Re: another problem with JAAS
Michiel, that would be the one that you put there, right? Adam On 04/23/2004 10:33 AM Michiel Toneman wrote: Oops, missed the How ;-) Subject subject = (Subject)session.getAttribute(javax.security.auth.subject); if (subject == null) { subject = new Subject(); } else { System.out.println(According to the Filter, the subject is: + subject); } and once we have logged in our subject: session.setAttribute(javax.security.auth.subject, subject); I'll write this up over the weekend Cheers, Michiel Alan Weissman wrote: Yes but how? :) What is the key that you use in the session? -Original Message- From: Michiel Toneman [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 12:51 PM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Alan, That's correct, I overwrite the subject. Michiel Alan Weissman wrote: Hey Michiel - How did you overwrite Tomcat's Subject in the Session with your own? Thanks, Alan -Original Message- From: Michiel Toneman [mailto:[EMAIL PROTECTED] Sent: Thursday, April 22, 2004 9:51 AM To: Tomcat Users List Subject: Re: another problem with JAAS Hi Beloglazov, I was running into the same problem. As far as I can tell (anyone on the list, please correct me if I'm wrong), Tomcat primarily uses JAAS for authentication, but it is pretty useless for authorisation. I have no idea why the JAASRealm goes to all the trouble of setting up a Subject etc... when you can't use them in your own policy. All you can do is use isUserInRole() to check for the *name* of your role Principal. This totally defeats the point of using JAAS IMHO. I am using a JAAS implementation with is custom Policy that assigns Permission(s) based on various types of Principal that I assign to the Subject. My webapps can then do proper java Permission checks (AccessController.checkPermission(perm)). The way to go in Tomcat is using a filter, setting up (LoginContext) your Subject and use a doAsPrivileged() to wrap the servlet call. (see my earlier post on the list). However, this does not work on Tomcat (works fine on JRun4) because the filter and servlet are evaluated by Tomcat in different security contexts. The solution was to overwrite Tomcat's Subject in the session by my own Subject. I'm writing a tutorial on this, but it isn't ready yet. If you need an implementation fast, and the above is not enough to go on, I can speed up the writing ;-) Cheers, Michiel Beloglazov Maksim wrote: Hello, I've written a JAAS LoginModule and my web application successfully authorizes with it. But! While the authorization is successful, Tomcat does not recognize user Principals and roles which I assign in login module and returns that I have logged as a *null* user with no roles assigned to it. server.xml: Realm className=org.apache.catalina.realm.JAASRealm appName=merx userClassNames=ru.mb.security.jaas.RdbmsPrincipal roleClassNames=ru.mb.security.jaas.RdbmsRole debug=99/ ru.mb.security.jaas.RdbmsPrincipal and ru.mb.security.jaas.RdbmsRole are implementations of java.security.Principal interface. How can I force Tomcat recognize these Principals in a proper way? Can be the problem with moving javax.security.Principal of earlier JDKs to java.security.Principal in modern ones? Any help is greatly appreciated. Beloglazov Maksim. -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: another problem with JAAS
The servlet container spec from Sun doesn't specify any integration requirements for JAAS. The JAAS support is basically fledgeling authentication, and that's it for servlet spec 2.4 - I would be interested myself in seeing the discussions and motivations behind the progress and changes on the road to 2.5, but I don't know whether it's public. On 04/22/2004 03:52 PM Peter Rossbach wrote: Hello, strange error! I have looked inside the JAASRealm code and can't find a error. Subject result: You must have as your subject one Principal (java.security.Principa) for real user Than you can have one or more Group Principals with Name =Roles from class java.security.acl.Group for the real user roles! All member names from this groups are added to the tomcat role names. An option is you generate your own GenericPrincipal! regards Peter http://tomcat.objektpark.org Beloglazov Maksim schrieb: Hello, I've written a JAAS LoginModule and my web application successfully authorizes with it. But! While the authorization is successful, Tomcat does not recognize user Principals and roles which I assign in login module and returns that I have logged as a *null* user with no roles assigned to it. server.xml: Realm className=org.apache.catalina.realm.JAASRealm appName=merx userClassNames=ru.mb.security.jaas.RdbmsPrincipal roleClassNames=ru.mb.security.jaas.RdbmsRole debug=99/ ru.mb.security.jaas.RdbmsPrincipal and ru.mb.security.jaas.RdbmsRole are implementations of java.security.Principal interface. How can I force Tomcat recognize these Principals in a proper way? Can be the problem with moving javax.security.Principal of earlier JDKs to java.security.Principal in modern ones? Any help is greatly appreciated. Beloglazov Maksim. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: LoginModules
On 04/21/2004 10:27 PM Alan Weissman wrote: I've written a simple login module that I've configured to run from a Struts Action class and it appears to be working wonderfully - authentication takes place and principal/credentials are returned. However, I can't get any of this information back when I call isUserInRole and getUserPrinical. How can I store the principals/credentials with the server such that these methods will start returning the appropriate information? Or does authentication need to take place via a Realm for these methods to work? Hi Alan, You need to get tomcat to run the login automatically when your users try to access URLs protected by security-constraints declared in the deployment descriptor web.xml. Adam -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuration and performance questions
1. Yes of course. 4.1.30 is many release cycles ahead of 5.0.19. But that's a matter of course with all software. 2. Don't know. 3. I thought 'enterprise' was a marketing word ;) 4. Are you sure you've got apache configured correctly? I don't think there should be such a noticeable difference. Adam On 04/20/2004 03:07 AM Brian C. Dilley wrote: We are evaluating tomcat as a replacement for JRun. We are hoping that we can get some real world experiences in order to support our assumptions. We have the following questions and concerns regarding tomcat. 1. We are currently looking at version 5.0.19. Is there a performance\stability trade off compared to version 4.1.30? 2. What are the advantages or disadvantages of the different mod_jk2 worker types (ie: channelSocket, unixSocket, jni)? And are there any other connectors that we may want to evaluate. 3. Is there any documentation, or can anyone attest to the performance\stability of tomcat in an enterprise environment. 4. We have tested apache 2.0.49 using mod_jk2 (channel socket using AJP13) version 2.0.4 and tomcat 5.0.19 and found that it has some concurrency issues. Here are our findings, we are using siege for load testing: Config: Tomcat 5.0 / java 1.4.1 Concurrent: 100 Time: 5M Transactions: 3712 hits Availability: 100.00 % Elapsed time: 310.18 secs Data transferred: 171245696 bytes Response time: 7.80 secs Transaction rate: 11.97 trans/sec Throughput: 552084.94 bytes/sec Concurrency:93.37 Successful transactions:3712 Failed transactions: 0 Test Run 2 Config: Apache 2.0.49 / Tomcat 5.0 / mod_j2k / java 1.4.1 Concurrent: 100 Time: 5M Transactions: 750 hits Availability: 99.87 % Elapsed time: 1078.13 secs Data transferred: 6124581 bytes Response time: 27.71 secs Transaction rate: 0.70 trans/sec Throughput: 5680.74 bytes/sec Concurrency:19.27 Successful transactions: 747 Failed transactions: 4 Test Run 3 Config: Apache 1.3.27 / JRUN 3.0.2.1114 / mod_jrun / java 1.4.1 Concurrent: 100 Time: 5M Transactions: 3791 hits Availability: 100.00 % Elapsed time: 314.09 secs Data transferred: 62513590 bytes Response time: 7.34 secs Transaction rate: 12.07 trans/sec Throughput: 199030.83 bytes/sec Concurrency:88.62 Successful transactions:3791 Failed transactions: 0 Test Run 4 Config: Tomcat 5.0 / java 1.4.2_04 Transactions: 5176 hits Availability: 100.00 % Elapsed time: 304.94 secs Data transferred: 238784408 bytes Response time: 5.64 secs Transaction rate: 16.97 trans/sec Throughput: 783053.75 bytes/sec Concurrency:95.75 Successful transactions:5176 Failed transactions: 0 Test 5 Config: Apache 2.0.49 / Tomcat 5.0 / mod_j2k / java 1.4.2_04 Transactions: 701 hits Availability: 99.72 % Elapsed time: 659.95 secs Data transferred: 5580926 bytes Response time: 31.29 secs Transaction rate: 1.06 trans/sec Throughput: 8456.59 bytes/sec Concurrency:33.24 Successful transactions:679 Failed transactions:24 Test Run 6 Config: Apache 1.3.27 / JRUN 3.0.2.1114 / mod_jrun / java 1.4.2_04 Transactions: 3868 hits Availability: 100.00 % Elapsed time: 308.78 secs Data transferred: 63783320 bytes Response time: 7.16 secs Transaction rate: 12.53 trans/sec Throughput: 206565.58 bytes/sec Concurrency:89.68 Successful transactions:3868 Failed transactions:0 -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realm(?) authentication
On 04/18/2004 12:22 PM Frank Schaare wrote: I've written one step by step for this. It's for Tomcat on Linux, but I don't think Windows is different at all, at least for the realm part. Can't say the same for the installation. You can view it at http://www.connecties.com/cymulacrum/tomcat5/c578.html. This is for JDBC Or maybe you just think that my writing sucks i´m reading a lot of this stuff but your writing definetly NOT sucks ! Is is cool, short and very useful, thank you for posting your link. You should definitely post this link on the Jakarta wiki. -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4 vs 5 form based container auth filters
Martin, how does it cater for it? Are you saying you can use web.xml to map filters to the j_security_check URL? Adam On 04/16/2004 11:41 AM Martin Alley wrote: FYI this is catered for in tomcat 5 with the filter-mapping/dispatcher element (see servlet 2.4 spec). Thanks to Bill Barker for the info. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 13 April 2004 16:35 To: 'Tomcat Users List' Subject: RE: tomcat 4 vs 5 form based container auth filters Anyone? -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 16:42 To: 'Tomcat Users List' Subject: RE: tomcat 4 vs 5 form based container auth filters Thanks Adam It seems to me that the separation idea is not clear cut. There is certainly a down side. I wonder whether this will stick. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 13:48 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters I can see Yoav is blitzing the mailing list right now. Perhaps you'll get a more authoritative answer from him or the other hardcore tomcat people. One of the problems of excluding filters from the authentication request is to do with character-encoding in the request - I remember someone whose realm included users with user-names containing accented characters that had to be converted to the correct character-encoding for the realm database. He had used a filter to do it but obviously had to find another way. Adam On 04/12/2004 02:34 PM Martin Alley wrote: Except with form based auth, you want the look at feel to be part of the application? What reasons did you hear? :-) Whilst not knowing the full reasons, it would be nice if there was some config switch to control this, other wise it increases application maintainence overhead if you want to change the look and feel. I'll see if I can find anything in the tc5 release notes on this. Thanks again Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 13:13 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters AFAIK it has something to do with providing a clean seperation between the authentication (tomcat) and the application (your filter). I think there were probably several reasons though for it, which outweighed the reasons against, and I have heard a few of them. Adam On 04/12/2004 01:50 PM Martin Alley wrote: Hi Adam, Why do you think this behaviour changed from tomcat4 ? I haven't gone into the full architecture of sitemesh, as yet, but I know it includes a filter. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 11:26 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters Yes your observations are correct. It's my understanding that filters are not invoked until after authentication. i.e. after the form-based login. I have no experience of site-mesh, but it seems a bit weird anyway to put decorations on a page via a filter - surely you should be encapsulating that sort of stuff in a JSP or taglib? Adam On 04/12/2004 11:02 AM Martin Alley wrote: Can anyone comment on this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 09 April 2004 09:53 To: Tomcat Users List Subject: tomcat 4 vs 5 form based container auth filters Hi, Initial observation indicates that filters get executed when a form for form based container auth is served - under tomcat 4, but not under tomcat 5. I'm using sitemesh. The decorations go on the form based login page under tomcat 4, but not under tomcat 5. I need to do more research, but can any one add to this? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in tomcat
On 04/12/2004 10:31 AM [EMAIL PROTECTED] wrote: Hello. I'm a bit confused. I'm trying tomcat's authentication with bad or no results. The documentation is very simple and I don't understand so well. I've a web application and I want to make authentication with a user role and a admin role. The admin can administrate permissions and roles. I want to use form authentication. Each role can access a part of the application web. I must check if the user has a session and has permission for the accessing. I've got a connection pool with JNDI in mysql. Has anybody a full example? You need to set up a realm. Presumably a JNDI or JDBC realm would suit you. Realms are IMO well documented on the tomcat website at jakarta, and with examples as well I believe. Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4 vs 5 form based container auth filters
Yes your observations are correct. It's my understanding that filters are not invoked until after authentication. i.e. after the form-based login. I have no experience of site-mesh, but it seems a bit weird anyway to put decorations on a page via a filter - surely you should be encapsulating that sort of stuff in a JSP or taglib? Adam On 04/12/2004 11:02 AM Martin Alley wrote: Can anyone comment on this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 09 April 2004 09:53 To: Tomcat Users List Subject: tomcat 4 vs 5 form based container auth filters Hi, Initial observation indicates that filters get executed when a form for form based container auth is served - under tomcat 4, but not under tomcat 5. I'm using sitemesh. The decorations go on the form based login page under tomcat 4, but not under tomcat 5. I need to do more research, but can any one add to this? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4 vs 5 form based container auth filters
AFAIK it has something to do with providing a clean seperation between the authentication (tomcat) and the application (your filter). I think there were probably several reasons though for it, which outweighed the reasons against, and I have heard a few of them. Adam On 04/12/2004 01:50 PM Martin Alley wrote: Hi Adam, Why do you think this behaviour changed from tomcat4 ? I haven't gone into the full architecture of sitemesh, as yet, but I know it includes a filter. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 11:26 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters Yes your observations are correct. It's my understanding that filters are not invoked until after authentication. i.e. after the form-based login. I have no experience of site-mesh, but it seems a bit weird anyway to put decorations on a page via a filter - surely you should be encapsulating that sort of stuff in a JSP or taglib? Adam On 04/12/2004 11:02 AM Martin Alley wrote: Can anyone comment on this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 09 April 2004 09:53 To: Tomcat Users List Subject: tomcat 4 vs 5 form based container auth filters Hi, Initial observation indicates that filters get executed when a form for form based container auth is served - under tomcat 4, but not under tomcat 5. I'm using sitemesh. The decorations go on the form based login page under tomcat 4, but not under tomcat 5. I need to do more research, but can any one add to this? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4 vs 5 form based container auth filters
I can see Yoav is blitzing the mailing list right now. Perhaps you'll get a more authoritative answer from him or the other hardcore tomcat people. One of the problems of excluding filters from the authentication request is to do with character-encoding in the request - I remember someone whose realm included users with user-names containing accented characters that had to be converted to the correct character-encoding for the realm database. He had used a filter to do it but obviously had to find another way. Adam On 04/12/2004 02:34 PM Martin Alley wrote: Except with form based auth, you want the look at feel to be part of the application? What reasons did you hear? :-) Whilst not knowing the full reasons, it would be nice if there was some config switch to control this, other wise it increases application maintainence overhead if you want to change the look and feel. I'll see if I can find anything in the tc5 release notes on this. Thanks again Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 13:13 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters AFAIK it has something to do with providing a clean seperation between the authentication (tomcat) and the application (your filter). I think there were probably several reasons though for it, which outweighed the reasons against, and I have heard a few of them. Adam On 04/12/2004 01:50 PM Martin Alley wrote: Hi Adam, Why do you think this behaviour changed from tomcat4 ? I haven't gone into the full architecture of sitemesh, as yet, but I know it includes a filter. Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 12 April 2004 11:26 To: Tomcat Users List Subject: Re: tomcat 4 vs 5 form based container auth filters Yes your observations are correct. It's my understanding that filters are not invoked until after authentication. i.e. after the form-based login. I have no experience of site-mesh, but it seems a bit weird anyway to put decorations on a page via a filter - surely you should be encapsulating that sort of stuff in a JSP or taglib? Adam On 04/12/2004 11:02 AM Martin Alley wrote: Can anyone comment on this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 09 April 2004 09:53 To: Tomcat Users List Subject: tomcat 4 vs 5 form based container auth filters Hi, Initial observation indicates that filters get executed when a form for form based container auth is served - under tomcat 4, but not under tomcat 5. I'm using sitemesh. The decorations go on the form based login page under tomcat 4, but not under tomcat 5. I need to do more research, but can any one add to this? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with configuing Tomcat
Hi Mike, I'm not familiar with openejb but I assume that you are talking about fetching the initial context for JBoss? Try this in your code: Hashtable env = new java.util.Hashtable(); env.put(java.naming.factory.initial, org.jnp.interfaces.NamingContextFactory); env.put(java.naming.factory.url.pkgs, org.jboss.naming;); env.put(java.naming.provider.url, jnp://localhost:1099); InitialContext ic = new InitialContext(env); Object ref = ic.lookup(ejb/HelloWorld); Adam On 04/07/2004 01:28 PM Michael Forster wrote: I am trying to get Tomcat talking to JBoss through JNDI How do I do this? I have looked at the server config and the web.xml files all to no luck, In the old config (openejb) there is a definition configured on the Tomcat for a factory declaring parameter namefactory/name valueorg.openejb.client.TomcatEjbFactory/value /parameter parameter nameopenejb.naming.factory.initial/name valueorg.jnp.interfaces.RemoteInitialContextFactory/value /parameter is there a similar one for JBoss? What else do I need to change to get it working with JBOss? (I have to use Tomcat 5 rather than the emnbedded tomcat with JBoss as the embedded version doesnt support SSL properly and crashes.) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS problems migrating from JRun
Michiel, you are programming your own login trigger in a filter - I don't this this will work (although I'm happy to be wrong). I think tomcat is only going to adopt your principals as authenticated if you protect whichever pages necessary via security-constraints in the deployment descriptor. You must set up a LoginModule that tomcat will find, and in this LoginModule tomcat gives you a call-back-handler which you use to do the authentication. You must then set your Subject, which is also passed to you by tomcat. Adam On 04/06/2004 01:39 AM Michiel Toneman wrote: Hi All, The company I work for is attempting to move from JRun 3/4 to Tomcat 5.0.19. So far it has been smooth sailing, and the migration is going better than expected. However, before the migration we were about to deploy a JAAS framework on JRun 4. This framework doesn't seem to work at all well in Tomcat 5. I've implemented a tailored JAAS framework with various types of Principals that grant certain (custom) Permissions in my own Policy. To enforce this onto the webapp, I used a Filter to establish a LoginContext and then wrap the servlet in a Subject.doAsPrivileged call. To clarify: I'm not looking for authentication through JAAS (I've imlemented this in a minimal way), but I'm looking to JAAS for some more elaborate authorization tricks. In my doFilter (simplified): LoginContext lc = new LoginContext(MyJaas, new MyHttpAuthCallbackHandler(request)); lc.login(); Subject.doAsPrivileged(lc.getSubject(),new FilteredAction(request,response,chain) , null); where FilteredAction is an inner class: --- class FilteredAction implements PrivilegedAction { ServletRequest faRequest; ServletResponse faResponse; FilterChain faChain; public FilteredAction(ServletRequest request, ServletResponse response, FilterChain chain) { this.faRequest=request; this.faResponse=response; this.faChain=chain; } public Object run() { try { faChain.doFilter(faRequest, faResponse); } catch (Exception e) { e.printStackTrace(); } return null; } } --- I replace the default Policy with my own policy that adds permissions based on principals assigned in the LoginContext. This is done in the Filter's init: --- public void init(FilterConfig config) throws ServletException { Policy orgPolicy = Policy.getPolicy(); if (orgPolicy instanceof MyPolicy) { // we already did this once upon a time.. } else { Policy.setPolicy(new MyPolicy(orgPolicy)); } } --- This works like a charm on JRun (it's a textbook example on the web). However, it fails miserably on Tomcat 5. It looks like the Filter is being evaluated in a different security context by Tomcat than the Servlet itself (based on evaluation of stacktraces generated in my custom Policy class). Therefore, none of the Principals assigned to the Subject in the Filter are available in the Servlet (when MyPolicy.getPermissions() is called). Does anyone have an idea how I should go about getting (something like) this to work on Tomcat? Any help would very much appreciated. Cheers, Michiel Toneman - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS problems migrating from JRun
I'm no expert on the internals of tomcat, sorry. You might be looking at a hole in the implementation. I haven't used the JAAS authorization policy mechanism, I rely solely on roles. Adam On 04/06/2004 05:18 PM Michiel Toneman wrote: Adam, I've been at this all day, and I seem to be banging my head against a really well-constructed wall. I followed your advice by going the security-constraints/Realm route. I've build a minimal JAAS implementation which, in combination with JAASRealm, works fine for *authentication*. However, when I want to access the Principals I've assigned in my LoginModule within my CustomPolicy for *authorization*, I get nothing. i.e. in my CustomPolicy: getPermissions(ProtectionDomain domain) { PermissionCollection pc = deferredPolicy.getPermissions(domain); // get principals associated with domain Principal[] principals = domain.getPrincipals(); . } domain.getPrincipals() returns no policies. Ok, so I go to the Subject (using a PrivilegedAction): Subject.getSubject(AccessController.getContext()).getPrincipals(); and again no Principals. The Subject is empty. I've confirmed this by calling a JSP which includes %= Subject.getSubject(AccessController.getContext()) % this just prints: Subject:, so it seems that the Subject I've worked so hard to create is lost. How can I get this to work? I need to access the Principals in my CustomPolicy, so that I can assign custom permissions to the PermissionCollection of the domain. Thanks, Michiel P.S. Just to show that the LoginModule / JAASRealm seem to be working: catalina_log: 2004-04-06 16:51:02 JAASRealm[Catalina]: Returning username bluppie catalina.out: Assigned principal bluppie of type security.UserPrincipal to user bluppie Assigned principal authenticateduser of type security.RolePrincipal to user bluppie Assigned principal developer of type security.CustomPrincipal to user bluppie Adam Hardy wrote: Michiel, you are programming your own login trigger in a filter - I don't this this will work (although I'm happy to be wrong). I think tomcat is only going to adopt your principals as authenticated if you protect whichever pages necessary via security-constraints in the deployment descriptor. You must set up a LoginModule that tomcat will find, and in this LoginModule tomcat gives you a call-back-handler which you use to do the authentication. You must then set your Subject, which is also passed to you by tomcat. Adam On 04/06/2004 01:39 AM Michiel Toneman wrote: Hi All, The company I work for is attempting to move from JRun 3/4 to Tomcat 5.0.19. So far it has been smooth sailing, and the migration is going better than expected. However, before the migration we were about to deploy a JAAS framework on JRun 4. This framework doesn't seem to work at all well in Tomcat 5. I've implemented a tailored JAAS framework with various types of Principals that grant certain (custom) Permissions in my own Policy. To enforce this onto the webapp, I used a Filter to establish a LoginContext and then wrap the servlet in a Subject.doAsPrivileged call. To clarify: I'm not looking for authentication through JAAS (I've imlemented this in a minimal way), but I'm looking to JAAS for some more elaborate authorization tricks. In my doFilter (simplified): LoginContext lc = new LoginContext(MyJaas, new MyHttpAuthCallbackHandler(request)); lc.login(); Subject.doAsPrivileged(lc.getSubject(),new FilteredAction(request,response,chain) , null); where FilteredAction is an inner class: --- class FilteredAction implements PrivilegedAction { ServletRequest faRequest; ServletResponse faResponse; FilterChain faChain; public FilteredAction(ServletRequest request, ServletResponse response, FilterChain chain) { this.faRequest=request; this.faResponse=response; this.faChain=chain; } public Object run() { try { faChain.doFilter(faRequest, faResponse); } catch (Exception e) { e.printStackTrace(); } return null; } } --- I replace the default Policy with my own policy that adds permissions based on principals assigned in the LoginContext. This is done in the Filter's init: --- public void
Re: FORM authentication - prevent login from popping up
To do a login programmatically via form-based authentication, you would need to watch for the login form being returned that has a submit action to j_security_check. You must submit that with the correct headers and form element parameters - j_username and j_password. Adam On 04/04/2004 11:20 PM Malcolm Warren wrote: I'm switching from Basic (with SSL) to Form authentication (also with SSL of course). This has caused a problem with one particular application, which opens a socket on a .jsp page, collects the html code and saves it disk. The html code is then later used by a fax application to send a fax. With Form authentication I am getting a login popping up, which since I have already signed in, should be unnecessary if I provide the right stuff to Tomcat. For Basic authorization, all the application had to do was send an Authorization header and in I went without a login. But with Form authentication I am unable to prevent the new login. I assumed that setting the JSESSIONID and JSESSIONIDSSO cookies would be sufficient, and here is my code. OutputStream out = sock.getOutputStream(); String firstLine = GET + fileName + HTTP/1.1\r\n; String secondLine = Host: + hostName + \r\n; send(out, firstLine); send(out, secondLine); send(out, Set-Cookie: JSESSIONID= + jsessionId + ;JSESSIONIDSSO= + jsessionidSSO + ; Path=/ + \r\n); send(out, \r\n); But unfortunately Tomcat isn't impressed and I get a login page. Can anybody tell me where I'm going wrong? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuring realm in web.xml
On 04/05/2004 02:02 PM Simone - Dev wrote: Hello All, I'm developing a webapplication that needs to authorize and authenticate users looking inside a database. Generally I'll be doing it adding a JDBCRealm inside the server.xml (or in the contex xml file) But I don't have access to these files. I'd like to know if it is possibile to define it inside the web.xml or if it's possibile to add some configuration for the context using the war archive. I looked on the web, and archive but didn't fine anything about it Hi Simone I haven't seen it mentioned for months but it used to be possible to set up a jakarta-commons DBCP connection pool outside server.xml - I think it was done in struts-config.xml but I am not sure. You should check the commons-user or the struts-user mailing list archive. Adam -- struts 1.2 + tomcat 5.0.19 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat performance with 100 webapps
Pardon my ignorance but how do you share one port between multiple instances of tomcat? Are you talking launching tomcat 100 times (100 JVMs), or are you talking 100 Hosts configured in server.xml? Adam On 03/30/2004 05:28 PM Reynir Þór Hübner wrote: I just wanted to post my info on the subject, even though I dont have 100 hosts on a single machine. We run near 60 hosts on one machine, in 10 instances of tomcat. memory usage has been the biggest problem as our application use cache:ing alot to increase performance. all of those hosts are running fairly complex CMS systems. the computer has 2 Xeon CPUs and 4gigs ram RedHat EAS. The greatest improvement on our memory problem got fixed when we changed the setup of tomcat so that it would not reload contexts and jsp pages. The memory leaks that we had been seeing (ever increasing memory usage of tomcat) stopped. But, in my opinion you should not be seeing some memory problems with 100 hosts (if you have 16g ram). I recomend the usage of several instances of tomcat, but that will be on the cost of memory (one instance seems to use around 30mb (rather basic setup) of ram, even though the profiled usage is alot less), but by doing this you will get way better manageability. I dont think I have to point out the obvious benefits of having several hosts, but one is restarting services will be alot easyer and dealing with all sorts of problems will be easyer. 100 hosts require alot of memory, but everything dependes of course on your application and traffic. This machine is taking on something around 20req/sec average, and the load is (cp from top) load average: 1,08, 1,22, 1,24 But of course cpu power or IO is usually not the bottleneck in java-server-applications. -reynir Niki Ivanchev wrote: God save our apps from any memory leaks. Of course we will test them for this issue. And perform stress testing 20 sounds fair enought. Frankly I don't expect too much traffic per e-shop. Niki Shapira, Yoav wrote: Hi, We have tomcat instances that run ~20 webapps without a problem. Beyond that, we haven't tried, but then again that's why we have tools like JMeter, no? ;) In large part this will depend on the soundness of the application. Especially if it's 100 of the same app, because then each memory leak would be multiplied by 100. Yoav Shapira Millennium Research Informatics -Original Message- From: Niki Ivanchev [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 9:43 AM To: Tomcat User Subject: tomcat performance with 100 webapps Have some one tested Tomcat with more than 100 webapps. For example e-commrece solution, without many bells and whistles - jsut shopbuilder and sopiing cart Each webapp is based on trubine/velocity/torque. Each webapp using it's own firebird database. Can I expect smooth performance on dual xeon with raid controler and lot of RAM (16G) on RedHat EAS? Niki Icygen Co. -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: post data through form based authentication example?
-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config /web-app WEB-INF\jboss-web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd; jboss-web security-domainjava:/jaas/authtest/security-domain !-- Resource Environment References -- !-- Resource references -- !-- EJB References -- /jboss-web -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 25 March 2004 15:10 To: Tomcat Users List Subject: Re: post data through form based authentication example? Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: post data through form based authentication example?
Right I see. I shall ponder what jumping in at some point as well if you get no replies, but the replies from the JBoss people tend to be sporadic and I suffer all sorts of superstitious doubts about how best to elicit an answer from them. By the way, you can post HTML code there, you have to put it in [CODE] blocks, rather than [QUOTE] blocks which you tried. Adam On 03/29/2004 12:30 PM Martin Alley wrote: No formal bug report yet. The current state of play is at http://www.jboss.org/index.html?module=bbop=viewtopict=47595 If you would like to add your weight to this observation... Thanks Martin -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 29 March 2004 09:17 To: Tomcat Users List Subject: Re: post data through form based authentication example? Hmm. You're right. I just tested it on my JBoss (running 3.2.4RC1 with tomcat 5.0.19) and I got the same effect. Rats! This is not good. Trying to get info out of JBoss is like trying to get blood out of a stones. I assume there's a bug report? I haven't looked at JBoss's bugzilla yet. On 03/29/2004 01:10 AM Martin Alley wrote: After further testing, I believe this is a bug specific to the JBoss environment (both 3.2.3 and 3.2.4RC1) Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 28 March 2004 15:24 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? The updated web.xml below now correctly lists the required security-role tags, but the only effect was to bring the form.html resource into the secured area (ie login is requested before accessing this page now), so I have also modified web.xml to put form.html *outside* the secured area - thus still requiring post data to transition the form based logon. ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app session-config session-timeout2/session-timeout /session-config security-constraint web-resource-collection web-resource-nameSignon/web-resource-name descriptionDeclarative security tests/description !--url-pattern/form.html/url-pattern-- url-pattern/process.jsp/url-pattern http-methodHEAD/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-namecustomer/role-name role-namemerchant/role-name role-nameadmin/role-name /auth-constraint user-data-constraint descriptionno description/description transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.html/form-login-page form-error-page/login.html/form-error-page /form-login-config /login-config security-rolerole-namecustomer/role-name/security-role security-rolerole-namemerchant/role-name/security-role security-rolerole-nameadmin/role-name/security-role /web-app I can't see the point of protecting the POST method if the data fails to transition. Has anyone got a working example of this? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:47 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? I forgot to mention it's behaviour!! Basically when the is no security constraint, it works. When there is a security constraint, the post data gets killed. Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 27 March 2004 09:43 To: 'Tomcat Users List' Subject: RE: post data through form based authentication example? Hi Adam, I've put together a simple test for posting to a secured resource which seems to throw up a problem. Included files are the web app. Based on JBoss3.2.3 embedded tomcat4.1. Martin Index.html html body a href=form.htmlform/a /body /html form.html html body form action=process.jsp method=post input type=text name=text1/ input type=submit value=OK/ /form /body /html login.html html body h4Please login:/h4 form method=POST action=j_security_check input type=text name=j_username input type=password name=j_password input type=submit value=OK /form /body /html process.jsp html body text1=%=request.getParameter(text1)% /body /html WEB-INF\web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web
Re: JSP preloading taking a lot of time
Tomcat 3.3? Are you not able to upgrade? On 03/29/2004 01:10 PM Abhinandan Karmakar wrote: Hi, My web site has a lot of JSP pages ~60. Some JSPs are big ~400 lines. I have given load-on-startup for all my JSP pages. I notice that tomcat takes up about 200 secs to preload all my JSPs and during the entire startup time the CPU util does not go above 5-10%. Can anyone throw some light on this ? Abhinandan. Tomcat 3.3 on linux. PS: My JSPs contain a lot of custom tags. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: post data through form based authentication example?
Martin, I would check your problem again. That is not the normal behaviour of the container-managed login. It will cache the original request during the login and send it on to the originally requested URL. Adam On 03/25/2004 02:45 PM Martin Alley wrote: Hi, Has any one got an example of a servlet secured with form based authentication, where the request to the servlet is posted, from outside the secured area? My actual situation is I already have a web application with form based auth working fine, but I have a problem when the user is at a web form, about to post the data when their session times out. Then they submit the form, get sent to the login page, and then the on to the original form processing servlet. However the post data is now lost. I am using tomcat4.1 as bundled with JBoss 3.2.3 and the coyote connector. Thanks in advance Martin PS I have also posted to JBoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Write my own Realm - HOWTO ?
Tom, FIXME means it needs to be written... :) (Although I may be wrong there - perhaps someone will jump in) I should imagine that the original class for the JDBC realm would be a fine basis to start from. You should jar it up and put it in tomcat's common/lib directory. Adam On 03/25/2004 04:05 PM Tom Bednarz wrote: Im using Tomcat 5.0.19. I need to extend the JDBC Realm a little bit, precisly I need to have my own implementation of authenticate(..). In the Realm Configuration HOW-TO is a incomplete Link (FIXME) to information how to do this. Could anybody please point me to that link? Basically I want to create my own realm derived from JDBCRealm with my own implementation of authenticate(). How do I tell Tomcat about this new Realm. Where do I need to put the jar file that it is being recognised? Thanks for your help. Thomas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NEWBIE question: JAAS- versus JDBC- versus MemoryRealms
Leonard, I went the other way. I wrote a login module for tomcat's JAAS implementation and recently found it relatively easy to adapt it to JBoss. However I see you're going down the JDBC route. Adam On 03/23/2004 09:22 AM Leonard Wolters wrote: Hi, I've got a question concerning the different REALM available for Tomcat 5.x. The main (basic) question is that I want to secure my context annex websites / jsp pages. I have some experience with JAAS (JBOSS) and was investigating the possibility to use / implement JAAS for Tomcat. After some efforts I stopped since I to noticed it would take me to much pain ;-( (I needed to create to much source code hence it would take me to much time). Then I investigated the JDBC Realm and was trying to use this for securing my website. The question: Tomcat 5 delivers a pre-installed security JSP example (/jsp-examples/security/protected) which (as stated in the documentation) only works with the MemoryRealm. Well, I want this to work with the JDBCRealm (or even my own implementation) as well. Does anyone can provide me some configurations of how to achieve this ? Basically, I think I need to change the default JNDI UserBase (MemoryRealm) with my own one (JDBCRealm for example). However, is this the only thing I need to do ? If so, please provide me a server.xml configuration T.i.a, Leonard Leonard Wolters JTeam B.V. E: [EMAIL PROTECTED] T: +31(0)20 486 20 36 M: +31(0)6 24 111 401 F: +31(0)8 48 370 000 W: www.jteam.nl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security
On 03/21/2004 05:53 AM Matt Anderson wrote: Hi All, This is the first time I have used this list so this question may have been asked many times before, however I tried to download previous message but were unsucessful. My question is, how do you configure the security manager to disable things like System.exit() and Runtime.exec() and even some of the java.io.* package functions. I have read the how-to and I am still a little confused. I would appreciate any guidance on this and any examples too. Thank you all for taking the time to read this and I look forward to your response. Hi Matt, welcome to the list! Unfortunately it seems like you have posted a question that's too vague for anyone to give a direct answer to. Try coming back with a specific problem, and you're far more likely to get a good response. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: WARNING: Duplicate name in Manifest: Class-Path
On 03/19/2004 06:35 AM Tom K wrote: Any clues where I would look to determine where this message? Start from only happens during sart up of my application. Mar 18, 2004 11:33:48 PM java.util.jar.Attributes read WARNING: Duplicate name in Manifest: Class-Path Sounds like somebody is complaining that you have an invalid MANIFEST.MF entry in one of your jars/wars/ears. Are you making a manifest entry yourself? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Kumar's JDBC problems with MySQL
If you are having problems with JNDI connection pooling and you can't work out the problem, I would pay attention to the Host node settings in the server.xml. I would even get a fresh installation of tomcat and start from scratch with a simple test case. The attributes of Host, e.g. autoDeploy, deployOnStartup, deployXML, unpackWARs can be combined in ways that will not load the JNDI context, definitely when deploying WAR files and possibly under other circumstances. I've had it happen to me myself, and I've seen other comment on it here but sadly for you I didn't document it. Just saying though, it's worth going back to square one. Adam On 03/18/2004 05:42 AM Steve Gums wrote: I noticed a couple things. One I want to be corrected if I am wrong but your docBase should not be root. Second your driver for MySQL isn't the org.gjt thing anymore. Use com.mysql.jdbc.Driver I unfortunately have seen this error far too much in the past few days. It is not getting into the JNDI resources. Your context segment needs repair. Steve I have included my DBTest.xml from /usr/local/tomcat/conf/Catalina/localhost/ and it works now. Context path=/DBTest docBase=DBTest debug=5 reloadable=true crossContext=true Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_DBTest_log. suffix=.txt timestamp=true/ Resource name=jdbc/TestDB auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/TestDB parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter !-- Maximum number of dB connections in pool. Make sure you configure your mysqld max_connections large enough to handle all of your db connections. Set to 0 for no limit. -- parameter namemaxActive/name value100/value /parameter !-- Maximum number of idle dB connections to retain in pool. Set to 0 for no limit. -- parameter namemaxIdle/name value30/value /parameter !-- Maximum time to wait for a dB connection to become available in ms, in this example 10 seconds. An Exception is thrown if this timeout is exceeded. Set to -1 to wait indefinitely. -- parameter namemaxWait/name value1/value /parameter !-- MySQL dB username and password for dB connections -- parameter nameusername/name value/value /parameter parameter namepassword/name value/value /parameter !-- Class name for mm.mysql JDBC driver -- parameter namedriverClassName/name valuecom.mysql.jdbc.Driver/value /parameter !-- The JDBC connection url for connecting to your MySQL dB. The autoReconnect=true argument to the url makes sure that the mm.mysql JDBC Driver will automatically reconnect if mysqld closed the connection. mysqld by default closes idle connections after 8 hours. -- parameter nameurl/name valuejdbc:mysql://localhost/javatest?autoReconnect=true/value /parameter /ResourceParams /Context -Original Message- From: Kawthar Bt M Sulaiman [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 7:32 PM To: [EMAIL PROTECTED] Subject: Re: Kumar's JDBC problems with MySQL Kumar, I've been trying to follow the JDBC pb thread as well and still can't get rid of the problem. Here is what I've done. Using J Connector 3.0, Tomcat 4.1.30 and mySQL 4.0.18. I put my mysql-connector-java-3.0.11-bin under /common/lib. 1. Start from simple web.xml: resource-ref descriptionDB Connection/description res-ref-namejdbc/mySQLDatabase/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref 2. server.xml (located at $CATALINA_HOME\conf\server.xml) Context path=/db docBase =ROOT debug=9 reloadable=true Resource name=jdbc/mySQLDatabase auth=Shareable type=javax.sql.DataSource description=JDBC Connection to MySQL v4.0.18/ ResourceParams name=jdbc/mySQLDatabase parameter namefactory/name valueorg.apache.commons.dbcp.BasicDataSourceFactory/value /parameter parameter nameserverName/name valuelocalhost/value /parameter parameter namedatabaseName/name valueecpa/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter parameter nameusername/name value/value /parameter parameter namepassword/name value/value /parameter parameter nameremoveAbandoned/name valuetrue/value /parameter parameter
Re: Connection warning
On 03/18/2004 03:22 PM Jeff Poling wrote: We use tomcat as our middleware to provide a GUI-like interface for our UNIX character-based back-end. We are running into a problem with maxProcesses being maxed out and users not being able to use the system. A good rule of thumb is to multiply the expected number of sessions times two or three to get the necessary number of processes ... but it only really works if our customer's internal reporting processes are sufficient enough so that the system admininistrator always knows the number of people working for the company (and therefore using the system). What I'd like is some way to keep tabs on the number of processes for any given connector(s) in use, and if it exceeds a certain threshhold, give some sort of sign ... an email, logfile entry, burning bush, whatever. You could write a filter that alters the style sheets served (*.css) so that all pages blinked in red when the maxprocesses level is being approached. ;) Seriously though, what are you going to do with this signal? What's it going to say? You may start panicing now or something? If the sysop doesn't know the number of users, how likely is he/she to react this signal, whatever it may be? I would say what you need more is a log of the usage so you can tell what the growth rate is and then totally avoid the problem by installing more hardware. Just my 2 cents. Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC problems with MySQL
Steve, like Wendell said, you've got to put the context.xml file under that directory. And rename it to the context name. It will only work from the META-INF directory when you are deploying a .war file. On 03/16/2004 10:23 PM Steve Gums wrote: Can I ask a quick question before I do that. I had my context.xml file separate, because I like that better, but it fails. When I put that context into the server.xml it worked. I am trying it again right now to make sure of this. Am I mistaken to think the context.xml file goes into webapps/AppName/META-INF/context.xml ? I will post these files as requested in just a sec. Thanks for your help. Steve -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 2:07 PM To: Tomcat Users List Subject: Re: JDBC problems with MySQL Steve, post the Resource ResourceParams tags from your context for the webapp. State whether it's in a context.xml file, server.xml or whatever. Perhaps we can spot something. Adam ps this email has got some weird font - my mail reader is up the creek at the mo'. sorry On 03/16/2004 09:47 PM Steve Gums wrote: Just an update. I included a file, that works great on my webapp that is already running on an old system, and you can see the change I made, which allows the app to run. Not sure if this helps anyone. package com.voast.vkey.utils; import java.io.*; import java.sql.*; import javax.sql.*; import javax.naming.*; public class DBUtils { public static Connection getConnection () throws Exception { Connection con = null; /* Trying to figure this error out. --Temp comment-- try { Context ctx = new InitialContext(); if ( ctx == null ) { throw new Exception (No Context); } DataSource ds; ds = (DataSource)ctx.lookup(java:comp/env/jdbc/VKEYDB); if ( ds != null ) { con = ds.getConnection (); }//end ds != null }//try catch ( Exception e ) { LoggerUtil.globalLog (ERROR,exception occured: + e.toString() ); throw (e); }//catch */ try { Class.forName(com.mysql.jdbc.Driver).newInstance(); con = DriverManager.getConnection(jdbc:mysql://localhost/vkey, USER,PASSWORD); }//try catch (Exception e) { LoggerUtil.globalLog (DEBUG,exception occured: + e.toString() ); throw (e); }//catch return con; }//GetConnection }//DBUtils -Original Message- From: Steve Gums [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: JDBC problems with MySQL Users I know there has been a bazillion messages about this. I searched the archives and couldn't find anything to solve my extremely annoying issue. It has to be something really simple but I just can't find it. My System: Solaris 9 Tomcat 5.0.19 MySQL 4.0.18 Connector J 3.0.11 I have the connector J jar in the /usr/local/tomcat/common/lib dir. I have basically copied the HOW-TO located at. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jndi-datasource-examples-how to.html and my result is this. Results Foo Not Connected Bar -1 I have tried everything I can think of. I verified the database and the user/password combo. Works good. I even created a simple Java app that connects and performs queries, which worked. That would indicate everything is cool with the Connector J. I have verified that the jdbc/TestDB is in the context and it is. As best I can tell ds (DataSource) is coming back not null, but the call to getConnection is failing. I created a little more verbose web app and get the following message. org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null', cause: No suitable driver This has to be something simple, because this works fine on my old machine. I know I am forgetting some small step that I did the first time and failed to do again. Trust me I have checked the configs about a million times, and can't find any differences. Any help would be appreciated. Sorry to be so vague here, but this is really simple. I don't know what else to include for info. Steve Gums [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC problems with MySQL
Steve, post the Resource ResourceParams tags from your context for the webapp. State whether it's in a context.xml file, server.xml or whatever. Perhaps we can spot something. Adam ps this email has got some weird font - my mail reader is up the creek at the mo'. sorry On 03/16/2004 09:47 PM Steve Gums wrote: Just an update. I included a file, that works great on my webapp that is already running on an old system, and you can see the change I made, which allows the app to run. Not sure if this helps anyone. package com.voast.vkey.utils; import java.io.*; import java.sql.*; import javax.sql.*; import javax.naming.*; public class DBUtils { public static Connection getConnection () throws Exception { Connection con = null; /* Trying to figure this error out. --Temp comment-- try { Context ctx = new InitialContext(); if ( ctx == null ) { throw new Exception (No Context); } DataSource ds; ds = (DataSource)ctx.lookup(java:comp/env/jdbc/VKEYDB); if ( ds != null ) { con = ds.getConnection (); }//end ds != null }//try catch ( Exception e ) { LoggerUtil.globalLog (ERROR,exception occured: + e.toString() ); throw (e); }//catch */ try { Class.forName(com.mysql.jdbc.Driver).newInstance(); con = DriverManager.getConnection(jdbc:mysql://localhost/vkey, USER,PASSWORD); }//try catch (Exception e) { LoggerUtil.globalLog (DEBUG,exception occured: + e.toString() ); throw (e); }//catch return con; }//GetConnection }//DBUtils -Original Message- From: Steve Gums [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 16, 2004 10:57 AM To: [EMAIL PROTECTED] Subject: JDBC problems with MySQL Users I know there has been a bazillion messages about this. I searched the archives and couldn't find anything to solve my extremely annoying issue. It has to be something really simple but I just can't find it. My System: Solaris 9 Tomcat 5.0.19 MySQL 4.0.18 Connector J 3.0.11 I have the connector J jar in the /usr/local/tomcat/common/lib dir. I have basically copied the HOW-TO located at. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jndi-datasource-examples-how to.html and my result is this. Results Foo Not Connected Bar -1 I have tried everything I can think of. I verified the database and the user/password combo. Works good. I even created a simple Java app that connects and performs queries, which worked. That would indicate everything is cool with the Connector J. I have verified that the jdbc/TestDB is in the context and it is. As best I can tell ds (DataSource) is coming back not null, but the call to getConnection is failing. I created a little more verbose web app and get the following message. org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null', cause: No suitable driver This has to be something simple, because this works fine on my old machine. I know I am forgetting some small step that I did the first time and failed to do again. Trust me I have checked the configs about a million times, and can't find any differences. Any help would be appreciated. Sorry to be so vague here, but this is really simple. I don't know what else to include for info. Steve Gums [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Dump HTTP Request and Response Headers
On 03/12/2004 06:05 AM mganesh wrote: Dear folks, How could i dump HTTP Response and Request headers. Im using Apache 1.3 and Tomcat 4.0 MOD_JK. Hi Ganesh, if you are talking client-side, then there is an excellent extension for Firefox browser called HTTP headers. I expect there's something similar for IE as well but I don't recall anything at the mo'. Server-side, it's easy for request headers - you can getHeaders() to obtain an Enumeration of them. But for the response headers, it's only possible to see what they are if you already know what you are looking for (response.containsHeader()?) If you look in the archives, someone one mentioned a logging tool that sounded handy. Some sort of snooper it sounded like. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java Hosting
On 03/12/2004 08:49 AM Andi Reinbrech wrote: The next best thing since sliced bread is UML (no, not drawings of stickmen) User Mode Linux. Some hosting companies give you a Linux VM with full root telnet access. You can do with it whatever you want, install Tomcat, install JDK, PostgreSQL - whatever tickles your fancy. You can reboot whenever you want etc. Yes, +1 from me. I've been using UML at www.memset.co.uk for 3 months so far without the slightest glitch. I couldn't live without my root access :) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java Hosting
On 03/12/2004 11:19 AM Graham Reeds wrote: Yes, +1 from me. I've been using UML at www.memset.co.uk for 3 months so far without the slightest glitch. I couldn't live without my root access :) I notice that memset.co.uk charge £9.60/year for the registration of .com domains. This is significantly lower than anywhere else. The cheapest I have found is £39.99 without hosting involved. Do you actually own the domain or do they look after it for you? Don't know, sorry. I have my domain name from a different company entirely. I could find out easily enough, but what's the difference? Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Setting page content Type
On 03/12/2004 12:23 PM Keith Hyland wrote: I'm looking at internationalizing a series of pages, which cover different character sets. I've been planning to store the content type value in a properties files along wit hthe rest of the internationalized text, but I've run into some problems. I have been experiementing with jsp:directive.page contentType=... / @ page contentType=... / but none of them seem to be able to take a variable value for contentType, e.g. c:set fmt:message key=contentType/ /c:set %@ page contentType=${pageContentType} % or jsp:directive.page contentType=jsp:expressioncontentType/jsp:expression / Neither of them support EL, or sxpressions in the statement. Are there any plans to make these tags EL enabled? In the meantime I guess I'll have to look at filters. If you are using TC5, there is more flexibility for configuring the content-type and character-set, especially with JSTL standard taglibs. Regarding dynamic variables for JSP directives, it doesn't sound very plausible. You can map content-type to locales in your web.xml, and you can set it with fmt: tags, so I would say you'd be better off examining these methods first. I guess it also depends on how you are going to set the locale in the first place - is it a user choice or browser-setting dependent, or an application definition? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java Hosting
Graham, when doing your cost calculation don't forget that the email pop3 server is extra - normally. Only a couple of quid a month, but still. Adam On 03/12/2004 03:12 PM Graham Reeds wrote: They were nice enough to email me directly back with the answer: Just saw a link to your site while checking the messages on the Tomcat Users Lists. I saw that registering a .com domain name with you is significantly lower than everywhere else - £9.60 a year compared to most sites £50 - £100. Upon registration do I become the sole owner of the domain (ie.: 3 weeks after I purchase the domain I get a nice letter from ICAAN (or the UK equivalent - I've got a letter from them for another domain) saying that I now own it for a period of x months), or do you hold it for my use? You are the owner of any domains registered with us, yes. We are just the admin billing contacts. I am also curious to what Tomcat versions you use and what level access I have to the box running it. Tomcat version 4.1. If you are using a standard Web hosting package then you just have FTP access and access to the cPanel control panel. If you have your own Miniserver then you have full root access. I think I will be purchasing a domain tonight I do believe! G. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: transitioning from non-logged in to logged in using security constraint....
On 03/12/2004 03:34 PM Paul Tomsic wrote: What does tomcat do to ensure that you're logged in while using the j_security_check ? We're trying to transition users from non-logged in to logged in, but we've got a fair amt. of portions of the site that should be accessible from both states (non-logged in and logged in) Is there something, programmatically, that's done, or is it something that tomcat simply places in the user's session? any advice or direction to the location in the API would be great. Paul, if you're logged in, request.getRemoteUser() returns the login name you gave. If you're not, it returns null. There's nothing in the session that is available to you with session.getAttribute(), if that's what your question was. Check out the java API for HttpServletRequest and ServletRequest. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS: Where does role information go in a Subject?
On 03/12/2004 06:44 PM Alan Weissman wrote: I'm implementing a JAAS login mechanism in my app, not as a Realm but via Struts Action classes. In my loginModule, I am creating the Subject with principals and credentials and want to store role information. Where does Tomcat expect a list of roles to be in the Subject? I Haven't been able to figure this out. I want to make sure that in the future I can use features that check request.isUserInRole(roleName). That would be messin' with the container-managed security, which isn't allowed according to the servlet spec. You can't mix match your own login with the container-managed stuff, unless you're modifying tomcat source code. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS: Where does role information go in a Subject?
On 03/12/2004 08:02 PM Alan Weissman wrote: Hm! Thanks Adam - I guess that makes sense! Ok, so my two requirements for my authentication are 1) that I can load custom information into the session object and 2) that I support isUserInRole(). Realm authentication should take care of #2, but what can I do about #1 since I won't have any control over what happens at login? well you can put in a filter that checks for the user info in the session and creates it when it isn't there. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Realm Authentication + Storing Objects In The Session
On 03/11/2004 08:56 AM Ronald Wildenberg wrote: My biggest unknown right now is, because the server handles the creation of the session, what would it take to make the server grab a user object from the database and store it in the session after the user logs in? Can't you use an HttpSessionListener for this? It is called right after a session is created (and when it's destroyed again). I'm not sure though whether there's enough information in the HttpSession object for you to be able to grab something from the database at the time HttpSessionListener.sessionCreated() is called. I do it with a filter. Easy to check request.getRemoteUser(), fetch the session and check for the user bean. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: OT: Java Hosting
Try kgbinternet.com. They have very reasonable developer accounts with tomcat and mysql or postgresql. They have dedicated jvm's so you can start and stop your own tomcat. I have used them with good success. The person to talk to is Keith Bjorndahl at [EMAIL PROTECTED] Good luck, Phil Campaigne How much do you pay a month for a login with a dedicated JVM? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5
Well in that case, it sounds like something which is sorely needed! ;) On 03/09/2004 10:36 AM Alex wrote: Lots of scripts out there for little script kiddies to run simply look at banners of different services to determine their worth in attempting to run an exploit against to gain access. By changing banners it helps to remove a good chunk of exploits that are out there. It also promotes laziness amongst system admin's ... :) On Mon, 8 Mar 2004, James Agnew wrote: I just like to reduce as much as possible the amount of information that a server gives out. Letting oppotunist crackers, who run a 1 minute nessus scan, know the version and type of the webserver, should IMO be avoided if possible. Sure, it won't put-off the determined cracker, but it might force some to move onto easier prey. Anyway, back to the matter in hand - do you know how one might go about this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Hiding Apache-Coyote/1.1 banner in Tomcat 5
On 03/08/2004 02:57 PM James Agnew wrote: I've been looking for a way to prevent security scanners such as Nessus from being able to easily read Tomcat's standalone webserver details. I'm running Tomcat 5.0.18 standalone and Nessus identifies it as follows: Server Version: Apache-Coyote/1.1 Server Banner: Apache-Coyote/1.1 I can't seen anything similar to Apache's 'ServerTokens' directive to disable/suppress the info given out. Pardon my ignorance, but what is the problem with that? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Disabling PUT and DELETE methods in Tomcat 5 standalone
What I was implying is that you have effectively disabled it already this way. Or are you able to do PUTs and DELETEs despite the security constraint? I'd be surprised. Adam On 03/08/2004 11:24 PM James Agnew wrote: So, how would I go about actually prevent PUT and DELETE for all users, logged in or otherwise? I've been hitting my head against this one for some time, with no luck. The solution needs to allow anonymous users to access the site (i.e. no login) and still prevent PUT and DELETE methods. Thanks, James On 03/08/2004 10:15 AM funkster wrote: security-constraint web-resource-collection web-resource-nameDisable Methods/web-resource-name url-pattern/*/url-pattern http-methodPUT/http-method http-methodDELETE/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint I was under the impression that by not including a role-name value, then all PUT and DELETE method requests are disabled since the security constraint cannot be linked to a role. However, the fact that it doesn't work yet means I'm doing something wrong somewhere! Well, you haven't disabled it. You have protected it. As far as I can tell, you would be required to login first, and then you would be denied access. (When tomcat finds out that you are not in no roles?!) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and container managed security
On 03/04/2004 04:12 PM Renato Romano wrote: I used container managed security (I mean declaring security issues in web.xml, and using security standard servlet API isUserInRole, getUserPrincipal and so on) for several webapp, but I'm now facing the following need that this approach seem not to satisfy: I have to authenticate users based on both 1) A usual username, password mechanism; 2) A OTP (One Time Password) mechanism, something like a complex string parameter on a URL (sent by e-mail), stored in the DB that uniquely identifies the identity of the user. Now, I'm doing some little tries with JAAS to achieve this, but I have the following doubt: If I understand well I cannot merge the two approaches, that is use servlet declarative and programmatic security with JAAS. If I use JAAS LoginModules, I will not have the isUserInRole and other API's working... Is that right ?? JAAS will integrate with container-managed security in tomcat. You can use your login modules. The principal that you fill out in the login module must contain the role objects. Those methods will work. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
On 02/29/2004 09:01 PM George Hester wrote: Well it just died entirely. crap. Which? The fresh installation? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
On 03/01/2004 09:25 AM Adam Hardy wrote: On 02/29/2004 09:01 PM George Hester wrote: Well it just died entirely. crap. Which? The fresh installation? OK, just read your other messages. Glad you sorted it out. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
On 02/29/2004 01:34 AM George Hester wrote: This is the error: org.apache.jasper.JasperException: Cannot find ActionMappings or ActionFormBeans collection Hmmm, sounds like your admin app is really struggling. :) I think your best bet is to do a fresh install of tomcat. If that's a problem, then copy the admin app directory over to the original tomcat. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
On 02/29/2004 02:02 PM Adam Hardy wrote: On 02/29/2004 01:34 AM George Hester wrote: This is the error: org.apache.jasper.JasperException: Cannot find ActionMappings or ActionFormBeans collection Hmmm, sounds like your admin app is really struggling. :) I think your best bet is to do a fresh install of tomcat. If that's a problem, then copy the admin app directory over to the original tomcat. I see you already downloaded tomcat. If you're still not having any luck, don't forget the fresh copy of the admin.xml file as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
On 02/28/2004 04:24 PM George Hester wrote: I access Tomcat by http://localhost:8080 I then go to Tomcat Administration. I sign in with the user name and password I set at the installation of Tomcat. (Windows 2000 Server SP3) On the left side I select anything. Say users under User Definition. HTTP Status 503 - Servlet action is currently unavailable Check on the admin app installation. Make sure the files are there under $TOMCAT/server/webapps/admin. Basically just unpack them from the original tomcat download again. Or perhaps you have installed an app with the context name 'admin' that overrides it? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Lost the Administrator function
You got to have admin.xml in the webapps directory (or your APPBASE) Are you talking about server.xml? I've forgotten how to use tomcat4. tomcat5 is slightly different in several ways. Server.xml won't affect the admin app. On 02/28/2004 06:15 PM George Hester wrote: Jeeze I may have. Who knows. I installed swipe and the admiin function of that don't work either. Yes the files are there. They been there since the day I installed Tomcat. In fact I can login but I cannot logout. When I try to logout I get the same 503 error. All I can do is login. After that nothing works. It's got to be some packages that I installed from the Jakarta project for this worked fine prior to installing some packages and examples. I actually don't do anything in the Apache Group folder other then war installs. Maybe I can look within files in Apache Group and see what I can see. Maybe there would be some entry in some file that if there would imply what you said about some app with a context name admin that is overiding something? I thout context name was what shows in the document manager at http://localhost/manager/html and the only thing I have in there that has the word admin in it is /admin which is the Adminstrator thing that has gone south. Is there a way to pull out a spanking new service.xml from the Tomcat Installation? Get the source? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.29 CoyoteAdapter Exception
Randall, I've often had issues that cause major problems, and my experience is that user groups and mailing lists are normally unable to help without there being an easily reproducible error. For instance, are you able to nail it down to a particular page or servlet? Does it happen regularly or at random? Can you make a test case? Sorry I can't be any help, but good luck finding it. Adam On 02/25/2004 12:03 AM Randall Svancara wrote: What would cause the coyote connector to return a null pointer exception. Every time this happens, mod_jk is unable to communicate with tomcat and as a result our web service is unusable. Is this a tomcat bug, or a problem with running tomcat on Windows XP. Anyway, I have looked through this user group and found some other people with this problem on Solaris, but no real answers. Thanks. I am running tomcat 4.1.29, apache 2.0.48, with mod_jk configured on Windows XP. Occasionally, I will receive the following error: 2004-02-23 15:40:07 CoyoteAdapter Requested cookie session id is A02AD09BF242D0D916799B2EBB0FCC92.worker1 2004-02-23 15:40:07 CoyoteAdapter An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:164) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:309) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:387) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:673) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:615) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:786) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:666) at java.lang.Thread.run(Thread.java:534) -Original Message- From: Randall Svancara Sent: Tuesday, February 24, 2004 11:34 AM To: Tomcat Users List Subject: RE: Tomcat 4.1.29 CoyoteAdapter Exception Here is my server.xml in full for anyone interested. It is at the end of this email. -Original Message- From: Randall Svancara Sent: Tuesday, February 24, 2004 11:14 AM To: Tomcat Users List Subject: RE: Tomcat 4.1.29 CoyoteAdapter Exception Hmm...I am unable to find anything in google regarding this error. -Original Message- From: Randall Svancara Sent: Tuesday, February 24, 2004 8:48 AM To: [EMAIL PROTECTED] Subject: Tomcat 4.1.29 CoyoteAdapter Exception Hi, I am running tomcat 4.1.29, apache 2.0.48, with mod_jk configured on Windows XP. Occasionally, I will receive the following error: 2004-02-23 15:40:07 CoyoteAdapter Requested cookie session id is A02AD09BF242D0D916799B2EBB0FCC92.worker1 2004-02-23 15:40:07 CoyoteAdapter An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:164) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:309) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:387) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:673) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:615) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:786) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:666) at java.lang.Thread.run(Thread.java:534) At which point the web service becomes UNAVAILABLE on port 80 through apache which forwards the requests via mod_jk to the tomcat 4.1.29 servlet engine. I am including some snippets from my server.xml below for the coyote connector. Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8019 minProcessors=100 maxProcessors=600 enableLookups=false redirectPort=8443 acceptCount=10 debug=10 connectionTimeout=6 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ I have also configured apache with 600 max threads, see snippet below. # WinNT MPM # ThreadsPerChild: constant number of worker threads in the server process # MaxRequestsPerChild: maximum number of requests a server process serves IfModule mpm_winnt.c ThreadsPerChild 600 MaxRequestsPerChild 0 /IfModule If someone has any idea what I have misconfigured
Re: Réf. : read it immediately
On 02/25/2004 12:44 PM Graham Reeds wrote: Without wanting to cause too much alarm, that is the kind of message that could potentially contain a virus. Virus's need a little more than 1byte in size to be lethal - the payload probably got pulled by a virus checker before leaving Sun. G. It's a fairly maliciously targetted though, spoofing Craig's email. Looks like someone is deliberately aiming to cause damage to Jakarta its users. It's been going on for several days now, fortunately totally ineffectually (I hope). Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: read it immediately
What you are seeing is a failed attempt to spread a virus over this mailing list. You should ignore the email. The email address is almost 100% certain to be spoofed (faked). If you happen to get the message with a file attached, be very wary of opening it. Perhaps the list administrator could confirm this. Adam On 02/25/2004 11:59 AM [EMAIL PROTECTED] wrote: the attached file is empty. I don't know what you mean. Could you explain more. ___ NATEXIS ASSET MANAGEMENT Meissa SAKHO 01 58 19 45 71. . . . . . . . . . . . (84571) [EMAIL PROTECTED] [EMAIL PROTECTED] 25/02/2004 11:01 Veuillez répondre à Tomcat Users List Pour : [EMAIL PROTECTED] cc : Objet : read it immediately is that your account? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Pièce jointe supprimée : swimmingpool.zip L'integrite de ce message n'etant pas assuree sur internet, Natexis Banques Populaires ne peut etre tenu responsable de son contenu. Toute utilisation ou diffusion non autorisee est interdite. Si vous n'etes pas destinataire de ce message, merci de le detruire et d'avertir l'expediteur. The integrity of this message cannot be guaranteed on the Internet. Natexis Banques Populaires can not therefore be considered responsible for the contents.Any unauthorized use or dissemination is prohibited. If you are not the intended recipient of this message, then please delete it and notify the sender. -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.29 CoyoteAdapter Exception
I had an issue with tomcat 4.1.x (don't remember which - but it was Feb. last year) and sun java 1.4 Tomcat would just hang at random times and require a restart. I downgraded to java 1.3 to solve it. Try another Java - perhaps from IBM. Or check bugzilla. Adam On 02/25/2004 07:39 PM Randall Svancara wrote: After further investigation, I am just going to chalk this one up as a stability issue with windows XP. The same version of tomcat running with same configuration on linux can sustain well over 1+++ hits using jmeter while the same configuration on windows barely handles 2000 hits before tomcat fails. Anyone know of a stable version of tomcat that works with windows. Do I need to downgrade to 4.0.x or upgrade to 5.0.x versions of tomcat for better stability on windowsor do I need to convince my boss what I have know all along, linux is superior to windows. Thanks. Randall -Original Message- From: Randall Svancara [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 8:05 AM To: Tomcat Users List Subject: RE: Tomcat 4.1.29 CoyoteAdapter Exception Ok, now I am thinking this error might be caused by Database Connection pooling. I increased Mysql's max connection limit from the default to 500. I hope this enough to satify my hungry application. Also I adjusted the apps xml configuration option maxActive to a value of 400 which is 100 less than the max. We will see if this works. -Original Message- From: Randall Svancara [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 7:47 AM To: Tomcat Users List Subject: RE: Tomcat 4.1.29 CoyoteAdapter Exception Thanks, I have had a difficult time reproducing this error on a predictable basis. All I can say is that it happens once per day, and I have temporarily wrote a perl script that checks the service to see if it is working properly, and if not, it shuts down tomcat and restarts it...A bandaid fix at best. I will give you a little more background on the webapp I have deployed. It is just a basic webapp with several jsp pages and a couple of servlets. I am using Database Connection Pooling with Mysql Connector J. The problem does not appear to happen on any one particular jsp or servlet, but I will keep digging further to see if it is or not. If I can create a reproducable test case, I will post it here. I will keep on researching the problem to see if I can pin point the exact error. Thanks for the advice on using news groups. It is my first experience with them. Thanks, Randall -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 25, 2004 2:47 AM To: Tomcat Users List Subject: Re: Tomcat 4.1.29 CoyoteAdapter Exception Randall, I've often had issues that cause major problems, and my experience is that user groups and mailing lists are normally unable to help without there being an easily reproducible error. For instance, are you able to nail it down to a particular page or servlet? Does it happen regularly or at random? Can you make a test case? Sorry I can't be any help, but good luck finding it. Adam On 02/25/2004 12:03 AM Randall Svancara wrote: What would cause the coyote connector to return a null pointer exception. Every time this happens, mod_jk is unable to communicate with tomcat and as a result our web service is unusable. Is this a tomcat bug, or a problem with running tomcat on Windows XP. Anyway, I have looked through this user group and found some other people with this problem on Solaris, but no real answers. Thanks. I am running tomcat 4.1.29, apache 2.0.48, with mod_jk configured on Windows XP. Occasionally, I will receive the following error: 2004-02-23 15:40:07 CoyoteAdapter Requested cookie session id is A02AD09BF242D0D916799B2EBB0FCC92.worker1 2004-02-23 15:40:07 CoyoteAdapter An exception or error occurred in the container during the request processing java.lang.NullPointerException at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:164) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:309) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:387) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:673) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:615) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:786) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:666) at java.lang.Thread.run(Thread.java:534) -Original Message- From: Randall Svancara Sent: Tuesday, February 24, 2004 11:34 AM To: Tomcat Users List
tomcat building *.tld mapping at startup
Where can I find out what *.tld files tomcat is finding in its startup procedure when it scans through the webapps? I have a problem with tomcat5 SAR in JBoss. My app works fine in stand-alone, but under JBoss, I get a Jasper Exception: The absolute uri: http://java.sun.com/jsp/jstl/fmt cannot be resolved in either web.xml or the jar files deployed with this application for the first JSTL tld declaration that occurs. I have checked rigorously that my app has the JSTL standard.jar in only the one place in WEB-INF, that it's the right version, that my tld declaration is right, and so on. Can I somehow decipher tldCache.ser? How could I turn logging on for this bit in tomcat? And which classes is it that do this, so I can have a look at the source code? Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat building *.tld mapping at startup
Argh. I can't get jboss-tomcat to look in the jars in my war for the tlds. In the logging I can see tomcat building the tld map and extracting the tlds from WEB-INF directory and sub-dirs, but it ignores the jars. And I see it writing the tldCache.ser. In the TldConfig.java, I see there's a method tldScanResourcePathsWebInfLibJars() that has a first line of code outputting a log statement, that it's going to scan the /WEB-INF/lib where it would find the jars. But it looks like the method never gets called. I know it's 99% certain that my Jboss-tomcat config is doing something weird, but perhaps someone can see what? Adam On 02/24/2004 05:30 PM Shapira, Yoav wrote: Howdy, http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/startup/TldConfig.java?rev=1.35view=markup is a good starting point. Yoav Shapira Millennium ChemInformatics -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 11:21 AM To: Tomcat Users List Subject: tomcat building *.tld mapping at startup Where can I find out what *.tld files tomcat is finding in its startup procedure when it scans through the webapps? I have a problem with tomcat5 SAR in JBoss. My app works fine in stand-alone, but under JBoss, I get a Jasper Exception: The absolute uri: http://java.sun.com/jsp/jstl/fmt cannot be resolved in either web.xml or the jar files deployed with this application for the first JSTL tld declaration that occurs. I have checked rigorously that my app has the JSTL standard.jar in only the one place in WEB-INF, that it's the right version, that my tld declaration is right, and so on. Can I somehow decipher tldCache.ser? How could I turn logging on for this bit in tomcat? And which classes is it that do this, so I can have a look at the source code? Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat building *.tld mapping at startup
OK, sorry - forget the JBoss factor. This seems to be a difference between a deploy directory and a WAR. Tomcat isn't looking in the Jars in a War. On 02/24/2004 07:52 PM Adam Hardy wrote: Argh. I can't get jboss-tomcat to look in the jars in my war for the tlds. In the logging I can see tomcat building the tld map and extracting the tlds from WEB-INF directory and sub-dirs, but it ignores the jars. And I see it writing the tldCache.ser. In the TldConfig.java, I see there's a method tldScanResourcePathsWebInfLibJars() that has a first line of code outputting a log statement, that it's going to scan the /WEB-INF/lib where it would find the jars. But it looks like the method never gets called. I know it's 99% certain that my Jboss-tomcat config is doing something weird, but perhaps someone can see what? Adam On 02/24/2004 05:30 PM Shapira, Yoav wrote: Howdy, http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/startup/TldConfig.java?rev=1.35view=markup is a good starting point. Yoav Shapira Millennium ChemInformatics -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 11:21 AM To: Tomcat Users List Subject: tomcat building *.tld mapping at startup Where can I find out what *.tld files tomcat is finding in its startup procedure when it scans through the webapps? I have a problem with tomcat5 SAR in JBoss. My app works fine in stand-alone, but under JBoss, I get a Jasper Exception: The absolute uri: http://java.sun.com/jsp/jstl/fmt cannot be resolved in either web.xml or the jar files deployed with this application for the first JSTL tld declaration that occurs. I have checked rigorously that my app has the JSTL standard.jar in only the one place in WEB-INF, that it's the right version, that my tld declaration is right, and so on. Can I somehow decipher tldCache.ser? How could I turn logging on for this bit in tomcat? And which classes is it that do this, so I can have a look at the source code? Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat building *.tld mapping at startup
With the slight hope that someone reading this might have been in this siutation before, I was right first time in what I said below. Tomcat in stand-alone mode finds the tld files in my war as I want. In tomcat as an SAR in jboss, the jars in the war are not being scanned for tld files. Just the WEB-INF directory, not the WEB-INF/lib where the jars are. Obviously this stops me in my tracks. Could it be something to do with the Host configuration? Such as deployOnStartup, deployXML, unpackWARs, autoDeploy or something? I have experimented with them but not got any positive results. Thanks Adam On 02/24/2004 08:16 PM Adam Hardy wrote: OK, sorry - forget the JBoss factor. This seems to be a difference between a deploy directory and a WAR. Tomcat isn't looking in the Jars in a War. On 02/24/2004 07:52 PM Adam Hardy wrote: Argh. I can't get jboss-tomcat to look in the jars in my war for the tlds. In the logging I can see tomcat building the tld map and extracting the tlds from WEB-INF directory and sub-dirs, but it ignores the jars. And I see it writing the tldCache.ser. In the TldConfig.java, I see there's a method tldScanResourcePathsWebInfLibJars() that has a first line of code outputting a log statement, that it's going to scan the /WEB-INF/lib where it would find the jars. But it looks like the method never gets called. I know it's 99% certain that my Jboss-tomcat config is doing something weird, but perhaps someone can see what? Adam On 02/24/2004 05:30 PM Shapira, Yoav wrote: Howdy, http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/s hare/org/apache/catalina/startup/TldConfig.java?rev=1.35view=markup is a good starting point. Yoav Shapira Millennium ChemInformatics -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 24, 2004 11:21 AM To: Tomcat Users List Subject: tomcat building *.tld mapping at startup Where can I find out what *.tld files tomcat is finding in its startup procedure when it scans through the webapps? I have a problem with tomcat5 SAR in JBoss. My app works fine in stand-alone, but under JBoss, I get a Jasper Exception: The absolute uri: http://java.sun.com/jsp/jstl/fmt cannot be resolved in either web.xml or the jar files deployed with this application for the first JSTL tld declaration that occurs. I have checked rigorously that my app has the JSTL standard.jar in only the one place in WEB-INF, that it's the right version, that my tld declaration is right, and so on. Can I somehow decipher tldCache.ser? How could I turn logging on for this bit in tomcat? And which classes is it that do this, so I can have a look at the source code? Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ant emulation of Upload a WAR file to install
On 02/23/2004 03:04 PM Dean A. Hoover wrote: I am using ant 1.6 and tomcat 4.1.29. I have set my webapps directory to someplace other than the usual place. When I use the /manager/html/list application through my browser, I can use the Upload a WAR file to install form to put my war file in the webapps directory, unpack it and run it. This is exactly the behavior I would like to emulate in ant, but I do not see how. I have played around with the install and deploy tasks, but they do not operate the same as the upload form does. How can I do what the form does using ant? You just need ant to copy the war into your APPBASE directory. Then tomcat will do the rest, assuming that your host (in server.xml) is configured to autoDeploy=true and unpackWARs=true. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and Datasources
On 02/23/2004 08:45 PM Dan Thiffault wrote: Hello, I am trying to transition my companies internal applications from IIS contained ASP pages to jsp pages using struts on tomcat. Currently we are using tomcat 4 but we could easily be swayed to switching to version 5 as we are just in the beginning stages of development. Currently our internal web apps are secured using integrated windows authentication. We have a custom component to check user roles in active directory. Connections to our sql db are handled using a component which runs under fixed permissions. With our new setup we would like to continue using windows integrated authentication. We already have a form based login working with active directory. Secondly, but more importantly, after authenticating the user as valid for the particular resource, we would like to use their credentials to log on to our MS SQL server, which we currently have using mixed mode authentication. I've searched through a number of web sites but I feel a little lost as to where to begin. My best guess is that we want to use JAAS with Kerberos 5 for authenticating but I'm not sure once a user is authenticated within an app how that would be applied to a datasource's credentials. Is the db connection made using a JAAS run as? Hi Dan I've no experience with the windows security module but I know that a tomcat realm can be configured to use it - check the jakarta website under 'realms' :) That's not a JAAS solution though. When writing your own JAAS module, you could easily just use the tomcat win realm code. I have even less idea about the MSSQL login. If you have to do it at the same time as the realm login, then you will have to go with JAAS. Doing the webserver and db logins seperately will be tricky, since it is not easy to access the users session when logging them in, nor later to get any more than the username and roles of the user. Yet surely you will be using connection pooling? That conflicts with your DB security, methinks. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.16 and 5.0.18 international character support
On 02/20/2004 01:17 PM Trygve Hardersen wrote: I'm having a silly problem with 5.0.16 and 5.0.18, regarding the Scandinavian characters æ, ø and å (probably others to). I've developed a project using tomcat and struts, where both message resources and actual data in the database contain these characters. Using 5.0.14 and prior, I've not paid attention to the characters; just used plain text for both resources and data. This has worked out just fine, regardless of user locale (and thereby the lang option of the page), the characters have been rendered properly. Attempting to stay up-to-date, I upgraded to 5.0.16 and later 5.0.18, but now the characters are Chinese-like (unreadable for a Scandinavian). Anyone knows the cause of this? The pages are all UTF-8, xhtml and there is no difference in handling of message resources and model data. Are you sure about that? Could it be that you actually did have this problem with tomcat 5.0.x but just didn't notice? When did you upgrade from tomcat 4.x? There are issues going from tomcat 4 to 5 that could affect this, but none that I know of, just from 5.0.14 - 16. Check the character encoding of your pages in the browser. Look in the response headers to see it. What is it what do you want it to be? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.16 and 5.0.18 international character support
Yes, exactly. Or you can output the response header to a log on the server with response.getCharacterEncoding() BTW, browsers pay higher priority to the HTTP header than the HTML page's meta tag or xml declaration. So I'm doubtful that they use the xml declaration's character-encoding. Basically I think you'll see with the HTTP headers that the content-type is set to 'text/html'. If you do try setting it on the server to 'application/xhtml+xml', then I suspect on most user's browsers, you would see a pop-up dialog asking what to do with this document. Adam On 02/20/2004 05:32 PM Antonio Fiol Bonnín wrote: What Adam said was: Look in the response headers to see it. I think he *really* meant the response headers, not the html code. To do that on IE, you need a plugin called ieHTTPheaders or something like that. On Netscape/Mozilla, use LiveHTTPHeaders. Otherwise, if you are not on HTTPS, you can use a network sniffer. Antonio Fiol Trygve Hardersen wrote: Thanks for the reply. Project never ran on 4.x, developed on 5.x starting from 5.0.14. Using JSTL 1.1. 5.0.14: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / 5.0.18: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / That is equal. However, the characters æøå are in plain text in the page, but IE displays them incorrectly. I can't find any difference in the source of the pages between 5.0.14 and later, which makes me wonder if the problem is IE oriented. Thing is though, that IE displays everything correct on 5.0.14. Installing Netscape now, Opera does not support xhtml with script elements. Idea? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 2:43 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support On 02/20/2004 01:17 PM Trygve Hardersen wrote: I'm having a silly problem with 5.0.16 and 5.0.18, regarding the Scandinavian characters æ, ø and å (probably others to). I've developed a project using tomcat and struts, where both message resources and actual data in the database contain these characters. Using 5.0.14 and prior, I've not paid attention to the characters; just used plain text for both resources and data. This has worked out just fine, regardless of user locale (and thereby the lang option of the page), the characters have been rendered properly. Attempting to stay up-to-date, I upgraded to 5.0.16 and later 5.0.18, but now the characters are Chinese-like (unreadable for a Scandinavian). Anyone knows the cause of this? The pages are all UTF-8, xhtml and there is no difference in handling of message resources and model data. Are you sure about that? Could it be that you actually did have this problem with tomcat 5.0.x but just didn't notice? When did you upgrade from tomcat 4.x? There are issues going from tomcat 4 to 5 that could affect this, but none that I know of, just from 5.0.14 - 16. Check the character encoding of your pages in the browser. Look in the response headers to see it. What is it what do you want it to be? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.16 and 5.0.18 international character support
The point is that the browser sees the HTTP response headers, even if it doesn't display them, and it uses them to decide which charset to use to display the page, regardless of your xml meta declarations in the html file. On 02/20/2004 05:57 PM Trygve Hardersen wrote: I don't get the point of doing this. The problem is not request and response, but the way characters are displayed. Changed the charset to western European, charset=iso-8859-1, and now everything works fine. milx -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 5:33 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support What Adam said was: Look in the response headers to see it. I think he *really* meant the response headers, not the html code. To do that on IE, you need a plugin called ieHTTPheaders or something like that. On Netscape/Mozilla, use LiveHTTPHeaders. Otherwise, if you are not on HTTPS, you can use a network sniffer. Antonio Fiol Trygve Hardersen wrote: Thanks for the reply. Project never ran on 4.x, developed on 5.x starting from 5.0.14. Using JSTL 1.1. 5.0.14: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / 5.0.18: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / That is equal. However, the characters æøå are in plain text in the page, but IE displays them incorrectly. I can't find any difference in the source of the pages between 5.0.14 and later, which makes me wonder if the problem is IE oriented. Thing is though, that IE displays everything correct on 5.0.14. Installing Netscape now, Opera does not support xhtml with script elements. Idea? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 2:43 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support On 02/20/2004 01:17 PM Trygve Hardersen wrote: I'm having a silly problem with 5.0.16 and 5.0.18, regarding the Scandinavian characters æ, ø and å (probably others to). I've developed a project using tomcat and struts, where both message resources and actual data in the database contain these characters. Using 5.0.14 and prior, I've not paid attention to the characters; just used plain text for both resources and data. This has worked out just fine, regardless of user locale (and thereby the lang option of the page), the characters have been rendered properly. Attempting to stay up-to-date, I upgraded to 5.0.16 and later 5.0.18, but now the characters are Chinese-like (unreadable for a Scandinavian). Anyone knows the cause of this? The pages are all UTF-8, xhtml and there is no difference in handling of message resources and model data. Are you sure about that? Could it be that you actually did have this problem with tomcat 5.0.x but just didn't notice? When did you upgrade from tomcat 4.x? There are issues going from tomcat 4 to 5 that could affect this, but none that I know of, just from 5.0.14 - 16. Check the character encoding of your pages in the browser. Look in the response headers to see it. What is it what do you want it to be? Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.18 + keytool
Yes, your message is getting through. I've never had that error, although I have almost the same config as you. I assume you've googled as well? On 02/20/2004 05:14 PM Stewart Walker wrote: Wondering if I my message is getting out there as as I've seen no response. Going to try again. Could really use your help getting past the below error while trying to setup/import a server certificate. The required jsse jar files are in $JAVA_HOME/jre/lib/ext The IBMJava was installed during the Linux install. As far as I can tell it isn't running anything and $JAVA_HOME/bin is first in the path. But I still wonder. keytool was run by root in $JAVA_HOME/bin Haven't done anything with apache yet our web based servlet app is working on 8080 with tomcat. Thanks. Linux ES 2.1 249-e.37 kernel j2sdk1.4.2_03 tomcat5.0.18 $PATH /usr/kerberos/sbin: /usr/kerberos/bin: /usr/java/j2sdk1.4.2_03/bin: /opt/IBMJava2-131/bin: /opt/IBMJava2-131/jre/bin: /usr/local/sbin:/sbin:/usr/sbin: /bin:/usr/bin:/usr/bin/X11: /usr/local/bin: /usr/bin: /usr/X11R6/bin: /root/bin: [EMAIL PROTECTED] ps aux |grep java root 2985 27.0 0.7 246712 29368 pts/5 S08:38 0:04 /usr/java/j2sdk1. root 2986 0.0 0.7 246712 29368 pts/5 S08:38 0:00 /usr/java/j2sdk1. this is just a snipit.. [EMAIL PROTECTED]/ca]#ls -l -rwxr-xr-x1 root apache785 Feb 18 10:16 ca.csr -rwxr-xr-x1 root apache887 Feb 18 10:16 ca.key -rwxr-xr-x1 root apache 1066 Feb 18 10:17 ca.pem [EMAIL PROTECTED] openssl req -new -newkey / rsa:1024 -nodes -out /usr/java/ssl/ca/ca.csr / -keyout /usr/java/ssl/ca/ca.key Using configuration from /usr/share/ssl/openssl.cnf Generating a 1024 bit RSA private key .++ ..++ writing new private key to '/usr/java/ssl/ca/ca.key' - ok works fine [EMAIL PROTECTED] openssl x509 -trustout / -signkey /usr/java/ssl/ca/ca.key / -days 720 -req -in /usr/java/ssl/ca/ca.csr / -out /usr/java/ssl/ca/ca.pem Signature ok subject=/C=US/ST=state/L=city/O=City state/OU=dept/CN=computer/Email=email Getting Private key ok works fine [EMAIL PROTECTED] keytool -import -keystore / $JAVA_HOME/jre/lib/security/cacerts / -file /usr/java/ssl/ca/ca.pem -alias test_ca Enter keystore password: changeit Exception in thread main java.lang.ExceptionInInitializerError at javax.crypto.Cipher.a(DashoA6275) at javax.crypto.Cipher.getInstance(DashoA6275) at com.baltimore.jcrypto.provider.crypto.signatures.RSASignature.init([DashoPro- V1.3-013000]) at com.baltimore.jcrypto.provider.crypto.signatures.JCRYPTO_RSAwithMD5Signature. init([DashoPro-V1.3-013000]) at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorI mpl.java:39) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructor AccessorImpl.java:27) at java.lang.reflect.Constructor.newInstance(Constructor.java:274) at java.lang.Class.newInstance0(Class.java:308) at java.lang.Class.newInstance(Class.java:261) at java.security.Security.doGetImpl(Security.java:1137) at java.security.Security.doGetImpl(Security.java:1084) at java.security.Security.getImpl(Security.java:1045) at java.security.Signature.getInstance(Signature.java:169) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:425) at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:383) at sun.security.tools.KeyTool.addTrustedCert(KeyTool.java:1251) at sun.security.tools.KeyTool.doCommands(KeyTool.java:512) at sun.security.tools.KeyTool.run(KeyTool.java:124) at sun.security.tools.KeyTool.main(KeyTool.java:118) Caused by: java.lang.SecurityException: Cannot set up certs for trusted CAs at javax.crypto.SunJCE_b.clinit(DashoA6275) ... 20 more Caused by: java.security.PrivilegedActionException: java.security.cert.CertificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at java.security.AccessController.doPrivileged(Native Method) ... 21 more Caused by: java.security.cert.Cer tificateException: OIDs::getInstance() - Cannot find any provider supporting RSA at com.baltimore.jpkiplus.x509.JCRYPTO_X509Certificate.verify([DashoPro- V1.3-013000]) at javax.crypto.SunJCE_b.c(DashoA6275) at javax.crypto.SunJCE_b.b(DashoA6275) at javax.crypto.SunJCE_s.run(DashoA6275) ... 22 more -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.16 and 5.0.18 international character support
It probably also has alot to do with the JSTL i18n taglib. Are you using that? Or perhaps your database or JDBC driver? I would not assume that a minor version upgrade from 14 to 16 would produce such a major change. There would have been a massive outcry back then. Although 14 was still beta and 16 is production release, so perhaps not that many people did it. Did you check the http headers? On 02/20/2004 06:14 PM Trygve Hardersen wrote: Correct, Context-Type is text/html. So what's the conclusion? Tomcat 5.0.14 and international characters work fine with utf-8, for later versions use iso-8859-1 or other? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 6:00 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support The point is that the browser sees the HTTP response headers, even if it doesn't display them, and it uses them to decide which charset to use to display the page, regardless of your xml meta declarations in the html file. On 02/20/2004 05:57 PM Trygve Hardersen wrote: I don't get the point of doing this. The problem is not request and response, but the way characters are displayed. Changed the charset to western European, charset=iso-8859-1, and now everything works fine. milx -Original Message- From: Antonio Fiol Bonnín [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 5:33 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support What Adam said was: Look in the response headers to see it. I think he *really* meant the response headers, not the html code. To do that on IE, you need a plugin called ieHTTPheaders or something like that. On Netscape/Mozilla, use LiveHTTPHeaders. Otherwise, if you are not on HTTPS, you can use a network sniffer. Antonio Fiol Trygve Hardersen wrote: Thanks for the reply. Project never ran on 4.x, developed on 5.x starting from 5.0.14. Using JSTL 1.1. 5.0.14: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / 5.0.18: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / That is equal. However, the characters æøå are in plain text in the page, but IE displays them incorrectly. I can't find any difference in the source of the pages between 5.0.14 and later, which makes me wonder if the problem is IE oriented. Thing is though, that IE displays everything correct on 5.0.14. Installing Netscape now, Opera does not support xhtml with script elements. Idea? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 2:43 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support On 02/20/2004 01:17 PM Trygve Hardersen wrote: I'm having a silly problem with 5.0.16 and 5.0.18, regarding the Scandinavian characters æ, ø and å (probably others to). I've developed a project using tomcat and struts, where both message resources and actual data in the database contain these characters. Using 5.0.14 and prior, I've not paid attention to the characters; just used plain text for both resources and data. This has worked out just fine, regardless of user locale (and thereby the lang option of the page), the characters have been rendered properly. Attempting to stay up-to-date, I upgraded to 5.0.16 and later 5.0.18, but now the characters are Chinese-like (unreadable for a Scandinavian). Anyone knows the cause of this? The pages are all UTF-8, xhtml and there is no difference in handling of message resources and model data. Are you sure about that? Could it be that you actually did have this problem with tomcat 5.0.x but just didn't notice? When did you upgrade from tomcat 4.x? There are issues going from tomcat 4 to 5 that could affect this, but none that I know of, just from 5.0.14 - 16. Check the character encoding of your pages in the browser. Look in the response headers to see it. What is it what do you want it to be? Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.16 and 5.0.18 international character support
Well if you're not worried about it. By the way, if you are writing message resource files and serving the results as UTF-8, then you have to write the files save them in unicode, and then use native2ascii to convert them into \uXXX for the characters to come out right. If you don't do that, you just see question marks, I think. On 02/20/2004 06:40 PM Trygve Hardersen wrote: Checked the headers at 5.0.18, and as you said Content-Type is text/html. I don't use the i18n taglib, and I've tested 15 times that the difference is really between 14 and 16/18. Model is made up of Session Beans, which use Hibernate to get the data from a MaxDB database. In other words there is no relation between data access and my problem (which also relates to message resources). If anyone has a 5.0.16 or 18 up and running, adding a message resource containing a ?, ? or ? and checking the result could confirm that this is not a single case. However, if it works with iso-8859-1, I really don't care (: Thanks a bunch for the help! milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 6:24 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support It probably also has alot to do with the JSTL i18n taglib. Are you using that? Or perhaps your database or JDBC driver? I would not assume that a minor version upgrade from 14 to 16 would produce such a major change. There would have been a massive outcry back then. Although 14 was still beta and 16 is production release, so perhaps not that many people did it. Did you check the http headers? On 02/20/2004 06:14 PM Trygve Hardersen wrote: Correct, Context-Type is text/html. So what's the conclusion? Tomcat 5.0.14 and international characters work fine with utf-8, for later versions use iso-8859-1 or other? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 6:00 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support The point is that the browser sees the HTTP response headers, even if it doesn't display them, and it uses them to decide which charset to use to display the page, regardless of your xml meta declarations in the html file. On 02/20/2004 05:57 PM Trygve Hardersen wrote: I don't get the point of doing this. The problem is not request and response, but the way characters are displayed. Changed the charset to western European, charset=iso-8859-1, and now everything works fine. milx -Original Message- From: Antonio Fiol Bonn?n [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 5:33 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support What Adam said was: Look in the response headers to see it. I think he *really* meant the response headers, not the html code. To do that on IE, you need a plugin called ieHTTPheaders or something like that. On Netscape/Mozilla, use LiveHTTPHeaders. Otherwise, if you are not on HTTPS, you can use a network sniffer. Antonio Fiol Trygve Hardersen wrote: Thanks for the reply. Project never ran on 4.x, developed on 5.x starting from 5.0.14. Using JSTL 1.1. 5.0.14: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / 5.0.18: ?xml version=1.0 encoding=UTF-8? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; lang=en xml:lang=en meta http-equiv=Content-Type content=application/xhtml+xml; charset=utf-8 / That is equal. However, the characters ??? are in plain text in the page, but IE displays them incorrectly. I can't find any difference in the source of the pages between 5.0.14 and later, which makes me wonder if the problem is IE oriented. Thing is though, that IE displays everything correct on 5.0.14. Installing Netscape now, Opera does not support xhtml with script elements. Idea? milx -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 2:43 PM To: Tomcat Users List Subject: Re: 5.0.16 and 5.0.18 international character support On 02/20/2004 01:17 PM Trygve Hardersen wrote: I'm having a silly problem with 5.0.16 and 5.0.18, regarding the Scandinavian characters ?, ? and ? (probably others to). I've developed a project using tomcat and struts, where both message resources and actual data in the database contain these characters. Using 5.0.14 and prior, I've not paid attention to the characters; just used plain text for both resources and data. This has worked out just fine, regardless of user locale (and thereby the lang option of the page), the characters have been
Re: Logging
Nathan, it seems from your signature that you're already at the right place. Or are you a troll? Seriously though, log4j, like the other loggers, is an API that you code with - there's no compliancy involved. Adam On 02/20/2004 09:13 PM Nathan Maves wrote: Where is the best resource on how to make your classes log4j compliant? Nathan Maves Sun Microsystems On Feb 20, 2004, at 1:08 PM, Shapira, Yoav wrote: Howdy, So is log4j the industry standard for logging in tomcat apps? Is it what you use? It's what I use, and I'd say there's no established industry standard. It's one of the most commonly used packaged. Many people still use System.out/System.err. Many servlet developers use the ServletContext#log methods. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Tomcat/Struts Certification Proposal
If you don't mind me asking, compared to the 16 hours for SCJ2P, how is it going with SCJ2D ? I assume SCJ2D is the next one up from SCJ2P? On 02/20/2004 08:03 PM Hans Wichman wrote: Hi, I guess it's a matter of which way you look at it. Starting from scratch and getting certified doesn't really say much (because then you are as Yoav said, the unexperienced certified developer). However if you have reached a certain level of experience, I don't see what's wrong with getting certified in that area as well. For example, the SCJ2P took me about 16 hours of study and I scored 93%. That's not because I am so damn good ;-) because I'm not, but because I had a few years experience in the field. So the certification results only acknowleged what I already knew. On the other hand, I am currently working on SCJ2D, and I wish I had never started it (well, I am almost done so that's not entirely true ;-)), but I do know that when I finish it, it doesn't say jacksh.t (so Yoav is totally right in that case). Anywayz, to shorten a long story: maybe the certification itself doesn't say that much, unless you know the time it took and the grades received ;-). Still I think it doesn't hurt to get certified either. grtz Sorv At 01:50 PM 2/20/2004 -0500, Hamilton Andrew wrote: I tend to agree with the certifications are BS argument. I have several certifications and they don't really help me do my job. Unfortunately, in the climate we are in these days, the fact that there are certifications lead us down the road to being forced into acquiring them. When faced with the likelihood that the hiring authority in a company may not be an engineer, but a human resource manager and the requirements for the position are certification in this, that or the other technology, even though I may have 5 more years worth of experience, my resume my get tossed aside because I don't have the piece of paper that tells them that someone else thinks I know what I'm doing, which may sound ridiculous but is still true. It is disheartening to see because I switch jobs every three years and more and more I see that someone wants you to be an SCJP, SCJD, CCIE, CCNA, MCSE, MCSD, or what have you (does this remind anyone of alphabet soup). I think there are ways for you to showcase your skills in your resume without having to resort to getting certifications but it just seems to me that sooner or later there is going to be some form of certification REQUIRED for a lot of positions. Just my .02 Regards, Drew -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 1:24 PM To: Tomcat Users List Subject: RE: Apache/Tomcat/Struts Certification Proposal Howdy, What if you had two experienced engineers, but only one of them had a ASF certification?? Which one would you hire? I don't know, but the certification would not likely be the deciding factor. It would come down to the relevance of the experience, familiarity with the industry, etc, there's a long list of factors that would come before the presence/absence of an ASF certification. But of course, that's just me ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache/Tomcat/Struts Certification Proposal
On 02/19/2004 06:20 PM Yan Lin wrote: Hi, I am not sure if anyone has thought of this. From my research, I don't think it's possible for anyone to get certified on Apache products at this point. But since there are so many companies looking for people with these kind of skills, it would be nice to have an recognized entity like Apache Foundation to help the companies in determining who is the best candidate. For example, I have been working on a lot of projects with Tomcat and Struts, but without a certification, it's kind of hard to convince employers that I have solid work experience in these areas, especially when the potential employers are not that technical. I know there are other ways you can show your skills(I have project on sourceforge), but when facing a pile of resume, no one is going to open up a browser window Maybe I am dreaming of San Francisco beach again this morning, but anyone agrees with me that this is something that we need? FWIW, I think certification is a waste in terms of the amount of learning that it forces on the developer. Perhaps in many cases it does help the recruiter, but firstly I think that recruiters who need to see certification of something in an IT candidate are not doing their job properly, and secondly I think the whole process is a waste of resources, siphoning off money and time from people who usually have better things to do. So please, no to Apache certifications! Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and TOMCAT 5
On 02/16/2004 07:17 PM Miller, Steve wrote: But, if anybody out there needs any help with configuring JAAS into Tomcat 5, let me know. I've integrated LDAP authentication into the process as well...works beautifully...finally. :-) I'll be happy to share my code in order to prevent others from suffering from massive manual hair folicle extraction. :-) Now to get this thing to work on my Linux box. :-) Steve Miller Steve, you could always update the tomcat docs on the jakarta website, and submit a patch. :) Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and TOMCAT 5
Well done. And if you want to debug it, go into your catalina.sh or .bat file and echo the whole execute string that the script uses to launch java. You'll see whether it's the JAVA_OPTS or not. I use the full path and not the envvar. On 02/16/2004 04:21 PM Miller, Steve wrote: Success!!! I went back and changed my JAVA_OPTS setting to use single quotesand it still failed. However, in my login.jsp page, I added the following line at the top: System.setProperty(java.security.auth.login.config, C:/TOMACT/conf/jaas.conf); Presto...worked beautifully. I even got the message out in the tomcat log that my login module was successful. I'm still very intrigued as to why nothing else I did worked yet setting it implicitely in my code worked. But, I'll worry about that laterI'm just glad it works now!! Thanks for all the help. :-) Steve Miller -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: Saturday, February 14, 2004 8:38 AM To: Tomcat Users List Subject: Re: JAAS and TOMCAT 5 On 02/13/2004 09:34 PM Shapira, Yoav wrote: JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. I hardcode the whole path. And I set JAVA_OPTIONS to the same thing as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS and TOMCAT 5
On 02/13/2004 09:34 PM Shapira, Yoav wrote: JAVA_OPTS=- Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.conf You probably want JAVA_OPTS='-Djava.security.auth.login.config=$CATALINA_HOME/conf/jaas. conf' (one line, single equals signs, quotes containing the whole JAVA_OPTS value. I hardcode the whole path. And I set JAVA_OPTIONS to the same thing as well. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Form Based Authentication - Registration
On 02/14/2004 10:31 AM Alexander F. Hartner wrote: No we want to add registration and have the following happen 1.) Customer requests access to a realm 2.) Redirect to login page 3.) Customer doesn't have an account yet and accesses registration page 4.) Customer registers 5.) On successful registration the customer is redirected to the original request Now to get this working we need the following, both of which we are not sure are currently provided by the authentication framework. -Ability to access the original (SavedRequest) from a JSP / Servlet -Ability to auto/fake login from within the webapplication You cannot access the original request if the url is protected by a security-constraint and the user has not logged in. Tomcat will always jump in first with the CMS login. To fake it and keep CMS, reduce your real realm to a security constraint on one URL and set up a filter to check for the user's status. If not logged in, saved the parts of the request you need in the session, and redirect the user to the protected page to trigger the container login. Then after the login succeeds and the user gets through to that protected URL, check the session for the info and redirect them to their original destination. You can put a link on the login page to the registration URL - I'm not sure about the redirection logic but it should be possible to redirect them after registration back to the login page to login, and then on to their original destination. HTH Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Another Try at MySQL Connection Pooling
Merrill, you should be absolutely sure that your context is getting loaded from the file you think. Make sure that there is no context config for the app in any of the other files in tomcat/conf/Catalina/localhost, nor in server.xml, nor in META-INF in any webapp directory. You can chuck out the resource-ref from the web.xml - I'm using 3 JNDI connection pools and I don't have it in my web.xml (is that macho?) - just don't ask me why. Adam On 02/11/2004 09:13 PM Burgess, Jay S wrote: The J2EE tutorial is one place that talks about the context naming scheme: http://java.sun.com/j2ee/1.4/docs/tutorial/doc/Resources2.html And just to be 100% sure, my example below actually has a minor cut-and-paste error--there's a space after TimesheetsDB in the second lookup(). If you simply cut-and-pasted my example, and it turns out that the string has to be an exact match, then this could be an issue. Probably not, but worth mentioning, just in case. Jay -Original Message- From: Merrill Cornish [mailto:[EMAIL PROTECTED] Sent: Wednesday, February 11, 2004 2:04 PM To: Tomcat Users List Subject: RE: Another Try at MySQL Connection Pooling Jay, Context initialContext = new InitialContext(); Context envContext = (Context) initialContext.lookup(java:comp/env); this.dataSource = (DataSource) envContext.lookup(jdbc/TimesheetsDB ); Ah ha! I was missing the second step. When I added the second step, it still fails, but the complaint has changed. Slightly. At org.apache.naming.NamingContext.lookup(NamingContext.java:814) there occurred a javax.naming.NameNotFoundException: Name TimesheetsDB is not bound in this Context So now it can find jdbc, but not TimesheetsDB. By the way, what does the java:comp/env argument mean? Merrill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Another Try at MySQL Connection Pooling
On 02/11/2004 10:15 PM Merrill Cornish wrote: Adam, The following line occurs in stdout.log: INFO: Processing Context configuration file URL file:C:\Program Files\Apache Group\Tomcat 5.0.18\conf\Catalina\localhost\timesheet.xml so it appears to be getting the correct context fragment. What if that fragment is an old one you accidentally left hanging around? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Another Try at MySQL Connection Pooling
Merrill, I think everyone's waiting to see you kick yourself when you discover what the problem is... ;) No seriously, there are 2 things that I would try - (1) debug the context - I think it returns an enum of entries available from some method, and (2) go back to the most basic test servlet / jsp, context.xml web.xml, and a clean install of tomcat and try it there. Also check your Host settings in server.xml. Is deployXML=true? I think it should be. As far as a learning experience goes, I think giving it up as a bad thing now would only be a negative experience, whereas actually finding out what is wrong and fixing it, well as long as it doesn't take too long. On 02/11/2004 11:34 PM Merrill Cornish wrote: Jay, once in my .WAR, and once as a result of my Ant deploy task I have yet to move to that plane of confusion. I'm not using a META-INF directory or a .WAR file since I'm still trying to figure out WHAT to deploy. I am manually editing * the conf/server.xml file (to change the default ports, but nothing else), * the webapps/timesheet/* directory (to hold the application), * the webapps/WEB-INF/web.xml file (to name and map the various servlets, etc.), and * conf/Cataline/localhost/timesheet.xml (to define the context). I think it's time I reverted to DriverManager and got on with other things. While Tomcat DataSources are proved to be a learning experience with a vengance, it hasn't been a very positive one. :-( Nevertheless, thanks for your help and support. Merrill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Repost] Tomcat logging
On 02/09/2004 07:51 AM Marcel Stor wrote: explains the new context descriptors. I still don't quite get it. It says ...which would normally be found in the main server configuration file Well, does this mean I can (have to?) remove all my context descriptions from server.xml and place them into individual files? Or do I need both? Or?? You only ever have one context description per app, and it can be in server.xml or in a seperate file. What really concerns me: Each of my contexts has a FileLogger and a AccessLogValve defined. Hoever, at startup only the valve log is created. With TC4 each context's FileLogger log was created and contained entries saying that the context had successfully been loaded etc. Why is the log not created anymore? Also, one app uses the standard Java logging framework. All the log entries end up in catalina.out instead of the app's own context log. How to resolve this? What are you using to log? The java.utils.logging framework will log to anywhere you define in its configuration. By default, as a file java0.log in the tomcat user's home directory. I'm not sure what tomcat does with its FileLoggers and catalina.out. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Repost] Tomcat logging
On 02/09/2004 10:07 AM Marcel Stor wrote: What are you using to log? The java.utils.logging framework will log to anywhere you define in its configuration. By default, as a file java0.log in the tomcat user's home directory. I know. And if the app is started one would have to a runtime parameter to define the corresponding properties file with all the logging configuration... However, if the Sun framework is used withing a webapp that uses a FileLogger (as defined in the context) I would expect that logging messages end up in the context's log and not in catalina.out??? I'm afraid it's a black hole for me too as far as info is concerned. I know how to set up and run log4j or java.util.logging so I can write log statements, control the logging levels etc. I also know how to configure log4j, java.util.logging and tomcat5 to create log files, rotatable or not or max size etc. I just don't know how the input and output are linked by tomcat. If at all. It just hasn't climbed far enough up my list of priorities to warrant looking into it further. I suspect that it's got something to do with org.apache.commons.logging, but that is just a wild hunch. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: root context loaded again under its docbase name
On 02/09/2004 02:58 PM Shapira, Yoav wrote: and this is my context (which is found in META-INF/context.xml): Context path= docBase=gargantus.war cachingAllowed=false reloadable=false Anybody else with the same setup see this? Bug or not bug? snip/ Seems like a bug. What happens if you don't have context.xml at all in your WAR, and simply drop the WAR in the webapps directory? If there's no context.xml, then I don't get a root context - no _, no nada - and no errors. Just the context with the same name as the war file. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: root context loaded again under its docbase name
On 02/09/2004 11:01 PM Shapira, Yoav wrote: If there's no context.xml, then I don't get a root context - no _, no nada - and no errors. Just the context with the same name as the war file. So if there's no context.xml, the behavior is correct (with all default values, e.g. reloadable). If you add a context.xml, you get the context twice, once as root and once appropriately. Seems like a bug, no? Just tried that with a simple test.war file and a mickey mouse context.xml. It seems that it will not occur when the war has never been deployed before. But after the first deploy, once the war-file-name.xml exists in conf/Catalina/localhost/ and then when tomcat is restarted, tc then deploys the unwanted second context. I'll log it as a bug. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
root context loaded again under its docbase name
I've seen and asked about this about a year ago but since it wasn't important, I didn't bother chasing it up when I found no solution. It's happening again. Tomcat loads my context twice. Once for root and once with the name of its WAR file. My war file is called gargantus.war. This is my Host: Host name=localhost appBase=webapps unpackWARs=false autoDeploy=false deployXML=true and this is my context (which is found in META-INF/context.xml): Context path= docBase=gargantus.war cachingAllowed=false reloadable=false Anybody else with the same setup see this? Bug or not bug? Interestingly tomcat creates working files in work/Catalina/localhost/_/ AND in work/Catalina/localhost/gargantus/ even when I only access the root context. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: root context loaded again under its docbase name
I get no error message - I just grepped the log file. For me the problem is totally benign - unless I decide that I want to have a context with the same name as my root context's war file. I suggest that you are getting an error because you have doubled the Context somehow - perhaps you still have it in your server.xml? Maybe you have an old .xml file in conf/Catalina/localhost/ ? Or maybe for you it lies in the way you declared the context. Adam On 02/07/2004 03:18 PM Hernani Mourao wrote: I definitely have the same problem. And Tomcat does not execute context.xml. I presume is due to the error message: context already in use. Do you have the some problem? Hernani -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: sabado, 7 de Fevereiro de 2004 12:47 To: Tomcat Users List Subject: root context loaded again under its docbase name I've seen and asked about this about a year ago but since it wasn't important, I didn't bother chasing it up when I found no solution. It's happening again. Tomcat loads my context twice. Once for root and once with the name of its WAR file. My war file is called gargantus.war. This is my Host: Host name=localhost appBase=webapps unpackWARs=false autoDeploy=false deployXML=true and this is my context (which is found in META-INF/context.xml): Context path= docBase=gargantus.war cachingAllowed=false reloadable=false Anybody else with the same setup see this? Bug or not bug? Interestingly tomcat creates working files in work/Catalina/localhost/_/ AND in work/Catalina/localhost/gargantus/ even when I only access the root context. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem adding access log valve.
Hi Mufaddal, the accesslogvalve config requires a Valve / tag, not a Logger/ tag. Check the exception messages carefully, normally they tell you. Also check your config against the documentation - I don't think 'timestamp' is a valid attribute for Valve/ HTH Adam On 02/05/2004 11:06 PM Mufaddal Khumri wrote: Hi I have the following in my server.xml !-- Define the default virtual host -- Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ Logger className=org.apache.catalina.valves.AccessLogValve directory=logs/acesslogs pattern=%a %A %b %B %h %H %l %m %p %q %r %s %S %t %u %U %v prefix=access_log. suffix=.txt timestamp=true/ Context path=/mywebapp docBase=mywebapp debug=0 reloadable=true crossContext=true/ /Host I added the AccessLogValve above and now Tomcat does not start? What did I do wrong? Tomcat works fine if I remove the accessvalvelog i added above. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SOLUTION: SSL certificates HOW-TO
Good one Bruno. On 02/03/2004 10:09 PM [EMAIL PROTECTED] wrote: It seems that obtaining and installing SSL certificates from different Certificate Authorities is not consistent. Even within the same CA, the procedure for real and test certificates is not necessarily the same. To make matters worse there appear to be differences in the operation of the Java keystore from 1.3.x to 1.4.2. Finally, documentation in Tomcat and in the CA sites is slightly out of date. These things combined make life difficult. The following is a summary of procedures that I have found to work with JDK 1.4.2_03 and Tomcat 5.0. For all options: · Use password changeit for BOTH the keystore and the keys. · Use the server's fully qualified hostname as first and last name as first last name, i.e.: myserver.mydomain.com · When requesting certificates, you must get an X.509 server certificate. If you get a PKCS#7 certificate you must convert it to an X.509 one before use. Using a self-signed certificate: · cd · keytool -genkey -alias tomcat -keyalg RSA Using Verisign certificate: The official Verisign instructions were incorrect at the time of this writing, but the following procedure will work for REAL certificates. For test certificates you theoretically only need and install the test root and test server certificates steps (not successfully tested), which are different from the regular root and server certificates. · cd · keytool -genkey -alias tomcat -keyalg RSA · keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr · Use the .csr to request a certificate · Obtain the Verisign root certificate, intermediate certificate and server certificate · keytool -import -alias verisignroot -trustcacert -file verisignroot.cer · keytool -import -alias root -file intermediate.cer · keytool -import -alias tomcat -file server.cer Using Thawte certificate The Thawte instructions were incorrect at the time of this writing, but the following procedure will work for (at least) test certificates. · cd · keytool -genkey -alias mykey -keyalg RSA · keytool -certreq -keyalg RSA -alias mykey -file certreq.csr · Use the .csr to request an X.509 certificate, you will get a server certificate. · keytool -import -alias tomcat -trustcacerts -file server.cer I hope this helps others to avoid the headaches I experienced. :P Bruno - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: access log
Hi Yan, I'm only writing the access logs to a DB, I'm not too interested in keeping the normal logs as long as everything runs peachy. There is actually a small comment in the JDBCAccessLogValve noting that it would be good to develop a filter on the mime type - with which one could just drop all the image request log statements, for instance. However all the fuss about bottlenecks is all pie-in-the-sky for me, unless my website becomes hugely successful. At that point of course I'll just hire someone to develop it ;) Adam On 02/02/2004 11:36 PM Yansheng Lin wrote: Hi, How about just log errors and warnings to the db? So for other types of log entry, it will still be file based; but when there is an error or a warning, in log4j, you set it up so it writes to two places. I don't notice any performance issue with this setup. But just want to confirm. Thanks! -Yan -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 11:53 AM To: Tomcat Users List Subject: RE: access log Howdy, re: asynchronous DB writes - Tim pointed out the JDBCAccessLogValve. I assume you are thinking that this would quickly become a bottleneck? Yeah, that's what I'm thinking. Writing the access log valve should be very very quick, very very scalable, or it easily becomes a bottleneck. Remember, for example, that a single page request with 9 images is 10 access log writes. 10 users asking for that page concurrently means 100 concurren access log writes, etc etc. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Yet another OT question.
Try writing a really obviously wrong SQL statement, just rubbish, see if you force an error. Also check your DB logs to see whether it spat out an error log msg. On 02/03/2004 07:51 AM Antonio Fiol Bonnín wrote: When we insert duplicates, we do get SQLException as a response. We are using Oracle 9.2, however. No idea why they behave differently. What does the DB do if you insert duplicates from sqlplus or a similar tool? Antonio Fiol George Sexton wrote: The error is signaled by getting 0 back as the number of affected records. -Original Message- From: David Short [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 10:16 PM To: 'Tomcat Users List' Subject: RE: Yet another OT question. My statement is performing an insert, which would not return a result set. An executeQuery() would return a result set. I too, read the description about returning an int. I intentionally tried inserting a duplicate value in the index, trying to force an error, and no error was generated. The return value was 0. So, it is returning zero (nothing was inserted) but that's it. No SQLException. There's got to be a way to catch an error like this. -Original Message- From: George Sexton [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 8:10 PM To: 'Tomcat Users List'; [EMAIL PROTECTED] Subject: RE: Yet another OT question. I broke out my JDBC handbook (JDBC API Tutorial and Reference, Second Edition) and it says: Returns an int indicating the number of rows affeted by an INSERT,UPDATE, or DELETE statement; 0 if no rows were affected or the statement executed was a DDL statement. Throws SQLException if the sepcified argument is a statement that generates a result set. From reading this, it appears the driver is compliant and working per the specification. -Original Message- From: David Short [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 7:59 PM To: 'Tomcat Users List' Subject: RE: Yet another OT question. I pulled the latest (1.2 for Oracle 8.1.7) off of Oracle's web site today. -Original Message- From: George Sexton [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 6:33 PM To: 'Tomcat Users List'; [EMAIL PROTECTED] Subject: RE: Yet another OT question. Probably a flake in the Oracle driver. Check you are using the latest one. -Original Message- From: David Short [mailto:[EMAIL PROTECTED] Sent: Monday, February 02, 2004 4:18 PM To: 'Tomcat Users List' Subject: Yet another OT question. It seems like a slow day on the list so, thought I'd throw my issue out there. I'm working with Tomcat 4.1.0, Oracle 8.1.7 and JDBC 1.2. It seems that the JDBC executeUpdate() method doesn't raise an exception when I pass an incorrect SQL statement. It returns 0 rows, but no exception. Anyone seen this before? -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: access log
On 02/03/2004 04:57 PM Yansheng Lin wrote: If you are not doing this for security/alerts, you can go and get an access log analyzer. There are tones of analyzers out there. If all fails, /xusage is still going to be there. And if your website becomes hugely successful, at that point of course you can get someone to develop it:). OK, there seem to be a few weblog analyzers out there - open-source and able to read tomcat access logs - any recommendations? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
access log
I'm using the access log valve to record my traffic and I was wondering: - if anyone was thinking of adapting it to write to a database via jdbc? - if anyone has a script to import the daily log files into a mysql database? - how easy it would be to adapt the date output to '2004-02-02' instead of '02/02/2004'? rgds Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: access log
On 02/02/2004 02:54 PM Shapira, Yoav wrote: - if anyone was thinking of adapting it to write to a database via jdbc? Too slow, unless done very carefully asynchronously (and then you have to really take care to keep entries in the right order, etc -- it's a nightmare). There are no open bugs against JDBCAccessLogValve. re: asynchronous DB writes - Tim pointed out the JDBCAccessLogValve. I assume you are thinking that this would quickly become a bottleneck? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ServletFilter on j_security_check
Frank, if you develop a JAAS login module, you can get it to do pretty much anything you want, apart from having instant access to that user's session. You could write the login attempts to a database for instance. Adam On 01/31/2004 11:51 PM Tim Funk wrote: Yeah. Use a Valve. A Valve is just like a filter but is tomcat dependent and is issued before any filters are invoked. Any such functionality your looking for is NOT Servlet spec specific so whatever solution you use - you'll be locked into that container. -Tim Frank Febbraro wrote: Well that sucks :-( Any change that in the future Tomcat can have somethign silimar to the auth-filter in WebLogic...basically just a way to hookup (via interface) a class that can be notified of these events? Guess I need to break out my papers and roll my ownagain. For those with problems such as these, check out http://opensource.atlassian.com/seraph/introduction.html - Original Message - From: Tim Funk [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, January 30, 2004 7:29 AM Subject: Re: ServletFilter on j_security_check The Sun spec team has said that filters can't be applied to j_security_check. http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21795 -Tim Frank Febbraro wrote: Using Tomcat 4.1.x In looking at the source it seems that there is no simple way to hook into the Login process to get notified of successes or failures (dammit). So I was attempting to servlet filter the j_security_check and do my own pre/post processing. However I am unable to filter it. Is this URL specifically ignored by the filtering mechanism? My web.xml file looks as such... filter filter-namelogin/filter-name filter-classraider.portal.servlet.LoginFilter/filter-class /filter filter-mapping filter-namelogin/filter-name url-pattern/j_security_check/url-pattern /filter-mapping Kinda running out of options at this point, anyone else had a problem similar to needing to audit the login results? Thanks in advance, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: update tomcat 4 to tomcat 5
On 01/31/2004 10:45 PM Lars Schreiber wrote: Hi can anybody explain me how to update between different versions of tomcat without install and configure the complete tomcat? its all if im copy the jars from the new tomcat in the /server/lib dir from the old tomcat ? Thanks Sounds like tomcat roulette ;) -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dumb newbie question
I read on this list a while back that there is now a configuration parameter or switch somewhere take care of this. Apparently it is by default OFF, because it doesn't comply with the servlet spec. I am not sure what the parameter is, nor whether it is in a production release yet. Perhaps someone else knows. Adam On 01/30/2004 12:47 PM Ralph Einfeldt wrote: You can define a servlet filter that parses the response stream. Depending on what you have to parse there may be tools that can help you to do the parsing and stripping. -Original Message- From: Jonas Stricker [mailto:[EMAIL PROTECTED] Sent: Friday, January 30, 2004 12:20 PM To: [EMAIL PROTECTED] Subject: dumb newbie question I would like to know wether there´s a not too sophisticated method to clean up the output of JSPs that are rendered by tomcat. Reason: I am supposed to produce some XML dynamically, which has to be parsed again by some - well, let´s say: not _very_ wise guys. So it would be kind of useful for me to get rid of the empty lines in the HTML/XML/what-ever output. In the end it doesn´t look to nice, too. :) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Client Authentication
Michael, with SSL the browser and tomcat will handle the certs for you without having to parse them. You just have to make a cert for your tomcat and tell tomcat where it is, in the config for the connector. It's all well documented on the tomcat site. Otherwise the only thing you need to do is set up security-constraints in your web.xml for the appropriate pages. That is documented well in the servlet spec. Adam On 01/28/2004 11:24 PM Milazzo, Michael A HQISEC wrote: Hi, I am trying to configure Tomcat to protect my pages using SSL client authentication. I changed the clientAuth option within the HTTPS connector, but I'm not sure what to do next. My code already tries to look for the certs and parse them, but I am not sure what else I need to configure. Thanks, Michael A. Milazzo USAISEC-Technology Integration Center Communications Systems Evaluation Team Comm: (520) 533-3765 DSN: 821-3765 Email: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat logging and java.util.logging
In my webapp's context I configured a logger: Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_gargantus_log. suffix=.txt timestamp=true / I changed over from using log4j to using the native java.util.logging package, and I have lost the ability to write to this logger in my context. Instead, java.util.logging logs to the file I specify (or a default) in its own configuration file. How come log4j was able to direct logging to the tomcat logger above? Can I get java.util.logging to do that? Tomcat will catch java.util.logging output if I use this: Logger className=org.apache.catalina.logger.SystemOutLogger description=logs to catalina.out in tomcat logs dir / Can anybody shed some light on this situation? Thanks Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] installing new java jdk
I haven't worked out how to install new versions of java onto my remote webserver effectively yet. If I go to my webserver with a linux shell and use Lynx, the download page at java.sun.com gets truncated. wget and curl don't work either because they're not interactive so you can't click on the 'accept terms' submit button. it means I cannot download the 30MB or so direct from java.sun.com to my webserver. I have to download it to my workstation and then scp it across to my webserver, which means uploading over asynchronous DSL which takes about 30 mins (and effectively halts any internet browsing, so I can't even entertain myself while I wait). How does everyone else do it? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] installing new java jdk
I thought there weren't any mirrors. Which do you mean? On 01/26/2004 03:05 PM Yiannis Mavroukakis wrote: Why not try to get it from a mirror? -Original Message- From: Adam Hardy [mailto:[EMAIL PROTECTED] Sent: 26 January 2004 13:40 To: Tomcat Users List Subject: [OT] installing new java jdk I haven't worked out how to install new versions of java onto my remote webserver effectively yet. If I go to my webserver with a linux shell and use Lynx, the download page at java.sun.com gets truncated. wget and curl don't work either because they're not interactive so you can't click on the 'accept terms' submit button. it means I cannot download the 30MB or so direct from java.sun.com to my webserver. I have to download it to my workstation and then scp it across to my webserver, which means uploading over asynchronous DSL which takes about 30 mins (and effectively halts any internet browsing, so I can't even entertain myself while I wait). How does everyone else do it? Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] installing new java jdk
That trick with wget didn't work for me because wget complained it couldn't run the https protocol. Is there a wget that will run https? I'll check it out. On 01/26/2004 04:54 PM Philipp Taprogge wrote: Hi! Adam Hardy wrote: If I go to my webserver with a linux shell and use Lynx, the download page at java.sun.com gets truncated. wget and curl don't work either because they're not interactive so you can't click on the 'accept terms' submit button. This is a problem I often run into as well. Although there are ways to get the sun download page to work with curl, I have not yet figured them out. Easiest is is fact to download the sdk from another machine and ftp/scp it to your server. There is another way that might work: go to the sun page from your desktop-machine, click your way through past the license terms and then let wget fetch _exactly_ whatever link your browser provides for the download. I have used that one successfully, but only with machines that are NATted through the same router. HTH Phil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] installing new java jdk
Wow. How did you do that? wget must have been redirected at least 2 times then! On 01/26/2004 09:12 PM Ankur Shah wrote: Try the following URI under wget to see if that works for you: http://tinyurl.com/yugvm Its the download link to the J2SDK 1.4.2 RPM. Adam Hardy wrote: That trick with wget didn't work for me because wget complained it couldn't run the https protocol. Is there a wget that will run https? I'll check it out. On 01/26/2004 04:54 PM Philipp Taprogge wrote: Hi! Adam Hardy wrote: If I go to my webserver with a linux shell and use Lynx, the download page at java.sun.com gets truncated. wget and curl don't work either because they're not interactive so you can't click on the 'accept terms' submit button. This is a problem I often run into as well. Although there are ways to get the sun download page to work with curl, I have not yet figured them out. Easiest is is fact to download the sdk from another machine and ftp/scp it to your server. There is another way that might work: go to the sun page from your desktop-machine, click your way through past the license terms and then let wget fetch _exactly_ whatever link your browser provides for the download. I have used that one successfully, but only with machines that are NATted through the same router. HTH Phil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Session Managment Problem under Linux
On 01/26/2004 07:12 PM Shane O'Sullivan wrote: Hi All, I am using Tomcat 4.1 running on Red Hat Linux 9.0. I have succesfully deployed my servlet and all seems to be running ok except for one issue. The number of sessions for my servlet seems to be incrementing, even if I stop and restart Tomcat. Its currently at 86 and i'm worried this will effect performance. I have tried setting the session-timeout variable but to no avail. This doesn't however happen on a Windows machine. If I restart Tomcat the number of sessions goes to 0 for my servlet. Go into your context configuration and tell tomcat not to save the sessions at shutdown. You could set an access log as well to see whether you have any strange goings on that could be keeping your sessions from expiring. Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
I never done that myself. But it would surprise me if the tomcat website at http://jakarta.apache.org doesn't have good documentation on it. Adam On 01/24/2004 07:49 PM Lars Schreiber wrote: Hi thanks for help and for confidene to my english knowledge :-) in order that you understand my problem.. i have prepared a link for you https://test.extremewebs.de:8443/test/StatusServlet if im use the link over the mod_jk2 he works fine https://test.extremewebs.de/test/StatusServlet but here ist the problem, as soon as put html form tags or links etc to my servlet the server response a information about unsecure parts on my website. i dont have find any good solution to work with apache and tomcat together someone dont work if anybody here to explain me step to step how to setup a apache with ssl and a conector to tomcat with ssl ? Thanks - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Saturday, January 24, 2004 5:07 PM Subject: Re: Tomcat und SSL Hi Lars, just try it - there's often /really/ bad English on the list, and people still understand. As long as you keep it simple! Anyway, what you want to do is just connect via HTTPS, correct? And you say, your browser gives the message choose a certificate? I don't understand why you see that. I have never seen this message. Which browser? What URL do you type in? Is it https://localhost:8443/ Did you double check your server.xml config? Adam On 01/24/2004 02:53 PM Lars Schreiber wrote: -- i know that is an english mailinglist but if im try to describe my problem in english i dont think that anybody unstand me -- Hallo Ich habe mit hier eine Tomcat Installation mit SSL Unterstuetzung und einen .keytsore erzeugt und zwar nach diesem Verfahren keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -dname CN=Jens Mander, OU=-, O=-, L=Aachen, S=NRW, C=DE das passwort trage ich noch in den SSL Connector ein und starte den Tomcat neu daraufhin lade ich meine gewuenschte seite ueber port 8443 per Browser kommt die Aufforderung ich soll ein Zertifikat aussuchen ?!?!!? ich hab aber keins .. demnach waehle ich keins aus die seite baut sich daraufhin nicht auf und der vorgang bricht ab was habe ich falsch gemacht ? kann mir irgendjemand hier helfen ? Danke -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat und SSL
Hi Lars, just try it - there's often /really/ bad English on the list, and people still understand. As long as you keep it simple! Anyway, what you want to do is just connect via HTTPS, correct? And you say, your browser gives the message choose a certificate? I don't understand why you see that. I have never seen this message. Which browser? What URL do you type in? Is it https://localhost:8443/ Did you double check your server.xml config? Adam On 01/24/2004 02:53 PM Lars Schreiber wrote: -- i know that is an english mailinglist but if im try to describe my problem in english i dont think that anybody unstand me -- Hallo Ich habe mit hier eine Tomcat Installation mit SSL Unterstuetzung und einen .keytsore erzeugt und zwar nach diesem Verfahren keytool -genkey -v -keyalg RSA -alias tomcat -keypass changeit -storepass changeit -dname CN=Jens Mander, OU=-, O=-, L=Aachen, S=NRW, C=DE das passwort trage ich noch in den SSL Connector ein und starte den Tomcat neu daraufhin lade ich meine gewuenschte seite ueber port 8443 per Browser kommt die Aufforderung ich soll ein Zertifikat aussuchen ?!?!!? ich hab aber keins .. demnach waehle ich keins aus die seite baut sich daraufhin nicht auf und der vorgang bricht ab was habe ich falsch gemacht ? kann mir irgendjemand hier helfen ? Danke -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]