RE: WebappClassLoader won't load resource from jar file ?!?
Put the JARs in the WEB-INF/lib dir! -Original Message- From: Steph Richardson [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 18, 2003 11:34 AM To: Tomcat Users List Subject: WebappClassLoader won't load resource from jar file ?!? I have a web app containing resource files in several jar files, but I am unable to access the resources at runtime unless they are exploded into the classes directory. When trying to access the resource files using ClassLoader.getResourceAsStream( /meta-inf/com/kvasar/data.xml ) I always get null returned, even though that resource does exist inside a jar file in the web app's WEB-INF/lib directory. If I extract that resource to the classes directory, so I now have WEB-INF/classes/meta-inf/com/kvasar/data.xml, then I get it fine using the exact same path and ClassLoader - it works fine. The Tomcat Class Loader HOW-TO is telling me that it should find it in the jar. I have this problem on Tomcat 4.0.1 4.1.24, Win 2K The ClassLoader instance I am using for the getResourceAsStream() calls, is one that I get from one of my classes that is deployed to my webapp in a war file. Logging a toString() on this ClassLoader is shown below. Is it meaningful that it doesn't list my jar files in it's list of repositories ?? --- WebappClassLoader available: delegate: false repositories: /WEB-INF/classes/ required: -- Parent Classloader: StandardClassLoader available: Extension[javax.mail, implementationVendor=Sun Microsystems, Inc., implementationVendorId=com.sun, implementationVer sion=1.2, specificationVendor=Sun Microsystems, Inc., specificationVersion=1.2] delegate: true repositories: file:C:\Tomcat.4.0-retired\classes\ file:C:\Tomcat.4.0-retired\lib\activation.jar file:C:\Tomcat.4.0-retired\lib\catalina.jar file:C:\Tomcat.4.0-retired\lib\jakarta-oro-2.0.2-dev-2.jar file:C:\Tomcat.4.0-retired\lib\jakarta-regexp-1.2.jar file:C:\Tomcat.4.0-retired\lib\mail.jar file:C:\Tomcat.4.0-retired\lib\mailet.jar file:C:\Tomcat.4.0-retired\lib\xml4j.jar required: -- Parent Classloader: StandardClassLoader available: Extension[javax.mail, implementationVendor=Sun Microsystems, Inc., implementationVendorId=com.sun, implementationVer sion=1.2, specificationVendor=Sun Microsystems, Inc., specificationVersion=1.2] delegate: true repositories: file:C:\Tomcat.4.0-retired\common\classes\ file:C:\Tomcat.4.0-retired\common\lib\activation.jar file:C:\Tomcat.4.0-retired\common\lib\jasper-compiler.jar file:C:\Tomcat.4.0-retired\common\lib\jasper-runtime.jar file:C:\Tomcat.4.0-retired\common\lib\jta.jar file:C:\Tomcat.4.0-retired\common\lib\mail.jar file:C:\Tomcat.4.0-retired\common\lib\naming-common.jar file:C:\Tomcat.4.0-retired\common\lib\naming-factory.jar file:C:\Tomcat.4.0-retired\common\lib\naming-resources.jar file:C:\Tomcat.4.0-retired\common\lib\pbclient.jar file:C:\Tomcat.4.0-retired\common\lib\servlet.jar file:C:\Tomcat.4.0-retired\common\lib\tools.jar file:C:\Tomcat.4.0-retired\common\lib\tyrex-0.9.7.0.jar required: -- Parent Classloader: [EMAIL PROTECTED] Help ! Thanks ! Steph - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Error: Unable to find a javac compiler; com.sun.tools.javac.Main is not on the classpath.
Make sure u have $JDK/lib/tools.jar in your classpath -Original Message- From: Gerald Stampfel [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 4:11 PM To: [EMAIL PROTECTED] Subject: Error: Unable to find a javac compiler; com.sun.tools.javac.Main is not on the classpath. Hi folks, i got the following error message: -- 2003-10-28 21:58:08 Info: Compile: javaFileName=C:\Programme\jakarta-tomcat\work\Standalone\localhost\jetspeed\ /index_jsp.java classpath=/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/activati on.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/castor-0.9. 3.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-bean utils-1.4.1.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/co mmons-collections-2.0.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB- INF/lib/commons-configuration-1.0-dev.jar;/C:/Programme/jakarta-tomcat/webap ps/jetspeed/WEB-INF/lib/commons-dbcp-1.0-dev-20020806.jar;/C:/Programme/jaka rta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-lang-1.0.jar;/C:/Programme/j akarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-logging-1.0.2.jar;/C:/Pro gramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-pool-1.0.jar;/C:/ Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/ecs-1.4.1.jar;/C:/Prog ramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/fulcrum-3.0-b2-dev.jar;/C: /Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/hsqldb.jar;/C:/Progra mme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jakarta-oro-2.0.6.jar;/C:/Pr ogramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jakarta-regexp-1.2.jar;/ C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jcs-1.0-dev.jar;/C: /Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jdbc-se2.0.jar;/C:/Pr ogramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jetspeed-1.4-b4.jar;/C:/ Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/log4j-1.2.6.jar;/C:/Pr ogramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/mail.jar;/C:/Programme/j akarta-tomcat/webapps/jetspeed/WEB-INF/lib/ojb-0.7.343.jar;/C:/Programme/jak arta-tomcat/webapps/jetspeed/WEB-INF/lib/soap.jar;/C:/Programme/jakarta-tomc at/webapps/jetspeed/WEB-INF/lib/stratum-1.0-b4-dev.jar;/C:/Programme/jakarta -tomcat/webapps/jetspeed/WEB-INF/lib/torque-3.0.jar;/C:/Programme/jakarta-to mcat/webapps/jetspeed/WEB-INF/lib/turbine-2.2.jar;/C:/Programme/jakarta-tomc at/webapps/jetspeed/WEB-INF/lib/uddi4j.jar;/C:/Programme/jakarta-tomcat/weba pps/jetspeed/WEB-INF/lib/velocity-1.3.jar;/C:/Programme/jakarta-tomcat/webap ps/jetspeed/WEB-INF/lib/village-1.5.3.jar;/C:/Programme/jakarta-tomcat/webap ps/jetspeed/WEB-INF/lib/xalan-2.3.1.jar;/C:/Programme/jakarta-tomcat/webapps /jetspeed/WEB-INF/lib/xerces-2.0.2.jar;/C:/Programme/jakarta-tomcat/webapps/ jetspeed/WEB-INF/lib/xercesImpl.jar;/C:/Programme/jakarta-tomcat/webapps/jet speed/WEB-INF/lib/xml-apis.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed /WEB-INF/lib/activation.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WE B-INF/lib/castor-0.9.3.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB -INF/lib/commons-beanutils-1.4.1.jar;/C:/Programme/jakarta-tomcat/webapps/je tspeed/WEB-INF/lib/commons-collections-2.0.jar;/C:/Programme/jakarta-tomcat/ webapps/jetspeed/WEB-INF/lib/commons-configuration-1.0-dev.jar;/C:/Programme /jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-dbcp-1.0-dev-20020806.j ar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-lang-1. 0.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/commons-logg ing-1.0.2.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/comm ons-pool-1.0.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/e cs-1.4.1.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/fulcr um-3.0-b2-dev.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/ hsqldb.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jakarta -oro-2.0.6.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jak arta-regexp-1.2.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/li b/jcs-1.0-dev.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/ jdbc-se2.0.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/jet speed-1.4-b4.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/l og4j-1.2.6.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/mai l.jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/ojb-0.7.343. jar;/C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/soap.jar;/C:/P rogramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/stratum-1.0-b4-dev.jar; /C:/Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/torque-3.0.jar;/C: /Programme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/turbine-2.2.jar;/C:/P rogramme/jakarta-tomcat/webapps/jetspeed/WEB-INF/lib/uddi4j.jar;/C:/Programm
[OFF-TOPIC] HTML-JavaScript -- Does anyone know what this is....
Does anyone know this 'thing' +-++-+ | Item 1 | | Item 2 | | Item 3 | | Item 4 | | Item 5 | | | | Item 6 | | | | Item 7 | | | +-++-+ You know the 'Items available' is on the left selection box and 'Choosen' is on the right. Does anyone have links on the web or examples/code for this?? Jay Garala Senior Analyst Electrosoft Services, Inc. 7918 Jones Branch Drive, Suite 600 McLean, VA 22102 (703) 918-4907
RE: Tomcat webapp is ignoring the system class path
modify the $Tomcat/bin/setClasspath.bat (sh), ~ Line 41 set CLASSPATH=%JAVA_HOME%\lib\tools.jar;%CLASSPATH% Jay Garala Senior Analyst Electrosoft Services, Inc. 7918 Jones Branch Drive, Suite 600 McLean, VA 22102 (703) 918-4907 -Original Message- From: Agarwal, Naresh [mailto:[EMAIL PROTECTED] Sent: Friday, October 10, 2003 9:39 AM To: [EMAIL PROTECTED] Subject: Tomcat webapp is ignoring the system class path Hi I'm deploying a web app in the Tomcat. This web app reads a properties files through resource bundle. I've put the path of this properties file in the class path but while running the web app, I'm getting exception that properties file does not exist. Thus tomcat is ignoring the system class path. Is there any work to make Tomcat read the classpath? thanks, Naresh
[OFF-TOPIC] Ant property file...
If I have property file=build.properties/ property file=../build.properties/ property file=${user.home}/build.properties/ in my build.xml, will ant use the first found property file or use all found and override existing with latter found? Jay Garala Senior Analyst Electrosoft Services, Inc. 7918 Jones Branch Drive, Suite 600 McLean, VA 22102 (703) 918-4907
RE: ssl on more than one port on w2000 sp2?
Are they using the same port -Original Message- From: Vengurlekar, Mandar [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 12:35 PM To: '[EMAIL PROTECTED]' Subject: ssl on more than one port on w2000 sp2? Hi, Can i start more than one apache tomcat servers to listen on ssl connections on more than one port? I have a machine windows 2000 with sp2 that has 2 apache tomcat servers running. One server has the ssl port running fine, but i cannot use the ssl port on the other Thanks and Regards, Mandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME cryptographic signature
RE: ssl on more than one port on w2000 sp2?
smime.p7m Description: S/MIME encrypted message
RE: ssl on more than one port on w2000 sp2?
Hold on!!! 8005 port in Tomcat is used for Shutdown. Look at your server.xml, way in the top... Do you see Server port=8005 shutdown=SHUTDOWN debug=0? If you do, change your SSL config to another port on Tomcat, usually its 8009. What is your environment? OS? JVM? Tomcat? Apache? -Original Message- From: Vengurlekar, Mandar [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 2:42 PM To: 'Tomcat Users List' Subject: RE: ssl on more than one port on w2000 sp2? Hi Jay, One is 8443 and the other is 8444 The tomcat apache servers are running on 8005 and 8205 Thanks and Regards, Mandar -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 1:42 PM To: [EMAIL PROTECTED] Subject: RE: ssl on more than one port on w2000 sp2? Are they using the same port -Original Message- From: Vengurlekar, Mandar [mailto:[EMAIL PROTECTED] Sent: Thursday, October 02, 2003 12:35 PM To: '[EMAIL PROTECTED]' Subject: ssl on more than one port on w2000 sp2? Hi, Can i start more than one apache tomcat servers to listen on ssl connections on more than one port? I have a machine windows 2000 with sp2 that has 2 apache tomcat servers running. One server has the ssl port running fine, but i cannot use the ssl port on the other Thanks and Regards, Mandar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL/Verisign Confusion
Try the Java keytool help: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html Tomcat how-to: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html If you have OpenSSL: http://forum.java.sun.com/thread.jsp?forum=2thread=4240 Jay -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 1:04 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks Bill. I think this highlights something I'm really not understanding... Didn't I generate an important private key somewhere along the line that I can't just regenerate if I blow away my keystore? I assumed the certificate I got back from verisign would only work if I still had the original private key I generated before sending them my request. Is that wrong? (I'll take a look at the link you sent...at first glance, it looks a little hard to follow, but hopefully not). Thanks again. Dave -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker Sent: Thursday, September 04, 2003 11:06 PM To: [EMAIL PROTECTED] Subject: Re: SSL/Verisign Confusion Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType=pkcs12' on the Factory in server.xml). Dave Wood [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than tomcat (we'll call it company) 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see trustedCertEntry here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception: Certificate not imported, alias company already exists (but I'm thinking it should be REPLACING this entry, so the fact that it exists shouldn't be a problem???) So, I have several questions: 1. Am I hosed completely because I didn't use tomcat as the alias? 2. How does the private key get stored exactly? I assume that if I delete the current entry for the company alias, I'll be losing the private key, right? 3. Can someone provide steps I should take to get this working given what I have said above. Thanks so much in advance. Sorry to be so long-winded. -Dave --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL/Verisign Confusion
NOTE: You cannot export private key from keystore. -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:32 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks. With the exception of the openssl doc, I've been over these quite a bit. The result is the problem I've mentioned where keytool says it can't import my certificate because the alias already exists. After some help I got last night, I think the question boils down to this: * once I have extracted my private key from keytool (haven't done this yet), how do I take that key, the VeriSign intermediate certificate and my public key certificate and get them to play together. I'm hoping the openssl stuff will take care of this, because keytool doesn't really seem to recognize private keys as things that you can work with directly. Thanks again, Dave -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:12 AM To: 'Tomcat Users List' Subject: RE: SSL/Verisign Confusion Try the Java keytool help: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html Tomcat how-to: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html If you have OpenSSL: http://forum.java.sun.com/thread.jsp?forum=2thread=4240 Jay -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 1:04 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks Bill. I think this highlights something I'm really not understanding... Didn't I generate an important private key somewhere along the line that I can't just regenerate if I blow away my keystore? I assumed the certificate I got back from verisign would only work if I still had the original private key I generated before sending them my request. Is that wrong? (I'll take a look at the link you sent...at first glance, it looks a little hard to follow, but hopefully not). Thanks again. Dave -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker Sent: Thursday, September 04, 2003 11:06 PM To: [EMAIL PROTECTED] Subject: Re: SSL/Verisign Confusion Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType=pkcs12' on the Factory in server.xml). Dave Wood [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than tomcat (we'll call it company) 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see trustedCertEntry here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception: Certificate not imported, alias company already exists (but I'm thinking it should be REPLACING this entry, so the fact that it exists shouldn't be a problem???) So, I have several questions: 1. Am I hosed completely because I didn't use tomcat as the alias? 2. How does the private key get stored exactly? I assume that if I delete the current entry for the company alias, I'll be losing the private key, right? 3. Can someone provide steps I should take to get this working given what I have said above. Thanks so much in advance. Sorry to be so long-winded. -Dave --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus
RE: SSL/Verisign Confusion
Hmm.. Did you create the PK in Tomcat's keystore or your JDK's keystore? Try the keyclone? Clone your 'company' to 'tomcat'. -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 11:07 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion I realize you can't do this with keytool. Is there no way to do it at all? I'm beginning to think I might be totally hosed here. Thanks, Dave -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:37 AM To: 'Tomcat Users List' Subject: RE: SSL/Verisign Confusion NOTE: You cannot export private key from keystore. -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:32 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks. With the exception of the openssl doc, I've been over these quite a bit. The result is the problem I've mentioned where keytool says it can't import my certificate because the alias already exists. After some help I got last night, I think the question boils down to this: * once I have extracted my private key from keytool (haven't done this yet), how do I take that key, the VeriSign intermediate certificate and my public key certificate and get them to play together. I'm hoping the openssl stuff will take care of this, because keytool doesn't really seem to recognize private keys as things that you can work with directly. Thanks again, Dave -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:12 AM To: 'Tomcat Users List' Subject: RE: SSL/Verisign Confusion Try the Java keytool help: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html Tomcat how-to: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html If you have OpenSSL: http://forum.java.sun.com/thread.jsp?forum=2thread=4240 Jay -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 1:04 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks Bill. I think this highlights something I'm really not understanding... Didn't I generate an important private key somewhere along the line that I can't just regenerate if I blow away my keystore? I assumed the certificate I got back from verisign would only work if I still had the original private key I generated before sending them my request. Is that wrong? (I'll take a look at the link you sent...at first glance, it looks a little hard to follow, but hopefully not). Thanks again. Dave -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker Sent: Thursday, September 04, 2003 11:06 PM To: [EMAIL PROTECTED] Subject: Re: SSL/Verisign Confusion Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType=pkcs12' on the Factory in server.xml). Dave Wood [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than tomcat (we'll call it company) 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see trustedCertEntry here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception: Certificate not imported, alias company already exists (but I'm thinking it should be REPLACING this entry, so the fact that it exists shouldn't be a problem???) So, I have several questions: 1. Am I hosed completely because I didn't use tomcat as the alias? 2. How does the private key get stored exactly? I assume that if I delete the current entry for the company alias, I'll be losing the private key, right? 3. Can someone
RE: SSL/Verisign Confusion
Is public the one returned from Versign or is it the Verisign's CA Cert? If you want try following to see if the cert exists within JDK trusted calist: Execute from jdk\jre\lib\security Directory keytool -list -keystore cacerts -storepass changeit Jay -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Thursday, September 04, 2003 11:12 PM To: Tomcat Email List Subject: SSL/Verisign Confusion I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than tomcat (we'll call it company) 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see trustedCertEntry here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception: Certificate not imported, alias company already exists (but I'm thinking it should be REPLACING this entry, so the fact that it exists shouldn't be a problem???) So, I have several questions: 1. Am I hosed completely because I didn't use tomcat as the alias? 2. How does the private key get stored exactly? I assume that if I delete the current entry for the company alias, I'll be losing the private key, right? 3. Can someone provide steps I should take to get this working given what I have said above. Thanks so much in advance. Sorry to be so long-winded. -Dave --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache 2.0.47 + Tomcat 4.1.27 + OpenSSL 0.9.7b on Win2k
Hello, Has anyone tried/build a working configuration of these components working together using JK (1)? Does JK (1) still work with the newer stuff? If so, how or where could i get the information? Thanks, Jay
(Symbolic) Links in Windows
Good Afternoon, I am using Win2k with Tomcat 4.0.6. How can I make the contextPath '/software' point to a folder on a different drive (and/or directory). How would i go by doing this? I got this so far in my server.xml Context path=/software docBase=c:/software debug=1 Resources className=org.apache.naming.resources.FileDirContext caseSensitive=false allowLinking=true / /Context Thanks Jay
RE: (Symbolic) Links in Windows
This only works on 4.1.24 not 4.0.6 -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:45 PM To: Tomcat Users List Subject: Re: (Symbolic) Links in Windows There are no such things as symbolic links on Windows. The solution for you is to simply change your docBase: Context path=/software docBase=some_other_drive:/some_other_dir /Context Jay Garala wrote: Good Afternoon, I am using Win2k with Tomcat 4.0.6. How can I make the contextPath '/software' point to a folder on a different drive (and/or directory). How would i go by doing this? I got this so far in my server.xml Context path=/software docBase=c:/software debug=1 Resources className=org.apache.naming.resources.FileDirContext caseSensitive=false allowLinking=true / /Context Thanks Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: (Symbolic) Links in Windows
I get the HTTP Status 404 type Status report message /software description The requested resource (/software) is not available. This is what i copied from 4.1.24 that was saved from manager-web-admin-tool and place into 4.0.6 server.xml: Context className=org.apache.catalina.core.StandardContext crossContext=false reloadable=false mapperClass=org.apache.catalina.core.StandardContextMapper useNaming=true debug=0 swallowOutput=false privileged=false displayName=Software wrapperClass=org.apache.catalina.core.StandardWrapper docBase=H:\ cookies=true path=/software cachingAllowed=true charsetMapperClass=org.apache.catalina.util.CharsetMapper Jay -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 3:10 PM To: Tomcat Users List Subject: Re: (Symbolic) Links in Windows According to the docs, it should work just fine: http://jakarta.apache.org/tomcat/tomcat-4.0-doc/config/context.html The Document Base (also known as the Context Root) directory for this web application, or the pathname to the web application archive file (if this web application is being executed directly from the WAR file). You may specify an absolute pathname for this directory or WAR file, or a pathname that is relative to the appBase directory of the owning Host. You're saying an absolute pathname for a docBase that is outside the CATALINA_HOME/webapps directory doesn't work? What's the error message? John Jay Garala wrote: This only works on 4.1.24 not 4.0.6 -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:45 PM To: Tomcat Users List Subject: Re: (Symbolic) Links in Windows There are no such things as symbolic links on Windows. The solution for you is to simply change your docBase: Context path=/software docBase=some_other_drive:/some_other_dir /Context Jay Garala wrote: Good Afternoon, I am using Win2k with Tomcat 4.0.6. How can I make the contextPath '/software' point to a folder on a different drive (and/or directory). How would i go by doing this? I got this so far in my server.xml Context path=/software docBase=c:/software debug=1 Resources className=org.apache.naming.resources.FileDirContext caseSensitive=false allowLinking=true / /Context Thanks Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: (Symbolic) Links in Windows
GRR I AM STUPID.. (AND NO I WONT TELL YOU :P) ;D -Original Message- From: Hans Wichman [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 3:32 PM To: Tomcat Users List; 'Tomcat Users List' Subject: RE: (Symbolic) Links in Windows Hi, the example I sent you originally came from 4.0.1... Make sure you use forward separators, do not run tomcat as a service and have no spaces in the pathname, maybe that helps. greetz Hans At 03:08 PM 7/29/2003 -0400, Jay Garala wrote: This only works on 4.1.24 not 4.0.6 -Original Message- From: John Turner [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 29, 2003 2:45 PM To: Tomcat Users List Subject: Re: (Symbolic) Links in Windows There are no such things as symbolic links on Windows. The solution for you is to simply change your docBase: Context path=/software docBase=some_other_drive:/some_other_dir /Context Jay Garala wrote: Good Afternoon, I am using Win2k with Tomcat 4.0.6. How can I make the contextPath '/software' point to a folder on a different drive (and/or directory). How would i go by doing this? I got this so far in my server.xml Context path=/software docBase=c:/software debug=1 Resources className=org.apache.naming.resources.FileDirContext caseSensitive=false allowLinking=true / /Context Thanks Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat Folder Listings
Hi all, I want to give a folder (URI /folder_to_list) the ability to List the files within the folder, and only this folder. Is there a way i can make the global web.xml.. DefaultServlet.. listing = true only for this folder? Thanks a bunch Jay
RE: Easy question on Tomcat 4.0 and SSL+HTTPS via localhost:8843. Loc k-Icon disappear from the Browser.
Check the 'next page' link if its http or https -Original Message- From: Zaragoza, Carles [mailto:[EMAIL PROTECTED] Sent: Friday, July 25, 2003 6:38 AM To: Tomcat Users List ([EMAIL PROTECTED]) Subject: Easy question on Tomcat 4.0 and SSL+HTTPS via localhost:8843. Loc k-Icon disappear from the Browser. I have installed the SSL support for Tomcat 4.0.4 and almost everything works. I followed all the guidelines from http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html But for instance when I type https://localhost:8443/ https://localhost:8443/ into my browser it works, my Internet Ms-Explorer 6.0 shows me the Certificate form in order to accepted it, on the right-bottom area an lock-icon appears telling me that this transaction In under Secure guide but on the next page, the lock icon disappears. Could somebody help me out? Have a nice weekend, Carles Zaragoza. -- The contents of this e-mail are intended for the named addressee only. It contains information that may be confidential. Unless you are the named addressee or an authorized designee, you may not copy or use it, or disclose it to anyone else. If you received it in error please notify us immediately and then destroy it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: achieving a clients (browsers) certificate in a webapp
ROFL thats my bug! -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:48 PM To: [EMAIL PROTECTED] Subject: Re: achieving a clients (browsers) certificate in a webapp Karli Christoph (CSE) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] we have the ssl-configuration in the file ssl.conf which gets included by httpd.conf. it tells me that the Jk* - entries aren't supposed to be at this place.. ? and if i enter the line SSLVerifyClient require (or optional) This is the part you were missing. Unfortunately, the handling of Client certs in the Jk-Coyote connector is broken in 4.1.24 (see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790). ..i get an empty page in my browser.. (ajp13 problem?) it really seems like this is a configuration-war.. i think during the ssl-handshaking of apache and the client-browser, apache doesn't ask for the client-certificate (which is in fact optional) hmm.. anyone wanna give another shot? -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 18:11 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp Oh I've done this before!!! In your SSL section in httd.conf // Change accordingly #SSLVerifyClient require #SSLVerifyDepth 1 ##SSLOptions +StdEnvVars +ExportCertData # ## # JkOptions +ForwardKeySize +ForwardURICompat ## JkExtractSSL On # JkHTTPSIndicator HTTPS ### JkSESSIONIndicator SSL_SESSION_ID # JkCIPHERIndicator SSL_CIPHER # JkCERTSIndicator SSL_CLIENT_CERT // NEED THIS # JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT then in ur Servlet do: String apacheClientCert = (String) request.getAttribute(SSL_CLIENT_CERT); java.security.cert.CertificateFactory cf = CertificateFactory.getInstance(X.509); String cert = removePEMData(apacheClientCert); sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder(); byte[] bcert = dec.decodeBuffer(cert); ByteArrayInputStream bais = new ByteArrayInputStream(bcert); X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais); bais.close(); ... Now you got your Client cert... if you want the server cert add JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT in httpd and mirror changes in servlet public String removePEMData(String cert) { String begin = -BEGIN CERTIFICATE-; String end = -END CERTIFICATE-; int s = cert.indexOf(begin); if (s = 0) cert = cert.substring( s+begin.length(),cert.indexOf(end)); return cert; } -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:53 AM To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp that's the point.. with the following code String certAttribute = javax.servlet.request.X509Certificate; X509Certificate certificate[] = (java.security.cert.X509Certificate[]) request.getAttribute(certAttribute); for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) { System.out.println(attribute: + e.nextElement()); } we just can achieve the following attributes: attribute: javax.servlet.include.servlet_path attribute: javax.servlet.include.context_path attribute: javax.servlet.request.cipher_suite attribute: javax.servlet.request.key_size attribute: javax.servlet.include.request_uri any other ideas? -Original Message- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 17:39 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp The 'javax.servlet.request.X509Certificate' request property will give you the client certificate chain. It contains an array of java.security.cert.X509Certificate Objects. Element [0] is the client certificate, Element [1] is the CA for the client certificate etc. -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: 22 July 2003 16:04 To: 'Tomcat Users List' Subject: achieving a clients (browsers) certificate in a webapp now this seems like a big task! we've been trying to achieve a clients certificate from the request-object, which failed because there is no parameter for achieving the x509Certificate installed in the browser of the client out of the request-object (javax.servlet.ServletRequest). the certification of the server works fine, except the fact that the server-name on the certificate doesn't match the actual server-name of the webserver (we're about to change the server-name) anyway, we've spend the whole day - but we had no chance to figure out where the problem's hidden. what we use: jdk 1.3 apache 2.0.45 with openssl tomcat 4.1.24 mod_jk connector other hint: - https connection works on the webapp important parts of the configuration files: *** configuration of ssl.conf looks like
RE: achieving a clients (browsers) certificate in a webapp
The Apache - Tomcat - mod_ssl only works with Tomcat 4.0.6!! Sorry i totally forgot that i had put this bug in a long time ago. Wait til 4.1.26 comes out.. it is resolved there! Jay -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 7:27 AM To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp this helped me a lot!! now i've installed the native jk connector from jakarta-tomcat-connectors-4.1.26 (where this bug is fixed) - and suddenly i achieve the clients certificate in my webapps.. thanks! -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 23. Juli 2003 05:48 To: [EMAIL PROTECTED] Subject: Re: achieving a clients (browsers) certificate in a webapp Karli Christoph (CSE) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] we have the ssl-configuration in the file ssl.conf which gets included by httpd.conf. it tells me that the Jk* - entries aren't supposed to be at this place.. ? and if i enter the line SSLVerifyClient require (or optional) This is the part you were missing. Unfortunately, the handling of Client certs in the Jk-Coyote connector is broken in 4.1.24 (see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790). ..i get an empty page in my browser.. (ajp13 problem?) it really seems like this is a configuration-war.. i think during the ssl-handshaking of apache and the client-browser, apache doesn't ask for the client-certificate (which is in fact optional) hmm.. anyone wanna give another shot? -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 18:11 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp Oh I've done this before!!! In your SSL section in httd.conf // Change accordingly #SSLVerifyClient require #SSLVerifyDepth 1 ##SSLOptions +StdEnvVars +ExportCertData # ## # JkOptions +ForwardKeySize +ForwardURICompat ## JkExtractSSL On # JkHTTPSIndicator HTTPS ### JkSESSIONIndicator SSL_SESSION_ID # JkCIPHERIndicator SSL_CIPHER # JkCERTSIndicator SSL_CLIENT_CERT // NEED THIS # JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT then in ur Servlet do: String apacheClientCert = (String) request.getAttribute(SSL_CLIENT_CERT); java.security.cert.CertificateFactory cf = CertificateFactory.getInstance(X.509); String cert = removePEMData(apacheClientCert); sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder(); byte[] bcert = dec.decodeBuffer(cert); ByteArrayInputStream bais = new ByteArrayInputStream(bcert); X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais); bais.close(); ... Now you got your Client cert... if you want the server cert add JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT in httpd and mirror changes in servlet public String removePEMData(String cert) { String begin = -BEGIN CERTIFICATE-; String end = -END CERTIFICATE-; int s = cert.indexOf(begin); if (s = 0) cert = cert.substring( s+begin.length(),cert.indexOf(end)); return cert; } -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:53 AM To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp that's the point.. with the following code String certAttribute = javax.servlet.request.X509Certificate; X509Certificate certificate[] = (java.security.cert.X509Certificate[]) request.getAttribute(certAttribute); for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) { System.out.println(attribute: + e.nextElement()); } we just can achieve the following attributes: attribute: javax.servlet.include.servlet_path attribute: javax.servlet.include.context_path attribute: javax.servlet.request.cipher_suite attribute: javax.servlet.request.key_size attribute: javax.servlet.include.request_uri any other ideas? -Original Message- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 17:39 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp The 'javax.servlet.request.X509Certificate' request property will give you the client certificate chain. It contains an array of java.security.cert.X509Certificate Objects. Element [0] is the client certificate, Element [1] is the CA for the client certificate etc. -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: 22 July 2003 16:04 To: 'Tomcat Users List' Subject: achieving a clients (browsers) certificate in a webapp now this seems like a big task! we've been trying to achieve a clients certificate from the request-object, which failed because there is no parameter for achieving the x509Certificate installed in the browser of the client out of the request
RE: HELP! Client Authentication in Tomcat 4.1.24
This is the part you were missing. Unfortunately, the handling of Client certs in the Jk-Coyote connector is broken in 4.1.24 (see http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15790). Wait for 4.1.26 or grab alpha from CVS -Original Message- From: Farrell, Patrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, July 23, 2003 1:02 PM To: '[EMAIL PROTECTED]' Subject: HELP! Client Authentication in Tomcat 4.1.24 I am attempting to use client certificate authentication with Tomcat 4.1.24, but each time I connect via a browser (Internet Explorer) Tomcat indicates that it is unable to authenticate with the provided credentials. My client certificate is a personal certificate from Thawte. The corresponding root certificate already exists in my truststore. Shown below is my tomcat-users.xml file. ?xml version='1.0' encoding='utf-8'? tomcat-users role rolename=user description=Authenticated User/ role rolename=manager description=Tomcat Manager/ role rolename=admin description=Tomcat Administrator/ user username=administrator password=password roles=admin,manager/ user username=[EMAIL PROTECTED], CN=Thawte Freemail Member password=null roles=user/ /tomcat-users Must I do anything with the client certificate in order for the server to trust it, or does the server simply grab the DN from the certificate and look in the realm for a user with the corresponding DN? Does anyone have any information or links on how to configure tomcat users with client authentication? Pat *** This message is intended only for the use of the intended recipient and may contain information that is PRIVILEGED and/or CONFIDENTIAL. If you are not the intended recipient, you are hereby notified that any use, dissemination, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please destroy all copies of this message and its attachments and notify us immediately. *** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: achieving a clients (browsers) certificate in a webapp
How about javax.net.ssl.peer_certificates? -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:53 AM To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp that's the point.. with the following code String certAttribute = javax.servlet.request.X509Certificate; X509Certificate certificate[] = (java.security.cert.X509Certificate[]) request.getAttribute(certAttribute); for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) { System.out.println(attribute: + e.nextElement()); } we just can achieve the following attributes: attribute: javax.servlet.include.servlet_path attribute: javax.servlet.include.context_path attribute: javax.servlet.request.cipher_suite attribute: javax.servlet.request.key_size attribute: javax.servlet.include.request_uri any other ideas? -Original Message- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 17:39 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp The 'javax.servlet.request.X509Certificate' request property will give you the client certificate chain. It contains an array of java.security.cert.X509Certificate Objects. Element [0] is the client certificate, Element [1] is the CA for the client certificate etc. -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: 22 July 2003 16:04 To: 'Tomcat Users List' Subject: achieving a clients (browsers) certificate in a webapp now this seems like a big task! we've been trying to achieve a clients certificate from the request-object, which failed because there is no parameter for achieving the x509Certificate installed in the browser of the client out of the request-object (javax.servlet.ServletRequest). the certification of the server works fine, except the fact that the server-name on the certificate doesn't match the actual server-name of the webserver (we're about to change the server-name) anyway, we've spend the whole day - but we had no chance to figure out where the problem's hidden. what we use: jdk 1.3 apache 2.0.45 with openssl tomcat 4.1.24 mod_jk connector other hint: - https connection works on the webapp important parts of the configuration files: *** configuration of ssl.conf looks like this: IfDefine SSL Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin VirtualHost _default_:443 DocumentRoot /opt/httpd-2.0.45/htdocs #ServerName new.host.name:443 ServerName servername.is.ok:443 ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error_log TransferLog logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /opt/httpd-2.0.45/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/httpd-2.0.45/conf/ssl.key/server.key Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /opt/httpd-2.0.45/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost /IfDefine *** configuration of httpd.conf looks like this: ... # # Bring in additional module-specific configurations # IfModule mod_ssl.c Include conf/ssl.conf /IfModule ... JkWorkersFile /opt/jakarta/conf/jk/workers.properties JkLogFile /opt/jakarta/logs/mod_jk.log JkLogLevel debug JkMount /examples ajp13 JkMount /examples/* ajp13 ... *** configuration of server.xml looks like this: ... !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=10 debug=0 scheme=https secure=true useURIValidationHack=false Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory clientAuth=false protocol=TLS keystoreFile=.keystore keystorePass=x / /Connector !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=0 useURIValidationHack=false protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ ... *** just anyone?
RE: achieving a clients (browsers) certificate in a webapp
Oh I've done this before!!! In your SSL section in httd.conf // Change accordingly # SSLVerifyClient require # SSLVerifyDepth 1 ##SSLOptions +StdEnvVars +ExportCertData # ## # JkOptions +ForwardKeySize +ForwardURICompat ## JkExtractSSL On # JkHTTPSIndicator HTTPS ### JkSESSIONIndicator SSL_SESSION_ID # JkCIPHERIndicator SSL_CIPHER # JkCERTSIndicator SSL_CLIENT_CERT // NEED THIS # JkEnvVar SSL_CLIENT_CERT SSL_CLIENT_CERT then in ur Servlet do: String apacheClientCert = (String) request.getAttribute(SSL_CLIENT_CERT); java.security.cert.CertificateFactory cf = CertificateFactory.getInstance(X.509); String cert = removePEMData(apacheClientCert); sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder(); byte[] bcert = dec.decodeBuffer(cert); ByteArrayInputStream bais = new ByteArrayInputStream(bcert); X509Certificate x509 = (X509Certificate) cf.generateCertificate(bais); bais.close(); ... Now you got your Client cert... if you want the server cert add JkEnvVar SSL_SERVER_CERT SSL_SERVER_CERT in httpd and mirror changes in servlet public String removePEMData(String cert) { String begin = -BEGIN CERTIFICATE-; String end = -END CERTIFICATE-; int s = cert.indexOf(begin); if (s = 0) cert = cert.substring( s+begin.length(),cert.indexOf(end)); return cert; } -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 22, 2003 11:53 AM To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp that's the point.. with the following code String certAttribute = javax.servlet.request.X509Certificate; X509Certificate certificate[] = (java.security.cert.X509Certificate[]) request.getAttribute(certAttribute); for (Enumeration e = request.getAttributeNames(); e.hasMoreElements();) { System.out.println(attribute: + e.nextElement()); } we just can achieve the following attributes: attribute: javax.servlet.include.servlet_path attribute: javax.servlet.include.context_path attribute: javax.servlet.request.cipher_suite attribute: javax.servlet.request.key_size attribute: javax.servlet.include.request_uri any other ideas? -Original Message- From: Bodycombe, Andrew [mailto:[EMAIL PROTECTED] Sent: Dienstag, 22. Juli 2003 17:39 To: 'Tomcat Users List' Subject: RE: achieving a clients (browsers) certificate in a webapp The 'javax.servlet.request.X509Certificate' request property will give you the client certificate chain. It contains an array of java.security.cert.X509Certificate Objects. Element [0] is the client certificate, Element [1] is the CA for the client certificate etc. -Original Message- From: Karli Christoph (CSE) [mailto:[EMAIL PROTECTED] Sent: 22 July 2003 16:04 To: 'Tomcat Users List' Subject: achieving a clients (browsers) certificate in a webapp now this seems like a big task! we've been trying to achieve a clients certificate from the request-object, which failed because there is no parameter for achieving the x509Certificate installed in the browser of the client out of the request-object (javax.servlet.ServletRequest). the certification of the server works fine, except the fact that the server-name on the certificate doesn't match the actual server-name of the webserver (we're about to change the server-name) anyway, we've spend the whole day - but we had no chance to figure out where the problem's hidden. what we use: jdk 1.3 apache 2.0.45 with openssl tomcat 4.1.24 mod_jk connector other hint: - https connection works on the webapp important parts of the configuration files: *** configuration of ssl.conf looks like this: IfDefine SSL Listen 443 AddType application/x-x509-ca-cert .crt AddType application/x-pkcs7-crl.crl SSLPassPhraseDialog builtin SSLSessionCache dbm:logs/ssl_scache SSLSessionCacheTimeout 300 SSLMutex file:logs/ssl_mutex SSLRandomSeed startup builtin SSLRandomSeed connect builtin VirtualHost _default_:443 DocumentRoot /opt/httpd-2.0.45/htdocs #ServerName new.host.name:443 ServerName servername.is.ok:443 ServerAdmin [EMAIL PROTECTED] ErrorLog logs/error_log TransferLog logs/access_log # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /opt/httpd-2.0.45/conf/ssl.crt/server.crt SSLCertificateKeyFile /opt/httpd-2.0.45/conf/ssl.key/server.key Files ~ \.(cgi|shtml|phtml|php3?)$ SSLOptions +StdEnvVars /Files Directory /opt/httpd-2.0.45/cgi-bin SSLOptions +StdEnvVars /Directory SetEnvIf User-Agent .*MSIE.* \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ %t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \%r\ %b /VirtualHost /IfDefine *** configuration of httpd.conf looks like this:
Another JK2 question
Folks, Maybe i should try this before posting(hmm) .. Does JK2 support the same directives as JK in Apache? I know of JkSet and Jk(??)URI. But how about the others?? Thanks Jay
RE: Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}?
Thank you very much. It was actually the root of the Tomcat and not Apache. Regards Jay -Original Message- From: Simon Pabst [mailto:[EMAIL PROTECTED] Sent: Friday, July 11, 2003 3:14 AM To: Tomcat Users List Subject: Re: Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}? serverRoot is the Apache Home Directory (or maybe IIS on windows?) Not sure about setting this on windows, on unix i put the following in tomcat/bin/catalina.sh: export serverRoot=/path/to/apache on Windows in bin/catalina.bat it should be sth. like set serverRoot=C:\Program Files\Apache Group\Apache At 18:36 10.07.2003 -0400, you wrote: Hi Folks, I am getting this strange message (***) when I start up Tomcat: [INFO] Registry - -Loading registry information [INFO] Registry - -Creating new Registry instance [INFO] Registry - -Creating MBeanServer [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 8080 Starting service Tomcat-Standalone Apache Tomcat/4.1.24 [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080 *** [Thu Jul 10 18:23:49 2003] (error ) [jk_config_file.c (279)] config.update(): Can't find config file ${serverRoot}/conf/workers2.properties *** [Thu Jul 10 18:23:49 2003] ( info ) [jk_config.c (251)] config.setAttribute() Error setting config: file ${serverRoot}/conf/workers2.properties [Thu Jul 10 18:23:49 2003] ( info ) [jk_logger_file.c (184)] Initializing log file stderr [Thu Jul 10 18:23:49 2003] (error ) [jk_shm.c (333)] shm.init(): No file [Thu Jul 10 18:23:49 2003] ( info ) [jk_workerenv.c (403)] workerEnv.init() ok ${serverRoot}/conf/workers2.properties [INFO] AprImpl - -JK2: Initialized apr [INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009 [INFO] JkMain - -Jk running ID=0 time=0/261 config=C:\Tomcat\bin\..\conf\jk2.properties How do you set the ${serverRoot}?? Thanks Jay - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache 2.0.46 + Tomcat 4.1.24 -- ${serverRoot}?
Hi Folks, I am getting this strange message (***) when I start up Tomcat: [INFO] Registry - -Loading registry information [INFO] Registry - -Creating new Registry instance [INFO] Registry - -Creating MBeanServer [INFO] Http11Protocol - -Initializing Coyote HTTP/1.1 on port 8080 Starting service Tomcat-Standalone Apache Tomcat/4.1.24 [INFO] Http11Protocol - -Starting Coyote HTTP/1.1 on port 8080 *** [Thu Jul 10 18:23:49 2003] (error ) [jk_config_file.c (279)] config.update(): Can't find config file ${serverRoot}/conf/workers2.properties *** [Thu Jul 10 18:23:49 2003] ( info ) [jk_config.c (251)] config.setAttribute() Error setting config: file ${serverRoot}/conf/workers2.properties [Thu Jul 10 18:23:49 2003] ( info ) [jk_logger_file.c (184)] Initializing log file stderr [Thu Jul 10 18:23:49 2003] (error ) [jk_shm.c (333)] shm.init(): No file [Thu Jul 10 18:23:49 2003] ( info ) [jk_workerenv.c (403)] workerEnv.init() ok ${serverRoot}/conf/workers2.properties [INFO] AprImpl - -JK2: Initialized apr [INFO] ChannelSocket - -JK2: ajp13 listening on 0.0.0.0/0.0.0.0:8009 [INFO] JkMain - -Jk running ID=0 time=0/261 config=C:\Tomcat\bin\..\conf\jk2.properties How do you set the ${serverRoot}?? Thanks Jay
RE: Retrieving a blob object?
Hi Euclides, What blob type does a web form send? Do you mean HTML Form Types? Attachements? Jay Garala Senior Software Engineer Conclusive Technology, Inc. -Original Message- From: Jose Euclides da Silva Junior - DATAPREVRJ [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 5:51 PM To: '[EMAIL PROTECTED]' Subject: Retrieving a blob object? Hi friends, I would like to know what is fastest way to retrieve a blob object sent by a web form. Should i use Enumeration? Some examples would be welcome. Thanks in advance, Euclides. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Too Many Jars!??!
Hi Tomcat Users, Is there a clean way to compact all the JARs that tomcat has (All JARs in Tomcat Sub-Folders) into one BIGTomcat.jar. And is there a specific order that it must go in (If have two conflicting packages and/or classes, which one to use). Is there a way to modify the ant build script so it might to this automatically? (Dreaming) Thanks, Jay
RE: Too Many Jars!??!
Thanks Yoav, I asked this because my company's product has ~53 jars of its own. And when we deploy web apps in Tomcat for our product, sometimes tomcat wont start or start but not run any jsp/servlets. I know this is a classpath issue. Since i have created a BIGTomcat.jar with 4.0.6 and been using it for a while now. But it is hard to create this JAR file every time a new version of Tomcat comes out and distribute it to other people who are using it on their machines. Guess i gotta live and learn. take care, Jay -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:19 AM To: Tomcat Users List Subject: RE: Too Many Jars!??! Howdy, Is there a clean way to compact all the JARs that tomcat has (All JARs in Tomcat Sub-Folders) into one BIGTomcat.jar. And is there a specific order that it must go in (If have two conflicting packages and/or classes, which one to use). The conflict problem you pointed out is one reason not to do this. Another reason is the ability to replace any of the individual jars by an updated version without needing to modify the others. There are many are pros to modularity, and no cons I can think of. Can you suggest a con, or otherwise explain why you want to combine all these jars? Is there a way to modify the ant build script so it might to this automatically? (Dreaming) This is a trivial ant task to create (pick a temp directory, extract all jars to it, jar everything in that directory). Don't count on seeing this task included in tomcat (or any non-trivial product) any time soon, however, as it's negative effects far outweigh its benefits. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]