Re: [Q] Using IBM JDK with tomcat 3.3
I'm not familiar with Debian but if it's a 2.4 Linux kernel, you may need to set the environment variable LD_ASSUME_KERNEL=2.2.5 to get Java applications (like Tomcat) to work. Some JDK's (like IBM JDK 1.3 and 1.3.1) do this for you automatically. I use IBM's JDK 1.3 with Tomcat 3.3a and 3.3.1 on a RedHat 7.2 system and it works great... Greg Bailey Subject: [Q] Using IBM JDK with tomcat 3.3 From: Sudhakar Chandra [EMAIL PROTECTED] Date: Thu, 25 Apr 2002 09:36:38 -0700 To: [EMAIL PROTECTED] Hi, Here is my setup: tomcat: 3.3a mod_jk: 3.3a Sun JDK: 1.1.8v1 IBM JDK: 1.1.8 OS: Debian GNU/Linux testing When I use Sun's JDK, the ajp12 and ajp13 workers start accepting connections. Here are relevant bits from the log files: Jdk11Compat: Installing jar protocol handler 2002-04-25 09:17:17 - SessionIdGenerator: Opening /dev/urandom 2002-04-25 09:17:24 - ServerXmlReader: Config=$TOMCAT_HOME/conf/server.xml 2002-04-25 09:17:24 - PathSetter: home=/usr/share/tomcat 2002-04-25 09:17:25 - ContextXmlReader: Context config=$TOMCAT_HOME/conf/apps-examples.xml 2002-04-25 09:17:25 - Ctx(/jsp) : Setting debug to 1 2002-04-25 09:17:25 - AutoWebApp: Auto-Adding DEFAULT:/ 2002-04-25 09:17:25 - AutoWebApp: Loaded from config: DEFAULT:/examples 2002-04-25 09:17:25 - ContextManager: Tomcat configured and in stable state 2002-04-25 09:17:25 - ContextManager: Adding DEFAULT:/examples 2002-04-25 09:17:25 - ContextManager: Adding DEFAULT:/jsp 2002-04-25 09:17:25 - ContextManager: Adding DEFAULT:/ROOT thaths@daemon:[51] ~ $ telnet localhost 8007 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. thaths@daemon:[52] ~ $ telnet localhost 8009 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. Connection closed by foreign host. However, when I start tomcat using IBM's JDK, ajp12 and ajp13 workers do not accept connections. They don't even start up as far as I can tell. Here are relevant bits from the log files: Jdk11Compat: Installing jar protocol handler 2002-04-25 09:21:52 - SessionIdGenerator: Opening /dev/urandom 2002-04-25 09:22:02 - ServerXmlReader: Config=$TOMCAT_HOME/conf/server.xml 2002-04-25 09:22:02 - PathSetter: home=/usr/share/tomcat 2002-04-25 09:22:03 - ContextXmlReader: Context config=$TOMCAT_HOME/conf/apps-examples.xml 2002-04-25 09:22:03 - Ctx(/jsp) : Setting debug to 1 2002-04-25 09:22:03 - AutoWebApp: Auto-Adding DEFAULT:/ 2002-04-25 09:22:03 - AutoWebApp: Loaded from config: DEFAULT:/examples 2002-04-25 09:22:04 - ContextManager: Tomcat configured and in stable state 2002-04-25 09:22:04 - ContextManager: Adding DEFAULT:/examples 2002-04-25 09:22:04 - ContextManager: Adding DEFAULT:/jsp 2002-04-25 09:22:04 - ContextManager: Adding DEFAULT:/ROOT thaths@daemon:[55] ~ $ telnet localhost 8007 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused thaths@daemon:[56] ~ $ telnet localhost 8009 Trying 127.0.0.1... telnet: Unable to connect to remote host: Connection refused I'd really like to work using the IBM JDK. What am I doing wrong? The configurations remain the same in both cases. Your help would be greatly appreciated. Thanks. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL client authentication
Is there a way to configure Tomcat to allow/disallow access to a web application based on the common name (CN) in an SSL client certificate? I can set clientAuth=true in the server.xml, which works fine, and I know I can read the certificate once I'm in the web application, but I'm looking for a way to do this before Tomcat passes the request on to the web application. i.e. I'm looking for something analogous to the mod_ssl directives like SSLRequire, SSLVerifyDepth, etc. Any ideas? Is this type of thing supported in Tomcat 3? 4? Neither? The SSL docs are great from a server perspective but I couldn't find much that's client-related. Thanks for any input! Greg Bailey [EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Alternative Tomcat 3.3 RPMS (was: trouble with apache 1.3.22 and tomcat 3.3 on redhat 7.0)
Not sure if anyone might find this useful, but I compiled my own Tomcat 3.3 RPMs for RedHat 7.2 that depend on the IBMJava2-SDK RPM from IBM. I recognize that there are official Tomcat RPMS that can be downloaded from the Jakarta web site, and I've used the 3.2 ones for a long time in several production environments. I admire Henri Gomez's ability to produce great RPMS; the reason I made my own were: 1. I wanted the directory structure to mirror the binary distribution a little more closely. It makes understanding the documentation a little easier. I'm (slowly) getting used to the filesystem standard (FHS), but I'm not sold on it for 100% of things that are out there. 2. The RPM is built from the binary distribution. I didn't care about how to build tomcat 3.3 per se; I just wanted a script (via RPM) that documented what files needed configuration, etc. Basically, given the binary distribution, what do you have to do to get it installed? 3. My RPM doesn't mangle /etc/httpd/conf/httpd.conf in any way. Instead I provide mod_jk.conf that can be included within httpd.conf when the user wants to. I also tried to document some things in my sample mod_jk.conf file. The example also illustrates how to serve static content from apache and dynamic content from tomcat (using the /examples context). 4. I needed a more flexible startup script (rc file) that could be customized to support more JVMs (Tomcat workers). I've only tested with RedHat 7.1 and 7.2 with the IBM SDK. If they're of any use to anyone--great! If not, please continue to use the RPMs available on the jakarta site--they're great too. Stuff can be downloaded from: http://www.lxpro.com/tomcat/ Greg Bailey [EMAIL PROTECTED] Subject: trouble with apache 1.3.22 and tomcat 3.3 on redhat 7.0 Date: Tue, 8 Jan 2002 16:02:35 -0700 From: Namrata Kasthuri [EMAIL PROTECTED] To: [EMAIL PROTECTED] Hello, I am trying to integrate apache 1.3.22 with tomcat 3.3. Here's a summary of what I've done 1. intalled apache binaries and it runs fine standalone 2. installed tomcat binaries alone and it runs fine standalone 3. downloaded the mod_jk.so module and placed it in apache's libext directory 4. modifed the tomcat server.xml file to include ApacheConfig / so that the mod_jk.conf file gets auto-generated (any specific place it should go?) 5. modified apache's httpd.conf file to include the above auto-generated file (last line of file) 6. then I restarted both tomcat and apache and apache doesn't start. it says httpd could not start because there is an error in the autoconfig file...that something is mispelled or defined by a module that is not included in the server configuration. Can someone please tell me what I have missed or done incorrectly, as I am new to all of these technologies.also, once working, how can I make sure that tomcat is only being used as the servlet container? Thanks Namrata __ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ smime.p7s Description: S/MIME Cryptographic Signature
Re: Location of JSSE .jar files in Tomcat 3.3?
I tried placing the JSSE jar files (all 3 of them) into $TOMCAT_HOME/lib/common, and that didn't work either. Basically, I have a SOAP application (bean) that attempts to open an SSL connection using https in the URL. The following error occurs in our logs: === Mon Nov 26 12:04:22 MST 2001 Exception establishing SSL connection java.net.MalformedURLException: unknown protocol: https === The following is the stdout.log file that Tomcat produced. Again, I'm find with installing the JSSE jars into $JAVA_HOME/jre/lib/ext, but I'd like to understand why this would be required... Thanks much for the help, Greg Bailey [EMAIL PROTECTED] --- stdout.log --- 2001-11-26 12:04:22 - DecodeInterceptor: Charset from session ISO-8859-1 2001-11-26 12:04:23 - DecodeInterceptor: Charset from session ISO-8859-1 [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: null; targetException=java.lang.IllegalArgumentException: Error opening socket: null] at org.apache.soap.transport.http.SOAPHTTPConnection.send(SOAPHTTPConnection.java:324) at org.apache.soap.rpc.Call.invoke(Call.java:205) at com.ilink.websoap.SOAPBean.doSimpleSOAPCall(SOAPBean.java:1835) at com.ilink.websoap.SOAPBean.doSimpleSOAPCall(SOAPBean.java:1803) at com.ilink.websoap.SOAPBean.doSimpleSOAPCall(SOAPBean.java:1786) at com.ilink.websoap.SOAPBean.setHostName(SOAPBean.java:363) at com.ilink.websoap.VVLInterface.setHostName(VVLInterface.java:1402) at auth_1._jspService(auth_1.java:123) at org.apache.jasper.runtime.HttpJspBase.service(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java) at org.apache.tomcat.facade.ServletHandler.doService(Unknown Source) at org.apache.tomcat.core.Handler.invoke(Unknown Source) at org.apache.tomcat.core.Handler.service(Unknown Source) at org.apache.tomcat.facade.ServletHandler.service(Unknown Source) at org.apache.tomcat.facade.RequestDispatcherImpl.doForward(Unknown Source) at org.apache.tomcat.facade.RequestDispatcherImpl.forward(Unknown Source) at org.apache.jasper.runtime.PageContextImpl.forward(Unknown Source) at logout_1._jspService(logout_1.java:63) at org.apache.jasper.runtime.HttpJspBase.service(Unknown Source) at javax.servlet.http.HttpServlet.service(HttpServlet.java) at org.apache.tomcat.facade.ServletHandler.doService(Unknown Source) at org.apache.tomcat.core.Handler.invoke(Unknown Source) at org.apache.tomcat.core.Handler.service(Unknown Source) at org.apache.tomcat.facade.ServletHandler.service(Unknown Source) at org.apache.tomcat.core.ContextManager.internalService(Unknown Source) at org.apache.tomcat.core.ContextManager.service(Unknown Source) at org.apache.tomcat.modules.server.Ajp13Interceptor.processConnection(Unknown Source) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(Unknown Source) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Unknown Source) at java.lang.Thread.run(Thread.java:498) Larry Isaacs [EMAIL PROTECTED] wrote: Subject: RE: Location of JSSE .jar files in Tomcat 3.3? Date: Tue, 20 Nov 2001 14:29:39 -0700 From: Larry Isaacs [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Tomcat 3.3 has more levels of classloaders that Tomcat 3.2.3, which is likely why this issue appears. Class visibility between classloaders may not allow the JSSE jars to function in lib/apps. They may need to be in the same classloader as some other jar. I haven't yet played using JSSE except for enabling SSL support. This worked with the jars in jre/lib/ext or lib/common. I assume you get some form of class not found error. If you have a stacktrace, I could tell more. Cheers, Larry -Original Message- From: Greg Bailey [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 4:14 PM To: [EMAIL PROTECTED] Cc: Greg Bailey Subject: Location of JSSE .jar files in Tomcat 3.3? Hi, I'm in the process of attempting to update our web environment from Tomcat 3.2.3 to Tomcat 3.3, and one of our applications (a SOAP one) failed to find JSSE classes. The 3 files jcert.jar, jnet.jar, and jsse.jar are all located in /var/tomcat/lib/apps, since they would potentially be shared by more than one web application. This worked in 3.2.3, and the only way I'm able to get this to work (so far) in 3.3 is to put these 3 jar files into /opt/IBMJava2-13/jre/lib/ext. My question is: why is this necessary? Shouldn't classes found in $TOMCAT_HOME/lib/apps be available to web applications? Thanks much for any insight into this-- Greg Bailey [EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto
Location of JSSE .jar files in Tomcat 3.3?
Hi, I'm in the process of attempting to update our web environment from Tomcat 3.2.3 to Tomcat 3.3, and one of our applications (a SOAP one) failed to find JSSE classes. The 3 files jcert.jar, jnet.jar, and jsse.jar are all located in /var/tomcat/lib/apps, since they would potentially be shared by more than one web application. This worked in 3.2.3, and the only way I'm able to get this to work (so far) in 3.3 is to put these 3 jar files into /opt/IBMJava2-13/jre/lib/ext. My question is: why is this necessary? Shouldn't classes found in $TOMCAT_HOME/lib/apps be available to web applications? Thanks much for any insight into this-- Greg Bailey [EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
[Fwd: mod_jk / Ajp13 config fix on heavily loaded system]
Wrong To: line; sorry about that.. ---BeginMessage--- I'm still using AJP12... I've deployed some SOAP services (SOAP 2.2) and the Tomcat worker (v 3.2.3 RPMs) that these requests get mapped to has occasionally locked up and has to be restarted manually. Could this be a potential problem for us, even though we're using AJP12? Would the same workaround potentially solve this? We're seeing the following in the mod_jk.log: [jk_uri_worker_map.c (335)]: jk_uri_worker_map_t::uri_worker_map_close, NULL parameter [jk_uri_worker_map.c (185)]: In jk_uri_worker_map_t::uri_worker_map_free, NULL parameters [jk_ajp12_worker.c (601)]: ajpv12_handle_response, error writing back to server [jk_uri_worker_map.c (335)]: jk_uri_worker_map_t::uri_worker_map_close, NULL parameter [jk_uri_worker_map.c (185)]: In jk_uri_worker_map_t::uri_worker_map_free, NULL parameters [jk_connect.c (143)]: jk_open_socket, connect() failed errno = 111 [jk_ajp12_worker.c (152)]: In jk_endpoint_t::service, Error sd = -1 [jk_uri_worker_map.c (335)]: jk_uri_worker_map_t::uri_worker_map_close, NULL parameter [jk_uri_worker_map.c (185)]: In jk_uri_worker_map_t::uri_worker_map_free, NULL parameters etc. Thanks for any help with this! Greg Bailey [EMAIL PROTECTED] Subject: mod_jk / Ajp13 config fix on heavily loaded system Date: Tue, 13 Nov 2001 23:45:22 +0100 From: GOMEZ Henri [EMAIL PROTECTED] To: Tomcat Developers List [EMAIL PROTECTED] CC: [EMAIL PROTECTED] Hi to all, Some of you may have experienced problems on heavily loaded system with mod_jk and Tomcat 3.2/3.3 when using ajp13. As you may know, the Ajp13 connection is permanent and is created each time a WebServer task, for example an Apache child, have to forward a request to Tomcat. And in Apache server case, the child will stay alive, until the client requests load decrease, or when a child have passed 1000 requests (MaxRequestsPerChild 1000). And till the child close the connection, the Tomcat thread stay alive. By default Apache server support up to 150 childs : (MaxClients 150 in httpd.conf) But by default, the Ajp13 Interceptor won't use more than 100 threads, so you're stuck when the 101th Apache child want to forward a request and see the following infamous trace in mod_jk.log : [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (196)]: In jk_endpoint_t::connect_to_tomcat, failed errno = 111 [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (635)]: Error connecting to the Tomcat process. [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (848)]: In jk_endpoint_t::service, send_request failed in send loop 2 [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (228)]: connection_tcp_get_message: Error - jk_tcp_socket_recvfull failed [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (712)]: Error reading reply [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (845)]: In jk_endpoint_t::service, get_reply failed in send loop 0 [wed oct 31 11:03:21 2001] [jk_connect.c (143)]: jk_open_socket, connect() failed errno = 111 [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (196)]: In jk_endpoint_t::connect_to_tomcat, failed errno = 111 [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (635)]: Error connecting to the Tomcat process. In some case, Apache could be able to connect, since Tomcat listening thread will accept incoming connection, but will drop it later if it fail to give the socket to a new thread. In that case you'll see only in log : [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (848)]: In jk_endpoint_t::service, send_request failed in send loop 2 [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (228)]: connection_tcp_get_message: Error - jk_tcp_socket_recvfull failed [wed oct 31 11:03:21 2001] [jk_ajp13_worker.c (712)]: Error reading reply Fortunatly, the fix is easy, just configure Ajp13Connector in server.xml to support up to 150 threads (or whatever you define as MaxClients in Apache, didn't know how on IIS/iPlanet). Ajp13Connector port=8009 maxThreads=150 maxSpareThreads=50 minSpareThreads=10 / Also you should take care of the number of descriptors opened in your webapplication, which is : Tomcat used descriptors (sockets, files) + YouWebApp descriptors (files, sockets, jdbc...) The JVM, like any others process have a limit on the number of descriptors it could open (and of course on number of threads). So take care of closing no more used socket, files and so on. - Henri Gomez ___[_] EMAIL : [EMAIL PROTECTED](. .) PGP KEY : 697ECEDD...oOOo..(_)..oOOo... PGP Fingerprint : 9DF8 1EA8 ED53 2F39 DC9B 904A 364F 80E6 ---End Message--- -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]