RE: Tomcat locking up, not responding to requests
Check release notes! export LD_ASSUME_KERNEL=2.2.5 ... Start tomcat Zsolt -Original Message- From: Ben Simon [mailto:[EMAIL PROTECTED] Sent: Sunday, November 21, 2004 3:48 AM To: [EMAIL PROTECTED] Subject: Tomcat locking up, not responding to requests Howdy All, I'm running Tomcat 5.0.28, on Linux (RedHat 9, kernel: 2.4.20-8smp) with java 1.4.2_06-b03 (from SUN) on a dual processor Intel box and seeing very odd behavior. I'll start up tomcat, and use it to test/author a web application (struts based). At the end of the day, I'll leave the server running and go home. The next morning, I'll come in and try to hit the server, only to have any HTTP requests I make to it simply hang. They aren't rejected, timed out, or cause an exception. The requests just hang. The load on the server is low and there appears to be plenty of memory available (-Xms100M, -Xmx256M). There aren't any messages in the logs. When I do a `kill -3' on the process I get a stack trace (included below) and all the threads seem to be waiting for a connection. Yet, the server simply hangs. The only way I have found to proceed is to kill -9 the process and to start it up again. This is so odd. It appears as though simply leaving the machine alone (without any load or activity) eventually causes the server to lock up. It's also worth mentioning I've seen this behavior on at least two different machines, so I'm confident that the issue isn't just bad hardware. Anyone ever seen anything like this before? Thanks in advance, Ben Simon [Stack trace from a hung server] Full thread dump Java HotSpot(TM) Client VM (1.4.2_06-b03 mixed mode): NonBlockingPmapSerializer Worker: CampaignDaoFactory daemon prio=1 tid=0x5b510d40 nid=0x7b3 in Object.wait() [5b9ff000..5b9ff198] at java.lang.Object.wait(Native Method) at com.amazingmedia.sync.Daemon.daemonSleep(Daemon.java:331) - locked 0x4651ba48 (a com.amazingmedia.sync.Daemon) at com.amazingmedia.sync.Daemon.access$6(Daemon.java) at com.amazingmedia.sync.Daemon$DaemonThread.run(Daemon.java:365) NonBlockingPmapSerializer Worker: DirectoryDaoFactory daemon prio=1 tid=0x5b513cc0 nid=0x7b3 in Object.wait() [5b97f000..5b97f218] at java.lang.Object.wait(Native Method) at com.amazingmedia.sync.Daemon.daemonSleep(Daemon.java:331) - locked 0x4651bab8 (a com.amazingmedia.sync.Daemon) at com.amazingmedia.sync.Daemon.access$6(Daemon.java) at com.amazingmedia.sync.Daemon$DaemonThread.run(Daemon.java:365) NonBlockingPmapSerializer Worker: SimpleStorageService daemon prio=1 tid=0x5b506ba8 nid=0x7b3 in Object.wait() [5b8ff000..5b8ff298] at java.lang.Object.wait(Native Method) at com.amazingmedia.sync.Daemon.daemonSleep(Daemon.java:331) - locked 0x464863e8 (a com.amazingmedia.sync.Daemon) at com.amazingmedia.sync.Daemon.access$6(Daemon.java) at com.amazingmedia.sync.Daemon$DaemonThread.run(Daemon.java:365) http-8453-Monitor prio=1 tid=0x0851ed88 nid=0x7b3 in Object.wait() [5b87f000..5b87f318] at java.lang.Object.wait(Native Method) - waiting on 0x463fc900 (a org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable) at org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable.run(ThreadPool.j ava:559) - locked 0x463fc900 (a org.apache.tomcat.util.threads.ThreadPool$MonitorRunnable) at java.lang.Thread.run(Thread.java:534) http-8453-Processor4 daemon prio=1 tid=0x086d01b0 nid=0x7b3 runnable [5b7ff000..5b7ff398] at java.net.PlainSocketImpl.socketAccept(Native Method) at java.net.PlainSocketImpl.accept(PlainSocketImpl.java:353) - locked 0x45d2f2d0 (a java.net.PlainSocketImpl) at java.net.ServerSocket.implAccept(ServerSocket.java:448) at com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(DashoA12275) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.acceptSocket(JSSESocketF actory.java:110) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.ja va:368) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:549) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.j ava:683) at java.lang.Thread.run(Thread.java:534) http-8453-Processor3 daemon prio=1 tid=0x08523d28 nid=0x7b3 in Object.wait() [5b77f000..5b77f418] at java.lang.Object.wait(Native Method) - waiting on 0x463fcaf0 (a org.apache.tomcat.util.threads.ThreadPool$ControlRunnable) at java.lang.Object.wait(Object.java:429) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.j ava:655) - locked 0x463fcaf0 (a org.apache.tomcat.util.threads.ThreadPool$ControlRunnable) at java.lang.Thread.run(Thread.java:534) http-8453-Processor2 daemon prio=1 tid=0x08522cb8 nid=0x7b3 in Object.wait() [5b6ff000..5b6ff498] at
Please Help: Using SSL in servlets
Hi, I'm a newbie to ssl, here is the scenario: server: linux redhat 8 tomcat 4.1.29 axis 1.1 webservice in java server.keystore client: mandrake 9.2 tomcat 4.1.29 servlet client.keystore when using webservice from command line it works perfectly, but when running the same code from a servlet, it doesn't find truststore. in both cases the full path is given, all jars are accessible to code. can anyone please help? thanks michal - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL and form-based login
On Sat, Nov 20, 2004 at 04:59:31PM -0800, footh wrote: SSL seems to be working fine, however, I don't believe the login page is using SSL. The reason being is, when I try to hit any other page on the site with SSL, my browser invokes the certificate dialog box. However, when the form-based login forces the redirect to my custom login page, I don't get the certificate dialog box. Here's a snippet the relevant parts of web.xml (sorry if the formatting is bad): Does your browser url say https? If so, it should be in secure mode. Are you sure you didn't already accept the certificate during your browser session? Try sniffing your network traffic to make sure though. However, all these types of posts seem to be several years old. Is this still a bad idea...to switch from https to http? That depends on what you're trying to guarantee. If you're just trying to protect the password information that is entered during login, then switching back to http is ok. However, since the subsequent traffic is unencrypted an attacker could observe the sessionid that is used and hijack the session, often without any immediate indication of a problem from the user's point of view. If you're paranoid you'll want to do things like make sure a _new_ sessionid is created once you jump into https mode, and cause any non-https access using that new sessionid to instantly invalidate the session. (although as soon as there's any non-encrypted access with a given sessionid the attacker can theoretically race your session-killing request and create some havoc) For the slightly less paranoid, identifying the sensitive portions of your application and gating them with another https enabled password page might be reasonable. It all depends on how worried you are and how much effort you think someone will put into circumventing your security. eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat locking up, not responding to requests
ZK == Zsolt Koppany [EMAIL PROTECTED] writes: ZK Check release notes! Naturally, after spending days on the issue - I posted to this list. And within minutes, discovered the information you mention below. ZK export LD_ASSUME_KERNEL=2.2.5 ZK ... ZK Start tomcat Duh -- seems so obvious now. Thanks, Ben -- Ben Simon Amazing Media, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Please Help: Using SSL in servlets
On Sun, Nov 21, 2004 at 10:31:14AM +0200, Michal Ziv wrote: : when using webservice from command line it works perfectly, but when running : the same code from a servlet, it doesn't find truststore. : in both cases the full path is given, all jars are accessible to code. : can anyone please help? Yes, but you must first help us to help you: please post relevant files (in this case, the web.xml from the app that doesn't work) and give a more detailed problem description. You'd be surprised how many SSL problems are caused by typos in web.xml, e.g. trusttore instead truststore. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Redirect problem
Hi, I'd like to submit a weird problem that occurs with the following configuration : - Server Tomcat 5.0.28 - https connector activated with client authentification - Browser IE v6 sp2 with client certificate installed - Browser FireFox 1.0final with client certificate installed Sequence under Firefox : - Connection to http://localhost:8080/mywebapp - SSL server part OK - SSL client authentification OK - Displayed url in the browser : https://localhost:8443/mywebapp - Webapp displayed Sequence under IE : - Connection to http://localhost:8080/mywebapp - SSL server part OK - SSL client authentification : timeout Sequence under IE : - Connection to https://localhost:8443/mywebapp - SSL server part OK - SSL client authentification OK - Webapp displayed I cant resolve my problem ! I'm lost, have you any pointers ? Any help appreciated ! Thank you. Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Prevent session creation by DefaultServlet
Is there any way on tomcat 5.0.x to prevent tomcat/defaultServlet creating a session when serving static image files (*.jpg, *.gif, *.png)? This is only an issue if the browser has cookies switched off (and some users do). I know you can prevent the creation of a session in a JSP with (%@ page session=false %), but is there a way of doing this for other resources (like images)? We log all new sessions in a database, but we're finding when a browser has cookies switched off the defaultservlet/tomcat is generating a new session to serve each graphic elements on the page and it's clogging up our session monitor/logger (which implements HttpSessionListener). Also it's hard to distinguish these sessions from real user sessions - although we can if we use a filter to check the request URL to see what resource was requested, and then ignore the image requests. Any ideas? John Sidney-Woollett - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat locking up, not responding to requests
Hi, Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern/servlet-mapping -- It's my first time using Tomcat, been a Resin user for years ... Thanks, Stef www.killersites.com - Original Message - From: Ben Simon [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 6:36 AM Subject: Re: Tomcat locking up, not responding to requests ZK == Zsolt Koppany [EMAIL PROTECTED] writes: ZK Check release notes! Naturally, after spending days on the issue - I posted to this list. And within minutes, discovered the information you mention below. ZK export LD_ASSUME_KERNEL=2.2.5 ZK ... ZK Start tomcat Duh -- seems so obvious now. Thanks, Ben -- Ben Simon Amazing Media, Inc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Redirect problem
Sounds like an IE bug. I suspect IE is sending the wrong port information at some point in the redirect from http to https. To confirm this you'll need to look at the http headers going back and forth. One quick test would be to configure tomcat for the default ports (80 for http and 443 for https). If you use the default ports IE doesn't send any port info and hence doesn't send the wrong port info. Mark -Original Message- From: Richard HALLIER [mailto:[EMAIL PROTECTED] Sent: Sunday, November 21, 2004 3:30 PM To: Tomcat Users List Subject: SSL Redirect problem Hi, I'd like to submit a weird problem that occurs with the following configuration : - Server Tomcat 5.0.28 - https connector activated with client authentification - Browser IE v6 sp2 with client certificate installed - Browser FireFox 1.0final with client certificate installed Sequence under Firefox : - Connection to http://localhost:8080/mywebapp - SSL server part OK - SSL client authentification OK - Displayed url in the browser : https://localhost:8443/mywebapp - Webapp displayed Sequence under IE : - Connection to http://localhost:8080/mywebapp - SSL server part OK - SSL client authentification : timeout Sequence under IE : - Connection to https://localhost:8443/mywebapp - SSL server part OK - SSL client authentification OK - Webapp displayed I cant resolve my problem ! I'm lost, have you any pointers ? Any help appreciated ! Thank you. Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGI Again...Servlet.service() for servlet cgi threw exception
I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param param-namecgiPathPrefix/param-name param-value/WEB-INF/cgi-bin//param-value /init-param load-on-startup5/load-on-startup /servlet -- renamed servlets-cgi.jar The script is /usr/jakarta-tomcat/webapps/ROOT/WEB-INF/cgi-bin/index.pl (Everything is OK, Right?) when I try to access it I got the error: 2004-11-19 15:53:15 cgi: findCGI: path=/index.cgi, /usr/jakarta-tomcat-4.1.31/webapps/ROOT//WEB-INF/cgi-bin/ 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: FOUND cgi at /usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin/index.cgi 2004-11-19 15:53:15 StandardWrapperValve[cgi]: Servlet.service() for servlet cgi threw exception java.lang.StringIndexOutOfBoundsException: String index out of range: -2 at java.lang.String.substring(String.java:1444) at java.lang.String.substring(String.java:1411) at org.apache.catalina.servlets.CGIServlet$CGIEnvironment.findCGI (CGIServlet.ja va:935) Why the servlet makes exception What else I need to check? Thank you! /Sergeyk (Lab Documentation - \\Lizard\rad\DraftDocs\msv\ctn\1290 Lab network description) Phone: 604 918-6360 Cell: 604 351-8966 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CGIServlet and CGI.pm upload feature
Sorry it has taken so long for a response on this. It looks like you have been hit by bug 32023. This has now been fixed in CVS for TC 5.5.x, TC 5.0.x and TC4.1.x Mark -Original Message- From: Brian T. Dittmer [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 9:14 PM To: [EMAIL PROTECTED] Subject: CGIServlet and CGI.pm upload feature Hey guys...I'm having some serious trouble using the file upload feature in CGI.pm in conjunction with Tomcat 5.0.24. When I try and upload the file to my script for parsing the script hangs and prints nothing to the browser (in other words it's the script is erring out). Here's where the plot thickens...when I try and upload a file with six or seven lines of data it goes through fine. When I try and upload any file 5k or so the script hangs. The file is just a standard text file with fields delaminated by pipes ( | ). Below is the error in the log file: 2004-07-09 15:53:15 StandardContext[/management]cgi: runCGI (stderr):CGI.pm: Server closed socket during multipart read (client aborted?). 2004-07-09 15:53:15 StandardContext[/management]cgi: runCGI: 1 lines received on stderr I've tried modifying the clientInputTimeout parameter in web.xml but to no avail. It still errors out no matter high I set it. I've also tried changing the timeout times in server.xml. I'm not really sure what the deal is. Below is the exact form code I'm using to pass the form to the script: FORM ACTION=cgi-bin/data_import.cgi METHOD=post ENCTYPE=multipart/form-data file: INPUT TYPE=file NAME=leadfile P INPUT TYPE=submit NAME=Submit VALUE=Submit Form /FORM Below is the exact perl code I'm using to grab the data: $query = new CGI; $lead_file = $query-upload(leadfile); @lines = $lead_file; As you can see I'm not doing anything weird or different here...basically I'm just trying to get a text file to parse and insert into a database. The script works great being executed from a command line or if you send up a few lines of text, but dies otherwise. Any help on this would be greatly appreciated...I haven't been able to find any reference to this problem on the web. Thanks a lot! Brian Dittmer [EMAIL PROTECTED] http://www.tracerdigital.com (614) 795-0501 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet mapping problem.
Hi, I first posted this question with the wrong subject heading ... sorry about the duplicates. My question: Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern /servlet-mapping -- It's my first time using Tomcat, been a Resin user for years ... any ideas? Thanks, Stef - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 12:10 PM Subject: RE: CGI Again...Servlet.service() for servlet cgi threw exception I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param param-namecgiPathPrefix/param-name param-value/WEB-INF/cgi-bin//param-value /init-param load-on-startup5/load-on-startup /servlet -- renamed servlets-cgi.jar The script is /usr/jakarta-tomcat/webapps/ROOT/WEB-INF/cgi-bin/index.pl (Everything is OK, Right?) when I try to access it I got the error: 2004-11-19 15:53:15 cgi: findCGI: path=/index.cgi, /usr/jakarta-tomcat-4.1.31/webapps/ROOT//WEB-INF/cgi-bin/ 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: FOUND cgi at /usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin/index.cgi 2004-11-19 15:53:15 StandardWrapperValve[cgi]: Servlet.service() for servlet cgi threw exception java.lang.StringIndexOutOfBoundsException: String index out of range: -2 at java.lang.String.substring(String.java:1444) at java.lang.String.substring(String.java:1411) at org.apache.catalina.servlets.CGIServlet$CGIEnvironment.findCGI (CGIServlet.ja va:935) Why the servlet makes exception What else I need to check? Thank you! /Sergeyk (Lab Documentation - \\Lizard\rad\DraftDocs\msv\ctn\1290 Lab network description) Phone: 604 918-6360 Cell: 604 351-8966 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Prevent session creation by DefaultServlet
The DefaultServlet does not create sessions. Make sure you don't have a filter creating sessions. -Tim John Sidney-Woollett wrote: Is there any way on tomcat 5.0.x to prevent tomcat/defaultServlet creating a session when serving static image files (*.jpg, *.gif, *.png)? This is only an issue if the browser has cookies switched off (and some users do). I know you can prevent the creation of a session in a JSP with (%@ page session=false %), but is there a way of doing this for other resources (like images)? We log all new sessions in a database, but we're finding when a browser has cookies switched off the defaultservlet/tomcat is generating a new session to serve each graphic elements on the page and it's clogging up our session monitor/logger (which implements HttpSessionListener). Also it's hard to distinguish these sessions from real user sessions - although we can if we use a filter to check the request URL to see what resource was requested, and then ignore the image requests. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL and form-based login
The URL in the browser is the URL of the protected page I'm trying to access. So, for example if /test/test.jsp is protected by forms-login and I click a link to that page, /test/test.jsp will be the URL in the browser, but the login page will appear on the screen. I am sure I didn't already accept the certificate as after I hit the login page, instead of logging in, I type in the URL to the home page but use https and the certificate dialog box comes up. Then I press cancel, and repeat the process, and once again the certificate box comes up. --- [EMAIL PROTECTED] wrote: On Sat, Nov 20, 2004 at 04:59:31PM -0800, footh wrote: SSL seems to be working fine, however, I don't believe the login page is using SSL. The reason being is, when I try to hit any other page on the site with SSL, my browser invokes the certificate dialog box. However, when the form-based login forces the redirect to my custom login page, I don't get the certificate dialog box. Here's a snippet the relevant parts of web.xml (sorry if the formatting is bad): Does your browser url say https? If so, it should be in secure mode. Are you sure you didn't already accept the certificate during your browser session? Try sniffing your network traffic to make sure though. However, all these types of posts seem to be several years old. Is this still a bad idea...to switch from https to http? That depends on what you're trying to guarantee. If you're just trying to protect the password information that is entered during login, then switching back to http is ok. However, since the subsequent traffic is unencrypted an attacker could observe the sessionid that is used and hijack the session, often without any immediate indication of a problem from the user's point of view. If you're paranoid you'll want to do things like make sure a _new_ sessionid is created once you jump into https mode, and cause any non-https access using that new sessionid to instantly invalidate the session. (although as soon as there's any non-encrypted access with a given sessionid the attacker can theoretically race your session-killing request and create some havoc) For the slightly less paranoid, identifying the sensitive portions of your application and gating them with another https enabled password page might be reasonable. It all depends on how worried you are and how much effort you think someone will put into circumventing your security. eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet mapping problem.
Can you show us what you type in to your browser? --- Stefan [EMAIL PROTECTED] wrote: Hi, I first posted this question with the wrong subject heading ... sorry about the duplicates. My question: Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern /servlet-mapping -- It's my first time using Tomcat, been a Resin user for years ... any ideas? Thanks, Stef - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 12:10 PM Subject: RE: CGI Again...Servlet.service() for servlet cgi threw exception I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param param-namecgiPathPrefix/param-name param-value/WEB-INF/cgi-bin//param-value /init-param load-on-startup5/load-on-startup /servlet -- renamed servlets-cgi.jar The script is /usr/jakarta-tomcat/webapps/ROOT/WEB-INF/cgi-bin/index.pl (Everything is OK, Right?) when I try to access it I got the error: 2004-11-19 15:53:15 cgi: findCGI: path=/index.cgi, /usr/jakarta-tomcat-4.1.31/webapps/ROOT//WEB-INF/cgi-bin/ 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: FOUND cgi at /usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin/index.cgi 2004-11-19 15:53:15 StandardWrapperValve[cgi]: Servlet.service() for servlet cgi threw exception java.lang.StringIndexOutOfBoundsException: String index out of range: -2 at java.lang.String.substring(String.java:1444) at java.lang.String.substring(String.java:1411) at org.apache.catalina.servlets.CGIServlet$CGIEnvironment.findCGI (CGIServlet.ja va:935) Why the servlet makes exception What else I need to check? Thank you! /Sergeyk (Lab Documentation - \\Lizard\rad\DraftDocs\msv\ctn\1290 Lab network description) Phone: 604 918-6360 Cell: 604 351-8966 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: Servlet mapping problem.
Hi, I am actually using a form to post to the target servlet: form action=/context_name/loginResponse.do method=post name: input type=text name=adminPassword input type=submit /form The form itself is sitting in a page with this URL: http://127.0.0.1/myWebsite/logIn.jsp And the strange thing is that when I submit the form I am taken to this URL: http://127.0.0.1/login.jsp And I get this error: HTTP Status 404 - /login.jsp type Status report message /login.jsp description The requested resource (/login.jsp) is not available. Apache Tomcat/5.0.28 Any ideas? Is this a bug in Tomcat ? This works fine (naturally) in Resin. Stefan www.killersites.com - Original Message - From: sven morales [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 9:58 PM Subject: Re: Servlet mapping problem. Can you show us what you type in to your browser? --- Stefan [EMAIL PROTECTED] wrote: Hi, I first posted this question with the wrong subject heading ... sorry about the duplicates. My question: Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do -- -- type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. -- -- Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- -- -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern /servlet-mapping -- -- -- It's my first time using Tomcat, been a Resin user for years ... any ideas? Thanks, Stef - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 12:10 PM Subject: RE: CGI Again...Servlet.service() for servlet cgi threw exception I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param param-namecgiPathPrefix/param-name param-value/WEB-INF/cgi-bin//param-value /init-param load-on-startup5/load-on-startup /servlet -- renamed servlets-cgi.jar The script is /usr/jakarta-tomcat/webapps/ROOT/WEB-INF/cgi-bin/index.pl (Everything is OK, Right?) when I try to access it I got the error: 2004-11-19 15:53:15 cgi: findCGI: path=/index.cgi, /usr/jakarta-tomcat-4.1.31/webapps/ROOT//WEB-INF/cgi-bin/ 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: currentLoc=/usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin 2004-11-19 15:53:15 cgi: findCGI: FOUND cgi at /usr/jakarta-tomcat-4.1.31/webapps/ROOT/WEB-INF/cgi-bin/index.cgi 2004-11-19 15:53:15 StandardWrapperValve[cgi]: Servlet.service() for servlet cgi threw exception java.lang.StringIndexOutOfBoundsException: String index out of range: -2 at java.lang.String.substring(String.java:1444) at java.lang.String.substring(String.java:1411) at
Re: Servlet mapping problem.
Can you also post all your struts-config.xml action .. ? I was looking for something that may be forwarding it to login.jsp. This line you have in your form, form action=/context_name/loginResponse.do points to context_name/loginResponse.do so show this action line of your struts-config.xml --- Stefan [EMAIL PROTECTED] wrote: Hi, I am actually using a form to post to the target servlet: form action=/context_name/loginResponse.do method=post name: input type=text name=adminPassword input type=submit /form The form itself is sitting in a page with this URL: http://127.0.0.1/myWebsite/logIn.jsp And the strange thing is that when I submit the form I am taken to this URL: http://127.0.0.1/login.jsp And I get this error: HTTP Status 404 - /login.jsp type Status report message /login.jsp description The requested resource (/login.jsp) is not available. Apache Tomcat/5.0.28 Any ideas? Is this a bug in Tomcat ? This works fine (naturally) in Resin. Stefan www.killersites.com - Original Message - From: sven morales [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 9:58 PM Subject: Re: Servlet mapping problem. Can you show us what you type in to your browser? --- Stefan [EMAIL PROTECTED] wrote: Hi, I first posted this question with the wrong subject heading ... sorry about the duplicates. My question: Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do -- -- type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. -- -- Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- -- -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern /servlet-mapping -- -- -- It's my first time using Tomcat, been a Resin user for years ... any ideas? Thanks, Stef - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 12:10 PM Subject: RE: CGI Again...Servlet.service() for servlet cgi threw exception I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param === message truncated === __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet mapping problem.
Hi, I'm not using struts. Stefan www.killersites.com - Original Message - From: sven morales [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, November 22, 2004 12:25 AM Subject: Re: Servlet mapping problem. Can you also post all your struts-config.xml action .. ? I was looking for something that may be forwarding it to login.jsp. This line you have in your form, form action=/context_name/loginResponse.do points to context_name/loginResponse.do so show this action line of your struts-config.xml --- Stefan [EMAIL PROTECTED] wrote: Hi, I am actually using a form to post to the target servlet: form action=/context_name/loginResponse.do method=post name: input type=text name=adminPassword input type=submit /form The form itself is sitting in a page with this URL: http://127.0.0.1/myWebsite/logIn.jsp And the strange thing is that when I submit the form I am taken to this URL: http://127.0.0.1/login.jsp And I get this error: HTTP Status 404 - /login.jsp -- -- type Status report message /login.jsp description The requested resource (/login.jsp) is not available. -- -- Apache Tomcat/5.0.28 Any ideas? Is this a bug in Tomcat ? This works fine (naturally) in Resin. Stefan www.killersites.com - Original Message - From: sven morales [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 9:58 PM Subject: Re: Servlet mapping problem. Can you show us what you type in to your browser? --- Stefan [EMAIL PROTECTED] wrote: Hi, I first posted this question with the wrong subject heading ... sorry about the duplicates. My question: Using Tomcat 5.0.28 standalone on windows XP with JVM 1.4, I get this error even though I have mapped my servlet in the web.xml file of the web app: HTTP Status 404 - /loginResponse.do -- -- type Status report message /loginResponse.do description The requested resource (/loginResponse.do) is not available. -- -- Apache Tomcat/5.0.28 I've placed my webapp folder in Tomcats' webapps directory and all the jsp pages run fine as do my POJO's for business logic, any ideas why the servlet code could be causing problems? The servlet mappings: code: -- -- -- servlet servlet-nameloginResponse/servlet-name servlet-classcom._ABC.authenticateAdmin/servlet-class init-param param-nameadminPassword/param-name param-valuexxx/param-value /init-param /servlet servlet-mapping servlet-nameloginResponse/servlet-name url-pattern/loginResponse.do/url-pattern /servlet-mapping -- -- -- It's my first time using Tomcat, been a Resin user for years ... any ideas? Thanks, Stef - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Sunday, November 21, 2004 12:10 PM Subject: RE: CGI Again...Servlet.service() for servlet cgi threw exception I'll look into this but I need a bit more info: 1. What servlet mapping did you specify in web.xml? 2. What URL are you requesting? Mark -Original Message- From: Sergey Kamshilin [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 12:00 AM To: [EMAIL PROTECTED] Subject: CGI Again...Servlet.service() for servlet cgi threw exception Sorry guys, I gave up digging into it and haven't seen such problems in archives... Tomcat 4.1.31 on Solaris. I enabled cgi scripting: changes in web.xml: -- servlet servlet-namecgi/servlet-name servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class init-param param-namedebug/param-name param-value6/param-value /init-param init-param === message truncated === __ Do you Yahoo!? The all-new My Yahoo! - Get yours free! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL
Tomcat 5.5.4 - classes in classpath not being released
Greetings. Having the following problem using Tomcat 5.5.4 under JDK 1.5: After running my webapp for a bit in a development environment, I want to copy new and replacement classes to the webapp classes location, but sometimes (about 50/50) I cannot overrite/delete some of the classes - as the VM has not let them go (file handles I assume)? I have to shut the JVM (Tomcat) down before I can deploy my new classes Is this something in the new JDK/JRE (5.0)? Or is this something in the Tomcat 5.5.4 classloaders? I cannot recall (and have not been able to replicate) the problem on 5.0.x under JDK 1.4.x. Any input would be appreciated. Thanks! Carl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Problem with ssl
Hi. Thanks. Just cannot seem to see that attribute in the docs? Maybe I am just blind! :) Carl -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 9:42 PM To: [EMAIL PROTECTED] Subject: Re: Problem with ssl Carl Olivier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings. Where is this specified? In which element? The Connector (where all of the other SSL attributes are :). Thanks! Carl -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 4:42 AM To: [EMAIL PROTECTED] Subject: Re: Problem with ssl [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using ssl with tomcat 5.0.28 I use a keystore that contains several certificates How can I tell tomcat which one to use for SSL transaction ? Is there a parameter like alias ? The correct attribute is 'keyAlias' to specify which cert Tomcat should use. Valerie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat error (tomcat 5.5.4)
Hi, I'm getting the following error when trying to run Embedded tomcat v5.5.4 (I have modified Embedded.java to print out the error) java.lang.NullPointerException at org.apache.tomcat.util.IntrospectionUtils.setProperty(IntrospectionUt ils.java:267) at org.apache.catalina.startup.Embedded.createConnector(Embedded.java:41 6) at org.apache.catalina.startup.Embedded.createConnector(Embedded.java:35 7) When I furthur trace Embedded.java, I found that the error is cause by the following if else statement where it do not consider the case for protocol.equals(http), causing connector remain as null public Connector createConnector(String address, int port, String protocol) { ... if (protocol.equals(ajp)) { connector = new Connector(org.apache.jk.server.JkCoyoteHandler); } else if (protocol.equals(memory)) { connector = new Connector(org.apache.coyote.memory.MemoryProtocolHandler); } else if (protocol.equals(https)) { connector = new Connector(); connector.setScheme(https); connector.setSecure(true); // FIXME SET SSL PROPERTIES } ... } As a workaround, I have added the following and it works properly: else if (protocol.equals(http)) { connector = new Connector(); connector.setScheme(http); connector.setSecure(false); } Hope to get advice from all tomcat user regarding the issue and the resolution. Thank you -- Regards, Peik Feng - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to set Error Log for Web Application in TOmcat 5.5
hi, Here is a sample of my tomcat server.xml file. Hope it will be help ful to you Host name=example.com debug=0 appBase=example.com unpackWARs=true autoDeploy=true Valve className=org.apache.catalina.valves.AccessLogValve directory=logs/www.example.com/access prefix=example_com. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=logs/example.com/fileLogger prefix=example_com. suffix=.txt timestamp=true/ !-- Tomcat Root Context -- Context path= docBase=ROOT debug=0 reloadable=true Resources className=org.apache.naming.resources.FileDirContext allowLinking=true docBase= / /Context /Host inr wrote: Hai all, How to set the Error Log file for Our Own Web Application in Tomcat 5.5 Thanks inr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]