RE: JDBC Realm
Justin, maybe tomcat is complaining about your userRoleTable (user_roles). Does this table have a row named userNameCol (USERNAME), too? AFAIK the exact same column name is required to put users and roles together. I assume this because you first get 2003-11-20 08:54:01 JDBCRealm[Standalone]: Username justin successfully authenticated which seems like the password has been successfully checked, but then you get 2003-11-20 08:54:01 JDBCRealm[Standalone]: Exception performing authentication java.sql.SQLException: Column not found, message from server: Unknown column 'username' in 'where clause' which should come from the attempt to get the roles for this user. Greetings Andreas Mohrig -Original Message- From: Justin Wesbrooks [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 3:59 PM To: Tomcat Users List Subject: Re: JDBC Realm By the way, I know my userCredCol from the original configuration I sent was wrong. It should be PASSWORD. I've corrected this and still get the same errors. I just tried changing all of my field names to lower case, but get the same results. Here is the exception I get when I don't use the single quotes. 2003-11-20 08:54:01 JDBCRealm[Standalone]: Username justin successfully authenticated 2003-11-20 08:54:01 JDBCRealm[Standalone]: Exception performing authentication java.sql.SQLException: Column not found, message from server: Unknown column 'username' in 'where clause' at com.mysql.jdbc.MysqlIO.checkErrorPacket(MysqlIO.java:1825) at com.mysql.jdbc.MysqlIO.sendCommand(MysqlIO.java:1020) at com.mysql.jdbc.MysqlIO.sqlQueryDirect(MysqlIO.java:1109) at com.mysql.jdbc.Connection.execSQL(Connection.java:2030) at com.mysql.jdbc.PreparedStatement.executeQuery(PreparedStatement.java:1563) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:476) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:394) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthe nticator.java:161) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:528) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2417) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:781) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:549) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:589) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:666) at java.lang.Thread.run(Thread.java:534) Jon Wingfield [EMAIL PROTECTED] odo.com To Tomcat Users List 11/20/2003 05:01 [EMAIL PROTECTED] AM cc Subject Please respond to Re: JDBC Realm Tomcat Users
RE: JDBCRealm configuration and JBDC Driver classpath
Andrew, anyone please correct me if I'm wrong, but I'm afraid you've got at least two problems here: 1. As far as I know it is not possible to define a Realm outside of server.xml. If you do not have access to that file, I see no way you can use container managed security, which is a prerequisite for form based authentication (or rather the other way around: form based authentication is just one way to use container managed security). 2. Here I'm even more unsure, but I think I read somewhere that the container managed security of tomcat is starting to work _outside_ of your context (only then should single sign on be possible, which it is with tomcat). Then you would definitely need your drivers somewhere where the server can see them, i.e. $CATALINA_HOME/common/lib. Some good news, though: Besides this, you should be able to use your database. If you try to establish a connection only inside your context, the driver in your WEB-INF/lib directory should be enough. As a last resort you could implement some application managed security, although this is quite a nuisance (as I can tell). Greetings Andreas Mohrig -Original Message- From: Andrew Murphy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:58 PM To: [EMAIL PROTECTED] Subject: JDBCRealm configuration and JBDC Driver classpath I am trying to configure form based authentication using a JDBCRealm. I do not have access to the $CATALINA_HOME/common/endorsed folder or server.xml file as my webapp is hosted in a shared environment by an ISP. Therefore I have created a Context configuration xml file fragment to provide the required Realm implementation settings/attributes for Tomcat to load from my root folder at start-up. The problem I am experiencing is that because I am not permitted to access the $CATALINA_HOME/common/endorsed folder I am unable to put the Driver jar (mysql-connector-java-3.0.7-stable-bin.jar) in the container classpath. Attempts to get the container to detect the Driver in the Context classpath (/WEB-INF/lib) of my webapp have proved futile (or so it seems). As a result Tomcat does not recognize the login form action 'j_security_check' when the form is posted, presumably because the driver required to look-up user credentials was not loaded/located in the first place. Can anyone advise of a work-around, or let me know if I have overlooked something, or am I simply snookered...? Thanks Andrew Murphy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDBCRealm configuration and JBDC Driver classpath
Andrew, thank you. Jon Anderson pointed it out, too. Not knowing such things comes from being blessed (and cursed) with a tomcat installation totally under my control and without any restrictions. Greetings Andreas Mohrig -Original Message- From: Andrew Murphy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 6:31 PM To: Tomcat Users List Subject: RE: JDBCRealm configuration and JBDC Driver classpath Thanks for your comments. I am beginning to suspect that my options are limited and may have to resort to application managed security which I have tried to avoid up to now. Alternatively I could try persuade my ISP to include the jar in the container classpath (wishful thinking!) By the way Andreas, it is permissable to create a xml context fragment outside of the server.xml (covered in Tomcat, The Definitive Guide ISBN 0-596-00318-8) Regards Andrew Murphy Mobile: +44 (0)7970 176565 -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED] Sent: 19 November 2003 16:52 To: 'Tomcat Users List' Subject: RE: JDBCRealm configuration and JBDC Driver classpath Andrew, anyone please correct me if I'm wrong, but I'm afraid you've got at least two problems here: 1. As far as I know it is not possible to define a Realm outside of server.xml. If you do not have access to that file, I see no way you can use container managed security, which is a prerequisite for form based authentication (or rather the other way around: form based authentication is just one way to use container managed security). 2. Here I'm even more unsure, but I think I read somewhere that the container managed security of tomcat is starting to work _outside_ of your context (only then should single sign on be possible, which it is with tomcat). Then you would definitely need your drivers somewhere where the server can see them, i.e. $CATALINA_HOME/common/lib. Some good news, though: Besides this, you should be able to use your database. If you try to establish a connection only inside your context, the driver in your WEB-INF/lib directory should be enough. As a last resort you could implement some application managed security, although this is quite a nuisance (as I can tell). Greetings Andreas Mohrig -Original Message- From: Andrew Murphy [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 19, 2003 4:58 PM To: [EMAIL PROTECTED] Subject: JDBCRealm configuration and JBDC Driver classpath I am trying to configure form based authentication using a JDBCRealm. I do not have access to the $CATALINA_HOME/common/endorsed folder or server.xml file as my webapp is hosted in a shared environment by an ISP. Therefore I have created a Context configuration xml file fragment to provide the required Realm implementation settings/attributes for Tomcat to load from my root folder at start-up. The problem I am experiencing is that because I am not permitted to access the $CATALINA_HOME/common/endorsed folder I am unable to put the Driver jar (mysql-connector-java-3.0.7-stable-bin.jar) in the container classpath. Attempts to get the container to detect the Driver in the Context classpath (/WEB-INF/lib) of my webapp have proved futile (or so it seems). As a result Tomcat does not recognize the login form action 'j_security_check' when the form is posted, presumably because the driver required to look-up user credentials was not loaded/located in the first place. Can anyone advise of a work-around, or let me know if I have overlooked something, or am I simply snookered...? Thanks Andrew Murphy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Log4j setup
Hi Chris, this is probably a classloader issue, and those puzzle me most of the time, too. Try placing an additional log4j.properties file into your webapps/myServ/WEB_INF/classes directory (duplicating your original one). Specifying the location of your log4j.properties file on the commandline to java when starting tomcat could be an option, too (but I have not tried this). The command-line argument seems to be -Dlog4j.configuration=PATH_TO_YOUR_FILE Greetings Andreas Mohrig -Original Message- From: Bender, Christopher [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 3:24 PM To: [EMAIL PROTECTED] Subject: Log4j setup Im using tomcat to house a few servlets. These servlets are under webapps/myServ/WEB_INF/classes. What these servlets are, are a web-interface around another java app that I have located somewhere on my drive (/home/myOtherApp/ for instance). I also have a common library of middleware tools that I use in both the servlets and the app. This middleware uses log4j to write debug messages to the console as well as a rolling file. The java app being called by the servlets is actually wrapped in an ant build file and is executed through Ant programatic (java) calls. All the calsspath setup is done in this buildfile. The problem I am having is getting log4j to work within my servlets. When I place log4j.jar in the directory where my app is looking for jars, everything works fine and I get log4j messages. Unfortunatly, my servlets also need log4j (since they are using the middleware which is full of log4j) so i placed a copy of the jar in webapps/myServ/WEB_INF/lib. When I do this though log4j doesnt work and I get various error messages saying I cant intitialize my appenders, etc, etc. Im not sure if anyone will have a solution but maybe some ideas can get me going down the right path. Thanks everyone, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Automatically instantiate Servlet
Ralf, web.xml is the right place. You just have to put another entry in your desired servlet.../servlet section: servlet [...] load-on-startup1/load-on-startup /servlet The number specified determines the order the servlets are instantiated at startup (if you instantiante more than one). Greetings Andreas Mohrig -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 5:00 PM To: [EMAIL PROTECTED] Subject: Automatically instantiate Servlet Hi, usually Tomcat Servlets are instanciated after a webapplication is accessing its url first time. Is there a method of automatically do this? Can I tell Tomcat to instanciate a servlet directly after startup using a config file (web.xml, server.xml)? If the answer is yes, can anybody provide an example? Cheers, Ralf -- NEU FUR ALLE - GMX MediaCenter - fur Fotos, Musik, Dateien... Fotoalbum, File Sharing, MMS, Multimedia-Gru?, GMX FotoService Jetzt kostenlos anmelden unter http://www.gmx.net +++ GMX - die erste Adresse fur Mail, Message, More! +++ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Would this work? (Load Balance Question)
Dave, although I have never set up such a configuration, I have thought about it quite a lot. This is exactly the thing I would try and I'm pretty much convinced that it should work. It is even quite attractive from a security point of view, because neither your tmocat servers nor your database-server get any chance to expose some services/ports to the whole wide world (provided you disable routing on your webserver). Of course you would need a switch on the internal network, but that could even be a gigabit-switch to remove at least one bottleneck. Greetings Andreas Mohrig -Original Message- From: David O'Brien [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 5:34 PM To: [EMAIL PROTECTED] Subject: Would this work? (Load Balance Question) I have one apache web server conversing with two separate tomcat servers with access a fourth MySql server. Could I set it up like this? pre The Internet | | (real IP addresses) -- External Network | --- ------ --- | | | || | | | |W| |T||T| |M| |W| |C||C| |Y| |W| | || | |S| | | |1||2| |Q| | | | || | |L| | | | || | | | --- ------ --- | | | | --- Internal Network --- (192.168.0. addresses) /pre All the machines have 2 nics on board. I am worried that the other external network traffic is slowing my response time, So I'd like to separate the backend processing from the external network. -Dave David G. O'Brien Web Services Coordinator / Systems Administrator NACCRRA The Nation's Network of Child Care Resource Referral 1319 F Street NW, Suite 500 Washington, DC 20004 (202) 393-5501 ext. 113 (202) 393-1109 fax
AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29
Hello Christopher, It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense? That's my problem exactly. I don't think that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1 has been implemented without session persistence in mind. I'm afraid I will have to change to application based authentication after all. Thank you for your help and time, anyway. Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Christopher Schultz [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 19:36 An: Tomcat Users List Betreff: Re: AW: AW: Container based authentication and session persistence wi th Tomcat 4.1.29 Andreas, I'm in a very early experimental state concerning this application. There is nothing in the session but a single String (for testing). And you're right, the same sessionid is comming from the client, but tomcat has forgotten which user/principal is associated with the session (which is otherwise in the exact-same state as before the server restart). Oh! I get it. Your session is still around, but you're being challenged for your username and password again. Have you tried checking to see if your session still has the String after a re-login? It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense? But I'm still a little perplexed that so much effort is necessary. At the beginning I suspected that this should be part of persistence, too. Did you ever try PersistentManager with Tomcat 4.1 and container based authentication? Did your setup behave differently? I never did anything like this. I suspect that Tomcat loses its authentication mappings on a restart. I also suspect that your session will still be full even if you have to re-login. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Start Tomcat
Simon, I suspect that some environment variable is incorrectly set (or not set at all). Try to add the 'pause' at the end of the batch-file as Patrick suggested. This should reveal whats wrong. Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Simon Allen [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. November 2003 10:05 An: 'Tomcat Users List' Betreff: RE: Start Tomcat I can verify that Tomcat does not start. -Original Message- From: Lee, PaulNYC [SMTP:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 10:38 PM To: 'Tomcat Users List' Subject:RE: Start Tomcat Hi Simon, Just because the window disappeared doesn't mean tomcat didn't actually start. Can you verify? -Original Message- From: Simon Allen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 5:31 PM To: '[EMAIL PROTECTED]' Subject: Start Tomcat Hi I am able to start Tomcat from startup.bat but when I try to do so using the Start Tomcat in the Windows Start Menu the banner appears, disappears after a few seconds with no further action. Any advice? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Start Tomcat
Simon, then this can be remedied. From http://jakarta.apache.org/tomcat/tomcat-4.1-doc/RUNNING.txt (5) Troubleshooting: [...] 2) An out of environment space error when running the batch files in Win9X/ME-based operating systems. Right-click on the STARTUP.BAT and SHUTDOWN.BAT files. Click on Properties then on the Memory tab. For the Initial environment field, enter in something like 4096. After you click apply, Windows will create shortcuts in the directory with which you can use to start and stop the container. Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Simon Allen [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 13. November 2003 10:38 An: 'Tomcat Users List' Betreff: RE: Start Tomcat OK. One thing i forgot about was that when I run startup.bat I get two dos windows open. The first line of the startup window is syntax error. Having run catalina.bat I'm now getting more feedback. After syntax error I am getting out of environment space. After 4 lines providing information on directories being used there are 3 more lines stating out of environment space . Then bad command or file name. Thanks -Original Message- From: Kwok Peng Tuck [SMTP:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 9:23 AM To: Tomcat Users List Subject:Re: Start Tomcat Hello Simon, Run the catalina batch file, passing in the argument run like this(without the quotes of course): catalina.bat run This will run tomcat in the current window, from there you should be able to see the errors that tomcat throws out. Simon Allen wrote: I have now written pause at the end of startup.bat. This has no effect as the dos window doesn't open anyway. I notice that the target of the Start Tomcat button is Tomcatw.exe. When I try and run this file nothing happens. Bearing in mind that startup.bat works fine if run directly, should I have set an environment variable during set up? ta -Original Message- From: Patrick Willart [SMTP:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 11:08 PM To:Tomcat Users List Subject: RE: Start Tomcat Simon, If you add 'pause' as last line in you startup.bat you can see what (error) messages Tomcat outputs. Patrick -Original Message- From: Simon Allen [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 12, 2003 2:31 PM To: '[EMAIL PROTECTED]' Subject: Start Tomcat Hi I am able to start Tomcat from startup.bat but when I try to do so using the Start Tomcat in the Windows Start Menu the banner appears, disappears after a few seconds with no further action. Any advice? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session security questions?
Vincent, 1. If you put some object into session-scope, it will be stored on the server (in the memory occupied by the java-process executing your webapp). Some persistence mechanisms may save it to disk or into a database. But you would know if that is the case for you. However, the sessionid is passed back and forth between the server and the client, of course. But that should not be a problem, because of the (pseudo) random and quite complex nature of sessionids it would be hard to guess someone else's sessionid. 2. I do not know of such a possibilitie, and it would certainly be a serious bug. However, anyone having root/administrator-access to your machine could probably tamper with the memory and thereby manipulating you session-state. But that would be the least of your problems, then. 3. If that would be the case, you would have to trust what the client sends you. This is generally a very bad idea for security reasons (anyone can fake what he sends to you if he knows what he's doing). But luckily this is not the case. Greetings Andreas Mohrig -Original Message- From: Vincent Chen [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 11:37 AM To: [EMAIL PROTECTED] Subject: session security questions? Hi, all I am running tomcat as application server and using session to store objects which will determine what dynamic content will be displayed. It's typical, but I have the following question: 1. Where is the session variable stored? server side or client cookie? 2. If variables stored in server side, is it possible to fake it and is there a proof of concept exists? 3. If variable stored in client cookie, I have the same question for point 2. Thanks, Vincent - Yahoo! http://tw.promo.yahoo.com/mail_premium/stationery.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: AW: AW: AW: Container based authentication and session persis tenc e with Tomcat 4.1.29
Chris, So, then you'll just check the session for creds? That sounds reasonable, but then you have to write it yourself :( That's why I wanted to avoid it (beside other things). How often do you think you'll be re-starting Tomcat while the application is running in the wild? That is totally up to my employer. Since we are a dynamic company changes could happen often. At least more often than I would like to confront my users with a mysteriously broken session. I'm now working on a solution involving overriding the RequestProcessor class of the struts framework. There you can place (or override) a hook checking for user credentials. Then one can define restrictions/constraints directly with the struts actions. If the whole application consists only of struts actions, this seems to be a stable and quite convenient solution. Greetings Andreas Mohrig -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 1:59 PM To: Tomcat Users List Subject: Re: AW: AW: AW: Container based authentication and session persistenc e with Tomcat 4.1.29 Andreas, It's possible that you'll still have the same session, but you'll just have to re-login. Does that make any sense? That's my problem exactly. I don't think that it makes any sense either. The only explanation seems to be that the container based authentication in Tomcat 4.1 has been implemented without session persistence in mind. I don't quite see it that way. Since the user credentials are not part of the session, then session persistence has nothing to do with it. In fact, I'd argue that the session does persist, just not your creds. You have to re-login, but you'll end up with everything back in your session, so it shouldn't be a big deal, right? I'm afraid I will have to change to application based authentication after all. So, then you'll just check the session for creds? That sounds reasonable, but then you have to write it yourself :( Why do you need sessions to be persisted across restarts in production? How often do you think you'll be re-starting Tomcat while the application is running in the wild? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: session security questions?
Chris, I just had a discussion with Harry Mantheakis concerning the same point. Of course it is always good (and often necessary) to secure the sessionid (with SSL). In the time of mega-proxies with more than one IP address comparing IP addresses won't be of much use. Andreas Mohrig -Original Message- From: Christopher Schultz [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 2:16 PM To: Tomcat Users List Subject: Re: session security questions? Andreas, 1. Where is the session variable stored? server side or client cookie? However, the sessionid is passed back and forth between the server and the client, of course. But that should not be a problem, because of the (pseudo) random and quite complex nature of sessionids it would be hard to guess someone else's sessionid. Yes, it's hard to guess the id of a session. However, if you were to snoop HTTP traffic and intercepted someone's HTTP header, then you could easily use that session id to hijack someone else's session by submitting the same cookie header to the server. You can try other techniques of preventing this from happening, including comparing IP addresses from requests (see the archives for a discussion of this; including how it doesn't always work!). -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Container based authentication and session persistence with Tomca t 4.1.29
Hello, [ What I'm trying to do ] I'm trying to use container based authentication while having session persistence provided by a PersistentManager (with FileStore) with Tomcat 4.1.29 (running under Windows XP for development purposes). [ What works ] Form-based authentication via a DataSourceRealm works fine. Persistence works fine as long as harmless objects such as strings are concerned: they appear happily in session-scope after a restart of tomcat. [ What does not work ] The user that has been logged in however is forced to log in again, this information seems to get lost during a restart. [ What I already tried ] Research in the web and in the archives did not give me a hint about what is going wrong. I looked up the documentation for org.apache.catalina.realm.GenericPrincipal (which stores the user information) and noticed that it is not serializable, i.e. it does not implement the java.io.Serializable interface. But being serializable is a prerequisite for beeing written to a FileStore (or any other store most probably). An attempt to patch this class to make it implement this interface has not been successfull because the GenericPrincipal objects hold references to the Realm, which is not serializable either (and for some good reasons, it seems). Am I just missing something or is this really a problem? Has anyone accomplished to have persistent sessions with this (or any other) setup and can give me a hint? I'm reluctant to use application based authentication both because of the work this would cause and because of the security issues involved. Any feedback would be greatly appreciated. Greetings, Andreas Mohrig
AW: Sessions - SSL
Hallo, others have commented on this, but first of all: From a security point of view it is a bad design if a session gets switched from SSL to non-SSL or vice-versa. The sessionid is always part of any request. So anyone observing a non-SSL-request can obtain the sessionid and thereby hijack a session that seems to be worth protecting. But if you only want to protect the data that the user sends to the server, it _might_ be ok. But now to the point: How is the switching done? Have you tried to encode the sessionid in the request-url with response.encodeURL(TARGET-URL)? Does the problem remain? Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Harry Mantheakis [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 16:37 An: Tomcat Users List Betreff: Re: Sessions - SSL Hello No, not at all. I found that if I redirect a client from SSL to non-SSL I lose the session. Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Container based authentication and session persistence with T omca t 4.1.29
Hello Christoper, thank you for your answer. I observed the same thing as you: Also note that the GenericPrincipal nbever actually goes into the session. After login, snoop the session -- there's nothing in there. I believe that Tomcat keeps a table of session ids - Principal objects, instead of putting that information into the session. (Can someone confirm... I don't want to spread falsehoods). Therefor I belive you are right when you say it's the wrong approach I tried when I wanted to make GenericPrincipal serializable. It's obviously not as easy as that. Concerning my intentions, I do not want to preserve the session-state between two logins or between more than one session for a given user. I want to preserve the session-state between server-restarts in case of necessary (but normally fast) maintenance operations (changes on certain class-files etc.). So I'm afraid your approach won't help me much. What I would need is a way to manipulate the list the internal table tomcat seems to be keeping of sessionid-Principal mappings. Then I could use the deserialization of some object as a hook to place the correct Principal where it really belongs. Does anyone know how that could be accomplished? Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Christopher Schultz [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 16:48 An: Tomcat Users List Betreff: Re: Container based authentication and session persistence with Tomca t 4.1.29 Andreas, I looked up the documentation for org.apache.catalina.realm.GenericPrincipal (which stores the user information) and noticed that it is not serializable, i.e. it does not implement the java.io.Serializable interface. But being serializable is a prerequisite for beeing written to a FileStore (or any other store most probably). Also note that the GenericPrincipal nbever actually goes into the session. After login, snoop the session -- there's nothing in there. I believe that Tomcat keeps a table of session ids - Principal objects, instead of putting that information into the session. (Can someone confirm... I don't want to spread falsehoods). An attempt to patch this class to make it implement this interface has not been successfull because the GenericPrincipal objects hold references to the Realm, which is not serializable either (and for some good reasons, it seems). I believe this is the wrong approach. Am I just missing something or is this really a problem? Has anyone accomplished to have persistent sessions with this (or any other) setup and can give me a hint? I'm reluctant to use application based authentication both because of the work this would cause and because of the security issues involved. Any feedback would be greatly appreciated. I have recently struggled with container-based AAA, and found the following approach works well for my requirements: Create a Filter that checks to see if there is a Principal available in the request, yet no token in the session to indicate a valid login. In this state, I assume that the user has just successfully submitted the login page. In that case, I perform my post login required actions. That is, getting information from my database and putting it into the session. (Note that a Filter instance gets instances of ServletRequest and ServletRespose, so you'll have to check for instanceof HttpServletRequest and cast the reference appropriately. I don't like this too much, but it seems like omy only choice in this situation). In your case, you could couple this technique with two others: 1. Create an HttpSessionListener that will be notified when the user's session expires (or really when the session is destroyed; this may be due to an explicit logout). When a session is destroyed, you can serialize all the session objects to some database (flat file, RDBMS, etc.). Remember to make the data store aware of the user's identity. 2. Use my technique described above to intercept logins. When you are in the just logged-on state, take the opportunity to locate that user's session datastore and re-load the data back into the session. One last thing: why do you want to save the user's session contents between logins? Why not make everything in the session transient? Or, do you have a lengthy process where users might be logged-out of your system with lots of valuable information in their sessions that is otherwise unrecoverable? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: AW: Container based authentication and session persistence wi th Tomcat 4.1.29
Hello Christoper, Oh, okay. That makes more sense. :) Thank you ;-) ! I'm in a very early experimental state concerning this application. There is nothing in the session but a single String (for testing). And you're right, the same sessionid is comming from the client, but tomcat has forgotten which user/principal is associated with the session (which is otherwise in the exact-same state as before the server restart). Currently I'm having a look at the authenticator classes to see what they are doing to register the user with the session. Maybe I can emulate this. And then I would surely need your suggested technique to register a filter to put an object into the session when the user has logged in in the first place. So thanks again for the tip. But I'm still a little perplexed that so much effort is necessary. At the beginning I suspected that this should be part of persistence, too. Did you ever try PersistentManager with Tomcat 4.1 and container based authentication? Did your setup behave differently? Greetings Andreas Mohrig - IT-Entwicklung - cadooz AG- Gutschein- und Pramiensysteme Osterbekstr. 90b 22083 Hamburg Email: [EMAIL PROTECTED] Tel.: ++49.40.271 482-13 Fax.: ++49.40.271 482-11 Web: www.cadooz-business.de www.cadooz.de www.directchoice.de www.golfgutschein.de www.valuetracker.de Die cadooz AG ist ein Unternehmen der C1 Group (www.c1-group.de). -Ursprungliche Nachricht- Von: Christopher Schultz [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 18:00 An: Tomcat Users List Betreff: Re: AW: Container based authentication and session persistence with T omca t 4.1.29 Andreas, Concerning my intentions, I do not want to preserve the session-state between two logins or between more than one session for a given user. I want to preserve the session-state between server-restarts in case of necessary (but normally fast) maintenance operations (changes on certain class-files etc.). Oh, okay. That makes more sense. :) What I would need is a way to manipulate the list the internal table tomcat seems to be keeping of sessionid-Principal mappings. Then I could use the deserialization of some object as a hook to place the correct Principal where it really belongs. Does anyone know how that could be accomplished? I would think that if your session were serialized across a re-start, the session id would not change. In addition, the client (browser) would still send the same session id to the server. It seems like there should not be a problem, here. Perhaps you have other things in your session that are not serializable? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AW: Sessions - SSL
Hello Harry, I was getting users to log in using SSL, and then switching to non-SSL in order to avoid the SSL overheads. (When I decided I could not 'hang on' to the same session, I decided to stick with SSL permanently.) So you achieve to protect the password (which would otherwise be sent as clear text). But afterwards your sessions are more or less unprotected. Anyone sitting in the middle could grab a session and act as the previously logged-in user if he can observe just one request that is not encrypted. So maybe it would be a good idea to stick to SSL for that reason alone (and 'accidentally' save yourselve the trouble of having to solve your current problem). Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Harry Mantheakis [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 18:12 An: Tomcat Users List Betreff: Re: Sessions - SSL Hello Andreas if you only want to protect the data that the user sends to the server... I was getting users to log in using SSL, and then switching to non-SSL in order to avoid the SSL overheads. (When I decided I could not 'hang on' to the same session, I decided to stick with SSL permanently.) Have you tried to encode the sessionid in the request-url with response.encodeURL(TARGET-URL)?... I shall have to dig up the code to double-check, and it may take me a while, so please bear with me on that. Regards Harry Mantheakis London, UK
AW: Sessions - SSL
Hello Harry, sorry, I did not want to press this point too much. And for the record: My tomcat works that way. Anything placed in session-scope remains present between different requests made with http and https, even the authenticated user. The only thing I noticed has been a caching issue, where my browser produced an old page with http out of the cache although it should show something different and did the request before with https. Greetings (Off now, too ;-) Andreas Mohrig -Ursprungliche Nachricht- Von: Harry Mantheakis [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 18:29 An: Tomcat Users List Betreff: Re: Sessions - SSL Hello Andreas So maybe it would be a good idea to stick to SSL for that reason alone (and 'accidentally' save yourselve the trouble of having to solve your current problem). Yes, okay, I take your point. I would still like to know, for the record, whether or not sessions are meant to be 'transferable' (so-to-speak) between SSL and non-SSL requests. (Off for a few hours now...) Regards Harry Mantheakis London, UK Hello Harry, I was getting users to log in using SSL, and then switching to non-SSL in order to avoid the SSL overheads. (When I decided I could not 'hang on' to the same session, I decided to stick with SSL permanently.) So you achieve to protect the password (which would otherwise be sent as clear text). But afterwards your sessions are more or less unprotected. Anyone sitting in the middle could grab a session and act as the previously logged-in user if he can observe just one request that is not encrypted. So maybe it would be a good idea to stick to SSL for that reason alone (and 'accidentally' save yourselve the trouble of having to solve your current problem). Greetings Andreas Mohrig -Ursprungliche Nachricht- Von: Harry Mantheakis [mailto:[EMAIL PROTECTED] Gesendet: Mittwoch, 12. November 2003 18:12 An: Tomcat Users List Betreff: Re: Sessions - SSL Hello Andreas if you only want to protect the data that the user sends to the server... I was getting users to log in using SSL, and then switching to non-SSL in order to avoid the SSL overheads. (When I decided I could not 'hang on' to the same session, I decided to stick with SSL permanently.) Have you tried to encode the sessionid in the request-url with response.encodeURL(TARGET-URL)?... I shall have to dig up the code to double-check, and it may take me a while, so please bear with me on that. Regards Harry Mantheakis London, UK - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: emails to list get language filter replies
First of all Milt is right. Viruses and spam are the two most annoying things you can get per email. It seems sound to do something against both. But of course there is always the hard part of not letting pass too much as well as not stopping too much ... As for this specific case I would presume the problem could be Mona's motto: The truth shall set you free, but first it will piss you off A Landmark instructor Which contains at least one annoying word. Since her initial request reached this list, the list itself does not seem to have a problem, but some people may well live behind quite restrictive anti-virus and anti-spam gateways. Any response quoting this request naturally contains the word in question, too. And an advice for Mona: Although I find your motto innocent enough for sure, you might want to change it if it gives you this kind of trouble. regards Andreas Mohrig -Original Message- From: Milt Epstein [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 5:50 AM To: Tomcat Users List Subject: Re: emails to list get language filter replies On Wed, 25 Sep 2002, Brad Plies wrote: Hehe, notice the segment If you have any questions, please direct them to [EMAIL PROTECTED] Not to dwell off-topic, but I have a question for them: 'Why are they interfering with our communication?' Also note this: MIMEsweeper ChineseWall TXU Companies Internet, Intranet and E-mail Policy Who are these people? ChineseWall? Have anything to do with China's net crackdown? I think you may be looking a little too hard for a conspiracy. I suspect someone who is a legitimate list subscriber gets their email at a site that has this filter set up (that doesn't make it any less obnoxious/presumptuous, but perhaps a little more innocent). You could try sending a message to that address above and asking them your question(s). Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: emails to list get language filter replies
I got the filter-response, too. Maybe it is some e-mail-server near to the list server after all? greetings Andreas Mohrig -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 9:54 AM To: 'Tomcat Users List' Subject: RE: emails to list get language filter replies First of all Milt is right. Viruses and spam are the two most annoying things you can get per email. It seems sound to do something against both. But of course there is always the hard part of not letting pass too much as well as not stopping too much ... As for this specific case I would presume the problem could be Mona's motto: The truth shall set you free, but first it will ... you off A Landmark instructor Which contains at least one annoying word. Since her initial request reached this list, the list itself does not seem to have a problem, but some people may well live behind quite restrictive anti-virus and anti-spam gateways. Any response quoting this request naturally contains the word in question, too. And an advice for Mona: Although I find your motto innocent enough for sure, you might want to change it if it gives you this kind of trouble. regards Andreas Mohrig -Original Message- From: Milt Epstein [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 5:50 AM To: Tomcat Users List Subject: Re: emails to list get language filter replies On Wed, 25 Sep 2002, Brad Plies wrote: Hehe, notice the segment If you have any questions, please direct them to [EMAIL PROTECTED] Not to dwell off-topic, but I have a question for them: 'Why are they interfering with our communication?' Also note this: MIMEsweeper ChineseWall TXU Companies Internet, Intranet and E-mail Policy Who are these people? ChineseWall? Have anything to do with China's net crackdown? I think you may be looking a little too hard for a conspiracy. I suspect someone who is a legitimate list subscriber gets their email at a site that has this filter set up (that doesn't make it any less obnoxious/presumptuous, but perhaps a little more innocent). You could try sending a message to that address above and asking them your question(s). Milt Epstein Research Programmer Integration and Software Engineering (ISE) Campus Information Technologies and Educational Services (CITES) University of Illinois at Urbana-Champaign (UIUC) [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Questions about [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability
The servlet to be disabled is the invoker servlet, not the DefaultServlet. The reason you see DefaultServlet so much in these postings is that the DefaultServlet can be tricked into serving the sources of your jsp's by invoking it over the invoker servlet, thereby treating jsp's like static content. But the trouble is originating in the invoker servlet. Andreas Mohrig -Original Message- From: Adam Greene [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 26, 2002 2:47 PM To: Tomcat Users List Subject: Questions about [SECURITY] Apache Tomcat 4.x JSP source disclosure vulnerability Maybe I don't understand, but DefaultServlet, which is supposed to serve static content is disabled... How are we supposed to serve up pictures, etc that are static?? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Protecting Resources
In your web.xml (after the servlet-mappings) you can define one or more security constraints like this: security-constraint web-resource-collection web-resource-namesecure/web-resource-name url-pattern/secure/*/url-pattern /web-resource-collection auth-constraint role-namesecure/role-name /auth-constraint /security-constraint All you have to do then is put everything you want to protect into some subdirectory (e.g. secure). Although this does not seem to be strictly necessary with tomcat, you might want to define the role as well (further down in your web.xml): security-role role-namesecure/role-name /security-role Hope that helps. Andreas Mohrig -Original Message- From: ed banfa [mailto:[EMAIL PROTECTED]] Sent: Monday, September 23, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: Protecting Resources Goodday to u all, Ok I would like to restrict access to certain resources will allow access to others, eg I would likw to allow access to the url http://localhost:8080 which inshort will allow access to index.html and only that.i would like to disallow access to other resources in the site to only authenticated user's. My problem is that how do I specify how to access only the index page, and restrict others resources my deployment discriptors I would appreciate any form of help offered Thank u Edward - Do you Yahoo!? New DSL Internet Access from SBC Yahoo! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Dumb Question com.justatest.test.MyServlet error
I just experimented with this a bit. It seems tomcat provides standard mappings for the servlets you deploy under the document base of your webapp. A servlet residing in tomcat-root/webapps/jat/classes/com/justatest/test/MyServlet.class should be reachable under http://yourserver/jat/servlet/com.justatest.test.MyServlet , at lest if you put it in the right package (package com.justatest.test;, see the other answer below). If you define your servlet in your web.xml (which - in my humble opinion - you should always do), you get some more URLs for your servlet. The following will give you http://yourserver/jat/servlet/MyServletName and http://yourserver/jat/MyServletURL servlet servlet-nameMyServletName/servlet-name servlet-classcom.justatest.test.MyServlet/servlet-class /servlet servlet-mapping servlet-nameMyServletName/servlet-name url-pattern/MyServletURL/url-pattern /servlet-mapping Try it and tell us if it works for you too. greetings Andreas Mohrig -Original Message- From: John-Paul Delaney [mailto:[EMAIL PROTECTED]] Sent: Friday, September 20, 2002 9:43 PM To: Tomcat Users List Subject: RE: Dumb Question com.justatest.test.MyServlet error Hello... Sorry about pushing so - but I'm stuck with this one What URL do I use to launch the servlet MyServlet deployed (not a .war) as: tomcat-root/webapps/jat/classes/com/justatest/test/MyServlet.class? (tomcat-root/webapps/jat/classes/MyServlet.class launches successfully with this url: http://localhost:8080/jat/servlet/MyServlet) I'm running tomcat 4.0.1 with sun jdk 1.3.1 on redhat 7.0. thanks for any help, /j-p. Quoting Miguel Angel Mulero Martinez [EMAIL PROTECTED]: Maybe the InitSnoop.java don't start with package com.justatest.test; -Mensaje original- De: John-Paul Delaney [mailto:[EMAIL PROTECTED]] Enviado el: viernes, 20 de septiembre de 2002 12:43 Para: [EMAIL PROTECTED] Asunto: Dumb Question ../servlet/com.justatest.test.MyServlet error Hello List... I've created the directory path: tomcat-rootwebapps/jat/WEB-INF/classes/com/justatest/test/ but I get an error when I try to run the oreilly servlet from URL: http://localhost:8080/jat/servlet/com.justatest.test.InitSnoop The same servlet will run ok from URL: http://localhost:8080/jat/servlet/InitSnoop The exception is: Cannot allocate servlet instance for path /jat/servlet/com.justatest.test.InitSnoop cause: lang.NoClassDefFoundError: com/justatest/test/InitSnoop (wrong name: InitSnoop) Any suggestions on what I'm doing wrong would be appreciated, thanks /j-p. JUSTATEST Art Online www.justatest.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to Change Port Number of Tomcat
I'd say that changing the port number in server.xml should definitely do the trick. Could you post your changed server.xml? We could take a look. greetings Andreas Mohrig Web: www.cadooz.de -Original Message- From: Bing Li [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: How to Change Port Number of Tomcat Hi, all, I am now using Tomcat 3.2.3. I would like to use one PC to simulate two Web applications. Each of them resides in the same PC but they should have different port number. I took a try to change the port value in the server.xml. But it doesn't work. Anyone could do me a favor? Thanks a lot! Bing Li -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to Change Port Number of Tomcat
Hi, I'm afraid I can't reproduce your symptom with my two Tomcat 4.0(.4) on a single Linux PC. But since I don't have Tomcat 3.2.3 at my disposal, this may mean nothing. This may sound silly, but have you double checked that the right instances of tomcat get started (using the right server.xml)? Can you acces them on the designated ports when you start them alone? What are the error-messages exactly? Another thing I noted is the absence of a port for tomcat shutdown. With tomcat 4 there is a port configured for this on top of server.xml like this: Server port=8005 shutdown=SHUTDOWN debug=0 This is a wild guess, but maybe this is giving you trouble? I'm sorry I can't delve deeper into this. greetings Andreas Mohrig -Original Message- From: Bing Li [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 9:57 AM To: Tomcat Users List Subject: RE: How to Change Port Number of Tomcat Hi, Mohrig, In the Connector part, there are three port values, 8080, 8443 and 8007. I change them to 9080, 9443 and 9007. But when the other Tomcat (port values are 8080, 8443, 8007) is started, the one with new port values got error, which said Address already in use. The changed server.xml is attached. Thanks for your help! Bing -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 12:44 AM To: 'Tomcat Users List' Subject: RE: How to Change Port Number of Tomcat I'd say that changing the port number in server.xml should definitely do the trick. Could you post your changed server.xml? We could take a look. greetings Andreas Mohrig Web: www.cadooz.de -Original Message- From: Bing Li [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 9:39 AM To: [EMAIL PROTECTED] Subject: How to Change Port Number of Tomcat Hi, all, I am now using Tomcat 3.2.3. I would like to use one PC to simulate two Web applications. Each of them resides in the same PC but they should have different port number. I took a try to change the port value in the server.xml. But it doesn't work. Anyone could do me a favor? Thanks a lot! Bing Li -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Problem with Tomcat 4.1.10!
Something with the syntax of your jsp file. The line An error occurred at line: -1 in the jsp file: null makes me guess at some illegal character or even a missing file (???). Do you have some kind of index.jsp in your root directory? Do you have a webapp configured for /? Try accessing something you know exists for sure, e.g. something of the examples webapp. In Tomcat 4.0 http://localhost:8080/examples/jsp/num/numguess.jsp exists and should work. And if the error remains, post your jsp file. greetings Andreas Mohrig -Original Message- From: Alexander Schmidt [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 1:59 PM To: Tomcat Users List Subject: Problem with Tomcat 4.1.10! Hi! I have installed Tomcat 4.1.10-LE-JDK1.4. When I type in the browser http://localhost:8080/ I get the Error-Message HTTP Status 500 Exception report description The server encountered an internal error () that prevented it from fulfilling this request. org.apache.jasper.JasperException: Unable to compile class for JSP root cause org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: -1 in the jsp file: null Generated servlet error: [javac] Compiling 1 source file What is wrong? Thanks A. Schmidt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Problem with Tomcat 4.1.10!
Maybe I was wrong and it's not a problem with your jsp file, since Miguel Angel Mulero Martinez had the same problem (running tomcat in win2000 as a service). On which platform do you have your tomcat installed? Andreas Mohrig -Original Message- From: Alexander Schmidt [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 2:34 PM To: Tomcat Users List Subject: Re: Problem with Tomcat 4.1.10! Hi! I have problems with the JSPs. The example also doesn´t work! Is it a bug! With Tomcat 4.0.4 I hadn´t problems. - Original Message - From: Andreas Mohrig [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Thursday, September 12, 2002 2:20 PM Subject: RE: Problem with Tomcat 4.1.10! Something with the syntax of your jsp file. The line An error occurred at line: -1 in the jsp file: null makes me guess at some illegal character or even a missing file (???). Do you have some kind of index.jsp in your root directory? Do you have a webapp configured for /? Try accessing something you know exists for sure, e.g. something of the examples webapp. In Tomcat 4.0 http://localhost:8080/examples/jsp/num/numguess.jsp exists and should work. And if the error remains, post your jsp file. greetings Andreas Mohrig -Original Message- From: Alexander Schmidt [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 1:59 PM To: Tomcat Users List Subject: Problem with Tomcat 4.1.10! Hi! I have installed Tomcat 4.1.10-LE-JDK1.4. When I type in the browser http://localhost:8080/ I get the Error-Message HTTP Status 500 Exception report description The server encountered an internal error () that prevented it from fulfilling this request. org.apache.jasper.JasperException: Unable to compile class for JSP root cause org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: -1 in the jsp file: null Generated servlet error: [javac] Compiling 1 source file What is wrong? Thanks A. Schmidt -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: registering variables
You could put it in the pageContext (or even in the session or application context). That will require some syntactic clutter (first pageContext.setAttribute(variableName,objectVariable); then (in the jsp page) ObjectType myVariable = (ObjectType)pageContext.getAttribute(variableName,objectVariable); ) and opens the possibilitie of errors that are hard to debug (what if there is already an attribute with that name?) but is much safer than directly creating variables in other scopes. It is one of javas merits that this is not possible (at least not to my knowledge). greetings Andreas Mohrig -Original Message- From: Felipe Schnack [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 4:42 PM To: Tomcat Users List Subject: registering variables How can I create an variable within an taglib? I would like to be able to create an variable accesible to my jsp page. -- Felipe Schnack Analista de Sistemas [EMAIL PROTECTED] Cel.: (51)91287530 Linux Counter #281893 Faculdade Ritter dos Reis www.ritterdosreis.br [EMAIL PROTECTED] Fone/Fax.: (51)32303328 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: registering variables
I don't know Struts, but if it is possible to register variables in other scopes with the help of Struts it gives me the creeps/makes me shudder and would not shine a good light on Java as a programming language. Why should you want to register a variable in the first place? Java is good for encapsulation and information hiding. Data transport can be managed via return values of method calls or if there is absolutely no other way over global contexts (which is frightful by itself). What you are talking about would undermine the foundations of the Java programming language (in my humble opinion as a programmer). But I'm willing to learn and to broaden my perspective, so if you have a case where it is absolutely necessary (or even practically/elegant or otherwise useful) to do what you want to do, please let me know about it. Andreas Mohrig -Original Message- From: Felipe Schnack [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 5:16 PM To: Tomcat Users List Subject: RE: registering variables Ok, but this is an attribute, not an variable really. There isn't a way I can register a variable? Like in Strut's TE tags? On Thu, 2002-09-12 at 11:57, Andreas Mohrig wrote: You could put it in the pageContext (or even in the session or application context). That will require some syntactic clutter (first pageContext.setAttribute(variableName,objectVariable); then (in the jsp page) ObjectType myVariable = (ObjectType)pageContext.getAttribute(variableName,objectVariable); ) and opens the possibilitie of errors that are hard to debug (what if there is already an attribute with that name?) but is much safer than directly creating variables in other scopes. It is one of javas merits that this is not possible (at least not to my knowledge). greetings Andreas Mohrig -Original Message- From: Felipe Schnack [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 12, 2002 4:42 PM To: Tomcat Users List Subject: registering variables How can I create an variable within an taglib? I would like to be able to create an variable accesible to my jsp page. -- Felipe Schnack Analista de Sistemas [EMAIL PROTECTED] Cel.: (51)91287530 Linux Counter #281893 Faculdade Ritter dos Reis www.ritterdosreis.br [EMAIL PROTECTED] Fone/Fax.: (51)32303328 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- Felipe Schnack Analista de Sistemas [EMAIL PROTECTED] Cel.: (51)91287530 Linux Counter #281893 Faculdade Ritter dos Reis www.ritterdosreis.br [EMAIL PROTECTED] Fone/Fax.: (51)32303328 -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
I forgot to mention that my server works behind apache which is doing all the encryption, so at least my performance problem is definitely caused at the client side, i.e. within the java-code using the https implementation from jdk1.4. But even my tomcat alone is very fast. In my test environment I can access the server both on port 443 (then apache will handle the encryption, leaving tomcat nothing to do but answer the request unencrypted over ajp) and on 8443 (then tomcat will do the encryption, probably with the help of the jdk1.4 components that were a part of JSSE prior to jdk1.4). There is no notable difference in speed between the two requests, not even if I close the browser to enforce a new ssl-handshake for each request. But thanks for the suggestions anyway, Bill. I downloaded PureTLS and the required packages for use on the client side. Unfortunately, there is no https protocol handler (at least none that I found so far) that could provide a replacement for the sun implementation. I'm looking for something to specify in the following two statements to use PureTLS instead of the functionality provided by jdk1.4: System.setProperty(java.protocol.handler.pkgs, com.sun.net.ssl.internal.www.protocol); -- here Security.addProvider( new com.sun.net.ssl.internal.ssl.Provider()); -- and here Do you (or does anyone) know of something like this for PureTLS? And Wolfgang (you're right by the way assuming that I'm from germany, but I hope our problem has nothing to do with that ;-), can you confirm that the problem is on the client side in the java code? How is the performance of your tomcat when you access the same resources with a browser? The forum-postings you quoted seem to imply that the low performance could have been a problem of jdk's prior to 1.4 as well which simply did not show (at least from within applets running inside IE) because IE used it's own ssl/https-implementation when used with jdk1.3 (and earlier) and jdk1.4's if used with that version. greetings Andreas Mohrig -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 11, 2002 7:29 AM To: [EMAIL PROTECTED] Subject: Re: Tomcat 3.2.4 slow with Jdk1.4 and SSL I think that you are out of luck with 3.2.x. With 3.3.1 and 4.1.10 you can use PureTLS (http://www.rtfm.com/puretls). (With 4.0.4, you need to use the CoyoteConnector plugin to enable it). I've heard good reports about using it with client-certs, but haven't tried it myself. Unfortunately, the documentation is still a little weak. :( The best place is the 3.3.1 documentation http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-ssl-howto.html. The translation to the 4.x CoyoteConnector is pretty straight-forward (the SSL attributes are on the Factory), but AFAIK, nobody has actually written it up yet. Wolfgang Stein [EMAIL PROTECTED] wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... I realize you are also a German resident and remember the download of JSSE were differing for non-US citizens. I assume we are victims of a hidden key escrow or Echelon's information gathering efforts :-) But, all joking(?) aside: This seems to be a known jdk1.4 issue. There are some related postings at the developer connection forums, e.g. http://forum.java.sun.com/thread.jsp?forum=2thread=239231) It ends up in the recommendation to use a commercial product but also states that SUN's implementation were one of the better implementations ... So, did anybody succeed in using a third party JSSE that works with tomcat and sufficient performance? Any suggestions ? Thanks in advance, Wolfgang -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 2:20 PM To: 'Tomcat Users List' Subject: RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and Windows NT client) and worrying about a quite similar problem. The server is extremely fast (I'd say the answer takes some milliseconds) when I access it with a browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) when I try a request using java code like this: URL url = new URL(https://myserver/myresource;); URLConnection con = url.openConnection(); BufferedReader reader = new BufferedReader(new InputStreamReader(con.getInputStream())); StringBuffer resultbuffer = new StringBuffer(); String result = reader.readLine(); while (result!=null) { resultbuffer.append(result); resultbuffer.append(\n); result = reader.readLine(); } reader.close(); This is true for subsequent requests as well. The content consists of about 100 bytes which should be no problem. So: yes, I'm experiencing a heavy performance problem. I can't say if it is a performance decrease, though, since I did not test with older Jdk's and jsse (p
RE: Tomcat 3.2.4 slow with Jdk1.4 and SSL
I'm using Tomcat 4.0.4 with Jdk1.4 (on both Linux-Server and Windows NT client) and worrying about a quite similar problem. The server is extremely fast (I'd say the answer takes some milliseconds) when I access it with a browser (e.g. MS IE 5.0), but it takes about 20 seconds (!) when I try a request using java code like this: URL url = new URL(https://myserver/myresource;); URLConnection con = url.openConnection(); BufferedReader reader = new BufferedReader(new InputStreamReader(con.getInputStream())); StringBuffer resultbuffer = new StringBuffer(); String result = reader.readLine(); while (result!=null) { resultbuffer.append(result); resultbuffer.append(\n); result = reader.readLine(); } reader.close(); This is true for subsequent requests as well. The content consists of about 100 bytes which should be no problem. So: yes, I'm experiencing a heavy performance problem. I can't say if it is a performance decrease, though, since I did not test with older Jdk's and jsse (perhaps I should...). Any solutions, hints or suggestions would be very welcome! greetings Andreas Mohrig -Original Message- From: Wolfgang Stein [mailto:[EMAIL PROTECTED]] Sent: Tuesday, September 10, 2002 12:15 PM To: [EMAIL PROTECTED] Subject: Tomcat 3.2.4 slow with Jdk1.4 and SSL Migrating from Jdk1.3 to Jdk1.4 we encountered a significant performance decrease on SSL-communications (server certs) between Applets and Tomcat 3.2.4. Did anybody experience similar performance losses ? Does this happen because of a low SSL implementation in jdk1.4 ? Did anybody successfully provide a faster implementation? We used jdk1.4 on client and server-side. Thanks in advance, Wolfgang -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Executing Windows Scripts ?
This would by bye bye to portability, but you can call commands using Runtime.getRuntime().exec(command); Executes the specified command and arguments in a separate process. (From the java documentation, look for the Runtime object.) Andreas Mohrig -Original Message- From: Stuart Stephen [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 04, 2002 12:23 PM To: [EMAIL PROTECTED] Subject: Executing Windows Scripts ? Hi, I doubt that there is a way to do this, but you never know. We are running Tomcat/Apache/Win2K Server and wish to convert a Microsoft .ppt file format into something that could be viewable on the web. The idea is that the user uploads the file and then we do some background processes meaning that the person can view it on the web, even if they don't have powerpoint. The best way we can think of doing this is by using some windows scripting that executes when they upload the file. Can we execute the scripts automatically from tomcat or start other system processes? Thanks, Stuart Stephen -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: STILL need help w. Tomcat installation!!
Steve, excuse me, but what game are you playing exactly? I have been following your posts and the answers to them for a while now, and although people are generally very willing to help you, you are continuing to upset them. Why? John Turner already suggested that you are making some queer kind of joke, and I'm starting to think he's right. Maybe you should start to post something useful or stop posting at all. And I would strongly suggest to read http://www.tuxedo.org/~esr/faqs/smart-questions.html as is suggested in the jakarta project's mailing list guidelines (which you should perhaps read first: http://jakarta.apache.org/site/mail.html). Otherwise (I think) the following things will happen in short order: 1. You will get more flames. 2. A lot of people on this list will filter your posts. 3. You will be banned from the list altogether. But who am I to worry about that? Andreas Mohrig -Original Message- From: Steve R. Burrus [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:09 AM To: [EMAIL PROTECTED] Subject: Re: STILL need help w. Tomcat installation!! Hello Micael, I appreciate the useful [-sic]advice which you offered to me re. setting the system variables for the Tomcat installation, however I really don't appreciate at all you inferring that I am DELIBERATELY trying to make it harder for both you and everyone else to help me just because I INADVERTENTLY left out the info. on what my platform is! --- On Wed 08/28, micael wrote: From: micael [mailto: [EMAIL PROTECTED]] To: [EMAIL PROTECTED] Date: Wed, 28 Aug 2002 12:39:02 -0700 Subject: Re: STILL need help w. Tomcat installation!! Do you know how to set your environmental variables on XP? If not, go to Start, Settings, Control Panel (in classic view), System, Advanced (tab), Environmental Variables (button), where you will see lots of neat stuff that is fairly intuitive. If you don't have the paths set, set them. You will need, for example, ANT_HOMEc:\ant CATALINA_HOME c:\tomcat CLASSPATH c:\jdk;c:\tomcat;c:\junit or whatever JAVA_HOME c:\jdk PATH %JAVA_HOME%\bin;%ANT_HOME%\bin or whatever. If you want to create a new system variable, hit New. If you want to edit an old one, hit Edit. Probably should avoid Delete for the time being. If you want to hard code these values in configurations of your application, that is something different. That is possible too. But, I think this is your easiest start. I recommend you read something like second chapter of Component Development for the Java Platform, by Stuart Dabbs Halloway to get acquainted with what this all really is doing. There is a paucity of literature on the subject. Lesson One: Saying what platform you are working on helps people who really would like to help you if you don't make it too hard to help. Sorry if that sounds too smug, but you seem not to be into helping us help you. Hope this did. Have fun! Micael At 11:39 AM 8/28/2002 -0700, you wrote: You are in luck, my good friend Jakob, I am using the Windows XP Operating System, so you can certainly help me out! *** * --- Jacob Kjome wrote: Hello STEVE, I forget what OS you are using. Can you state that? If you are using Windows NT/2000/XP and not Windows 95/98/Millenium I can help you. Let me know. Jake Wednesday, August 28, 2002, 12:04:12 PM, you wrote: SRB I STILL find myself in some degree of need from someone in this newsgroup SRB concerning the Tomcat install!!! I THINK that I got everything alright with SRB setting the environment variables in the System applet, but alas, when I tried SRB again to activate Tomcat, I STILL received the error msg. saying something about SRB the JAVA_HOME variable was not properly set or missing!! Should I type into the SRB DOS command line set JAVA_HOME=j2sdk* or not to maybe correct this? SRB __ SRB Do You Yahoo!? SRB Yahoo! Finance - Get real-time stock quotes SRB http://finance.yahoo.com SRB -- SRB To unsubscribe, e-mail: SRB For additional commands, e-mail: -- Best regards, Jacobmailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: For additional commands, e-mail: __ Do You Yahoo!? Yahoo! Finance - Get real-time stock quotes http://finance.yahoo.com -- To unsubscribe, e-mail: For additional commands, e-mail: -- To unsubscribe, e-mail: For additional commands, e-mail: Changed your e-mail? Keep your contacts! Use this free e-mail change of address service from Return Path. Register now! -- To unsubscribe, e-mail: mailto
RE: MVC and caching
Either the browser or some proxy is caching your page. Try to tell them to not do that with either a http-header: response.addHeader(pragma,no-cache); [I hope this is right] or some HTML-Tags (pick one or use all, I haven't tested them or checked for compliance with the HTML-Standard; just found them on the web): META HTTP-EQUIV=cache-control CONTENT=no-cache META HTTP-EQUIV=Pragma CONTENT=no-cache META HTTP-EQUIV=expires CONTENT=Tue, 7 July 1998 10:00:00 GMT The header seems to be preferable, since proxies might ignore the tags. Let us know if you succeeded and if so, with what method. Andreas Mohrig -Original Message- From: Anthony Geoghegan [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:18 PM To: Tomcat Users List Subject: Re: MVC and caching Is that a client caching issue? If so a variety of http header settings can be used to clear a client-side cache. Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. - Original Message - From: Josh G [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, August 29, 2002 1:06 AM Subject: MVC and caching Hi, I'm using a model-view-controller setup for my application, and I've run into problems with caching - here's a workflow: 1. User gets presented with viewDetails.jsp?id=1 2. User updates details, submits forms to a controller servlet 3. Servlet commits the changes via the model objects, and redirects to viewDetails.jsp?id=1 4. ??? 5. Profit!!! The problem is, the user is seeing (sometimes) a cached version of viewDetails.jsp?id=1 not always mind, just most of the time. Anybody run into similar problems? Is there a simple solution? Perhaps adding a variable with random data in it? Any answers appreciated! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: MVC and caching
Another method I once noticed has to do with never letting your user request the exact same URL twice, which could be accomplished by always sending (and incrementing) an additional sequence-number: 1. User gets presented with viewDetails.jsp?id=1sequencenumber=A_NUMBER 2. User updates details, submits forms to a controller servlet 3. Servlet commits the changes via the model objects, and redirects to viewDetails.jsp?id=1sequencenumber=A_NUMBER+1 4. ??? 5. Profit!!! [hopefully!] This can't be cashed, since it has to be expected that the output based an the different input will also be different. greetings Andreas Mohrig -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:50 PM To: 'Tomcat Users List' Subject: RE: MVC and caching Either the browser or some proxy is caching your page. Try to tell them to not do that with either a http-header: response.addHeader(pragma,no-cache); [I hope this is right] or some HTML-Tags (pick one or use all, I haven't tested them or checked for compliance with the HTML-Standard; just found them on the web): META HTTP-EQUIV=cache-control CONTENT=no-cache META HTTP-EQUIV=Pragma CONTENT=no-cache META HTTP-EQUIV=expires CONTENT=Tue, 7 July 1998 10:00:00 GMT The header seems to be preferable, since proxies might ignore the tags. Let us know if you succeeded and if so, with what method. Andreas Mohrig -Original Message- From: Anthony Geoghegan [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 12:18 PM To: Tomcat Users List Subject: Re: MVC and caching Is that a client caching issue? If so a variety of http header settings can be used to clear a client-side cache. Best Regards, Anthony Geoghegan. J2EE Developer CPS Ireland Ltd. - Original Message - From: Josh G [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, August 29, 2002 1:06 AM Subject: MVC and caching Hi, I'm using a model-view-controller setup for my application, and I've run into problems with caching - here's a workflow: 1. User gets presented with viewDetails.jsp?id=1 2. User updates details, submits forms to a controller servlet 3. Servlet commits the changes via the model objects, and redirects to viewDetails.jsp?id=1 4. ??? 5. Profit!!! The problem is, the user is seeing (sometimes) a cached version of viewDetails.jsp?id=1 not always mind, just most of the time. Anybody run into similar problems? Is there a simple solution? Perhaps adding a variable with random data in it? Any answers appreciated! -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4.0.3 and SSL
You have to use Port 443 for the SSL-enabled service, since this is were the client-browsers will send their https requests. Port 80 is for plain content (not encrypted) transported over http. Andreas Mohrig -Original Message- From: Giorgio Ponza [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 29, 2002 2:49 PM To: Tomcat Users List Subject: Tomcat 4.0.3 and SSL Hi guys!!! I have installed Tomcat 4.0.3 stand-alone and i'd like to use SSL. SSL is installed correctly, but i'd like to know how to configure server.xml to get the feature. I'd like to use the port 80, not the default 8443. If i change it, in local it works but accessing the site from another machine, it tells me the URL is malformed. There are some documents for this? TX ALL Giorgio -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: How to configure multiple tomcat instances connecting to apache using thewarp connector
Is using mod_jk a possibility? Because there is a way to connect multiple tomcat instances to apache using modd_jk. I always thought this was one of the differences between mod_jk and the warp connector, but don't take my word for it. Did you check the warp connector's documentation? Andreas Mohrig -Original Message- From: Jochen Schweflinghaus [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 28, 2002 9:21 AM To: [EMAIL PROTECTED] Subject: How to configure multiple tomcat instances connecting to apache using thewarp connector Forgot to mention the versions: RH Linux 7.1, apache-1.3.22-6, tomcat-4.0.4. No response so far ? Nobody have a clue ? -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Experience with connectors to connect tomcat to apache ?
Although I think there have been a lot of contributions concerning this (try searching the archives) beeing much more helpful, here is my configuration: 1 Apache 1.3.26 with mod_ssl 1 Tomcat 4.0.4 both on S.u.S.E. Linux 8.0 (Kernel 2.4.18) Connector: mod_jk We use the connector mainly to have apache as a time-tested front-end with ssl encryption. mod_jk seems to be the connector of choice for production systems, since it is around some time longer and more widely used. One more factor has been the possibility to upgrade the configuration to a cluster having one apache as loadbalancer and a couple of tomcats as workers. We have no data concerning the performance, but have nothing to complain about mod_jk's performance either. So far the other components (database e.g.) have been the bottlenecks, so I would not worry about optimizing something concerning the connector so long as it does it#s job reliably. Andreas Mohrig -Original Message- From: Jochen Schweflinghaus [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 28, 2002 9:40 AM To: [EMAIL PROTECTED] Subject: Experience with connectors to connect tomcat to apache ? Hi Group, since it seems that there is noone out there, who can help me with my problem 'How to configure multiple tomcat instances connecting to apache using thewarp connector', I'd like to share your experience with connectors connecting tomcat with apache. What are the main differences between the Warp and the AJP13 connector except for the load balancing ? Is one of the two more performant ? Will Coyote JK2 connector bring any improvements in addition to inprocess JVM ? Which connector do you prefer ? Why ? Any input is appreciated. Please do not forget the OS, Apache- and Tomcat version you use. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: tomcat4 + declarative security
I'm using Tomcat/4.0.4 with Apache 1.3.26 (mod_jk) on SuSE Linux 7.3 (without JBoss or struts). Do you really get responses with the same session-id, but different results of getRemoteUser()? Andreas Mohrig -Original Message- From: jfc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 7:15 PM To: Tomcat Users List Subject: Re: tomcat4 + declarative security Andreas Mohrig wrote: The answers are yes and yes. You can determine the user's logged-in-ness with a call to request.getRemoteUser(), which should return null if he is not and his name (login) otherwise. This should always be the case, regardless of the currently requested resource having a security-constraint or nor, but of course a login will only be demanded if it has such a constraint. If you experience different behaviour, I will surely be interested to learn about it. Andreas Mohrig -Original Message- From: jfc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: tomcat4 + declarative security Hi, I have two questions regarding declarative security ( I use JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2 - ): 1.Is tomcat 4 supposed to be able to distinguish previously authenticated users from unauthenticated users? I assumed the answer to this question is yes because otherwise the user would have to undergo the entire authentication process repeatedly for each request that he submits within a single session. 2.Is tomcat 4 supposed to be able to do the above (i.e. remember a user's logged-in-ness) regardless of whether his current request was to a secured resource? (again assume requests are within the same session). cheers jfc -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Right, well I have a situation where point 2 is not working. If I roll my versions back to bundle jb243+tc40, I get the predicted behaviour of which you speak. What version/s are you using? jfc -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Can't get tomcat 4 + mod_jk + apache to work
Hi Scott, an assumption to why it now works is that you have commented out the virtual host, so that the directives are now in the main section. The virtual host mechanism seems to depend on the clients (browsers) sending the host name (in your case toecutter or later localhost) to the server, and if they don't do that, the directives never work for these requests. I don't understand why tomcat is generating this configuration, though. greetings Andreas Mohrig -Original Message- From: Scott Adamson [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 22, 2002 6:52 AM To: Tomcat Users List Subject: Re: Can't get tomcat 4 + mod_jk + apache to work I don't know why, but I got it to work by adding the following at the end of httpd.conf - IfModule !mod_jk.c LoadModule jk_module /usr/local/apache2/libexec/mod_jk-3.3-ap13-noeapi.so /IfModule JkWorkersFile /usr/local/jakarta-tomcat-4.0.4/conf/jk/workers.properties JkLogFile /usr/local/jakarta-tomcat-4.0.4/logs/mod_jk.log JkLogLevel emerg #VirtualHost localhost #ServerName localhost localhost:/examples # Static files Alias /examples /usr/local/tomcat/webapps/examples Directory /usr/local/tomcat/webapps/examples Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp /Directory # Deny direct access to WEB-INF and META-INF # Location /examples/WEB-INF/* AllowOverride None deny from all /Location Location /examples/META-INF/* AllowOverride None deny from all /Location JkMount /examples ajp13 JkMount /examples/* ajp13 JkMount /examples/jsp/security/protected/j_security_check ajp13 JkMount /examples/snoop ajp13 JkMount /examples/servlet/* ajp13 JkMount /examples/CompressionTest ajp13 JkMount /examples/*.jsp ajp13 JkMount /examples/servletToJsp ajp13 JkMount /examples/SendMailServlet ajp13 toecutter:/sywareTech Alias /sywareTech /usr/local/jakarta-tomcat-4.0.4/webapps/sywareTech Directory /usr/local/jakarta-tomcat-4.0.4/webapps/sywareTech Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp /Directory # Deny direct access to WEB-INF and META-INF # Location /sywareTech/WEB-INF/* AllowOverride None deny from all /Location Location /sywareTech/META-INF/* AllowOverride None deny from all /Location JkMount /sywareTech/*.jsp ajp13 JkMount /sywareTech/servlet/* ajp13 #/VirtualHost I couldn't get it to work by including mod_jk.conf, and I couldn't get the mod_jk src (from the Tomcat 4 dist. - no binaries avail.) to compile. Good luck. regards, Scott. - Original Message - From: Brian Orledge [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, August 20, 2002 11:35 PM Subject: RE: Can't get tomcat 4 + mod_jk + apache to work Did you get anywhere with this. I'm using the same configuration (minus the JBoss) and having the same error. Brian Orledge Revenue Solutions, Inc. 301.240.2182 -Original Message- From: Scott Adamson [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 11:57 AM To: Tomcat Users List Subject: Can't get tomcat 4 + mod_jk + apache to work I have been trying for the last week to get Apache + mod_jk + Tomcat 4 to work. I have confirmed that Tomcat works on 8080, confirmed that Apache is running. . Scott Adamson Systems Administrator Syware Technology [EMAIL PROTECTED] http://upe.com.au -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: tomcat4 + declarative security
Go ahead, I will take a look, but I'm afraid I can't promise to spend very much time with it. Perhaps it is better to mail it to me directly (if it is large). And the sources would be usefull too. greetings Andreas Mohrig -Original Message- From: jfc [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 22, 2002 3:12 PM To: Tomcat Users List Subject: Re: tomcat4 + declarative security The answer is yes. Can I email you my tomcat 'demo-auth-prob' war file?(which utilizes users.properties and roles.properties - so it shows the problem without referring to jboss). If you need the src, I can email it too. jfc -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Adding HTTPS to Tomcat/Apache/mod_jk install on NT
http://httpd.apache.org/docs-2.0/ssl/ Andreas Mohrig -Original Message- From: Kenny G. Dubuisson, Jr. [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 22, 2002 3:49 PM To: [EMAIL PROTECTED] Subject: Adding HTTPS to Tomcat/Apache/mod_jk install on NT Hello again all listers. I was wondering if anyone could point me in the right direction on setting up HTTPS on my Apache 2.0.40 / Tomcat 4.0.4 / mod_jk installation on WinNT 4? Any help would be greatly appreciated. Thanks, Kenny -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat + SSL + IO Taglib
I'm afraid your server doesn't have a certificate for itself (i.e. localhost), from which it is requesting a resource. At least it doesn't know itself under this name (localhost). You have to import your server certificate (or the certificate of the CA that signed it) with keytool into your java keystore to get rid of this problem. greetings Andreas Mohrig -Original Message- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:37 AM To: Tomcat Subject: Tomcat + SSL + IO Taglib Hello, I'am connecting to Tomcat using SSL, but without client authentification (clientAuth=false in server.xml). When I try to use io taglib, here is an JSP example : ... url = https://localhost:8443//Cache?newsServer=moreover_newsnewsFeedName% io:request url=%=url%/ ... I always got this message : javax.servlet.ServletException: Couldn't find trusted certificate Is there a way to use IO Taglib with a secure website without client authentification ? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat + SSL + IO Taglib
And to finish my own thought (this time before sending the message ;-): You should then use your official server-name instead of localhost, i.e. the name which is set in the certificate. Java is really picky about the certificates it trusts. By the way: This has nothing to do with client authentification, since your server does seem to communicate only with itself at this point. Hope it works Andreas Mohrig -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:47 AM To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib I'm afraid your server doesn't have a certificate for itself (i.e. localhost), from which it is requesting a resource. At least it doesn't know itself under this name (localhost). You have to import your server certificate (or the certificate of the CA that signed it) with keytool into your java keystore to get rid of this problem. greetings Andreas Mohrig -Original Message- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:37 AM To: Tomcat Subject: Tomcat + SSL + IO Taglib Hello, I'am connecting to Tomcat using SSL, but without client authentification (clientAuth=false in server.xml). When I try to use io taglib, here is an JSP example : ... url = https://localhost:8443//Cache?newsServer=moreover_newsnewsFeedName% io:request url=%=url%/ ... I always got this message : javax.servlet.ServletException: Couldn't find trusted certificate Is there a way to use IO Taglib with a secure website without client authentification ? Thanks. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat + SSL + IO Taglib
First of all, since you are trying to get a resource from the server itself, it might be completely sufficient to use http instead of https, i.e. the url http://localhost:8080//Cache?newsServer=moreover_newsnewsFeedName should work (assuming standard configuration). You won't have to bother with ssl then, which should be acceptable, because the data in questiong will be send over the server's loopback interface only (and therefor should not be in danger of beeing monitored, as long as your server hasn't been hacked). If you still want to use ssl, though, there is quite a long way to go: It seems you have tomcat configured to accept ssl at port 8443, and now you want to get something from it from within a jsp page with this url: https://localhost:8443//Cache?newsServer=moreover_newsnewsFeedName In order for this to succeed, the code executing your jsp will act quite similar to a normal webbrowser and attempts to connect to the server given in the url (which could as well be any other server reachable over your network). What follows is a ssl-handshake: The server presents it's certificate and a key to encrypt the datatransfer is exchanged. This key is normally signed by some CA (certificate authority, like Thawte or verisign) so that the client can trust that no one just pretends to be who he says to be (e.g. a bank or something like this) and can decide upon that if he wants to transfer confidential information (like a credit card number for example) to this server. I'm sure you have seen warnings from your browser when these certificates are not perfectly ok, when they have expired or are not issued for the right server(-name). Your browser will ask if you wish to accept this and continue to connect nevertheless. (What do you see if you enter the above URL into your browser, with localhost replaced by whatever address your server is reachable at). This is what happens to your jsp-code too, because your selfgenerated server-key (which you created with keytool -genkey -alias tomcat -keyalg RSA, -genkey creates a key, not a keystore) is not signed by anyone trusted by normal java distributions. But instead of giving the opportunity to accept this nevertheless, the process fails, because there is noone there to interactively give his ok. This is all the background I can give you in realtively short time, since the process to sign such a key and to import the certificate is quite complex (if you do not want to spend money for someone officially signing your key). And I'm afraid I don't know how to accept such certificates nevertheless. If you need advice on how to become your own CA, how to sign your key and import the CA's key into your keystore, I could provide you with some notes, but don't expect this will be easy. greetings Andreas Mohrig -Original Message- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 12:02 PM To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib Thanks for your quick answer ! But I have never work with SSL before, so I am getting a little confused. How can I get a certificate for my server ? The only thing I have done so far is creating a keystore (keytool -genkey -alias tomcat -keyalg RSA). Every thing works fine except for the taglibs ? -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: mercredi 21 août 2002 11:52 To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib And to finish my own thought (this time before sending the message ;-): You should then use your official server-name instead of localhost, i.e. the name which is set in the certificate. Java is really picky about the certificates it trusts. By the way: This has nothing to do with client authentification, since your server does seem to communicate only with itself at this point. Hope it works Andreas Mohrig -Original Message- From: Andreas Mohrig [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:47 AM To: 'Tomcat Users List' Subject: RE: Tomcat + SSL + IO Taglib I'm afraid your server doesn't have a certificate for itself (i.e. localhost), from which it is requesting a resource. At least it doesn't know itself under this name (localhost). You have to import your server certificate (or the certificate of the CA that signed it) with keytool into your java keystore to get rid of this problem. greetings Andreas Mohrig -Original Message- From: QUERTEMONT Christophe [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 11:37 AM To: Tomcat Subject: Tomcat + SSL + IO Taglib Hello, I'am connecting to Tomcat using SSL, but without client authentification (clientAuth=false in server.xml). When I try to use io taglib, here is an JSP example : ... url = https://localhost:8443//Cache?newsServer=moreover_newsnewsFeedName% io:request url=%=url%/ ... I always got this message : javax.servlet.ServletException: Couldn't find trusted certificate Is there a way to use IO
RE: tomcat4 + declarative security
The answers are yes and yes. You can determine the user's logged-in-ness with a call to request.getRemoteUser(), which should return null if he is not and his name (login) otherwise. This should always be the case, regardless of the currently requested resource having a security-constraint or nor, but of course a login will only be demanded if it has such a constraint. If you experience different behaviour, I will surely be interested to learn about it. Andreas Mohrig -Original Message- From: jfc [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 21, 2002 1:26 PM To: [EMAIL PROTECTED] Subject: tomcat4 + declarative security Hi, I have two questions regarding declarative security ( I use JBoss2.4.x+Tomcat4.0 + struts1.1, on suse linux7.2 - ): 1.Is tomcat 4 supposed to be able to distinguish previously authenticated users from unauthenticated users? I assumed the answer to this question is yes because otherwise the user would have to undergo the entire authentication process repeatedly for each request that he submits within a single session. 2.Is tomcat 4 supposed to be able to do the above (i.e. remember a user's logged-in-ness) regardless of whether his current request was to a secured resource? (again assume requests are within the same session). cheers jfc -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Can't get tomcat 4 + mod_jk + apache to work
It seems to be a problem of your apache configuration. Your error message seems to indicate that the virtual host is not recognized, since not even the alias for the static content has any effect. Are you depending on the VirtualHost-part? If not, try to replace it (the whole block) with the follwing lines and try how far this gets you: JkMount /examples/jsp/security/protected/j_security_check ajp13 JkMount /examples/snoop ajp13 JkMount /examples/CompressionTest ajp13 JkMount /examples/*.jsp ajp13 JkMount /examples/servlet/* ajp13 JkMount /examples/servletToJsp ajp13 JkMount /examples/SendMailServlet ajp13 JkMount /webdav/*.jsp ajp13 JkMount /webdav/servlet/* ajp13 JkMount /tomcat-docs/*.jsp ajp13 JkMount /tomcat-docs/servlet/* ajp13 JkMount /manager/*.jsp ajp13 JkMount /manager/servlet/* ajp13 JkMount /manager/* ajp13 JkMount /sywareTech/*.jsp ajp13 JkMount /sywareTech/servlet/* ajp13 By the way: Since your webbapps-directory is not in your apaches document-path, you don't need to worry about securing your WEB-INF and META-INF directories. With the above, static content (i.e. not *.jsp or servlets) will be served out of the corresponding directories under /usr/local/apache2/htdocs/. If you don't want that, change the *.jsp into * (in JkMount /examples/*.jsp ajp13 etc.). If that is not acceptable when it comes to performance, try it with the alias again, but then you should also protect the tomcat-special-directories. Andreas Mohrig -Original Message- From: Scott Adamson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 20, 2002 3:02 PM To: Tomcat Users List Subject: Re: Can't get tomcat 4 + mod_jk + apache to work Here's the contents of my mod_jk.conf : ## Auto generated on Tue Aug 20 19:28:15 EST 2002## IfModule !mod_jk.c LoadModule jk_module /usr/local/apache2/libexec/mod_jk-3.3-ap13-noeapi.so /IfModule JkWorkersFile /usr/local/jakarta-tomcat-4.0.4/conf/jk/workers.properties JkLogFile /usr/local/jakarta-tomcat-4.0.4/logs/mod_jk.log JkLogLevel emerg VirtualHost toecutter ServerName toecutter toecutter:/examples # Static files Alias /examples /usr/local/jakarta-tomcat-4.0.4/webapps/examples Directory /usr/local/jakarta-tomcat-4.0.4/webapps/examples Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp /Directory # Deny direct access to WEB-INF and META-INF # Location /examples/WEB-INF/* AllowOverride None deny from all /Location Location /examples/META-INF/* AllowOverride None deny from all /Location JkMount /examples/jsp/security/protected/j_security_check ajp13 JkMount /examples/snoop ajp13 JkMount /examples/CompressionTest ajp13 JkMount /examples/*.jsp ajp13 JkMount /examples/servlet/* ajp13 JkMount /examples/servletToJsp ajp13 JkMount /examples/SendMailServlet ajp13 toecutter:/webdav # Static files Alias /webdav /usr/local/jakarta-tomcat-4.0.4/webapps/webdav Directory /usr/local/jakarta-tomcat-4.0.4/webapps/webdav Options Indexes FollowSymLinks DirectoryIndex index.jsp index.html index.htm /Directory # Deny direct access to WEB-INF and META-INF # Location /webdav/WEB-INF/* AllowOverride None deny from all /Location Location /webdav/META-INF/* AllowOverride None deny from all /Location JkMount /webdav/*.jsp ajp13 JkMount /webdav/servlet/* ajp13 toecutter:/tomcat-docs # Static files Alias /tomcat-docs /usr/local/jakarta-tomcat-4.0.4/webapps/tomcat-docs Directory /usr/local/jakarta-tomcat-4.0.4/webapps/tomcat-docs Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp /Directory # Deny direct access to WEB-INF and META-INF # Location /tomcat-docs/WEB-INF/* AllowOverride None deny from all /Location Location /tomcat-docs/META-INF/* AllowOverride None deny from all /Location JkMount /tomcat-docs/*.jsp ajp13 JkMount /tomcat-docs/servlet/* ajp13 toecutter:/manager # Static files Alias /manager /usr/local/jakarta-tomcat-4.0.4/webapps/manager Directory /usr/local/jakarta-tomcat-4.0.4/webapps/manager Options Indexes FollowSymLinks DirectoryIndex index.html index.htm index.jsp /Directory # Deny direct access to WEB-INF and META-INF # Location /manager/WEB-INF/* AllowOverride None deny from all /Location Location /manager/META-INF/* AllowOverride None deny from all /Location JkMount /manager/*.jsp ajp13 JkMount /manager/servlet/* ajp13 JkMount /manager/* ajp13
RE: Mapping directory
I'm afraid I don't have any expertise whatsoever concerning vq server, and don't have to trouble with loading dlls either (all my servers run under unix). But my guess would be that vq server somehow knows which dll it has already loaded and refrains from loading it again, whereas tomcat does not check for this. Maybe you can figure out a way to determine if the dll has already been loaded (or which dlls are present in the system) and make the loading dependent on the outcome of this check. It would be a good idea to make this thread-safe as well, i.e. to use some kind of locking mechanism. Alternatively you could place an object in application scope to indicate if the dll has already been loaded (by your servlet) if you do not get access to the information about which dlls are already present in the system and if you are sure that your servlet/application is the only one loading this particular dll. If you initialize this object with an form of application-initialization-servlet during startup, you could use it as a semaphore (synchronization object / monitor) as well. I'm not aware of any standard mechanism helping with such problems. Hope that helps. Andreas Mohrig -Original Message- From: Taral Shah [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 10:06 AM To: Tomcat Users List Subject: Re: Mapping directory Hi Andreas, Thanks a lot for your solution. It worked for me. I did the exact same thing and its working perfectly. Now I am facing some typical problem, In my application peviously cgi file was running with vqserver as cgi server. Now When I mapped directory specified by you, I am able to run the application but it throws native library error some times. I am loading dll in my application, And when I excute the servlet it gives me error that dll is already loaded, If i restart tomcat it works fine. Surprsingly this error doesnot come with older specifications. i.e. running with vq server+tomcat. Has anybody having any idea for loading dll problem in tomcat. Thanks Taral Shah Software Engineer, Contech Software Ltd. [EMAIL PROTECTED] Experience is what you get when you were expecting something else. - Original Message - From: Andreas Mohrig [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, August 13, 2002 5:42 PM Subject: AW: Mapping directory If your context happens to be cgi that should be possible. Put something like this in your web.xml: servlet servlet-namemyServlet/servlet-name servlet-classcom.YourInstitution.servlet.myServlet/servlet-class /servlet servlet-mapping servlet-namemyServlet/servlet-name url-pattern/vq/ca.exe/url-pattern /servlet-mapping Otherwise the only solution I know is to use the URL rewriting capabilities of a webserver such as apache and forward the requests in questing (e.g. via mod_jk) to Tomcat. I would be interested in a way to get rid off the sometimes unnecessary context-prefix myself. Andreas Mohrig -Ursprüngliche Nachricht- Von: Taral Shah [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 13. August 2002 13:33 An: Tomcat Users List Betreff: Mapping directory Is it possible to map path in topmcat. I mean If i have request coming like http://ip:8080/cgi/vq/ca.exe?abc Can I redirect this request to http://ip:8080/context/servlet/myServlet?abc Is it possible with just configuring tomcat. Thanks Taral Shah -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Session and IP
Afaik tomcat uses either cookies or url-encoding to get the session-id from the users requesting a resource, which has nothing to do with the ip address. The only circumstances I could imagine therefore are two differente browsers having installed the same session-cookie (which is quite unlikely and would require the users to actively copy those cookie from one machine to the other) or (which is much more likely) two users using the same encoded urls. This might happen if one user sends another the complete(!) link containing the session id by copying it out of the address-field of his browser, e.g.: http://www.yourserver.com/yourcontext/someresource.jsp;jsessionid=C21CC5E4A5 890818B3E56426925E86F9 This would let the other user share the same session as long as it has not timed out. best regards Andreas Mohrig -Original Message- From: Roland Carlsson [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:20 AM To: Tomcat Users List Subject: Session and IP Hi! I'm trying to trace a strange behavior from a couple of error reports from the users of a system. The problem is that they seems to share the same session on our server. Different computers, on different location, sharing a public ip-number (corporate intranet through VPN to a single internet-node). The company has IE4 as their default browser. My questions are: Is it possible that tomcat let those users share the same session since they share the same public IP-number? Under what circumstances would that behavior occur? Thanks in advance Roland Carlsson -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: forward to TOP-Frame
I'm afraid tomcat itself can't help you with this at all, since you really have to convince the client browser to use the top frame to display your page. Once the browser has requested your page to display within a subframe, your page doesn't even know it is to be displayed within this subframe. You would have to send back a page that instructs the browser to reaload another (or the same) page in the top frame. Without JavaScript I would imagine this to be quite difficult. If this is _really_ important to you there may be another way, though. You may be able to emulate your frame-structure by composing your jsp-pages dynamically via jsp:include page=somepage/ and/or %@ include file=somefile%. I admit this would be a painful course of action if you have already designed your application to use frames, but then you could just send back a page missing alle the included parts, which will make it top. greetings Andreas Mohrig -Original Message- From: Harry Knörrer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:49 AM To: 'Tomcat Users List' Subject: AW: forward to TOP-Frame And javascript isn't allowed -Ursprüngliche Nachricht- Von: Harry Knörrer [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 14. August 2002 11:45 An: 'Tomcat Users List' Betreff: AW: forward to TOP-Frame This is a problem cause the forward should happen when the session is invalid. I check this in my controller.jsp -Ursprüngliche Nachricht- Von: Barney Hamish [mailto:[EMAIL PROTECTED]] Gesendet: Mittwoch, 14. August 2002 11:29 An: 'Tomcat Users List' Betreff: RE: forward to TOP-Frame You can't solve this with forward. You need to do this client side with either javascript or by changing whatever link the user clicks on to to include a target. Hamish -Original Message- From: Harry Knörrer [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 14, 2002 11:27 AM To: Tomcat-Liste (E-Mail) Subject: jsp:forward to TOP-Frame Hello! I want to forward the request to a page but it should be shown in my top-frame. e.g href=logindialogController.jsp?formcommand=logout target = _top How can i solve this with jsp:forward or any other solution? Thanks Harry Knoerrer -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: JSP vs. Servlet Paths
It's quite simple, really, although it has nothing to do with a difference between JSP's and servlets (since JSP's are compiled into servlets). The JSP's and servlets both live inside a context, here the demo-web-application. Paths within scripting-elements in JSP's or servlet-methods are (as a rule) interpreted relative to this contxt, so / becomes /demo/. But when you use a form in a JSP, the following request (after the user hits the submit-button) in fact comes from the client's browser (!), not from within your application. Therefore, the path is interpreted relative to the root-path of your Webserver (i.e. Tomcat or maybe Apache). greetings Andreas Mohrig cadooz AG Osterbekstr. 90b 22083 Hamburg Email: [EMAIL PROTECTED] Tel.: +49.40.271 482-13 Fax.: +49.40.271 482-11 Web: www.cadooz.de -Ursprüngliche Nachricht- Von: Adam W. Montville [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 13. August 2002 08:01 An: [EMAIL PROTECTED] Betreff: JSP vs. Servlet Paths Hi all, I'm new to this list and really need some help. Let me frame the scenario: I have CATALINA_HOME set to C:\jakarta-tomcat-4.0.4\jakarta-tomcat-4.0.4. The rest of the directory structure (and file locations) is as follows: CATALINA_HOME | +-- webapps | +-- demo | +-- jsp | +-- WEB-INF | +-- classes The classes directory contains MyServlet.class, WEB-INF contains web.xml, jsp contains both SourceJsp.jsp and TargetJsp.jsp. SourceJsp.jsp displays a submit button, which then calls TargetJsp.jsp, i.e., it contains the line FORM METHOD=POST ACTION=/demo/jsp/TargetJsp.jsp. I then have a Servlet, MyServlet.java that also calls TargetJsp.jsp. MyServlet.java contains the line this.getServletContext().getRequestDispatcher(/jsp/TargetJsp.jsp).forward (req, resp). Please pay attention to the path difference between these two calls. SourceJsp.jsp and MyServlet.java both invoke the same TargetJsp.jsp, however, the paths are different: SourceJsp.jsp = /demo/jsp/TargetJsp.jsp; MyServlet.java = /jsp/TargetJsp.jsp. I need to understand why this must be the case. What is the difference between a JSP invoking a JSP and a Servlet invoking a JSP with regard to the paths required for such invocation? Thank you for your help! I appreciate it! Regards, Adam -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: Mapping directory
If your context happens to be cgi that should be possible. Put something like this in your web.xml: servlet servlet-namemyServlet/servlet-name servlet-classcom.YourInstitution.servlet.myServlet/servlet-class /servlet servlet-mapping servlet-namemyServlet/servlet-name url-pattern/vq/ca.exe/url-pattern /servlet-mapping Otherwise the only solution I know is to use the URL rewriting capabilities of a webserver such as apache and forward the requests in questing (e.g. via mod_jk) to Tomcat. I would be interested in a way to get rid off the sometimes unnecessary context-prefix myself. Andreas Mohrig -Ursprüngliche Nachricht- Von: Taral Shah [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 13. August 2002 13:33 An: Tomcat Users List Betreff: Mapping directory Is it possible to map path in topmcat. I mean If i have request coming like http://ip:8080/cgi/vq/ca.exe?abc Can I redirect this request to http://ip:8080/context/servlet/myServlet?abc Is it possible with just configuring tomcat. Thanks Taral Shah -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: SSL Connection Tomcat and Apache
I think the setup within apache's httpd.conf will enable encryption between the client browsers and the webserver only, but not between apache and tomcat. You might use ssh to do that, since you can build an encrypted tunnel to forward the connections to a remote port. Suppose your apache machine was on ip 192.168.0.1 and your tomcat machine was on ip 192.168.0.2. Further suppose your ajp connector is configured to use port 8009. You could start a port forwarding tunnel on your apache machine with ssl -L 8009:192.168.0.2:8009 [EMAIL PROTECTED] Any connection to port 192.168.0.1:8009 will be forwarded to 192.168.0.2 via the encrypted connection established by ssh. Of course this requires ssh to be installed on both machines, i.e. the server component on the tomcat-machine and the client component on the apache-machine. (You could do it the other way around using the -R switch). Note that the connection will only be forwarded if it is coming from the local machine (i.e. the apache-machine in this example), unless you also state -g to enable other machines to connect. (You might wish to read up on this in a suitable ssh documentation). You would then have to modify back your workers.properties file to look something like this (on the apache machine): # Definition for Ajp13 worker # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 Note that it is localhost again instead of 192.168.0.2 (the ip of the tomcat-machine). I have not tested this procedure, and have not given it much thought if this will cause additional security problems. I have also not explored in which way the ssh connection has to be set up to be available to apache (I would presume you would have to do it using nohup ssl -L 8009:192.168.0.2:8009 [EMAIL PROTECTED] just before starting apache, but that could cause problems with the password you would have to enter, and may force you to use client authentication with public/private keys instead). The best solution of course would be to place your tomcat worker-machines physically behind your apache webserver, using a second network interface card on the apache machine and a switch/hub to connect it to potentially quite a lot of tomcat-machines, which would not be reachable by any other machines if you set up the apache-machine correctly. Please let me (let us all) know if you manage to successfully set up such a configuration using ssh. greetings Andreas Mohrig -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 5:49 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache Thanks for your post with the configuration in it...SSL between apache and tomcat is something I have been wanting to research for awhile now, and your info will make it easier to do that. That said, I'm curious to know how you are verifying that SSL is working between apache and tomcat on different machines. How do you know the datastream is truly encrypted? I'm not questioning your setup, I'm asking how I will know the same thing for sure once I set it up myself. Having SSL setup on both machines is no guarantee that the datastream is encrypted. John Turner [EMAIL PROTECTED] -Original Message- From: Pooleery, Manoj [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 11:27 AM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache i have it working on different machines. Tomcat on one machine and apache on another. SSL will work irrespective of the machines, as long as both of the machines can see each other.(i mean on the same network). -Original Message- From: Wills, Mike N. (TC) [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 4:38 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache What about the transmittions between Apache and Tomcat? I realize if they are on the same machine it isn't a problem, but what about if it is on a different machine? This is all for the intranet. -Original Message- From: Pooleery, Manoj [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 3:33 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache In the httpd.conf file of apache, you can implement the virtual host directive for SSL. The port used is 443. You have to have an entry like this - ## ## SSL Virtual Host Context ## VirtualHost server_name:443 # General setup for the virtual host DocumentRoot C:/Apache/htdocs ServerName server_name ServerAdmin webmaster@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLCertificateFile certificate_location/certificate_name SSLCertificateKeyFile certificate_key_location/certificate_key /VirtualHost you have to generate a CSR file(instructions for creating a CSR can be found at http://www.verisign.com/support/csr/apache/v01.html). Once you create a CSR
RE: SSL Connection Tomcat and Apache
Please correct my typo: It has to be ssh instead of ssl (of course) in the command used to start the secure shell!!! And one mor thought: I have no idea how this might affect performance. - I think the setup within apache's httpd.conf will enable encryption between the client browsers and the webserver only, but not between apache and tomcat. You might use ssh to do that, since you can build an encrypted tunnel to forward the connections to a remote port. Suppose your apache machine was on ip 192.168.0.1 and your tomcat machine was on ip 192.168.0.2. Further suppose your ajp connector is configured to use port 8009. You could start a port forwarding tunnel on your apache machine with ssh -L 8009:192.168.0.2:8009 [EMAIL PROTECTED] Any connection to port 192.168.0.1:8009 will be forwarded to 192.168.0.2 via the encrypted connection established by ssh. Of course this requires ssh to be installed on both machines, i.e. the server component on the tomcat-machine and the client component on the apache-machine. (You could do it the other way around using the -R switch). Note that the connection will only be forwarded if it is coming from the local machine (i.e. the apache-machine in this example), unless you also state -g to enable other machines to connect. (You might wish to read up on this in a suitable ssh documentation). You would then have to modify back your workers.properties file to look something like this (on the apache machine): # Definition for Ajp13 worker # worker.ajp13.port=8009 worker.ajp13.host=localhost worker.ajp13.type=ajp13 Note that it is localhost again instead of 192.168.0.2 (the ip of the tomcat-machine). I have not tested this procedure, and have not given it much thought if this will cause additional security problems. I have also not explored in which way the ssh connection has to be set up to be available to apache (I would presume you would have to do it using nohup ssh -L 8009:192.168.0.2:8009 [EMAIL PROTECTED] just before starting apache, but that could cause problems with the password you would have to enter, and may force you to use client authentication with public/private keys instead). The best solution of course would be to place your tomcat worker-machines physically behind your apache webserver, using a second network interface card on the apache machine and a switch/hub to connect it to potentially quite a lot of tomcat-machines, which would not be reachable by any other machines if you set up the apache-machine correctly. Please let me (let us all) know if you manage to successfully set up such a configuration using ssh. greetings Andreas Mohrig -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 5:49 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache Thanks for your post with the configuration in it...SSL between apache and tomcat is something I have been wanting to research for awhile now, and your info will make it easier to do that. That said, I'm curious to know how you are verifying that SSL is working between apache and tomcat on different machines. How do you know the datastream is truly encrypted? I'm not questioning your setup, I'm asking how I will know the same thing for sure once I set it up myself. Having SSL setup on both machines is no guarantee that the datastream is encrypted. John Turner [EMAIL PROTECTED] -Original Message- From: Pooleery, Manoj [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 11:27 AM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache i have it working on different machines. Tomcat on one machine and apache on another. SSL will work irrespective of the machines, as long as both of the machines can see each other.(i mean on the same network). -Original Message- From: Wills, Mike N. (TC) [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 4:38 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache What about the transmittions between Apache and Tomcat? I realize if they are on the same machine it isn't a problem, but what about if it is on a different machine? This is all for the intranet. -Original Message- From: Pooleery, Manoj [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 3:33 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache In the httpd.conf file of apache, you can implement the virtual host directive for SSL. The port used is 443. You have to have an entry like this - ## ## SSL Virtual Host Context ## VirtualHost server_name:443 # General setup for the virtual host DocumentRoot C:/Apache/htdocs ServerName server_name ServerAdmin webmaster@localhost ErrorLog logs/ssl/error.log TransferLog logs/ssl/access.log SSLCertificateFile certificate_location/certificate_name SSLCertificateKeyFile certificate_key_location/certificate_key
RE: SSL Connection Tomcat and Apache
client - talks on 443 ssl to - apache - talks ??? on port 8009 - tomcat I would think apache talks AJP protocol on port 8009 to tomcat. The ssl between client and port 443 on apache is http over ssl. Since I don't know of something like ajp over ssl I would presume it is not encrypted. Again: Correct my if I'm wrong, since I have not tested it with a packet-sniffer (or something like that). greetings Andreas Mohrig -Original Message- From: Wills, Mike N. (TC) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 13, 2002 6:54 PM To: 'Tomcat Users List' Subject: RE: SSL Connection Tomcat and Apache This is exactly what I am wondering about. -Original Message- From: Peter T. Abplanalp -Original Message- From: Wills, Mike N. (TC) What about the transmittions between Apache and Tomcat? I realize if they are on the same machine it isn't a problem, but what about if it is on a different machine? On Tue, Aug 13, 2002 at 11:27:21AM -0400, Pooleery, Manoj wrote: i have it working on different machines. Tomcat on one machine and apache on another. SSL will work irrespective of the machines, as long as both of the machines can see each other.(i mean on the same network). i'm not sure this answers the question. i am also interested in this. let me draw a picture: client - talks on 443 ssl to - apache - talks ??? on port 8009 - tomcat the problem being that if the webser gets encrypted stuff and then passes it to tomcat in the clear, someone could get the unencrypted info from the second conversation. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
AW: One more thing -- JDBC Realm Error --Form- Looking both Database and tomcat-user.xml
I'm not 100 percent sure about this, but I always thought the whole point was having one realm and one realm only. Otherwise the semantics would be quite unclear: Would any legal user have to be defined in both realms or would any one of the realms suffice? Your problems seem to point in this direction. Try to choose one of the realms and deactivate the other. greetings Andreas Mohrig -Ursprüngliche Nachricht- Von: Polly Poon [mailto:[EMAIL PROTECTED]] Gesendet: Montag, 12. August 2002 15:57 An: Tomcat Users List Betreff: One more thing -- JDBC Realm Error --Form- Looking both Database and tomcat-user.xml If i try to insert a name in tomcat-user.xml that doesnt exist in database it will redirect me to error.html. And if i try to login using a name only exists in database not in tomcat-users.xml, it redirects me to error.html as well Thanks again! From, Polly - Original Message - From: Polly Poon [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, August 12, 2002 11:51 PM Subject: JDBC Realm Error --Form- Looking both Database and tomcat-user.xml Hi all, I have got this error from tomcat JDBC Realm. My Config Tomcat 3.2.4 MySQL 3.2.3 Red Hat Linux Problem JDBC Realm look up both database and tomcat-users.xml. The error is like this(This is when the tomcat-users.xml is empty) 2002-08-12 23:01:28 - ContextManager: JDBCRealm: Authentication successful for user polly 2002-08-12 23:01:28 - ContextManager: JDBCRealm: Auth ok, user=polly It suppose to look up the role next but somehow it stops. And then it redirects me to the error.html, the error page that i specific in web.xml. IF i insert the user details into tomcat-users.xml, it works perfect. The JDBC Realm was started successfully. I wonder what this problem could be. Thanks in advanced. From, Polly -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]