Re: Servlet running twice at the same moment.
Are you using IE browser ? I have experienced exactly the same if I use IE - NS is doing fine :-) Robin Lee [EMAIL PROTECTED] on 02.01.2002 20:00:57 Please respond to Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Servlet running twice at the same moment. Hello, I don't know why this is happening, but... It seems like whenever I run a single servlet, there are times it will run twice. As in, this... I have a login page. The user logs in. In my out log, it will show me that I have logged in twice... But in other instances, it'll show me that I have logged in once. Although this isn't a big deal, this does concern me. I have another servlet that creates a text file, but this text file will sometimes have the same information TWICE. I am running Tomcat 4.0.1, with jdk 1.31_01, running on Windows 2000. I also run the same instance on a Windows NT 4 server. Same in both places. The problem started about two weeks ago. I have no clue where to look or start. Thanks to anyone who might be able to help ... ...Robin -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat3.3 on Solaris8
Hi there, I am still having a problem where my tomcat installation is slowly getting inresponsive ... the number of threads is slightly getting higher and the response time gets longer and longer untill it stops responding compleatly. Has anybody else have some similar experiences with Tomcat3.3 on Solaris8 (WinNT4 gives no problems !!!) Recently I have read about some bugs that JDK1.3.1_01 has on the Solaris8 platforrm and by upgrading to the JDK1.3.1_02 the whole stability of the Tomcat and performance of my Servlet applications became much better. Is there some good reading which could help me find out what needs to be tuned up?! Regards, Drasko -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat 3.3 ThreadPool throws IllegalStateException
Hi there, I am having a problem with the Tomcat 3.3 running on Solaris 8. The Tomcat is breaking up with the following message: Stop reaper ThreadPool: Caught exception executing org.apache.tomcat.util.net.TcpWorkerThread@9dfb6, terminating thread java.lang.IllegalStateException at org.apache.tomcat.util.threads.ThreadPool.runIt(Unknown Source) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(Unknown Source) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Unknown Source) at java.lang.Thread.run(Thread.java:484) What could be the posible cause for this behaviour ? How could I monitor the status of the ThreadPool ? Thanks for your help Drasko -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Security Question
Hi there, I have read the Existing Risks and Problems (Chapter 8 in the internal document of the TC-3.3) and spotted that there is a potentional security risk in using Tomcat as a platform for the Application Gateway to an enterprise business support system. One of very important subprojects I still need to solve is providing a secure environment and currently we are constructing a sort of Checking Engine that basically test every parameter against predescribed conditions and reject all invalid requests. Has anybody already thought about this or eventually produced some code/concept? I hope some of original contributors will also read this post. I have some development resources allocated to this task, but would prefer if we could join forces with other interested parties as this must be a very important issue. Drasko
Re: Opinions on detecting browser type for WML vs. HTML
Why don't you simple use Cocoon for this purpose? xml.apache.org/cocoon Dr. Evil [EMAIL PROTECTED] on 23.10.2001 11:16:31 Please respond to [EMAIL PROTECTED] To: [EMAIL PROTECTED] cc: Subject: Opinions on detecting browser type for WML vs. HTML I am working on a site where the same URL will be hit by both WML and HTML browsers. Fortunately, with Tomcat, it's very easy to have a controller servlet which takes all incoming requests and decides to forward them to various processors. The problem is, how should I make this servlet decide what to do? It looks to me like basically every ordinary web browser in use includes the string Mozilla somewhere in its browser type header. I believe this includes IE, Netscape, Konqueror, Galeon, Opera and almost all the others. My current thought is to check for the string mozilla. If it's there, you get HTML, and if it's not there, you get WML. Is this a reasonable approach? I like to do things in a way that is browser independent, but in this case I don't see how to do it. There really should be a header sent by the browser listing the MIME types it accepts, perhaps, but there isn't so I don't know any other alternative. Thanks
Re: HOWTO setup SSL
Are you using JDK 1.2? Because, I had that problem too, and it went away when I upgraded to JDK 1.3. Karin --- Johnson Lim [EMAIL PROTECTED] wrote: Hi all, I am trying go get SSL work on my tomcat, I have follow the instruction on Tomcat and SSL, I have get the JSSE install and put it on the classpath, but when I run the keytool -genkey -alias tomcat -keyalg RSA error occurs: C:\Test\confkeytool -genkey -alias tomcat -keyalg RSA Enter keystore password: changeit keytool error: java.security.NoSuchAlgorithmException: RSA KeyPairGenerator not available Please help __ Do You Yahoo!? Yahoo! Auctions - Buy the things you want at great prices! http://auctions.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: RequestIntercepter, Authentication Login Form
Maybe my original post was not clear, hence no reply received :-( Questions: 1.) Is it possible to specify login page on the other servlet context (or other web site)?! 2.) How can I detect in the authorise method if the method is being invoked after submiting username/password on the login page or after requesting any other protected page?! --- Drasko Kokic [EMAIL PROTECTED] wrote: Hi again, I have finished an implementation of the SingleLogin infrastructure protecting the whole heterogene multi site portal using RequestIntercepters and Servlet API 2.2 container based security. There are still two issues I would like to understand better: 1. The URI to the login page is specified relative to the container. Why are we not able to configure this page with an absolute URL so that another host could be used as an authentication site?! 2. The authorise methode of the RequestIntercepter is being invoked for both protected pages as well as after submiting the username and password on the login page. I would need to do two different things depending from where the call comes (eg. check username/password if from login otherwise check cookie). How can I detect in the authorise method if the method is being invoked after submiting username/password on the login page?! TIA Drasko __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Tomcat standalone SSL, import of certificate
Hello, I have installed SSL support for Tomcat3.2.1 on a Windows NT machine, and it works nicely for a dummy certificate generated (according to the Tomcat SSL instructions) with keytool. Now I want to import an openssl-generated certificate (from thawte) which we use already for SSL support of the Apache Web Server. But the keytool -import command (again from the instructions) gives me 'keytool error: Java.lang.Exception: Input not an X509 certificate' What could be the reason for this, since Apache-SSL uses the X509 format? Thanks, Karin __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
RequestIntercepter, Authentication Login Form
Hi again, I have finished an implementation of the SingleLogin infrastructure protecting the whole heterogene multi site portal using RequestIntercepters and Servlet API 2.2 container based security. There are still two issues I would like to understand better: 1. The URI to the login page is specified relative to the container. Why are we not able to configure this page with an absolute URL so that another host could be used as an authentication site?! 2. The authorise methode of the RequestIntercepter is being invoked for both protected pages as well as after submiting the username and password on the login page. I would need to do two different things depending from where the call comes (eg. check username/password if from login otherwise check cookie). How can I detect in the authorise methode if the methode is being invoked after submiting username/password on the login page?! TIA Drasko __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
[T3.2.1] differences between different Request classes
Hi there, I am trying to implement our SingleLogin architecture using the Servlet API 2.2 recomendations. I would like to know why org.apache.tomcat.core.Request is not implementing methods from javax.servlet.http.Request? The error message is: [javac] D:\Apache-Group\src\jakarta-tomcat-3.2.1-src\src\share\org\apache\tomcat\request\CookieRealm.java:125: Method getCookies() not found in interface org.apache.tomcat.core.Request. [javac] Cookie cookies[] = request.getCookies(); and only work around is to use getCookie(i) method ?!?! TIA Drasko __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Portal Authentication via Servlet Security
Craig, this looks really great (still having some minor problems using JDBCRealm instead of the SimpleRealm on the security example) I was wondering if somebody (you?) have already come across the following requirement: We have already implemented portal protection (multiple sites within same domain) using encripted cookies. The central Authentication Servlet is checking and also actualising the cookie credentals. A simple JSP code fragment is being included on each protected page so that request cannot be made directly. Reading about the Servlet API 2.3 I have noticed something called "filters" which looks very much like what we are doing now (except that the URI's don't need to look like /AuthServlet?page=/some/where/something.jsp anymore) Would it be possible in current Tomcat 3.2 to protect context with a Realm which would check on cookie and pass on to the protected logic the proprietary cookie data values? Thanks in advance Drasko --- "Craig R. McClanahan" [EMAIL PROTECTED] wrote: Jim Urban wrote: I am running Tomcat with Apache on NT. I have a servlet context which contains three servlets and their supporting classes. All the .class files have been "jared" and the .jar file placed in the web-inf/lib directory. I have set up my web.xml file to find the servlets an pass them init params just fine. I now need to limit access to the servlets to different groups of users. How do I set this up? Can someone please send me a sample of "security-constraint" section (is this where it gets done?) of a web.xml file? The "examples" web application that comes with Tomcat has a security-constraint set up on the path http://localhost:8080/examples/jsp/security/protected which will trigger form-based login. See "$TOMCAT_HOME/webapps/examples/WEB-INF/web.xml". The requirements (and another example) are found in the Servlet Specification, version 2.2, at http://java.sun.com/products/servlet/download.html. For Tomcat, the default location for information describing users, passwords, and roles is in a text file named $TOMCAT_HOME/conf/tomcat-users.xml. It is also possible to configure Tomcat to use a database for username lookups (using the JDBCRealm class), or to write your own custom Realm implementation to look anywhere else. NOTE: If you are running Tomcat behind Apache in the usual fashion (i.e. having Apache serve static resources), *only* the dynamic requests that are actually forwarded to Tomcat will be protected by these constraints. Jim Urban Craig McClanahan __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: What is JDBCRealm?
JDBCRealm is just an implementation of the Servlet Security Realm using the JDBC interface to check user passwords and roles. HTH Drasko --- kamesh jayachandran [EMAIL PROTECTED] wrote: I am having Postgresql db and using tomcat 3.2.1.I am accessing the DB using JDBC.The JDBC Driver for Postgresql is in my system classpath. Then what this JDBCRealm mean? What is the speciality about JDBCRealm? kamesh jayachandran - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, email: [EMAIL PROTECTED]
Re: [HELP]Tomcat3.2beta4 SecurityManager--Does it really work?
Just out of interest ... why wouldn't you like to upgrade to the Tomcat release version?! --- "Ye, Tao" [EMAIL PROTECTED] wrote: Hi, all, Thanks for reading this far, now don't give up yet... I'm trying to use Tomcat standalone with security turned on (with tomcat.bat run -security), with my servlet in the Webapps/myApp/. I have followed the direction of uguide/tomcat_security.txt that's in the doc of the distribution. I modified conf/server.xml to: 1) add SecurityManager className="java.security.SecurityManager" Permission className="java.lang.RuntimePermission" attribute="stopThread"/ Permission className="java.util.PropertyPermission" attribute="java.version" value="read"/ /SecurityManager 2) uncommented ContextInterceptor className="org.apache.tomcat.context.PolicyInterceptor" / 3) edit myServlet's context to be: Context path="/myApp" docBase="webapps/myApp" debug="0" reloadable="false" trusted="true" Permission className="java.util.PropertyPermission" attribute="*" value="read,write" / Permission className="java.io.FilePermission" attribute="lt;lt;ALL FILESgt;gt;" value="read,write" / /Context I also changed the "webapps/examples" permission to AllPermission. But I get the following error still (I tried AllPermission and same thing happens, so it's not the file permission): java.security.AccessControlException: access denied (java.io.FilePermission I:\tomcat\Webapps\myApp\Web-inf\classes read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkRead(Unknown Source) at java.io.File.isDirectory(Unknown Source) at org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassLoa der.java:465) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) at neverhood.myApp.myServlet.init(MyServlet.java:59) at java.lang.Class.newInstance0(Native Method) at java.lang.Class.newInstance(Unknown Source) at org.apache.tomcat.core.ServletWrapper.loadServlet(ServletWrapper.java:2 68) at org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:289) at org.apache.tomcat.context.LoadOnStartupInterceptor.contextInit(LoadOnSt artupInterceptor.java:130) at org.apache.tomcat.core.ContextManager.initContext(ContextManager.java:4 43) at org.apache.tomcat.core.ContextManager.init(ContextManager.java:403) at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:197) at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:237) cannot load servlet name: myServlet I also tried accessing the examples, same thing: java.security.AccessControlException: access denied (java.io.FilePermission I:\production\tomcat\Webapps\examples\Web-inf\classes read) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkRead(Unknown Source) at java.io.File.isDirectory(Unknown Source) at org.apache.tomcat.loader.AdaptiveClassLoader.loadClass(AdaptiveClassLoader.j ava:465) at java.lang.ClassLoader.loadClass(Unknown Source) at java.lang.ClassLoader.loadClassInternal(Unknown Source) at HelloWorldExample.doGet(HelloWorldExample.java:25) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:387) at org.apache.tomcat.core.Handler.service(Handler.java:263) at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:371) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:74 9) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:695) at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpC onnectionHandler.java:207) at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:403) at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) at java.lang.Thread.run(Unknown Source) Help?? bye, Tao - To unsubscribe, e-mail: [EMAIL PROTECTED] For
Re: Tomcat Cache
--- zys [EMAIL PROTECTED] wrote: I am trying a jsp file, however if I change in the jsp file this modification is not taken by TOMCAT eventhough I shutdown restart it and delete all *.java , *.class TOMCAT has generated for my jsp file. Did anyone faced such problem? regards ZIAD Yeah ... me once, when I've forgotten to save the changes :-) Drasko __ Do You Yahoo!? Yahoo! Shopping - Thousands of Stores. Millions of Products. http://shopping.yahoo.com/
Session handling
Hello again just trying to make sure that I get the most acurate response ... hence the repost :-) I would need to find out if Tomcat 3.1 have any known bugs in session management area. The problem we are facing at the moment is that our application is some times presenting information belonging to other customers that we suspect are concurently using the application. The customer data is being stored on an Oracle 8.1.6 server and the whole system is running on Solaris 2.7. Thanks for your time Drasko __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/
Re: Tomcat Logging
Hi there, I wonder if there is any more information available on this subject. I am looking into configuring the Tomcat 3.1 logger so that the log file DOES NOT get overwritten on restart and also to get some timestamps genereted automatically. What else is available in Tomcat 3.1 ??? TIA Drasko --- Steven Rice [EMAIL PROTECTED] wrote: I need more details on the Tomcat logging, could someone please direct me to a detail doc about the way tomcat handle logging. I couldn't find anything in detail and I don't know java that well. Thanks, Steven Rice __ Do You Yahoo!? Yahoo! Calendar - Get organized for the holidays! http://calendar.yahoo.com/
Re: java.awt package
actually you just helped me as I was trying to find a way to generate some charts on fly ... thanks :-) have you manage to make it work? Drasko --- Leon Palermo [EMAIL PROTECTED] wrote: Drasko, I hava a .jsp which accesses classes on the server that create charts and graphs. They use the java.awt package to create the images in various formats. These classes can display the charts in an applet or encode the graphics to a variety of formats (.jpg, .gif, .emf, .wmf, etc.). Leon Hey Leon, what would you like to do with the java.awt package on the server side?!?!?! Drasko --- Leon Palermo [EMAIL PROTECTED] wrote: Hey everyone, I have some server-side imaging classes that don't seem to find the java.awt package through tomcat. I even manually added the class files from the java.awt package into my webapp's classes folder and I still get a NoClassDefFound error. Is this a 'feature' of tomcat to ignore the java.awt package for speed purposes? Thanks in advance. Leon Palermo Zedak Corporation Valhalla, NY __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/ __ Do You Yahoo!? Yahoo! Messenger - Talk while you surf! It's FREE. http://im.yahoo.com/