Re: filter: How to set browser encoding?
Mark, have a look here: http://javawebparts.sourceforge.net/javadocs/javawebparts/filter/CharacterEncodingFilter.html Just added that to JWP last weekend :) It essentially calls request.setCharacterEncoding() with whatever you configure. (Oops... ignore the description of the encodingScheme parameter... just realized I have a cut-and-paste error in the javadoc. D'oh!). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Wed, October 12, 2005 10:53 am, Mark said: Hi everybody, I've got a request from my client to force an encoding in the browser, regardless what user have set. When I set encoding inside my filter to Windows-1257 in the HTML source code I see only ?s:??? ? ???. Is there any easy way to enforce browser to set proper encoding? May be I need to setContent type after I obtain a writer in the servlet? Note, all outputs are generated by servlets: public void doPost( HttpServletRequest req, HttpServletResponse resp ) throws IOException, ServletException { // do something resp.setContentType(text/html); resp.getWriter().println(output); } In MyFilter.doFilter() I do following: (HttpServletResponse)response).setContentType(text/html;charset=Windows-1257) I use 5.0.28 with Redhat 9. Any input is welcome. Thanks! Mark. __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Form Based Authentication
Although we are working in a Websphere/LDAP environment, we had the same requirement as you, and we managed to solve it. What we did (and I'm going from fairly distant memories, so hopefully I'm at least close to right) is this... user logs on. We have a filter that checks for password expired/reset (both a forced PW change) via flags set in a previous filter (values taken from LDAP) and redirects to the change screen if applicable. This all of course happens only after a successful logon, i.e., user entered valid credentials, including expired password already. We destroy the session before leaving that filter. Password is changed, all without creating a new session along the way. Once it is changed, we redirect back through the logon process as before. We decided that it was *better* to make the user log on again because it proves they remember the password they entered 2 seconds ago :) I suppose if I had to allow that automatic authentication, I would NOT destroy the session and instead just redirect to the first protected resource of the app from the change PW screen. Since the user was let in the first time around, they are really authenticated already. In essence, the filter that catches that forced PW change flag is acting like the container, intercepting all protected requests and redirecting to a change PW screen. If you did it smartly you should be able to grab what resource was requested when the filter fired so as to not have to hardcode where to go to after that forced PW screen is finished. Frank -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Tue, October 11, 2005 12:24 pm, Peter Bright said: -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: 11 October 2005 17:23 To: Tomcat Users List Subject: RE: Form Based Authentication From: Peter Bright [mailto:[EMAIL PROTECTED] Subject: RE: Form Based Authentication It's point (c) that's proving problematic; there's no way to reauthenticate that I can see. What happens if you just invalidate the existing session? The user gets logged out. Exactly - and they then must reauthenticate with the updated password. Isn't that what you want? No, sorry, it was unclear. I want them to be reauthenticat/ed/ with the new credentials /automatically/. Without making them have to reauthenticate /by hand/. *** The information contained in this electronic message may be confidential and/or privileged. Any unauthorized use, dissemination, distribution, or reproduction is strictly prohibited. If you have received this communication in error, please contact the sender by reply email and destroy all copies of the original message. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Fwd: More helpful reporting of exceptions in JSPs
Wow, you are my hero! I've always missed that from the Weblogic days! I for one would love to see this added. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] On Tue, October 11, 2005 1:15 pm, Tim Fennell said: Apologies in advance for cross-posting this, but I sent this email out to the tomcat-dev list a couple of days ago and have received no replies at all... I think this is quite a useful feature, and I'm wondering how best to go about contributing it. Thanks -Tim Fennell http://stripes.mc4j.org Begin forwarded message: From: Tim Fennell [EMAIL PROTECTED] Date: October 9, 2005 5:50:11 PM EDT To: tomcat-dev@jakarta.apache.org Subject: More helpful reporting of exceptions in JSPs Reply-To: Tomcat Developers List tomcat-dev@jakarta.apache.org Hi, I'll apologize in advance if this is the wrong place to post this, or if this has been covered before. I had a good read through the Tomcat docs and faqs, searched the bug database, and googled around on the topic, but could not really find anything. I've been using Tomcat for a while, and in general have found it as good a servlet/JSP container as any I've used. With one exception (no pun intended). A long time ago I started out using WebLogic, and the one thing that I loved about WebLogic, that is missing from Tomcat, is that when an Exception occurred in a JSP it would tell you what line number *in the JSP* generated the exception, and show you a snippet of code around the offending line. For quite a while I'd figured that the way Tomcat was built prevented this from being easy/possible, but I didn't look. Well, I finally got around to looking, and it only took me a couple of hours to implement it. Which makes me wonder if there is some other reason that this isn't done in Tomcat/Jasper? At any rate, I have code that will do this now, and I think it'd be a great productivity boost for anyone else developing JSPs on Tomcat. It amounts to small patches to two files. The first is org.apache.jasper.compiler.Compiler to make it hang on to the parse tree (pageNodes) if in development mode, and a getter to make this accessible. The second is to org.apache.jasper.servlet.JspServletWrapper to do the grunt work of mapping a stack frame from the exception back to the line in the JSP that it came from. It's all coded up to function only when in development mode, and is reasonably well commented. Would any of the committers be interested in taking a look at this if I put together a patch and posted it here? Cheers, -Tim Fennell http://stripes.mc4j.org - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbee question on servlet and html - Really frustated with this problem.
Two questions... (1) Does your servlet implement a doPost() method? Since you are POSTing the form, you need to do that. (2) Is there a typo in your form there? I see: form method=3DPOST action=3DBeerSelect That's not proper... my guess is you want: form method=3DPOST action=3DBeerSelect Frank Developer Developer wrote: does anybody know how to fix this problem. Invocation of servlet prompts a messagebox posing a questions do you want to save this ? instead of executing it and returing the output in the html document. :( On 10/10/05, Developer Developer [EMAIL PROTECTED] wrote: I wrote my first html and servlet and deployed it on tomcat 5.5. The html works okay when I call it from the browser. The servlet too works okay when I call its doget() method by invoking it from the browser. EG:. http://localhost:8080/VBeer/BeerSelect However, when i try to invoke the servlet from an html form I get a message box - (file download security warning) - Do you want to save this file ? It has a funny number suffixed to the my servlet name. Not sure what is happening. Here is my HTML code snippet. body h1 align =3D centerBeer selecton Page /h1 form method=3DPOST action=3DBeerSelect pSelect Beer Characteristics/p Thanks ! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com AIM: fzammetti Yahoo: fzammetti MSN: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Java Web Parts .9 is out
I know there are a number of folks in both the Struts and Tomcat communities using Java Web Parts now, so it might not be all *that* off-topic... v.9 was just released. There is one new piece in the mix that, I think, might be of interest to some... it's called the DependencyFilter. It's billed as a hybrid IoC provider. Hybrid because it doesn't inject dependencies, but it tackles the creation part of it, and I believe it does so in an interesting and flexible way. For all the details, see http://javawebparts.sourceforge.net We now return to your regularly-scheduled topics... Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: switching
Hi, sDriver, as well as all your other variables, are declared locally within the if block. Once out of that block, they no longer exist. So, when the code in conn_products.jsp executes, which would of course happen after that if block, those variables do not exist. Add this right before the if block begins: String sDriver; String sUser; String sPass; String sDSN; ...and of course remove the String type declaration before each variable in the if block, and you should be good to go. Frank [EMAIL PROTECTED] wrote: Could someone point out what's wrong with this setup? I have a laptop, sometimes going offline and don't want to change strings each time I'm online or offline. (And don't want to run any db server on the laptop if I can avoid it.) Error is here: org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: 1 in the jsp file: conn_products.jsp Generated servlet error: sDriver cannot be resolved In setup.jsp, % if(request.getServerName().equals(server.com)) { String sDriver = com.mysql.jdbc.Driver; String sUser = user; String sPass = password; String sDSN = jdbc:mysql://localhost:3306/products; } else if (request.getServerName().equals(localhost)) { String sDriver = sun.jdbc.odbc.JdbcOdbcDriver; String sUser = ; String sPass = ; String sDSN = jdbc:odbc:products; } % In conn_products.jsp, % String MM_products_DRIVER = sDriver ; String MM_products_USERNAME = sUser ; String MM_products_PASSWORD = sPass ; String MM_products_STRING = sDSN ; % And in list.jsp, %include file=setup.jsp% %include file=conn_products.jsp% Jhn __ Switch to Netscape Internet Service. As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register Netscape. Just the Net You Need. New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web and block those annoying pop-ups. Download now at http://channels.netscape.com/ns/search/install.jsp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 10 connection limit with IIS and JK/ISAPI 1.2.14
If memory serves, IIS defaults to a 10 connection maximum. You need to go into the admin console and move the pretty slider over :) Also if memory serves, there is a hard 10 connection limit for the non-server versions, but that doesn't apply here apparently. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, August 24, 2005 4:28 pm, David Boyer said: is is fairly common with non-server version of IIS, but that's by design. I'm using Windows Server 2003 Enterprise. Thanks. - Original Message - From: Jay Burgess [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Wednesday, August 24, 2005 3:19 PM Subject: RE: 10 connection limit with IIS and JK/ISAPI 1.2.14 I don't really have an answer for you, but Google'ing iis 10 connection limit returns a lot of hits. It looks like a fairly common question/issue. Maybe it'll help. Jay | Jay Burgess [Vertical Technology Group] | Essential Technology Links | http://www.vtgroup.com/ -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 24, 2005 3:09 PM To: tomcat-user@jakarta.apache.org Subject: 10 connection limit with IIS and JK/ISAPI 1.2.14 I'm using Tomcat 5.5.9 on Windows Server 2003, JDK 1.5.0_04, IIS 6.0, with the JK 1.2.14 isapi_redirector.dll. I've been trying to track down a problem whereby all of the web apps under our Tomcat instance are seeming to stall. There's no indication of any problems in the Tomcat logs themselves. I suspect IIS is unable to forward requests to Tomcat. I either have to recycle the IIS worker process or restart Tomcat to resolve the problem. Here's what I'm seeing with netstat (port 8008 is my AJP 1.3 port): Z:\netstat -a -n | grep 8008 TCP0.0.0.0:8008 0.0.0.0:0 LISTENING TCP147.92.2.137:2871 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2915 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2944 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2965 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2969 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3019 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3034 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3039 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3041 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3060 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2871 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2915 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2944 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2965 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2969 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3019 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3034 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3039 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3041 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3060 ESTABLISHED Every time the stall has happened, I have noticed that there are always exactly ten connetions between IIS and Tomcat (they're on the same server). Everything works fine until we reach this point. In my JK log, I'm seeing things like this: [Wed Aug 24 14:10:57 2005] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (961): Can't receive the response message from tomcat, network problems or tomcat is down (147.92.2.137:8008), err=-54 [Wed Aug 24 14:10:57 2005] [error] ajp_get_reply::jk_ajp_common.c (1503): Tomcat is down or refused connection. No response has been sent to the client (yet) My workers.properties looks like this: worker.list=ajp13a worker.ajp13a.port=8008 worker.ajp13a.host=www.bvu.edu worker.ajp13a.type=ajp13 cachesize=20 cache_timeout=600 recycle_timeout=300 And here's the AJP connection defininition from my server.xml: Connector port=8008 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=443 debug=5 connectionTimeout=2 protocol=AJP/1.3/ Any idea what might be happening? It sure looks like I'm hitting some kind of 10 connection limit somewhere, but I can't seem to figure out where. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 10 connection limit with IIS and JK/ISAPI 1.2.14
Ok. Sorry, I tried the easy answer, sometimes you get lucky :) Beyond that I'm afraid I can't think of anything off the top of my head. Frank On Wed, August 24, 2005 4:38 pm, David Boyer said: This is our main public web server. We routinely have more than 10 connections. The limit we're hitting seems only to affect the connection between IIS and Tomcat. I don't think IIS 6 has the same slider as IIS 5 did for this. However, I have verified that I have connection limits set to 'unlimited' at both the global and site levels. - Original Message - From: Frank W. Zammetti [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Cc: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, August 24, 2005 3:31 PM Subject: Re: 10 connection limit with IIS and JK/ISAPI 1.2.14 If memory serves, IIS defaults to a 10 connection maximum. You need to go into the admin console and move the pretty slider over :) Also if memory serves, there is a hard 10 connection limit for the non-server versions, but that doesn't apply here apparently. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, August 24, 2005 4:28 pm, David Boyer said: is is fairly common with non-server version of IIS, but that's by design. I'm using Windows Server 2003 Enterprise. Thanks. - Original Message - From: Jay Burgess [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Wednesday, August 24, 2005 3:19 PM Subject: RE: 10 connection limit with IIS and JK/ISAPI 1.2.14 I don't really have an answer for you, but Google'ing iis 10 connection limit returns a lot of hits. It looks like a fairly common question/issue. Maybe it'll help. Jay | Jay Burgess [Vertical Technology Group] | Essential Technology Links | http://www.vtgroup.com/ -Original Message- From: David [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 24, 2005 3:09 PM To: tomcat-user@jakarta.apache.org Subject: 10 connection limit with IIS and JK/ISAPI 1.2.14 I'm using Tomcat 5.5.9 on Windows Server 2003, JDK 1.5.0_04, IIS 6.0, with the JK 1.2.14 isapi_redirector.dll. I've been trying to track down a problem whereby all of the web apps under our Tomcat instance are seeming to stall. There's no indication of any problems in the Tomcat logs themselves. I suspect IIS is unable to forward requests to Tomcat. I either have to recycle the IIS worker process or restart Tomcat to resolve the problem. Here's what I'm seeing with netstat (port 8008 is my AJP 1.3 port): Z:\netstat -a -n | grep 8008 TCP0.0.0.0:8008 0.0.0.0:0 LISTENING TCP147.92.2.137:2871 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2915 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2944 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2965 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:2969 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3019 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3034 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3039 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3041 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:3060 147.92.2.137:8008 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2871 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2915 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2944 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2965 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:2969 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3019 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3034 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3039 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3041 ESTABLISHED TCP147.92.2.137:8008 147.92.2.137:3060 ESTABLISHED Every time the stall has happened, I have noticed that there are always exactly ten connetions between IIS and Tomcat (they're on the same server). Everything works fine until we reach this point. In my JK log, I'm seeing things like this: [Wed Aug 24 14:10:57 2005] [error] ajp_connection_tcp_get_message::jk_ajp_common.c (961): Can't receive the response message from tomcat, network problems or tomcat is down (147.92.2.137:8008), err=-54 [Wed Aug 24 14:10:57 2005] [error] ajp_get_reply::jk_ajp_common.c (1503): Tomcat is down or refused connection. No response has been sent to the client (yet) My workers.properties looks like this: worker.list=ajp13a worker.ajp13a.port=8008 worker.ajp13a.host=www.bvu.edu worker.ajp13a.type=ajp13 cachesize=20 cache_timeout=600 recycle_timeout=300 And here's the AJP connection defininition from my server.xml: Connector port=8008 maxThreads=150
Re: nonhtml download
Hi John, Use a tool like HTTPWatch or similar and see what the actual content you get back is... at least with HTTPWatch, you can save the content, and then simply see if it loads in Acrobat. The target should not make any difference, however, you could simply be seeing a problem with the Acrobat plug-in, which isn't exactly unusual unfortunately. Frank John MccLain wrote: I am able to download a PDF document by response.setContentType( mimeType ); response.setHeader( Content-Disposition, attachment;filename= + fileName ); HOWEVER, This only SEEMS (may be masking another failure) to work when I have a blank target (_blank) window to stream the response into. Why is that? Why can't it simply overwrite the window I am in? How can I determine if this is a problem with my data stream (pdf) or the target window I am streaming into? John McClain Senior Software Engineer TCS Healthcare [EMAIL PROTECTED] (530)886-1700x235 Skepticism is the first step toward truth - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: execute class on start up
You can do it a couple of ways... (1) You could create a startup servlet and load it on startup to call your class. (2) You could use a ContextListener to do the same thing. Both of those require a webapp of course, and it's not obvious that you actually want there to be one. So, you could also: (3) Use a static initializer block in the class. This may not be feasible depending on what you need to happen at startup, but it would execute the class every time Tomcat starts up, as long as its in the classpath, whether its part of a webapp or not. Frank Xavier López wrote: Hello, I have a little problem, and perhaps you can help me! I made a new java class and I just want to execute it every time that the server Tomcat starts. Does anyone know how to do it ? I think thats a configuration problem, but I don't know how to solve it. Thanks in advance! Xavier - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Custom tag runtime expression problem
Hi all, I'm using Tomcat 5.0.29. I've created a custom tag and I need to be able to use runtime expressions for certain attributes. But it isn't working and I'm beating my head on the desk trying to figure out why. Here's my TLD: ?xml version=1.0 encoding=UTF-8? !DOCTYPE taglib PUBLIC -//Sun Microsystems, Inc.//DTD JSP Tag Library 1.1//EN http://java.sun.com/j2ee/dtds/web-jsptaglibrary_1_1.dtd; taglib tlibversion1.2/tlibversion jspversion1.1/jspversion shortnamemytags/shortname uricom/company/taglib/uri tag namebutton/name tagclasscom.company.app.taglib.ButtonTag/tagclass bodycontentempty/bodycontent attribute nameid/name requiredtrue/required rtexprvaluetrue/rtexprvalue /attribute attribute nameonClick/name requiredtrue/required rtexprvaluetrue/rtexprvalue /attribute attribute /tag /tag /taglib Specifically, I'm trying to do this on the page: %@ taglib uri=/WEB-INF/apptags.tld prefix=app % ... % String fName = (String)hm.get(name); % app:button id=btnSelect onClick=selectAll(%=fName%); / Now, the button renders its code just fine, the *ONLY* thing that isn't working is that the emitted HTML includes the string %=fName% instead of it being evaluated. I've verified that the fName string *DOES* get the appropriate value in it. So, as near as I can tell, the taglib code itself, all the setup, etc., is fine, *EXCEPT* for the ability to do runtime expressions like this. What am I missing? Does this need to be turned on in Tomcat or something? I wouldn't think so, but I'm at a loss. Thanks! Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Session lifecycle (UNCLASSIFIED)
The redirect-after-post pattern might solve your problem otherwise. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, August 9, 2005 10:25 am, Arup Vidyerthy said: Samara, If your logout is a 'post' then when the user hits the back button he/she should see a session expired message. Arup -Original Message- From: Samara, Fadi N Mr ACSIM/ASPEX [mailto:[EMAIL PROTECTED] Sent: 09 August 2005 15:03 To: 'Tomcat Users List' Subject: Session lifecycle (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Hey List, I have an application that has login/logout functionality. If a user logs out and then presses the back button, they could go back in the application. Anyone has an idea of what should be done ? Thanks Fadi Classification: UNCLASSIFIED Caveats: NONE ___ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] JSP 1.2 JAR
Hi all... does anyone know where I can grab a copy of the JSP 1.2 spec JAR? I've checked iBiblio, they only have 2.0 in the Maven repository. I also looked in the entire directory tree of my Tomcat 4.1.31 install, which I believe is at that spec level, and I can't find it there (it clearly *must* be there, but it isn't named what I expect I guess). Thanks! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] JSP 1.2 JAR
Ah. That would explain it :) Thanks Jon! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, August 8, 2005 11:22 am, Jon Wingfield said: For Servlet 2.3 containers both the JSP and Servlet APIs are in servlet.jar. It's only later they were split out into servlet-api.jar and jsp-api.jar Frank W. Zammetti wrote: Hi all... does anyone know where I can grab a copy of the JSP 1.2 spec JAR? I've checked iBiblio, they only have 2.0 in the Maven repository. I also looked in the entire directory tree of my Tomcat 4.1.31 install, which I believe is at that spec level, and I can't find it there (it clearly *must* be there, but it isn't named what I expect I guess). Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Session ID's
I second that book recommendation, I think every Java web developer should have in on their desk. At times it can be a little TOO light-hearted, but it never fails to get the pertinent information across in a very understandable way. Probably shouldn't be the ONLY book on ones' desk, but it is very good. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, August 3, 2005 3:18 am, Bernhard Slominski said: Well, nobody likes to go through the specs, an excellent book which covers the session handling very well to is: Head First Servlets and JSP http://www.amazon.com/exec/obidos/tg/detail/-/0596005407/qid=1123053380/sr=8 -1/ref=pd_bbs_sbs_1/103-1556156-2935038?v=glances=booksn=507846 Bernhard -Ursprüngliche Nachricht- Von: Charles P. Killmer [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 2. August 2005 19:08 An: Tomcat Users List Betreff: RE: Session ID's Thanks. I will take a look through this. Charles -Original Message- From: Bernhard Slominski [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 10:33 AM To: 'Tomcat Users List' Subject: AW: Session ID's Some small addition: URL Rewriting is only used when cookies are switched off. From the Servlet Spec: SRV.7.1.3 URL Rewriting URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session ID, to the URL path that is interpreted by the container to associate the request with a session. The session ID must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL containing encoded path information: http://www.myserver.com/catalog/index.html;jsessionid=1234 SRV.7.1.4 Session Integrity Web containers must be able to support the HTTP session while servicing HTTP requests from clients that do not support the use of cookies. To fulfill this requirement, Web containers commonly support the URL rewriting mechanism. Bernhard -Ursprüngliche Nachricht- Von: Charles P. Killmer [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 2. August 2005 17:03 An: Tomcat Users List Betreff: RE: Session ID's I was hoping there was a configuration setting that would tack the session id onto every hyperlink at runtime, much as PHP does. Charles -Original Message- From: Derrick Koes [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 9:20 AM To: Tomcat Users List Subject: RE: Session ID's Use HttpServletResponse.encodeURL(String url) -Original Message- From: Charles P. Killmer [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 02, 2005 10:04 AM To: Tomcat Users List Subject: Session ID's Is there a configuration setting such that every local URL will be encoded with a session id if one is present? I have developed a site that uses cookies to hold the session id and am getting complaints from users that do not have cookies enabled. Thanks Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check sessions
AFAIK, no, there is no way to do it. Here at work we've built a whole security framework that works hand-in-hand with J2EE security, specifically to deal with shortcomings just like this. In our framework, we have a filter who has a couple of functions, and one of them is exactly what you describe. Since j_security_check is nothing but a servlet that a request is redirected to when intercepted, you still have the opportunity to have a filter fire, so you can grab j_username and j_password if you wish and stick them in session (assuming it is created already... you may have set things up to not have a session at that point). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, August 1, 2005 9:04 am, Chris Holden said: Hi, I am using the built in security constraints to password protect some directories in my app. It works fine, but I was wondering when someone uses the login form to get to the passworded directory or page, is it possible to get the username and/or password that the user submits in the j_security_check form? I'd like to be able to set a cookie or session variable with the persons username in after they log in so the next time they come back to the site they see a personalised greeting kind of thing. I've tried printing out all request attributes/parameters, session variables and cookies after and before login but apart from the sessionid there isnt anything set. Does anyone know how to do what I want? Cheers, Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setting application variables
I can even save you some time: http://javawebparts.sourceforge.net There you will find an AppConfigListener that I think will do the trick nicely for you. Frank Josh Howe wrote: I'll look into ContextListeners. Thanks! -Original Message- From: Mufaddal Khumri [mailto:[EMAIL PROTECTED] Sent: Friday, July 29, 2005 4:16 PM To: Tomcat Users List Subject: RE: setting application variables You could have a ContextListener for your web application. You could then read the properties from your property file and put them in the application context so that all your JSP pages have access to them. In order to implement a ContextListener you need to write a class that implements the ServletContextListener interface. You will have to make an entry in your web.xml about the same. Hope this helps, Mufaddal. -Original Message- From: Josh Howe [mailto:[EMAIL PROTECTED] Sent: Friday, July 29, 2005 1:14 PM To: tomcat-user@jakarta.apache.org Subject: setting application variables Hi, I'm very new to Tomcat and JSP. Can anybody tell me how I can initialize some application variables from a file so that they are available to all of the asp pages in my application as soon as it starts? Thanks! -- This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. Consult your physician prior to the use of any medical supplies or product. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Any kind of Request Recorder/Player available?
That's a really interesting question... I don't know of anything that exists, although I'm quite certain something does. :) I can however think it through, and its probably not a huge chore to build... As you mentioned, a filter would probably do the trick nicely... if we assume your app only deals in POSTs and GETs of basic user input (because things like multiparts and such would complicate matters a bit), then it's really just a simple filter that iterates over all parameters and stores them. Just a simple CSV file of name=value pairs would suffice, with each line being a request. Then it should be a simple matter to write a Java app using the standard JDK classes to run through that CSV file and make the requests with the parameters you recorded. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, July 15, 2005 1:28 pm, Will Hartung said: With Apache JMeter, they have a proxy that you can use to record a session with the server, and you can then use that as a basis for load testing and what not. What I'm looking for is something similar, but something that I can ideally place in Tomcat (as a Valve perhaps, or a Servlet filter). Basically, something that records the entire incoming request and then stores it out in a format that can later be played back by another tool. The problem is that we have a server than has a production memory leak, and the profilers are basically worthless in production. But if I can place a logger and record a days traffic, and then replay it against a test server (with all the monitoring etc.), then I can more easily reproduce the problem without heavily impacting performance of the production server. Anyone have any ideas? Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: file access via HttpSession
Shamelss plug: My Java Web Parts project (http://javawebparts.sourceforge.net) will have this capability, hopefully by this weekend, via its AccessControlFilter. It's now probably 50% written and in CVS, but I have to complete the IP-based limiting (I got side-tracked a bit and went off and did some other things... typical!). Frank Ben Souther wrote: You could put the restricted directories under WEB-INF and then use a Front Controller Servlet to forward to or stream the files to the browser. On Tue, 2005-07-12 at 09:27, Clark Slater wrote: Hello- I am running 5.0.19 Is there a way to restrict access to files in a directory based on a value in an HttpSession? For example: Customer c = (Customer) httpSession.getValue(Customer); if (c.getCountryCode().equals(CAN)) their browser could display any HTML file in /webapps/ecat/profiles/canada but not files in /webapps/ecat/profiles/usa Of course, files in either of these directories would not be viewable by the outside world. Thanks! Clark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem when a click a button that it execute a servlet n times
If you are not script-averse, the solution to this that I've always used is to disable the button client-side before submitting the form. It's not a perfect solution though, as there is no way to re-submit if a problem occurs (i.e., if it hangs for a long time... outright server-side errors would still occur as usual of course), but in many situations it's fine. Note that PayPal is one example of a major site that does this. Frank Mitchell Teixeira wrote: I was just reviewing an article which addresses this exact issue! http://java.sun.com/developer/EJTechTips/2003/tt0114.html I hope this helps - it doesn't look simple, but neither is your issue! I think the only situation to your issue is from an application point of view rather than from Tomcat. Cheers - MitchellT --- password password [EMAIL PROTECTED] wrote: Hi, I have a problem with a button in my jsp page. When I click the button then it excutes a servlet. But if i click two or three or n times it executes a servlet n times. How can I do that this button execute only once independent of the number of times that you click the button. Thanks. - Correo Yahoo! Comprueba qué es nuevo, aquí http://correo.yahoo.es - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: servlet mapping and url
Hi, I don't think there is any restriction to mapping a servlet to a welcome page: servlet servlet-nameMyServlet/servlet-name servlet-classcom.company.app.MyServlet/servlet-class /servlet servlet-mapping servlet-nameMyServlet/servlet-name url-pattern/myServlet/url-pattern /servlet-mapping welcome-file-list welcome-file/myServlet/welcome-file /welcome-file-list Also, I'm not as sure, put I think just mapping the servlet to / will do the trick as well. Both are easy enough to test though, give it a shot and post back your results for the archives. Frank s s wrote: i want to invoke a servlet using url like http://localhost:8080 only i have done it using http://localhost:8080/index.html where index.html is a servlet. Is it possible to load this servlet as a default just like a default web page. The point is i want a servlet to recieve a request when url http://localhost:8080 is referenced i.e without the servlet name. is it possible? - Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN] Java Web Parts + AjaxTags = Something Cool!(tm)
I am happy to announce that my previously Struts-only project AjaxTags has now been made generic and has been rolled in to Java Web Parts! This means that for *any* Java web developer, you can now add Ajax functionality to your web sites with NO coding on your part in a completely declarative fashion! You can check out all the details, as well as of course grab a download, at http://javawebparts.sourceforge.net Java Web Parts is a collection of small, largely independent and reusable components of general interest to anyone doing Java-based web development. It includes such things as servlet filters, taglibs, servlets, general utility classes for request/response/session objects and listeners. Although it is still considered to be pre-alpha, I encourage anyone interested to have a look and use the components that interest you and provide any feedback you think will be useful to help make the project better. Contributors are very welcome as well! Thanks and happy holiday weekend, for those of us in the states! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Frames and request
On Thu, June 30, 2005 11:32 am, Carlos Bracho said: Hello. I am working with frames (I know it's a bad practice... but I cannot do anything about it) well the problem is: Whoever told you using frames is a bad practice was probably scared of them :) I find a lot of people see that it takes a little extra effort and they run away like their hair was on fire. Using frames is like using any other technology... if you understand it, and know the pros and cons, you can do things you could never do otherwise. But I digress... I have one jsp file (outter.jsp) which has 2 frames (inner1.jsp and inner2.jsp), when I forward to outter.jsp I can see the request's attribute, but inner1.jsp and inner2.jsp does not have access to the request's attribute, in fact the have a new request and of course that request does not have the attribute I set before. That's right... each frame is a separate request. You have to think of them as completely separate browser windows, because thats exactly what they are. They just happen to share a session. There are ways to do what you want... if you are not script-averse, you can grab the attributes you want from the request associated with outter.jsp, put them in some Javascript variables, and then access them from the inner frames using parent.name_of_variable_here (although I've always used window.top.name_of_frame.name_of_variable, they should both work). Alternatively, you can add a query string to the URLs that you populate in the inner frames from the outer frame, something like: frameset rows=100,* frame name=top src=top.jsp%=?+(String)request.getAttribute(attr1)% frame name=bottom src=bottom.jsp%=?+(String)request.getAttribute(attr2)% /frameset In the case of the first approach, the attributes are only accessible to your client-side code, i.e., you can't get at them from within a JSP scriplet. The second will allow you to access them in both client-side code and server-side code. Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: http session lost between struts action
I thought that at first too Guru, I had to go remind myself... looking at the javadoc for request.getSession(boolean)... Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session. That OR, IF clause is whats important.. it should only create a new session if none already exists. So, calling getSession(true) is going to return to you a session either way, whether it's a pre-existing one or a new one. I do however agree that calling getSession(true) in this case does not seem appropriate... Angelina, I would call it with false and check for null, as Guru says. It probably won't solve the problem, but it will tell you a little bit more, namely whether the session really exists or not in a more explicit manner. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 27, 2005 12:23 pm, Raghupathy,Gurumoorthy said: Well the issue is request.getSession(true) Try something like MyObject myObj = new MyObject(); myObj.setAbc(Abc); myObj,setDef(Def); HttpSession session = request.getSession(false); If ( session == null ) { session = request.getSession(true); } session.setAttribute(MySessionName, myObj); HttpSession session = request.getSession(false); If ( session != null ) { MyObject myObj = (MyObject)request.getSession(true).getAttribute(MySessionName); } Because HttpSession session = request.getSession(true); will always create a new session Regards Guru -Original Message- From: angelina zh [mailto:[EMAIL PROTECTED] Sent: 27 June 2005 17:18 To: Tomcat Users List Subject: Re: http session lost between struts action David, Thanks a lot for your help. My browser accepts cookies. Actually I inspected the cookies as well as the session object when I was debugging. The cookies is a valid array with valid sessionId inside and the method isRequestedSessionIdFromCookie() returns true as long as the http session object is valid. But when the session got lost, the cookies became to null and the method isRequestedSessionIdFromCookie() returns false. The links are the paths defined in the struct-config.xml file. The jsessionid is still valid when the session get lost. Here is how the code looks like in the LogInAction: MyObject myObj = new MyObject(); myObj.setAbc(Abc); myObj,setDef(Def); HttpSession session = request.getSession(true); session.setAttribute(MySessionName, myObj); Here is how the code looks like in the following actions: MyObject myObj = (MyObject)request.getSession(true).getAttribute(MySessionName); I have a FrontController servlet class to hand request and response. When a link on the welcome page got clicked, I noticed that in the FrontController servlet class, the session in the request became to null via eclipse's debugging tool. (Before this point, the session is all valid.) Then in the following action class, a new standard session got created. So my personal session information totally lost. Anything else I shall try? Thanks so much! Angelina David Smith [EMAIL PROTECTED] wrote: Check these: 1. Your browser is accepting cookies 2. Your links are being generated by taglibs that insure the jsessionid is attached if needed. I say if needed because if tomcat is getting a valid session cookie from your browser, the jsessionid won't be added to the link. They don't both have to be done, but chances of eliminating errors are best if they are. Beyond that, I would have to suspect the way you are trying to access the session attributes either in setting them or in retrieving them. Could you post code snippets that show how you are setting and retrieving attributes? --David - Yahoo! Sports Rekindle the Rivalries. Sign up for Fantasy Football - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do i restrict servlet access? / blocking URLs
You could literally examine the IP of the incoming request (look at ServletRequest object), or you could have A set some sort of flag in request to indicate to the filter to let the request through regardless. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, June 24, 2005 2:32 pm, Jason Novotny said: Hi Jim, Thanks-- I just looked at using a filter as a solution, but there seems to be a problem. I want the servlet in webapp A to be able to dispatch to B but not a user. The problem is the filter will block all requests including the dispatch from A. I need a way to somehow ensure that A can invoke servlet B in web app B but not a user navigating directly... any ideas are greatly appreciated. Actually one question would be how to create a filter that allows incoming requests from that same machine but not IP's outside of it I guess? Thanks, Jason Jim Henderson wrote: Take a look at yesterdays (6/23 5:02 PM) posting Blocking urls. That should help. -Original Message- From: Jason Novotny [mailto:[EMAIL PROTECTED] Sent: Thursday, June 23, 2005 10:13 PM To: tomcat-user@jakarta.apache.org Subject: how do i restrict servlet access? Hi, I have a webapp A that uses cross-context to dispatch requests to webapp B. However, I want users to have to go thru webapp A and the mapping I set in web.xml. How do I restrict access so only webapp A can invoke B's servlet but B should be inaccessible to users navigation. Is there something I can set in the web.xml of B or would I need to modify server.xml as a site wide configuration? Thanks, Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: User authentication using Realms
Glad to hear you got it working so far! :) Is your DSN name literally Simple JSP? If so, I suggest trying something without a space in it... I have a feeling it might not work with spaces in the name. Note that the exception you are getting is actually coming from Access, it is simply being passed through JDBC. So, as you try and Google for a solution, you can *almost* forget you are working in Java temporarily. Also, does your DSN actually work via the test function in the ODBC manager? I tend to assume you tried that already, but just making sure ;) Actually, it looks like your saying you have a test class that does connect via that DSN, is that correct? If so, ignore this suggestion! :) I notice you say your code can switch between two connection methods... is it possible that somehow it isn't switched to the DSN method and is trying to connect with the path you specified? That makes a little more sense with the exception you are seeing. Ok, that's all the shots in the dark I have right now :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 20, 2005 9:34 am, Gagnon, Joseph M \(US SSA\) said: I've finally (with lots of help) figured out how to do form-based user authentication of a simple test JSP webapp. So far, so good ... it seems to be working. However, the database is a list of roles and users currently defined in conf/tomcat-users.xml. While this worked fine while I was learning how to do this and finally get it up and running, this is definitely not the method I want to use for the real thing. So, I started looking around at some more of the Tomcat documentation and stumbled upon realms. This seems to be the vehicle to allow Tomcat to provide a better method of performing user authentication. The question now is: how do I make use of this? The docs refer to the set of built-in realm types that are available for use, but I don't understand the subtle differences between many of them. There don't seem to be any examples of how to use them. I don't know which ones should be used for different situations. I'm running on a PC with MS Access installed. This is the database (at least for now) that I intend to use. I have successfully accessed information from an Access DB using a Java class to create the connection and execute SQL statements. I've done only a very simple case at this point, just to demonstrate that I can do it successfully. The class actually has two possible methods of connection to the DB, one method defines the actual path to the DB file and a complex (and for the most part, not understood) connection string, the other method defines a URL in the following format: jdbc:odbc:DSN name. The DSN name was set up in the Windows ODBC data source administrator utility. The second method is the one I'm using at this point. I tried setting up a JDBCRealm realm to use an Access DB with two tables, one for user names and passwords, the other for user names and roles. I set up another ODBC DSN as described above and placed a reference to that in the realm element. I *think* I followed the directions correctly, but ran into a problem that I don't know how to address. When I restart Tomcat, I'm getting the following error message in the logs (stderr and catalina): Jun 20, 2005 9:06:57 AM org.apache.catalina.realm.JDBCRealm authenticate SEVERE: Exception performing authentication java.sql.SQLException: [Microsoft][ODBC Microsoft Access Driver] '(unknown)' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. at sun.jdbc.odbc.JdbcOdbc.createSQLException(JdbcOdbc.java:6958) at sun.jdbc.odbc.JdbcOdbc.standardError(JdbcOdbc.java:7115) at sun.jdbc.odbc.JdbcOdbc.SQLDriverConnect(JdbcOdbc.java:3074) at sun.jdbc.odbc.JdbcOdbcConnection.initialize(JdbcOdbcConnection.java:323) at sun.jdbc.odbc.JdbcOdbcDriver.connect(JdbcOdbcDriver.java:174) at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:694) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:344) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAut henticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator Base.java:391) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:1 48) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:85 6) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java
Tomcat con pooling to Oracle RAC
Does anyone have any experience configuring Tomcat to connect to an Oracle RAC cluster? I have an application that currently works in a test environment, where it connects to a single Oracle server. Now I'm moving it to a QA environment, where there is a 3-node Oracle cluster using RAC. I'm getting an Oracle 12505 error (SID not found) trying to talk to the cluster. Problem is, I'm not sure how the configuration differs in Tomcat, if it does, in this situation. I have a TNS entry in tnsnames, and I can connect to the cluster using Toad or Oracle Enterprise Manager, so the basic setup appears correct. Here's my server.xml context entry: Context path=/app docBase=app swallowOutput=false override=true Resource name=jdbc/appdb auth=Container type=javax.sql.DataSource / ResourceParams name=jdbc/appdb parameternamedriverClassName/namevalueoracle.jdbc.driver.OracleDriver/value/parameter !-- parameternameusername/namevalueapp/value/parameter parameternamepassword/namevalueapptest/value/parameter parameternameurl/namevaluejdbc:oracle:thin:@server.company.net:1700:testsid/value/parameter -- parameternameusername/namevalueappweb/value/parameter parameternamepassword/namevalueappqa/value/parameter parameternameurl/namevaluejdbc:oracle:thin:@node1.company.net:1700:qasid/value/parameter parameternamemaxActive/namevalue100/value/parameter parameternamemaxIdle/namevalue75/value/parameter parameternameminIdle/namevalue50/value/parameter parameternametestOnBorrow/namevaluefalse/value/parameter parameternamelogAbandoned/namevaluetrue/value/parameter parameternameremoveAbandoned/namevaluetrue/value/parameter parameternamewhenExhaustedAction/namevalue1/value/parameter /ResourceParams /Context Passwords and such have been changed to protect the innocent :) I also left the commented section for the test environment that *does* work, just for comparison. Now, the first thing that struck me as wrong is that the server I'm connecting to is only one node in the cluster. Should RAC provide a single server name that the cluster is accesible through? Otherwise, everything looks correct to me. Anyone have any ideas? TIA! Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat con pooling to Oracle RAC
Yep, I had a coworker suggest using the OCI driver as well... seems you can just drop the TNS string into the URL parameter in server.xml... I couldn't get it to work, but I suspect it was just a minor typo or something, the theory seems dead-on. I would up just writing the connection string to go to a specific node in the cluster... This isn't a problem because it only comes up when I have my desktop running against the QA database, which should probably never happen... the actual QA server will be configured properly to talk to the cluster (it's actually Websphere besides, but I develop with Tomcat). Thanks for that reference though... The DBA wants me to not talk to a specific node, and I think that may help get me all squared away with the OCI driver. Thanks again! :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 20, 2005 2:03 pm, Patrick Thomas said: Hi Frank, With the caveat that I don't use RAC, it looks like you're doing things right from a JDBC/Tomcat perspective, but I thought I'd bring one point just to clarify for you and any lurkers: JDBC doesn't use TNS at all; it only cares about the host, port and SID as specified in the connection string (or xml config). I'm going to presume that either RAC default or your custom setup is what's dictating your choice of port (as it's not the standard for a regular 1-server oracle connection). Since you seemed to indicate that you have oracle client software actually installed on the box that you're running TC from, might I suggest the OCI driver (instead of thin) which should allow you to make use of the working TNS configuration, and appears to offer support for RAC setups. Here's one quick reference that google turned up; there are probably others that may be more specific to your cause: http://www.praetoriate.com/10g_11_25.htm Good luck, Patrick On 6/20/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: Does anyone have any experience configuring Tomcat to connect to an Oracle RAC cluster? I have an application that currently works in a test environment, where it connects to a single Oracle server. Now I'm moving it to a QA environment, where there is a 3-node Oracle cluster using RAC. I'm getting an Oracle 12505 error (SID not found) trying to talk to the cluster. Problem is, I'm not sure how the configuration differs in Tomcat, if it does, in this situation. I have a TNS entry in tnsnames, and I can connect to the cluster using Toad or Oracle Enterprise Manager, so the basic setup appears correct. Here's my server.xml context entry: Context path=/app docBase=app swallowOutput=false override=true Resource name=jdbc/appdb auth=Container type=javax.sql.DataSource / ResourceParams name=jdbc/appdb parameternamedriverClassName/namevalueoracle.jdbc.driver.OracleDriver/value/parameter !-- parameternameusername/namevalueapp/value/parameter parameternamepassword/namevalueapptest/value/parameter parameternameurl/namevaluejdbc:oracle:thin:@server.company.net:1700:testsid/value/parameter -- parameternameusername/namevalueappweb/value/parameter parameternamepassword/namevalueappqa/value/parameter parameternameurl/namevaluejdbc:oracle:thin:@node1.company.net:1700:qasid/value/parameter parameternamemaxActive/namevalue100/value/parameter parameternamemaxIdle/namevalue75/value/parameter parameternameminIdle/namevalue50/value/parameter parameternametestOnBorrow/namevaluefalse/value/parameter parameternamelogAbandoned/namevaluetrue/value/parameter parameternameremoveAbandoned/namevaluetrue/value/parameter parameternamewhenExhaustedAction/namevalue1/value/parameter /ResourceParams /Context Passwords and such have been changed to protect the innocent :) I also left the commented section for the test environment that *does* work, just for comparison. Now, the first thing that struck me as wrong is that the server I'm connecting to is only one node in the cluster. Should RAC provide a single server name that the cluster is accesible through? Otherwise, everything looks correct to me. Anyone have any ideas? TIA! Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[ANN] Java Web Parts release
Thought this might be of interest to some... The Java Web Parts SF project I began had its first release this weekend. It's a pre-alpha, but my thinking is to put out smaller releases as frequently as possible so that, theoretically at least, the code will be more solid when a GA release comes out. http://sourceforge.net/projects/javawebparts/ If anyone is interested in contributing, please contact me (either direct eMail or on the project mailing lists or forums). A quick synopsis of the project: Java Web Parts is a collection of small, largely independent utility-type classes and functions for Java web application developers including taglibs, filters, JSP templates, servlets, utility classes and other general-purpose code. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP including servlet output
Hey all... I have a situation where I want to use a jsp:include whos target is actually a servlet... Problem is, in the servlet I do: ServletOutputStream out = response.getOutputStream(); out.println(items.getItem()); ...which yields: java.lang.IllegalStateException org.apache.jasper.runtime.ServletResponseWrapperInclude.getOutputStream(ServletResponseWrapperInclude.java:62) Commenting out those two lines gets rid of the exception. If I call the servlet directly on its own I get my expected result, so I know the servlet itself works. I'm assuming this is some sort of limitation of the include mechanism, question is, can it be overcome? I added flush=true to the include tag, which gets rid of the exception but makes the resultant page end where the include is, so that's not the answer. An ideas? Is this something that can be done in the first place? If so, how does one overcome this problem? TIA! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP including servlet output
Never mind, got it... changed: ServletOutputStream out = response.getOutputStream(); ..to... PrintWriter out = response.getWriter(); ...and it now works. I wouldn't mind an explanation though :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, June 17, 2005 2:02 pm, Frank W. Zammetti said: Hey all... I have a situation where I want to use a jsp:include whos target is actually a servlet... Problem is, in the servlet I do: ServletOutputStream out = response.getOutputStream(); out.println(items.getItem()); ...which yields: java.lang.IllegalStateException org.apache.jasper.runtime.ServletResponseWrapperInclude.getOutputStream(ServletResponseWrapperInclude.java:62) Commenting out those two lines gets rid of the exception. If I call the servlet directly on its own I get my expected result, so I know the servlet itself works. I'm assuming this is some sort of limitation of the include mechanism, question is, can it be overcome? I added flush=true to the include tag, which gets rid of the exception but makes the resultant page end where the include is, so that's not the answer. An ideas? Is this something that can be done in the first place? If so, how does one overcome this problem? TIA! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP including servlet output
Yeah, I saw those notes too... I found them a tad confusing :) I would have thought it was the OutputStream that was already gotten, contrary to what the note says... If it was the PrintWriter that was already gotten, then why was the solution to call getWriter() instead? I get the feeling those notes are actually backwatds because as they are it doesn't make sense to me. Or something else entirely is going on. That's the problem for me... if I don't really understand what was wrong, and why the fix is what it was, I can't be sure this code will work in all cases going forward, and that worries me since it is part of a generic package. Frank Jay Burgess wrote: Not a full explanation, but the Javadoc for ServletResponse.getOutputStream() does say: Throws: java.lang.IllegalStateException - if the getWriter method has been called on this response Conversely, getWriter() says: Throws: java.lang.IllegalStateException - if the getOutputStream method has already been called for this response object It'd seem that the Writer had already been acquired. Jay | Jay Burgess [Vertical Technology Group] | Essential Technology Links via RSS | http://www.vtgroup.com/ -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Friday, June 17, 2005 1:21 PM To: tomcat-user@jakarta.apache.org Subject: Re: JSP including servlet output Never mind, got it... changed: ServletOutputStream out = response.getOutputStream(); ..to... PrintWriter out = response.getWriter(); ...and it now works. I wouldn't mind an explanation though :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help/Examples setting up security settings
Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 6:37 PM To: Tomcat Users List Subject: Re: Help/Examples setting up security settings As Mark indicated in another post, the first problem you need to resolve is how you have installed your webapp. ROOT is itself a webapp, and although it might seem right that you want to put your webapp under it, that isn't the case. Move SPID_JSP to /webapps and you should be all set. One other thing I see is you are missing security role definitions in your web.xml. You'll want to add something like this: security-role descriptionspid_jsp/description
RE: Help/Examples setting up security settings
On Tue, June 14, 2005 9:26 am, Gagnon, Joseph M \(US SSA\) said: Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. Hmmm... The only thing that strikes me odd is what is being requested... Every time I've seen it, j_security_check is in the root... I wonder if Tomcat doesn't recognize j_security_check as being a special servlet if it isn't in the root? Just for chuckles, move your JSPs to the root of your webapp, that should result in /j_security_check being what the form is submitted to, see if that solves the problem (I *think* you could make the action of your form ../j_security_check instead of moving everything, that should do the same thing and would be easier). If that doesn't work then there is probably something else specific to Tomcat that needs to be done to enable that servlet that I am not aware of. As for the question of directing control to the success page, this is one of those things that is a bit confusing at first... you really don't direct control anywhere... what should happen is the URL your users should access *IS* the success page, assuming the succcess page is a constrained resource... in other words, write your application with the assumption that a user is already authenticated and that really the login page IS NOT part of your application. Then, when they try to access the success page, the request will be intercepted and the login page shown. If they enter valid credentials, THEN the success page will be returned to them automatically. That part usually confuses people at first (I think it did me too for a few minutes when I first dealt with this). Just remember, it's an intercept-based security mechanism... when the user tries to hit a protected resource, the request is intercepted and they are challenged to authenticate themselves. Conceptually, think of the original request as having been put on hold. Once they authenticate, the request continues where it left off, you have nothing special to do. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. No, I think you've managed to get pretty far essentially on your own... Good job! :) Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help/Examples setting up security settings
dump, except this time, the page header shows what I expect: Get Environment Data. First, why didn't I get presented with the login page? Isn't that what was supposed to happen? Second, I don't understand the dual behavior observed above. Why should I get what happens in scenario 1? The file requested exists at the location specified. What gives? Why does scenario 2 allow me to access my page as I would expect to? Obviously, I don't know diddly-squat about how this technology works and is meant to be used. Everything I try ends up either a drop dead failure or confuses me even more than I already was. There does not seem to be any consistency to the behaviors I've been seeing. If someone asked me right now whether to recommend using JSP, I'd have to say No. I can't even get a simple test scenario to work. I'm trying to hold off on buying any books on the subject, because I'm not sure which ones would be the best to get (although I have some ideas) and more importantly, because I am trying to evaluate the technology and the feasibility (not to mention the do-ability) of potentially converting an existing ASP application to JSP. The books would be purchased through my department, and I don't want to have a bunch of books bought that I may end up not using, if the decision ends up being that we won't go the JSP route. I realize that it's difficult for someone reading this to get the full picture of my situation. I've tried to include all pertinent information. If anyone can help me out, I would sure appreciate it. (Thanks again Frank Zammetti for the information you've provided so far.) Thanks, Joe Gagnon -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:39 AM To: Gagnon, Joseph M (US SSA) Cc: Tomcat Users List Subject: RE: Help/Examples setting up security settings On Tue, June 14, 2005 9:26 am, Gagnon, Joseph M \(US SSA\) said: Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. Hmmm... The only thing that strikes me odd is what is being requested... Every time I've seen it, j_security_check is in the root... I wonder if Tomcat doesn't recognize j_security_check as being a special servlet if it isn't in the root? Just for chuckles, move your JSPs to the root of your webapp, that should result in /j_security_check being what the form is submitted to, see if that solves the problem (I *think* you could make the action of your form ../j_security_check instead of moving everything, that should do the same thing and would be easier). If that doesn't work then there is probably something else specific to Tomcat that needs to be done to enable that servlet that I am not aware of. As for the question of directing control to the success page, this is one of those things that is a bit confusing at first... you really don't direct control anywhere... what should happen is the URL your users should access *IS* the success page, assuming the succcess page is a constrained resource... in other words, write your application with the assumption that a user is already authenticated and that really the login page IS NOT part of your application. Then, when they try to access the success page, the request will be intercepted and the login page shown. If they enter valid credentials, THEN the success page will be returned to them automatically. That part usually confuses people at first (I think it did me too for a few minutes when I first dealt with this). Just remember, it's an intercept-based security mechanism... when the user tries to hit a protected resource, the request is intercepted and they are challenged to authenticate themselves. Conceptually, think of the original request as having been put on hold. Once they authenticate, the request continues where it left off, you have nothing special to do. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. No, I think you've managed to get pretty far essentially on your own... Good job! :) Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com
Re: Concurrent login detection - how?
A SessionContextListener gets called when a session times out, or is otherwise invalidated. This is how you do it. I did this in an app some time ago... I just needed to maintain a list of who was logged in. You can do something simple like I did: have a UsersList object with a single static HashMap in it. In that HashMap goes User objects. When the session is created, the listener is called, and you put the User object in it. When the session is destroyed, you remove it. I keyed the HashMap off user ID, you can do it however you like. Just be sure to take concurrency into account and it works rather well. You could do it to a database if your requirements make that a better choice. Frank Michael Mehrle wrote: That actually goes to the heart of my question: HOW do I detect when their session times out? ;-) I know the 'strategy' of doing this, but I don't know how to capture a timed-out session - technically. Any input would be welcome. TIA, Michael - Original Message - From: David Rickard [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, June 14, 2005 9:53 AM Subject: Re: Concurrent login detection - how? Remove IDs from the List when users log out (and add a ServletContextListener to catch people who leave the site without logging out--remove their IDs when their sessions time out); At 09:22 AM 6/14/2005, you wrote: What is the best way to detect two people being logged in concurrently using the same account? This is one aspect of my efforts to restrict fraudulent access. Again, I don't want to use Acegi since it seems to break the rest of my app. So, what's the best way to do this 'traditionally'? Thanks! Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- David Rickard Software Engineer TechBooks/GTS Your Single Source Solution! Los Angeles CA * York, PA * Boston,MA * New Delhi, India Visit us on the World Wide Web http://www.techbooks.comhttp://www.techbooks.com [EMAIL PROTECTED] 5650 Jillson St., Los Angeles, CA 90040 (323) 888-8889 x331 (323) 888-1849 (Fax) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
I realize this is the Tomcat list, but I suspect many people here use Struts in developing their apps... I think it is worth noting that Struts provides a nocache switch for the Request Processor that does the same thing (setting the no cache headers). I found this out the hard way about two weeks ago when I ran into this very problem, but it turned out to be caused by this Struts option as I was running under Websphere. The point being that even if you can disable the option in Tomcat (and I'm not sure you can?), if you are using Struts you still could experience the same issue if you aren't aware the the headers could be set in two places. FYI, I wound up writing a filter that lets me define paths that WILL NOT have the cache headers set, all others they are set for (because all but three paths in my app needed the headers set, the 3 were where PDFs get generated). I use this in place of the Struts setting. This filter will appear in my Sourceforge JavaWebParts project, in case anyone else might be interested. Frank Mark Leone wrote: Maybe IEs implementation existed before HTTP 1.1 and before the no-store option was introducted, which seems to clarify the matter of what isn't allowed to be stored to disk, there is nothing else in the specififcation that mandates the user-agent or cache can not (in the process of serving the orginary request) store it to disk (if the implementation needs to). That's a charitable way to look at it, and an interesting observation. However, MS explicitly justifies the behavior in reference to the no-cache directive (see second link below), and I believe that neither the HTTP 1.0 Pragma semantics nor the HTTP 1.1 Pragma and Cache-Control semantics support the behavior. Given, as you pointed out, that the no-store option in HTTP 1.1 clears it up, then I think IE's implementation is even more unreasonable, as there is a check-box for HTTP 1.1 support. I've worked with dynamic HTML for quite a few years and can't remember stumbling over this problem, what is the simplest server response that triggers this problem in IE ? The problem occurs when using IE over an SSL connection, when the server includes either cache-control: no-cache or pragma: no-cache headers, or both, in the response, and the user is attempting to download a file that is not rendered in the browser (e.g., the file is either to be saved to disk or launched in some app other than a browser). Note that IE does not manifest the problem when the no-cache directives are sent in the response for non-SSL connections. I believe that Tomcat sends the no-cache directives when serving a resource from a protected context, i.e. one for which a security-constraint is defined. (Mary-Beth reported here earlier that she got IE to behave properly by unchecking the option Do not save encrypted pages to disk, but I tried this and it did not alleviate the problem. I believe Mary-Beth was dealing with a different issue. It's worth noting that MS does not list unchecking this option as a workaround in their bug report response for this issue.) The Tomcat bug report on it can be found here: http://issues.apache.org/bugzilla/show_bug.cgi?id=27122 And the IE bug report and MS response can be found here: http://support.microsoft.com/?id=316431 The issue is especially vexing IMO because of how it manifests. IE actually draws the download box with the progress bar, showing the correct web address and even the correct mime type of the resource. Then instead of beginning the download it suddenly throws up a window that says the site is unreachable. -Mark Darryl - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
Yes, it can be done with a simple valve. See earlier message in this thread for details, or follow the link to the Tomcat bug database in my previous message. I missed that thread, but this is good to know. Thanks! Keep in mind, this is not just a problem with pdf files. It will happen when IE uses SSL to download *any* file that is not being rendered in the browser, when the no-cache directive is included in the response. Absolutely. Worth having this clearly stated for the archives for sure. Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
Yes, it can be done with a simple valve. See earlier message in this thread for details, or follow the link to the Tomcat bug database in my previous message. I missed that thread, but this is good to know. Thanks! Keep in mind, this is not just a problem with pdf files. It will happen when IE uses SSL to download *any* file that is not being rendered in the browser, when the no-cache directive is included in the response. Absolutely. Worth having this clearly stated for the archives for sure. Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Probably an easy answer
The only other possible way I can think of, and I would have to do so experimenting to see if/how exactly it would work, would be something like: try { Object a = b; // Where b might be declared or might not be } catch () { // Not sure what exception would be thrown // Do something when b wasn't declared } I'm assuming there is a runtime exception to check for... that may not be true at all... part of me suspects there isn't... that's why I'd have to do some experimenting :) In fact, being in a JSP this might be the best option because I'm not sure how you could use reflection as I suggested, i.e., what object would you inspect when the field you want to check for is a JSP variable? I'm not sure. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 13, 2005 8:58 am, Charles P. Killmer said: Thanks. And I do mean declared. I have a jsp that is included by a few other jsp's. Some of them declare a variable and some do not. Right now I have two files that are almost identical. One expects the variable to be present and the other does not. I am looking to consolidate these two files. Charles -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 5:46 PM To: Tomcat Users List Subject: Re: Probably an easy answer If it is a class member you could conceivably use reflection to see if a given object/class has a member you name... if it's local though, no, it's a purely compile-time check. Do you really mean declared or do you perhaps mean initialized? Frank Charles P. Killmer wrote: Is there a way to, at runtime, check if a variable is declared? I have some code that I want to behave differently depending on whether or not a variable has been declared. I tried using a try catch block but it gets caught at compile time. Thanks Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Probably an easy answer
Yeah, I wasn't sure that would work... Seemed like it would still be a compile error, but worth a shot. I'm out of ideas at the moment. I agree with what another poster said though... seems like there must be a better way to check than whether a variable is declared or not. I understand the problem you are trying to solve, I actually dealt with a similar issue with included code needing a Javascript variable that may or may not be present, but in this case I'm not sure of a good answer. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 13, 2005 10:19 am, Charles P. Killmer said: I tried the try catch block and that led me to asking this forum. I tried a generic catch (Exception e) and it resulted in a compile error. My suspicion is that this is not an easy thing to do. Any brainstorms out there? Charles -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 8:34 AM To: Tomcat Users List Cc: Tomcat Users List Subject: RE: Probably an easy answer The only other possible way I can think of, and I would have to do so experimenting to see if/how exactly it would work, would be something like: try { Object a = b; // Where b might be declared or might not be } catch () { // Not sure what exception would be thrown // Do something when b wasn't declared } I'm assuming there is a runtime exception to check for... that may not be true at all... part of me suspects there isn't... that's why I'd have to do some experimenting :) In fact, being in a JSP this might be the best option because I'm not sure how you could use reflection as I suggested, i.e., what object would you inspect when the field you want to check for is a JSP variable? I'm not sure. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 13, 2005 8:58 am, Charles P. Killmer said: Thanks. And I do mean declared. I have a jsp that is included by a few other jsp's. Some of them declare a variable and some do not. Right now I have two files that are almost identical. One expects the variable to be present and the other does not. I am looking to consolidate these two files. Charles -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 5:46 PM To: Tomcat Users List Subject: Re: Probably an easy answer If it is a class member you could conceivably use reflection to see if a given object/class has a member you name... if it's local though, no, it's a purely compile-time check. Do you really mean declared or do you perhaps mean initialized? Frank Charles P. Killmer wrote: Is there a way to, at runtime, check if a variable is declared? I have some code that I want to behave differently depending on whether or not a variable has been declared. I tried using a try catch block but it gets caught at compile time. Thanks Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help/Examples setting up security settings
with all this in it? Let's walk through it... (1) User enters http://mysite.com/admin/page1.jsp (2) The container looks through the defined security-constraint's and looks for one with a url-pattern element that matches the requested URL. In this case it finds one. (3) So, security kicks it. Now the login-config element is looked at and we see that form-based authentication is in use. So, the page named in the form-logon-page element is displayed. Note that if you were using basic auth, the user would get a popup box. (4) In either case, they enter their username and password. (5) At this point, we get into container-specific stuff... basically, whether it is a lookup against an LDAP directory, or against a Tomcat XML file, or something else entirely, j_security_check (a servlet) is responsible for this. It looks up the user, and assuming they are found, returns the group they are in. Might be AdminRole in this case, might be PlainOldUserRole, or something else. P.S., if the user isn't found, or their password is not correct, a 403 error is returned., You can name what page to display in this case by adding to web.xml: error-page error-code403/error-code location/jsp/badLogon.jsp/location /error-page (6) So, the container then has the group the authenticated user is in... So it consults the security-role elements and finds a match. It then looks again at the security constraints that the URL mapped to and see if the group the user is in is defined as having rights to that resource. (7) Assuming the group the user is in has rights, the original request goes through. This might be confusing... remember that the reason the login screen was displayed was because the user requested a constrained resource... you can think of that request as being placed on hold, in a sense, until the user is authenticated. Once they are, the original request continues and the resource is returned. Let me see if my ASCII art is up to the challenge... | Request for /admin/page1.jsp | || \/ | Security intercept: login page shown | || \/ - | Login form submit | - || \/ --- | User validated and belongs to allowed group | --- || \/ - | Request forwarded to /admin/page1.jsp | - Ok, hope that gets the point across. So, but the end of that chain, the page1.jsp is now displayed, the user is happy :) Note that this process as outlined is conceptual... there could be some details in how the container does it's thing that I got wrong... from your perspective, and the perspective of what the user sees though, it is correct. I think that's everything. Hope that helps! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 13, 2005 1:55 pm, Gagnon, Joseph M \(US SSA\) said: Hello, Does anyone have any examples of how to set up my deployment descriptor (web.xml in Tomcat 5.5.9) to do BASIC authentication (of any of the other methods, for that matter)? I've looked at various sources of information on the web (including some of Sun's sites), but have not yet found good examples (more than one would be great), from soup to nuts, with good explanations along the way, describing the various elements involved (what they do and why (or why not) they are needed). A lot of these sources provide copious amounts of information, but not good working examples that I can either use directly, or at least learn from. Many times example chunks of code are provided, but it's not made clear what each element does. Also, quite often only one example of a specific usage (say: FORM based authentication) is provided, but others are not. I guess the basic gripe I have is that there's a lot of information provided for this technology, but very little information provided that actually helps someone who's just learning this stuff, actually learn HOW to use it. Now there's a caveat: I'm investigating possibly using JSP for a work-related project. I am looking at adding some functionality to an existing web application that is currently written as an ASP app. Among other things, I am trying to evaluate JSP to see what advantages it may (or may not) provide over the existing ASP. At this point, I'm trying to take a small part (essentially the front end) of the ASP app. and JSP-icize it to see what's involved in creating the same (or similar) functionality. Unfortunately I keep running into problems that for the most part, result from my lack of knowledge in this technology area. I do not want
Test, please ignore
Sorry for the disturbance... trying to troubleshoot a posting issue... this will be the only such post to this list from me. Sorry again! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [OT] Help/Examples setting up security settings
Thanks very much Chuck! I'm glad I can help whenever I can. I know how overwhelming some of this stuff can be, to me as much as anyone else, and I also know how it feels to not be able to find explanations that are easy to understand. If I can make that situation just a little better, I am happy to do so. :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 13, 2005 3:45 pm, Caldarale, Charles R said: From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Subject: Re: Help/Examples setting up security settings Having just spent a couple of weeks integrating a new security framework into an existing app, a framework that works in concert with J2EE security, let me see if I can help... Hang on, this is going to be a long post!... Frank - I've been perusing this list for some time now, and I have to say that you provide some of the most concise and lucid explanations I've ever seen. It's a pleasure to read them. Thank you very much. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Probably an easy answer
If it is a class member you could conceivably use reflection to see if a given object/class has a member you name... if it's local though, no, it's a purely compile-time check. Do you really mean declared or do you perhaps mean initialized? Frank Charles P. Killmer wrote: Is there a way to, at runtime, check if a variable is declared? I have some code that I want to behave differently depending on whether or not a variable has been declared. I tried using a try catch block but it gets caught at compile time. Thanks Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, SSL, IE, and .pdf downloads
Ironically, I ran into this last week as well. However, I was running my app on Websphere, and the cause (and solution) was subtly different... It is a Struts-based application. I had the nocache RequestProcessor setting in effect. This caused PDF generation to fail under SSL, same as the referenced issue. Removing the setting resolved the issue, but I then had to create a quick filter that would set the same cache headers the nocache setting does but allows me to define a list of paths that they should NOT be set for. So, now everything in the app gets the cache headers set EXCEPT the three paths accessed to generate PDFs, and life is good again. The point is be sure that it's no Tomcat setting the headers... and even if it is and you turn that off, be sure they aren't getting set anywhere else, like Struts, or some other app code. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, June 7, 2005 2:46 pm, Mark Thomas said: This seems to be a popular subject today. Try looking at http://marc.theaimsgroup.com/?l=tomcat-userm=111811136603781w=2 Mark Panichi, Mary-Beth wrote: Greetings ~ We're having issues downloading .pdf files in SSL. I've been all over the web trying to find solutions. The issue appears to be interaction between Tomcat and InternetExplorer. IE appears to be corrupting the pdf files. There's an IE patch out there, but we've patched past that. The fix that they list, to uncheck the don't allow encrypted data to be cached to disk, works, but it's a setting that for security reasons we don't want to leave unchecked. I've tried all manner of setting headers for cache-control, etc.. We're dynamically generating the .pdf files, and streaming them to the jsp page. I've tried also saving the pdf's physically to the server and then getting them, but that didn't work either. Has anyone run into this issue? Does anyone have a solution? I've seen lots of suggestions out there, but nothing that actually works. Thanks! Mary Beth Panichi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
Moving on to a more helpful answer... Have you tried using something like HTTPWatch to see what's going on? IE seems to display that page generically for a host of different problems, and viewing the underlying HTTP transaction might narrow things down a bit. Also, you could ask your users to turn off the friendly messages option... I'm not certain, but I believe they will get you slightly more helpful (to you) messages with that option turned off. It's under Tools...Internet Options... Advanced... Show Friendly HTTP Error Messages. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 6, 2005 10:22 am, Joe Plautz said: Simple, test with IE as well. sudip shrestha wrote: I have a struts-hibernate powered webapp running off a debian box, jdk 1.5 and tomcat 5.5.7 I have IE users complaining about page not found problems from time to time where as Firefox users never. I myselft have never encountered this problem as I use FirefoxThis led me to thinking that this might be a IE problem...Any suggestions on how to move ahead on the problem? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: IE-Page not found problem
Please see my previous post in this thread for some actual help (potentially anyway). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, June 6, 2005 11:14 am, sudip shrestha said: I have no idea why you are continuing on this pathBut all I am looking for is suggestions on how to debug this problem with IE, if there is any. I am not offerring any excuse!! It's my work related work. I have had few issues with IE in the past such as url redirection problem but I have managed to find the fix for those. So, I was thinking maybe somebody in the users list have had some kind of positive experience with this in the past. Frank's suggestion on this regard was constructive. I work in a huge company...suddenly asking users to change the browser is not exactly the pratical solution either. On 6/6/05, Joe Plautz [EMAIL PROTECTED] wrote: Sorry for not including the smiley face but, dude, you're informing of a problem that exists within a browser that is used by the vast majority of web users and for some reason refused to test with it. Works on my box is not a valid excuse. Here's a link to a html validator, http://validator.w3.org/ Here's a link that explains a lot of the known issues, http://www.howtocreate.co.uk/wrongWithIE/ sudip shrestha wrote: Dude: Read the email first... I am informing of the problem after we experienced with IE... On 6/6/05, Joe Plautz [EMAIL PROTECTED] wrote: Simple, test with IE as well. sudip shrestha wrote: I have a struts-hibernate powered webapp running off a debian box, jdk 1.5 and tomcat 5.5.7 I have IE users complaining about page not found problems from time to time where as Firefox users never. I myselft have never encountered this problem as I use FirefoxThis led me to thinking that this might be a IE problem...Any suggestions on how to move ahead on the problem? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Which is best practice for stowing objects, request or session context?
Digby has the right idea... It's not a question of which is better, it's a question of which is appropriate for what you are doing. Many people do not deal in clustered environments, nor do they deal frankly with high scalability requirements. I have to deal with both of those concerns in my daily work. One of the things you learn in a hurry is that storing anything in session that doesn't really need to be there has a negative impact on both. Even in a single-server environment, scalabilty can be adversely affected fairly quickly when session size isn't a concern to a developer. My rule of thumb is to put everything in request unless I know for sure there is a reason to put it in sesion. This might be a need across multiple pages as Digby says, or just because I know it is somewhat expensive to reproduce the content (i.e., maybe a complex SQL query). And when I do have to put anything in session, I try and store the smallest amount of data I possibly can to accomplish what I'm doing. I have never had a situation where I needed application context by the way, not for something that deals with request servicing. I don't know if it is true these days to be honest, but back when I did nothing but Microsoft-based development, it was a pretty well-known fact that it was more expensive to store things in session than in request, and even more expensive to store things in context than session. Even if that isn't true today in the Java world, I still proceed as if it is because that mentailty tends to push stored data/objects down to where they should be in terms of lifetime and scope. Frank Digby wrote: IMHO, I would suggest storing objects for the shortest time possible. If an object is only going to be used once, there's no point clogging up memory with lots of unused objects, which won't be garbage collected until the session is destroyed. My rule of thumb is to use the request when it's a one-off, the session if it might be used by another page, and the application if it will be used by more than one user (which is quite rare). Digby Adrian Beech wrote: Hi all, A work colleague mentioned on Friday it would be better to place objects (beans and the like) which had been created in a servlet into the request context when exposing them to the JSP. To date all the code I've written stores beans and the like in the session context and all has appeared to be fine thus far. I understand the nature of the various contexts and how they relate to the process life cycle, etc. Can someone please shed some light on this and possibly explain the merits of placing the objects in either context? For example, what are the pitfalls of using the request context? Is there any material around which adequately details when or when not to use the specific contexts? Cheers. AB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Validating a session
This might seem bizarre, but... Assume that a request contains a session ID as a parameter. Is there a way *programmatically* to validate that session ID? In other words, the query string contains the session ID, and in a servlet I need to be able to ask the container if it is valid or not. But, for reasons that would probably make your head spin if I explained, I cannot simply allow the container to do it, I need to be able to do it from my own code. Moreover, this can't be a Tomcat-specific solution. Any takers? :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Simple question on HTTP return codes
I fear I should know this answer, but... How can one, from a servlet (or Struts Action maybe) throw a specific HTTP return code? I need to return a 403 from a servlet if certain things are not present in the request... is it just a matter of setting a particular header, or is there something to throw, like an exception? Thanks all! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Simple question on HTTP return codes
Yep, I *should* have known that :)... The sendError() method of HttpServletRequest does it. Sorry for wasted bandwidth! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, May 31, 2005 3:13 pm, Frank W. Zammetti said: I fear I should know this answer, but... How can one, from a servlet (or Struts Action maybe) throw a specific HTTP return code? I need to return a 403 from a servlet if certain things are not present in the request... is it just a matter of setting a particular header, or is there something to throw, like an exception? Thanks all! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Validating a session
Thanks Jack, that's a good reference. It didn't really answer my specific question, not that I could see immediately anyway, but I solved the problem a different way anyhow, so it's all good. I bookmarked that anyway, could be a good reference down the road for something. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, May 31, 2005 2:51 pm, Dakota Jack said: The following is a pretty good, even if ugly, article on session ids, Frank. Very comprehensive and it should cover in some part whatever you are working on: http://www.technicalinfo.net/papers/WebBasedSessionManagement.html On 5/31/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: This might seem bizarre, but... Assume that a request contains a session ID as a parameter. Is there a way *programmatically* to validate that session ID? In other words, the query string contains the session ID, and in a servlet I need to be able to ask the container if it is valid or not. But, for reasons that would probably make your head spin if I explained, I cannot simply allow the container to do it, I need to be able to do it from my own code. Moreover, this can't be a Tomcat-specific solution. Any takers? :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Simple question on HTTP return codes
Cool, good to know there is a difference. Thanks! Frank Dakota Jack wrote: Just a small note, Frank. You use sendError(int sc) for errors but setStatus(int sc) for codes that are not errors. On 5/31/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: Yep, I *should* have known that :)... The sendError() method of HttpServletRequest does it. Sorry for wasted bandwidth! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Tue, May 31, 2005 3:13 pm, Frank W. Zammetti said: I fear I should know this answer, but... How can one, from a servlet (or Struts Action maybe) throw a specific HTTP return code? I need to return a 403 from a servlet if certain things are not present in the request... is it just a matter of setting a particular header, or is there something to throw, like an exception? Thanks all! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Adding content/JSPs on the fly
Could you instead store the JSP in a database? Let's say you have a table with the following structure: jsp_nameString jsp_content BLOB jsp_name is your primary key and is literally a JSP name. Now, create a servlet filter that examines the path that was requested and pulls out the file name part... so the path might be /my/app/page1.jsp, you just want the page.jsp part. Now, get the BLOB from the database based on that JSP name. Convert the BLOB to a string and stick it in request, then forward to a JSP that is the following: %=(String)request.getAttribute(theJSPContent)% And that's that. You could create a screen specifically for uploading a JSP and storing it in the database. Would something like this suite your needs? I realize it's not as straight-forward as one might like, but it's not too bad either. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Will Hartung wrote: From: Steve Kirk [EMAIL PROTECTED] Sent: Friday, May 27, 2005 11:44 AM It sounds reasonable, but probably isn't tested or by design, so probably best to just have a go. Re portability, the best advice I can offer is an old chestnut: read the servlet spec. This is particularly relevant in this case. The spec is generally pretty good at telling you you pretty accurately if (a) what you want to do should/must be supported or (b) what you want do do is forbidden. Of course there are some areas that it does not have a view either way on, but I find it to be an invaluable document - I have it on shortcut from my taskbar and consult it often. It's at least as useful as the javadocs or TC docs. For those of you that don't know where to find it, it's here, under specifications. http://java.sun.com/products/servlet/reference/api/index.html Choose the servlet spec version appropriate to your TC version as described in the table on the tomcat home page: http://jakarta.apache.org/tomcat/index.html I'm reasonably familiar with the specification. One of the notable bits about it is simply the fact that within the spec, you're pretty much not guaranteed writeable access to the file system at all (save for a temporary area, and it's simply that -- temporary). But the reality is that most engines give you access to the disk that way. Just one more specific point on your note Will - I would have thought if anything that you want it to be a precondition that the webapp NOT be deployed as a war. I've a feeling that if TC explodes the war, then it might not check the exploded FS for changes. Don't take this as gospel though, this is a hazy half-remembered bit of info. As far as I know, the Servlet spec doesn't have a deployment method outside of a WAR. It's pretty much a container behavior to actually explode the WAR on to the file system, yet, most obviously do for performance reasons. But it does bring up a basic problem, for example, if by some fluke the app is redeployed, all of that new data is blasted away by the WAR..that would be Bad. But I can't see another (easy) way to create JSPs on the fly, or in fact to create any other content that can be served directly the server. It's an annoying nit of the spec, to me, that it doesn't expose this behavior to the developer. For example, unlike EJBs (which has a specified limitation on accessing the disk), the Servlet spec does allow you to access the disk, though perhaps not within the WAR hierarchy. But, there is no way to, say, forward to a static resource that the server can then handle in its own internally optimal way. Rather, I have to open the static resource, determine the content type (I can get that from the Servlet spec), and then feed it into the output stream, when in fact it would simply be easier to do req.serveStatic(/tmp/mynewgraphic.gif) or some such thing, or be able to forward outside of the web app (i.e. to a actual file rather than a URL). Simply, the application structure and such are pretty much isolated from the developer. I can't add anything dynamically to the security domain, for example, which means if I want that kind of capability in my application, I have to essentially implement ALL of the container security -- mapping, role checks, etc. Container security is an all or nothing. Be happy with its limited funcitonality or dump it entirely. So, now if I want dynamic templating in my Webapp, I, technically, have to dump JSP completely and switch to something like Velocity. All of the power of JSP, tag libraries, etc. is gone. I imagine that I could mimic the JSP environment, compile the JSP myself, compile the java myself, load the class myself and feed the output into the standard output stream, but that seems like a silly wheel to reinvent when I have a full container here that DOES THAT ALREADY, doncha think? Mind, I may still just Do It, open up paths to the disk and plonk files and JSPs in place and see what happens, but it's a flaming hoop
Re: Cross-site scripting vulnerability
I notice the more... at the end of that... do you have the more by chance? Cross-site scripting (CSS) vulnerabilities are, generally-speaking, concerned with situations where a server-side process generates HTML dynamically and there is a possibility of input data that has not been scrubed of certain dangerous characters (i.e., ()%, etc.) being inserted into the generated code. Proper crafting of such input data can result in code being executed as trusted when it clearly should not be. (As amazing as it seems, I found the following page from Microsoft, of all sources!, to be a good explanation of the problem: http://support.microsoft.com/default.aspx?scid=kb;en-us;252985) As such, a tool that says a server is an enabling vector for such a vulnerability is not being especially helpful because virtually *any* server-side code that doesn't deal with such characters is potentially an enabling vector. If it narrows down the location of the apparent vulnerability, i.e., specified a path it tested maybe, it might point at something legitimately of concern. If it's just saying Hey, Tomcat could be used to craft a CSS hack, well, yes, it COULD, but then so could *anything* server-side that generates HTML! (Ironically, I spent most of today dealing with a servlet filter written by another team at my company that deals with cross-site scripting vulnerabilities, but which seems to have some unexpected side-effects, so I had to get up to speed on CSS vulnerabilities in a hurry!) Frank Narses Barona wrote: Our security tool produces the following warning against Tomcat 4.1.29 : [HTTP/8080/TCP] Server is an enabling vector for cross-site scripting exposure in clients [trace-1]. More... I seached the mailing list and found several references to cross-site scripting. Based on the information, I am lead to believe that the problem is not with the product, but with the examples or some other non-critical piece of code. I have removed the jakarta-tomcat-4.1.29/webapps/examples directory and its' content, but the problem persists. Is there some other file/directory that needs to be removed to fix this problem? I noticed one reference to a SnoopServlet, but can't find any file by that name. Narses Barona - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files?
And just to let you know, should you ever need/want to run Tomcat as a service, it's a different story at that point. At least on Windows, those settings are stored in the registry. If you ever need to go down that road, I highly suggest a look at Tomcat Service Manager: http://web.bvu.edu/staff/david/index.jsp?section=softwaresubsection=tcservcfgpage=overview Of course, if your not on Windows or not running as a service, you already have your answer :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, May 23, 2005 10:11 am, Dakota Jack said: Thanks for the assistance. I finally figured this out, for future people trying to find the same answer. The environmental variables at the top of catalina.bat can be set there. So, I added: SET CATALINA_OPTS=-Xms512m -Xmx512m -Xrs after rem rem CATALINA_OPTS (Optional) Java runtime options used when the start, rem stop, or run command is executed. rem in catalina.bat. On 5/23/05, Parsons Technical Services [EMAIL PROTECTED] wrote: Jack, To use the batch files you need to set it as an Environment Variable. The catalina.bat file will the pick it up and add it to command line. If you are wanting to do some quick testing, I think you MAY be able to include it on the command line with startup.bat. I don't run on Windows so I can't test it. If you look in the catalina.bat you will see the comments at the top talking about the variables. If you look in startup.bat you will see where it picks up the command line variables. The .sh files are the nix OS equivalent to the Windows .bat files. Doug - Original Message - From: Edao, Aliye [EMAIL PROTECTED] To: Dakota Jack [EMAIL PROTECTED] Cc: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Monday, May 23, 2005 2:57 AM Subject: AW: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files? Hi Jack, The answer is CATALINA_HOME/bin/catalina.sh CATALINA_OPTS=-Xmx512m -Xss1024k -XX:+PrintGCDetails -server ... Mit freundlichem Gruß / kind regards SBS ORS GD AHS OA42 Otto-Hahn-Ring 6 D - 81739 München Tel. (089) 636-41024 Fax (089) 636-49347 Dr. Aliye Edao mailto:[EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Dakota Jack [mailto:[EMAIL PROTECTED] Gesendet: Montag, 23. Mai 2005 08:48 An: Tomcat Users List Betreff: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files? I am running out of memory when running some imaging ops with Tomcat 5.0.28 and need to set the java command with the attributes -Xms32m, -Xmx256m, and -Xrs. However, danged if I can figure out how to do that. I am using the simple startup.bat and shutdown.bat. Where is the place I plugin with those values? Thanks? -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files?
http://web.bvu.edu/staff/david/index.jsp?section=softwaresubsection=tcservcfgpage=downloads -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, May 23, 2005 10:56 am, Dakota Jack said: Hi, again, Frank, Where can I get a copy of the code/binaries for Java Service Manager (the update of Tomcat Service Manager)? I went to this site but there seems to be no reference to any downloads. On 5/23/05, Frank W. Zammetti [EMAIL PROTECTED] wrote: And just to let you know, should you ever need/want to run Tomcat as a service, it's a different story at that point. At least on Windows, those settings are stored in the registry. If you ever need to go down that road, I highly suggest a look at Tomcat Service Manager: http://web.bvu.edu/staff/david/index.jsp?section=softwaresubsection=tcservcfgpage=overview Of course, if your not on Windows or not running as a service, you already have your answer :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Mon, May 23, 2005 10:11 am, Dakota Jack said: Thanks for the assistance. I finally figured this out, for future people trying to find the same answer. The environmental variables at the top of catalina.bat can be set there. So, I added: SET CATALINA_OPTS=-Xms512m -Xmx512m -Xrs after rem rem CATALINA_OPTS (Optional) Java runtime options used when the start, rem stop, or run command is executed. rem in catalina.bat. On 5/23/05, Parsons Technical Services [EMAIL PROTECTED] wrote: Jack, To use the batch files you need to set it as an Environment Variable. The catalina.bat file will the pick it up and add it to command line. If you are wanting to do some quick testing, I think you MAY be able to include it on the command line with startup.bat. I don't run on Windows so I can't test it. If you look in the catalina.bat you will see the comments at the top talking about the variables. If you look in startup.bat you will see where it picks up the command line variables. The .sh files are the nix OS equivalent to the Windows .bat files. Doug - Original Message - From: Edao, Aliye [EMAIL PROTECTED] To: Dakota Jack [EMAIL PROTECTED] Cc: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Monday, May 23, 2005 2:57 AM Subject: AW: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files? Hi Jack, The answer is CATALINA_HOME/bin/catalina.sh CATALINA_OPTS=-Xmx512m -Xss1024k -XX:+PrintGCDetails -server ... Mit freundlichem Gruß / kind regards SBS ORS GD AHS OA42 Otto-Hahn-Ring 6 D - 81739 München Tel. (089) 636-41024 Fax (089) 636-49347 Dr. Aliye Edao mailto:[EMAIL PROTECTED] -Ursprüngliche Nachricht- Von: Dakota Jack [mailto:[EMAIL PROTECTED] Gesendet: Montag, 23. Mai 2005 08:48 An: Tomcat Users List Betreff: Where do -Xms32m, -Xmx256m, and -Xrs go in the Tomcat 5.0.28 batch files? I am running out of memory when running some imaging ops with Tomcat 5.0.28 and need to set the java command with the attributes -Xms32m, -Xmx256m, and -Xrs. However, danged if I can figure out how to do that. I am using the simple startup.bat and shutdown.bat. Where is the place I plugin with those values? Thanks? -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- You can lead a horse to water but you cannot make it float on its back. ~Dakota Jack~ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the value of a form's text field by scriplet?
You might not be asking this, but... Scriplets execute on the server, not on the client. The results of a scriplet are in essence inserted into the response. So in that regard, no, you can't use a scriplet to change the value of a text field as you would with Javascript because Javascript executes on the client *AFTER* the response has been completely rendered and returned to the broser, while a scriplet executes *WHILE* the response is being rendered and *BEFORE* it is returned to the client. Does that answer the question, or did I misinterpret? Frank Cassius V. de Magalhaes wrote: Hello, I would like to change the value of a form's text field by scriplet, is it possible, please? Through Javascript, I can use the form name plus the name of the field, for example, myform.address.value='xxx'. I know I can do myform.address.value='%= something %', where something is a scriplet variable declared previously. Is it possible to change the value of a form field inside of a scriplet just as we can by a javascript code, please? TIA, Vinicius. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to change the value of a form's text field by scriplet?
I should also mention, you can certainly do something like this: script function changeIt() { myForm.myField.value = %=someValue%; } /script ...but that's not much different than just setting the value of the field with a scriplet. However, if you perhaps have some discrete values that you want to be able to change the field to, like maybe something like a previous value button, and you have the value at the time the JSP is interpreted, you can do this and just call changeIt() in response to onClick() of the button. That's something of a hybrid. Frank Frank W. Zammetti wrote: You might not be asking this, but... Scriplets execute on the server, not on the client. The results of a scriplet are in essence inserted into the response. So in that regard, no, you can't use a scriplet to change the value of a text field as you would with Javascript because Javascript executes on the client *AFTER* the response has been completely rendered and returned to the broser, while a scriplet executes *WHILE* the response is being rendered and *BEFORE* it is returned to the client. Does that answer the question, or did I misinterpret? Frank Cassius V. de Magalhaes wrote: Hello, I would like to change the value of a form's text field by scriplet, is it possible, please? Through Javascript, I can use the form name plus the name of the field, for example, myform.address.value='xxx'. I know I can do myform.address.value='%= something %', where something is a scriplet variable declared previously. Is it possible to change the value of a form field inside of a scriplet just as we can by a javascript code, please? TIA, Vinicius. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a servlet receive its own request?
You *probably* could do this... I'm not 100% sure. What I *AM* sure about though is that this would be pretty ugly :) I'm not sure what you mean by Outside server processes request and responds with POST response (also via https). though... Is the idea that the request to the outside server is to be asychronous, or will your servlet be awaiting a reply? If the former, then you probably can go with your approach and it won't be all that ugly... it's essentially nothing more than another request coming in to the servlet, same as always, your just going to process it differently... as long as you get enough information back to be able to complete the transaction, it should work fine. Just treat the initial request to your servlet and the response back from the outside server as two separate requests and you should be fine. If however, as I suspect might be the case, your servlet is going to actually be awaiting a reply from the outside server, then you should look at using Commons HTTPClient. I'm relatively sure it supports SSL connections, and then all your doing is making a remote request, awaiting the response and processing accordingly. It'd be just like using the standard URL object, but it's more robust than that. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, May 18, 2005 11:58 am, Michael Mehrle said: Simple question, but it's driving me nuts. I really don't want to get into the whole web service business - all I need is for a servlet to be the recipient of its own request. Or - in other words - can a servlet act like a web browser - just without the GUI? Use case: - Servlet issues https request to an outside server (via getServletContext().getRequestDispatcher(https://www.someoutsideserver/) ) - Outside server processes request and responds with POST response (also via https). - Servlet [somehow] is able to be the recipient of the response. - Servlet parses the response and stores data to the database. Notes: - The servlet is not the default servlet on that tomcat instance. - Everything happens via https and I expect the outside server will listen on 443 and tomcat on 8443 ANY suggestions would be very helpful - this seems to be a tricky one. TIA, Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can a servlet receive its own request?
I don't think saying it's silly is really helpful, or even necessarily accurate... If the idea is that the request to the outside server is meant to to asynchronous, i.e., maybe it feeds a queue or something, then it's a reasonable model. It doesn't sound like that's what the OP meant, but if it was, it would be reasonable. Of course, even in that case the servlet is not receiving its own request, it is simply making a request, at which point it is done, and at some future time receiving a request with the results. I agree with you that Web Services need not be as complicated as some make it out to be... no need to involve SOAP or XML-RPC or any other of the numerous alphabet soup entries. I was doing Web Services seven years ago, long before I heard the term. I suppose you could say that's not standards-compliant, which is one of the goals behind Web Services of course... if everyone used the same mechanisms than theoretically it would all be interoperable with no effort, and that's not the case if you essentially cook up your own protocols, but since the reality is that even following the standards you rarely get that right now, it's not such a problem :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, May 18, 2005 2:53 pm, Will Hartung said: From: Michael Mehrle [EMAIL PROTECTED] Sent: Wednesday, May 18, 2005 8:58 AM - Servlet issues https request to an outside server (via getServletContext().getRequestDispatcher(https://www.someoutsideserver/) ) - Outside server processes request and responds with POST response (also via https). - Servlet [somehow] is able to be the recipient of the response. - Servlet parses the response and stores data to the database. Your problem is with the whole model. There is no reason why a Servlet can't send an HTTP(S) request to another server. But the server that you are making the request shouldn't be making an independent POST back to you, rather it should just send you the data you want back as the reply body. You then parse the reply and move on. IF you insist that the reply be in the manner of a POST from the other server (really really silly IMHO), then, simply, you need to make the request to the other server be the last thing your Servlet does. Then when the POST comes back, you pick up where you left off, tracking your state through a request parameter. So, your Servlet may start with a request like: http://otherserver.com/processData?mysession=123stage=1 Then the otherserver replies with a POST to: http://yourserver.com/yourServlet?mysession=123stage=2 You use the mysession information to maintain your state between requests. But the key is that your servlet ends each time, and Tomcat then restarts it when the POST comes back. It's still a silly idea. You don't need Webservices, SOAP, XML-RPC, etc to talk to another server via HTTP. You can easily stream serialized Java objects to each other if you want, use the simple Java Properties file format for your responses, etc. I think if you have control over both servers, WEB RPC can be very simple for a limited domain. If you don't have control over the other server, then you do what you have to do. I mean, seriously: public class AddNumberServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); String arg1 = request.getParameter(arg1); String arg2 = request.getParameter(arg2); int i1 = Integer.parseInt(arg1); int i2 = Integer.parseInt(arg2); int result = i1 + i2; out.println(answer= + result); } } public class RequesterServlet extends HttpServlet { public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); URL reqURL = new URL(http://otherserver/AddNumberServlet?arg1=2arg2=4); Properties result = new Properties(); result.load(reqURL.openStream()); String answer = result.get(answer); out.println(HTMLBODYWhen you add up 2 and 4 you get + answer + /BODY/HTML); } } There. Instant web service. Error checking and robustness are left as an exercise for the reader, but you can see that you don't need a 500 page book to get some data from another web server. Not to discount the XML-RPC and SOAPs, they have their place most certainly. No doubt XML-RPC started just like this and grew from there (and then into SOAP), but its just a simple example of how easy this can be when you have control over the whole shebang. Regards, Will Hartung ([EMAIL PROTECTED]) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: How to do Downtime with a Apache/Tomcat webapp
I had a similar requirement in my app... We had a two-hour window per day when the app was unavailable because background tasks were processing. The server was still up, and so was the app technically, but it was not available. I wrote a filter to take care of this. I had a flag in application context to tell if the app was up or not too, so that if I had to make the app unavailable during a time when it normally was available, I just set the flag. I also defined a single user that was still allowed to get in (another context parameter). This works out great. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Len Popp wrote: I've been thinking about the same problem, but I haven't gotten around to working on it seriously. How about this: Instead of fiddling with the JkMount directives in Apache, swap the web.xml in your Tomcat app so it points to a minimal servlet that returns the Out of service page for all requests. Does that sound like it would work? It would be less disruptive because you don't have to restart Apache (if there's more to the web site than the one Tomcat app). Plus this will work with stand-alone Tomcat. On 5/15/05, Richard Mixon (qwest) [EMAIL PROTECTED] wrote: I'm curious how folks handle letting users know that their webapp is down when doing maintenance. We've got a pretty standard setup. Our informational/static site is served by Apache 2.0.x. We use mod_jk to link to a page in our webapplications, triggering CMA for authentication and login. We run Tomcat 5.5.x. Although we actually have Tomcat clustered, there are still times when we need to make the application unavailable. (i.e. doing database schema changes, etc.). I would like for a page to be displayed that says the application is temporarily not available. So, what's the best way to do this? One way I can think of is to modify the JkMount directives so that may context name was not mapped to Tomcat, but instead to a static page - the just do a restart. Trouble is some of our users have bookmarks into various pages/actions in the application - we would somehow have to mapp all pages that began with the context name to this single page. This sounds a bit messy. Is there a more straightforward way of doing this? Thank you - Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: delete temporary content after session timeout
Write a SessionListener... it has two methods, one that fires when a session is created, one when it is destroyed. That should do the trick for you. That's not a Tomcat-specific solution either, so it should be rather portable should you ever need to move to another app server. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Bob Wobbler wrote: Hi, I have an app that uploads user files in a temporary folder. I want to delete them when the session ends. I know I could solve this with a cron-job, but I'm looking for a way to solve it with Tomcat. Does anyone have an idea how to solve it? Thx for your help in advance, cheers, Robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: delete temporary content after session timeout
Let's see... (1) You are correct, it's nothing more than an entry in web.xml. Remember, this isn't a Tomcat-specific thing, it's a J2EE thing (servlet spec specifically I think), so it's YOUR APP'S web.xml. The entry is simply: listener listener-classcom.company.app.MySessionListener/listener-class /listener Assuming that class is available to the classloader, your all set. (2) I'm not too familiar with the Spring framework, but since it's still built on top of the servlet spec, this would apply just the same, it should be independant of app server and framework in use. Spring may have it's own mechanism for doing this, but given the choice I'd chose the standard approach, which is a listener. (3) I don't have any good references handy, but just Googling SessionListener will turn up plenty of hits. Just to save you some time, here's the basic structure of a SessionListener class: package com.company.app.MySessionListener import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; public class MySessionListener implements HttpSessionListener { /** * This method is called by the servlet container just after http session is * created. * * @param bevent/b HttpSessionEvent */ public void sessionCreated(HttpSessionEvent event) { } /** * This method is called by the servlet container just before http session is * destroyed. * * @param bevent/b HttpSessionEvent */ public void sessionDestroyed(HttpSessionEvent event) { } } Couldn't be simpler! You can do event.getSession() in both if you need to do anything with the session (like, for the OP, if you have a reference to the user ID who's directory you want to purge of temporary files). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Tim Diggins wrote: that sounds very useful, not something I've done before -- can I ask a few questions - 1) how does one bind that into Tomcat -- declare a session listener in (I presume) web.xml? 2) as I'm using Spring Framework, is this still relevant (or is there a spring-specific way of binding in a session listener --- sorry, ought to ask that on a spring list...) 3) can you recommend the best reference material / sites on managing sessions (standard tomcat docs seem to have nothing on sessions I can find.) Tim Frank W. Zammetti wrote: Write a SessionListener... it has two methods, one that fires when a session is created, one when it is destroyed. That should do the trick for you. That's not a Tomcat-specific solution either, so it should be rather portable should you ever need to move to another app server. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sessions and keep-alives
I'm curious how this would work? If I open a page with an invisible GIF, there's no way (without scripting and such) to have the GIF refresh, right? Or is there something I'm missing? You can set a meta refresh on the page, but not the GIF itself, as far as I know anyway. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Fri, May 13, 2005 12:04 pm, Tim Diggins said: I'd just include this invisible gif on every page (request) of webapp B. (bone-headed solution, but why get more tricksy until you need it). -- Tim Patrick Lacson wrote: Interesting solution Tim.. so webapp B would invoke this invisible gif from webapp A on an interval basis? -P On 5/13/05, Tim Diggins [EMAIL PROTECTED] wrote: Hi Patrick - If not an iframe, why not a gif... There's nothing (in principle I think*) stopping you having a jsp page that returns a (tiny, invisible) gif (with the right mimetype) and with appropriate expires/cache-control headers to make sure that it gets got each time. That's the way some web-counters work, for example, and I can't see it would create a problem... (I don't however know whether you can maintain two session cookies at the same time... Would work however with a param-based session). --Tim * I have done this in similar kinds of situations with python php, but not tomcat. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sessions and keep-alives
If you can use Javascript (and can require it), what you could do is set a timer in app B's onLoad event to call a Javascript function in app A from app B (parent.myFunction();)... This function could refresh whatever the current page is in some interval less than your timeout period. You'll have to ensure all pages of app A have that refresh function in page-scope, and that all pages in B set that timer and make the call. If a full-page refresh isn't feasible, you can make an AJAX call to app A that does really nothing, but that should be enough to keep the session from timing out. Does that all make sense? (I'm not sure I described it well) Frank W. Zammetti -Original Message- From: Patrick Lacson[EMAIL PROTECTED] Sent: 5/13/05 12:56:43 AM To: Tomcat Users Listtomcat-user@jakarta.apache.org Subject: Re: Sessions and keep-alives I've considered iframes, but unfortunately not an option for us. From what I understand AJAX can make async calls to the HTTP server from the webapplication only, not on behalf of another. So if the popup application is webapp B, and the parent webapp A, how can I call the webapp A server from webapp B for the keep-alive? On 5/12/05, Tim Funk [EMAIL PROTECTED] wrote: The simplest kludge is an iframe that is hidden and uses a META refresh. Or look at using ajax. -Tim Patrick Lacson wrote: hi All! I'm involved in a project that integrates two disparate web applications: webapp A is using WebSphere and webapp B is using Tomcat. The integration involves Single Sign On, with webapp A being the primary webapp from which webapp B is launched. webapp B is launched as a popup-window. My question is: how can i ensure that while the user is working on the webapp B popup, the parent window webapp A, does not time-out? Thanks in advance! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sessions and keep-alives
If you can use Javascript (and can require it), what you could do is set a timer in app B's onLoad event to call a Javascript function in app A from app B (parent.myFunction();)... This function could refresh whatever the current page is in some interval less than your timeout period. You'll have to ensure all pages of app A have that refresh function in page-scope, and that all pages in B set that timer and make the call. If a full-page refresh isn't feasible, you can make an AJAX call to app A that does really nothing, but that should be enough to keep the session from timing out. Does that all make sense? (I'm not sure I described it well) Frank W. Zammetti -Original Message- From: Patrick Lacson[EMAIL PROTECTED] Sent: 5/13/05 12:56:43 AM To: Tomcat Users Listtomcat-user@jakarta.apache.org Subject: Re: Sessions and keep-alives I've considered iframes, but unfortunately not an option for us. From what I understand AJAX can make async calls to the HTTP server from the webapplication only, not on behalf of another. So if the popup application is webapp B, and the parent webapp A, how can I call the webapp A server from webapp B for the keep-alive? On 5/12/05, Tim Funk [EMAIL PROTECTED] wrote: The simplest kludge is an iframe that is hidden and uses a META refresh. Or look at using ajax. -Tim Patrick Lacson wrote: hi All! I'm involved in a project that integrates two disparate web applications: webapp A is using WebSphere and webapp B is using Tomcat. The integration involves Single Sign On, with webapp A being the primary webapp from which webapp B is launched. webapp B is launched as a popup-window. My question is: how can i ensure that while the user is working on the webapp B popup, the parent window webapp A, does not time-out? Thanks in advance! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] [Message truncated. Tap Edit-Mark for Download to get remaining portion.] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Free reporting s/w that works with apache+tomcat
Take a look at DataVision. I think you'll like it. I wrote an article a while back specifically dealing with using it in web applications. Although the article uses servlets and you say your using JSPs (just JSP's?) it should still be applicable. http://www.omnytex.com/articles Feel free to ping me if you decide to use it and need some help getting going beyond the article and included documentation. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com U K Laxmi wrote: I'm developing a web application using apache+tomcat on windows 2000 machine. I'm using Ms Access 2003 as the backend. I'm using JSP for developing web application. I'm developing some web based reports in HTML. But when i export them to Excel, it doesn't look exactly same as that of HTML report. Moreover i need some header and footer information appear in the report. That i'm unable to achieve using JSP and HTML. So, i'm looking for a free reporting software that can meet above functionality and can work with apache+tomcat. If anyone know any work worunds for my problem, pls inform me. It will be a great help to me. Thank you. __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Free reporting s/w that works with apache+tomcat
Hi, CSV files don't generally contain header and footer information... you can get column headers in the first row, that's about it. I don't believe DataVision will export to Excel natively, but check the docs in case I'm wrong. Do you really mean header and footer in the sense of a Word document? It's a bit unusual to have such a thing in an Excel document (although not at all unheard of), so I'm wondering if maybe you mean something a little different, i.e., maybe just column headers and some sort of totals? Frank U K Laxmi wrote: Thank you for the information. I read your report and it looks interesting. I went to DataVision web site and found that it can export comma separated files ie. CSV file. Will it be possible to retain header and footer information with a .CSV file? I basically want excel files as the report output. B'coz the end user needs to send to those reports to it's vendors. Excel is the most desired format for them. Pls give your feedback on this before i start implementing on this. Thank you. --- Frank W. Zammetti [EMAIL PROTECTED] wrote: Take a look at DataVision. I think you'll like it. I wrote an article a while back specifically dealing with using it in web applications. Although the article uses servlets and you say your using JSPs (just JSP's?) it should still be applicable. http://www.omnytex.com/articles Feel free to ping me if you decide to use it and need some help getting going beyond the article and included documentation. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com U K Laxmi wrote: I'm developing a web application using apache+tomcat on windows 2000 machine. I'm using Ms Access 2003 as the backend. I'm using JSP for developing web application. I'm developing some web based reports in HTML. But when i export them to Excel, it doesn't look exactly same as that of HTML report. Moreover i need some header and footer information appear in the report. That i'm unable to achieve using JSP and HTML. So, i'm looking for a free reporting software that can meet above functionality and can work with apache+tomcat. If anyone know any work worunds for my problem, pls inform me. It will be a great help to me. Thank you. __ Yahoo! Mail Mobile Take Yahoo! Mail with you! Check email on your mobile phone. http://mobile.yahoo.com/learn/mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Discover Yahoo! Have fun online with music videos, cool games, IM and more. Check it out! http://discover.yahoo.com/online.html -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: compile against servlet.jar but must run tomcat with servlet-ap1.jar
As a generality, a compilation should set up all required environment setting with each build run. Those settings should be transitory, i.e., should not persists beyond that build. So in your case you would add servlet.jar to the classpath temporarily, compile, and revert the classpath (which may happen automatically depending on how you do your build). If you are using an IDE, it will almost certainly handle this for you via some sort of classpath setup screen. An IDE wouldn't be worth much if it didn't at least handle this for you :) If you are working from a plain command line, you have some choices... First, write a batch file or shell script, depending on your environment, to do your compile. This script would include setting the classpath, your javac command, and possibly restoring the classpath to what it was before. Note that if on Windows you execute a batch file, the change to classpath is only valid for the life of that command line invocation, so there's no need to restore anything (unless you are going to sit at a command prompt in the same window and build a couple of times). Second, use Ant or Maven or some other build tool. I suggest this option if you aren't using an IDE for sure. It sounds like you might be doing some sort of teaching based on the fact that it's a getting started project... If your going to be teaching anyway, or if you are just learning yourself, I suggest taking the dive into Ant right away. I like Ant myself, some prefer Maven... the choice is yours, but I think it's fair to say that Ant is a little more popular at this point... Maven might be king a few months down the road though. In any case, neither is difficult at all once you get the basics down, and it will save you a lot of trouble in the long-run. Frank Fred Cook wrote: Hi All, We our new to Tomcat and have a bit of an odd problem. We are developing a getting started project. We have found that we must compile with servlet.jar in our CLASSPATH, but Tomcat will not run with servlet.jar in the CLASSPATH. Tomcat will run with servlet-api.jar, but the test program will not compile with servlet-api.jar in the CLASSPATH. To be more specific we get a: package javax.servlet.http does not exist error when compiling against servlet-api.jar Similar errors ocure when running Tomcat with servlet.jar Changing the CLASSPATH everytime we decide to compile or run isn't much fun. Anybody got an idea on why this is happening, and what the solution is. Tomcat vs 5.5.7 apache vs 2.0.53 RH 8.0 JDK 1.5 -Fred - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Concurrency Issue With a SessionListener.
I had to do almost the exact same thing a while back... I'm not sure what the source of your lockup is, although I can say my code synchronized on what would be your activeSessions Set any place it was accessed (probably more than I had to frankly)... I'm not even sure there would have been concurrency issues anyway frankly, but it seemed like a good idea at the time :) One issue I'm not sure you have thought of though, and I suppose it could have to do with the lockup, although I'm not sure how... your list of users will be unique to each node in the cluster. You would have an instance of ActiveUsersListener on each node, and each of those would have its own activeSessions Set, so you wouldn't have a consolidated list of users on your site, you'd have a list of users on a given node in each instance of the listener... further, if a user hits one node during logon, and then is directed to another, and during that request you try and retrieve the session from activeSessions, it won't be there because its in the version of activeSessions on the first node. Where specifically does the lockup occur, meaning, is it during logon or a listing of users? I'd bet you can see enough in the log to at least tell what method your in (well, not as the code is posted... throw some log outputs in sessionCreated(), sessionDestroyed() and getActiveUsers() so you can at least see the last place you wind up... hell, I'd put log messages around every single line in this listener so I could tell exactly where it was failing. Frank Jacob Champlin wrote: I am having issues with a SessionListener I have written. The purpose of the Listener is to maintain a List of Active Users on the site. Here is the code for the Listener. // BEGIN CODE public class ActiveUsersListener implements Serializable, HttpSessionListener { public static Set activeSessions = new HashSet(); public void sessionCreated(HttpSessionEvent event) { activeSessions.add(event.getSession()); } public void sessionDestroyed(HttpSessionEvent event) { activeSessions.remove(event.getSession()); } public static List getActiveUsers() { List users = new ArrayList(); Iterator sessionIter = activeSessions.iterator(); HttpSession session = null; EmoUser user = null; while (sessionIter.hasNext()) { session = (HttpSession) sessionIter.next(); user = (EmoUser) session.getAttribute(EmoUser.SESSION_KEY); if (user != null user.hasLoggedIn()) { users.add(user); } } return users; } } // END CODE I then have a webpage that calls ActiveUsersListener.getActiveUsers() to list out all the active users on the site. Note: I don't just store the User objects because the user object doesn't get created until the user logs in. So the problem I am having is that this code works fine on a single box under Tomcat 5.5.4 . However, as soon as we go into a cluster we get lockups in Tomcat. The server is completely unresponsive, and there are no log/error messages. Because of this I am assuming we have a concurrency issue, however I have no idea where the problem is. A few more bits of information, we persist sessions to file system on shut down, and we use in memory session replication only when session.setAttribute() is called (DirtyFlag). Thank you in advance for any help. Jacob Champlin EMO Corporation - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Images CSS not loaded after the request passes through a Servlet Filter
Question: are the requests for images and CSS files also going through the filter? I'm wondering if those requests are getting forarded to the logon page too, which obviously wouldn't work. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Thu, April 28, 2005 1:25 pm, Roberto said: Hi, I have a small java application, in which a servlet processes the request and then calls a JSP to present the data. Everything is OK with that configuration. Then, I decided to create a servlet filter, to redirect every request to that application, to a login page first. The code of that filter is the following: ** public final class ApplicationFilter implements Filter { private FilterConfig _fc = null; public void init(FilterConfig filterConfig) throws ServletException { this._fc = filterConfig; } public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { try { RequestDispatcher rd = _fc.getServletContext().getRequestDispatcher(/login); rd.forward(request, response); } catch (Exception e) { System.out.println(Exception: + e.getMessage()); e.printStackTrace(); } } -- (the rest was intentionally omitted) -- *** The redirection works great, BUT all images and CSS referenced in the JSP file are not loaded after the request passes through the filter. The application runs perfectly, and takes the user to the login screen, and after that, to the application. The application does some database queries and returns the data correctly. BUT, everything without images or the styles defined in the CSS file. Just to make a test, I put the CSS file contents directly inside the JSP file, and it worked great. In this case, images were not loaded also... The process flows like this: Request -- Filter -- login (a servlet) -- login.jsp -- queryDB (a servlet) -- queryDB.jsp When I disable the filter, in the web.xml file, everything works as would be expected. The configuration in web.xml is OK: all servlets are set, as is the filter itself. I'm using Tomcat 5.0.28 on a Gentoo Linux system, with POSIX threads and kernel 2.6.9. The hardware is a P IV HT 3.2 Ghz. I also checked the archives of this list, but was unable to find any reference to a problem like this one. Does anyone know what is happening ? Regards, Roberto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Nervous about Sessions ...
There *technically* isn't any requirement that things you store in session be serializable. However, since some app servers use databases or file systems to persist session information, and that many times is implemented using serialization, and since serializable is usually (if not always) necessary in a clustered environment to replicate the session between nodes, you probably do for all intents and purposes only want to store serializable objects in session, just to future-proof your app. Yes, you can store simple java types, and no, you do not *have* to use beans (although I think this is generally considered a best practice in most cases). If you do use beans though, you will probably want to make sure you only use serializable types in the bean, or mark them transient as Viorel mentioned, as per the point made in the first paragraph above. But again, there's nothing that says you have to do any of this... if you KNOW you are only going to run on a single server and if you KNOW your app server is only storing session in memory, there is nothing that says any object you put in session, on it's own or by virtue of members it contains, must be serializable. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com David Whitehurst wrote: If I use the session to store things, 1. Can I use simple java types? 2. Do I have to use Java Beans (extends serializable)? David Whitehurst Viorel Dragomir wrote: Yes. But you can set some attributes of the objects as [ transient ] to not be serialized. So you don't have to make all objects in the package serializable. Viorel Dragomir . .. --- - Original Message - From: David Whitehurst To: tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 11:31 Subject: Nervous about Sessions ... Long ago a multi-client, multi-Oracle application was written using Struts. Recently, we had a 4 in 22,000 record data integrity issue. I found one client implementation that used prepared statements but the primary key was being used e.g. update mytable set a= ?, b=? where pri_key = + pkey + ' ; ...whoa! I said, called the developer and we had a talk. Then, I also found that where we use a HashMap object it is not synchronized. I suspect that was the data problem, i.e. two records saved by two different people, and the data was the same for the different records in the same Oracle second. I'm looking for comments about the use of this HashMap on requests but I'm also nervous now where I use Strings in the session e.g. a clientname, username, etc. My concern started when I read the posts about the non-serializable objects in the session. Do all java objects placed in the session have to be serializable? Thanks, David L. Whitehurst - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: set header in all responses
A filter is an ideal solution for this... It has the benefit of being app-specific, so should you ever want to host another app in the same TC instance that doesn't require those headers, they won't be set automatically (i.e., at the server-level). -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Rodrigo Avila wrote: Hi all! Is possible to put this headers in all responses generated by Tomcat? response.setHeader(Pragma,no-cache); response.setHeader (Cache-Control,no-history); response.setDateHeader(Expires,-1); Thanks the attetion. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: set header in all responses
Filters: http://java.sun.com/products/servlet/Filters.html -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Rodrigo Avila wrote: right... I need to all apps in an TC instance use these headers... how I do it? I don't know how use filters / valves... Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RES: Nervous about Sessions ...
Hi Paul, No, I don't know of any changes... I'm actually wondering if this is a restriction the latest servlet spec places on objects in session... I tend to doubt Tomcat would be imposing such a restriction unless the spec indicated such a restriction... I myself might learn something here! :) Does anyone reading this know a definitive answer? Frank Paulo Alvim wrote: Hi Frank, I think this post is related to mine: We had a few non-serializable objects stored in session in TC 5.0.28 but after migrating the app TC 5.5.9 is throwing java.lang.IllegalArgumentException: setAttribute: Non-serializable attribute. ...when we try to put a non-serializable in the session. We are using a JSTL recommended form like: (...) javax.servlet.jsp.jstl.fmt.LocalizationContext lc = new javax.servlet.jsp.jstl.fmt.LocalizationContext(bundle); javax.servlet.jsp.jstl.core.Config.set(session, javax.servlet.jsp.jstl.core.Config.FMT_LOCALIZATION_CONTEXT,lc); (...) Do you know about any changes related to that in TC 5.5.x? Thank you! Paulo -Mensagem original- De: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 27 de abril de 2005 12:59 Para: Tomcat Users List Assunto: Re: Nervous about Sessions ... There *technically* isn't any requirement that things you store in session be serializable. However, since some app servers use databases or file systems to persist session information, and that many times is implemented using serialization, and since serializable is usually (if not always) necessary in a clustered environment to replicate the session between nodes, you probably do for all intents and purposes only want to store serializable objects in session, just to future-proof your app. Yes, you can store simple java types, and no, you do not *have* to use beans (although I think this is generally considered a best practice in most cases). If you do use beans though, you will probably want to make sure you only use serializable types in the bean, or mark them transient as Viorel mentioned, as per the point made in the first paragraph above. But again, there's nothing that says you have to do any of this... if you KNOW you are only going to run on a single server and if you KNOW your app server is only storing session in memory, there is nothing that says any object you put in session, on it's own or by virtue of members it contains, must be serializable. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com David Whitehurst wrote: If I use the session to store things, 1. Can I use simple java types? 2. Do I have to use Java Beans (extends serializable)? David Whitehurst Viorel Dragomir wrote: Yes. But you can set some attributes of the objects as [ transient ] to not be serialized. So you don't have to make all objects in the package serializable. Viorel Dragomir . .. --- - Original Message - From: David Whitehurst To: tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 11:31 Subject: Nervous about Sessions ... Long ago a multi-client, multi-Oracle application was written using Struts. Recently, we had a 4 in 22,000 record data integrity issue. I found one client implementation that used prepared statements but the primary key was being used e.g. update mytable set a= ?, b=? where pri_key = + pkey + ' ; ...whoa! I said, called the developer and we had a talk. Then, I also found that where we use a HashMap object it is not synchronized. I suspect that was the data problem, i.e. two records saved by two different people, and the data was the same for the different records in the same Oracle second. I'm looking for comments about the use of this HashMap on requests but I'm also nervous now where I use Strings in the session e.g. a clientname, username, etc. My concern started when I read the posts about the non-serializable objects in the session. Do all java objects placed in the session have to be serializable? Thanks, David L. Whitehurst - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: development environment
* Pentium IV 2.8GHz, 2G RAM, dual 21 monitors (CRT's... they're still far better to me, screw size!) * Windows XP Professional as main OS and Redhat8/WinNT/Win98/Mandrake in VMWare for testing * UltraEdit Directory Opus - This is essentially my development environment, these two are where I spend 90% of my time during the day * Tomcat locally for all development as well as an instance on the Redhat VM, a secondary PC next to me (lesser hardware specs, but still decent) running Windows 2000 has WebSphere 5.1 which is our production app server of choice * Maxthon and Firefox for testing * Oracle 9i for all database development * SourceSafe for some things, CVS for others (we are moving to all CVS, but SS is still in use right now) That's the important stuff I figure. That's at work by the way, but I have an almost identical setup in my home office (laptop instead of secondary PC is the big difference), configured in a very similar way, so with the full VPN access to work, I can work almost as effectively at home as at work, not to mention work on my own stuff off-hours. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Patrick Lacson wrote: hi All, I'm curious to what everyone's dev environment looks like. Here's mine: hardware Penium IV 2.0Ghz / 1GB Ram OS Windows XP Pro IDE / Tools Eclipse 3.x / Emacs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Accessing the context path within a Servlet/JSP
See HttpServletRequest.getContextPath() J Malcolm wrote: I have looked at the JavaDocs, but I can't find a method that will give me the context path for a web app: (i.e. Context path=/abcxyz docBase=...) All I want is the /abcxyz string precisely as defined in the context tag. I have tried getPath() from the servletContext, but it returns part of the host name as well. That doesn't make sense either, but that's the way it's working for me... It returns jndi: for the protocol (???) Am I doing something else wrong here? I found the getServletContextName() method. But that is an optional parameter on the context tag, and I can't risk using something that might not be defined. I'm currently parsing up the URL object returned from servletContext.getResource(/); But this is a hack. Surely there is a better way to get the root URL context for a web app... (?) Suggestions?? (BTW... Tomcat 5.5.7) Thanks. Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JavaMail API ?
I wouldn't have expected to see them in Tomcat frankly... Although sending eMails from a webapp is relatively common, it's not common enough to be included with an app server (well, except for Websphere, which generally includes everything under the sun!) I am kind of surprised it hasn't been incorporated into JDK1.5 though, that would have been a reasonable expectation. Is it perhaps rolled into J2EE instead? I don't know. Same for JAF. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com David Smith wrote: No mistake that I know about. JAF and JavaMail are both separate downloads from Sun's site and have been all along. Licensing issues probably prevent them from being included in the Tomcat dist. --David Nikola Milutinovic wrote: Nikola Milutinovic wrote: Hi all. I'm running Tomcat 5.5.7 on Windows XP and Sun JDK 1.5.0_01 I notice that JavaMail API is missing from BOTH Tomcat and JRE. There is no javax.mail.* hierarchy in ${JAVA_HOME}/lib/rt.jar It is also missing JAF (Java Activation Framework). I mean, no problem, I CAN get a hold of those JARs, but really, what's the story? A simple mistake on Sun's or TC team's part? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat control from Ant
Hello all. I have an Ant build script for an application that stops Tomcat if it's running, deletes the work folder for the application (so I can ensure all JSPs get recompiled) and starts Tomcat again. Here's the two relevant tasks: target name=tomcat_cleanup delete dir=${app_base_dir}/../../work/Catalina/localhost/toa / /target target name=start_tomcat exec executable=${catalina_home}/bin/startup.bat os=Windows XP spawn=true env key=CATALINA_HOME value=${catalina_home} / /exec /target app_base_dir is properly defined (I know because the work folder DOES get deleted) pointing to the root of the webapp, as is cataline_home (because Tomcat DOES start up). Here's the problem... When I access the first page on my application (index.jsp in the root of the webapp), I get the following: The file or path you specified (..\..\..\\bin\bootstrap.jar) is invalid relative to C:\tomcat org.apache.tools.ant.util.FileUtils.resolveFile(FileUtils.java:761) org.apache.tools.ant.Project.resolveFile(Project.java:1293) snip - I'm beting the whole stack trace isn't important Anyone have any ideas? Funny thing is, if I manually run startup.bat, sure enough everything works perfectly as it should. I don't get it. Thanks all! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat control from Ant
I figured it out... kinda of obvious after the fact actually... My catalina_home Ant property was defined as ../../../ You see, all the paths in the build script are defined relative to the build file, which is always in the directory source in the root of the webapp. Everything else works this way, but not catalina_home. I defined it as c:\tomcat instead and everything works again. It would be nice if I could define in relatively like all the rest, so if anyone has any ideas, I'm all ears. But, failing that, I can live with this one absolute path in the build script. Sorry for the list noise :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Thu, February 17, 2005 11:02 am, Frank W. Zammetti said: Hello all. I have an Ant build script for an application that stops Tomcat if it's running, deletes the work folder for the application (so I can ensure all JSPs get recompiled) and starts Tomcat again. Here's the two relevant tasks: target name=tomcat_cleanup delete dir=${app_base_dir}/../../work/Catalina/localhost/toa / /target target name=start_tomcat exec executable=${catalina_home}/bin/startup.bat os=Windows XP spawn=true env key=CATALINA_HOME value=${catalina_home} / /exec /target app_base_dir is properly defined (I know because the work folder DOES get deleted) pointing to the root of the webapp, as is cataline_home (because Tomcat DOES start up). Here's the problem... When I access the first page on my application (index.jsp in the root of the webapp), I get the following: The file or path you specified (..\..\..\\bin\bootstrap.jar) is invalid relative to C:\tomcat org.apache.tools.ant.util.FileUtils.resolveFile(FileUtils.java:761) org.apache.tools.ant.Project.resolveFile(Project.java:1293) snip - I'm beting the whole stack trace isn't important Anyone have any ideas? Funny thing is, if I manually run startup.bat, sure enough everything works perfectly as it should. I don't get it. Thanks all! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
-INF *or* a database, transparently to the user and front-end. That's a nice bit of flexibility to be sure. I don't say you are mistaken. I just think that this is going to be an interesting little inquiry, if you want to chase it to its end, which is my normal proclivity. At this point I don't think either of us could walk away with an actual answer :) I understand. All your comments are quite fair, in my opinion. We'll look around and learn a bit here. I leave the leg-work to you :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
Dakota Jack wrote: app server = (AS) struts server = (SS) req = request -- = pass res = response You lost me here already... What's the difference between the app server and the struts server? Isn't Struts running IN your app server? With ResourceAction ___ First case HTML = req (AS) res (AS) = 2 Second image JPEG (say) = req (AS) -- res (SS) = 3 . Tenth image JPEG (say) = req (AS) -- res (SS) = 3 WIthout ResourceAction ___ First case HTML = req (AS) res (AS) = 2 First image JPEG (say) = req (AS) res (AS) = 2 Second image JPEG (say) = req (AS) res (AS) = 2 . Tenth image JPEG (say) = req (AS) res (AS) = 2 This is 22 versus 32. Apparently you forgot (I think?) that the app server has to handle ten images too. They don't just go out with the page, although we are looking at this in a very oversimplified sense. I don't see how you got 22 OR 32! :) The first request from the client is for the HTML document, right? So that's one request. The browser then sees ten img tags, regardless of what they point to. So for each one it makes a request. That's 10 requests, right? So it's 11 in all from the client to the server (ignoring for the moment whether server means app server alone or web server in front of app server, or whatever other configuration you might dream up). The only different between the two approaches we've been discussing is what on the server is going to handle each of those 11 requests... Is it a web server sending back a static HTML page for the first request, and then an image for each of the subsequent 10 image requests, or is it a web server returning the HTML page and then an app server returning the images, or an app server returning the page AND the images? There is no question that the AS is quicker with HTML than the SS, but I am not so sure about the images. The SS may be faster. There is lots of room here for tuning. Let me ask you this question... If you are accessing a web site, and you connect directly to the Internet, is that, ignoring things like caching and such, generally going to be faster than going through a proxy? I'd hope you would say yes. Now, clearly, if the proxy is doing caching and/or other optimizations, it might turn out to be faster, but that further proves my point: the web server is like the proxy in this example. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
Dakota Jack wrote: I am certain on this one, because you can do this sort of thing *without* the web or app servers at all. I do this fairly frequently with code not unlike and heavily borrowing in principle from Jason Hunters HttpMessage and HttpsMessage in COS. The ResourceAction sends the response and ends the whole process by returning null. I agree, obviously you can take Tomcat for instance and use it to serve everything... I have a production app that is a single server running Tomcat and Oracle and that's it, no web server anywhere, everything is served from Tomcat whether it's a JSP, an image, an HTML document or whatever else. The question that's in my mind though is what happens when you have a web server in front of Tomcat? Just rendering to the response in a servlet might not be enough in that case... Think of a proxy analogy... Does the web server almost appear like a proxy? In other words, a request comes in to the web server, does it (a) pass the connection to the app server to fulfill, at which point it's done and can service more requests, or (b) does it ask the app server for the resource, whatever it is, wait for the response from the app server and send it along to the client when the app server is done responding? Same idea as a network proxy. The point being, just because the app server CAN serve everything, doesn't necasserily mean it WILL with a web server in front. But again, I don't know the answer here, it's just a question in my mind. ceteris paribus /snip Heh, I meant to tell you last time, this is Latin, not Greek. LOL ///;-) Really?? Well, I have something to yell at my Macroeconomics professor for then! I know for sure she said it was Greek! :) Funny aside... My Macroeconomics professor... her last name, and I couldn't have made this up, is Economopolous. That just rules! But now your pushing those caching decisions back on the browser, right? I thought one of your basic premises was to not trust the browser to construct URLs and such? Wouldn't you have the same distrust for caching? (and probably worse since that is at least at the users' discrection) /snip The answers are no, yes, no. Setting caching in the response object is not equivalent to setting caching in the meta tags. This is why the ResourceAction has an edge. Note also that the setting of cache, pragma and expires are runtime alterable, and can override the meta tags, in ResourceAction. I left those decisions out of the code I sent you. Did you notice where I added in it response to someone's query on that? I did notice, but my point is that the browser settings would override any tags or headers you set. I might be wrong about that, but that would be my expectation. After all, what good is a setting in my browser that says don't cache anything if a web site designer can come along and overrule that? Surely the FOSS community would be up in arms over their loss of freedom, right?!? ;) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
I still don't understanding the 32 and 22... What do the [2] and [3]'s represent? Dakota Jack wrote: Too late when I sent this. Let me make the necessary alterations to the nomenclature. Sorry! web server = df. (WS) app server = df. (AS) request= df. req response = df. res = df. passing the control With ResourceAction 1.0 WS req WS res HTML [2] 1.1 WS req AS res [3] 1.2 WS req AS res [3] 1.3 WS req AS res [3] 1.4 WS req AS res [3] 1.5 WS req AS res [3] 1.6 WS req AS res [3] 1.7 WS req AS res [3] 1.8 WS req AS res [3] 1.9 WS req AS res [3] 1.10 WS req AS res [3] Total 32 Without ResourceAction 1.0 WS req WS res HTML [2] 1.1 WS req AS res [2] 1.2 WS req AS res [2] 1.3 WS req AS res [2] 1.4 WS req AS res [2] 1.5 WS req AS res [2] 1.6 WS req AS res [2] 1.7 WS req AS res [2] 1.8 WS req AS res [2] 1.9 WS req AS res [2] 1.10 WS req AS res [2] Total 22 However, let me note, once again, that we can make it 22 to 22 by simply sending the attributes that are relevant back to a different server. For example, we could have img src='http://blahblahblah.com/ResourceAction.do?file=whatever.gif' Doing this, if we are talking about serving images to a large-scale site, we could get rid of both the WS and the AS and use a SCS (small custom server) optimized for this situation. I do this sort of thing constantly, *sub rosa*, on my sites. This is probably quicker than using WS to serve the images, and certainly so if the images are in any way dynamic in nature and if we make use of the multithreading opportunities that crop up in this situation. But, this is going afield. And, this is only looking at the upside too. Jack If we are talking about dynamically-created resources, then I would tend to agree with your view. But we have, at least as far as I was concerned, been talking about strictly static resources. In that case, your basic premise boils down to, as I see it: An app server running ResourceAction can serve resources more efficiently than a web server. Again, strictly talking about static resources, I would be absolutely SCHOCKED to learn this is the case under most circumstances. That would be like saying a Cadillac could beat a NASCAR vehicle in 1 ten-lap race... It might be able to under some circumstances, like the NASCAR driver being drunk!, and certainly there are some very nice trade-offs to driving the Caddy like more room and a better stereo, but in general you wouldn't expect the Caddy to lose. A bit of hyperbole there, but the underlying point is what's important. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
Dakota Jack wrote: The good is that the web site designer knows when a change has been made and the assumption is that you are going to see what the web site designer has to offer. No? Jack I concur with the assumption, but I don't see it making any difference... Remember that what we affectionately refer to as the web these days is really a lot more than what it was originally. One of the things that was originally intended is that the client is in complete control. If the user wants to request a resource from a server, and they tell their browser via a setting that no, I WANT you to go ask that server EVERY SINGLE TIME for the resources, NEVER use what you might have in the local cache, then they should be allowed to do that, and whatever the web site creator wants you to do is irrelevant. Same idea when the user can override fonts and colors and the like with their own local settings. Nowadays though, us web app/site designers think WE know how best a client should view our site, and we actually go out of our way to make it so... how many times have you visited a site where the font is too small and the usual font size adjustments don't make any difference? So you have to go in to setting and uncheck that User Font Sizes Specified By Site option. Annoying, and not what was originally intended. This is of course all only relevant to the extent that it supports my point, that anything you do on the server side to try and control caching is either (a) useless because the end user can override it anyway or (b) not in keeping with the spirit of the web, at least, not as originally intended. Now I'm off on a bit of a tangent though :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP under /WEB-INF folder
Just from a curiosity standpoint Jack... I've already decided it's not an approach I'd advocate, but I am interested to know how you serve things like graphics and stylesheets from under WEB-INF. I assume all your graphics are actually server by an Action (a trick I've pulled when serving images from a database), and I further assume your stylesheets aren't just linked in... -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Dakota Jack wrote: snip On Tue, 28 Dec 2004 13:57:33 -0500, Frank W. Zammetti [EMAIL PROTECTED] wrote: I think his problem is probably linking to stylesheets and such... Actually, now I have to ask you... if you put *everything* under WEB-INF, I assume you are serving all graphics from a fronting web server then? Otherwise, any document returned to the user that links back to a resource under WEB-INF won't be reachable, which was the crux of his problem as I understood it, that's why he was talking about includes and such all over the place. But, if you really are serving everything from there, how are you doing it? Just curious at this point :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Dakota Jack wrote: I don't know why you are saying that css and/or js must be placed directly under WebRoot. Why do you? I can give you various solutions, once I find out what the problem is supposed to be. There is no issue, by the way, with putting your JSP files under WEB-INF. There are other ways to protect access, but this is, I think, a good one too. Jack /snip Frank, are you still interested in this? I just noticed it. Jack - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP under /WEB-INF folder
One thing worth pointing out about this is that you'll lose the benefit of fronting your app server with a web server... You won't be able to offload the serving of images, stylesheets and such, from the app server to the web server. That's probably not a big problem in many cases where a single server with a decent set of specs can handle the load anyway, but in a more robust enterprise environment, your really kind of defeating the purpose of a fleet of web servers in front of a number of app servers. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Dakota Jack wrote: snip On Sat, 29 Jan 2005 09:00:39 -0500, Frank W. Zammetti [EMAIL PROTECTED] wrote: Just from a curiosity standpoint Jack... I've already decided it's not an approach I'd advocate, but I am interested to know how you serve things like graphics and stylesheets from under WEB-INF. I assume all your graphics are actually server by an Action (a trick I've pulled when serving images from a database), and I further assume your stylesheets aren't just linked in... /snip img src='resource.do?file=whatever.jpg' link href='resource.do?file=whatever.css' rel='stylesheet' type='text/css' You can also put this sort of Struts protocol into Flash ActionScript, etc. To be complete on this list: public final class ResourceAction extends Action { public ActionForward execute(ActionMapping mapping, ActionForm form, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { String file = request.getParameter(file); String ext = file.substring(file.lastIndexOf('.') + 1); String type = null; String path = null; if (gif.equals(ext)) { type = image/gif; path = path(gif); } else if (jpg.equals(ext)) { type = image/jpeg; path = path(jpeg); } else if (css.equals(ext)) { type = text/css; path = path(css); } else if (flash.equals(ext)) { type = application/x-shockwave-flash; path = path(flash); } else if (text.equals(ext)) { type = text/plain; path = path(text); } else if (js.equals(ext)) { type = text/javascript; path = path(js); } else if (png.equals(ext)) { type = image/png; path = path(png); } else if (html.equals(ext)) { type = text/html; path = path(html); } else if (applet.equals(ext)) { type = application/x-java-applet; path = classes + File.separator + com + File.separator + crackwillow + File.separator + applet; } String name = Classpath.WEB_INF + path + file; response.setContentType(type); response.setHeader(Cache-Control, ); response.setHeader(Pragma, ); response.setHeader(Expires, ); response.addHeader(Content-Disposition,filename= + name); try { FileInputStream fis = new FileInputStream(name); BufferedInputStream bis = new BufferedInputStream(fis); byte[] bytes = new byte[bis.available()]; OutputStreamos= response.getOutputStream(); bis.read(bytes); os.write(bytes); os.flush(); os.close(); } catch (IOException ioe) { StdOut.log(SiteConstant.ERROR_LOG,ResourceAction: problem file is: + name + \n + StackTrace.trace(ioe) + \n + ioe.getMessage()); } return null; } private String path(String fileType) { return resource + File.separator + content_type + File.separator + fileType + File.separator; } } ///;-) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP under /WEB-INF folder
Lo, Frank. You really don't lose anything. You just gain a choice. There is a lot more to be said on this, but you probably would know everything on this anyway, so I will leave it at that. That's not strictly true though Jack (neither your premise that you don't lose anything or that I know everything about this, I almost certainly don't!)... In some environments, as I'm sure you know and probably have even dealt with, you have a bunch of web servers in front of a bunch of app servers. The web servers serve static content like images, stylesheets and usually server-side includes, things like that, while the app server handles JSPs and actual server-side (servlet) code. Putting everything under WEB-INF removes this choice because every request has to be routed to your app servers now. In larger scenarios, the whole point of the web servers (well, most of the point anyway) is to offload that work from the app servers and gain efficiency. Division of labor and all that jazz. :) I'd certainly agree that if a particular situation doesn't call for such a distributed environment in the first place, than it's a moot point, and what you suggest certainly has some benefits. But if that's not the case, or if it some day might not be the case (i.e., your app might have to scale into such an environment), then it could become an issue and people should be aware of it before they make their decision. I also don't know what effect this might have in a true distributed environment (i.e., might it be a problem if one request, say for an image, is serviced by one machine, while another services the JSP execuetion itself?). This might never arise, or it might not be a problem at all even if it does, but it could be something for someone to explore is my point. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Dakota Jack wrote: snip On Sat, 29 Jan 2005 17:17:03 -0500, Frank W. Zammetti [EMAIL PROTECTED] wrote: One thing worth pointing out about this is that you'll lose the benefit of fronting your app server with a web server... You won't be able to offload the serving of images, stylesheets and such, from the app server to the web server. That's probably not a big problem in many cases where a single server with a decent set of specs can handle the load anyway, but in a more robust enterprise environment, your really kind of defeating the purpose of a fleet of web servers in front of a number of app servers. /snip Lo, Frank. You really don't lose anything. You just gain a choice. There is a lot more to be said on this, but you probably would know everything on this anyway, so I will leave it at that. Jack - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
in a distributed environment. I'd be interested to hear your thoughts on this point... -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: JSP under /WEB-INF folder PROTOCOL PAGES (ProtocolPages)
. Not following... reading from where? Well, I bet you are being too humble. I am happy to say that my wife just thinks I am the most adorable, wonderful, guy. Go figure, eh? That's what I like, woman that are easy to please :) (You were left SO wide open there I just couldn't resist!) Technology seems to get ahead of rumor in our little world of web work. So, I definitely would like to revisit this. I am going to squeeze getting the *facts* in here soon. I look forward to your test results :) This seems to be false to me. Maybe I misunderstand you. I don't think the browser has a clue whether we are looking at src='myCss.css' or src='resource.do?file=myCss.css'. Right? Jack That's right, the browser doesn't know the difference, but the server side does, and I put that in quotes because it's a little tricker in this discussion to define it. Here's a typical sequence chart, simplified a bit: * Browser requests page from web server- * Web server returns HTML page- * Browser parses page and constructs list of resources to retrieve... * Each image is requested from web server (in parallel, one hopes!)- * Web server returns images, in many cases from a memory cache- * Browser renders page. Nothing unusual there. So you have 11 total round-trips to the server, one for the document, 10 for the images... It might be the same HTTP connection, but that's not definite (in fact I think it's definitely NOT the case, HTTP being stateless and all, but there could be something I don't know there at a very low level), and ultimately not relevant to this discussion anyway because it's still 11 requests, whether the actual connection is torn down between them and rebuilt anew for each or not. Now, let's see what happens using ResourceAction, and I'll take the simpler case of the page being straight HTML and not a JSP... * Browser requests page from web server... * Web server returns HTML page- * Browser parses page and constructs list of resources to retrieve... * Each image is requested from web server- * Web server recognizes .do and passes the request on to app server- * App server performs whatever functions it needs to in order to fulfill the request (in this case we're talking the whole litany of Struts functionality, including your Action of course)- * (Does the app server pass the response back to the web server to serve, or does it serve it directly to the client at that point? I'm actually not sure, but let's be optimistic and say the web server is out of the equation at this point, although I suspect that's NOT the case) In any case, images are returned to client- * Browser renders page. There is clearly more work done with the second chart because the app server is now involved. How costly is all that work? You could make the argument that because any servlet-based application is incurring those costs with most requests, what's the big deal about adding a few more? To a degree that would be a reasonable argument, but scalability is most certainly at risk because viewed from the point of view of the app server, a single page really corresponds to 10 app server requests. Even if it's all done in the most efficient way, those ten requests look, for all intents and purposes, like 10 simultaneous USERS (assuming 1 request per user). So, maybe your app server can handle 100 concurrent requests... If the web server was allowed to serve the images, your app server still has 100 slots available to service requests, which corresponds generally to 100 concurrent users... If it's serving 10 images for each physical user though, now you can only service 10 concurrent users, so you've reduced your overall server capacity (as viewed by outside clients) by 90%. Ouch. I fully acknowledge those are rough, worst-case numbers... I certainly don't mean to imply that your approach is 90% worse. Not at all! Just trying to illustrate the problem, as I see it, in certain environments. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is it mean that Java code does not belong in well designed JSP pages?
I certainly wouldn't presume to speak for Craig, so this is just my own answer... Scriplets, that is, code in JSPs inside % %, is generally considered a Bad Thing(tm) because it's too easy for business logic to sneak into the presentation. Now, there is I think room for debate about how far to push that idea. Some people think that a JSP should be absolutely nothing more than a template for display, so you should wind up with nothing but things like $=someVar%, or more correctly, something like bean:write name=myBean property=myVar /. However, where there is room for debate is whether using any sort of logic whatsoever in a JSP is bad or not. Taking the JSP as a template only idea to it's fullest extent seems to me to imply that logic in ANY form is to be avoided, and should not be done in a JSP, whether it's using taglibs or not to do it (i.e., logic:equal/ shouldn't even be used because it's logic). I think this is too extreme and limits the types of applications you can do... try doing the kinds of apps I do for a living for example, which are webapps that look, feel and work like fat clients, and you'll be hard-pressed to pull off the kinds of things I do without some level of logic in JSPs. That being said, good design dictates that you need to be careful what gets put in your JSPs, whether you use custom tags or not (I'm not a fan of custom tags myself in most cases). Business logic does NOT belong in JSPs, and indeed anything other than trivial bits of code probably shouldn't be there either. I'm not entirely sure what the code you posted is doing, but my gut feeling is that it's too much for a JSP. I do things like this all the time; % boolean altRow = false; String rowStyle = ; for (Iterator it = form.getTOAList().iterator(); it.hasNext(); ) { if (altRow) { rowStyle = cssListboxAltRow; altRow = false; } else { rowStyle = ; altRow = true; } HashMap nextItem = (HashMap)it.next(); BigDecimal toaID = (BigDecimal)nextItem.get(toaID); String status = (String)nextItem.get(status); % tr height=24 class=%=rowStyle% td%=status%/td td%=toaID%/td /tr % } % ...and some will say that's way too much... let's skip the this should be a custom tag! argument for the time being... This kind of code I see no problem with being in a JSP. It's strictly presentation-oriented, and isn't extensive. That being said, NOW we can get to the this shouldn't be there at all argument... it is a perfectly reasonable argument. In an environment where you have page authors and Java coders, you don't want your page authors to have to see code like that. In fact, in the perfect environment where it's split exactly right, they wouldn't even know what this code meant. But, if you had a custom tag that encapsulated that functionality, they could just put showTOAList/ and be done with it. That's the argument for taglibs (the main one anyway). However, you have to ask yourself what kind of environment your in... I dare say most environments are NOT set up that way... maybe they should be, but I don't think the majority are... most places, your page authors are your Java coders are your database developers are your business analysts, etc. In that case, I think the argument doesn't carry as much weight. Eh, I guess I'm off on a bit of a tangent. Most people will tell you that code in JSPs is to be avoided, and I'm not going out of my way to debate that. But, I think it's fair to say that if you do have code in JSPs, it should be (a) trivial and (b) strictly presentation-related. Breaking THOSE rules, which by extension breaks the higher rules, is to be avoided at all costs. Just my opinions. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Dola Woolfe wrote: I just read this thread and didn't quite understand it. If it means what it seems to mean on the surface, I'm doing everything wrong. Schematically, my typical JSP page looks like the following (basically 100% code). Is this what Craig is advising against? %@ page errorPage=ErrorPage.jsp import=html.*% [EMAIL PROTECTED] file=InitializePage.jsp% % Table table = new Table() .pAddH(#).pAddH(Action).pLN() .pAddC(1).pAddL(new Anchor(HelloPage.jsp, Say hello to my friend.)).pLN() .pAddC(2).pAddL(new Anchor(GoodByePage.jsp, Say good bye to my friend)).pLN() ; MyTemplate template = new MyTemplate (Main Actions, table); Page pAgE = new Page(new MyHead(Data Tools), new Body(template)); % %= pAgE % __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: What is it mean that Java code does not belong in well designed JSP pages?
David Johnson wrote: Using taglibs instead of code adds a level of obfuscation that, IMHO, makes it difficult to get work done. I always end up taking the servlet that was generated from the JSP and rewriting it so it works correctly, performs adequately, and generates no side effects. This has always been my biggest problems with taglibs too, that and the fact that it's yet something else a new developer coming on to a project has to learn before they can be effective (or at least optimally effective). I prefer all the code being right there in front of me, not having to go hunt down source somewhere. Additionally, I don't like having to recompile a class to make a change and then redeploy the class (or worse yet, the whole app). If it's just in a JSP, I can update the app on-the-fly (assuming JSP compilation is still active). That being said, I actually like the idea of Tag Files. It's not quite as bad, it's no worse than a JSP include, although the point about more to learn still stands. But, then it's just usual JSP code, which they would already know, so it's still not quite as bad in that regard either. It's kind of amazing that a lot of people don't even know about that capability. Like you said though, what works in one environment may not work in another, and taking a hard stand either way is a bad idea. Heck, I've used taglibs on plenty of occasions and it's worked out beautifully. Right tool for the job and all that jazz, right?!? -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is it mean that Java code does not belong in well designed JSP pages?
That's a good point Tim... I have to admit I've only used methods a couple of times in JSPs, generally preferring all the code be inline (except where there would be a lot of duplication, then I tend to make utility classes). You make a good point though, I may start getting into that habit myself :) -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Tim Funk wrote: Essentially you have written a servlet but packaged it as a JSP. Anytime it becomes a trivial effort to hand transform a JSP into a servlet usually means some refactoring is in order. Personally I do not mind java code in JSP's but only if its structured. I try not to rely on in-line java code - but I try to use methods or inner classes for most java coding in a JSP. By doing that - it becomes easier to rip the methods and inner classes from the JPS page and into an independent object. By doing this - I get rapid turnaround - but don't code myself in a hole for when new functionality might be needed that might overlap existing pages. -Tim Dola Woolfe wrote: I just read this thread and didn't quite understand it. If it means what it seems to mean on the surface, I'm doing everything wrong. Schematically, my typical JSP page looks like the following (basically 100% code). Is this what Craig is advising against? %@ page errorPage=ErrorPage.jsp import=html.*% [EMAIL PROTECTED] file=InitializePage.jsp% % Table table = new Table() .pAddH(#).pAddH(Action).pLN() .pAddC(1).pAddL(new Anchor(HelloPage.jsp, Say hello to my friend.)).pLN() .pAddC(2).pAddL(new Anchor(GoodByePage.jsp, Say good bye to my friend)).pLN() ; MyTemplate template = new MyTemplate (Main Actions, table); Page pAgE = new Page(new MyHead(Data Tools), new Body(template)); % %= pAgE % __ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ?? Sharing the JSTL JARS and Classloading ??
Tony LaPaso wrote: There's a more important issue at work here than whether or not I have to put the JARs in common/lib or shared/lib: When writing code it's considered a bad practice (and I think, rightfully so) to copy and paste the same code to various locations. Instead, we factor out common behavior into separate classes or methods. There's an analogous idea involved here -- instead of copying and pasting the same JARs across many web applications it makes more sense (to me, anyway), to factor out these JARs and make them centrally available. Having said that, I also realize the code within the JARs must be written such that the classes can be shared. The flip side of that of course is that you'll potentially run into the same problem as Windows: DLL Hell, although it'll be JAR Hell now :) The point about administrative simplicity is well-taken, but I've always been of the mindset that I'd rather have the JARs repeated in each webapp because then if I have to change a JAR version for a particular app I don't have to go and make sure all the other apps work with that version too. Same problem with DLLs... how many times have you had a version conflict with MS Common Controls? Maybe not recently because some work has been done to alleviate this situation, but certainly in the past is arose all the time. The same could happen if you make JARs shared across webapps. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Long running requests and timeouts?
I can't answer your specific question, but the scenario you describe raises a red flag with me in general... When you potentially have such long-running requests, it's usual a Bad Idea(tm) to just allow them to run like this as part of a request. I think it's fair to say that most people would say you should be taking some sort of queueing or multithread approach, coupled with polling. I don't know your usage pattern, but especially if there could be a number of such requests coming in at once, you are tieing up server resources this way. You also start running into situations like you mention with timeouts (I'm actually surprised the browser itself didn't time out after a few minutes). It also doesn't give a very good appearance to the user... it seems like the system has just frozen, which it actually hasn't. If it's feasible, I think you may save yourself some trouble by rearchitecting this rather than trying to solve this problem. You can do something as simple as this... (1) Have a class with two static HashMaps. One HashMap we'll call THREADS and it will store a reference to an object (more on this in a second), keyed by userID... In the other that we'll call STATUS you will store a Boolean, also keyed by userID. (2) When one of these long-running requests comes in, spawn a thread to handle the XML generation, and put a reference to the thread in that THREADS HashMap for the userID your servicing (might want to use sessionID instead, it's up to you)... In the STATUS HashMap, store a false Boolean (false means the request hasn't completed yet). (3) Return a Plase Wait page to the user. Use a simple JavaScript timeout to call a status checking function every few seconds that checks the value of the Boolean. If false, just return that Please Wait page again. (4) When the thread completes, it should set that Boolean to true for that userID. (5) When the status checking function finds True, it should (a) get the reference to the thread from the THREADS HashMap, (b) get the XML from the thread (just store it in a class-level variable and expose it with a getter), (b) set some value in the thread object that indicates the thread should die, (c) return the XML to the browser. Does that all make sense? I don't know if your in a position to rearchitect what your doing, but if you are, I very much suggest doing so. Hope this helps! -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Andrzej Jan Taramina wrote: I have a situation where some requests that get sent to Tomcat are very long running (basically batch operations). I've been testing with a request that takes just over 7 minutes to process and returns and XML document as a response. The problem I'm having is that the response gets truncated. It's always truncated at a consistent spot (3207 characters for some reason, that's what Firefox reports). Shorter running requests don't truncate anything, regardless of how long the response might be. I'm running Tomcat 5.0.28 and my Connector in the Tomcat server.xml file looks like: Connector port=80 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Is the connectionTimeout value the one that might be contributing to this behaviour? Are there any other timeout settings that might affect this? Thanks! Andrzej Jan Taramina Chaeron Corporation: Enterprise System Solutions http://www.chaeron.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Long running requests and timeouts?
Ok Andrzej, sorry I couldn't be of any real help. I see what I suggested wouldn't apply in your situation, I was just taking a guess anyway. And certainly I understand the pressure of deadlines :) Perhaps my approach might help someone else that's just lurking, but good luck in solving your problem. I too will be watching to see what your solution is, just out of curiosity. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Andrzej Jan Taramina wrote: Frank: I don't know your usage pattern, but especially if there could be a number of such requests coming in at once, you are tieing up server resources this way. You also start running into situations like you mention with timeouts (I'm actually surprised the browser itself didn't time out after a few minutes). It also doesn't give a very good appearance to the user... it seems like the system has just frozen, which it actually hasn't. These requests are not going to be called by users through a browser, since they are Web Services/REST types of requests. The only time they might get called through a browser is for testing purposes, in which case the tester knows that they will be very long running and that's not at issue. The timeout seems to be affecting scripted invocations of the request as well (using the commons-http library), so it doesn't seem to be a browser timeout issue as far as I can tell. If it's feasible, I think you may save yourself some trouble by rearchitecting this rather than trying to solve this problem. You can do something as simple as this... Does that all make sense? I don't know if your in a position to rearchitect what your doing, but if you are, I very much suggest doing so. Hope this helps! This does make sense, except for the user part, since users will never access the URL's involved directly. Furthermore, these long running tasks will be called by a scheduler, off hours, and typically there will be very few such requests a day (maybe 2 or 3 max). The requests are really single overnight batch processing runs. However, deadlines preclude rearchitecting the solution to make it asynchronous as you suggest (it's currently synchronous) in the short term. Hence my looking for a way to easily fix the timeout issue that causes the response to be truncated when Tomcat services a long running request. Thanks for the inputmost appreciated. Andrzej Jan Taramina Chaeron Corporation: Enterprise System Solutions http://www.chaeron.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dynamically compile JSPs
Hey, I remember this thread :) (Mostly because you quoted my comment!) One solution is to shell out to do the compilation. I think I probably gave it to you last time, but here's the two pertinent lines from my compile job that does it: java -classpath %CP% org.apache.jasper.JspC -v3 -die -d %JSPAppDir% -webapp %WebAppDir% javac -classpath %CP% -d %JspDir% %JspDir%\*.java ...where... %CP% is the classpath, inclduing servlet.jar %JSRDir% is the location of the JSP %WebAppDir% is something like c:\tomcat\webapps\myapp (I modified this a tad so it's more applicable to you, but don't shoot me if you have to hack it slightly) Now, what I'm thinking, AND I BY NO MEANS ENDORSE THIS AS A GOOD SOLUTION, is that you could shell out these two commands, and that I think would get the job done. This is a has a Windows skew to it of course, but I can't see any reason it wouldn't work under *nix, if that's your environment, which just some minor changes. I've never tried using JspC from Java code as you did, although I'd think that's the way you'd want to go. I don't know what's wrong with the code you provided however, but if you get to that hair-pulling stage where you feel like your really stuck, I'm relatively sure the above will do it for you, if worse comes to worse. I guess if this isn't something that's going to be happening a lot, it might not be a problem this way. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Matt Bathje wrote: [EMAIL PROTECTED] wrote: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jasper/docs/api/index.html Usage of the JspC class. This should be what you want. I work in Windows 95% of the time, and I'm a simplicity freak, so I tend do do things, most of the time, with batch files called from UltraEdit. Anyway, this is relevant because one of the steps in my typical build process is a compilation of all JSP's. I use this class to do that. I can give you the two lines from my batch file that does this if it would be helpful, but I tend to think the javadocs will get you where you want to go. This is kind of an old thread I'm replying to - but I implemented what I thought would work for this, and haven't been able to get anything working reliably. As a refresher, the scenario is this: - a Tomcat 5.0.x server with Jasper setup in development=false mode - I upload a jsp page through a web interface, and want it to be compiled/usable immediately, instead of waiting for the scheduled jasper compilation - putting ?jsp_compile=true on the page doesn't seem to work - making development=true isn't an option After looking through the JspC documentation a little bit, I tried this code in my class after the JSP file is uploaded: JspC antTask = new JspC(); antTask.setArgs(new String[] { uploadTileFilePath }); antTask.execute(); And this does not seem to compile the file reliably. It does seem like something is happening, because the upload/compile action takes about 25-30 seconds longer to load when the jsp compilation code is included. In my work directory, the .java and .class files are never updated (new time stamp) right away. Sometimes if I wait a bit (5-10 minutes) the files are updated properly, but this seems to be the normal scheduled compilation. Sometimes if I load the page up in a browser after it has been uploaded/compiled, it seems to be compiled on access, but this does not always happen. I was messing around with the code a little bit, and tried this: JspC antTask = new JspC(); antTask.setArgs(new String[] { -compile, uploadTileFilePath }); antTask.execute(); but this always gave me an error that javax.servlet package could not be found. I then tried: JspC antTask = new JspC(); antTask.setArgs(new String[] { uploadTileFilePath }); antTask.execute(); antTask.setArgs(new String[] { -compile, uploadTileFilePath }); antTask.execute(); and this seemed to make it (so far) that the JSP page always gets compiled the next time it is loaded in a browser. This is passable if it must be the solution, but what I would really like is that the file gets completely compiled during the upload/compile action. The reason for this is that I want the person uploading to have to deal with the extra processing time, and not the person loading the page. Any help with solving this problem would be greatly appreciated. Thanks, Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP compilation problem
Very interesting... Switching to JDK 1.4.2 solved the problem. I didn't even do an uninstall/reinstall... I always install my SDK to c:\java, so all I did was rename it and copy the directory over from another PC, so any paths and registry settings should still be valid, there's just an older version in it's place. I made sure to delete the Tomcat work folder for the app, started up Tomcat and tried it, everything worked fine... JSP class was generared, servlet compiled, and page came up, no problem. So... Is there actually a problem using JDK 5.0 with Tomcat 5.0.29? If so, what version of Tomcat is OK with 5.0? (assuming any are, which I DO assume). Or is this just some sort of fluke situation? In any case, my problem is solved, and that was the resolution. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com Ryan Stewart wrote: First, I apologize if I came of sounding rude before. As an infrequent visitor to this list, I wasn't aware that you are a frequent contributor. I also don't seem to have received the other reply you mention. My next thought is that you might have two versions of Java installed. If so, which version is Tomcat using? Are you sure you compiled the servlet with the same one? -Original Message- From: Frank W. Zammetti[EMAIL PROTECTED] To: Tomcat Users Listtomcat-user@jakarta.apache.org Date: Sat Jan 01 07:22:09 PST 2005 Subject: Re: JSP compilation problem I did not post twice Ryan. If two posts appeared, it is the same problem with the list processor that we've been seeing for weeks now. I did post a reply however... I tried your suggestion and manually compiled. I have NO classpath variable in the environment (I thought this might have been a classpath issue, and I guess it could still be, but I don't see how at this point). I manually put servlet-api.jar, jsp-api.jar and jasper-runtime.jar in /tomcat/common/lib on the classpath and compiled, and it compiles cleanly. So the problem would not appear to be a problem with the generated servlet. Any other ideas? Thank you! ___ Check-out GO.com GO get your free GO E-Mail account with expanded storage of 6 MB! http://mail.go.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]