: Unhandled Error ++-- General error text bla bla !--Block End: Unhandled Error ++-- /span span jwcid=@Conditional condition=ognl:flowSequenceError !--Block Start: Flow sequence Error ++-- You have been using your browser's Back button, or jadda jadda !--Block End: Flow sequence Error ++-- /span /span ExceptionPage.java: --- import org.apache.tapestry.IRequestCycle; import org.apache.tapestry.event.PageEvent; import org.apache.tapestry.event.PageRenderListener; import org.apache.tapestry.html.BasePage; import org.apache.tapestry.util.exception.ExceptionAnalyzer; import org.apache.tapestry.util.exception.ExceptionDescription; /** * The Tapestry Exception page. * * @author Bernhard Woditschka */ public class ExceptionPage extends BasePage implements PageRenderListener { // Causing exception private Throwable exception; // Flag signaling a FlowSequenceException private boolean flowSequenceError = false; public void pageBeginRender(PageEvent event) { IRequestCycle cycle = getRequestCycle(); if (! cycle.isRewinding() getException() != null) { // find the root cause ExceptionDescription[] ed =
jk2 log instruction AGAIN
I'm getting stangefully suprised by the persistence of jk2 log statement. I'm using log4j and in the log4j properties file I've set jk2 level to ERROR. But it still print DEBUG level instructions. can someone tells me how to drive properly jk2 log instructions. ___ NATEXIS ASSET MANAGEMENT Meissa SAKHO 01 58 19 45 71. . . . . . . . . . . . (84571) [EMAIL PROTECTED] L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents.Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender.
Re: How does Tomcat manage sesssions ?
It's nice to answer me but I didn't catch you. I've read all the server.xml file and there is no marks of the Manager configuration. I saw in the documentation that A Manager element MAY be nested inside a Context component. And In the server.xml there aren't any contexts. So don't you think that the file to be configured must be ${CATALINA_HOME}\conf\Catalina\localhost\manager.xml ? By the way, don't you have an example ? X Shapira, Yoav a écrit : Hi, Yes, I know it: in server.xml. Take a close read through that file, it contains further comments on configuring the session manager. Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 6:32 AM To: Tomcat Users List Subject: Re: How does Tomcat manage sesssions ? Hi, I've read the documentation but I don't understand clearly where can I configure TOmcat to use *PersistentManager* instead of *StandardManager*. Do you know it ? Xavier Shapira, Yoav a écrit : Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/manager.html http://jakarta.apache.org/tomcat/faq/misc.html#persist Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:29 AM To: Tomcat Users List Subject: How does Tomcat manage sesssions ? Hello, I'm instested to know how does Tomcat manage user sessions. I'd like to build a robust application that can survive after server's crashes. Thereby, I'd like that the application is able to recover the session to allow users to go on their work where they were. I've searched information on tomcat's website and I've read that in using clustering features it would be possible to share sessions with differents Tomcat instances by storing them in a shared storage such as DBMS or XML file. Thus, I thought my application could save sessions in a DBMS to recover them after crashes or network failure. However I don't know how to do this. Does somebody could bring me more documentation or tell me more about it. I would like to know : - how should I configure Tomcat for doing that ? - how tomcat save sessions and what does it do of objets linked to the session ? - how can I recover sessions and get it back to the right user? Thanks for your help. Xavier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTP Servlet - How to use the same connection for GET URL?
Hi If I understand your question, there's no good way around this if you *must* use an HTTP call. HTTP is all about stateless, quick-hit requests, and it sounds like you're aiming for more of a stateful, constant-connection protocol. Furthermore, if you're opening connections to different hosts each time, then reusing the same socket is moot anyhow. Not absolutely. You could use a HTTP Client library, which understands http 1.1 (if the server in questions does), and put connections into a central MapHostName,Connection. If queries for the same host occur, you could reuse them, if they are not timed out. This will imply a lot of synchronization and timer programming though. Maybe there is a package, which already does this? May be even commons-httpclient? I dunno. Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ResourceLink to JNDI DataSource in GlobalResources not working
Hi There, I'm running Tomcat 4.1.30. When I put the Resource and ResourceParams elements in the Context element of my webapp, it seems to work fine, but when I move it to the GlobalNamingResources element and point to it using a ResourceLink, it doesn't seem to work giving me an exception saying that the driver class is null. Here's my Resource in the GlobalNamingResources: Resource name=jdbc/myoracle auth=Container scope=Shareable type=javax.sql.DataSource / ResourceParams name=jdbc/myoracle parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@MY_DB_URL/value /parameter parameter nameusername/name valueMY_USER_NAME/value /parameter parameter namepassword/name valueMY_PASSWORD/value /parameter parameter namemaxActive/name value30/value /parameter parameter namemaxIdle/name value10/value /parameter parameter namemaxWait/name value6/value /parameter parameter nameremoveAbandonedTimeout/name value60/value /parameter parameter namelogAbandoned/name valuetrue/value /parameter /ResourceParams And here's my ResourceLink nested in my Context: ResourceLink name=jdbc/myoracle global=jdbc/myoracle type=javax.sql.DataSource/ Any suggestions? - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
How can I Know the servlet root directory for documents and modify it?
In a message I said my problem into migrate a application from windows to a linux server. I think the problem is about the root directory where the servlets try to find the files. How can I know the dafault route for my application and how can I modify it? Thanks
RE: Found a racing condition?
I don't know why it is a race condition. The error just happened once and I could not reproduce it. But I don't know enough about the internals of Tomcat to what really happens there. Just mailed it, so somebody who knows can do something with (or not). Ronald. On Tue May 25 14:50:06 CEST 2004 Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, I don't think that's a race condition (it's race, not racing, by the way ;)). But I'm curious to hear your reasoning as to why you suspect that? Yoav Shapira Millennium Research Informatics -Original Message- From: Ronald Klop [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 8:18 AM To: [EMAIL PROTECTED] Subject: Found a racing condition? Today I got this when doing a request during Tomcat startup. Can it be a racing condition? Greetings, Ronald. INFO: Starting Coyote HTTP/1.1 on port 8080 May 25, 2004 1:37:14 PM org.apache.coyote.tomcat5.CoyoteAdapter service SEVERE: An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.realm.RealmBase.findSecurityConstraints(RealmBase.java: 475) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBas e.java:502) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte xt.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:18 4) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte xt.java:151) at org.apache.catalina.cluster.tcp.ReplicationValve.invoke(ReplicationValve.ja va:182) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte xt.java:149) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:16 4) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte xt.java:149) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.jav a:156) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveConte xt.java:151) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:206) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:833) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConn ection(Http11Protocol.java:732) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:619) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.ja va:688) at java.lang.Thread.run(Thread.java:534) May 25, 2004 1:37:15 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ResourceLink to JNDI DataSource in GlobalResources not working
Hi There, I'm running Tomcat 4.1.30. When I put the Resource and ResourceParams elements in the Context element of my webapp, it seems to work fine, but when I move it to the GlobalNamingResources element and point to it using a ResourceLink, it doesn't seem to work giving me an exception saying that the driver class is null. Here's my Resource in the GlobalNamingResources: Resource name=jdbc/myoracle auth=Container scope=Shareable type=javax.sql.DataSource / ResourceParams name=jdbc/myoracle parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@MY_DB_URL/value /parameter parameter nameusername/name valueMY_USER_NAME/value /parameter parameter namepassword/name valueMY_PASSWORD/value /parameter parameter namemaxActive/name value30/value /parameter parameter namemaxIdle/name value10/value /parameter parameter namemaxWait/name value6/value /parameter parameter nameremoveAbandonedTimeout/name value60/value /parameter parameter namelogAbandoned/name valuetrue/value /parameter /ResourceParams And here's my ResourceLink nested in my Context: ResourceLink name=jdbc/myoracle global=jdbc/myoracle type=javax.sql.DataSource/ Any suggestions? - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
Re: How does Tomcat manage sesssions ?
On Wed, May 26, 2004 at 03:09:23PM +0200, Xavier MOGHRABI wrote: : I've read all the server.xml file and there is no marks of the Manager : configuration. You should check out a stock server.xml, then -- it sounds like yours has been customized and trimmed. Read on: : I saw in the documentation that A Manager element MAY be nested inside : a Context component. And In the server.xml there aren't any contexts. Either you're using the default settings of autoDeploy and/or deployOnStartup (so you'll have to create Context tags yourself), or all of your webapps use a file named context.xml for their per-context settings (in which case you must update context.xml). : So don't you think that the file to be configured must be : ${CATALINA_HOME}\conf\Catalina\localhost\manager.xml ? No, the Context in question refers to the Context element of server.xml (or context.xml, depending on your setup). -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How does Tomcat manage sesssions ?
Hi, I've read all the server.xml file and there is no marks of the Manager configuration. The example was removed a while ago, but you can still see it in older versions of server.xml by going to the CVS or downloading an old release: http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/c onf/server.xml?annotate=1.2 for example has a complete example of a persistent manager commented out. I saw in the documentation that A Manager element MAY be nested inside a Context component. And In the server.xml there aren't any contexts. It MAY be nested inside a Context, but doesn't have to be. It can be inside a Host or an Engine, both of which are more common than having a Manager inside a Context. So don't you think that the file to be configured must be ${CATALINA_HOME}\conf\Catalina\localhost\manager.xml ? No, that's for tomcat's Manager webapp, which is not the same thing as the session Manager. I realize the names might be confusing. By the way, don't you have an example ? We used to ship one with tomcat in server.xml, so see above for accessing older versions of that file. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP Servlet - How to use the same connection for GET URL?
On Wed, May 26, 2004 at 03:10:34PM +0200, SH Solutions wrote: : You could use a HTTP Client library, which understands http 1.1 (if the : server in questions does), and put connections into a central : MapHostName,Connection. If queries for the same host occur, you could : reuse them, if they are not timed out. I considered HTTP/1.1 but left it out for a few reasons, mostly that in this case it would lead to hackishness. ;) For example, the socket may timeout if there aren't enough requests within a given timeframe. Another is that, if the servlet and server aren't managed/owned by the same people, it's a little rude to maintain a 24/7 socket to someone else's machine for a stateless protocol... And so on, and so forth... -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I Know the servlet root directory for documents and modify it?
On Wed, May 26, 2004 at 03:21:43PM +0200, Francisco Jos? Arnau Vives wrote: : In a message I said my problem into migrate a application from windows to a : linux server. I think the problem is about the root directory where the : servlets try to find the files. How can I know the dafault route for my : application and how can I modify it? I don't think I understand -- are you trying to find the current directory of the webapp, and/or trying to read files from the filesystem? What's your end-goal here? -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How can I Know the servlet root directory for documents and modify it?
In a servlet, you can use getServletContext().getRealPath(/) to get the root of the web's docBase - Original Message - From: Francisco José Arnau Vives [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:21 PM Subject: How can I Know the servlet root directory for documents and modify it? In a message I said my problem into migrate a application from windows to a linux server. I think the problem is about the root directory where the servlets try to find the files. How can I know the dafault route for my application and how can I modify it? Thanks
ISAPI redirector
What version of isapi_redirect.dll do I use with Tomcat 4.1.30 and IIS 6.0 (Windows 2003 Enterprise Server). Do I still use the one that comes with the Tomcat 3.3 version. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTTP AUTH
Of course he can also just use BASIC Auth and do request.getRemoteUser() and do whatever he wants with that. No realms needed there. The original question was why was he setting up BASIC Auth programatically when he can specify it in web.xml. It sounds like he uses some custom authentication stuff anyway, so realms aren't really the question. It is simply the BASIC Auth that he can set up in web.xml which is what I was getting at. Jake At 11:31 PM 5/25/2004 -0700, you wrote: SH Solutions [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Can you explain yourself here? It is not obvious to me. How does the number of users make any difference here. Just set up BASIC Auth in web.xml. You don't have to define your users and roles in web.xml, if that's what you are implying. Alright, that is what I was thinking. So, is it possible, to use web.xml security together with our own login handler? Especially with certificates? Tomcat's MemoryRealm and UserDatabaseRealm work with CLIENT-CERT auth-type, as long as you don't need anything fancy (The user name is the cert Subject). You could also create your own Realm that would allow you to authenticate any way you like. Of course, this means that your app would now depend on Tomcat, and so would be less portable. To do programatic security, the easiest is to set 'clientAuth=true' on the Connector (Tomcat 5) or the Factory (Tomcat 4). This forces the browser to send the cert on all SSL requests. In newer Tomcat 5 versions (and JDK 1.4+), you can also specify 'clientAuth=want' to simply ask nicely :). Of course, this assumes that you are using the HTTP/1.1 Connector. For the JK Connector, you would configure this on Apache/IIS/SunOne. If this isn't good enough for you, then there is always the Tomcat-specific: request.getAttribute(org.apache.coyote.request.X509Certificate); which will re-negotiate the connection if necessary to get the client to send the cert. This works for the Coyote-HTTP/1.1 in TC 4.1.x and TC 5.0.x. However, I'd really like to drop this feature in 5.1.x. Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How can I Know the servlet root directory for documents and modify it?
Hi, Remember, getRealPath doesn't work in a packed WAR file. Yoav Shapira Millennium Research Informatics -Original Message- From: stan [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:43 AM To: Tomcat Users List Subject: Re: How can I Know the servlet root directory for documents and modify it? In a servlet, you can use getServletContext().getRealPath(/) to get the root of the web's docBase - Original Message - From: Francisco José Arnau Vives [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:21 PM Subject: How can I Know the servlet root directory for documents and modify it? In a message I said my problem into migrate a application from windows to a linux server. I think the problem is about the root directory where the servlets try to find the files. How can I know the dafault route for my application and how can I modify it? Thanks This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: converting a certificate for use on Tomcat
Dennis, that worked, thanks a lot:) I used the .pfx file that I already had and just appended 3 lines to the end of my SSL connector. !-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreType=PKCS12 keystoreFile=/root/host.foo.org.pfx keystorePass=mypassword/ /Connector Chris Dennis Dai said: Sorry I was wrong (it's been a while ...). You don't really need to import the pkcs12 format certificate into a keystore, the .pfx you generated earlier *is* the keystore in pkcs12 format. Now you only need to configure tomcat to recognize the keystore. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html for details. Specifically, you will need to add keystoreType=PKCS12 attribute in your SSL Connector among a whole bunch of others. On 5/25/2004 1:21 PM, Chris Purcell wrote: I want to make sure we're on the same page here. I have a certificate that looks like this... -BEGIN CERTIFICATE- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablabla /WeCY0ZzyRYuHhQYIm3R+A== -END CERTIFICATE- I copied it to a plain text file called domain.cert and then ran this command and received this below error... [EMAIL PROTECTED] root# /usr/java/bin/keytool -import -file domain.cert -storetype pkcs12 keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. Am I doing this right? Thanks, Chris I saw your original post but forgot to reply ... You can use keytool to import the certificate using pkcs12 certificate store (add a '-storetype pkcs12' to keytool's arguments), which is supported by tomcat. Also, if your certificate is signed by an intermediate CA (meaning more than 2 certs on the chain), you will have to give each cert an alias name when you export it from openssl, otherwise the keytool won't recognize the chain. This really took me a while to figure out ... HTH, Dennis On 5/25/2004 12:30 PM, Chris Purcell wrote: Thanks for the link Jim, I'm just getting around to this certificate now, I got swamped with some extra work that I had to complete first. I looked at the link you sent, but there is a small problem, I don't know anything about Java:) What do I do with the source code given on the page? Should I copy it into a text file and run it with the java command? The only programming language I'm familiar with is Perl. Thanks, Chris Hi Chris- I had to do this myself a month ago. You can't use Sun's keytool to import private keys into keystores. You'll need to use something else to load the private key and corresponding cert into a keystore which Tomcat can then read. See the program and notes at http://www.comu.de/docs/tomcat_ssl.htm - it will explain how to use openssl to convert an existing private key and cert into a format that can then be loaded (using source code they provide) into a Java JKS keystore. Let me know if you need more details. -Jim Chris Purcell wrote: I have an Apache server with an SSL certificate installed from a CA. Its just a plain text certificate that looks like this.. -BEGIN CERTIFICATE- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablba /WeCY0ZzyRYuHhQYIm3R+A== -END CERTIFICATE- I want to move this certificate to a new server that only runs Tomcat in standalone mode. I tried to convert it like this (below) but am getting an error... [EMAIL PROTECTED] cert# openssl pkcs12 -export -inkey host-privkey.pem -in server.cert -out host.foo.org.pfx [EMAIL PROTECTED] cert# /usr/java/bin/keytool -import -file host.foo.org.pfx Enter keystore password: changeit keytool error: java.lang.Exception: Input not an X.509 certificate Am I doing something wrong here? Thanks, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HTTP Servlet - How to use the same connection for GET URL?
Hi I considered HTTP/1.1 but left it out for a few reasons, mostly that in this case it would lead to hackishness. ;) Hey, noone said it's gonne be easy. :D For example, the socket may timeout if there aren't enough requests within a given timeframe. Another is that, if the servlet and server aren't managed/owned by the same people, it's a little rude to maintain a 24/7 socket to someone else's machine for a stateless protocol... But an open socket between these would be even bettern than thousands of connections opening and closing all the time. Further, most systems only do at most around 100 request on persistent connections, so the sockets would not be connected that long. Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Host Directive
I have a few websites that I wish to run JSP pages through Tomcat. Now there are too many host names to create the multiple Aliases required to get this working properly. Is there a way to configure the host to listen on a single IP address instead of the host name? IE site1.com - 172.1.1.2 www.site1.com - 172.1.1.2 other.site1.com - 172.1.1.2 ... - 172.1.1.2 site2.com - 172.1.1.3 www.site2.com - 172.1.1.3 other.site2.com - 172.1.1.3 ... - 172.1.1.3 Also can I configure the root of the site to parse the JSP files? Currently I have to have all of the JSPs in a cgi folder, like the jsp-examples folder. Thank You Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107
RE: Host Directive
If you can configure more than one Connector, you can use the 'address' attribute on that element to specify which IP address to listen on. Then, inside your connector, declare one host, make it the default, and then you won't need a 'cgi folder'. (If by that, you mean a context name). -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: Host Directive I have a few websites that I wish to run JSP pages through Tomcat. Now there are too many host names to create the multiple Aliases required to get this working properly. Is there a way to configure the host to listen on a single IP address instead of the host name? IE site1.com - 172.1.1.2 www.site1.com - 172.1.1.2 other.site1.com - 172.1.1.2 ... - 172.1.1.2 site2.com - 172.1.1.3 www.site2.com - 172.1.1.3 other.site2.com - 172.1.1.3 ... - 172.1.1.3 Also can I configure the root of the site to parse the JSP files? Currently I have to have all of the JSPs in a cgi folder, like the jsp-examples folder. Thank You Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80. So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site): ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap -user tomcat However, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to. I'm sure this must be trivial, but all help would be appreciated! rj May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint java.net.BindException: Permission denied:80 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.java:258) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:275) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1500) at org.apache.catalina.core.StandardService.start(StandardService.java:485) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80 at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1502) at org.apache.catalina.core.StandardService.start(StandardService.java:485) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 5160 ms At 04:01 PM 5/25/2004, David Smith wrote: I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
A cluster question
Hello, I have a session bean that changes its state as pages call methods on that bean. I want this bean to be replictated to other cluster members but it seems like it gets replicated only once, straight after it is created. Is there any other way to force replication apart from calling session.setAttribute(name, bean) ? I have tried useDirtyFlag true and false - no luck. The application is distributed and all other things do get replicated. Regards, Vlad This is a little test case for my problem: test.jsp: - jsp:useBean id=mybean class=TestBean scope=session / % out.print(mybean.a()); % TestBean.java - import org.apache.log4j.Logger; import java.io.Serializable; import java.io.IOException; import java.util.Random; public class TestBean implements Serializable{ private static Logger logger = Logger.getLogger(TestBean.class); private long m_a = 0; private Random rnd = new Random(System.currentTimeMillis()); public long a() { m_a = rnd.nextLong(); return m_a; } private void writeObject(java.io.ObjectOutputStream out) throws IOException { //logger.debug(Serialized); System.out.println(Serialized); out.defaultWriteObject(); } private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); //logger.debug(Deserialized); System.out.println(Deserialized); } } The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
Do you still have Apache running on Port 80? On Wednesday 26 May 2004 10:30 am, RJ wrote: OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80. So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site): ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap -user tomcat However, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to. I'm sure this must be trivial, but all help would be appreciated! rj May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint java.net.BindException: Permission denied:80 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint.jav a:258) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.ja va:275) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1500) at org.apache.catalina.core.StandardService.start(StandardService.java:485) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80 at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:1502) at org.apache.catalina.core.StandardService.start(StandardService.java:485) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 5160 ms At 04:01 PM 5/25/2004, David Smith wrote: I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Ben Souther F.W. Davison Company, Inc. This e-mail message, and any accompanying documents, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure, distribution or copying is prohibited. If you are not the intended recipient, please contact our office by email or by telephone at (508) 747-7261 and immediately destroy all copies of the original message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat as 'root' insecure? (again)
Hi, You're better off grabbing the Tomcat5.sh script from $CATALINA_HOME/bin/jsvc-src/native (you need to unpack jsvc.tar.gz but I think you're already done that). Modify the couple of lines at the top to reflect your proper JAVA_HOME and CATALINA_HOME, and you should be all set. Yoav Shapira Millennium Research Informatics -Original Message- From: RJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:31 AM To: Tomcat Users List Subject: Re: Tomcat as 'root' insecure? (again) OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80. So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site): ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap -user tomcat However, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to. I'm sure this must be trivial, but all help would be appreciated! rj May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint java.net.BindException: Permission denied:80 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint .jav a:258) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoin t.ja va:275) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 00) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80 at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 02) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 5160 ms At 04:01 PM 5/25/2004, David Smith wrote: I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an)
RE: Host Directive
Sorry, thought I'd clear something up. In the Engine element, there's an attribute defaultHost. You'd then create your one Host element with a name element that matches the defaultHost attribute of its surrounding Engine. Then within the Host, you'd have a single context, the default, with a path attribute of empty string. (the empty string makes it the default one). -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:30 AM To: 'Tomcat Users List' Subject: RE: Host Directive If you can configure more than one Connector, you can use the 'address' attribute on that element to specify which IP address to listen on. Then, inside your connector, declare one host, make it the default, and then you won't need a 'cgi folder'. (If by that, you mean a context name). -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: Host Directive I have a few websites that I wish to run JSP pages through Tomcat. Now there are too many host names to create the multiple Aliases required to get this working properly. Is there a way to configure the host to listen on a single IP address instead of the host name? IE site1.com - 172.1.1.2 www.site1.com - 172.1.1.2 other.site1.com - 172.1.1.2 ... - 172.1.1.2 site2.com - 172.1.1.3 www.site2.com - 172.1.1.3 other.site2.com - 172.1.1.3 ... - 172.1.1.3 Also can I configure the root of the site to parse the JSP files? Currently I have to have all of the JSPs in a cgi folder, like the jsp-examples folder. Thank You Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
On Wed, May 26, 2004 at 10:30:59AM -0400, RJ wrote: : So, I try to use the jsvc approach, telling it to go to : the nonprivileged tomcat user by (from the tomcat site): : [snip] : However, that chokes as follows, as it apparently can't use port : 80 as I'm wanting it to. :SEVERE: Error starting endpoint :java.net.BindException: Permission denied:80 Stupid question: are you running jsvc as root? To bind to port 80, you'll have to just that. That doesn't mean Tomcat will run as root; jsvc will use its root privs to bind to the port, then switch over to the Tomcat user. Someone else has already mentioned that Apache (or something else) may still be running on that port. As root, you can check that with lsof -i :80 -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.0.24 : DBCP informix : pool exhausted
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I'm trying to use dbcp with our 9.40/9.21/9.20/7.30 informix database, but it always produces an exception : pool exhausted. The root cause seems to be dbcp cannot create a validated object. I tried removing the validation query, but the problem remains. If I set my factory to org.objectweb.jndi.DataSourceFactory ( and install carol, jonas, jotm etc ), everything works fine. Is there a way to get the standard DBCP to connect to an informix database ? I attached the ROOT.xml file with the datasource definition. I'm sorry to post this here, but I did not find a mailinglist for dbcp ... Thanks advance ! Peter. org.apache.commons.dbcp.SQLNestedException: Cannot get a connection, pool exhausted, cause: java.util.NoSuchElementException: Could not create a validated object ~at org.apache.commons.pool.impl.GenericObjectPool.borrowObject(GenericObjectPool.java:851) ~at org.apache.commons.dbcp.PoolingDataSource.getConnection(PoolingDataSource.java:140) ~at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.java:518) ~at org.apache.jsp.iri_002dadmin.Z0Toevoegen_jsp._jspService(Z0Toevoegen_jsp.java:129) ~at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) ~at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) ~at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:298) ~at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) ~at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) ~at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) ~at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237) ~at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157) ~at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) ~at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) ~at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) ~at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) ~at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) ~at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) ~at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) ~at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) ~at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) ~at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) ~at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) ~at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) ~at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) ~at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) ~at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) ~at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) ~at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) ~at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:793) ~at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:702) ~at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:571) ~at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:644) ~at java.lang.Thread.run(Thread.java:534) - -- Peter Van Biesen Adj. Sysadmin V.F.S.I.P.H. tel: +32 (0) 2 225 85 70 fax: +32 (0) 2 225 85 88 e-mail: [EMAIL PROTECTED] PGP: http://www.vlafo.be/pgpkeys/[EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAtK6SHtEPd3S05zgRAn3cAKCclthx4g+J/o8ERjWOGUFBDSt1hQCgnYKf ChjtoaBYnApggsN+/rhvm4s= =XvJK -END PGP SIGNATURE- ?xml version='1.0' encoding='utf-8'? Context displayName=Welcome to Tomcat docBase=ROOT path= workDir=work/Catalina/localhost/_ Resource name=jdbc/iri-brussel3 type=javax.sql.DataSource/ ResourceParams name=jdbc/iri-brussel3 parameter namemaxWait/name value5000/value /parameter parameter namemaxActive/name value4/value /parameter !-- parameter namefactory/name valueorg.objectweb.jndi.DataSourceFactory/value /parameter -- parameter namepassword/name valueweblogic/value /parameter parameter nameurl/name
Re: Tomcat as 'root' insecure? (again)
David Smith wrote: Let's see if I can offer a direct answer. I don't believe tomcat is insecure, but there are always those holes that haven't been found yet and a chance that the bad guys will find them first. The best practice approach to system security is to run all processes (tomcat included) at the minimum privilege level necessary to function. That way if an as yet unknown vulnerability is discovered and the attacker achieves the same privilege level as the service, he/she still shouldn't be able to get very far. The only benefit I've ever seen to running as root is the ability to bind to privilege ports below 1024 (web port 80 is one of them). In my opinion, not a big enough gain to warrant root privilege on the tomcat process. Good point - I'm convinced. I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. I wasn't aware of the jsvc, which answers my needs very well. Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[RESULT][VOTE] [5.0.25] Release vote
Hi, OK, per http://marc.theaimsgroup.com/?t=10851525392r=1w=2 I'm changing the label on 5.0.25 from alpha to stable. There were 4 binding +1 votes and no issues raised. Furthermore, 5.0.25 has gotten nothing but positive feedback on the tomcat-user list, and no issues against it in Bugzilla. Yoav Shapira Millennium Research Informatics This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Exception starting filter BalancerFilter
great, it works, thanks --- Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, You have a different version of Digester in your runtime classpath than was found at compile-time, most likely. Check your classpath for multiple copies of the Digester jar and keep only one. 1.6 (the latest stable one) is the one you should use. Yoav Shapira Millennium Research Informatics -Original Message- From: zhicheng wang [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 4:45 AM To: [EMAIL PROTECTED] Subject: Exception starting filter BalancerFilter dear all i have the following error in the log of tomcat, but the website seems working fine. how to fix it please? 2004-05-26 09:28:08 StandardContext[/balancer]Exception starting filter BalancerFilter java.lang.NoClassDefFoundError: org/apache/commons/digester/Digester = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
Lets see if I got this right. This is what one of the services looks like. Do I then create an additional service per IP address? Service name=siteName Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.38 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=siteName.com name=siteName Host name=siteName.com debug=0 appBase=c:\sites\siteName unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/siteName debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=siteName_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service BTW I am using the Isapi_Redirector.dll to hook IIS up to Tomcat. Thanks for your help. Charles -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:43 AM To: 'Tomcat Users List' Subject: RE: Host Directive Sorry, thought I'd clear something up. In the Engine element, there's an attribute defaultHost. You'd then create your one Host element with a name element that matches the defaultHost attribute of its surrounding Engine. Then within the Host, you'd have a single context, the default, with a path attribute of empty string. (the empty string makes it the default one). -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:30 AM To: 'Tomcat Users List' Subject: RE: Host Directive If you can configure more than one Connector, you can use the 'address' attribute on that element to specify which IP address to listen on. Then, inside your connector, declare one host, make it the default, and then you won't need a 'cgi folder'. (If by that, you mean a context name). -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: Host Directive I have a few websites that I wish to run JSP pages through Tomcat. Now there are too many host names to create the multiple Aliases required to get this working properly. Is there a way to configure the host to listen on a single IP address instead of the host name? IE site1.com - 172.1.1.2 www.site1.com - 172.1.1.2 other.site1.com - 172.1.1.2 ... - 172.1.1.2 site2.com - 172.1.1.3 www.site2.com - 172.1.1.3 other.site2.com - 172.1.1.3 ... - 172.1.1.3 Also can I configure the root of the site to parse the JSP files? Currently I have to have all of the JSPs in a cgi folder, like the jsp-examples folder. Thank You Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat alternatives to replace JServ zone URL abstraction
I had a look at the balancer, and it appears to work using redirects, i.e. throwing an HTTP 302 and making each JVM appear as a different URL. I can't do this since I want consistency of externally visible URLs. The clustering stuff in TC5 is aimed at session persistence and failover, and that is solving a somewhat different problem - we actively don't want persistent sessions, as the cost of them outweighs the marginal value - a typical JVM will stay up for weeks, and you can gracefully shut it down without cutting anyone off at the knees. The URL rewriting certainly works, but there is the issue of the session cookies which Catalina produces using the internal path, which become non-useful - I guess suppressing them is a 2-3 line patch which isn't too awful. The other idea one of our developers had here was to customise the invoker. Cheers Dave Shapira, Yoav wrote: Hi, The options for URL rewriting in tomcat get discussed frequently on this list. Feel free to search the list archives for complete discussions. Users usually go the Filter route, which is illustrated by the Balancer webapp that ships with tomcat 5. That webapps is not coincidentally similar to what you calla Dispatcher webapp below. The fake request URI solution is ugly, but sometimes ugly approaches are the only feasible thing. Tomcat now has built-in clustering, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html. An alternative approach written before the current tomcat clustering code was available is illustrated at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/cluster-howto.html. Yoav Shapira Millennium Research Informatics -Original Message- From: David Crooke [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 2:13 PM To: 'Tomcat Users List' Subject: Tomcat alternatives to replace JServ zone URL abstraction Hi all Please bear with me as this is a little complex / indirect - I'll explain below why the JServ URL - zone name abstraction is useful, and then present a couple of workarounds I've thought of for trying to implement the equivalent capability on top of Tomcat. I'd appreciate a critique of these ideas from experienced Tomcat users. We still run JServ - it's simple, but it's very solid and it works very well. However, it's end of lifed, and while we've only patched it once* since, I'm also contemplating what it would take to move our main application server farm to Tomcat, which would get us out of that business and open up other upgrade paths. A feature of JServ which we use, and which Tomcat does not appear to have an equivalent to, is the ability for the Apache layer to map URLs to JServ zones (c.f. Tomcat webapps), and thus put a layer of abstraction between the URL and the servlet which gets invoked, which is under Apache's control. As far as I can tell, in Tomcat if the URL passed to Tomcat is /foo then the webapp name must be /foo We exploit this to make our upgrade process seamless to clients and eliminate the need for downtime. The setup is like this: * We have about 250 customer sites running a shared Apache configuration, and several pools of JServ appservers behind them. * Each JServ JVM has the same config with multiple zones; each zone contains a different releases of our software. * Each client's site has an Apache NameVirtualHost and is mapped to a zone, and thus a particular version of our software: ApJServMount /site balanace://appservers-grp1/v1 * Application Foo is invoked with a URL of the form http://www.customer.com/site/Foo When we ship an upgrade, we install the new software in a new zone by cycling the JVM's in and out of service, with no service disruption. Then, to switch a client over to a new version of the software, we just change the apache config, as below, and do apachectl graceful. ApJServMount /site balanace://appservers-grp1/v2 The URL for the application does not change, and the new version is picked up. The beauty of this abstraction is it allows us to upgrade individual sites independently of each other, and more importantly, independently of the resource allocation of sites to pools of JVMs, e.g. VirtualHost NameVirtualHost www.site1.com ApJServMount /site balance://appservers-grp1/v1 /VirtualHost VirtualHost NameVirtualHost www.site2.com ApJServMount /site balance://appservers-grp1/v2 /VirtualHost *Possible Solutions* Here are some ideas I've thought of, I'd be interested in a critique. Bear in mind the essential objective to keep the external URLs identical. 0. Use separate Tomcat JVMs for different software versions; each has one webapp called /site This would work cleanly, but has two major drawbacks: (i) it requires additional resources (at minimum, RAM to support a pool of JVMs), and (ii) assuming that you're controlling extra resources needed by using n+1 groups of JVMs and migrating a group at a time, it constrains the freedom of what sites get migrated when and forces it to
Re: Tomcat as 'root' insecure? (again)
Okay, I suppose you all are right saying that it's better not to run as root. But does the same apply to Windows? We're using Tomcat 4.1.24 on Windows 2000 Server, and up till now we've always run Tomcat as root. I don't see a jvsc-script or directory. Do I need to upgrade to TC5 to be able to use the script? Roger Barnet Wagman wrote: David Smith wrote: Let's see if I can offer a direct answer. I don't believe tomcat is insecure, but there are always those holes that haven't been found yet and a chance that the bad guys will find them first. The best practice approach to system security is to run all processes (tomcat included) at the minimum privilege level necessary to function. That way if an as yet unknown vulnerability is discovered and the attacker achieves the same privilege level as the service, he/she still shouldn't be able to get very far. The only benefit I've ever seen to running as root is the ability to bind to privilege ports below 1024 (web port 80 is one of them). In my opinion, not a big enough gain to warrant root privilege on the tomcat process. Good point - I'm convinced. I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How does Tomcat manage sesssions ?
Xavier MOGHRABI wrote: Hi, I've read the documentation but I don't understand clearly where can I configure TOmcat to use *PersistentManager* instead of *StandardManager*. Do you know it ? Shortly: Context docBase=app.war path=/app !-- ... -- Manager className=org.apache.catalina.session.PersistentManager saveOnRestart=false Store className=org.apache.catalina.session.FileStore/ /Manager !-- ... -- /Context By the way, I wrote this lines to disable default manager behavoiur to store sessions between server shutdown/startup. But SESSIONS.ser is still appearing, can anybody explain this? Xavier Shapira, Yoav a écrit : Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/manager.html http://jakarta.apache.org/tomcat/faq/misc.html#persist Yoav Shapira Millennium Research Informatics -Original Message- From: Xavier MOGHRABI [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:29 AM To: Tomcat Users List Subject: How does Tomcat manage sesssions ? Hello, I'm instested to know how does Tomcat manage user sessions. I'd like to build a robust application that can survive after server's crashes. Thereby, I'd like that the application is able to recover the session to allow users to go on their work where they were. I've searched information on tomcat's website and I've read that in using clustering features it would be possible to share sessions with differents Tomcat instances by storing them in a shared storage such as DBMS or XML file. Thus, I thought my application could save sessions in a DBMS to recover them after crashes or network failure. However I don't know how to do this. Does somebody could bring me more documentation or tell me more about it. I would like to know : - how should I configure Tomcat for doing that ? - how tomcat save sessions and what does it do of objets linked to the session ? - how can I recover sessions and get it back to the right user? Thanks for your help. Xavier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
why my servlet does not work?
Dear all, please help to see any thing wrong on my setup? servlet: a.b.c.ServletA.calss has been placed under: WEB-INF/classes/a/b/c/ in WEB-INF/web.xml, web-app servlet servlet-namedjs/servlet-name servlet-classa.b.c.ServletA/servlet-class init-param param-nameconfigfile/param-name param-value/WEB-INF/jobs.properties/param-value /init-param /servlet servlet-mapping servlet-namedjs/servlet-name url-pattern/djs*/url-pattern /servlet-mapping /web-app anything else do i need? i am not sure where the /WEB-INF/jobs.properties refers to? docbase or the / it is a linux sys tomcat 5.0.19 thanks = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Webstatistics using mod_jk2 and Tomcat4
I have an IIS setup with isapi_redirector2.dll, the redirector is placed in a virtual directory called jarkarta. The system is a Content Management System for a Website. The problem is that the weblogs show \jakarta\isapi_redirector2.dll as the URL instead of the generated URL from Tomcat, this ofcourse makes weblogs useless for statistic purposes does anybody a way how to solve this.. Best regards, - u l f - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
that all looks good to me, but it's additional Connector elements, not Service. I'm unsure of how this is impacted with connectors to IIS. -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:10 AM To: Tomcat Users List Subject: RE: Host Directive Lets see if I got this right. This is what one of the services looks like. Do I then create an additional service per IP address? Service name=siteName Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.38 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=siteName.com name=siteName Host name=siteName.com debug=0 appBase=c:\sites\siteName unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/siteName debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=siteName_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service BTW I am using the Isapi_Redirector.dll to hook IIS up to Tomcat. Thanks for your help. Charles -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:43 AM To: 'Tomcat Users List' Subject: RE: Host Directive Sorry, thought I'd clear something up. In the Engine element, there's an attribute defaultHost. You'd then create your one Host element with a name element that matches the defaultHost attribute of its surrounding Engine. Then within the Host, you'd have a single context, the default, with a path attribute of empty string. (the empty string makes it the default one). -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:30 AM To: 'Tomcat Users List' Subject: RE: Host Directive If you can configure more than one Connector, you can use the 'address' attribute on that element to specify which IP address to listen on. Then, inside your connector, declare one host, make it the default, and then you won't need a 'cgi folder'. (If by that, you mean a context name). -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:10 AM To: [EMAIL PROTECTED] Subject: Host Directive I have a few websites that I wish to run JSP pages through Tomcat. Now there are too many host names to create the multiple Aliases required to get this working properly. Is there a way to configure the host to listen on a single IP address instead of the host name? IE site1.com - 172.1.1.2 www.site1.com - 172.1.1.2 other.site1.com - 172.1.1.2 ... - 172.1.1.2 site2.com - 172.1.1.3 www.site2.com - 172.1.1.3 other.site2.com - 172.1.1.3 ... - 172.1.1.3 Also can I configure the root of the site to parse the JSP files? Currently I have to have all of the JSPs in a cgi folder, like the jsp-examples folder. Thank You Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ResourceLink to JNDI DataSource in GlobalResources not working
Hi There, I'm running Tomcat 4.1.30. When I put the Resource and ResourceParams elements in the Context element of my webapp, it seems to work fine, but when I move it to the GlobalNamingResources element and point to it using a ResourceLink, it doesn't seem to work giving me an exception saying that the driver class is null. Here's my Resource in the GlobalNamingResources: Resource name=jdbc/myoracle auth=Container scope=Shareable type=javax.sql.DataSource / ResourceParams name=jdbc/myoracle parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@MY_DB_URL/value /parameter parameter nameusername/name valueMY_USER_NAME/value /parameter parameter namepassword/name valueMY_PASSWORD/value /parameter parameter namemaxActive/name value30/value /parameter parameter namemaxIdle/name value10/value /parameter parameter namemaxWait/name value6/value /parameter parameter nameremoveAbandonedTimeout/name value60/value /parameter parameter namelogAbandoned/name valuetrue/value /parameter /ResourceParams And here's my ResourceLink nested in my Context: ResourceLink name=jdbc/myoracle global=jdbc/myoracle type=javax.sql.DataSource/ Here's my entry in my web.xml resource-ref descriptionDB Connection/description res-ref-namejdbc/myoracle/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref and here's my java code to get a connection Context ctx = new InitialContext(); Object obj = ctx.lookup(java:comp/env/jdbc/myoracle); DataSource ds = (DataSource)obj; return ds.getConnection(); Like I mentioned, the code works when the resource is nested inside the context, but when I replace it with the resource link like above and move it up to the global naming resources, it doesn't work. Any suggestions? - Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger
deploying using manager app does not modify server.xml ...
Hello all, Around here we install webapps in non standard locations from the command line. We do this by creating an .xml that contains all that tomcat (ver 4.1.27) needs to know about a new context and then do: get --http-user=admin --http-passwd=* -O- \ http://localhost:8080/manager/install?config=file:/data/myapp/conf/myapp.xml This installs the context just fine, everything works. Just one problem remains. The new context is not added to the server.xml. I need to get in to a browser, log on to the admin application, and then press commit changes. If I don't do that Tomcat forgets all about the new context after the next restart. How do I get around this? Basically what I need is a procedure to deploy webapps, that can be performed entirely from the command line (on a unix server) and that allows me the freedom to place the *.war file wharever I want on the file system. TIA, Krist -- Krist van Besien Bern, Switzerland - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error using taglibs - unable to find setter
Thanx Larry. It helped!! / Ravi Larry Isaacs wrote: The following comes from the Tomcat 3.3.x faq file, which I assume would apply in your situation: Q. I have a bean with a property whose second letter is capitalized. Why won't my JSP page that uses this bean compile? A. This may not happen often, but can be difficult to determine why. The reason is found in the Java Beans specification, where in section 8.8 Capitalization of inferred names it states: Thus when we extract a property or event name from the middle of an existing Java name, we normally convert the first character to lower case. However to support the occasional use of all upper-case names, we check if the first two characters of the name are both upper case and if so leave it alone. This means that if you have a bean with a setter method of setXLoc, then the inferred property is XLoc, not xLoc. If you used this bean in a JSP page and you tried to use xLoc as the property, it would not compile. Using XLoc as the property would succeed. If you insist on using xLoc on the JSP page, you can make this possible by creating a BeanInfo class for the bean. The following is an example of such a BeanInfo class for a simple bean called Coordinate. It explicitly defines the properties of the bean to be xLoc and yLoc. HTH. Cheers, Larry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
Roger wrote: Okay, I suppose you all are right saying that it's better not to run as root. But does the same apply to Windows? We're using Tomcat 4.1.24 on Windows 2000 Server, and up till now we've always run Tomcat as root. I don't see a jvsc-script or directory. Do I need to upgrade to TC5 to be able to use the script? Roger I believe that the Win version is called procrun. (jsvc and procrun are part of Apache's commons daemon project.) See http://jakarta.apache.org/commons/daemon/index.html bw - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as 'root' insecure? (again)
Windows is an animal of an entirely different species. The closest analogy to 'root' for Windows is 'administrator', but services in Windows (as far as I understand) usually run as SYSTEM. I could be sooo wrong on that and I'm really a Linux person. Hopefully someone who has experience securing Windows (insert favorite jab at Microsoft here) can chime in on this. --David Roger wrote: Okay, I suppose you all are right saying that it's better not to run as root. But does the same apply to Windows? We're using Tomcat 4.1.24 on Windows 2000 Server, and up till now we've always run Tomcat as root. I don't see a jvsc-script or directory. Do I need to upgrade to TC5 to be able to use the script? Roger Barnet Wagman wrote: David Smith wrote: Let's see if I can offer a direct answer. I don't believe tomcat is insecure, but there are always those holes that haven't been found yet and a chance that the bad guys will find them first. The best practice approach to system security is to run all processes (tomcat included) at the minimum privilege level necessary to function. That way if an as yet unknown vulnerability is discovered and the attacker achieves the same privilege level as the service, he/she still shouldn't be able to get very far. The only benefit I've ever seen to running as root is the ability to bind to privilege ports below 1024 (web port 80 is one of them). In my opinion, not a big enough gain to warrant root privilege on the tomcat process. Good point - I'm convinced. I use jsvc which launches as root just long enough to capture the privileged ports necessary and then drops the root privilege to run as tomcat5. Very clean, runs on startup, and I don't have to worry about some unforeseen problem giving an attacker instant root privilege. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Réf. : mod_jk error with Apache 2.0.49
What do you mean the right one? I built jk2 from the jakarta-tomcat-connectors-jk2-src-current.tar.gz tarball. Is that right? The problem I'm having with jk2 is a known issue (http://nagoya.apache.org/bugzilla/show_bug.cgi?id=28790). I would love to see that one figured out, but right now I would settle for just getting jk1 to work. I compiled a modified mod_jk.so and inside get_map (jk_map.c) the jk_map_t* passed in is null. That's why there's no worker found. I haven't had time to try and figure out what could cause it to be null. Thanks, Barry On Wed, 2004-05-26 at 01:34, [EMAIL PROTECTED] wrote: Barry, make sure you have built the right jk module. I've exactly the same config than you. Redhat ES 3.0, apache 2.0.49 jk2 and jboss 3.2.3 that comes with tomcat 3.2.3 my httpd.conf file contains : LoadModule jk2_module modules/mod_jk2.so IfModule mod_jk2.c JKSet config.file /opt/apachessl-2.0.49/inet/conf/workers2.properties /IfModule the workers2 file may contains [shm] file=/var/log/apache/inet/jk2.shm [channel.socket:localhost:8009] port=8009 host=127.0.0.1 [ajp13:localhost:8009] channel=channel.socket:localhost:8009 # Uri mapping [uri:/apps/*] worker=ajp13:localhost:8009 and it works fine. ___ NATEXIS ASSET MANAGEMENT Meissa SAKHO 01 58 19 45 71. . . . . . . . . . . . (84571) [EMAIL PROTECTED] Barry Roberts [EMAIL PROTECTED] 25/05/2004 21:14 Veuillez rpondre Tomcat Users List Pour : [EMAIL PROTECTED] cc : Objet : mod_jk error with Apache 2.0.49 I'm trying to get mod_jk working with apache 2.0.49 built from source on RedHat ES 3.0. I've got the module built and in the modules directory, and my httpd.conf contains: LoadModule jk_module modules/mod_jk.so JkWorkersFile /usr/local/apache2/conf/workers.properties JkLogFile /var/log/mod_jk.log JkLogLevel debug JkMount /apps/* xsappa JkMount /admin xsappa This is towards the top of the file outside of any virtualhost or directory elements (I have also tried putting this at the bottom of the file). My workers.properties is: worker.list=xsappa worker.xsappa.port=139 worker.xsappa.host=192.168.2.42 worker.xsappa.type=ajp13 worker.xsappa.lbfactor=1 Every time I try to hit a servlet or jsp I get the following in my mod_jk.log: [Tue May 25 12:45:38 2004] [jk_worker.c (136)]: wc_get_worker_for_name, done did not found a worker And of course a 500 in the browser. The tomcat server works fine. I can put jk2 into the web server and it mostly works (I get Broken Pipe exceptions when I KNOW it's not a user pressing cancel in the browser, but that's another issue). I can hit the tomcat server on port 8080 and it's just fine. I can't use jk2 because of the spurious broken pipes, and now I can't get jk1 working at all. I have this suspicion that I'm missing something obvious, but I can't find it. Any help would be greatly appreciated. Thanks, Barry Roberts - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents.Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can webapps 'share' a security-constraint?
I'd like users to be able to login once and get access to several web apps. Is it possible for web apps to 'share' a security-contraint? I've tried putting the constraint into conf/web.xml That applies the constraints to all the specified web apps managed by the server, but users still need to log into each web app separately. I.e. if conf/web.xml contains a security constraint that such as security-constraint display-nameSite access constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/WebApp_A/*/url-pattern url-pattern/WebApp_B/*/url-pattern /web-resource-collection auth-constraint role-namea_defined_role/role-name /auth-constraint /security-constraint (webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml do not contain a security-constraint.) (By the way, I don't know if putting a security constraint in conf/web.xml is legitimate.) The constraint will apply to WebApp_A and WebApp_B When a user access a page in WebApp_A, she is required to login. If, after a successful login, she accesses a page in WebApp_B, she will have to log in again. Is there a way to force the first login to apply to all the listed web-apps? Thanks, bw
apache2+tomcat5.0.19+mod_jk in-process
Subject: apache2+tomcat5.0.19+mod_jk2 in-process Date: 5/26/2004, 11:19 AM From: Timothy Suh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: AOL Can someone help me with setting up apache2 to start tomcat5 in-process using mod_jk2? out-of-process was straight forward but I am having tough time starting in-process. I believe i have workers2 and jk2.properties set up correctly. I also compiledlinked mod_jk2 on my platform (linux). I searched everywhere but cannot find anyone who has this working. The erorr msgs are: [Wed May 26 11:15:46 2004] [notice] vm.open2() done [Wed May 26 11:15:46 2004] [error] workerEnv.initChannel() init failed for channel.jni:jni [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onStartup [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onShutdown Your help is monstrously appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP Compiling - painted in a corner?
Hello Illya, Thank you VERY much for your reply. The fact that Tomcat 5.x includes the directory structure in package statements and 4.x does not makes everything I've been doing much clearer. I need to go back and start from the beginning using Tomcat 5.x and Ant and see if I can get it working. If I can I'll have to do some convincing to ship the latest version instead of the 4.x version we were planning on. I think we'll have to do this since we have duplicate file names in subdirectories that are auto-generated so we have no control over their naming. Hm, interesting point. Are you ready to precompile your application for each and every version of each and every container? We are prepared to recompile our app for each server we'll run on, though initially we will only support Tomcat version x (whichever we end up going with when it's all said and done). We're shipping it as a complete package (Tomcat install with our war files included) and plan on crossing the I want to run on my existing Tomcat bridge when we come to it. Our customers generally aren't running a web server of any kind anyways so this shouldn't be much of an issue. Thanks again for pointing out the Tomcat version 4 vs. 5 precompile difference. It really has cleared things up for me. Jason __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Can webapps 'share' a security-constraint?
Hi, You might be able to use the SingleSignOn Valve (see tomcat configuration reference documentation) for this. It's OK but not recommended to put the security constraints in conf/web.xml, although that's another way to share a constraint among webapps. As for a pure, portable way to share constraints: I don't think. Web.xml by definition is for one webapp. You'd have to copy/paste the constraints or put them in a separate XML file and include that via XML entities. Yoav Shapira Millennium Research Informatics -Original Message- From: Barnet Wagman [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:53 AM To: Tomcat Users List Subject: Can webapps 'share' a security-constraint? I'd like users to be able to login once and get access to several web apps. Is it possible for web apps to 'share' a security-contraint? I've tried putting the constraint into conf/web.xml That applies the constraints to all the specified web apps managed by the server, but users still need to log into each web app separately. I.e. if conf/web.xml contains a security constraint that such as security-constraint display-nameSite access constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/WebApp_A/*/url-pattern url-pattern/WebApp_B/*/url-pattern /web-resource-collection auth-constraint role-namea_defined_role/role-name /auth-constraint /security-constraint (webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml do not contain a security-constraint.) (By the way, I don't know if putting a security constraint in conf/web.xml is legitimate.) The constraint will apply to WebApp_A and WebApp_B When a user access a page in WebApp_A, she is required to login. If, after a successful login, she accesses a page in WebApp_B, she will have to log in again. Is there a way to force the first login to apply to all the listed web-apps? Thanks, bw This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: why my servlet does not work?
Hi, Your url-pattern is illegal. Yoav Shapira Millennium Research Informatics -Original Message- From: zhicheng wang [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:31 AM To: [EMAIL PROTECTED] Subject: why my servlet does not work? Dear all, please help to see any thing wrong on my setup? servlet: a.b.c.ServletA.calss has been placed under: WEB-INF/classes/a/b/c/ in WEB-INF/web.xml, web-app servlet servlet-namedjs/servlet-name servlet-classa.b.c.ServletA/servlet-class init-param param-nameconfigfile/param-name param-value/WEB-INF/jobs.properties/param-value /init-param /servlet servlet-mapping servlet-namedjs/servlet-name url-pattern/djs*/url-pattern /servlet-mapping /web-app anything else do i need? i am not sure where the /WEB-INF/jobs.properties refers to? docbase or the / it is a linux sys tomcat 5.0.19 thanks = Best wishes Z C Wang Yahoo! Messenger - Communicate instantly...Ping your friends today! Download Messenger Now http://uk.messenger.yahoo.com/download/index.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat as 'root' insecure? (again)
Yoav et al: Thanks a million! When editing up the tomcat5.sh script, I also needed to fix the DAEMON_HOME and the reference to it in the 'start' method to go to the right path (it unpacked to something other than the expected /src/native/unix/jsvc ). And chown all the files to my tomcat user. Now if I can just figure out how to get usage logs that are roughly comparable to what Apache put out, I'll be set! (and the issue of SSL, which seems to have gotten a lot of discussion lately). Using tomcat on 80 instead of fooling with that always-painful task of linking to Apache will hopefully make support over the long term a lot easier proposition than trying to keep up with that always-moving target that the connectors pose... Thanks again. rj At 10:35 AM 5/26/2004, Shapira, Yoav wrote: Hi, You're better off grabbing the Tomcat5.sh script from $CATALINA_HOME/bin/jsvc-src/native (you need to unpack jsvc.tar.gz but I think you're already done that). Modify the couple of lines at the top to reflect your proper JAVA_HOME and CATALINA_HOME, and you should be all set. Yoav Shapira Millennium Research Informatics -Original Message- From: RJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:31 AM To: Tomcat Users List Subject: Re: Tomcat as 'root' insecure? (again) OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80. So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site): ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap -user tomcat However, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to. I'm sure this must be trivial, but all help would be appreciated! rj May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint java.net.BindException: Permission denied:80 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint .jav a:258) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoin t.ja va:275) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 00) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80 at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 02) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 5160 ms At 04:01 PM 5/25/2004, David Smith wrote:
RE: Can webapps 'share' a security-constraint?
Look at the SingleSignOn valve. -Original Message- From: Barnet Wagman [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 16:53 To: Tomcat Users List Subject: Can webapps 'share' a security-constraint? I'd like users to be able to login once and get access to several web apps. Is it possible for web apps to 'share' a security-contraint? I've tried putting the constraint into conf/web.xml That applies the constraints to all the specified web apps managed by the server, but users still need to log into each web app separately. I.e. if conf/web.xml contains a security constraint that such as security-constraint display-nameSite access constraint/display-name web-resource-collection web-resource-nameProtected Area/web-resource-name url-pattern/WebApp_A/*/url-pattern url-pattern/WebApp_B/*/url-pattern /web-resource-collection auth-constraint role-namea_defined_role/role-name /auth-constraint /security-constraint (webapps/Web_App_A/WEB-INF/web.xml and webapps/Web_App_B/WEB-INF/web.xml do not contain a security-constraint.) (By the way, I don't know if putting a security constraint in conf/web.xml is legitimate.) The constraint will apply to WebApp_A and WebApp_B When a user access a page in WebApp_A, she is required to login. If, after a successful login, she accesses a page in WebApp_B, she will have to log in again. Is there a way to force the first login to apply to all the listed web-apps? Thanks, bw - * Confidentiality Note: The information contained in this message, and any attachments, may contain confidential and/or privileged material. It is intended solely for the person(s) or entity to which it is addressed. Any review, retransmission, dissemination, or taking of any action in reliance upon this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer. * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache2+tomcat5.0.19+mod_jk in-process
Hello Timothy, the JNI integration works only with Tomcat Release greater 5.0.20 and the commands changed to (startd and stopd) used the coming Tomcat 5.0.25 it is very stable. (Must add jmx.jar to your classpath) Regards Peter Timothy Suh schrieb: Subject: apache2+tomcat5.0.19+mod_jk2 in-process Date: 5/26/2004, 11:19 AM From: Timothy Suh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: AOL Can someone help me with setting up apache2 to start tomcat5 in-process using mod_jk2? out-of-process was straight forward but I am having tough time starting in-process. I believe i have workers2 and jk2.properties set up correctly. I also compiledlinked mod_jk2 on my platform (linux). I searched everywhere but cannot find anyone who has this working. The erorr msgs are: [Wed May 26 11:15:46 2004] [notice] vm.open2() done [Wed May 26 11:15:46 2004] [error] workerEnv.initChannel() init failed for channel.jni:jni [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onStartup [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onShutdown Your help is monstrously appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Configuring mod_jk2/jk2 Via The JMX Console
the Remote JMX jk2 config is possible with this jk2.properties file configuration snipped With this configuration all JK2 Beans are reflect to the JMX MBeans (Domain apache). Access the MBeans with http://localhost:9000. (Ignore the xsl mx4j error at console) Tomcat is definitely doing more with your described configuration than it was (there are MBeanServer lines in catalina.out that were not there before now), but I do not think that it is working as it should yet. First, I am a bit confused, because it appears that I am setting up the connector to listen at port 9050 with the line mx.httpPort=9050 yet you tell me to use http://localhost:9000/; for MBean access. Is this just a typo? Furthermore, a netstat indicates that nothing is listening on either port 9000 or port 9050 after Tomcat starts, so is it even working? Any ideas what could be going wrong? Would my log file, netstat output, or jk2.properties file be of any help in determining what is wrong? Another oddity is that something is listening on port 8005 after I start Tomcat with this configuration, but I can't browse to it with a web browser. Second, after I get that working, is the 90?0 port number the port number for the console (a web app of some kind) or is that just an HTTP connector for the MBean Server? Is it both? Thanks for all of your help. Jimmy ** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Need tomcat consulting - Sorry if this kind of message is not allowed.
I hope that the moderator will delete this email if this sort of thing is against the list's charter - I've read the guidelines and it seems ok. Is anyone interested in a little bit of consulting on the recent version of tomcat and integration with apache (mostly on windows) as well as other tomcat/jsp related issues? The consulting will ammount mostly to tutoring and answering some questions. We can pay very reasonable fees. I think we are talkng about a total of several hours. I travel a lot so this can take place anywhere from Philadelphia to Boston! Thank you very much! __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat as 'root' insecure? (again)
Hi, To get access logs (in the Common Log File format, same as Apache and nearly all HTTP servers), comment in the AccessLogValve. It's commented out by default in server.xml. Read up on its configuration if you want some special logging pattern, as it's quite flexible. For SSL, just start a separate mailing list threads with your problems if you have any. Yoav Shapira Millennium Research Informatics -Original Message- From: RJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 12:12 PM To: Tomcat Users List Subject: RE: Tomcat as 'root' insecure? (again) Yoav et al: Thanks a million! When editing up the tomcat5.sh script, I also needed to fix the DAEMON_HOME and the reference to it in the 'start' method to go to the right path (it unpacked to something other than the expected /src/native/unix/jsvc ). And chown all the files to my tomcat user. Now if I can just figure out how to get usage logs that are roughly comparable to what Apache put out, I'll be set! (and the issue of SSL, which seems to have gotten a lot of discussion lately). Using tomcat on 80 instead of fooling with that always-painful task of linking to Apache will hopefully make support over the long term a lot easier proposition than trying to keep up with that always-moving target that the connectors pose... Thanks again. rj At 10:35 AM 5/26/2004, Shapira, Yoav wrote: Hi, You're better off grabbing the Tomcat5.sh script from $CATALINA_HOME/bin/jsvc-src/native (you need to unpack jsvc.tar.gz but I think you're already done that). Modify the couple of lines at the top to reflect your proper JAVA_HOME and CATALINA_HOME, and you should be all set. Yoav Shapira Millennium Research Informatics -Original Message- From: RJ [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:31 AM To: Tomcat Users List Subject: Re: Tomcat as 'root' insecure? (again) OK, I've been running tomcat behind apache for ages, and now I want to go with Yoav's oft-stated advice to just use tomcat (5.0.24) alone. And I want it on port 80. So, I try to use the jsvc approach, telling it to go to the nonprivileged tomcat user by (from the tomcat site): ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap -user tomcat However, that chokes as follows, as it apparently can't use port 80 as I'm wanting it to. I'm sure this must be trivial, but all help would be appreciated! rj May 26, 2004 10:19:07 AM org.apache.coyote.http11.Http11Protocol start SEVERE: Error starting endpoint java.net.BindException: Permission denied:80 at org.apache.tomcat.util.net.PoolTcpEndpoint.initEndpoint(PoolTcpEndpoint .jav a:258) at org.apache.tomcat.util.net.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoin t.ja va:275) at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:177) at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 00) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java: 218) May 26, 2004 10:19:07 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: Protocol handler start failed: java.net.BindException: Permission denied:80 at org.apache.coyote.tomcat5.CoyoteConnector.start(CoyoteConnector.java:15 02) at org.apache.catalina.core.StandardService.start(StandardService.java:485 ) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2298) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.ja va:3 9) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImp l.java:25) at
Socket Create not supported
Hello Friends, Recently I got strange error on tomcat startup. I tried tomcat 4.0 as well as tomcat 5.0. But it shut down by giving strange error. Socket create is not supported. while in tomcat 5.0 it gives the same error indicating port no 8005 which is for tomcat shutdown port. I change ports but in vain. Machine Configuration : Old Laptop having win98 with 32MB RAM. Java 1.4.1 is installed. Same tomcat runs well on everywhere. What may be the problem? ./Nikhil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring mod_jk2/jk2 Via The JMX Console
Hello Jimmy, I have more then one Tomcat controlled with HTTP JMX Adaptor on my system. Sorry, for the Typo. You must changed the mx.httpPort=9000 . This is the default MX4J HTTP Adpator Port. You have made a copy from mx4j.tools.jar to $catalina.hom/bin and changed your setclasspath Skript ? Please, send your log file output for more analyse steps. Which OS, Tomcat and JVM you are used? The port 8005 is the default Tomcat shutdown Port. Send at localhost your shutdown keyword and tomcat made a controlled shutdown. regards Peter . Wilson Jimmy - jiwils schrieb: the Remote JMX jk2 config is possible with this jk2.properties file configuration snipped With this configuration all JK2 Beans are reflect to the JMX MBeans (Domain apache). Access the MBeans with http://localhost:9000. (Ignore the xsl mx4j error at console) Tomcat is definitely doing more with your described configuration than it was (there are MBeanServer lines in catalina.out that were not there before now), but I do not think that it is working as it should yet. First, I am a bit confused, because it appears that I am setting up the connector to listen at port 9050 with the line mx.httpPort=9050 yet you tell me to use http://localhost:9000/; for MBean access. Is this just a typo? Furthermore, a netstat indicates that nothing is listening on either port 9000 or port 9050 after Tomcat starts, so is it even working? Any ideas what could be going wrong? Would my log file, netstat output, or jk2.properties file be of any help in determining what is wrong? Another oddity is that something is listening on port 8005 after I start Tomcat with this configuration, but I can't browse to it with a web browser. Second, after I get that working, is the 90?0 port number the port number for the console (a web app of some kind) or is that just an HTTP connector for the MBean Server? Is it both? Thanks for all of your help. Jimmy ** The information contained in this communication is confidential, is intended only for the use of the recipient named above, and may be legally privileged. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please re-send this communication to the sender and delete the original message or any copy of it from your computer system. Thank You. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
Additional Service elements, Would I then create additional Engine elements? And if so, how do I tell the connector to you the appropriate Engine? IE This doesn't work though. It always gives me Site2. ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Site1 Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.39 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.39 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site1.com name=Site1 Host name=Site1.com debug=0 appBase=c:\sites\Site1 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site1 debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=Site1_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site2.com name=Site2 Host name=Site2.com debug=0 appBase=c:\sites\Site2 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site2 debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=Site2_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server Thanks for your help. Its these forums that I love about open source. Charles -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:32 AM To: 'Tomcat Users List' Subject: RE: Host Directive that all looks good to me, but it's additional Connector elements, not Service. I'm unsure of how this is impacted with connectors to IIS. -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 10:10 AM To: Tomcat Users List Subject: RE: Host Directive Lets see if I got this right. This is what one of the services looks like. Do I then create an additional service per IP address? Service name=siteName Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.38 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=siteName.com name=siteName Host name=siteName.com debug=0 appBase=c:\sites\siteName unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/siteName debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=siteName_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service BTW I am using the Isapi_Redirector.dll to hook IIS up to Tomcat. Thanks for your help. Charles
Re: Horrible memory leak in tomcat 5.0.19
I'm running out of memory with the msg: ... WARNING: Error registering request May 25, 2004 5:36:44 PM org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run SEVERE: Caught exception (java.lang.OutOfMemoryError) executing [EMAIL PROTECTED], terminating thread May 25, 2004 5:37:05 PM org.apache.jk.common.HandlerRequest invoke INFO: Unknown message 0 java.lang.OutOfMemoryError java.lang.OutOfMemoryError java.lang.OutOfMemoryError ... I've seen a sugestion of the request.registerRequests=false to put in jk2.properties. I'm using mod_jk, but as I see a similar message, I'll try this too. But... where do I put this conf, as mod_jk does not have a jk.properties file. could be it worker.properties? :) thanks in advance Joseph Shraibman wrote: Robert Krüger wrote: Hi, we had the same problem (enormous memory leak which frequently made our production system crash), downgraded to 5.0.18 and everything went back to normal. Just yesterday a colleague of mine came to the conclusion that it is not too unlikely that it is the problem described in the message http://www.mail-archive.com/[EMAIL PROTECTED]/msg53035.html It that is so, you can simply disable the JMX registration of requests to get rid of the problem. We will try that probably later today but of course you can give it a shot yourself. There is not much to lose. I was able to figure out how to reproduce this problem on my test machine (using multiple concurrent requests). I added to my jk2.properties: request.registerRequests=false This got rid of some of the messages in catalina.out but left these: Mar 19, 2004 1:47:51 PM org.apache.jk.common.HandlerRequest invoke INFO: Unknown message 0 Mar 19, 2004 1:47:52 PM org.apache.jk.common.HandlerRequest invoke INFO: Unknown message 0 ... and the memory leak did not go away. The message that I'm not getting anymore are: Mar 19, 2004 1:25:34 PM org.apache.jk.common.HandlerRequest decodeRequest WARNING: Error registering request Mar 19, 2004 1:25:34 PM org.apache.jk.common.HandlerRequest decodeRequest WARNING: Error registering request - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Fw: JDBC Realm Problem
Hi , I 've installed tomcat 5.0.24 and i try to implement security by JDBC Realm and the context is Loaded in the web.xml i wrote that: security-constraint web-resource-collection web-resource-nameBACK OFFICE/web-resource-name url-pattern/carpetaUno/*/url-pattern /web-resource-collection auth-constraint role-nameAdministadorST/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTomcat Manager Application/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config my directory structure is ST ---carpetaUno ---WEB-INF ---classes ---lib I 've configured a JDBCRealm in the administrator and i 've check that in this context file ST.xml. All seems is OK but it's doesn't work. I've made the same in Tomcat 4.1.24 and it's work , i have in my db 2 tables and its work in tomcat 4.1.24 Somebody can help me ? Best Regards Ignacio J. Tissera Java Developer Area de Desarrollo BRANDIGITAL (0054) 351 681931 www.brandigital.com [EMAIL PROTECTED]
Re: apache2+tomcat5.0.19+mod_jk in-process
I am now using Tomcat5.0.25 as you suggested but still getting same error. I don't think Apache is even getting to the part where it starts calling Tomcat (TomcatStarter) because the same error is generated when I completely remove Tomcat5.0.25 binary distribution from my machine. I am thinking the solution is in my workers2.properties file but not sure what it is. Here is my configuration: $APACHE_HOME/modules mod_jk2.so (built from source) linjkjni.so (built from source) $APACHE_HOME/conf workers2.properties $TOMCAT_HOME/conf jk2.properties workers2.properties contain (some unrelated properties omitted) [uriMap:] [shm:] disabled=1 [channel.jni:jni] disabled=0 [status:] [vm:] JVM=/j2sdk-1.4.2_03/jre/lib/i386/server/libjvm.so OPT=-server OPT=-Dtomcat.home=TOMCATHOME OPT=-Dcatalina.home=TOMCATHOME OPT=-Xnoclassgc OPT=-Xcheck:jni OPT=-verbose classpath=TOMCATHOME/bin/bootstrap.jar classpath=TOMCATHOME/common/lib/jmx.jar classpath=TOMCATHOME/server/lib/commons-modeler.jar classpath=TOMCATHOME/server/lib/tomcat-jni.jar classpath=TOMCATHOME/common/lib/servlet-api.jar OPT=-Xrs [worker.jni:onStartup] class=org/apache/jk/apr/TomcatStarter ARG=startd disabled=0 [worker.jni:onShutdown] class=org/apache/jk/apr/TomcatStarter ARG=stopd disabled=0 Peter Rossbach wrote on 5/26/2004, 12:27 PM: Hello Timothy, the JNI integration works only with Tomcat Release greater 5.0.20 and the commands changed to (startd and stopd) used the coming Tomcat 5.0.25 it is very stable. (Must add jmx.jar to your classpath) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ErrorPage.jsp - how to get the address of the offending page?
Hi, The subject pretty much contains the question. I would like the error page to send me an email with the URL of page that caused the exception. However, I can't figure out how to do it othe than by parsing the stack trace and somehow backing out the webpage.jsp that caused the error. Thanks! Dola __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat 5.0: servlet mappings added to context after start do not work
I have an application which embeds tomcat 4.1.12. It dynamically creates contexts, adding wrappers for servlets, etc. Due to the dynamic nature of this application, it can add and remove servlet mappings after the context has been started (added into a host in the started engine). This works fine under 4.1.12. Now I am trying to upgrade to Tomcat 5, specifically 5.0.24, and this fails. Servlet mappings added via context.addServletMapping() before the context is started work fine, but servlet mappings added afterward do not work. I've searched the archives and found no mention of this. After some debugging of the running engine, here is what I find: 1. Initial mapping of incoming requests is now based upon a Mapper within the CoyoteConnector, and the Mapper held within a StandardContext is no longer consulted on a per-request basis. 2. CoyoteConnector(s) retrieve all mapping information from new contexts, so they are initially correct. 3. Subsequently added/removed servlet mappings are maintained within the StandardContext's Mapper, but do *not* get propagated to the Connector. Is this a bug? Is there some way of working around this? At the time I am adding mappings to a Context, I do not have a reference to the associated Connector, or I could (also) tell the Connector about the servlet mapping. Any suggestions? __ David S. Johnson DeskNet Inc. 66 Pearl Street, Suite 300 Portland, ME 04101 Phone: 207-772-1484 x13 FAX: 207-773-6133 http://www.desknetinc.com Harness the Power of Your Content
security-constraint question/problem
I am trying to configure my application so that everything has to be encrypted. I was able to do that by using the security constraint at the bottom of this message. I've had this working for awhile without a problem. However, now, I want to add an additional restriction. I want to make it so that users can't access .jsp files directly. So, I added an additional security-constraint. However, it doesn't work. The only way I can get the .jsp constraint to work is if I comment out the other one. I've tried changing the order of the constraints and that doesn't make a difference. What am I doing wrong? Why doesn't it merge the two constraints together? It appears to just pick the most general case and go with that one. security-constraint web-resource-collection web-resource-namex/web-resource-name url-pattern*.jsp/url-pattern /web-resource-collection auth-constraint/ /security-constraint security-constraint web-resource-collection web-resource-namey/web-resource-name url-pattern/*/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: A cluster question
Is there any other way to force replication apart from calling session.setAttribute(name, bean) yes, there is, but not using the DeltaManager, instead use SimpleTcpReplicationMananger and set useDirtyFlag=false the useDirtyFlag is ignored on the delta manager, since the delta manager only replicates deltas. filip -Original Message- From: Ilyschenko, Vlad [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 9:32 AM To: Tomcat Users List Subject: A cluster question Hello, I have a session bean that changes its state as pages call methods on that bean. I want this bean to be replictated to other cluster members but it seems like it gets replicated only once, straight after it is created. Is there any other way to force replication apart from calling session.setAttribute(name, bean) ? I have tried useDirtyFlag true and false - no luck. The application is distributed and all other things do get replicated. Regards, Vlad This is a little test case for my problem: test.jsp: - jsp:useBean id=mybean class=TestBean scope=session / % out.print(mybean.a()); % TestBean.java - import org.apache.log4j.Logger; import java.io.Serializable; import java.io.IOException; import java.util.Random; public class TestBean implements Serializable{ private static Logger logger = Logger.getLogger(TestBean.class); private long m_a = 0; private Random rnd = new Random(System.currentTimeMillis()); public long a() { m_a = rnd.nextLong(); return m_a; } private void writeObject(java.io.ObjectOutputStream out) throws IOException { //logger.debug(Serialized); System.out.println(Serialized); out.defaultWriteObject(); } private void readObject(java.io.ObjectInputStream in) throws IOException, ClassNotFoundException { in.defaultReadObject(); //logger.debug(Deserialized); System.out.println(Deserialized); } } The information contained in this email message may be confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Although this message and any attachments are believed to be free of viruses, no responsibility is accepted by Informa for any loss or damage arising in any way from receipt or use thereof. Messages to and from the company are monitored for operational reasons and in accordance with lawful business practices. If you have received this message in error, please notify us by return and delete the message and any attachments. Further enquiries/returns can be sent to [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.676 / Virus Database: 438 - Release Date: 5/3/2004 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.676 / Virus Database: 438 - Release Date: 5/3/2004 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
Upon further reading of the docs, it appears you do need more than one service. From the docs: A Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests and: Exactly one Engine element MUST be nested inside a Service element, following all of the corresponding Connector elements associated with this Service. Here's what I propose (with extraneous elements removed): ?xml version='1.0' encoding='utf-8'? Server Service name=Site1Service Connector port=8009 address=172.16.10.39 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site1.com name=Site1 Host name=Site1.com debug=0 appBase=c:\sites\Site1 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site1 debug=0/ /Host /Engine /Service Service name=Site2Service Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site2.com name=Site2 Host name=Site2.com debug=0 appBase=c:\sites\Site2 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site2 debug=0/ /Engine /Service /Server -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:59 AM To: Tomcat Users List Subject: RE: Host Directive Additional Service elements, Would I then create additional Engine elements? And if so, how do I tell the connector to you the appropriate Engine? IE This doesn't work though. It always gives me Site2. ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycle Listener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Site1 Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.39 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.39 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site1.com name=Site1 Host name=Site1.com debug=0 appBase=c:\sites\Site1 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site1 debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=client-domain2. suffix=.txt timestamp=true//Host Logger className=org.apache.catalina.logger.FileLogger prefix=Site1_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site2.com name=Site2 Host name=Site2.com debug=0 appBase=c:\sites\Site2 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site2 debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=client-domain. suffix=.txt pattern=common resolveHosts=false/ Logger
RE: Can I change Tomcat's default character encoding?
Hi, quick response, you can use your own customized OutputStreamWriter. You need to extend the abstract class ServletOutputStream. And you integrate your customized writer with tomcat by implementing a filter. For more info on how to use filters, you can do a search on google. This will only work for Tomcat 4 and up, or any other container that implement Servlet 2.3 and up. -Yan -Original Message- From: rlipi [mailto:[EMAIL PROTECTED] Sent: May 26, 2004 00:49 To: 'Tomcat Users List' Subject: RE: Can I change Tomcat's default character encoding? -Original Message- From: Yansheng Lin [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 25, 2004 11:57 PM To: 'Tomcat Users List' Subject: RE: Can I change Tomcat's default character encoding? Also you may have to change your OS default locale since JVM and Java Runtime uses system default language environment. Is there any way to set default encoding for created writers? For instance - class OutputStreamWriter has constructors with or without charset parameter. If no charset is specified, the default one will be used. And it depends on the system. It makes problems when same (web) application should run on different platforms (Windows, Linux, etc.). I have not system under my control but I have Tomcat web servers under control. So, question is - can I configure JAVA VM (or Tomcat itself) to create OutputStreamWriter(s) with my default character encoding? Thank you, Lipi. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: ErrorPage.jsp - how to get the address of the offending page?
Does the request attribute javax.servlet.error.request_uri suit your needs ? (from the servlet spec, SRV.9.9.1) -Original Message- From: Dola Woolfe [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: ErrorPage.jsp - how to get the address of the offending page? Hi, The subject pretty much contains the question. I would like the error page to send me an email with the URL of page that caused the exception. However, I can't figure out how to do it othe than by parsing the stack trace and somehow backing out the webpage.jsp that caused the error. Thanks! Dola __ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! Messenger. http://messenger.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
Now I am definitely getting files from both sites. Though something weird is happening. I have a file in the root of each named test.jsp. In the file it is simply do out.print(site1.com); and the other file is doing out.print(site2.com); When I point a broewser to the site, it alternates between the two when I hit refresh. I think it has something to do with my workers2.properties file. [shm:] info=Shared memory file. Required for multiprocess servers file=C:\Tomcat\work\jk2.shm size=100 [channel.socket:172.16.10.39:8009] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.39:8009 [channel.socket:172.16.10.38:8009] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.38:8009 [uri:/*] info=JSP examples, map requests for all JSP pages to Tomcat. context=/ Do you see anything wrong with this? Charles -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 12:45 PM To: 'Tomcat Users List' Subject: RE: Host Directive Upon further reading of the docs, it appears you do need more than one service. From the docs: A Service element represents the combination of one or more Connector components that share a single Engine component for processing incoming requests and: Exactly one Engine element MUST be nested inside a Service element, following all of the corresponding Connector elements associated with this Service. Here's what I propose (with extraneous elements removed): ?xml version='1.0' encoding='utf-8'? Server Service name=Site1Service Connector port=8009 address=172.16.10.39 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site1.com name=Site1 Host name=Site1.com debug=0 appBase=c:\sites\Site1 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site1 debug=0/ /Host /Engine /Service Service name=Site2Service Connector port=8009 address=172.16.10.38 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site2.com name=Site2 Host name=Site2.com debug=0 appBase=c:\sites\Site2 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site2 debug=0/ /Engine /Service /Server -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 11:59 AM To: Tomcat Users List Subject: RE: Host Directive Additional Service elements, Would I then create additional Engine elements? And if so, how do I tell the connector to you the appropriate Engine? IE This doesn't work though. It always gives me Site2. ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycle Listener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Site1 Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=8080 address=172.16.10.39 redirectPort=8443 /Connector Connector port=8009 address=172.16.10.39 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=Site1.com name=Site1 Host name=Site1.com debug=0 appBase=c:\sites\Site1 unpackWARs=true autoDeploy=false xmlValidation=false xmlNamespaceAware=false Context path= docBase=c:/sites/Site1 debug=0/ Valve className=org.apache.catalina.authenticator.SingleSignOn debug=0/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs
RE: apache2+tomcat5.0.19+mod_jk in-process
I've spent a lot of time on this and still not managed to get it working. I can actually get the tomcat started inprocess and access it through port 8080 but I get the same errors as you have here and cant access it through the JNI channel. The only thing I can think that it could be is to do with the threads and processes settings in httpd.conf but i've not heard any success stories at all on non windows platforms despite asking on this list several times. Ta Matt -Original Message- From: Timothy Suh [mailto:[EMAIL PROTECTED] Sent: 26 May 2004 17:06 To: [EMAIL PROTECTED] Subject: apache2+tomcat5.0.19+mod_jk in-process Subject: apache2+tomcat5.0.19+mod_jk2 in-process Date: 5/26/2004, 11:19 AM From: Timothy Suh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Organization: AOL Can someone help me with setting up apache2 to start tomcat5 in-process using mod_jk2? out-of-process was straight forward but I am having tough time starting in-process. I believe i have workers2 and jk2.properties set up correctly. I also compiledlinked mod_jk2 on my platform (linux). I searched everywhere but cannot find anyone who has this working. The erorr msgs are: [Wed May 26 11:15:46 2004] [notice] vm.open2() done [Wed May 26 11:15:46 2004] [error] workerEnv.initChannel() init failed for channel.jni:jni [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onStartup [Wed May 26 11:15:46 2004] [notice] workerJni.Init() Skipping initialization for the 1893 1893 [Wed May 26 11:15:46 2004] [error] workerEnv.initWorkers() init failed for worker.jni:onShutdown Your help is monstrously appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Host Directive
This is where you loose me. I'm really not certain how this all interacts with jk2. While the IP alone should be sufficient, you might try altering the port? Then of course, alter the ajp13 Connector in server.xml to listen on 8010 for your site1/2 service (whichever you alter). [channel.socket:172.16.10.39:8009] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.39:8009 [channel.socket:172.16.10.38:8010] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.38:8010 -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Wednesday, May 26, 2004 12:54 PM To: Tomcat Users List Subject: RE: Host Directive Now I am definitely getting files from both sites. Though something weird is happening. I have a file in the root of each named test.jsp. In the file it is simply do out.print(site1.com); and the other file is doing out.print(site2.com); When I point a broewser to the site, it alternates between the two when I hit refresh. I think it has something to do with my workers2.properties file. [shm:] info=Shared memory file. Required for multiprocess servers file=C:\Tomcat\work\jk2.shm size=100 [channel.socket:172.16.10.39:8009] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.39:8009 [channel.socket:172.16.10.38:8009] info=Ajp13 worker, connects to tomcat instance using AJP 1.3 protocol tomcatId=172.16.10.38:8009 [uri:/*] info=JSP examples, map requests for all JSP pages to Tomcat. context=/ Do you see anything wrong with this? Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat as 'root' insecure? (again)
Hi Okay, I suppose you all are right saying that it's better not to run as root. But does the same apply to Windows? No, on Windows usual users are allowed to bind ports below 1024, which is the only problem for tomcat. Create any user account you want, give it sufficient access rights to tomcats folders. Done. (Maybe you need to give it some read rights for the registry configuration of the service loader. If thats a problem start tomcat using srvany (deprecated!).) [Also, you might need to give that user rights to log on as service and log on locally, but surely no special file oder registry access rights other that those mentioned above.] We're using Tomcat 4.1.24 on Windows 2000 Server, and up till now we've always run Tomcat as root. There is nothing in Windows which equals root. There is NO user, which has any right anywhere. [You could configure this though, but you should not. It is nice for different admins to have private folders, where no other admin can look inside. And a lot more, you know.] I don't see a jvsc-script or directory. Do I need to upgrade to TC5 to be able to use the script? You shouldnot need, afaict. Simply change the service's user. Regards, Steffen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]