Re: tomcat problems with SSL / PKCS12
Hi Kallen, I was able to export a p12 cert with complete chain half a year ago, but I couldn't reproduce it now. However, I found this: http://sense.bigbrother.net/archives/0275.html Maybe you can try it out while I continue playing with openssl ... Dennis On 9/21/2004 3:29 PM, [EMAIL PROTECTED] wrote: hi. i'm having difficulty getting tomcat to work with SSL. i'm hoping to succeed with this, and not end up using apache+SSL in front of tomcat, tho i can. also, i have done much googling, and have tried many of the suggestions, to no avail. i'll limit my problem description to my attempts with using pkcs12, not JKS. the players: linux, tomcat-5.0.27, IBMJava2-141, cert SSL generated with openssl. i generated the CSR for my site with openssl, and got the server cert from verisign. fwiw, the Issuer line from the cert: Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Interna tional Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD .(c)97 VeriSign do i need to include the verisign intermediate cert with this? (http://www.verisign.com/support/install/intermediate.html) i'm not sure, but i'm assuming i do. then i performed the next step import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL: $ openssl pkcs12 -inkey server.key -in server.crt -certfile \ intermediateCA.crt -export -out certs.p12 i do notice tomcat docs say include the -chain. when i appended -chain to the above openssl command, i got the error Error unable to get local issuer certificate getting chain. so i chose to go without it and try the subsequently generated certs.p12 file. (could lacking -chain be my problem?) next i put certs.p12 in tomcat's homedir. here is the relavent server.xml snippet: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false keystoreFile=/home/tomcat/certs.p12 keystoreType=PKCS12 algorithm=IbmX509 sslProtocol=SSL/ when i crank up catalina, i get this error: SEVERE: Error initializing endpoint java.io.IOException: Unable to verify MAC. at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:695) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:278) any helps out there? fwiw, i've seen tips out there on converting the pkcs12 format into JKS. i'm hoping not to go that route. thanks in advance, kallen -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat problems with SSL / PKCS12
Ok here's the deal with openssl. I'm using OpenSSL 0.9.7d and J2SE 1.4.2_05. Assuming: * server.key - your certificate's private key * server.crt - your certificate * inter.crt - the intermediate CA that signed your certificate * root.crt - the root CA that signed the intermediate CA First, concatenate the CA certs, make sure the intermediate CA goes first: $ cat inter.crt root.crt chain.crt Next, export the pkcs12 file: $ openssl pkcs12 -export -chain -inkey server.key -in server.crt\ -name server -CAfile chain.crt -out server.p12 When prompt for export password, enter something and don't leave it empty. Now, use keytool to verify: $ keytool -list -v -storetype pkcs12 -keystore server.p12 Enter the export password for the keystore password. Then you should see a line like this from the output: Certificate chain length: 3 Then you're done! HTH, Dennis On 9/21/2004 4:37 PM, Dennis Dai wrote: Hi Kallen, I was able to export a p12 cert with complete chain half a year ago, but I couldn't reproduce it now. However, I found this: http://sense.bigbrother.net/archives/0275.html Maybe you can try it out while I continue playing with openssl ... Dennis On 9/21/2004 3:29 PM, [EMAIL PROTECTED] wrote: hi. i'm having difficulty getting tomcat to work with SSL. i'm hoping to succeed with this, and not end up using apache+SSL in front of tomcat, tho i can. also, i have done much googling, and have tried many of the suggestions, to no avail. i'll limit my problem description to my attempts with using pkcs12, not JKS. the players: linux, tomcat-5.0.27, IBMJava2-141, cert SSL generated with openssl. i generated the CSR for my site with openssl, and got the server cert from verisign. fwiw, the Issuer line from the cert: Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Interna tional Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD .(c)97 VeriSign do i need to include the verisign intermediate cert with this? (http://www.verisign.com/support/install/intermediate.html) i'm not sure, but i'm assuming i do. then i performed the next step import an existing certificate signed by your own CA into a PKCS12 keystore using OpenSSL: $ openssl pkcs12 -inkey server.key -in server.crt -certfile \ intermediateCA.crt -export -out certs.p12 i do notice tomcat docs say include the -chain. when i appended -chain to the above openssl command, i got the error Error unable to get local issuer certificate getting chain. so i chose to go without it and try the subsequently generated certs.p12 file. (could lacking -chain be my problem?) next i put certs.p12 in tomcat's homedir. here is the relavent server.xml snippet: Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false keystoreFile=/home/tomcat/certs.p12 keystoreType=PKCS12 algorithm=IbmX509 sslProtocol=SSL/ when i crank up catalina, i get this error: SEVERE: Error initializing endpoint java.io.IOException: Unable to verify MAC. at com.ibm.crypto.provider.PKCS12KeyStore.engineLoad(Unknown Source) at java.security.KeyStore.load(KeyStore.java:695) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:278) any helps out there? fwiw, i've seen tips out there on converting the pkcs12 format into JKS. i'm hoping not to go that route. thanks in advance, kallen -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Digested passwords
On 9/21/2004 5:13 PM, Ben wrote: Is there a way to add salt to the digested password in Tomcat JDBC Realm for authentication? What I did was extend the JDBCRealm and override the authenticate() method (basically just copy over the original one) and change validated to use a java implementation of FreeBSD's md5crypt(). A java implementation of md5crypt() can be found at: http://tools.arlut.utexas.edu/cvsweb/cvsweb.cgi/ganymede/src/md5/MD5Crypt.java?rev=1.12content-type=text/x-cvsweb-markup -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat problems with SSL / PKCS12
On 9/21/2004 6:41 PM, [EMAIL PROTECTED] wrote: On Tue, 21 Sep 2004, Dennis Dai wrote: Ok here's the deal with openssl. I'm using OpenSSL 0.9.7d and J2SE 1.4.2_05. Assuming: * server.key - your certificate's private key * server.crt - your certificate * inter.crt - the intermediate CA that signed your certificate * root.crt - the root CA that signed the intermediate CA where do i get this root.crt? fwiw, i'll show openssl x509 -text output below. if we are on the right track wrt making the correct cert chain, i wonder if i've got the right pieces to create it. info from the server.crt which i received from verisign after providing them with the CSR: Serial Number: 47:19:49:03:05:01:c4:fd:79:06:69:a9:be:d9:22:2d Signature Algorithm: sha1WithRSAEncryption Issuer: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD .(c)97 VeriSign [snip] Subject: C=US, ST=California, L=Brisbane, O=Shopping.com, OU=Terms of use at www.verisign.com/rpa (c)00, CN=blahdeeblah.shopping.com info from the intermediate cert i obtained from http://www.verisign.com/support/install/intermediate.html: Serial Number: 25:4b:8a:85:38:42:cc:e3:58:f8:c5:dd:ae:22:6e:a4 Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority [snip] Subject: O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign International Server CA - Class 3, OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign if i had the cert that signed this intermediate cert, would i have the right pieces to create the right chain? You should be able to export it from your browser ... it's built into major browsers' root CA store I'm sure. Once you export the root cert, you can just use it as root.crt in my example. And yes, you got the right piece. If you look at the issuer of your certificate, it's the same as the subject of the intermediate one you got from verisign. Now you only need the one that signed this intermediate one, which can be found and exported from major browsers. Regards, -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat vs BEA Weblogic?
On 9/20/2004 3:00 PM, Chuck Carson wrote: As far as JBoss goes, I heard a nasty rumor that JBoss might not be around much longer. Well, you do know that there're tomcat developers that work for JBoss on this list, right? ;-) -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat vs BEA Weblogic?
That's Geronimo - another Apache project. On 9/20/2004 5:03 PM, John Najarian wrote: JBoss is having trouble becuase there is another freeware/shareware application server from part or all of the original developer group that developed JBoss. I wish I could recll the name I want to say genuity but I'm not sure. As far as JBoss going away I don't know -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Monday, September 20, 2004 4:00 PM To: 'Tomcat Users List' Subject: RE: Tomcat vs BEA Weblogic? Mwah-h! I would **love** to know your source on that. Hani S. doesn't count As far as JBoss goes, I heard a nasty rumor that JBoss might not be around much longer. -rhugga -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: A little offbeat question
Yes. The current directory is not automatically included in the
CLASSPATH if you don't explicitly add it.
On 9/16/2004 1:02 AM, John Najarian wrote:
Thanks, the '-cp .' did it. Something is definitely hosed up.
I haven't installed anything so I'm thinking it may be a virus
although I have scanned my PC with newest definitions.
I'm still going to look at the CLASSPATH env var. Maybe I should
add '.' to the CLASSPATH variable.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 12:40 AM
To: Tomcat Users List
Subject: Re: RE: A little offbeat question
But the exception says NoClassDefFoundError: HelloWorld/class. So
where does the /class come from?? In any case don't bother with
classpath environment, but (with the class in your current directory)
simply run 'java -cp . HelloWorld'. Would really surprise me if it
didn't work.
John Najarian [EMAIL PROTECTED] schrieb am 16.09.2004,
09:32:18:
That's what I did. When I was first learning Java that 1 bit me.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Thursday, September 16, 2004 12:24 AM
To: Tomcat Users List
Subject: Re: A little offbeat question
Try running 'java ... HelloWorld' instead of 'java ... HelloWorld.class'
:-)
Regards,
Martin
John Najarian schrieb am 16.09.2004,
09:00:52:
I tried to run a program I thought would but it doesn't.
This is on a windows XP platform.
Everything compiled well but I get this error:
Exception in thread main java.lang.NoClassDefFoundError:
HelloWorld/class
So I went back and tried a no brainer 'HelloWorld' This is the code.
/**
* The HelloWorld class implements an application that
* displays Hello World! to the standard output.
*/
public class HelloWorld {
public static void main(String[] args) {
// Display Hello World!
System.out.println(Hello World!);
}
}
It compiles but I get the same error.
I check my environment variables and mine are
JAVA_HOME c:\j2sdk1.4.2_03
PATH
C:\Perl\bin\;C:\j2sdk1.4.2_03\bin\;C:\j2sdkee1.3.1\bin\;%SystemRoot%\system3
2;%SystemRoot%;%SystemRoot%\system32\WBEM
Any ideas?
Thanks in advance
--
Martin Schaefer
NAXOS Software Solutions GmbH i.G.
Herrenstr. 1
69502 Hemsbach
Germany
Phone:+49 (0) 6201 49298-2
Mobile: +49 (0) 172 6269246
Fax: +49 (0) 6201 49298-1
Mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Dennis Dai
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL certs
On 9/15/2004 6:04 AM, SH Solutions wrote: I want to install SSL to my tomcat server. I do have a signed ceritificate as .key, .csr and .crt files. How do I get tomcat to use these? I'd assume those files are in PEM format. Then you can use openssl to convert the .key and .crt files to PKCS12 format (usually .p12 or .pfx), which is the other keystore format java recognizes besides its proprietary JKS format. But, there's a catch. If your cert is not signed by a root CA but by an intermediate CA, you'll need to include the whole certification chain as well in the converted keystore. Not only that, you will need to give each of the certificate a name (alias in keytool's term) when doing the conversion and they need to be in a particular order (from bottom - your cert - to top, IIRC), otherwise, the chain wouldn't be recognized by java. So, as long as you can see the chain from 'keytool -list' command, you're set. HTH, -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: error: duplicate local variable
On 9/12/2004 6:28 AM, SH Solutions wrote: Hi You already had declared another List named values just a few lines above, as shown in the edited version below: Though it should work, since the second values is in another scope. It's not in another scope, but in a nested scope, which is not allowed to have duplicate variables with the enclosing scope. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: error: duplicate local variable
On 9/12/2004 9:38 AM, Sjoerd van Leent wrote: SH Solutions wrote: Hi You already had declared another List named values just a few lines above, as shown in the edited version below: Though it should work, since the second values is in another scope. Regards, Steffen It is correct behaviour to display a warning, since your first values variable can't be used in the nested block. As such it is not an error, and thus can be shut down in eclipse (and javac/jikes/JDT or whatever compiler you are using). From A Programmer's Guide to Java Certification (I used it mainly for reference) 1st edition page 114: A local variable, already declared in an enclosing block and therefore visible in a nested block, cannot be redeclared in the nested block. So, eclipse's behavior is correct. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat will not run JSPs
You need to set %JAVA_HOME% to the installation directory of JDK, Not JRE. The JDK is installed in C:\j2sdk1.4.2_05 by default. I agree with Fredrik that you need to do some more home work by yourself since this is fairly basic stuff. On 8/26/2004 6:01 PM, Nelson, Jerry W, Contractor 146CF, SCB wrote: OK, I got the instructions and the homes are set as follows: L:\echo %JAVA_HOME% C:\Program Files\Java\j2re1.4.2_05\bin\client L:\ECHO %CATALINA_HOME% D:\Program Files\Apache Software Foundation\Tomcat 5.0 Tomcat STILL can't find javac!!! What's next //SIGNED// Jerry Nelson -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 5:41 PM To: Tomcat Users List Subject: RE: Tomcat will not run JSPs Go to google: Search for setting java_home click the first link in the result link. Follow step-by-step instructions. Once you get passed the step of setting the paths you'll no doubt encounter tons of problems and questions. Make sure to read the basic tutorials and search the archive for the same questions. If you can't find the answer after looking in those two places please feel free to post your questions. Let's keep this list somewhat relevant shall we. Fredrik -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat will not run JSPs
Of course it will not work! First, I believe the environment variables need to be CAPITALIZED, as in %JAVA_HOME% and %CATALINA_HOME%. Second, your %CATALINA_HOME% is pointing to the wrong place. It should be the root of tomcat installation (ie., D:\Program Files\Apache Software Foundation\Tomcat 5.0), not webapps\ROOT. On 8/26/2004 8:44 PM, Nelson, Jerry W, Contractor 146CF, SCB wrote: That didn't work either and I have been researching this for a week, some days as many as 10 hours. I've probably spent an entire work week on this problem and I am getting really frustrated. Here are my current envirnment settings: L:\echo %java_home% C:\j2sdk1.4.2_05 L:\echo %catalina_home% D:\Program Files\Apache Software Foundation\Tomcat 5.0\webapps\ROOT It STILL doesn't work! //SIGNED// Jerry Nelson -Original Message- From: Dennis Dai [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 6:17 PM To: Tomcat Users List Subject: Re: Tomcat will not run JSPs You need to set %JAVA_HOME% to the installation directory of JDK, Not JRE. The JDK is installed in C:\j2sdk1.4.2_05 by default. I agree with Fredrik that you need to do some more home work by yourself since this is fairly basic stuff. On 8/26/2004 6:01 PM, Nelson, Jerry W, Contractor 146CF, SCB wrote: OK, I got the instructions and the homes are set as follows: L:\echo %JAVA_HOME% C:\Program Files\Java\j2re1.4.2_05\bin\client L:\ECHO %CATALINA_HOME% D:\Program Files\Apache Software Foundation\Tomcat 5.0 Tomcat STILL can't find javac!!! What's next //SIGNED// Jerry Nelson -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Thursday, August 26, 2004 5:41 PM To: Tomcat Users List Subject: RE: Tomcat will not run JSPs Go to google: Search for setting java_home click the first link in the result link. Follow step-by-step instructions. Once you get passed the step of setting the paths you'll no doubt encounter tons of problems and questions. Make sure to read the basic tutorials and search the archive for the same questions. If you can't find the answer after looking in those two places please feel free to post your questions. Let's keep this list somewhat relevant shall we. Fredrik -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom authorization
Thank you QM! I was about to write a similar thing myself. On 8/24/2004 7:50 AM, QM wrote: On Tue, Aug 24, 2004 at 11:47:45AM +0200, Patrick Herber wrote: : I need to implement a custom authorization for a web application, where the : access to the different resources is defined inside a database table with : some sort of rules, also using regular expressions. : : I would like to know if the only method to do this is programmatically, : implementing - for example - a SecurityFilter Just a chance: did you Google the term SecurityFilter? I ask because there's a product of that same name that, IIRC, does what you need. I see it mentioned a lot on the Struts list. -QM -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to put Listener Realm instead of server.xml?
On 8/23/2004 9:22 AM, Wendy Smoak wrote: We're going to try out a third-party report generation tool, and the installation instructions involve replacing server.xml. They assume they will be the only webapp running, which is not the case here. Can I put their changes somewhere else? They need: Listener className=... descriptors=... debug=0/ and also Realm className=... debug=99 / I don't really want to edit my server.xml, since I don't need to for any of my own webapps. But I'm not sure if these tags can go in web.xml, or if not, I seem to remember maybe putting a file in the 'webapps' directory which will get picked up. Can someone enlighten me or point me in the right direction? Thanks! I believe Listener ... / should go into web.xml (beware the order), Realm ... / can go into server.xml's Engine, Host or Context section, depending on your needs. If you decided to put it into Context, you can put it into conf/Catalina/localhost/context.xml, thus no need to touch your server.xml ... -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where to put Listener Realm instead of server.xml?
On 8/23/2004 12:16 PM, Shapira, Yoav wrote: I believe Listener ... / should go into web.xml (beware the order), Listener can also be a Tomcat listener which goes in server.xml, as documented in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html. I actually looked through the document before I did the posting, but I guess I didn't look hard enough. :( Thanks for clearing that up! -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Starting Tomcat 5.0.25.
On 8/18/2004 11:03 PM, [EMAIL PROTECTED] wrote: Hi, I am trying to start Tomcat 5.0.25 by running startup.bat through the command prompt. It opens for a flash of a second and then ends. Why is it so? Regards, Ashish A. Oh come on! QM just answered exactly the same question 2 hours ago: On 8/18/2004 9:01 PM, QM wrote: On Wed, Aug 18, 2004 at 10:00:43PM -0400, ohaya wrote: : I'm trying to setup Tomcat 5.0.27 to talk to Apache using mod_proxy on : Win2K server. : When I add the following to server.xml to setup the proxy port: : [snip] : and try to start Tomcat, a DOS window flashes up for a few seconds, then : disappears, i.e., Tomcat doesn't seem to be able to startup. The tomcat fails to start question shows up frequently on the list. 1/ check the logs 2/ change startup.bat to pause at the very end, so you can see what's going on etc. -QM -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Starting Tomcat 5.0.25.
But the same principal applies. Specifically (From QM): 1/ check the logs 2/ change startup.bat to pause at the very end, so you can see what's going on On 8/18/2004 11:26 PM, [EMAIL PROTECTED] wrote: But I am not using mod_proxy on win2k server to talk to apache. -Original Message- From: Dennis Dai [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 11:41 AM To: Tomcat Users List Subject: Re: Starting Tomcat 5.0.25. On 8/18/2004 11:03 PM, [EMAIL PROTECTED] wrote: Hi, I am trying to start Tomcat 5.0.25 by running startup.bat through the command prompt. It opens for a flash of a second and then ends. Why is it so? Regards, Ashish A. Oh come on! QM just answered exactly the same question 2 hours ago: On 8/18/2004 9:01 PM, QM wrote: On Wed, Aug 18, 2004 at 10:00:43PM -0400, ohaya wrote: : I'm trying to setup Tomcat 5.0.27 to talk to Apache using mod_proxy on : Win2K server. : When I add the following to server.xml to setup the proxy port: : [snip] : and try to start Tomcat, a DOS window flashes up for a few seconds, then : disappears, i.e., Tomcat doesn't seem to be able to startup. The tomcat fails to start question shows up frequently on the list. 1/ check the logs 2/ change startup.bat to pause at the very end, so you can see what's going on etc. -QM -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat deploys context.xml as a directory
On 8/18/2004 3:16 PM, QM wrote: On Wed, Aug 18, 2004 at 02:54:37PM -0700, Pugalia, Jai P (JP) wrote: For starters, I've changed the subject of your message to reflect its content. Please post *new* messages to the list unless you're replying to a specific topic. : When I copy this war file into Tomcat webapps directory, Tomcat 5.0 : tries to auto deploy the application. : At this time, it should ideally create webapp-name.xml under : Catalina\Engine\host directory. : : Instead it tries to create a directory with this name. Yes, this is a known bug and there's a fix. I posted your same question a few weeks ago -- search the archives under my name and the term context.xml. I don't have the bugzilla ID on-hand. It's this one: http://nagoya.apache.org/bugzilla/show_bug.cgi?id=29688 Peter Rossbach even had a compiled HostConfig class posted there (near the bottom of the page). -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat deploys context.xml as a directory
It's not in 5.0.27 yet, but will be in the next release. At the meantime, just copy the HostConfig.class (from bugzilla page) to server/classes/org/apache/catalina/startup. On 8/18/2004 4:42 PM, Pugalia, Jai P (JP) wrote: Thanks for providing the information about the bug and the patch. Do we know when this would get included in an official version of Tomcat. The version I am using is Tomcat 5.0.27. Also thanks for updating the subject. JP -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: list admins: unsub user for bounced messages
Well I do get bounce(s) too when I post to the list. Shall we report the bounce to list admin next time it happens? Thanks. On 8/17/2004 6:49 AM, Shapira, Yoav wrote: Hi, I've notified and unsubscribed the user. Note, however, that I wasn't getting these bounces and no one else complained of them, so there might be something on your end or along the way from your mail server to the jakarta one that is causing this issue. Yoav Shapira Millennium Research Informatics -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 17, 2004 9:44 AM To: Tomcat Users List Subject: list admins: unsub user for bounced messages For the list admins: could someone please unsubscribe ryanparr at thejamescompany dot com ? When I post to the list, his provider bounces the message back to me because is mailbox is full. Thanks, -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Server JVM with service startup
On 8/17/2004 9:31 AM, Frank Zammetti wrote: Hello all. I have a Tomcat 5.0.18 instance that runs as a Windows service. I have been unable to figure out how to start it with the server JVM (heck, it could be starting that way now, but I didn't do anything to tell it to do so). I've checked through numerous docs and books, all of them give some info (just a little bit!) about using that JVM when starting it from the command line, but I've found nothing addressing how to do so when it's a service. Anyone point me in the right direction? Thanks! Either run '%CATALINA_HOME%\bin\tomcat5w.exe //ES//Tomcat5' and modify the java option there, or modify %JAVA_HOME%\jre\lib\i386\jvm.cfg and move '-server KNOWN' to the top. Note that the latter will apply to any java invocation, which may or may not be desired. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Alternative causes of msg 404 resource not avaialble?
Have you tried reloading the context or restarting tomcat on your department test server? On 8/17/2004 2:04 PM, Jeffrey Barnett wrote: PPS: The rest of the webapp runs normally. Jeffrey Barnett wrote: PS: Server is 4.1.12 Jeffrey Barnett wrote: I recently added a servlet to an existing webapp in WEB-INF/classes. and added the corresponding servlet and servlet-mapping tags to web.xml. When I try it out on my desktop server it works fine, but when I redeploy to the department test server I get 404 error. Is there some other configuration/deployment step I am missing? -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Wildcard subdomains
On 8/8/2004 12:03 PM, Henrik Gammelmark wrote: Is there any way I can catch all subdomains belonging to a domain-name within one Host tag? Host bla..bla... Alias*.domain2.com/Alias/Host The above illustrates what I wish to do, but it seems tomcat handles the asterisk literally instead of a wildcard. Using Tomcat 5 hooked up to Apache2 using mod-jk2. Any help is appreciated. Thanks. This was discussed a few weeks ago: http://marc.theaimsgroup.com/?t=10899224532r=1w=2 -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Letting apache handle 404s
On 8/8/2004 12:08 PM, Henrik Gammelmark wrote: My primary httpd is Apache2 but i connect to Tomcat5 using the mod-jk2 connector. The problem is, that it seems that tomcat handles too much of apache's job. For instance if I enter a URL ending in .jsp I see a tomcat 404 instead of an apache 404 - presumably because apache naivly passes all .jsp requests on. But can I make tomcat politely inform apache about the 404 and let apache take actions instead? Tomcat can have customized error pages too. Strangly, if no default files, such as index.jsp og index.php is present in the directory, tomcat - not apache - presents a folder listing. This is an FAQ item: http://jakarta.apache.org/tomcat/faq/misc.html#listing -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
On 8/7/2004 8:24 AM, ohaya wrote: Hi, I just got Tomcat 5.0.27 installed (with Apache 2.0.50), and am trying to get a simple JDBC JSP working. The JSP is called 'test.jsp'. I have the JDBC-ODBC bridge installed and am going through that. I've been using the bridge driver from standalone Java applications, so I think that is working ok, but even with a really simple JSP, I'm getting an Name jdbc is not bound in this context error. I'm including my server.xml, test.jsp, and the error details below. I was wondering if anyone could tell me what I'm doing wrong? [snipped] and here's my JSP: ... Context ic = new InitialContext(); DataSource ds = (DataSource) ic.lookup(java:comp/env/jdbc/jimnew); I'm not a JNDI expert but you can try this: Context ic = new InitialContext(); Context ctx = (Context) ic.lookup(java:comp/env); DataSource ds = (DataSource) ic.lookup(jdbc/jimnew); -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with SSL configuration
On 8/6/2004 1:05 AM, [EMAIL PROTECTED] wrote: Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true Factory className=org.apache.coyote.tomcat5.CoyoteConnector clientAuth=false sslProtocol=TLS keystorePass = binoy/ ^ ^ Can you get rid of these spaces and try again? /Connector -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realm configuration not working
On 8/5/2004 9:26 AM, Ruth, Brice wrote: Greetings! I've recently decided to take advantage of Tomcat's authentication mechanism, however, it doesn't appear to be working for me. I've configured a Realm in my context (through the admin tool). It is a DataSourceRealm. When I've tested everything, I keep getting pushed out to the error page that I've configured in my login settings. Since I couldn't figure out what was going on when I screwed up the debugging levels, I grabbed the source and started stepping through it in my debugger. Here's where it gets interesting. When FormAuthenticator.java gets the Realm to authenticate against: Realm realm = context.getRealm(); The Realm that is returned is Tomcat's global UserDatabaseRealm - not my DataSourceRealm. At this point, its no wonder that the authentication isn't succeeding!! Why isn't Tomcat using the Realm configured in the context?! This is on Tomcat 5.0.27 under jdk 1.4.2. Any help would be appreciated!! Make sure resource-ref / in web.xml is pointing to the correct resource (ie., the one in the context). -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ajp over ssl
On 8/4/2004 1:37 PM, Michael Jürgens wrote: Ruth, Brice wrote: That's the best idea I can think of, too. With SSH tunnels using public key authentication, you can set it up so that the tunnel is setup from a system script, without user intervention. But what if the tunnel breaks? How can I determine that automaticly? You can try out stunnel (http://www.stunnel.org/). It doesn't require an established connection like ssh tunnel does. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to deploy customized realm, authenticator, etc.?
In my webapp, I have customized realm and authenticator. I was wondering how they can be easily deployed. Since they're internal to tomcat, they'll need to be put into server/lib (or server/classes), thus can't be put in the WAR file, which means the deployment won't be as simple as dropping the WAR file into webapps directory. Sure I can put the jar into server/lib, but those really belong to my webapp (ie. not used anywhere else) and I'd really like it to go with my webapp. Any ideas? Thanks. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to deploy customized realm, authenticator, etc.?
Thanks Yoav. I'd like it to be as simple as dropping a WAR file into webapps directory. But in my case, I'll have to drop something else into either common/lib or server/lib if not using a customized ClassLoader, right? Also, putting them into common/lib didn't seem to work because my customized realm, authenticator use classes from Catalina, which is not available at common ClassLoader level. If I'm going to use customized ClassLoader, how am I going to do it? I mean, if I do it on the Catalina side, that means some customized stuff needs to go into common or server, right? And I'd assume I can't use ClassLoader on the webapp side to load customized realm and authenticator, can I? Sorry I'm not too familiar with ClassLoader stuff ... On 8/2/2004 10:13 AM, Shapira, Yoav wrote: Hola, common/lib is one place, or a customized ClassLoader. Yoav Shapira Millennium Research Informatics -Original Message- From: Dennis Dai [mailto:[EMAIL PROTECTED] Sent: Monday, August 02, 2004 12:46 PM To: Tomcat Users List Subject: How to deploy customized realm, authenticator, etc.? In my webapp, I have customized realm and authenticator. I was wondering how they can be easily deployed. Since they're internal to tomcat, they'll need to be put into server/lib (or server/classes), thus can't be put in the WAR file, which means the deployment won't be as simple as dropping the WAR file into webapps directory. Sure I can put the jar into server/lib, but those really belong to my webapp (ie. not used anywhere else) and I'd really like it to go with my webapp. Any ideas? Thanks. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [tomcat] Re: Understanding tomcat web administration tool.
The HTTP Status 400 - Invalid direct reference to form login page error is because you've stayed in the login page for too long that the session associated with that login has expired. It works something like this in tomcat: When you request a protected resource and you're not authenticated (either first time visit or previous session expired), a new session is created and the request (URL and query string if any) is saved in the session (in the part that internal to tomcat and not visible to webapp I believe). Then you're forwarded to the login page. After you put in your login credentials and the authentication is successful, the saved request is pulled out and you're redirected to the original requested resource. If that session expired and thus the server couldn't find the saved request, you'll get that Invalid direct reference to form login page error. This is part of the servlet spec and while I think it's a very nice idea, it doesn't work well if the request resource rely on some session objects which wouldn't be available with the new session. On 8/1/2004 5:34 AM, Samuel V.Green III wrote: With respect to user username=samuel password=samuel roles=tomcat,role1,manager,admin/ When I attempt a login at the Admin. Tool screen I'm entering UserName : samuel Password :samuel I get the following errors: HTTP Status 400 - Invalid direct reference to form login page And when examining localhost_log.2004-08-01.txt I see these errors: 2004-08-01 04:20:52 StandardHost[localhost]: Error deploying application at context path null java.lang.IllegalStateException: Context path /admin is already in use 2004-08-01 04:20:52 HostConfig[localhost] Error deploying configuration descriptor adminsample.xml java.io.IOException: java.lang.IllegalStateException: Context path /admin is already in use What do you mean by properly configuring jsp support? My jsp-examples page loads and works fine. Thanks, Samuel. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you set cache-control for static (gif, jpg) resources
cache-control for static (gif, jpg) resources Hi, Previously I was calling doChain at the end of my doFilter method. Making the change you suggest, calling doChain at the top like snip / DOES NOT INSERT any of my changes into the response stream. If I do it like this: snip / Then I get two additions in the response stream. Any more ideas? That's a bit strange. Are you wrapping the response or setting these headers elsewhere? Can you print out to the log a listing of all the response headers at the end of your filter? The addHeader method allows for multiple values, but many readers will only see the first. So if something in your code sets the cache-control header, then you call it again, the header will be present twice with two values (which is legal in the HTTP protocol for most headers). As an aside, you can read the enumeration of the init parameters in the filter's init method, store it in some member variable, and that will improve the performance of your filter because you won't have to do it on every request. Yoav Shapira -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Progamatically setting values of FORM elements
Well it's not part of the servlet spec and certainly should not be IMHO. What you can do is to create a bean which sets those parameters from the request, and pass it to the resulting JSP page. Then in the JSP page you use getter methods (or EL variables) to populate those parameters. This is usually used when there're errors in the submitted form and I'd assume you're going to use it with the same purpose. Various web application frameworks like struts or webwork/xwork will do this automatically for you. (I'm using webwork/xwork right now and IMHO it's much less complicated and more elegant than struts.) If you're using your home grown framework, you can at least borrow ideas from those other frameworks ... On 7/30/2004 1:13 PM, Luc Foisy wrote: No concept of HTML. But it does have concept of parameters. When you submit a form, the form contents are placed in a parameter. (in ServletRequest) There is no way that I know of to do the reverse, set those parameters on the response and it will apply to the form elements. The browser stores the element values somewhere, just thought it might have been floating around somewhere I could get it. I thought someone would know something I did not. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Friday, July 30, 2004 3:43 PM To: Tomcat Users List Subject: RE: Progamatically setting values of FORM elements Hi, No, the Servlet API has no concept of HTML. Yoav Shapira Millennium Research Informatics -Original Message- From: Luc Foisy [mailto:[EMAIL PROTECTED] Sent: Friday, July 30, 2004 3:41 PM To: Tomcat Users List Subject: RE: Progamatically setting values of FORM elements From the responses, I am guessing there is not a way to do this with only the Servlet API? I am not currently using struts and learning to use them, implementing them at this time, I think would be too much of a headache. I'll have to find an alternate solution that fits into our own framework. Thanks... -Original Message- From: Luc Foisy Sent: Friday, July 30, 2004 1:10 PM To: Tomcat User List (E-mail) Subject: Progamatically setting values of FORM elements Is there any way I can have my java set the values of FORM elements. Rather than storing the values in the java code and generating the complete form element containing that value. Something like adding something to the response that will give that item a value. For my particular need, I want to set a number of checkbox elements on or off. I do have the ability to predict the element names... -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSPC/Jasper2 with no package name - bug???
I don't know what you want to achieve, but my jspc task generates package names with subdirectories (eg. org.apache.jsp.user and org.apache.jsp.admin, in org/apache/jsp/user and org/apache/jsp/admin respectively) ... Also I don't know where you set that package= thing? On 7/30/2004 1:38 PM, [EMAIL PROTECTED] wrote: Do people agree this is a bug?? should I submit a bug report? cheers, David |-+ | | [EMAIL PROTECTED] | | || | | 07/29/2004 05:57 | | | PM | | | Please respond to| | | Tomcat Users| | | List| | || |-+ | | | | To: Tomcat Users List [EMAIL PROTECTED] | | cc: | | Subject: JSPC/Jasper2 with no package name - bug??? | | Hi, I precompile my JSP's. I have the source files under a directory structure as follows: src jsp user admin I am trying to use the JspC with Ant as described at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/jasper-howto.html. However, I want the package name to be the sub-directory ie user, admin etc. for the respective files. I tried leaving off package= at first, but this created them all with a package of org.apache.jsp.user/admin etc.. I then tried just putting package=, but now I get an error with the package name becoming .user, .admin, which is obviously invalid. How do I achieve what I need? Is this a bug? Can anyone point me in the right direction where the package statement is generated when the java files are created? Many thanks, David -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you set cache-control for static (gif, jpg) resources
Keith, This is on one of my development servers. I'm mostly using Mozilla/Firefox, which generate those 304 log entries. For Internet Explorer, it generates those 304s only after I set the temporary Internet files to Every visit to the page which is not the default. It doesn't even make the request for those static contents with the default settings which is Automatically. FYI, I'm using IE6 SP1 on Windows 2000 Pro with security patch. Don't know how other versions of IE behave though. Dennis On 7/30/2004 3:08 PM, Keith Bottner wrote: Dennis, May I ask what client specifically is accessing your server? The client can actually send an If-Modified-Since field with its request and the 304 would be the response if it had not been modified since that specified date/time. Some intermediary caches (proxies) use this as a more efficient method of caching. And depending on what information was returned with the previous get determines what clients may query. Specifically my problem was with Internet Explorer, it which case it does not send an If-Modified-Since it just requests the resource. Still not crystal clear on all of this but, the solution I settled on seems to work. Keith -Original Message- From: Dennis Dai [mailto:[EMAIL PROTECTED] Sent: Friday, July 30, 2004 3:07 PM To: Tomcat Users List Subject: Re: How do you set cache-control for static (gif, jpg) resources I've been reading this thread back and forth for quite a few times :) My observations are tomcat does send response code 304 on static contents (.js, .jpg, .gif, etc.), so I don't know why you said Tomcat always returns Cache-Control: no-cache with every response at the very beginning of this thread. Well I haven't done any request dump to see if that's the case, but I do see lots of 304s in my access log (which, I assume, is not quite possible if it sets Cache-Control to no-cache with every response). Speaking of cache, there was an onJava article about caching with filter, but that's mostly for caching dynamically generated pages, which may or may not be of interests to you guys: http://www.onjava.com/pub/a/onjava/2003/11/19/filters.html?page=3 Regards, Dennis -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JVM memory size changing dramatically
Can't remember where I read it but it's something like this on NT/2k/XP/2k3 family: Windows is using the physical memory as cache to cache the real app image in the swap file. So if your app has been idle for a while, it's very likely to be swap out of the physical memory. This is regardless of how much physical memory you have. Interesting approach but sometimes annoying. On 7/28/2004 9:11 AM, Futchi wrote: Hi all, I am running tomcat 5 on Win2003 server, my single app. has several threads running in the background (threads loading and writing data, detecting URL connections). Tomcat starting-up with 80 up 90 MB memory size as Win2003 shows in the Tasks Manager, it keeps running stable and getting up and down between 80 and 93 MB memory size. After several hours, memory size gets down to 5 MB very fast, and then start goes up to 90 MB also fast. This change happening in about 2-3 minutes only, then it becomes stable again jumping between 80-93 MB memory size. While this happening Tomcat is up and running, also my App. is up and running. I do not have any memory error messages. I doubt it is the GC, Anybody can explain that?!!! My JAVA_OPTS as follows JAVA_OPTS=-server -Xms256m -Xmx768m -XX:NewSize=64m -XX:MaxNewSize=64m -XX:SurvivorRatio=8 -XX:MaxTenuringThreshold=5 -XX:TargetSurvivorRatio=75 -XX:PermSize=32m -XX:MaxPermSize=32m -Xss128k -XX:+DisableExplicitGC -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with form ... action=j_security_check And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Beyond bassic form authentication?
Then I guess you have to use your own authentication or modify the FormAuthentication class ... I believe TSS is using some kind of content management system (CMS), more like a home grown one. Anyways, JBoss ported PostNuke (a CMS written in PHP) to their platform, you might want to check it out ... On 7/27/2004 11:25 AM, Anastasios Angelidis wrote: I want to do exactly like the serverside.com You have alogin form on each unprotected page thata llows you to login So you can hit the news page, the discussion page, patterns etc... without having to login, but each section offer the login form... Dennis Dai wrote: On 7/27/2004 10:34 AM, Anastasios Angelidis wrote: So if I understand you... On my index page which is not protected put a form with form ... action=j_security_check And somewhere at the top of page have something like if(getUserPrincipal()) redirect I guess we can both try it lol... No, that won't work. The login page cannot be explicitly referred to. You can only get to the login page when accessing a protected resource ... unless you modify the FormAuthenticator class. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Dennis Dai [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to make TC print request info when TC recieves request?
There's a request dumper valve that does exactly this. It is commented out in server.xml by default. On 7/10/2004 11:36 PM, [EMAIL PROTECTED] wrote: Howdy , I am developing webapp using TC4.1.27, when debugging my webapp, I am wondering if TC can print requests to the console or writes request info to log file like this: POST / HTTP/1.1 Accept: image/gif, image/x-xbitmap, point, application/vnd.ms-excel, application/msword, */* Accept-Language: ja ... Content-Length: 75 Connection: Keep-Alive Cache-Control: no-cache name=Johnhomepage=http%3A%2F%2Fsome.netpassword=123456myhidField=myValue The real thing I want to do is to let TC echo my request to help me to debug , How can I implement this ? Will filter help? Or which class shall I modify? Best Regards Zerol - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getting Tomcat 5.0 to serve static content
I'm not familiar with JBoss stuff but I think to make a context work, you'll need the WEB-INF dir and the associated web.xml ... On 7/8/2004 10:23 PM, Matthew Hixson wrote: I'm using Tomcat 5.0.26 with JBoss 3.2.4. I'm attempting to upgrade from Tomcat 4.1.something that was included with JBoss 3.2.3. I cannot figure out how to configure a context so that Tomcat will serve files from a specific directory. The directory contains images and should be accessible outside of any specific webapp. The files are stored in /usr/local/watermarks and the URLs to them need to look like http://mymachine.com/watermarks/bar.jpg. Context path=/watermarks docBase=/usr/local/watermarks/ I've read all the docs I could find on the Apache Tomcat site and used Google to find examples and I cannot find anything that tells me how to do this. In the previous version of Tomcat I had put the above Context element into /usr/local/jboss/server/default/deploy/jbossweb-tomcat41.sar/META-INF/ jboss-service.xml. But in Tomcat 5.0 it looks like that has moved to jbossweb-tomcat50.sar/server.xml. When adding the Context element to my server.xml I get a 404 and a description that says: The requested resource (/watermarks/bar.jpg) is not available. Anyone know how I can get this to work? Thanks, -M@ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat works for localhost, but won't work for the local intranet..
RedHat's defualt firewall rules? On 7/9/2004 5:18 PM, Ivan Jouikov wrote: I am running tomcat 5.0.27 on Linux RH 9.0, and I have a little problem. I am using jsvc to launch Tomcat standalone as Tomcat5 user. Everything seems to work fine, when I connect to localhost or 127.0.0.1 from that same computer. However, if I try to connect to Tomcat from my local intranet, I get Page Cannot be Displayed after a long wait. If I try to ping that computer, everything works just fine: ping 192.168.0.33.. If I try to run MySQL client for that computer, everything works fine But if I type in my browser http://192.168.0.33/ I get page not found. Oh yeah, my Tomcat is set up to work standalone, and the only connector that it has is an HTTP connector on port 80. Does anyone know what could be wrong? Best Regards, Ivan V. Jouikov (206) 228-6670 http://www.ablogic.net/ --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.716 / Virus Database: 472 - Release Date: 05.07.2004 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat works for localhost, but won't work for the local intranet..
On 7/9/2004 5:45 PM, Ivan Jouikov wrote: ... I am not that good with iptables, but it seems to me that the line -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT Blocks all ports from 0 to 1023 for TCP/IP... I don't recall putting that there, but is that what it really does? And if it is, how can I make it so that port 80 is available? Just add an ACCEPT line above it: -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT then reload the rule (/etc/init.d/iptables restart). Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 3:46 PM, Fredrik Liden wrote: I followed the instructions on the tomcat SSL Config page. I generated the .keystore file using changeit password. When I go to the test page http://localhost:8443/ I see 5 squares up in the left corner and that's it. Anyone encountered this?? I'm not sure how to proceed. Use https://... instead of http://... I'm using Jdk 1.4.1 so I shouldn't have to download the JSSE files according to the instructions. Anyone please! /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.30 + SSL = Problems
On 7/8/2004 7:39 PM, QM wrote: : Use https://... instead of http://... : : Wow, if only I'd held off a few more minutes on my mail; thanks, this : was my problem as well. Is there a reason there's not a more legible : error? The server expects to complete an SSL-enabled handshake before your HTTP-level request makes it to Tomcat proper. Since you don't issue the GET/POST to Tomcat in this case, it certainly can't generate an HTTP-level error page in response. Sniff the connection and you'll see. The four squares are likely your brower's approximation of the non-ASCII chars it received from the server when attempting a handshake. -QM Don't know how Apache's httpd server handles it - if I send an http request to the https port (eg. http://www.domain.com:443) which has ssl support, it managed to display something like: Bad Request Your browser sent a request that this server could not understand. Reason: You're speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Hint: https://www.domain.com:443/; I wonder if it's possible to hack the coyote connector to have the same behavior ... Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificates and SSL Authentication
On 5/26/2004 4:35 PM, Sander Smith wrote: Thanks for your help but my question wasn't answered. I understand certificate chains - I even created some long ones. My question is about SSL specifically. The way I understand the SSL handshake, the server only sends a certificate to the client - there is no provision to send a certificate chain. I was able to get tomcat to present the whole chain to the client with pkcs12 format keystore (exported from openssl). But if your keystore is in JKS format, you might want to refer to: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html#CertChains Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: converting a certificate for use on Tomcat
I saw your original post but forgot to reply ... You can use keytool to import the certificate using pkcs12 certificate store (add a '-storetype pkcs12' to keytool's arguments), which is supported by tomcat. Also, if your certificate is signed by an intermediate CA (meaning more than 2 certs on the chain), you will have to give each cert an alias name when you export it from openssl, otherwise the keytool won't recognize the chain. This really took me a while to figure out ... HTH, Dennis On 5/25/2004 12:30 PM, Chris Purcell wrote: Thanks for the link Jim, I'm just getting around to this certificate now, I got swamped with some extra work that I had to complete first. I looked at the link you sent, but there is a small problem, I don't know anything about Java:) What do I do with the source code given on the page? Should I copy it into a text file and run it with the java command? The only programming language I'm familiar with is Perl. Thanks, Chris Hi Chris- I had to do this myself a month ago. You can't use Sun's keytool to import private keys into keystores. You'll need to use something else to load the private key and corresponding cert into a keystore which Tomcat can then read. See the program and notes at http://www.comu.de/docs/tomcat_ssl.htm - it will explain how to use openssl to convert an existing private key and cert into a format that can then be loaded (using source code they provide) into a Java JKS keystore. Let me know if you need more details. -Jim Chris Purcell wrote: I have an Apache server with an SSL certificate installed from a CA. Its just a plain text certificate that looks like this.. -BEGIN CERTIFICATE- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablba /WeCY0ZzyRYuHhQYIm3R+A== -END CERTIFICATE- I want to move this certificate to a new server that only runs Tomcat in standalone mode. I tried to convert it like this (below) but am getting an error... [EMAIL PROTECTED] cert# openssl pkcs12 -export -inkey host-privkey.pem -in server.cert -out host.foo.org.pfx [EMAIL PROTECTED] cert# /usr/java/bin/keytool -import -file host.foo.org.pfx Enter keystore password: changeit keytool error: java.lang.Exception: Input not an X.509 certificate Am I doing something wrong here? Thanks, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: converting a certificate for use on Tomcat
Sorry I was wrong (it's been a while ...). You don't really need to import the pkcs12 format certificate into a keystore, the .pfx you generated earlier *is* the keystore in pkcs12 format. Now you only need to configure tomcat to recognize the keystore. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html for details. Specifically, you will need to add keystoreType=PKCS12 attribute in your SSL Connector among a whole bunch of others. On 5/25/2004 1:21 PM, Chris Purcell wrote: I want to make sure we're on the same page here. I have a certificate that looks like this... -BEGIN CERTIFICATE- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablabla /WeCY0ZzyRYuHhQYIm3R+A== -END CERTIFICATE- I copied it to a plain text file called domain.cert and then ran this command and received this below error... [EMAIL PROTECTED] root# /usr/java/bin/keytool -import -file domain.cert -storetype pkcs12 keytool error: java.io.IOException: DerInputStream.getLength(): lengthTag=109, too big. Am I doing this right? Thanks, Chris I saw your original post but forgot to reply ... You can use keytool to import the certificate using pkcs12 certificate store (add a '-storetype pkcs12' to keytool's arguments), which is supported by tomcat. Also, if your certificate is signed by an intermediate CA (meaning more than 2 certs on the chain), you will have to give each cert an alias name when you export it from openssl, otherwise the keytool won't recognize the chain. This really took me a while to figure out ... HTH, Dennis On 5/25/2004 12:30 PM, Chris Purcell wrote: Thanks for the link Jim, I'm just getting around to this certificate now, I got swamped with some extra work that I had to complete first. I looked at the link you sent, but there is a small problem, I don't know anything about Java:) What do I do with the source code given on the page? Should I copy it into a text file and run it with the java command? The only programming language I'm familiar with is Perl. Thanks, Chris Hi Chris- I had to do this myself a month ago. You can't use Sun's keytool to import private keys into keystores. You'll need to use something else to load the private key and corresponding cert into a keystore which Tomcat can then read. See the program and notes at http://www.comu.de/docs/tomcat_ssl.htm - it will explain how to use openssl to convert an existing private key and cert into a format that can then be loaded (using source code they provide) into a Java JKS keystore. Let me know if you need more details. -Jim Chris Purcell wrote: I have an Apache server with an SSL certificate installed from a CA. Its just a plain text certificate that looks like this.. -BEGIN CERTIFICATE- MIID/DCCAuSgAwIBAgIEAIXW1jANBgkqhkiG9w0BAQQFADCBozELMAkGA1UEBhMC blablablba /WeCY0ZzyRYuHhQYIm3R+A== -END CERTIFICATE- I want to move this certificate to a new server that only runs Tomcat in standalone mode. I tried to convert it like this (below) but am getting an error... [EMAIL PROTECTED] cert# openssl pkcs12 -export -inkey host-privkey.pem -in server.cert -out host.foo.org.pfx [EMAIL PROTECTED] cert# /usr/java/bin/keytool -import -file host.foo.org.pfx Enter keystore password: changeit keytool error: java.lang.Exception: Input not an X.509 certificate Am I doing something wrong here? Thanks, Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Passing init parameters to event listener
Thanks a lot Yoav. I actually meant ServletContext init parameters (found that out after pressing the send button) ... :p So you mean I should also implement ServletContextListener in my (session event) listener so I can get the ServletContext (thus the init parameters) when context initialized, right? Hmm, actually I think that's pretty good way to get init parameters for other event listener(s) ... Thanks again, Dennis On 5/7/2004 5:55 AM, Shapira, Yoav wrote: Hi, Use ServletContext init parameters (as opposed to attributes). Those are bound for your contextInitialized event and anything after it. Yoav Shapira Millennium Research Informatics -Original Message- From: Dennis Dai [mailto:[EMAIL PROTECTED] Sent: Friday, May 07, 2004 4:13 AM To: Tomcat Users List Subject: Passing init parameters to event listener Hi all, I'd like to pass init parameters to event listener (in my case, it's session listener) instead of hard coding those parameters. But event listeners do not support init parameters like filters do. I know that I can get SetvletContext from events (thus getting the ServletContext attributes for the context), but that'll be at time when event happens, not listener init time. Any better way? Thanks, Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Passing init parameters to event listener
Hi all, I'd like to pass init parameters to event listener (in my case, it's session listener) instead of hard coding those parameters. But event listeners do not support init parameters like filters do. I know that I can get SetvletContext from events (thus getting the ServletContext attributes for the context), but that'll be at time when event happens, not listener init time. Any better way? Thanks, Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it Tomcat problem or my problem?
Uma, How did you manage the session? Are you using container managed security? From your description, it seems that you manage sessions yourself. If that's the case, make sure you create a new session at login and invalidate session at logout ... Dennis On 4/22/2004 7:16 AM, [EMAIL PROTECTED] wrote: Also try one more thing, on the first access do not use the URL of the login, instead use the URL of the homepage and let it redirect you to the login. The Login page is itself the Homepage of the site. I tried to print the session ID and to find out if the session is new by these statements System.out.println(session ID +session.getId()); System.out.println(session isNew +session.isNew()); For the first time when I entered betform.jsp it gave me session ID BC45E3915B4AC4E188E7E84D1AEC4E15 session isNew false When I clicked on other links in the same betform.jsp, then it gave me this info session ID 9D0D8E423E875D6ED1D79770B2CB48CC session isNew false and I was logged out. I logged in again and seen the output. Its session ID 9D0D8E423E875D6ED1D79770B2CB48CC session isNew false and when I clicked on other links in the same page it gave me the same session ID. session ID 9D0D8E423E875D6ED1D79770B2CB48CC session isNew false I am really getting frustated with this Tomcat. Any help would be great. Thank you, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is it Tomcat problem or my problem?
On 4/24/2004 12:02 AM, [EMAIL PROTECTED] wrote: What if the client has disabled cookies? You'll need to use response.encodeURL(someURL) to rewrite the URL, so that JSESSIONID is appended with each link. Dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
