RE : Security Newbie - Need Help
Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tale of two servers
Hi, I'm running TC5.5 on two different servers in the same office. Both run XP Pro SP2. Both servers are programmatically queried by users and are bombarded with thousands of requests. One of the servers responds much more quickly than the other. In fact, one of them causes timeouts. The offender is a super duper new dell desktop with 4gb of ram, etc. It's running java 1.5 and is committed to nothing by tomcat. The winner is a rinky-dink 2 year old laptop with little ram, and lots of spyware sucking out cpu. So this is obviously counterintuitive and I'm wondering if anyone could suggest where to begin looking for problems! Many thank in advance, Dola __ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running heavily loaded tomcat sites.
For me it refuses to open under IE6 but FF works perfectly fine - no passwords required. closing the title-tag in html-source make it readable on ie6 too ... lg t - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WELCOME to tomcat-user@jakarta.apache.org
Complete guess here, but you might want to check permission settings for the Tomcat home (installation) directory - and also see that you've got a Tomcat user account set up, etc. I have a no-login 'tomcat' user, and permissions for the Tomcat home directory (and all its contents) is assigned to that user. if I manually run script with start argument... What happens when you call the 'tomcatd' script (from the console) without any arguments? (Surely that's what happens when the system calls 'tomcatd'?) Harry Mantheakis Fedora Core 3 using Gnome Installed Tomcat 5.5.4, created tomcatd script to start tomcat in /etc/rc.d/init.d, chmod +755 tomcatd chkconfig --add tomcatd 5 on On startup it says it's starting tomcatd, yet tomcat is not run. if I manually run script with start argument it starts fine. I've tried searching google, and everyone says put the script in init.d and chmod it, which I've already done. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: stop context properly
No response, so nobody knows how to ?... Perhaps this feature doesn't exist in TC4.1?... Is this feature (stop context without interrupt running threads) available in TC5.0 or TC5.5 ? On Wed, 9 Feb 2005 19:36:50 +0100 Lionel Farbos [EMAIL PROTECTED] wrote: Hi all, I work with Tomcat 4.1.31, with the Manager, and I search how to stop a context without interrupting its running threads ? When I test a stop on my Context (/testServlet), I see a log like this : 2005-02-08 17:37:16 HTMLManager: stop: Stopping web application at '/testServlet' 2005-02-08 17:37:16 StandardHost[localhost]: standardHost.stop /testServlet 2005-02-08 17:37:16 StandardWrapper[/testServlet:Fille4Servlet]: Waiting for 1 instance(s) to be deallocated 2005-02-08 17:37:17 Fille4Servlet: destroy deFille4Servlet==0 And all the servlets in my Context are deleted. So, - If my servlet had already send datas on the response outputstream, I have a 200 HTTP response with a truncated response, - If my servlet had not send datas before, I can have a 500 HTTP response with NullPointerException, XML11Configuration not found, ... - If I try something like that : public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { PrintWriter out = res.getWriter(); try { ... } catch (Exception e) { out.println( exception +e+ in this servlet, so bad result!!! ); } } I have an Exception on the out.println line :-( So, - is there a configuration parameter, in Tomcat, that let the running threads of a Context to finish before stopping them ? - if not, how to return a correctly response to the HTTP request client ? Thanks in advance for your ideas. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running heavily loaded tomcat sites.
The 'LD_ASSUME_KERNEL' setting was needed with Red Hat 9. I'm on FC3 now and it seems to be working fine *without* having to specify LD_ASSUME_KERNEL. Actually, I could swear (though I have no metrics) that FC3 is running my Java stuff much faster than RH9 did with a forced LD_ASSUME_KERNEL setting. Your suggestion to avoid using the Java 'new' keyword is interesting, and I believe I know what you're getting at - but I think you should expand on it, perhaps with some specific pointers. It seems to leave too much to the imagination at the moment :-) As an example, in my application all the 'action objects' that handle requests are singletons - instantiated at start-up, and handed out as needed at runtime. But you have to be careful with that approach - instance variables are a complete no-no. HTH Harry Mantheakis Hello, I have collected my experiences with running a heavily loaded (and soon to be high availability) tomcat setup in a paper available here: http://brandlay.com/wojtek/publ/tomcat.jsp Have a look if you're interested and please email any comments directly to my email. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security Newbie - Need Help
Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache/Win32 + mod_jk problem
I cannot run apache with mod_jk on Windows XP Pro + SP1. I have had no troubles doing the same thing with multiple versions of Apache mod_jk on multiple versions of Solaris, Linux and FreeBSD. This is, however, my first attempt at mixing Windows with real software :-S I'm running the following versions: Apache 1.3.33 ${APACHE_MIRROR}/httpd/binaries/win32/ apache_1.3.33-win32-x86-no_src.exe mod_jk 1.2.8 ${APACHE_MIRROR}/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk-1.2.8-apache-1.3.33-eapi.so MD5SUMs: afb8924ec7b368e132fbed5f28ad6f3bapache_1.3.33-win32-x86-no_src.exe ea33398544fe6ecdccecf81307c86211mod_jk-1.2.8-apache-1.3.33-eapi.so The Apache one agrees with that listed on the website, but I can't find an md5sum listed for mod_jk... - C:\apacheapache Syntax error on line 194 of c:/apache/conf/httpd.conf: Cannot load c:/apache/modules/mod_jk.so into server: (127) The specified procedure could not be found: Note the errors or messages above, and press the ESC key to exit. 29... C:\apachegrep -ni jk conf\httpd.conf 194:LoadModule jk_module modules/mod_jk.so 242:AddModule mod_jk.c - The mod_jk file has been renamed mod_jk.so and placed in the c:/apache/modules directory. I have tried with it renamed as .dll and it makes no difference. I've also tried introducing intentional typos in the LoadModule command (eg LoadModule jk_module modules/mod_foojk.so), and found that this changed the error message to something like module not found, so it's definitely finding the module. I'm somewhat stuck here. The only documentation that mentions this error is for mod_ssl, and it suggests that I have an error in the AddModule line... Which I don't think I do... Could someone advise? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237
Memory Usage from Mbean
Hi. I'm trying to build a Servlet to retrieve some memory information about tomcat. I'm using Tomcat 5.5.7. Which bean contains the jvm memory data? Thanx ___ Roberto Cosenza http://robcos.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Trouble getting CGI script to execute
Thanks David. Question 1: Yes. I've made this mistake enogh times in the past that I'm pretty good about it now. Plus I have made other changes that required (and received) a Tomcat reboot after doing that name change. Question 2: That's a good thought... I've gone through the mappings and cannot find anything that would interfere with my cgi script Good thinking. Any other ideas? Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wed 2/9/2005 6:02 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute I know I'm coming into this very late. I was hoping Mark was going to nail this on the head for you -- especially since I don't actually use the cgi-servlets piece in my stuff. But I also hate to see a problem like this get stalled. Question 1: This is a basic one, but I've had my share of Homer Simpson moments. Did you restart the server after renaming $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA/server/lib/servlets-cgi.jar and uncommenting the relevant parts of $CATALINA_HOME/conf/web.xml? Question 2: What do you have in your web.xml file for servlet mappings? It seems to me some kind of mapping is overriding the mappings in $CATALINA_HOME/conf/web.xml and simply offering the file from WEB-INF/cgi-bin/ rather than executing it. --David Brelsfoard, Alex wrote: Thanks I really appreciate your help. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:42 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute Brelsfoard, Alex wrote: Luckily this server is dedicated to this one application. And I have everything backed up. Though security is ALWAYS an issue, it's at least less of an issue on this server. If today's attempts do not get this woprking, I am most likely just going to turn off Tomcat's CGI abilities and then install Apache and just limit the heck out of it. Here is the CGI bits from the web.xml config file: snip This looks fine. I am afraid I have run out of ideas. If this was my system I would run up tomcat under a debugger and start stepping through code. It must be a configuration problem but I just can't figure out what. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Trouble getting CGI script to execute
No worries. I really appreciate any help I can get. I'm familiar with Apache, but I've just been tossed Tomcat and already have projects that need to be finished in a timely manner. Such is the life of our line of work... Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: Warron French [mailto:[EMAIL PROTECTED] Sent: Wed 2/9/2005 6:24 PM To: Tomcat Users List Subject: RE: Trouble getting CGI script to execute Sorry, hopefully I haven't misguided you. I don't know tomcat at all. I don't really know Jboss either, but eventually I will be learning it too. Warron French Sr. Network Engineer Xtria, LLC -Original Message- From: Brelsfoard, Alex [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 08, 2005 4:00 PM To: Tomcat Users List Subject: RE: Trouble getting CGI script to execute OK, now we're getting somewhere. There was no entry for mime-type for file extension cgi. I added: mime-mapping extensioncgi/extension mime-typeapplication/x-httpd-cgi/mime-type /mime-mapping Which was not there before. Do I have the correct mime-type info there? When I go to my script (via the web) now it asks me to download the file. This mean something to someone? Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] -Original Message- From: Warron French [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 08, 2005 3:42 PM To: Tomcat Users List Subject: RE: Trouble getting CGI script to execute I use apache to enable cgi scripts, and I had the same problem as you. So, since I don't know Tomcat so well, I can offer you this. Check in your config file to make sure that you have the line(s): AddType application/x-httpd-cgi .cgi .sh .pl AddHandler cgi-script .cgi .sh .pl (I am not actually using this line but maybe you need to) Also, in my httpd.conf file I am using some directives and options such as: Directory /home/nrccwdt/public_html/ Options +Includes +ExecCGI XbitHack On /Directory I am sure you know how the Directory directive works, but make sure that you do have the Options +ExecCGI, and XbitHack On lines also. Good luck, Warron French Sr. Network Engineer Xtria, LLC -Original Message- From: Brelsfoard, Alex [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 08, 2005 3:28 PM To: tomcat-user@jakarta.apache.org Subject: Trouble getting CGI script to execute I have been reading all the online documentation I can dig up and cannot find the solution to my problem. Quite simply, all I want to do is be able to run perl cgi script through my Tomcat server. I uncommented everything having to do with CGI in the Tomcat web.xml conf file, restarted the server and placed my scriptmin the right place. All that happens now is the script is printed up to the screenjust like a txt file. It is executable. I checked the logs and the log says that a 304 code is sent to the browser. ANY help would be much appreciated. Thanks very much. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TC 5.5.4 wiil not start from script
root or primary user login default ports Parsons Technical Services wrote: Who are you running as when you manually start it? Are you on the default ports or did you change them? When you mail the list always start with a new message unless replying to a post on the list. Doug - Original Message - From: Charles Patterson [EMAIL PROTECTED] Fedora Core 3 using Gnome Installed Tomcat 5.5.4, created tomcatd script to start tomcat in /etc/rc.d/init.d, chmod +755 tomcatd chkconfig --add tomcatd 5 on On startup it says it's starting tomcatd, yet tomcat is not run. if I manually run script with start argument it starts fine. I've tried searching google, and everyone says put the script in init.d and chmod it, which I've already done. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : Security Newbie - Need Help
It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trouble getting CGI script to execute
Ok. I may try to go through and try this setup myself to see what happens, but that won't happen until tonight. My boss seems to expect me to do some work for the department -- go figure. In the meantime, you may want to try removing the existing servlet mappings from your web application's web.xml file, reload the context and try the cgi script. If that works, we've found our gremlin. According to the servlet spec, nothing in the WEB-INF directory can be directly accessed by the client. That's what leads met to believe a servlet somewhere is handling the request and passing back the raw file. Does the app hide anything else in the WEB-INF folder (images, css, pages, etc., ...) and send it to the client on request? --David Brelsfoard, Alex wrote: Thanks David. Question 1: Yes. I've made this mistake enogh times in the past that I'm pretty good about it now. Plus I have made other changes that required (and received) a Tomcat reboot after doing that name change. Question 2: That's a good thought... I've gone through the mappings and cannot find anything that would interfere with my cgi script Good thinking. Any other ideas? Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wed 2/9/2005 6:02 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute I know I'm coming into this very late. I was hoping Mark was going to nail this on the head for you -- especially since I don't actually use the cgi-servlets piece in my stuff. But I also hate to see a problem like this get stalled. Question 1: This is a basic one, but I've had my share of Homer Simpson moments. Did you restart the server after renaming $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA/server/lib/servlets-cgi.jar and uncommenting the relevant parts of $CATALINA_HOME/conf/web.xml? Question 2: What do you have in your web.xml file for servlet mappings? It seems to me some kind of mapping is overriding the mappings in $CATALINA_HOME/conf/web.xml and simply offering the file from WEB-INF/cgi-bin/ rather than executing it. --David Brelsfoard, Alex wrote: Thanks I really appreciate your help. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:42 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute Brelsfoard, Alex wrote: Luckily this server is dedicated to this one application. And I have everything backed up. Though security is ALWAYS an issue, it's at least less of an issue on this server. If today's attempts do not get this woprking, I am most likely just going to turn off Tomcat's CGI abilities and then install Apache and just limit the heck out of it. Here is the CGI bits from the web.xml config file: snip This looks fine. I am afraid I have run out of ideas. If this was my system I would run up tomcat under a debugger and start stepping through code. It must be a configuration problem but I just can't figure out what. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Win32 + mod_jk problem
Hi, Try using the version of mod_jk.dll which you can find here: http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/jk-1.2.6/ Called: mod_jk_1.2.6_1.3.31.dll Don't forget to change the line which refers to it in httpd.conf. Also don't forget to rename it to mod_jk.dll. I think the .so version is only for Apache with SSL built in. Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 12:31 PM Subject: Apache/Win32 + mod_jk problem I cannot run apache with mod_jk on Windows XP Pro + SP1. I have had no troubles doing the same thing with multiple versions of Apache mod_jk on multiple versions of Solaris, Linux and FreeBSD. This is, however, my first attempt at mixing Windows with real software :-S I'm running the following versions: Apache 1.3.33 ${APACHE_MIRROR}/httpd/binaries/win32/ apache_1.3.33-win32-x86-no_src.exe mod_jk 1.2.8 ${APACHE_MIRROR}/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk-1.2.8-apache-1.3.33-eapi.so MD5SUMs: afb8924ec7b368e132fbed5f28ad6f3bapache_1.3.33-win32-x86-no_src.exe ea33398544fe6ecdccecf81307c86211mod_jk-1.2.8-apache-1.3.33-eapi.so The Apache one agrees with that listed on the website, but I can't find an md5sum listed for mod_jk... - C:\apacheapache Syntax error on line 194 of c:/apache/conf/httpd.conf: Cannot load c:/apache/modules/mod_jk.so into server: (127) The specified procedure could not be found: Note the errors or messages above, and press the ESC key to exit. 29... C:\apachegrep -ni jk conf\httpd.conf 194:LoadModule jk_module modules/mod_jk.so 242:AddModule mod_jk.c - The mod_jk file has been renamed mod_jk.so and placed in the c:/apache/modules directory. I have tried with it renamed as .dll and it makes no difference. I've also tried introducing intentional typos in the LoadModule command (eg LoadModule jk_module modules/mod_foojk.so), and found that this changed the error message to something like module not found, so it's definitely finding the module. I'm somewhat stuck here. The only documentation that mentions this error is for mod_ssl, and it suggests that I have an error in the AddModule line... Which I don't think I do... Could someone advise? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Trouble getting CGI script to execute
Yeah, it's good thinking. But these are my only mappings: servlet-mapping servlet-namedefault/servlet-name url-pattern//url-pattern /servlet-mapping !-- The mapping for the JSP servlet -- servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsp/url-pattern /servlet-mapping !-- The mapping for the CGI Gateway servlet -- servlet-mapping servlet-namecgi/servlet-name url-pattern*.cgi/url-pattern /servlet-mapping Doesn't look like any overwriting here --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Thu 2/10/2005 9:27 AM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute Ok. I may try to go through and try this setup myself to see what happens, but that won't happen until tonight. My boss seems to expect me to do some work for the department -- go figure. In the meantime, you may want to try removing the existing servlet mappings from your web application's web.xml file, reload the context and try the cgi script. If that works, we've found our gremlin. According to the servlet spec, nothing in the WEB-INF directory can be directly accessed by the client. That's what leads met to believe a servlet somewhere is handling the request and passing back the raw file. Does the app hide anything else in the WEB-INF folder (images, css, pages, etc., ...) and send it to the client on request? --David Brelsfoard, Alex wrote: Thanks David. Question 1: Yes. I've made this mistake enogh times in the past that I'm pretty good about it now. Plus I have made other changes that required (and received) a Tomcat reboot after doing that name change. Question 2: That's a good thought... I've gone through the mappings and cannot find anything that would interfere with my cgi script Good thinking. Any other ideas? Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wed 2/9/2005 6:02 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute I know I'm coming into this very late. I was hoping Mark was going to nail this on the head for you -- especially since I don't actually use the cgi-servlets piece in my stuff. But I also hate to see a problem like this get stalled. Question 1: This is a basic one, but I've had my share of Homer Simpson moments. Did you restart the server after renaming $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA/server/lib/servlets-cgi.jar and uncommenting the relevant parts of $CATALINA_HOME/conf/web.xml? Question 2: What do you have in your web.xml file for servlet mappings? It seems to me some kind of mapping is overriding the mappings in $CATALINA_HOME/conf/web.xml and simply offering the file from WEB-INF/cgi-bin/ rather than executing it. --David Brelsfoard, Alex wrote: Thanks I really appreciate your help. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 09, 2005 4:42 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute Brelsfoard, Alex wrote: Luckily this server is dedicated to this one application. And I have everything backed up. Though security is ALWAYS an issue, it's at least less of an issue on this server. If today's attempts do not get this woprking, I am most likely just going to turn off Tomcat's CGI abilities and then install Apache and just limit the heck out of it. Here is the CGI bits from the web.xml config file: snip This looks fine. I am afraid I have run out of ideas. If this was my system I would run up tomcat under a debugger and start stepping through code. It must be a configuration problem but I just can't figure out what. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe,
Re: Apache/Win32 + mod_jk problem
Thanks Andoni, that appeared to work. However, I don't really understand why. I had actually thought that this might be related to EAPI, which I understand is the primary difference (apart from mod_ssl itself) between Apache without SSL and Apache with SSL. However, I couldn't find any mention of this in the JK docs, nor in the Apache or Tomcat docs, and given that there was no option to download an EAPI/SSL Apache 1.3.33, and no option to download a non-EAPI/SSL mod_jk 1.2.8, I presumed that they were compatible. Certainly more likely than this one, which is allegedly for Apache 1.3.31, and is an old version of mod_jk anyway. Does this mean that there is no binary Win32 Apache 1.3.33 and mod_jk 1.2.8 that can be downloaded that work with each other? This seems a little odd to me... Surely I'm missing something? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 Andoni [EMAIL PROTECTED] 02/10/2005 02:46 PM Please respond to Tomcat Users List To: Tomcat Users List tomcat-user@jakarta.apache.org cc: Subject:Re: Apache/Win32 + mod_jk problem Hi, Try using the version of mod_jk.dll which you can find here: http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/jk-1.2.6/ Called: mod_jk_1.2.6_1.3.31.dll Don't forget to change the line which refers to it in httpd.conf. Also don't forget to rename it to mod_jk.dll. I think the .so version is only for Apache with SSL built in. Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 12:31 PM Subject: Apache/Win32 + mod_jk problem I cannot run apache with mod_jk on Windows XP Pro + SP1. I have had no troubles doing the same thing with multiple versions of Apache mod_jk on multiple versions of Solaris, Linux and FreeBSD. This is, however, my first attempt at mixing Windows with real software :-S I'm running the following versions: Apache 1.3.33 ${APACHE_MIRROR}/httpd/binaries/win32/ apache_1.3.33-win32-x86-no_src.exe mod_jk 1.2.8 ${APACHE_MIRROR}/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk-1.2.8-apache-1.3.33-eapi.so MD5SUMs: afb8924ec7b368e132fbed5f28ad6f3b apache_1.3.33-win32-x86-no_src.exe ea33398544fe6ecdccecf81307c86211 mod_jk-1.2.8-apache-1.3.33-eapi.so The Apache one agrees with that listed on the website, but I can't find an md5sum listed for mod_jk... - C:\apacheapache Syntax error on line 194 of c:/apache/conf/httpd.conf: Cannot load c:/apache/modules/mod_jk.so into server: (127) The specified procedure could not be found: Note the errors or messages above, and press the ESC key to exit. 29... C:\apachegrep -ni jk conf\httpd.conf 194:LoadModule jk_module modules/mod_jk.so 242:AddModule mod_jk.c - The mod_jk file has been renamed mod_jk.so and placed in the c:/apache/modules directory. I have tried with it renamed as .dll and it makes no difference. I've also tried introducing intentional typos in the LoadModule command (eg LoadModule jk_module modules/mod_foojk.so), and found that this changed the error message to something like module not found, so it's definitely finding the module. I'm somewhat stuck here. The only documentation that mentions this error is for mod_ssl, and it suggests that I have an error in the AddModule line... Which I don't think I do... Could someone advise? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Win32 + mod_jk problem
Hi Richard, If you have been reading this list for any period of time you may have noticed that JK is more to do with Zen and Voodoo than real computer science! It causes so many people heartache that it is unbelievable. The only reason I knew the answer to your problem is because I have recently had the same problem myself. While researching I was happy to hear that JK2 is being put out to pasture because of a lack of interest. At least this makes one less decision for the likes of you and I to make when choosing a binary to download. Basically my advice would be either: Take it up as a hobby, sort it out, decompile it, write to the developers, re-write the documentation, champion the cause and sort the whole thing out for everyone for once and for all... or: Thank the Zen gods for getting it working for you and move rapidly along to your next job! ;-) Can you guess which one I'd pick? Later, Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 3:01 PM Subject: Re: Apache/Win32 + mod_jk problem Thanks Andoni, that appeared to work. However, I don't really understand why. I had actually thought that this might be related to EAPI, which I understand is the primary difference (apart from mod_ssl itself) between Apache without SSL and Apache with SSL. However, I couldn't find any mention of this in the JK docs, nor in the Apache or Tomcat docs, and given that there was no option to download an EAPI/SSL Apache 1.3.33, and no option to download a non-EAPI/SSL mod_jk 1.2.8, I presumed that they were compatible. Certainly more likely than this one, which is allegedly for Apache 1.3.31, and is an old version of mod_jk anyway. Does this mean that there is no binary Win32 Apache 1.3.33 and mod_jk 1.2.8 that can be downloaded that work with each other? This seems a little odd to me... Surely I'm missing something? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 Andoni [EMAIL PROTECTED] 02/10/2005 02:46 PM Please respond to Tomcat Users List To: Tomcat Users List tomcat-user@jakarta.apache.org cc: Subject:Re: Apache/Win32 + mod_jk problem Hi, Try using the version of mod_jk.dll which you can find here: http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/jk-1.2.6/ Called: mod_jk_1.2.6_1.3.31.dll Don't forget to change the line which refers to it in httpd.conf. Also don't forget to rename it to mod_jk.dll. I think the .so version is only for Apache with SSL built in. Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 12:31 PM Subject: Apache/Win32 + mod_jk problem I cannot run apache with mod_jk on Windows XP Pro + SP1. I have had no troubles doing the same thing with multiple versions of Apache mod_jk on multiple versions of Solaris, Linux and FreeBSD. This is, however, my first attempt at mixing Windows with real software :-S I'm running the following versions: Apache 1.3.33 ${APACHE_MIRROR}/httpd/binaries/win32/ apache_1.3.33-win32-x86-no_src.exe mod_jk 1.2.8 ${APACHE_MIRROR}/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk-1.2.8-apache-1.3.33-eapi.so MD5SUMs: afb8924ec7b368e132fbed5f28ad6f3b apache_1.3.33-win32-x86-no_src.exe ea33398544fe6ecdccecf81307c86211 mod_jk-1.2.8-apache-1.3.33-eapi.so The Apache one agrees with that listed on the website, but I can't find an md5sum listed for mod_jk... - C:\apacheapache Syntax error on line 194 of c:/apache/conf/httpd.conf: Cannot load c:/apache/modules/mod_jk.so into server: (127) The specified procedure could not be found: Note the errors or messages above, and press the ESC key to exit. 29... C:\apachegrep -ni jk conf\httpd.conf 194:LoadModule jk_module modules/mod_jk.so 242:AddModule mod_jk.c - The mod_jk file has been renamed mod_jk.so and placed in the c:/apache/modules directory. I have tried with it renamed as .dll and it makes no difference. I've also tried introducing intentional typos in the LoadModule command (eg LoadModule jk_module modules/mod_foojk.so), and found that this changed the error message to something like module not found, so it's definitely finding the module. I'm somewhat stuck here. The only documentation that mentions this error is for mod_ssl, and it suggests that I have an error in the AddModule line... Which I don't think I do... Could someone advise? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 - To unsubscribe, e-mail: [EMAIL PROTECTED]
Problem: mozilla, https
Dear all, I'm having a strange problem with mozilla firefox. Sometimes it cannot understand the way tomcat sends https certificate and in consequence it fails to over HTTPS. The answer (some) users get is: Couldn't establish an eencrypted connection because certificate presented by lxb0752.cern.ch is invalid or corrupted. error code -8182. Have you got an idea why? I'm using tomcat 5.0.28 and a self-signed certificate. Thanks in advance, Michal. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Win32 + mod_jk problem
Nope, new to the list -- never had any problems to speak of on *nix :-S I think I'll go for option B. Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 Andoni [EMAIL PROTECTED] 02/10/2005 03:30 PM Please respond to Tomcat Users List To: Tomcat Users List tomcat-user@jakarta.apache.org cc: Subject:Re: Apache/Win32 + mod_jk problem Hi Richard, If you have been reading this list for any period of time you may have noticed that JK is more to do with Zen and Voodoo than real computer science! It causes so many people heartache that it is unbelievable. The only reason I knew the answer to your problem is because I have recently had the same problem myself. While researching I was happy to hear that JK2 is being put out to pasture because of a lack of interest. At least this makes one less decision for the likes of you and I to make when choosing a binary to download. Basically my advice would be either: Take it up as a hobby, sort it out, decompile it, write to the developers, re-write the documentation, champion the cause and sort the whole thing out for everyone for once and for all... or: Thank the Zen gods for getting it working for you and move rapidly along to your next job! ;-) Can you guess which one I'd pick? Later, Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 3:01 PM Subject: Re: Apache/Win32 + mod_jk problem Thanks Andoni, that appeared to work. However, I don't really understand why. I had actually thought that this might be related to EAPI, which I understand is the primary difference (apart from mod_ssl itself) between Apache without SSL and Apache with SSL. However, I couldn't find any mention of this in the JK docs, nor in the Apache or Tomcat docs, and given that there was no option to download an EAPI/SSL Apache 1.3.33, and no option to download a non-EAPI/SSL mod_jk 1.2.8, I presumed that they were compatible. Certainly more likely than this one, which is allegedly for Apache 1.3.31, and is an old version of mod_jk anyway. Does this mean that there is no binary Win32 Apache 1.3.33 and mod_jk 1.2.8 that can be downloaded that work with each other? This seems a little odd to me... Surely I'm missing something? Cheers Richard Russell Deutsche Bank AG London Global Markets Customer Solutions Office: +44 20 7545 8060 Mobile: +44 79 0661 2237 Andoni [EMAIL PROTECTED] 02/10/2005 02:46 PM Please respond to Tomcat Users List To: Tomcat Users List tomcat-user@jakarta.apache.org cc: Subject:Re: Apache/Win32 + mod_jk problem Hi, Try using the version of mod_jk.dll which you can find here: http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binaries/win32/jk-1.2.6/ Called: mod_jk_1.2.6_1.3.31.dll Don't forget to change the line which refers to it in httpd.conf. Also don't forget to rename it to mod_jk.dll. I think the .so version is only for Apache with SSL built in. Andoni. - Original Message - From: Richard Russell [EMAIL PROTECTED] Newsgroups: gmane.comp.jakarta.tomcat.user Sent: Thursday, February 10, 2005 12:31 PM Subject: Apache/Win32 + mod_jk problem I cannot run apache with mod_jk on Windows XP Pro + SP1. I have had no troubles doing the same thing with multiple versions of Apache mod_jk on multiple versions of Solaris, Linux and FreeBSD. This is, however, my first attempt at mixing Windows with real software :-S I'm running the following versions: Apache 1.3.33 ${APACHE_MIRROR}/httpd/binaries/win32/ apache_1.3.33-win32-x86-no_src.exe mod_jk 1.2.8 ${APACHE_MIRROR}/jakarta/tomcat-connectors/jk/binaries/win32/ mod_jk-1.2.8-apache-1.3.33-eapi.so MD5SUMs: afb8924ec7b368e132fbed5f28ad6f3b apache_1.3.33-win32-x86-no_src.exe ea33398544fe6ecdccecf81307c86211 mod_jk-1.2.8-apache-1.3.33-eapi.so The Apache one agrees with that listed on the website, but I can't find an md5sum listed for mod_jk... - C:\apacheapache Syntax error on line 194 of c:/apache/conf/httpd.conf: Cannot load c:/apache/modules/mod_jk.so into server: (127) The specified procedure could not be found: Note the errors or messages above, and press the ESC key to exit. 29... C:\apachegrep -ni jk conf\httpd.conf 194:LoadModule jk_module modules/mod_jk.so 242:AddModule mod_jk.c - The mod_jk file has been renamed mod_jk.so and placed in the c:/apache/modules directory. I have tried with it renamed as .dll and it makes no difference. I've also tried introducing intentional typos in the LoadModule command (eg LoadModule jk_module modules/mod_foojk.so), and found that this changed the error message to something like module not found, so it's definitely finding the module.
Re: Problem: mozilla, https
On Thu, 10 Feb 2005 16:32:36 +0100, Michal Kwiatek [EMAIL PROTECTED] wrote: Dear all, I'm having a strange problem with mozilla firefox. Sometimes it cannot understand the way tomcat sends https certificate and in consequence it fails to over HTTPS. The answer (some) users get is: Couldn't establish an eencrypted connection because certificate presented by lxb0752.cern.ch is invalid or corrupted. error code -8182. Looks like there are a few different reasons for that error, one is the client side certificate db could be screwed: http://banquo.inf.ethz.ch:8080/Mozilla_Error_-8182.html Or you might have something weird going on with your self signed certificate, like is it missing a Subject/CN = your domain name entry? Are you trying to do anything like also create your own CA with another certificate? Regards, -- Jason Bainbridge KDE - Conquer Your Desktop - http://kde.org KDE Web Team - [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : Security Newbie - Need Help
Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL
problem with JspCompilationContext
Hi I get this error when i start the tomcat server . pls help me to solve this.. Thanks very much HTTP Status 500 - - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause java.lang.NullPointerException org.apache.jasper.JspCompilationContext.createCompiler(JspCompilationContext.java:220) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:552) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:296) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.4 logs. - Apache Tomcat/5.5.4 __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Server.xml help
Does anyone see anything wrong with this server.xml? I am still trying to pin down my database connectivity issues and would like some validation that I have Tomcat setup appropriately. Server port=8005 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ !-- Global JNDI resources -- GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- Define the Tomcat Stand-Alone Service -- Service name=Catalina Connector port=8080 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=true redirectPort=8443 debug=0 protocol=AJP/1.3 / Engine name=Catalina defaultHost=www.site1.com debug=0 Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ Host name=www.site1.com debug=0 appBase=c:/sites/site1 unpackWARs=true autoDeploy=true Aliassite1.com/Alias Context path= docBase= debug=0 reloadable=false/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=home_access_log. suffix=.txt pattern=common resolveHosts=false/ /Host /Engine /Service /Server Thanks Charles Killmer Netgain Technology [EMAIL PROTECTED] Office: (320) 251-4700 ext 107
Server.xml configuration in Tomcat 4.1
Hi All, i am using Tomcat4.1, and whenever i create new application i am adding the context details in server.xml Is it possible to create a new myapp.xml file and put the context info in that. I tried to create a myapp.xml and place it under webapps directory, but the application is not finding it. if i place the same context configuration in Server.xml everything works fine. Can anyone suggest me how to avoid editing the same server.xmk for each new application. can i do this in Tomcat4.1?? below is the context i want to add in server.xml Context path=/mypuborderstates docBase=mypuborderstates debug=5 reloadable=true crossContext=true useNaming=true Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_mypuborderstates_log. suffix=.txt timestamp=true/ Resource name=jdbc/ODINPRD auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/ODINPRD blah() /Context -Original Message- From: Dennis Payne [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 28, 2004 11:13 AM To: tomcat-user@jakarta.apache.org Subject: Re: How to run servlet for every 30 minutes in Tomcat 4.1.30 If you are running Linux or Unix check the syntax for the 'nice' command. [EMAIL PROTECTED] 12-27-2004 18:55 Frank W. Zammetti wrote: It's interesting, Craig and I had an exchange about threads in servlet containers last week... I can't find a link to the thread unfortunately. Anyway, the basic idea behind that don't spawn your own threads inside a servlet container admonishment is based more on the fact that it's quite easy to screw up doing so, more than it has to do with virtually anything else. You want the servlet container to manager resources for you, and you lose that by spawning your own threads. The container isn't aware of the threads, so it can't control them for things like graceful shutdowns or simply trying to control resource utilization. Many people, including me, tend to ignore that warning when the situation warrants it, but you have to be extra-careful. For instance, you don't under any circumstances want to hold on to references to response, request or session objects because you don't manage them. You also, unless you really have a need and know what your doing, want to spawn threads to handle requests at all. Any threads you do spawn in a container should tend to be independent units of execution. If your use case fits that description, you can get away with it relatively safely. That being said, spawning things like daemon threads for low-level behind-the-scenes type processing is generally OK, so long as you are careful (i.e., be sure no runaway processing can occur, make sure it will shut down gracefully, etc). You might be able to use something like that in this case, you'll have to decide. If your using Struts, you can spawn the thread from a plug-in, as I've done in the past, but there are non-Struts equivalents (worse comes to worse, just do it in a servlet.init()). Do yourself a favor and make the thread processing functional independent of your app essentially, and even make it so it's not aware it's running in a servlet container. But again, caution is the key. If you make it a demon thread and set it's priority as low as you can and be sure to not hold on to a reference to it, I've found that works just fine under a number of app servers on a numeber of OSs. The bottom-line is that really that psuedo-rule is around because people tend to shoot themselves in the foot when using threads a bit too often, so better to advise against getting into a situation where you might do that. But, if your confident in your ability, and believe the use case really warrants it, you CAN do it, and relatively safely. Frank, I'm using threads and didn't know I was vulnerable. Here's how I've done it. I created a class that implements runnable and call its initialize method from a servlet init method at application startup. The initialize method creates a thread and sets a low priority for it. The run method sleeps the thread and wakes it every two minutes. A processing class contains the methods that queries the database (postgres). 1. Is this what you call a daemon thread? 2. Is this better done using cron? if so how do I ensure that it runs with a lower priority than my application code? Phil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : Security Newbie - Need Help
-Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Elusive context path issue
Hello Tomcat gurus, I am sure this has shown up a few thousand times but I have just downloaded the TC 5.5 in hopes that my little JSP app I am dreaming up will run on the servlet server. Here is the problem: I cannot get the context path right no matter what and the TC manager just claims: Failed to deploy application at context . I have embedded echo / statements all through the build.xml in hopes to catch the culprit. My JSP app is so small it is patterned right after the Hello World (/sample) sample.war file application that comes with TC. I have used the standard on all the configuration: build.xml, web.xml and build.properties (which probably is not necessary). I can only get the following error condition: Failed to deploy application at context path /inventory Like the sample.war I only have a single jsp and a (dot).html file. The sample.war file will deploy at: /sample but my inventory.war only fails with the error condition noted above. I cannot seem to control the context path what-so-ever. Ant environment vars follow: [echo] Using user.home=C:\Documents and Settings\hbd6345 [echo] Using dist.home=C:\Documents and Settings\hbd6345\My Documents\general\dev\inventory/dist [echo] Using build.home=C:\Documents and Settings\hbd6345\My Documents\general\dev\inventory/build [echo] Using app.path=/inventory Any and all remedies, rants or raves welcomed. Please advise, David. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: help: connecting Tomcat 5.5 to Apache 2.0 with mod_jk 1.2.8 on ISP's server: SOLVED.
Chris: It's working! Thanks a LOT! What you gave me wasn't the full answer, but it let me eliminate a lot of dead-ends and other mistakes I had made. One (of several) problems this helped was that I was using AddModule and not LoadModule, which is also addressed here: http://www.apache.org/~rbowen/presentations/apachecon2004/apache2.0/slide35. html I also put my workers.properties file in the same directory as httpd.conf b/c of something I read somewhere. Not sure if that actually did anything. I found my problem on other sites with no answers, so I'm going to include the relevant parts of my httpd.conf and workers.properties, in case others have a similar situation. Thanks again, Jason Musegraphics.com My setup: leasing a virtual server from olm.net Apache 2.0.50, Tomcat 5.5.4, mod_jk 1.2.8 Relevant parts of my httpd.conf: LoadModule jk_module modules/mod_jk.so #AddModule modk_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /examples/* musegraphicsworker JkMount /*.jsp musegraphicsworker VirtualHost 69.94.10.74:80 ServerName www.musegraphics.com ServerAdmin [EMAIL PROTECTED] #DocumentRoot /home/virtual/site1/fst/var/www/html --this was another problem I had. Gotta change this after adding Tomcat to Apache. Seems obvious now. Changed to the following: DocumentRoot /usr/local/tomcat/tomcatCV/webapps/jsp-examples Directory /usr/local/tomcat/tomcatCV/webapps/jsp-examples Allow from all AllowOverride All Order allow,deny /Directory # A lot other stuff here my ISP (olm.net) put in, not included for brevity. /VirtualHost My workers.properties file: # workers.tomcat_home=/usr/local/tomcat/ # workers.java_home should point to your Java installation. workers.java_home=/usr/local/java # You should configure your environment slash... ps=\ on NT and / on UNIX ps=/ #-- workers list worker.list=musegraphicsworker #-- musegraphicsworker DEFINITION- worker.musegraphicsworker.type=ajp13 worker.musegraphicsworker.host=localhost worker.musegraphicsworker.port=8009 worker.musegraphicsworker.lbfactor=50 worker.musegraphicsworker.cachesize=10 worker.musegraphicsworker.cache_timeout=600 worker.musegraphicsworker.socket_timeout=300 worker.musegraphicsworker.socket_keepalive=1 There's quite a bit more but those are the parts I changed out of the already existing (and highly complex) Apache configuration my ISP had in place. Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running heavily loaded tomcat sites.
It was good to read your paper. I was wondering why ReiserFS is suitable for webapps that you are hosting. On Wed, 09 Feb 2005 00:18:52 +0100, Wojciech Sobczuk [EMAIL PROTECTED] wrote: Hello, I have collected my experiences with running a heavily loaded (and soon to be high availability) tomcat setup in a paper available here: http://brandlay.com/wojtek/publ/tomcat.jsp Have a look if you're interested and please email any comments directly to my email. Thanks! -- Wojciech Sobczuk [EMAIL PROTECTED] +48 605 607 170 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE : RE : RE : Security Newbie - Need Help
Sorry, i understand what you mean. Your role table seems ok. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 17:40 À : 'Tomcat Users List' Objet : RE : RE : Security Newbie - Need Help -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name varchar(15) not null, primary key (user_name, role_name) ); How can I trouble shoot this? The log doesn't show anything. Any tips would be great. Thanks, Luke - To unsubscribe, e-mail: [EMAIL
RE: Running heavily loaded tomcat sites.
You are really just starting document the issues necessary for running a high volume site. The URL http://www.mhsoftware.com/resources/top10asp.html Has some things that are IIS specific, but also apply to Tomcat applications: Specifically: Store as little as possible on the session. I'm working on an app right now, where the author decided storing the db connection on the session was the way to go. Watch contention. Use an automated code analysis tool like PMD or Findbugs to eliminate bad and redundant code. PMD will detect things like string concatenation in loops, using string concatenation in StringBuffer.append() methods, and other non-optimal techniques. Stress test using a tool like Jmeter. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- On Wed, 09 Feb 2005 00:18:52 +0100, Wojciech Sobczuk [EMAIL PROTECTED] wrote: Hello, I have collected my experiences with running a heavily loaded (and soon to be high availability) tomcat setup in a paper available here: http://brandlay.com/wojtek/publ/tomcat.jsp Have a look if you're interested and please email any comments directly to my email. Thanks! -- Wojciech Sobczuk [EMAIL PROTECTED] +48 605 607 170 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Basic Auth Errors
Good Morning, I'm here again with a trouble that I had already submitted but that isn't yet solved. Here is the topic: I'm trying to setup a basic authentication using realm. I'm working on a Linux Machine with Tomcat 5.0.28 and JDK 1.4.2 (last stable before Tiger). Then, I've set up the server XML in this way: == Host appBase=webapps/photoalbum name=photoalbum.localhost Logger className=org.apache.catalina.logger.FileLogger directory=logs/photoalbum/ suffix=.txt prefix=photoalbum_log. timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=PhotoAlbum/ /Host == the context.xml file (that is stored into TOMCAT_HOME/conf/Catalina/photoalbum.localhost) I've putted this code: === ?xml version='1.0' encoding='utf-8'? Context privileged=true swallowOutput=true workDir=work\Catalina\photoalbum\ path=/ cacheTTL=0 cachingAllowed=false displayName=bannerEmbedded beta docBase=. cacheMaxSize=0 reloadable=true privileged=true Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=PhotoAlbum/ Valve className=org.apache.catalina.valves.AccessLogValve directory=logs/photoalbum/ fileDateFormat=-MM-dd suffix=.txt prefix=photoalbum_access_log./ Resource type=org.apache.catalina.UserDatabase description=User database that can be updated and saved auth=Container name=PhotoAlbum/ ResourceParams name=PhotoAlbum parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/Catalina/photoalbum.localhost/photoalbum-users.xml/value /parameter /ResourceParams /Context === then I've setting up the web.xml as usual to this kind of uses: === resource-env-ref descriptionLink to the UserDatabase instance from which we request lists of defined role names. Typically, this will be connected to the global user database with a ResourceLink element in server.xml or the context configuration file for the Manager web application./description resource-env-ref-namePhotoAlbum/resource-env-ref-name resource-env-ref-typeorg.apache.catalina.UserDatabase/resource-env-ref-type /resource-env-ref security-constraint display-namePhotoalbum Security Constraints/display-name web-resource-collection web-resource-namePhotoalbum/web-resource-name url-pattern/controlPanel.jsp/url-pattern url-pattern/photoUpload.jsp/url-pattern url-pattern/login.jsp/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-namephotoalbum/role-name role-nameadmin/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-namePhotoAlbum/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role role-namephotoalbum/role-name /security-role security-role role-nameadmin/role-name /security-role === In the log i read thsi errors with their relative stack trace (will be omitted) a) javax.naming.NameNotFoundException: Name PhotoAlbum is not bound in this Context b) LifecycleException: No UserDatabase component found under key PhotoAlbum so, this configuration would not work. Can anyone help me? -- Adobati Omar Italy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Valves
Right. I believe that the reason that Tomcat can't find ValveBase is that it is loaded with a different class loader than classes in the common directory. Filip Hanik - Dev wrote: put your class in server/classes, valves should not be common Filip - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tale of two servers
More details please. Are both machine running the same version of Java. Are they both connecting to an external database? Exact same versions of Tomcat 5.5.x ? On Thu, 10 Feb 2005 01:19:10 -0800 (PST), Dola Woolfe [EMAIL PROTECTED] wrote: Hi, I'm running TC5.5 on two different servers in the same office. Both run XP Pro SP2. Both servers are programmatically queried by users and are bombarded with thousands of requests. One of the servers responds much more quickly than the other. In fact, one of them causes timeouts. The offender is a super duper new dell desktop with 4gb of ram, etc. It's running java 1.5 and is committed to nothing by tomcat. The winner is a rinky-dink 2 year old laptop with little ram, and lots of spyware sucking out cpu. So this is obviously counterintuitive and I'm wondering if anyone could suggest where to begin looking for problems! Many thank in advance, Dola __ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
What does each part of a className mean?
I am having a problem getting SSL to work on my tomcat 5 sever so I would like to know what each segment of the class name means from the server.xml file (className=org.apache.coyote.tomcat5.CoyoteConnector) and how it affect the SSL on my server. When I looked at my server.xml file the classname was not there I have removed the rem statements but SSL does not work I think I have it wrong. Do I even need to add the classname can I run without it Just use the port 8443? Do I need to change the org.apache.coyote.tomcat5.CoyoteConnector and change it to my domain name/server name ? Any help would be great Thanks again -- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- !-- Connector className=org.apache.coyote.tomcat5.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true; clientAuth=false sslProtocol=TLS/ Christopher W. Hosler Network Administrator Ingham County MIS Department Email [EMAIL PROTECTED] As water reflects the face So a mans heart reflects the man - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5 cluster spins out of control periodically
I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) Any ideas? Thanks, Micky - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tale of two servers
does the fast one run any anti-virus software? That's been known to kill performance. Mike Curwen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : Security Newbie - Need Help
you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration
Re: Tomcat 5 cluster spins out of control periodically
No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : RE : RE : Security Newbie - Need Help
No I think you are right. I have user_roles in the server.xml realm and the table in tomcatusers is called roles. Is there a correct naming (user_roles vs roles)? Concerning the security-role is this required when using a JDBCRealm? Thanks, Luke Sorry, i understand what you mean. Your role table seems ok. -Message d'origine- De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 17:40 À : 'Tomcat Users List' Objet : RE : RE : Security Newbie - Need Help -Message d'origine- De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:57 À : Tomcat Users List Objet : Re: RE : Security Newbie - Need Help Where would the security-role be declared? WEB-INF/web.xml? Yes The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? select * from roles; ... realm ... userRoleTable=user_roles Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml file. security-role role-nameadmin/role-name /security-role -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 07:33 À : Tomcat Users List Objet : Security Newbie - Need Help Hi; I am trying to install a security realm for my application. I am expecting a browser login window. But instead I get: HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Why I am not getting the login window? Here is the web.xml in project root/WEB-INF security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method /login-config /security-constraint Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/applicationusers?user=useramp;passwor d=password userTable=applicationusers userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / The table structure was created using the following sql: create table users ( user_name varchar(15) not null primary key, user_pass varchar(15) not null ); create table user_roles ( user_name varchar(15) not null, role_name
Re: Restart-On-Failure for Tomcat?
Hi Paul, I hope you don't mind the direct e-mail. Would you mind sharing your wget script? Thanks, Robert On Sat, 05 Feb 2005 23:02:50 -0600, Paul [EMAIL PROTECTED] wrote: I would suggest either a process monitor or using cron to run script every minute or so that would use wget to get a test page and if it fails, restart tomcat. I've been using the latter of the two with good success for a while. Of course, I'm assuming your using Linux or the like, but if you're on Win then you can set the recovery options under services. I'm not aware of anything inherent in Tomcat. Regards, -Paul Robert McIntosh wrote: Hi, I'm supporting a web application running on Apache (2.0x) /Tomcat(5.0.x) w/ mod-jk. The web application seems to cause Tomcat (5.0.28) to fail on average once a week. Restarting tomcat tends to do the trick, however this is in a production enviornment. I've been looking for a restart-on-failure script or inherent feature in Tomcat that can perform this. Please forward me information on how to monitor Tomcat for error conditions and restart the application. Thanks! Robert [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
probably is the multi cast receiver that freaks out. This can happen if the network cable is unplugged. I will add in a sleep on the receiver so that even in this case it wont freak out. so in the scenario above, its a known problem, checking in a fix right now. if you do provide a dump however, we will know more. or even better, profiling it. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 1:24 PM Subject: Re: Tomcat 5 cluster spins out of control periodically No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
Filip, thanks for the information. I did notice that on our test servers, it doesn't happen as frequently. And in the production server.xml we had: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ In the test one it was: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=asynchronous/ What is the better way? Filip Hanik - Dev wrote: probably is the multi cast receiver that freaks out. This can happen if the network cable is unplugged. I will add in a sleep on the receiver so that even in this case it wont freak out. so in the scenario above, its a known problem, checking in a fix right now. if you do provide a dump however, we will know more. or even better, profiling it. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 1:24 PM Subject: Re: Tomcat 5 cluster spins out of control periodically No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What does each part of a className mean?
Chris Hosler wrote: I am having a problem getting SSL to work on my tomcat 5 sever Read this: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html If, after that, you're still having problems -- let us know. :-) -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
ah, you might be having problems with the java.nio package, (TCP) as the conf below you are mentioning, are using those settings. asynch doesn't require an ack message, and some VM's on some platforms have problems sending data back on a NIO channel. linux had this issue unless you set LD_ASSUME_KERNEL for example, Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 2:44 PM Subject: Re: Tomcat 5 cluster spins out of control periodically Filip, thanks for the information. I did notice that on our test servers, it doesn't happen as frequently. And in the production server.xml we had: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ In the test one it was: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=asynchronous/ What is the better way? Filip Hanik - Dev wrote: probably is the multi cast receiver that freaks out. This can happen if the network cable is unplugged. I will add in a sleep on the receiver so that even in this case it wont freak out. so in the scenario above, its a known problem, checking in a fix right now. if you do provide a dump however, we will know more. or even better, profiling it. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 1:24 PM Subject: Re: Tomcat 5 cluster spins out of control periodically No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
hmm is there any difference in performance with pooled vs async? The OS is HPUX 11 Filip Hanik - Dev wrote: ah, you might be having problems with the java.nio package, (TCP) as the conf below you are mentioning, are using those settings. asynch doesn't require an ack message, and some VM's on some platforms have problems sending data back on a NIO channel. linux had this issue unless you set LD_ASSUME_KERNEL for example, Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 2:44 PM Subject: Re: Tomcat 5 cluster spins out of control periodically Filip, thanks for the information. I did notice that on our test servers, it doesn't happen as frequently. And in the production server.xml we had: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ In the test one it was: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=asynchronous/ What is the better way? Filip Hanik - Dev wrote: probably is the multi cast receiver that freaks out. This can happen if the network cable is unplugged. I will add in a sleep on the receiver so that even in this case it wont freak out. so in the scenario above, its a known problem, checking in a fix right now. if you do provide a dump however, we will know more. or even better, profiling it. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 1:24 PM Subject: Re: Tomcat 5 cluster spins out of control periodically No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5 cluster spins out of control periodically
there have been a few articles, check onjava.com for example, asynch will result in a faster response time, but doesn't guarantee that the session gets replicated for the next request. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 3:43 PM Subject: Re: Tomcat 5 cluster spins out of control periodically hmm is there any difference in performance with pooled vs async? The OS is HPUX 11 Filip Hanik - Dev wrote: ah, you might be having problems with the java.nio package, (TCP) as the conf below you are mentioning, are using those settings. asynch doesn't require an ack message, and some VM's on some platforms have problems sending data back on a NIO channel. linux had this issue unless you set LD_ASSUME_KERNEL for example, Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 2:44 PM Subject: Re: Tomcat 5 cluster spins out of control periodically Filip, thanks for the information. I did notice that on our test servers, it doesn't happen as frequently. And in the production server.xml we had: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=pooled/ In the test one it was: Sender className=org.apache.catalina.cluster.tcp.ReplicationTransmitter replicationMode=asynchronous/ What is the better way? Filip Hanik - Dev wrote: probably is the multi cast receiver that freaks out. This can happen if the network cable is unplugged. I will add in a sleep on the receiver so that even in this case it wont freak out. so in the scenario above, its a known problem, checking in a fix right now. if you do provide a dump however, we will know more. or even better, profiling it. Filip - Original Message - From: Micky Williamson [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 1:24 PM Subject: Re: Tomcat 5 cluster spins out of control periodically No, not using Apache to front end. Haven't done any thread dumps...yet. I just was throwing feelers out to see if there is any history of this. Tim Funk wrote: Are you using apache in front of tomcat? Have you done thread dumps when in a good state vs a 100% cpu state? Sounds like an inifinite loop. -Tim Micky Williamson wrote: I have two machines running Tomcat 5.0 with java 1.4. Both are clustered together. Every once in a while, one or the other just starts spinning out of control and clocking wall time. This is on hp ux version 11. New machines, lots of resources (16 Gig of RAM) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Restart-On-Failure for Tomcat?
hello, i also have the problem that my tomcat stops does not respond, and this more than once a day. i'm currently looking for the cause of the problem, so i wrote a monitoring script that collects the top-output, does a thread-dump on the tomcat-process and performs a `netstat -p -n`, and finally sends this information via email. configuration is hold by a configuration file, whereas these days i put more and more configuration into the script itself, so separation of concerns is broken :) you can place the script in /etc/init.d/ and register it via chkconfig, configurations are placed in the conf-file and in the top of the monitoring-script, you should adapt all to your needs. as i don't know if attachments are handled properly by this list, i put the script on my website, so you can find it here too: http://www.javakaffee.de/jspwiki/Wiki.jsp?page=ServerSideDevelopment i hope it's helpful, cheers, martin On Thu, 2005-02-10 at 12:12 -0800, Robert McIntosh wrote: Hi Paul, I hope you don't mind the direct e-mail. Would you mind sharing your wget script? Thanks, Robert On Sat, 05 Feb 2005 23:02:50 -0600, Paul [EMAIL PROTECTED] wrote: I would suggest either a process monitor or using cron to run script every minute or so that would use wget to get a test page and if it fails, restart tomcat. I've been using the latter of the two with good success for a while. Of course, I'm assuming your using Linux or the like, but if you're on Win then you can set the recovery options under services. I'm not aware of anything inherent in Tomcat. Regards, -Paul Robert McIntosh wrote: Hi, I'm supporting a web application running on Apache (2.0x) /Tomcat(5.0.x) w/ mod-jk. The web application seems to cause Tomcat (5.0.28) to fail on average once a week. Restarting tomcat tends to do the trick, however this is in a production enviornment. I've been looking for a restart-on-failure script or inherent feature in Tomcat that can perform this. Please forward me information on how to monitor Tomcat for error conditions and restart the application. Thanks! Robert [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Martin Grotzke Hohenesch 38, 22765 Hamburg Tel. +49 (0) 40.39905668 Mobil +49 (0) 170.9365656 E-Mail[EMAIL PROTECTED] Onlinehttp://www.javakaffee.de watchtomcat Description: application/shellscript # # The configuration file for watchtomcat # # $Id: watchtomcat.conf.baseserver.com 94 2004-03-18 21:15:38Z grotzke $ # # for curl checking #CHECK_URL=http://www.javakaffee.de/jspwiki/Wiki.jsp?page=Main; CHECK_URL=http://tomcat.baseserver.net; SEARCH_WORD=wordtosearchfor # for which word shall be searched in the CHECK_URL-document? EXPECTED_WC_L=3# how many lines are expected to be found with the given SEARCH_WORD? [EMAIL PROTECTED]# where to send notifications signature.asc Description: This is a digitally signed message part
Re: Restart-On-Failure for Tomcat?
On Thu, 2005-02-10 at 23:30 +0100, Martin Grotzke wrote: hello, i also have the problem that my tomcat stops does not respond, and this more than once a day. i'm currently looking for the cause of the problem, so i wrote a monitoring script that collects the top-output, does a thread-dump on the tomcat-process and performs a `netstat -p -n`, and finally sends this information via email. ha, i forgot to mention that it restarts tomcat, too ;) cheers, martin configuration is hold by a configuration file, whereas these days i put more and more configuration into the script itself, so separation of concerns is broken :) you can place the script in /etc/init.d/ and register it via chkconfig, configurations are placed in the conf-file and in the top of the monitoring-script, you should adapt all to your needs. as i don't know if attachments are handled properly by this list, i put the script on my website, so you can find it here too: http://www.javakaffee.de/jspwiki/Wiki.jsp?page=ServerSideDevelopment i hope it's helpful, cheers, martin On Thu, 2005-02-10 at 12:12 -0800, Robert McIntosh wrote: Hi Paul, I hope you don't mind the direct e-mail. Would you mind sharing your wget script? Thanks, Robert On Sat, 05 Feb 2005 23:02:50 -0600, Paul [EMAIL PROTECTED] wrote: I would suggest either a process monitor or using cron to run script every minute or so that would use wget to get a test page and if it fails, restart tomcat. I've been using the latter of the two with good success for a while. Of course, I'm assuming your using Linux or the like, but if you're on Win then you can set the recovery options under services. I'm not aware of anything inherent in Tomcat. Regards, -Paul Robert McIntosh wrote: Hi, I'm supporting a web application running on Apache (2.0x) /Tomcat(5.0.x) w/ mod-jk. The web application seems to cause Tomcat (5.0.28) to fail on average once a week. Restarting tomcat tends to do the trick, however this is in a production enviornment. I've been looking for a restart-on-failure script or inherent feature in Tomcat that can perform this. Please forward me information on how to monitor Tomcat for error conditions and restart the application. Thanks! Robert [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Martin Grotzke Hohenesch 38, 22765 Hamburg Tel. +49 (0) 40.39905668 Mobil +49 (0) 170.9365656 E-Mail[EMAIL PROTECTED] Onlinehttp://www.javakaffee.de signature.asc Description: This is a digitally signed message part
coyote standalone?
Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coyote standalone?
Hi Adam. I always get headaches when I got into the Tomcat source base; its almost too abstract and I can't figure out what does what. There is a book that is comming out or may already be out that details Tomcat's internal architecture that I've been meaning to read. Why isn't Jetty enough for you? Brad At 02:55 PM 2/10/2005, you wrote: Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coyote standalone?
Hi Brad- The Jetty ResourceHandler works fine, but it's just a little clunky and unmaintainable. I already adapted their static resource handler to suite my needs, but there are lots of methods that are about 100 lines long and things like that. It does things like require a Jetty Resource instance that in turn requires an actual java.io.File, a requirement I'd prefer to avoid in certain cases. It works well and passes all my tests for Range requests and everything else with flying colors, but I'm looking for something slightly more elegant. It's also tied to the Jetty code pretty tightly. If I wanted to use it with some other framework, such as Spring, I'd have to refactor it quite a bit to only rely on plain on HttpServletRequests and HttpServletResponses. That's the path I'm currently planning on following, but I'm fishing around for a better solution. This is all to partially to implement my adaptation of your very elegant JXTA, Jetty, and HttpClient integration -- great stuff!! -Adam Brad Neuberg wrote: Hi Adam. I always get headaches when I got into the Tomcat source base; its almost too abstract and I can't figure out what does what. There is a book that is comming out or may already be out that details Tomcat's internal architecture that I've been meaning to read. Why isn't Jetty enough for you? Brad At 02:55 PM 2/10/2005, you wrote: Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mod_jk config - worker.worker1.retries property does not work?
Hi, I was just wondering if anyone else has experienced this problem. I am using mod_jk 1.2.8, and I'm trying to configure two tomcat workers under a load balancer worker. I set the properties for the two workers as follows: worker.worker1.retries=1 worker.worker2.retries=1 But when I look at the mod_jk log (running at debug level) I see (with a few context lines): [Thu Feb 10 16:26:01 2005] [4101:0] [debug] jk_ajp_common.c (572): ajp marshaling done [Thu Feb 10 16:26:01 2005] [4101:0] [debug] jk_ajp_common.c (1641): processing with 3 retries [Thu Feb 10 16:26:01 2005] [4101:0] [debug] jk_connect.c (150): set timeout to 30 with status 0 [Thu Feb 10 16:26:01 2005] [4101:0] [debug] jk_connect.c (159): try to connect socket = 7 to 172.17.144.16 :8009 for all my workers when they send. Is this a bug? Or does this retries setting affect something else? -- Chuck
Re: coyote standalone?
Adam, sounds interesting. Can't wait to see the results. Feel free to keep talking with me if you have any more questions or ideas. By the way, I pushed out a first release of Paper Airplane last sunday. Check out the blog post and installation instructions on it at http://codinginparadise.org/weblog/2005/02/paper-airplane-011-released_06.html. It's still quite alpha but functional. Best, Brad At 04:19 PM 2/10/2005, you wrote: Hi Brad- The Jetty ResourceHandler works fine, but it's just a little clunky and unmaintainable. I already adapted their static resource handler to suite my needs, but there are lots of methods that are about 100 lines long and things like that. It does things like require a Jetty Resource instance that in turn requires an actual java.io.File, a requirement I'd prefer to avoid in certain cases. It works well and passes all my tests for Range requests and everything else with flying colors, but I'm looking for something slightly more elegant. It's also tied to the Jetty code pretty tightly. If I wanted to use it with some other framework, such as Spring, I'd have to refactor it quite a bit to only rely on plain on HttpServletRequests and HttpServletResponses. That's the path I'm currently planning on following, but I'm fishing around for a better solution. This is all to partially to implement my adaptation of your very elegant JXTA, Jetty, and HttpClient integration -- great stuff!! -Adam Brad Neuberg wrote: Hi Adam. I always get headaches when I got into the Tomcat source base; its almost too abstract and I can't figure out what does what. There is a book that is comming out or may already be out that details Tomcat's internal architecture that I've been meaning to read. Why isn't Jetty enough for you? Brad At 02:55 PM 2/10/2005, you wrote: Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coyote standalone?
Wow -- I somehow missed that. I'll definitely check it out. Congratulations on the release! -Adam Brad Neuberg wrote: Adam, sounds interesting. Can't wait to see the results. Feel free to keep talking with me if you have any more questions or ideas. By the way, I pushed out a first release of Paper Airplane last sunday. Check out the blog post and installation instructions on it at http://codinginparadise.org/weblog/2005/02/paper-airplane-011-released_06.html. It's still quite alpha but functional. Best, Brad At 04:19 PM 2/10/2005, you wrote: Hi Brad- The Jetty ResourceHandler works fine, but it's just a little clunky and unmaintainable. I already adapted their static resource handler to suite my needs, but there are lots of methods that are about 100 lines long and things like that. It does things like require a Jetty Resource instance that in turn requires an actual java.io.File, a requirement I'd prefer to avoid in certain cases. It works well and passes all my tests for Range requests and everything else with flying colors, but I'm looking for something slightly more elegant. It's also tied to the Jetty code pretty tightly. If I wanted to use it with some other framework, such as Spring, I'd have to refactor it quite a bit to only rely on plain on HttpServletRequests and HttpServletResponses. That's the path I'm currently planning on following, but I'm fishing around for a better solution. This is all to partially to implement my adaptation of your very elegant JXTA, Jetty, and HttpClient integration -- great stuff!! -Adam Brad Neuberg wrote: Hi Adam. I always get headaches when I got into the Tomcat source base; its almost too abstract and I can't figure out what does what. There is a book that is comming out or may already be out that details Tomcat's internal architecture that I've been meaning to read. Why isn't Jetty enough for you? Brad At 02:55 PM 2/10/2005, you wrote: Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Brad Neuberg, [EMAIL PROTECTED] Senior Software Engineer, Rojo Networks Weblog: http://www.codinginparadise.org = Check out Rojo, an RSS and Atom news aggregator that I work on. Visit http://rojo.com for more info. Feel free to ask me for an invite! Rojo is Hiring! If you're interested in RSS, Weblogs, Social Networking, Java, Open Source, etc... then come work with us at Rojo. If you recommend someone and we hire them you'll get a free iPod! See http://www.rojonetworks.com/JobsAtRojo.html. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Relative Path in web.xml
Hi, is possible to make a Propertie, in the web.xml file, poiting to a file using the relative path of the file? Something like: propertie: fooProp value: conf/file.txt (file.txt is in $CATALINA_HOME/conf directory, or /usr/local/tomcat/conf) Thanks the help! -- Rodrigo de Avila [EMAIL PROTECTED] http://www.avila.eti.br - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAASRealm and useContextClassloader=true
Is anyone using the JAASRealm with the useContextClassloader flag set to true in Tomcat 5.0.28? It is not working the way I expect it to. Although the posted documentation is confusing, reading the history of the flag in Bugzilla (see http://issues.apache.org/bugzilla/show_bug.cgi?id=29406 )leads me to expect that if I set the flag to false then the LoginModule, User, and Role classes (and their supporting classes) would all be loaded by the webapps's class loader. That is to say they could all come from webapps/MyWebApp/lib and should be unaffected by any classes server/lib. I've tried this configuration and it works as I expect. I can stuff whatever JARs I want in server/lib and it doesn't break anything. When I set the useContextClassloader flag to true on the other hand (or leave it out, since true is the default setting), I expect the LoginModule, User, and Role classes (and their supporting classes) would all be loaded by the Tomcat Server/Container's class loader. That is to say they could all come from server/lib (or common/lib) and should be unaffected by any classes in webapps/MyWebApp/lib. I've tried this configuration and this only partly works. With useContextClassloader=true I can put all the classes in server/lib, yes, and they will work, yes, UNLESS the webapp being protected has the same classes in its library. When the webapp being protected has the same support classes as the LoginModule, then I get NoClassDef errors as some LoginModule support classes get loaded by the Server/Container class loader but somehow the LoginModule starts looking for other support classes using the WebApp classloader. In other words, I can break a working JAASRealm implementation (installed in server/lib and configured with useContextClassloader=true) by installing a new webapp that uses it. To keep the JAASRealm working I have to remove stuff from the webapp, remove stuff from server/lib, and put it in common lib. That defeats the whole idea of packaged webapps that are simply installed and work in their own little world. It seems obvious to me that this is a Tomcat bug: the point of the separate classloaders is to prevent exactly this outcome and keep the Server unaffected by any webapp's libraries or other junk and to keep the webapps from being broken by stuff the Server needs. The Tomcat developers, however, seem to think this is not a bug, but rather the expected behavior. Would anyone be willing to help me understand why this behavior is expected and/or desirable? Can anyone explain what would be wrong with having useContextClassloader=true work the way I expect it to? I certainly would like to be able to have one LoginModule work for all the installed apps without worrying what libraries the webapps are using. Thanks, =Jeremy= - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Trouble getting CGI script to execute
Ok. Just completed this myself using Tomcat 5.5.7, JDK 5 on a Mandrake Linux system and got it to work right. Here's what I did from clean install: 1) Setup Tomcat -- there's tons of docs on this and no need to rehash things. 2) Renamed $CATALINA_HOME/server/lib/servlets-cgi.renametojar to $CATALINA_HOME/server/lib/servlets-cgi.jar. 3) Made two changes to the global web.xml at $CATALINA_HOME/conf/web.xml: a) Uncommented the servlet element for the cgi servlet b) Uncommented the servlet-mapping for the cgi servlet. i) I should mention here I added a parameter for my paricular test cgi script: init-param param-nameexecutable/param-name param-value/bin/bash/param-value /init-param c) Just a note: I would imagine this stuff could also be copy/pasted to your webapp's web.xml file instead. 4) Created a testapp directory in the webapps directory 5) Created a WEB-INF directory in the testapp directory 6) Created a cgi directory in the WEB-INF directory 7) Placed a very basic shell script in the cgi directory making sure execute privileges were set for it. 8) Wrote a minimal web.xml file essentially empty except for the DOCTYPE declaration, and a web-app root element. 9) Started Tomcat 10) Opened a browser and requested http://localhost:8080/testapp/cgi/hello-world.sh My very basic cgi (the blank line between the Content-type header and the rest is necessary): echo 'Content-type: text/html' echo '' echo '!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 3.2 Final//EN' echo 'HTML' echo 'headtitleTest CGI script/title/head' echo 'bodyh3 align=centerHello World from the testapp CGI folder!!!/h3/body' echo '/HTML' echo '' I've seen the above howto for better or worse in a few places on the net. A quick google search should find something. The only real difference that I can see between my setup and yours, Alex, is the mapping. I used a mapping of /cgi as provided in the global web.xml file and you mapped yours with *.cgi. I don't know what kind of difference that makes except the path to the cgi might get real interesting. My suggestion would be to start over with an empty webapp and set it up as I described above. If it works, go back and look for differences between the broken app and the working one. Good luck. If this doesn't do it, I'm out of ideas. --David Brelsfoard, Alex wrote: Yeah, it's good thinking. But these are my only mappings: servlet-mapping servlet-namedefault/servlet-name url-pattern//url-pattern /servlet-mapping !-- The mapping for the JSP servlet -- servlet-mapping servlet-namejsp/servlet-name url-pattern*.jsp/url-pattern /servlet-mapping !-- The mapping for the CGI Gateway servlet -- servlet-mapping servlet-namecgi/servlet-name url-pattern*.cgi/url-pattern /servlet-mapping Doesn't look like any overwriting here --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Thu 2/10/2005 9:27 AM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute Ok. I may try to go through and try this setup myself to see what happens, but that won't happen until tonight. My boss seems to expect me to do some work for the department -- go figure. In the meantime, you may want to try removing the existing servlet mappings from your web application's web.xml file, reload the context and try the cgi script. If that works, we've found our gremlin. According to the servlet spec, nothing in the WEB-INF directory can be directly accessed by the client. That's what leads met to believe a servlet somewhere is handling the request and passing back the raw file. Does the app hide anything else in the WEB-INF folder (images, css, pages, etc., ...) and send it to the client on request? --David Brelsfoard, Alex wrote: Thanks David. Question 1: Yes. I've made this mistake enogh times in the past that I'm pretty good about it now. Plus I have made other changes that required (and received) a Tomcat reboot after doing that name change. Question 2: That's a good thought... I've gone through the mappings and cannot find anything that would interfere with my cgi script Good thinking. Any other ideas? Thanks. --Alex Alex Brelsfoard Web Applications Developer Web Development Office Worcester Polytechnic Institute 508-831-6147 [EMAIL PROTECTED] From: David Smith [mailto:[EMAIL PROTECTED] Sent: Wed 2/9/2005 6:02 PM To: Tomcat Users List Subject: Re: Trouble getting CGI script to execute I know I'm coming into this very late. I was hoping Mark was going to nail this on the head for you -- especially since I don't actually use the cgi-servlets piece in my stuff. But I also hate to see a problem like this get stalled. Question 1: This is a basic one, but I've had my share of
Re: RE : Security Newbie - Need Help
Hi Dennis; Where is IMS defined? Otherwise I have specified everything as you recommended. Yet I still get this error once I hit the page (no login prompt): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: Dennis Payne [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 11:23 AM Subject: Re: RE : Security Newbie - Need Help you will not need a roles table for tomcat... it is only useful to your own applications that will edit the data. The system only utilizes the the user-role table and the user-password table (at least for basic authentication). Each servlet in the system that is secure is setup this way and has an associated mapping: servlet servlet-nameEnterAssignment/servlet-name display-nameEnterAssignment/display-name descriptionEnter Assignment/description servlet-classcom.mtc.ims.ia.servlet.EnterAssignment/servlet-class security-role-ref role-nameIMS/role-name role-linkIMS/role-link /security-role-ref /servlet ... servlet-mapping servlet-nameEnterAssignment/servlet-name url-pattern/servlet/EnterAssignment/url-pattern /servlet-mapping The server.xml contains a reference to the security tables by using the Realm tag placed as shown (there are other ways to do it) and all db driver jars have been place in the classpath: Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm connectionName=username connectionPassword=password connectionURL=jdbc:mysql://xxx.xxx.xxx.xxx:3306/dbname driverName=com.mysql.jdbc.Driver userRoleTable=userrole userTable=userpassword roleNameCol=userrole userNameCol=userid userCredCol=passwordid / /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.UserDatabaseRealm / /Engine Hope this helps Enjoy! [EMAIL PROTECTED] 02-10-2005 08:56 Where would the security-role be declared? WEB-INF/web.xml? The tables I have are roles, user_roles and users. When you say wrong role table which of the tables I have should be renamed? Thanks for you help, Luke It seems that you have a wrong role table (roles or user_roles). Have you declare security-role element ? -Message d'origine- De : Luke [mailto:[EMAIL PROTECTED] Envoyé : jeudi 10 février 2005 16:02 À : Tomcat Users List Objet : Re: Security Newbie - Need Help Hi; Here is the roles table: mysql select * from roles; +---+ | role_name | +---+ | admin | +---+ 1 row in set (0.02 sec) I noticed I did have a mistake in the realm declaration in my server.xml. I had the wrong user table name. That is fixed this but still have the problem: Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/tomcatusers?user=useramp;password=pas sword userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / I also changed my security declaration to have a realm-name in the login config: !-- security -- security-constraint web-resource-collection web-resource-namefw/web-resource-name url-pattern*.do/url-pattern http-methodPOST/http-method http-methodGET/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint login-config auth-methodBASIC/auth-method realm-namefw/realm-name /login-config /security-constraint The error is (which appears without a login window first allowing me to authenticate): HTTP Status 403 - Configuration error: Cannot perform access control without an authenticated principal type Status report message Configuration error: Cannot perform access control without an authenticated principal description Access to the specified resource (Configuration error: Cannot perform access control without an authenticated principal) has been forbidden. Apache Tomcat/5.0.28 Thanks, Luke - Original Message - From: LERBSCHER Jean-Pierre [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Thursday, February 10, 2005 12:27 AM Subject: RE : Security Newbie - Need Help Hi, Could you verify that you have declared your admin role in the web.xml
tomcat 5.5.7 won't start because of NPE
Using the out of box config files and webapps: java version 1.5.0_01 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_01-b08) Java HotSpot(TM) Client VM (build 1.5.0_01-b08, mixed mode, sharing) This appears on catalina.out: Feb 11, 2005 12:35:51 AM org.apache.catalina.startup.Catalina load WARNING: Can't load server.xml Feb 11, 2005 12:35:51 AM org.apache.catalina.startup.Catalina load WARNING: Can't load server.xml Feb 11, 2005 12:35:51 AM org.apache.catalina.startup.Catalina start INFO: Server startup in 0 ms java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409) Caused by: java.lang.NullPointerException at org.apache.catalina.startup.Catalina.await(Catalina.java:600) at org.apache.catalina.startup.Catalina.start(Catalina.java:560) ... 6 more - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat problem
After starting the tomcar when i enter my application url it fails .. The error is given below , pls help me .. HTTP Status 500 - - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:373) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause java.lang.NullPointerException org.apache.jasper.JspCompilationContext.createCompiler(JspCompilationContext.java:220) org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:552) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:296) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:245) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) note The full stack trace of the root cause is available in the Apache Tomcat/5.5.4 logs. - Apache Tomcat/5.5.4 - Do you Yahoo!? Yahoo! Search presents - Jib Jab's 'Second Term'
Tomcat doesnot shutdown properly
Hi, Tomcat doesnot shutdown when one of the threads is in process. I type catalina stop to stop the tomcat but it does not work cos one of the threads is in process Is there any way out of this of tomcat forcibly killing all threads and shutting down tomcat ? Kindly advise. Best Regards, Satya