Tomcat security realms question
Hi all I have a problem that's been raised by my security team to do with using Tomcat JDBCRealms. We're using such realms to protect restricted resources. We also have a custom login form. The steps Tomcat seems to follow when using such a setup is: 1. Check to see if the user is logged in with access to the restricted resource. 2. If they aren't, forward them to the login page and create an HTTPSession to keep track of that user. 3. Once they've logged in, add the authentication system to the HTTPSession created in step 2 to hold that info and forward them to the resource. 4. Continue using the same HTTPSession to maintain state. The problem my security team has with this is that someone could potentially steal the users HTTPSession ID before they've logged in, as this is created in the login screen. e.g. the user is forwarded to the login screen, then goes to make themselves a cup of coffee. A hacker goes to their computer and writes down the session ID. The user comes back and logs in, and the hacker pretends to be them from another computer. My question is: how can I avoid this situation and keep the security guys happy? Is it possible to have the session ID held by the browser (in JSessionID) change post-login (ie make tomcat invalidate the current session and create a new session after the user has been successfully authenticated)? Thanks for your help. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssiservlet ioexception couldn't include file
Hello, I'm using Tomat in a jboss distribution and while all of my include files are working just fine, I'm getting the following error stack trace periodically (not tied to any page requests and at regular intervals - maybe once every couple of minutes). The include files referenced in the ioexception include ok. 2005-07-14 23:59:49,474 ERROR [org.jboss.web.localhost.Engine] StandardContext[]ssi: #include--Couldn't include file: include/footer.inc java.io.IOException: Couldn't find file: /include/footer.inc at org.apache.catalina.ssi.SSIServletExternalResolver.getFileText(SSIServletExternalResolver.java:372) at org.apache.catalina.ssi.SSIMediator.getFileText(SSIMediator.java:142) at org.apache.catalina.ssi.SSIInclude.process(SSIInclude.java:48) at org.apache.catalina.ssi.SSIProcessor.process(SSIProcessor.java:121) at org.apache.catalina.ssi.SSIServlet.processSSI(SSIServlet.java:204) at org.apache.catalina.ssi.SSIServlet.requestHandler(SSIServlet.java:178) at org.apache.catalina.ssi.SSIServlet.doGet(SSIServlet.java:112) at javax.servlet.http.HttpServlet.doHead(HttpServlet.java:270) at javax.servlet.http.HttpServlet.service(HttpServlet.java:714) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at sun.reflect.GeneratedMethodAccessor83.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75) at sun.reflect.GeneratedMethodAccessor110.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:217) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:162) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
Copying an HttpServletRequest
Hello all Is there any way to make a copy of an object implementing the HttpServletRequest interface ? I have thought that maybe using HttpServletRequestWrapper could solve my problem but I'm not sure since the API does not specify if a new copy of the object sent to the constructor is created or not. Thx Cristi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: out of memory error while load testing
start tomcat with -Xrunprof and look at the profile to figureout if there are any objects consuming more memory(leaks). Thread.activeCount() gives you total number of active threads in the current JVM. Refer to javax.management to know more about the Mbeans to monitor the tomcat. You need to write the proxy valve by implementing the org.apache.catalina.Valve, interface. This proxy will gets the request and invokes the actual servlet. You can track the time taken to process each request here. Bhaskar Peddireddy Srikanth wrote: Hi, Its giving out of memory over a period of time (i.e after test ran for some time ) not immediately after starting the test Follwing settings are given in my server.xml For HTTP Connector port=80 maxThreads=500 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=150 connectionTimeout=2 disableUploadTimeout=true / For HTTPS Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS / By active threads do u mean the thread count shown in windows task manager or is there any way to find out active threads in Tomcat? what is this Performance-Valve? can u give some more details on it ? Thank you regards Srikanth.P On 7/14/05, Bhaskar [EMAIL PROTECTED] wrote: You need to check on whether it is giving Outofmemory error is immediately after starting loadtesting with 1500 users or over period of time. If it is over period of time then you need to check whether there are any memory leaks. Or your design for ex., it might happen if you query db and that ends up resulting in huge number of rows. BTW., what is the max number of threads you have configured? and what is the active number of threads? Pbly u can use Performance-Valve to get such details. Bhaskar srikanth peddireddy wrote: Hi All, Recently we started load testing our application using Jmeter. Following error is coming in tomcat while test is run at higher loads like 1500 virtual users etc == SEVERE: Caught exception (java.lang.OutOfMemoryError) executing org.apache.tomca [EMAIL PROTECTED], terminating thread Jun 30, 2005 3:13:53 PM org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run == I already configured the Tomcat using -Xmx option to use upto 2GB of RAM (Tomcat is running on a 3GB RAM machine) Any inputs or pointers to the related resources on this problem?? regards Srikanth Disclaimer This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The views, opinions, conclusions and other information expressed in this electronic mail are those of the individual sender and not endorsed by SDG Software Technologies Pvt. Ltd. unless otherwise indicated by an authorised representative independent of this message. Before opening any attachment please check them for viruses and defects. SDG Software Technologies Pvt. Ltd. shall not accept responsibility for any loss or damage arising from the use of this email or attachment(s). - - Free antispam, antivirus and 1GB to save all your messages Only in Yahoo! Mail: http://in.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: out of memory error while load testing
You can change the JVM option, -Xmx to increase the heap size in catalina.sh and see if it can accomidate more requests Peddireddy Srikanth wrote: I forgot to give details about my Application and test. These details might give you people an idea about the problem area. In this app. users has to enter login ID and pwd in home page which will be sent to a resource which validates these details, say LoginValidation this resource will then forward control to the Main Page of the Application, say MainPage.jsp . From main page user can open/ request different pages(modules of application). But my test only involves a request to LoginValidation followed by request to main page. In this app. inorder to get data about certain activities happening on the server side into the client browser, we keep on refreshing a hidden frame in mainpage (simply using html meta refresh ) after every one minute, lets call this page as PollServerForData.jsp. To simulate this i added a request to PollServerForData.jsp also in my test plan after request to the main page (that means every virtual user will be requesting the PollServerForData.jsp page after every one minute) This test worked for 1200 virtual users and failed for when tried with more than 1200 users . Will there be any problem for tomcat for maintaining more than 1200 sessions in memory?? regards Srikanth.P On 7/14/05, Bhaskar [EMAIL PROTECTED] wrote: You need to check on whether it is giving Outofmemory error is immediately after starting loadtesting with 1500 users or over period of time. If it is over period of time then you need to check whether there are any memory leaks. Or your design for ex., it might happen if you query db and that ends up resulting in huge number of rows. BTW., what is the max number of threads you have configured? and what is the active number of threads? Pbly u can use Performance-Valve to get such details. Bhaskar srikanth peddireddy wrote: Hi All, Recently we started load testing our application using Jmeter. Following error is coming in tomcat while test is run at higher loads like 1500 virtual users etc == SEVERE: Caught exception (java.lang.OutOfMemoryError) executing org.apache.tomca [EMAIL PROTECTED], terminating thread Jun 30, 2005 3:13:53 PM org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run == I already configured the Tomcat using -Xmx option to use upto 2GB of RAM (Tomcat is running on a 3GB RAM machine) Any inputs or pointers to the related resources on this problem?? regards Srikanth Disclaimer This e-mail message may contain confidential, proprietary or legally privileged information. It should not be used by anyone who is not the original intended recipient. If you have erroneously received this message, please delete it immediately and notify the sender. The views, opinions, conclusions and other information expressed in this electronic mail are those of the individual sender and not endorsed by SDG Software Technologies Pvt. Ltd. unless otherwise indicated by an authorised representative independent of this message. Before opening any attachment please check them for viruses and defects. SDG Software Technologies Pvt. Ltd. shall not accept responsibility for any loss or damage arising from the use of this email or attachment(s). - - Free antispam, antivirus and 1GB to save all your messages Only in Yahoo! Mail: http://in.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Copying an HttpServletRequest
From: cristi [mailto:[EMAIL PROTECTED] Is there any way to make a copy of an object implementing the HttpServletRequest interface ? Alter the Tomcat codebase to implement that copy facility, remembering to check through the codebase for pieces that would break. You would then be maintaining your own version of Tomcat. However, see below for why this is not a good idea. I have thought that maybe using HttpServletRequestWrapper could solve my problem but I'm not sure since the API does not specify if a new copy of the object sent to the constructor is created or not. It doesn't, and this probably wouldn't help you even if it did. If the object was a shallow copy, then many of its dependent objects would be shared with the Request from which it was copied; this means that you would probably lose some context when the original Request was recycled. If the object was a deep copy, then it would have its own copy of all of the relevant fields - its own session and so on. So you would have to experiment in order to copy exactly the correct fields to exactly the correct depth - and then the next version of Tomcat might change something that caused your approach to fail, so you would almost certainly have to pick a version and stick with it. Can you tell us what you are trying to achieve? There is almost certainly an alternative way of getting to the same end without having to copy requests but, until you give us a bit more detail, we can't help you. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Copying an HttpServletRequest
Can you tell us what you are trying to achieve? There is almost certainly an alternative way of getting to the same end without having to copy requests but, until you give us a bit more detail, we can't help you. We have a software project up an running but some modifications are required. The requirement of making a copy of the HttpServletRequest is generated by the fact that the former programmers have used (in a natural manner): 1) the HttpServletRequest.setAttributes() to send data to the jsp pages creating the response. ( Thesedata is the servlet computation result). 2) within the jsp pages creating the result various methods of the HttpServletRequest (other than HttpServletRequest.getAttributes() ) object are used to get information from the request object. Now there is the requirement that in the second request sent to the servlet we have to use the computation result of the first request (that isthose data thatyou could findusing the HttpServletRequest.getAttributes() applied to the request object sent in the first request ) to create the final HTML page. Let's supose now that in the second request we have a way of finding the computation result of the first request. This is not enough to satisfy the second request because in order to render the HTML page of the second request we also need other information which can be found in therequest objectsent during thefirst request (e.g. HttpServletRequest.getParameter() ); I hope that I was explicit enough. Final word: We knew it from the start that a solution exists (saving and using all the data that we need between the requests but this is not an easy task now since we have to analyze - and to write - a lot of code), but since all this data can be found in the request object sent to the servlet with the first request we thought that making a copy of the request object should be very easy (and very natural at the same time). Thx C r i s t i Z o i c a s. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Copying an HttpServletRequest
I got a doubt . is your problem is not solved by putting the data computed by first JSP in the session object ?? or putting all the required data in a bean (which is created by jsp:useBean in first jsp) with session scope and accessing that bean in second jsp ?? with out seeing the entirety of your problem I can say that copying HttpRequest attributes into a bean (which in turn may store attributes and values in a hashmap) and setting it in Session and reusing it in second jsp should not take much time. O n 7/15/05, cristi [EMAIL PROTECTED] wrote: Can you tell us what you are trying to achieve? There is almost certainly an alternative way of getting to the same end without having to copy requests but, until you give us a bit more detail, we can't help you. We have a software project up an running but some modifications are required. The requirement of making a copy of the HttpServletRequest is generated by the fact that the former programmers have used (in a natural manner): 1) the HttpServletRequest.setAttributes() to send data to the jsp pages creating the response. ( Thesedata is the servlet computation result). 2) within the jsp pages creating the result various methods of the HttpServletRequest (other than HttpServletRequest.getAttributes() ) object are used to get information from the request object. Now there is the requirement that in the second request sent to the servlet we have to use the computation result of the first request (that isthose data thatyou could findusing the HttpServletRequest.getAttributes() applied to the request object sent in the first request ) to create the final HTML page. Let's supose now that in the second request we have a way of finding the computation result of the first request. This is not enough to satisfy the second request because in order to render the HTML page of the second request we also need other information which can be found in therequest objectsent during thefirst request (e.g. HttpServletRequest.getParameter() ); I hope that I was explicit enough. Final word: We knew it from the start that a solution exists (saving and using all the data that we need between the requests but this is not an easy task now since we have to analyze - and to write - a lot of code), but since all this data can be found in the request object sent to the servlet with the first request we thought that making a copy of the request object should be very easy (and very natural at the same time). Thx C r i s t i Z o i c a s. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Copying an HttpServletRequest
I got a doubt . is your problem is not solved by putting the data computed by first JSP in the session object ?? or putting all the required data in a bean (which is created by jsp:useBean in first jsp) with session scope and accessing that bean in second jsp ?? with out seeing the entirety of your problem I can say that copying HttpRequest attributes into a bean (which in turn may store attributes and values in a hashmap) and setting it in Session and reusing it in second jsp should not take much time. Ok. Your solution is what I proposed in my last paragraph, the only difference is that you are more explicit. The example below explains what is difficult : EX1 : Imagine that we have a set of servlets forwarding to the same jsp page. After we do the modification to our system some of these servlets must store the data temporarly (as you said, in the session). Now the JSP rendering the result must have a way of distinguishing who forwarded to it. If the forward was performed by one of our modified servlets then it must read the results from the session. Otherwise it can read the results from the place where it used to read. We don't want to introduce such kind of dependency in our system. Without analyzing the problem in detail I believe I can provide you with other (more or less) inconvenient problems. regards cristi O n 7/15/05, cristi [EMAIL PROTECTED] wrote: Can you tell us what you are trying to achieve? There is almost certainly an alternative way of getting to the same end without having to copy requests but, until you give us a bit more detail, we can't help you. We have a software project up an running but some modifications are required. The requirement of making a copy of the HttpServletRequest is generated by the fact that the former programmers have used (in a natural manner): 1) the HttpServletRequest.setAttributes() to send data to the jsp pages creating the response. ( Thesedata is the servlet computation result). 2) within the jsp pages creating the result various methods of the HttpServletRequest (other than HttpServletRequest.getAttributes() ) object are used to get information from the request object. Now there is the requirement that in the second request sent to the servlet we have to use the computation result of the first request (that isthose data thatyou could findusing the HttpServletRequest.getAttributes() applied to the request object sent in the first request ) to create the final HTML page. Let's supose now that in the second request we have a way of finding the computation result of the first request. This is not enough to satisfy the second request because in order to render the HTML page of the second request we also need other information which can be found in therequest objectsent during thefirst request (e.g. HttpServletRequest.getParameter() ); I hope that I was explicit enough. Final word: We knew it from the start that a solution exists (saving and using all the data that we need between the requests but this is not an easy task now since we have to analyze - and to write - a lot of code), but since all this data can be found in the request object sent to the servlet with the first request we thought that making a copy of the request object should be very easy (and very natural at the same time). Thx C r i s t i Z o i c a s. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Copying an HttpServletRequest
From: cristi [mailto:[EMAIL PROTECTED] The requirement of making a copy of the HttpServletRequest is generated by the fact that the former programmers have used (in a natural manner): 1) the HttpServletRequest.setAttributes() to send data to the jsp pages creating the response. ( Thesedata is the servlet computation result). 2) within the jsp pages creating the result various methods of the HttpServletRequest (other than HttpServletRequest.getAttributes() ) object are used to get information from the request object. OK. I agree, that's natural - if not a good design for future requirements change. Now there is the requirement that in the second request sent to the servlet we have to use the computation result of the first request (that isthose data thatyou could findusing the HttpServletRequest.getAttributes() applied to the request object sent in the first request ) to create the final HTML page. OK. So there's been a requirement change for which the original approach was not designed, and so somebody on the business side (an internal or external client) has to find the effort and the budget to make that change, or decide that the change is too expensive and not make it. Somebody on the technical side has to inform them of the expected effort, and keep them informed if that changes. Let's supose now that in the second request we have a way of finding the computation result of the first request. This is not enough to satisfy the second request because in order to render the HTML page of the second request we also need other information which can be found in therequest objectsent during thefirst request (e.g. HttpServletRequest.getParameter() ); I hope that I was explicit enough. You have been - many thanks. We knew it from the start that a solution exists (saving and using all the data that we need between the requests but this is not an easy task now since we have to analyze - and to write - a lot of code), but since all this data can be found in the request object sent to the servlet with the first request we thought that making a copy of the request object should be very easy A suggestion for future projects: never presuppose that an external piece of software will make your life easy. Sounds cynical, I know. (and very natural at the same time). Um. Yes, until someone makes another change in the original pages that breaks your code to pull out the data. The approach is fast to code, but fragile in the face of changes. I suspect that, if you still want to follow this approach, about the best you can do will be to create an alternative request implementation that stores the fields you need, plus code to copy them out of the original request into your alternative implementation. Your alternative only needs to store the minimum of data that you need for your application - of course, this is fragile if further changes are made and you realise more data should have been stored, and your developer assumes that your partially-implemented class is actually complete. You can then store that alternative object; as you have implemented it, you will know about its lifecycle. If you do this, I think you're making your application more and more fragile. Instead of this, I would take the time at least to write a few functions to retrieve your data - you could choose to simply pass a parameter to decide which data source to use, or you could use (say) an Adapter pattern to write an interface to the data, one implementation that takes that from the current request, and one implementation that takes it from your preserved data store. You've then insulated yourself from further changes. It may be up to the development team to decide how much insulation they want; I'll just note that most applications change more, and more frequently, than the developers expect. - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Copying an HttpServletRequest
Um. Yes, until someone makes another change in the original pages that breaks your code to pull out the data. The approach is fast to code, but fragile in the face of changes. Yes. You are right. Besides the problem I presented to Peddireddy (one of the guys who has answered my question) there is also the problem you nominate. In fact we will give up implemnting this kind of data transfer between requests.Nice talking with you :) Thank you for your colaboration. C r i s t i a n Z o i c a s - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Assistance
Sure, me and Lalit(email ID in the CC) are very much interested in this. Please let us know the exact requirements. -Nidhi (416.848.3719) --- Medha Parathasarathy [EMAIL PROTECTED] wrote: Hi By any chance, any body in the group is interested in a party time assignment of maintaining the my-lending.com site of mine. If any body is interested, please revert with your profile and cost per hour regards On Thu, 14 Jul 2005 14:35:10 -0700 (PDT), Mitchell Teixeira [EMAIL PROTECTED] said: Hi - I'm trying to use the javaw option in catalina.bat to kick off Tomcat without opening a console window. Besides not having an always open command prompt window (console) I hope to get the various messages which print to the console to go into the standard log. I've been experimenting with the FileLogger settings but not having any success. I've set SwallowOutput to false in hopes of seeing console messages appear in a log file someplace as well. I'm using Tomcat 5.0.19 on Windows 2000 with JDK 1.4.2. I need to start Tomcat from a .bat file since I have extensive extra class files and configuration to call and that does not seem possible when running Tomcat as a service using the default installation setup. Thanks for any help/ideas. MitchellT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://www.fastmail.fm - Choose from over 50 domains or use your own - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Can't get ssl redirection to work properly
I am running Jboss 4.0.1 with the tomcat 5.0 and I have an
application.ear called pds running on it. To access the application
you simple write http://adress:8080/pds;
Now I wanted to enable ssl on the webapp.war in the application so I
changed the server.xml and web.xml and created a keystore and
everything. I redirect from 8080 to 8443 and everything works as
long as do like this.
https://adress:8443/pds - works!!
http://adress:8080/pds/login.jsp - works! get redirected to
https://adress:8443/pds/x
http://adress:8080/pds - doesn´t work - I time out and get a no page
found error.
I really need the the old url http://adress:8080/pds; to be
redirected to https://adress:8443/pds
Any suggestions??
Best regards
Stefan Nisson
Below follows some relevant sections from my server.xml and web.xml:
=== server.xml ==
Connector
port = 8080
address = ${jboss.bind.address}
maxThreads = 150
minSpareThreads = 25
maxSpareThreads = 75
enableLookups = false
redirectPort = 8443
acceptCount = 100
connectionTimeout = 2
disableUploadTimeout = true/
Connector
port = 8443
address = ${jboss.bind.address}
maxThreads = 100
minSpareThreads = 5
maxSpareThreads = 15
scheme = https
secure = true
clientAuth = false
keystoreFile = ./keystore
keystorePass = secret
sslProtocol = TLS/
=== web.xml =
security-constraint
display-nameSecurity for Julius PDS/display-name
web-resource-collection
web-resource-nameJulius web Security/web-resource-name
descriptionRedirect all to SSL/description
url-pattern/*/url-pattern
/web-resource-collection
user-data-constraint
descriptionProtection should be CONFIDENTIAL/description
transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint
/security-constraint
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Apache-like Deny/Allow directives
Is there any way, with Tomcat, to block connections from domains and allow only certain ones, just like the Apache directive : Order Deny,Allow Deny from all Allow from .company.com I've setup my Apache server to do this, but since all the dynamic content is relayed to tomcat (jsp's), it is still accessible to the internet. Luc Boudreau Université du Québec Canada - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
a bug? - Tomcat 5.5 HTTP post buffer contains trailing zeros
I'm a first time user of this forum. If I'm posting a question incorrectly, please advise (and accept my apologies). - Switched to Tomcat 5 from version 4. I'm using HTTPS to post a URL-encoded buffer which often exceeds 4K in length. On the Tomcat side, the received buffer has the correct size but all the bytes past 4096 are zero (the front 4K bytes are correct). Problem does not exist in Tomcat 4. I cannot find any configuration parameter that might address this issue other than 'maxPostSize'. The connector we use does not specify the maxPostSize (so it should default to 2MB according to documentation). Any suggestions? workaround? Is this a Tomcat bug? -Thanks in advance David
Mysterious Error with Tomcat and Log4J
Hi! I encountered a very mysterious problem using log4j with tomcat 5.5.9. I have the file commons-logging.properties in my WEB-INF/classes directory with the following content: orr.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JCategory Log I did not notice my mistake in writing orr.apache instead of org.apache. I used log4j.properties to configure log4j to my needs. When I deployed ma web-app with these files, tomcat did NOT complain about it. Everything worked fine. Then I wrote another web-app, now without the mistake in writing, and Tomcat complained with the following error: SCHWERWIEGEND: Error deploying web application archive BuildManagerWA.war java.lang.NoSuchMethodError: org.apache.log4j.Category.log(Ljava/lang/String;Lorg/apache/log4j/Level;Ljav a/lang/Object;Ljava/lang/Throwable;)V at org.apache.commons.logging.impl.Log4JCategoryLog.error(Log4JCategoryLog.java :149) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java: 3673) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4104) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:7 59) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:739) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:788) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:498) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.apache.commons.modeler.BaseModelMBean.invoke(BaseModelMBean.java:503) at mx4j.server.interceptor.InvokerMBeanServerInterceptor.invoke(InvokerMBeanSer verInterceptor.java:221) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanSer verInterceptor.java:120) at mx4j.server.interceptor.SecurityMBeanServerInterceptor.invoke(SecurityMBeanS erverInterceptor.java:84) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanSer verInterceptor.java:120) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanSer verInterceptor.java:120) at mx4j.server.interceptor.ContextClassLoaderMBeanServerInterceptor.invoke(Cont extClassLoaderMBeanServerInterceptor.java:203) at mx4j.server.MX4JMBeanServer.invoke(MX4JMBeanServer.java:1043) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1377) at org.apache.catalina.manager.ManagerServlet.deploy(ManagerServlet.java:636) at org.apache.catalina.manager.ManagerServlet.doPut(ManagerServlet.java:423) at javax.servlet.http.HttpServlet.service(HttpServlet.java:712) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:178) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:482) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126 ) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105 ) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.jav a:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWo rkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:684) at java.lang.Thread.run(Unknown Source) What is going on there? If I change org.apache into orr.apache everything works fine again! Has anybody an idea? -- MATERNA GmbH Information Communications Vosskuhle 37 44141 Dortmund Tel: +49-231-5599-8868 Fax: +49-231-5599-678868 [EMAIL PROTECTED] www.annyway.dewww.materna.de www.annyway.com www.materna.com Visit us at the following events: ACI EUROPE, Munich June, 22 - 24, 2005 ACI EUROPE, Verona September, 26 - 28, 2005 CTIA Wireless I.T. Entertainment 2005, San Francisco September, 27 - 29, 2005 Con4, Cologne September, 27 - 29,
Re: Apache-like Deny/Allow directives
[EMAIL PROTECTED] wrote: Is there any way, with Tomcat, to block connections from domains and allow only certain ones, just like the Apache directive : Order Deny,Allow Deny from all Allow from .company.com I've setup my Apache server to do this, but since all the dynamic content is relayed to tomcat (jsp's), it is still accessible to the internet. Luc Boudreau Université du Québec Canada Is there a reason you can't use Apache directives on the areas you wish to restrict? -- Justin Crabtree Java Programmer Ozarks Technical Community College 447-7533 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5/Apache2/mod_jk and Sticky_Session
Hi all. I am attempting to setup a loadbalanced set of Tomcat5.5 servers behind an Apache2 server using mod_jk. The application developers have told me that the app will require sticky sessions. I have it all configured and working with the exception of the sticky sessions. I think my workers.properties is correct so there must be something I am missing. For testing, I created a JSP in the ROOT application of each of the Tomcat servers which simply displays the server name and SessionID. The loadbalancing is working, but instead of maintaining a session, it's flip-flopping between servers and thus changing session ID's. My workers.properties contains (note the localhost is in the opposite place on the other server); worker.list= qatomcat1, qatomcat2, loadbalancer # worker.qatomcat1.port=8009 worker.qatomcat1.host=qahost1 worker.qatomcat1.type=ajp13 worker.qatomcat1.lbfactor=100 worker.qatomcat1.local=0 # worker.qatomcat2.port=8009 worker.qatomcat2.host=localhost worker.qatomcat2.type=ajp13 worker.qatomcat2.lbfactor=100 worker.qatomcat2.local=1 David A. Morrow Technical Systems Lead Autodata Solutions Company [EMAIL PROTECTED] http://www.autodata.net Tel: (519) 951-6079 Fax: (519) 451-6615 Poor planning on your part does not necessarily constitute an emergency on my part! This message has originated from Autodata Solutions. The attached material is the Confidential and Proprietary Information of Autodata Solutions. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please delete this message and notify the Autodata system administrator at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
Tomcat 5.5 with Java 1.42
I want to use Tomcat5.5 with Java 1.42 Does anyone know how to do this? The release notes http://jakarta.apache.org/tomcat/tomcat-5.5-doc/RELEASE-NOTES.txt provided some clues (see Bundled APIs section when running on J2SE 1.4:). It talks about a compatibility package which I haven't been able to find on Apache's web site. It also mentions jmx.jar and xercesImpl.jar which I have located and placed in common/lib. However Tomcat still refuses to start giving me the following message: This release of Apache Tomcat was packaged to run on J2SE 5.0 or later. It can be run on earlier JVMs by downloading and installing a compatibility package from the Apache Tomcat binary download page. As I said before I haven't been able to find the referenced compatibility package so I'd appreciate a friendly link or instructions. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat 5.5 with Java 1.42
From: Dewey, John [mailto:[EMAIL PROTECTED] Subject: Tomcat 5.5 with Java 1.42 As I said before I haven't been able to find the referenced compatibility package so I'd appreciate a friendly link or instructions. It's the one cleverly disguised with the name Compat on the regular Tomcat download page: http://jakarta.apache.org/site/downloads/downloads_tomcat-5.cgi All you have to do is unzip it. You should remove any other jars you have manually scattered into the Tomcat directories, since they are not needed and are likely to annoy the classloaders. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Any kind of Request Recorder/Player available?
With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
A mind-blogging question.
Hi Everyone, I just installed tomcat 5.5.9. However, I can't login in to the manager functionality even if I set the the tomcate-users.xml right. The error message is : HTTP Status 403 - Access to the requested resource has been denied type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. I can't do anything without accessing to this part. I have been searched over google for similar problem. Hope you can give me some hints. Thanks in advance! --Paul Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any kind of Request Recorder/Player available?
That's a really interesting question... I don't know of anything that exists, although I'm quite certain something does. :) I can however think it through, and its probably not a huge chore to build... As you mentioned, a filter would probably do the trick nicely... if we assume your app only deals in POSTs and GETs of basic user input (because things like multiparts and such would complicate matters a bit), then it's really just a simple filter that iterates over all parameters and stores them. Just a simple CSV file of name=value pairs would suffice, with each line being a request. Then it should be a simple matter to write a Java app using the standard JDK classes to run through that CSV file and make the requests with the parameters you recorded. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, July 15, 2005 1:28 pm, Will Hartung said: With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
wrapping contexts
Hi, this is pretty much a dummy question I think. I'm running Tomcat standalone for several websites. I have several webapps running which I want to share across various websites; an email app, file management app, message board, photo/blog, etc etc. What is the proper way to configure things to be shared, along with look and feel, ie to wrap the various apps inside each website? I don't want to get into a portlet container, but perhaps that's what I need to do? Right now I am using an ugly kluge of IFRAMEs and parameters to markup the look and feel. Many thanks for a primer. pete - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any kind of Request Recorder/Player available?
netbeans.org has a http monitor module that can record and playback of http requests, plugged into netbeans' web development framework. I think you could just download just that module and manually install it into your tomcat, and use the UI from netbeans to do the record/playback. It actually can be installed into any newer application server that is up to date in its servlet support. go to http://monitor.netbeans.org for more details --George On 7/15/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: That's a really interesting question... I don't know of anything that exists, although I'm quite certain something does. :) I can however think it through, and its probably not a huge chore to build... As you mentioned, a filter would probably do the trick nicely... if we assume your app only deals in POSTs and GETs of basic user input (because things like multiparts and such would complicate matters a bit), then it's really just a simple filter that iterates over all parameters and stores them. Just a simple CSV file of name=value pairs would suffice, with each line being a request. Then it should be a simple matter to write a Java app using the standard JDK classes to run through that CSV file and make the requests with the parameters you recorded. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, July 15, 2005 1:28 pm, Will Hartung said: With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sharing sessions through different domains (in one tomcat)
Hello, I'm developing a webapp that is reachable via a couple of domains, but there is only one webapp in one tomcat. I need to share the session of a user over these different domains. What is the best way to guarantee that no session is lost, when the user switches between two domains ? Do I have to take care that the ;jsessionid extension is in every link ? Is it possible to avoid this extension ? What is the best way to solve my problem ? Thx berger - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
I can't access the tomcat managment console
Sorry to repeat this question. I hope that the title will describe the problem more accurately at this time. Thanks, --Paul --- zhou jian [EMAIL PROTECTED] wrote: Hi Everyone, I just installed tomcat 5.5.9. However, I can't login in to the manager functionality even if I set the the tomcate-users.xml right. The error message is : HTTP Status 403 - Access to the requested resource has been denied type Status report message Access to the requested resource has been denied description Access to the specified resource (Access to the requested resource has been denied) has been forbidden. I can't do anything without accessing to this part. I have been searched over google for similar problem. Hope you can give me some hints. Thanks in advance! --Paul Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs __ Yahoo! Mail for Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is anyone receiving this? Messages bouncing
Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Slightly OT] JDK 1.5 + enum + serialization
Hi all. I have a question, which is slightly off topic, but can crop up in TC. SHORT VERSION: can a Java 1.5 enum be serilaized? LONG VERSION --- I have been working on project that uses it's own RPC via java.io.DataInput/DataOutput and I have run into a wall trying to send an enum via comm channel. I always get InstantiationError. When I gave it a thought, it became clear that *that* operation is not possible. Why? Well, enums look like classes, in that they can have methods, constructors and attributes. One major difference, though, is that constructor is NOT public and you cannot instantiate an object of type enum. And, just to be absolutely clear, you shouldn't be able to do that with enums - they are not classes. Enums are like collections of named constants. So, my question is basically, can enum be serialized via Java Serialization? What does it have to do with TC? :-) Well, TC uses serialization for session objects, when it shuts down, right? So, if you have objects that are enums or have enum attributes, what should you do? One solution, and that is the approach we're using, is to have an external representation of your enums, like int or String nad use that for serialization/deserialization. Anyone has a better hint? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is anyone receiving this? Messages bouncing
--- ohaya [EMAIL PROTECTED] wrote: Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is anyone receiving this? Messages bouncing
hi, i received - Original Message - From: ohaya To: tomcat-user@jakarta.apache.org Sent: Friday, July 15, 2005 5:10 PM Subject: Is anyone receiving this? Messages bouncing Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
osType is null
Hi,
Can you tell me as why i m the osType is NULL in below log file:
4.1.30/webapps/nm00/jsp/LogonData.jsp
2005-07-14 15:55:55 RequestURI: /nm00/jsp/LogonData.jsp
2005-07-14 15:55:55QueryString: null
2005-07-14 15:55:55 Request Params:
2005-07-14 15:55:55TimeZoneOffset = 4
2005-07-14 15:55:55requestType = 1002
2005-07-14 15:55:55passwd =
2005-07-14 15:55:55userId = test4
2005-07-14 15:55:55passwdExpired = false
2005-07-14 15:55:55osType =
2005-07-14 15:55:55srcPage = /jsp/Logon.jsp
2005-07-14 15:55:57 JspEngine -- /jsp/MainFrame.jsp
2005-07-14 15:55:57ServletPath: /jsp/MainFrame.jsp
This is very sporadic the majority of the times i do get a successful
osType:
2005-07-14 15:55:47 Request Params:
2005-07-14 15:55:47TimeZoneOffset = 4
2005-07-14 15:55:47requestType = 1001
2005-07-14 15:55:47passwd = Test4!
2005-07-14 15:55:47userId = test4
2005-07-14 15:55:47passwdExpired = false
2005-07-14 15:55:47osType = Mozilla/4.0 (compatible;
MSIE 6.0; Windows NT 5.1; HCI0431; HCI0445; HCI0527; .NET CLR 1.1.4322)
Following is the code where i m getting the ostype:
onSubmit=fillOS();
function fillOS()
{
document.logonform.osType.value = navigator.userAgent;
setCursor('wait');
}
I will appreciate your help if you can guide me solve this issue.
Thanks.
Anil
This e-mail and any attachments may be confidential and/or legally privileged.
If you have received this e-mail and you are not a named addressee, please
inform Evolving Systems TIS at [EMAIL PROTECTED] and then delete the e-mail
from your system. If you are not a named addressee you must not use, disclose,
distribute, copy, print or rely on this e-mail. To ensure regulatory compliance
and for the protection of our clients and business, Evolving Systems may
monitor and read e-mails sent to and from its servers. Although Evolving
Systems routinely screens for viruses, addressees should scan this e-mail and
any attachments for viruses. Evolving Systems makes no representation or
warranty as to the absence of viruses in this e-mail or any attachments.
Registered Office: 9777 Mt. Pyramid Ct Suite 100, Englewood, CO 80112
Re: Is anyone receiving this? Messages bouncing
Edrei and Zhou, Ok, thanks! I'll try again with the msgs that bounced. Sorry for the bother... Jim Edrei Marcelo wrote: hi, i received - Original Message - From: ohaya To: tomcat-user@jakarta.apache.org Sent: Friday, July 15, 2005 5:10 PM Subject: Is anyone receiving this? Messages bouncing Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
Bill Barker wrote: ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. [Sorry everyone. I'm resending this because it looks like I got a bounce from my previous attempts?? Jim] Hi Bill, Thanks! I think that I've at least been able to get started with this, but instead of RealmBase, I've gotten a very (I mean, VERY) crude JAASRealm example working, where I built my own JAASLoginModule, etc. So far, it seems to be working ok, but I haven't really added any too complicated yet... Jim P.S. I forgot to ask: Is this mailing list appropriate for questions about this type of subject? Or, is one of the other Tomcat lists more appropriate? I'll be needing to add more functionality to this, so I'm just wondering if this is the right place for future questions? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Is anyone receiving this? Messages bouncing
From: ohaya [mailto:[EMAIL PROTECTED] Subject: Is anyone receiving this? Messages bouncing Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? Yes, the messages are getting through. You can see them in the archives - e.g., http://marc.theaimsgroup.com/?l=tomcat-userr=1w=2 The bounce messages sometimes come out several hours after the message makes it to the list. I assume the Apache mail servers are acting up again. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where is default logon.jsp for Tomcat Admin webapp?
Hi, When connecting to the Tomcat Admin webapp, a forms-based login page appears. The web.xml for admin has a login-config section that indicates that the login page is /login.jsp. However, I've looked all over my hard drive, and especially in the admin directory, and I can't find any such file. If I change the login-config section to /jimlogin.jsp, Tomcat seems to look for jimlogin.jsp in the admin directory, but does anyone know where the default login.jsp is located? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ssiservlet ioexception include directive error
Hello, I'm using Tomat in a jboss distribution and while all of my include files are working just fine, I'm getting the following error stack trace periodically (not tied to any page requests and at regular intervals - maybe once every couple of minutes). The include files referenced in the ioexception include ok. 2005-07-14 23:59:49,474 ERROR [org.jboss.web.localhost.Engine] StandardContext[]ssi: #include--Couldn't include file: include/footer.inc java.io.IOException: Couldn't find file: /include/footer.inc at org.apache.catalina.ssi.SSIServletExternalResolver.getFileText(SSIServletExternalResolver.java:372) at org.apache.catalina.ssi.SSIMediator.getFileText(SSIMediator.java:142) at org.apache.catalina.ssi.SSIInclude.process(SSIInclude.java:48) at org.apache.catalina.ssi.SSIProcessor.process(SSIProcessor.java:121) at org.apache.catalina.ssi.SSIServlet.processSSI(SSIServlet.java:204) at org.apache.catalina.ssi.SSIServlet.requestHandler(SSIServlet.java:178) at org.apache.catalina.ssi.SSIServlet.doGet(SSIServlet.java:112) at javax.servlet.http.HttpServlet.doHead(HttpServlet.java:270) at javax.servlet.http.HttpServlet.service(HttpServlet.java:714) at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) at sun.reflect.GeneratedMethodAccessor83.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:161) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:245) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75) at sun.reflect.GeneratedMethodAccessor110.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:243) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:272) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:217) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:50) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:156) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:152) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:162) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at
Depreciated?
I understand HttpSession session=req.getSession(true); has been depreciated. What is correct to use in place of HttpSession ? Thanks, -Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any kind of Request Recorder/Player available?
Got a bounce the first time... -- Forwarded message -- From: George Finklang [EMAIL PROTECTED] Date: Jul 15, 2005 10:59 AM Subject: Re: Any kind of Request Recorder/Player available? To: Tomcat Users List tomcat-user@jakarta.apache.org netbeans.org has a http monitor module that can record and playback of http requests, plugged into netbeans' web development framework. I think you could just download just that module and manually install it into your tomcat, and use the UI from netbeans to do the record/playback. It actually can be installed into any newer application server that is up to date in its servlet support. go to http://monitor.netbeans.org for more details --George On 7/15/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: That's a really interesting question... I don't know of anything that exists, although I'm quite certain something does. :) I can however think it through, and its probably not a huge chore to build... As you mentioned, a filter would probably do the trick nicely... if we assume your app only deals in POSTs and GETs of basic user input (because things like multiparts and such would complicate matters a bit), then it's really just a simple filter that iterates over all parameters and stores them. Just a simple CSV file of name=value pairs would suffice, with each line being a request. Then it should be a simple matter to write a Java app using the standard JDK classes to run through that CSV file and make the requests with the parameters you recorded. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, July 15, 2005 1:28 pm, Will Hartung said: With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
