[Fwd: ApacheCon Europe 2005: Registration open and conference program online!]
Original Message Subject: ApacheCon Europe 2005: Registration open and conference program online! Date: Fri, 06 May 2005 13:41:42 +0200 From: Lars Eilebrecht [EMAIL PROTECTED] To: [EMAIL PROTECTED] Registration for ApacheCon Europe 2005 is now open at www.apachecon.com. Check out the website and make sure to save money by registering prior to June 17, 2005. ApacheCon Europe 2005 will be held in Stuttgart from July 18 to 22, 2005 with seminars that cover the whole spectrum of Open Source topics from the legendary Apache HTTP Server to scalable Internet architectures, Web Services, PHP, mod_perl, Java, XML, and Subversion. ApacheCon Europe 2005 will present immense opportunities to listen to internationally distinguished Open Source leaders, developers and architects like Noel Bergman, Brian Fitzpatrick, Cliff Schmidt, Sander Striker, and Carsten Ziegler. ApacheCon Europe 2005 offers a wide spectrum of 70 top-quality sessions, all conducted in English, as well as two days with full and half day tutorials. The complete agenda is available at www.apachecon.com. We look forward to seeing you in Stuttgart. Best regards... -- Lars Eilebrecht - The Apache Software Foundation [EMAIL PROTECTED] - http://www.apache.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Runtime exec (again)
Actually, take a look at:
http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html
-- Jeanfrancois
Shapira, Yoav wrote:
Hi,
You would also want to give the full path to cmd.exe possibly, depending
on how you launch Tomcat.
Yoav Shapira http://www.yoavshapira.com
-Original Message-
From: andy wix [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 02, 2004 4:12 AM
To: [EMAIL PROTECTED]
Subject: Runtime exec (again)
Hi,
Still can't get this to work.
There must be some reason why this won't run under Tomcat but does work
stand-alone.
To recap, I am trying to execute the following code on an Xp box with
Tomcat
5.0.27:
Process proc = runtime.exec(cmd.exe /C shutdown -r -f -m \\myPC -t
50);
int exitVal = proc.waitFor();
When this runs the proc exits with a value of 0 but nothing happens (no
re-boot) and no exceptions are thrown.
I have tried running the code from a batch file and without the cmd.exe
/C
bit.
I have tried running Tomcat from the command line (not as service).
I have tried allowing all permissions in the catalina.policy file:
grant codeBase file:${catalina.home}/webapps/ROOT/WEB-INF/classes/- {
permission java.security.AllPermission *;
};
I CAN successfully set the the system time and date using the same
approach
though.
I have absolutely no idea on this now.
Thanks,
Andy
_
Express yourself with cool new emoticons
http://www.msn.co.uk/specials/myemo
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business
communication, and may contain information that is confidential, proprietary
and/or privileged. This e-mail is intended only for the individual(s) to whom
it is addressed, and may not be saved, copied, printed, disclosed or used by
anyone else. If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender. Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error Preventing upgrade to Tomcat 5
Chris Cherrett wrote:
I have found a work around. It would require that we werite our jsps.
If I pass this to my controller it crashes in Tomcat 5
document.frmGeneral.taskService.value = /;
This works
document.frmGeneral.taskService.value = ;
Does this help?
Yes. I will still fix the problem (bad code)
Thanks!
-- Jeanfrancois
Thanks
On Monday 29 November 2004 06:23 pm, Jean-Francois Arcand wrote:
From the source, it possible our code need a fix. Can you open a bug
and attach a test case? Mainly, this line is failling:
199 // The first scenario occurs when the jsp is not
directly under / 200 // example: /utf16/foo.jsp
201 if (requestUri != null){
202 String currentIncludedUri
203 =
requestUri.substring(requestUri.indexOf(includeUri)); 204
probably the indexOf is returning -1
Thanks
-- Jeanfrancois
Chris Cherrett wrote:
I have tried to solve this now for awhile and can't seem to track it
down. The error only happens in Tomcat 5.
When I call
RequestDispatcher taskDispatcher =
req.getRequestDispatcher(taskServices[c]);
if (taskDispatcher != null)
{
taskDispatcher.include(req, res); //crashed
here }
The request dispatcher gives me the following output:
Nov 29, 2004 5:23:02 PM org.apache.catalina.core.ApplicationDispatcher
invoke SEVERE: Servlet.service() for servlet jsp threw exception
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
at java.lang.String.substring(String.java:1762)
at java.lang.String.substring(String.java:1735)
at
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:202) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat
ionFilterChain.java:237) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte
rChain.java:157) at
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatch
er.java:674) at
org.apache.catalina.core.ApplicationDispatcher.doInclude(ApplicationDispa
tcher.java:576) at
org.apache.catalina.core.ApplicationDispatcher.include(ApplicationDispatc
her.java:501) at
TSIController.TSIController.service(TSIController.java:47) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applicat
ionFilterChain.java:237) at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilte
rChain.java:157) at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve
.java:214) at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve
.java:178) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:
126) at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:
105) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.j
ava:107) at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:14
8) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825
) at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processCo
nnection(Http11Protocol.java:731) at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.
java:526) at
org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowe
rWorkerThread.java:80) at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.
java:684) at java.lang.Thread.run(Thread.java:595)
in exception
java.lang.StringIndexOutOfBoundsException: String index out of range: -1
Any help would be appriciated.
Thanks
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Queries on Embedded Tomcat Server
Mohamed Rafi S wrote: Hi All, I need to run a Embedded Tomcat server in my application. For this, I checked the sample code and docs, and did the needful. My application's main class is ApplicationLoader.java, and in the main() method of my ApplicationLoader.java, I am doing a appLoader.startTomcat(). However, the server which comes up terminates once the main method is complete. How do I make the server run continously ? Any pointers into this ? How do you start the Emnbedded Tomcat? Are you sure there is no swallowed exception? -- Jeanfrancois Thanks, Rafi SM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Functionality of run-as for Servlets
Gunnar Brading wrote: I have been in need of using the run-as tag in a Tomcat-only environment... Is this possible? Reading the source indicates that it wouldn't be possible to get the information about the role the context currently is in. Using the requests in-role methods of course tells me about the user, and not the context. Have I come to the right conclusion? No ;-) You can get access to the Subject by doing Subject.getSubject(AccessController.getContext()) Reading the specs tells me that the functionality is meant for transferring roles to EJB's. Some documentation I found at Sun indicates though that even web-applications should be able to use this. The way SJSAS 8.x is doing that is by using the Subject and then the principal(s) associated with the Subject. -- Jeanfrancois Anyone got more information about this? Cheers, -- gunnar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : RE : RE : RE : RE : how to access Subject after authentifica tion
LERBSCHER Jean-Pierre wrote:
In fact my java options are :
JAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf\Sample_jaas
.config
-Message d'origine-
De : LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 21 juillet 2004 12:13
À : 'Tomcat Users List'
Cc : 'Jeanfrancois Arcand'
Objet : RE : RE : RE : RE : how to access Subject after authentification
The command line is ok !
But I have an exception :
Caused by: java.io.IOException: Impossible de trouver une configuration de
connexion
Hehe :-) Pas mal comme message d'erreur ;-)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:95)
... 33 more
I set
JAVA_OPTS=-DJAVA_OPTS=-Djava.security.auth.login.config=%CATALINA_HOME%\conf
\Sample_jaas.config
I never used JAAS this way so I cannot help you. Are you trying to load
the file from your webapp? Hav eyou try to put the file inside the war?
-- Jeanfrancois
The classe that instantiates the login context is located in common/classes
The standard Catalina.policy containts this permission
grant codeBase file:${catalina.home}/common/- {
permission java.security.AllPermission;
};
Any ideas ?
Thanks in advance!
-Message d'origine-
De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 juillet 2004 19:52
À : Tomcat Users List
Objet : Re: RE : RE : RE : how to access Subject after authentification
LERBSCHER Jean-Pierre wrote:
Could you tell me what is the correct configuration to access the jaas
login
file with this security manager.
You need to start Tomcat using the -security
./catalina.sh start -security
-- Jeanfrancois
Thanks
-Message d'origine-
De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 juillet 2004 18:42
À : Tomcat Users List
Objet : Re: RE : RE : how to access Subject after authentification
Are you both running with the security manager on? I think that's the
problem...
-- Jeanfrancois
LERBSCHER Jean-Pierre wrote:
Matt I am ok with you! I try the two methods and I have the same results
(null) !
Perhaps we have to configure properly tomcat (?) so that it can record the
subject in the session. Perhaps an authenticator ?
Jean François ! any ideas ?
The second method is
Subject.getSubject(java.security.AccessController.getContext());
-Message d'origine-
De : Matt Harrison [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 juillet 2004 17:42
À : 'Tomcat Users List'
Objet : RE: RE : how to access Subject after authentification
I have tried both of these and they both return null!
-Original Message-
From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED]
Sent: 20 July 2004 16:30
To: Tomcat Users List
Subject: Re: RE : how to access Subject after authentification
Two ways:
httpSession.getAttribute(javax.security.auth.subject)
or
Subject.getSubject(AccessControl.getContext())
-- Jeanfrancois
Matt Harrison wrote:
Sorry for mis-reading your email
If anybody out there knows how to retrieve the Subject,
Jean-Pierre and I
would most appreciate it!
But, if, as I suspect, this is not part of the current
servlet spec, and
thus not part of Tomcat, can I make a request for this to be
included next
time round?
I work around this by concatenating all the information I
require from the
subject into the Principal's name in my JAAS login module, as a
java.security.Principal object is available from the request
object in
Tomcat. But I guess this isn't an option for this problem.
Matt
-Original Message-
From: LERBSCHER Jean-Pierre
[mailto:[EMAIL PROTECTED]
Sent: 20 July 2004 15:40
To: 'Tomcat Users List'
Subject: RE : how to access Subject after authentification
Thanks Matt !
My problem is that have to call EJB deployed in Weblogic
application server
from servlet components. I use the weblogic api to propagate
the security
information from tomcat to WLS. This api uses the subject!
Thus it is
necessary that I can reach it.
-Message d'origine-
De : Matt Harrison [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 juillet 2004 15:59
À : 'Tomcat Users List'
Objet : RE: how to access Subject after authentification
Hi
I had a similar question a while back and never really got it fully
resolved, but I found that Tomcat doesn't save the subject as
a session
attribute.
However in your case you don't need to access the subject. In
the web.xml
file for your app, you can define what roles have access to
each resource
(jsp, servlet) and have your JAAS login module assign these
roles to the
subject - i.e. container
Re: RE : how to access Subject after authentification
Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RE : RE : how to access Subject after authentification
Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: RE : RE : RE : how to access Subject after authentification
LERBSCHER Jean-Pierre wrote: Could you tell me what is the correct configuration to access the jaas login file with this security manager. You need to start Tomcat using the -security ./catalina.sh start -security -- Jeanfrancois Thanks -Message d'origine- De : Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 18:42 À : Tomcat Users List Objet : Re: RE : RE : how to access Subject after authentification Are you both running with the security manager on? I think that's the problem... -- Jeanfrancois LERBSCHER Jean-Pierre wrote: Matt I am ok with you! I try the two methods and I have the same results (null) ! Perhaps we have to configure properly tomcat (?) so that it can record the subject in the session. Perhaps an authenticator ? Jean François ! any ideas ? The second method is Subject.getSubject(java.security.AccessController.getContext()); -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 17:42 À : 'Tomcat Users List' Objet : RE: RE : how to access Subject after authentification I have tried both of these and they both return null! -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 16:30 To: Tomcat Users List Subject: Re: RE : how to access Subject after authentification Two ways: httpSession.getAttribute(javax.security.auth.subject) or Subject.getSubject(AccessControl.getContext()) -- Jeanfrancois Matt Harrison wrote: Sorry for mis-reading your email If anybody out there knows how to retrieve the Subject, Jean-Pierre and I would most appreciate it! But, if, as I suspect, this is not part of the current servlet spec, and thus not part of Tomcat, can I make a request for this to be included next time round? I work around this by concatenating all the information I require from the subject into the Principal's name in my JAAS login module, as a java.security.Principal object is available from the request object in Tomcat. But I guess this isn't an option for this problem. Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 15:40 To: 'Tomcat Users List' Subject: RE : how to access Subject after authentification Thanks Matt ! My problem is that have to call EJB deployed in Weblogic application server from servlet components. I use the weblogic api to propagate the security information from tomcat to WLS. This api uses the subject! Thus it is necessary that I can reach it. -Message d'origine- De : Matt Harrison [mailto:[EMAIL PROTECTED] Envoyé : mardi 20 juillet 2004 15:59 À : 'Tomcat Users List' Objet : RE: how to access Subject after authentification Hi I had a similar question a while back and never really got it fully resolved, but I found that Tomcat doesn't save the subject as a session attribute. However in your case you don't need to access the subject. In the web.xml file for your app, you can define what roles have access to each resource (jsp, servlet) and have your JAAS login module assign these roles to the subject - i.e. container managed security. e.g. add to web.xml (gives access to logins with role user to all of your application): security-constraint web-resource-collection web-resource-namemyApplication/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameuser/role-name /auth-constraint /security-constraint security-role role-nameuser/role-name /security-role see the tomcat docs for more info Matt -Original Message- From: LERBSCHER Jean-Pierre [mailto:[EMAIL PROTECTED] Sent: 20 July 2004 14:42 To: '[EMAIL PROTECTED]' Subject: how to access Subject after authentification Hi, I am using JAAS authentification module to authenticate user within tomcat 5.0.27. After the authentification, I want to control access to resources (like ejb deployed in weblogic application server). To control access, I have to use weblogic api with the Subject instance delivred by authentification to tomcat. The problem is : how can I get the subject object.. I try session.getAttribute( javax.security.auth.subject ); but it seems that I can't access to this information ! Any ideas? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: Accessing javax.security.auth.Subject within a session
Matt Harrison wrote: Hi I've implemented a JAAS Realm authentication module for my servlet/JSP web-app which is working a treat. Can anybody tell me how to access in my servlets the javax.security.auth.Subject object generated at login? You can get it using Subject.getSubject(AccessController.getContext()) This fronts an existing application and I would like to store the user-specific jdbc database connection object generated at login as a credential within the Subject and use it within the session context of my web-app. I know that I could capture the username and password with a filter and recreate the db connection post authentication, but I guess this kind of defeats the purpose of container based security and creates unnecessary session creation work at the database. Tomcat 5 store the Subject as an attribute. Do a: getAttribute(javax.security.auth.subject) but this will not be portable (will works with JBoss/SunOne :-) ). An new API willprobably be added in Servlet 2.5 to address that missing part. -- Jeanfrancois Thanks in advance Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Second try: Embedded Tomcat 5.0: servlet mappings added to context after start do not work. Looking for suggestions...
[EMAIL PROTECTED] wrote: I have an application which embeds tomcat 4.1.12. It dynamically creates contexts, adding wrappers for servlets, etc. Due to the dynamic nature of this application, it can add and remove servlet mappings after the context has been started (added into a host in the started engine). This works fine under 4.1.12. Now I am trying to upgrade to Tomcat 5, specifically 5.0.24, and this fails. Servlet mappings added via context.addServletMapping() before the context is started work fine, but servlet mappings added afterward do not work. I've searched the archives and found no mention of this. After some debugging of the running engine, here is what I find: 1. Initial mapping of incoming requests is now based upon a Mapper within the CoyoteConnector, and the Mapper held within a StandardContext is no longer consulted on a per-request basis. 2. CoyoteConnector(s) retrieve all mapping information from new contexts, so they are initially correct. 3. Subsequently added/removed servlet mappings are maintained within the StandardContext's Mapper, but do *not* get propagated to the Connector. Yes, that's the way it works. Is this a bug? No. Is there some way of working around this? You may want to explore JMX to add your mapping to the mapper (instead of using the Embedded interface) Just take a look at http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-5/resources/mbeans/tomcat5-ant.xml?rev=1.16view=markup At the time I am adding mappings to a Context, I do not have a reference to the associated Connector, or I could (also) tell the Connector about the servlet mapping. Any suggestions? You may want to file an RFE in bugzilla. I may take a look and see if I can add the feature ( I need to investigate first) -- Jeanfrancois __ David S. Johnson DeskNet Inc. 66 Pearl Street, Suite 300 Portland, ME 04101 Phone: 207-772-1484 x13 FAX: 207-773-6133 http://www.desknetinc.com Harness the Power of Your Content - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and JSF
snpe wrote: Is there plan that tomcat support JSF specification ? JSF has been tested on both 4.1.x and 5.x. Just bundle the JSF lib with your war files. -- Jeanfrancois regards Haris Peco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Programmatic Authentication?
Yes, just write your own extension of org.apache.catalina.Realm (or extend o.a.c.realm.RealmBase)and read: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html then follow the instruction on how to install your own valve (search the list :-) ) -- Jeanfrancois Carl Howells wrote: Is it possible to set the Principal and Roles for a session in a manner which will satisfy a role-name security constraint programmatically? At all? I don't mind ignoring the servlet spec and doing something tomcat-specific. This is something that vitally needs to be done on my project. Thanks for any solutions... Carl Howells - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: video/x-ms-wmv mime-type added for wmv files, but doesn't seem to work
Patrick Willart wrote: Hello, I've added the following to my conf/web.xml but it looks like Tomcat (5.0.18) isn't picking this up. It's serving the file as a plain text file. I've tried adding the mime-mapping to my applications web.xml but also without result. mime-mapping extensionwmv/extension mime-typevideo/x-ms-wmv/mime-type /mime-mapping I have added mime-mappings before and those seem to work. Does anybody have an idea what's wrong? Any exceptions visible? Open server.xml, search for xmlValidation and xmlNamespaceAware. But both value set to true. Restart Tomcat. Is the web.xml well parsed? -- Jeanfrancois Thanks, Patrick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Socket Create not supported
Nikhil Sidhaye wrote: Hello Friends, Recently I got strange error on tomcat startup. I tried tomcat 4.0 as well as tomcat 5.0. But it shut down by giving strange error. Socket create is not supported. while in tomcat 5.0 it gives the same error indicating port no 8005 which is for tomcat shutdown port. I change ports but in vain. Machine Configuration : Old Laptop having win98 with 32MB RAM. Java 1.4.1 is installed. Same tomcat runs well on everywhere. What may be the problem? Are you running with the SecurityManager enabled? What is the exception? -- Jeanfrancois ./Nikhil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Embedded Tomcat and SSL
Sander Smith wrote: I have a problem that I'm unfortunately finding little documentation to help. I'm writing a servlet and embedding it in a larger Java program by using the org.apache.catalina.startup.Embedded class. Things have been working fine up until now. I'm currently trying to add SSL support so that the servlet can operate securely. The only information that I can find about configuring Tomcat to do this is in the config files. This won't work for me - I need to do it programmatically like I'm doing everything else. From what I can understand, I need to create a connector for port 443, and then attach a special socket factory that deals in SSL to this connector. I thought I've done this, as well as configuring this socket factory to read the keystore where I have the necessary certificates. What I see when I run this code is I can connect to port 80 correctly (as was working before), and I can even connect to 443 if I specify http and this works (not sure why). If I try https with 443 then my browser just hangs and I can't seem to see anything going on at the server side. I've created my keystore properly. I acted as my own CA and dummied it all up - even installed the root certificate into Windows so that the browser could find it correctly. For some reason, I don't even think that the keystore file is being accessed. Any ideas on what I need to do? I'm attaching the important parts of the code that worked before and what I did to change it. You don't need to set the SSLServerSocketFactory. All you need to do is to call: connector.setKeyAlias(...) directly. Tomcat will take care of creating the factory. Thanks. -- Jeanfrancois Thanks for any help, Sander Smith // standard stuff to embed Tomcat Engine engine = null; // Set the home directory System.setProperty(catalina.home, getPath().externalForm()); // Create an embedded server embedded = new Embedded(); // print all log statements to standard error embedded.setDebug(0); // Create an engine engine = embedded.createEngine(); engine.setDefaultHost(localhost); // Create a default virtual host host = embedded.createHost(localhost, webapps); engine.addChild(host); Context context = embedded.createContext(/xxx, xxx.war); context.addParameter(INSTALL_DIR, getPath().externalForm()); host.addChild(context); // Install the assembled container hierarchy embedded.addEngine(engine); /*** ^ Start SSL Code ***/ SSLServerSocketFactoryssf = new SSLServerSocketFactory(); ssf.setKeystoreFile(c:\\KS.Keystore); ssf.setKeystorePass(KSPASSWORD); // Assemble and install a default HTTP connector Connector connector = embedded.createConnector(null, 80, false); embedded.addConnector(connector); connector = embedded.createConnector(null, 443, true); connector.setFactory(ssf); embedded.addConnector(connector); /*** ^ END SSL Code ***/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.ClassCircularityError
Viktor Matic wrote: On Wed, 2004-05-19 at 18:49, Jeanfrancois Arcand wrote: /*This line is in servlet service method*/ Subject.doAsPrivileged(subject, new SecuredActions(), null ); Yes, that's probably the problem since SecurityUtil has already set that value. The AccesControlContext already has the Subject attached to it. You may want to try: Subject.getSubject(AccessController.getContext()); I have checked SecurityUtil class. If I understand it well it invokes servlet service method with the doAsPrivileged and the subject cached in the HttpSession. If I check current Subject with Subject.getSubject(AccessController.getContext()) inside service method before I call my doAsPrivleged it returns null. So I use my subject (which I get from login context with lc.getSubject()) to execute Subject.doAsPrivileged(subject, new SecuredActions(), null ) protected code which in turn check the subject permission. So I can try to describe whole situation as I see it: First, servlet service method is called as doAsPrivileged with null subject (which is cached in HttpSession) then I invoke doAsPrivileged within service method with subject generated in Login procedure on SecuredAction class. Here something goes wrong and I can't get what!? This is probably related to the subject configuration. Can you create a small test case that reproduce the problem? I will be able to better see what's happening. (P.S. This works fine on tomcat 4.1.30 maybe we should check SecurityUtil class implementation there?) There is no such class in 4.x. This was added in 5.x. That's why I suspect the problem is with that class. Thanks -- Jeanfrancois Viktor - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.lang.ClassCircularityError
Viktor Matic wrote: We are getting java.lang.ClassCircularityError on the Tomcat 5.0.x (we have tested the same code on a following releases 5.0.18, 5.0.19 and 5.0.24). The java source code, which we have used for the testing purposes, consists of the servlet which use our custom implementation of the java.security.Policy to test user rights to execute action. This code pass JUnit tests and works fine if it is called isolated out of the Tomcat (called through class with the main method). It also works fine on Tomcat 4.1.30. Since improvement list for Tomcat 5.0.x states that Security Manager support is enhanced from 4.1.x release maybe there is something we are missing to implement or maybe there is a new bug in the catalina class loader when it is used with java.security.manager. It is important to state that out application sets our policy (Policy.setPolicy(new OurPolicy())). We are pretty sure that we have configured Tomcat properly because everything works fine on older Tomcat. Well, take a look at org.apache.catalina.security.SecurityUtil. I am setting the Subject/AccessControlContext there. I think that might cause your problem, but I need more info ;-). AnybodyPrincipal is trying to do what? -- Jeanfrancois Here is error stack trace: root cause: java.lang.ClassCircularityError: com/ingemark/security/AnybodyPrincipal com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65) com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89) com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67) com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) java.lang.SecurityManager.checkPermission(SecurityManager.java:524) java.lang.SecurityManager.checkRead(SecurityManager.java:863) java.io.File.exists(File.java:678) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) com.ingemark.security.SimpleGroup.isMember(SimpleGroup.java:65) com.ingemark.security.NestableGroup.isMember(NestableGroup.java:89) com.ingemark.security.PolicyEntry.contains(PolicyEntry.java:67) com.ingemark.security.PolicyEntry.implies(PolicyEntry.java:105) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:72) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:437) com.ingemark.experiments.ServletSec.service(ServletSec.java:181) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:500) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157) I will be happy to present this problem in more details if
Re: java.lang.ClassCircularityError
Viktor Matic wrote: On Wed, 2004-05-19 at 17:23, Jeanfrancois Arcand wrote: Well, take a look at org.apache.catalina.security.SecurityUtil. I am setting the Subject/AccessControlContext there. I think that might cause your problem, but I need more info ;-). AnybodyPrincipal is trying to do what? -- Jeanfrancois Thanks for fast replay. I'll check org.apache.catalina.security.SecurityUtil. Problem is manifested in line 65 of class SimpeGroup and this line checks is group member instance of AnybodyPrincipal isMember = (member instanceof com.ingemark.security.AnybodyPrincipal) The AnybodyPrincipal is a simple class which returns true if it is compared to any real principal. But I think that real problem is not in implementation of this class than more likely in the class loader which tests permissions to read this particular class. For example if I comment out line 65 (which is not crucial for this test) and try it again ClassCircularityError arise on different place, as it can be seen in the following error stack dump: java.lang.ClassCircularityError: com/ingemark/experiments/PermissionName$NameLengthComparator com.ingemark.experiments.NamespacePermissionCollection.init(NamespacePermissionCollection.java:22) com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66) java.security.Permissions.getPermissionCollection(Permissions.java:245) java.security.Permissions.add(Permissions.java:110) com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) java.lang.SecurityManager.checkPermission(SecurityManager.java:524) java.lang.SecurityManager.checkRead(SecurityManager.java:863) java.io.File.exists(File.java:678) org.apache.naming.resources.FileDirContext.file(FileDirContext.java:826) org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:208) org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:287) org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClassLoader.java:1707) org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1575) org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:860) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1307) org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1189) java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) com.ingemark.experiments.NamespacePermissionCollection.init(NamespacePermissionCollection.java:22) com.ingemark.experiments.NamespacePermission.newPermissionCollection(NamespacePermission.java:66) java.security.Permissions.getPermissionCollection(Permissions.java:245) java.security.Permissions.add(Permissions.java:110) com.ingemark.security.PolicyEntry.getPermissions(PolicyEntry.java:50) com.ingemark.security.AuthorizationInfo.getPermissions(AuthorizationInfo.java:73) com.ingemark.security.SecurityPolicy.getPermissions(SecurityPolicy.java:95) java.security.Policy.implies(Policy.java:397) java.security.ProtectionDomain.implies(ProtectionDomain.java:189) java.security.AccessControlContext.checkPermission(AccessControlContext.java:254) java.security.AccessController.checkPermission(AccessController.java:401) com.ingemark.experiments.ServletSec$SecuredActions.run(ServletSec.java:207) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:437) com.ingemark.experiments.ServletSec.service(ServletSec.java:181) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) java.lang.reflect.Method.invoke(Method.java:324) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:241) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:500) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:263) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:157) This time execution breaks on different place but in a same conditions catalina class loader tries to load the class (com/ingemark/experiments/PermissionName$NameLengthComparator) and loops there checking read permission. Here is peace of servlet code which triggers this behavior .. /*This line is in servlet service method
Re: javax.security.auth.subject disappears
Janne Väänänen wrote:
I resolved this. The problem was in SecurityUtil.java execute method.
fixed code in execute method:
...
if (subject == null){
subject = new Subject();
//I added following two lines
if (principal != null)
subject.getPrincipals().add(principal);
OK I will take a look and port your fix.
Thanks
-- Jeanfrancois
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
...
-Original Message-
From: Janne Väänänen
Sent: 17. toukokuuta 2004 12:12
To: [EMAIL PROTECTED]
Subject: javax.security.auth.subject disappears
Filter detected spam
Hi,
I'm running tomcat 5 with -security option and I'm using JAAS login module.
In the jsp pages in first request after I have identified my self Subject is null.
When I hit refresh (second request) Subject is correct subject with principals etc.
But after that in all requests Subject is empty, no principals etc.
I use follwing code to get Subject:
AccessControlContext acc = AccessController.getContext();
Subject sub = Subject.getSubject(acc);
I checked tomcat src code that it uses javax.security.auth.subject attribute to store
Subject in session.
CoyoteRequest.java
public void setUserPrincipal(Principal principal) {
if (System.getSecurityManager() != null){
HttpSession session = getSession(false);
if ( (subject != null)
(!subject.getPrincipals().contains(principal)) ){
subject.getPrincipals().add(principal);
} else if (session != null
session.getAttribute(Globals.SUBJECT_ATTR) == null) {
subject = new Subject();
subject.getPrincipals().add(principal);
}
if (session != null){
session.setAttribute(Globals.SUBJECT_ATTR, subject);
}
}
this.userPrincipal = principal;
}
I guess that session.getAttribute(Globals.SUBJECT_ATTR) is somehow null after second
request..
Any ideas what is causing this and how can I fix it?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
Rossen Raykov wrote: Probably you can define interface and use casting while you are accessing your Principle implementation. Frankly, I didnt try it but it seems like usable solution. There is another technique that is quarantined to work though. It is very simple and employs only Javas Reflection. Four days ago I send an e-mail to [EMAIL PROTECTED] explaining how Reflection may be used to extract users password from org.apache.catalina.realm.GenericPrincipal and so fare I didnt get any response. Probably this is not treated as security issue so let me make it public. Attached you will find my original e-mail to [EMAIL PROTECTED] explaining how this may be accomplished and how one can protect himself from such exposure. With the Security Manager turned on, this hack will not work. So there is no security issue here. Of course without SecurityManager, you can do whatever you want. -- Jeanfrancois Regards, Rossen Raykov -Original Message- From: John H [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 1:32 PM To: Tomcat Users List Subject: Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question Webapps can see GenericPrincipal only when I move catalina.jar to common/lib. That's the kicker. Catalina has supplied a nice generic principal that implements java.security.Principal in useful ways, but then prevents me from using it in my webapps (directly or through extensions). I must be missing the reasoning behind that. - Original Message - From: Benjamin Armintor [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, April 15, 2004 12:34 PM Subject: RE: Extending GenericPrincipal/RealmBase: Essentially a classloader question Can your webapps see GenericPrincipal? Looking at the JavaDocs for the Catalina api, it looks like the session faade your get app gets is going to have access to a java.security.Principal (likely also a faade), not a GenericPrincipal. Maybe instead of extending a class in the server/Catalina classloader, you could implement another subclass of java.security.Principal, and have that class loaded in the common classloader. Benjamin J. Armintor Systems Analyst ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: John H [mailto:[EMAIL PROTECTED] Sent: Thursday, April 15, 2004 11:25 AM To: Tomcat Users List Subject: Extending GenericPrincipal/RealmBase: Essentially a classloader question HI all, He have implemented our own realm and principal buy extending org.apache.catalina.realm.RealmBase and GenericPrincipal. (Using TC5.0.19 on Solaris and Windows. Realm defined in Context.) By doing this, however, we've got ourselves into sort of a catch 22 in terms of classloading. Hopefully someone can offer some assistance. I've referenced the Class Loader HOW-TO at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-h owto.html, so I'll use it's terminology. RealmBase and GenericPrincipal are located in catalina.jar, which resides physically in server/lib. The howo defines this jar as in the Catalina class loader. The definition says that the Catalina classes are totally invisible to web applications, which seems true enough. In order to extend these, I must locate my jar in server/lib. So far so good. The problem is that I need to use my extension of GenericPrincipal within my webapps. I tried moving my jar to common/lib, since, according to the parent tree in the howto, it is visible to both the Catalina branch and the webapp branch. Doing this causes a NoClassDefFoundError for GenericPrincipal. Apparently since the Catalina classloader is below the common classloader, it can't find GenericPrincipal. The only solution that appears to work is moving the entire contents of server/lib to common/lib, essentially 'promoting' all of the classes normally in the Catalina class loader to the common class loader. Is this the best solution? It seems to me that I should be able to extend RealmBase/GenericPrincipal without having to move jars around. Any ideas? John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Subject: Principal's password exposure From: Rossen Raykov [EMAIL PROTECTED] Date: Sun, 11 Apr 2004 23:31:07 -0400 To: [EMAIL PROTECTED] Tomcat's implementation of java.security.Principal org.apache.catalina.realm.GenericPrincipal is exposing user's password to the applications. Class info: GenericPrincipal is having method declared as: code public String getPassword() /code which returns principal's password. This method is used by the various
Re: security permissions
Andrea Powles wrote:
Hi Tomcat users,
I wish for one of my web apps in Tomcat to execute another program on my computer using the exec method. I know that I cant currently do this due to the security restrictions.
I have tried changing the Catalina policy file but Im unsure of exactly what to do so it didnt work. Can someone please advise me of exactly what I need to add or modify in order for my web app to have all permissions.
I am aware of the security risks but at this stage it is more important that I get my application to work. My web app runs as a servlet and is in a web app directory called ruddis.
try the following in catalina.policy:
// These permissions apply only to your application
grant codeBase file:${catalina.home}/webapps/your webapp/- {
permission java.security.AllPermission;
};
-- Jeanfrancois
Thanks in advance
Andrea Powles
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
John H wrote:
Thanks for the replies.
I've tried some of the suggestions, and I guess I've hit a wall again.
From what I'm seeing, in order extend RealmBase/GenericPrincipal, your class
MUST exist in server/lib (given the default configuration). I see no other
way, unless I'm missing something. RealmBase is in catalina.jar, which is in
server/lib and is in the catalina classloader. In order for a class to
extend this, it too must be in the catalina classloader.
I tried this modification to catalina.properties:
common.loader=${catalina.base}/common/classes,${catalina.base}/common/endors
ed/*.jar,
${catalina.base}/common/lib/*.jar,${catalina.base}/server/classes,${catalina
.base}/server/lib/*.jar
(note my extension classes are in bbarealm.jar, which is in server/lib)
Withouth making any more changes (other than moving tomcat's jar's back to
their original locations), this worked. This seems exactly like moving all
the files from server/lib (including my bbarealm.jar) to common/lib, though.
Then I tried this: I moved my bbarealm.jar to shared/lib (making it visible
to the apps), changed the common loader back to it's original form, and
added
${catalina.home}/shared/lib/bbarealm.jar to the sever.loader line. This
results in a NCDF for org.apache.catalina.realm.RealmBase
StrangeLet me investigate :-)
Have you tried the privileged attribute in context.xml instead? I'm
confident it will work for what you are trying to do.
*pulls hair* I'm not sure how catalina.policies is going to help me. This
isn't an priviledges issue. It's a classloader issue. The only classloader
that seems to allow me to extend RealmBase/GenericPrincipal is the catalina
classloader, and can't see a way to add a class to this classloader (other
than sticking it in server/lib, which makes it invisible to my apps!). There
is no 'catalina.loader' line in catalina.properties.
Yes, but if all the web app you are deploying needs to have the
privileged attribute, then you might want to turn on the SecurityManager.
-- Jeanfrancois
*sigh* Any thoughts?
- Original Message -
From: Jeanfrancois Arcand [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, April 15, 2004 2:55 PM
Subject: Re: Extending GenericPrincipal/RealmBase: Essentially a classloader
question
John H wrote:
HI all,
He have implemented our own realm and principal buy extending
org.apache.catalina.realm.RealmBase and GenericPrincipal.
(Using TC5.0.19 on Solaris and Windows. Realm defined in Context.)
By doing this, however, we've got ourselves into sort of a catch 22 in
terms of classloading. Hopefully someone can offer some assistance.
I've referenced the Class Loader HOW-TO at
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html, so
I'll use it's terminology.
RealmBase and GenericPrincipal are located in catalina.jar, which resides
physically in server/lib. The howo defines this jar as in the Catalina class
loader. The definition says that the Catalina classes are totally invisible
to web applications, which seems true enough. In order to extend these, I
must locate my jar in server/lib. So far so good.
The problem is that I need to use my extension of GenericPrincipal within
my webapps.
I tried moving my jar to common/lib, since, according to the parent tree
in the howto, it is visible to both the Catalina branch and the webapp
branch. Doing this causes a NoClassDefFoundError for GenericPrincipal.
Apparently since the Catalina classloader is below the common classloader,
it can't find GenericPrincipal.
The only solution that appears to work is moving the entire contents of
server/lib to common/lib, essentially 'promoting' all of the classes
normally in the Catalina class loader to the common class loader.
Is this the best solution? It seems to me that I should be able to extend
RealmBase/GenericPrincipal without having to move jars around.
Any ideas?
One way will be to define, in your context.xml, the attribute
privileged=true. This will give the web app access to all the
server/lib classes (but that's not secure since your web app can play
with the catalina internal).
If you can turn the SecurityManager on, then what you can do after is
turning it on (this will protected all catalina classes from package
definition/insertionsee catalina.properties for the list of
protection), you can then add your web app codebase in the
catalina.policy so only your web app will be able to use the catalina.jar.
I don't see any other way to achieve what you want to do.
-- Jeanfrancois
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Extending GenericPrincipal/RealmBase: Essentially a classloader question
John H wrote: HI all, He have implemented our own realm and principal buy extending org.apache.catalina.realm.RealmBase and GenericPrincipal. (Using TC5.0.19 on Solaris and Windows. Realm defined in Context.) By doing this, however, we've got ourselves into sort of a catch 22 in terms of classloading. Hopefully someone can offer some assistance. I've referenced the Class Loader HOW-TO at http://jakarta.apache.org/tomcat/tomcat-5.0-doc/class-loader-howto.html, so I'll use it's terminology. RealmBase and GenericPrincipal are located in catalina.jar, which resides physically in server/lib. The howo defines this jar as in the Catalina class loader. The definition says that the Catalina classes are totally invisible to web applications, which seems true enough. In order to extend these, I must locate my jar in server/lib. So far so good. The problem is that I need to use my extension of GenericPrincipal within my webapps. I tried moving my jar to common/lib, since, according to the parent tree in the howto, it is visible to both the Catalina branch and the webapp branch. Doing this causes a NoClassDefFoundError for GenericPrincipal. Apparently since the Catalina classloader is below the common classloader, it can't find GenericPrincipal. The only solution that appears to work is moving the entire contents of server/lib to common/lib, essentially 'promoting' all of the classes normally in the Catalina class loader to the common class loader. Is this the best solution? It seems to me that I should be able to extend RealmBase/GenericPrincipal without having to move jars around. Any ideas? One way will be to define, in your context.xml, the attribute privileged=true. This will give the web app access to all the server/lib classes (but that's not secure since your web app can play with the catalina internal). If you can turn the SecurityManager on, then what you can do after is turning it on (this will protected all catalina classes from package definition/insertionsee catalina.properties for the list of protection), you can then add your web app codebase in the catalina.policy so only your web app will be able to use the catalina.jar. I don't see any other way to achieve what you want to do. -- Jeanfrancois John - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to find the Realm of my application?
You will need to write a valve in you want to interact with a Realm. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html The Realm is not available either to the servlet nor filter. -- Jeanfrancois Zsolt Koppany wrote: Hi, how can I find the Realm of my tomcat application from a servlet or a filter? The reason is I want to call the authenticate method depending on application logic. I use tomcat-5. Zsolt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RPM for Tomcat 4.1.30 ?
Philippe Couas wrote: Hi, Anyone know where i can found RPM for Tomcat 4.1.30 ? jpackage has Tomcat 5 (I did look for Tomcat 4.x...maybe it's there) http://www.jpackage.org/rpm.php?id=2571 -- Jeanfrancois Regards Philippe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: RPM for Tomcat 4.1.30 ?
Jeanfrancois Arcand wrote: Philippe Couas wrote: Hi, Anyone know where i can found RPM for Tomcat 4.1.30 ? Here : http://www.jpackage.org/rpm.php?id=2570 :-) -- Jeanfrancois jpackage has Tomcat 5 (I did look for Tomcat 4.x...maybe it's there) http://www.jpackage.org/rpm.php?id=2571 -- Jeanfrancois Regards Philippe - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error about ConfigListener.class
patrick khadra wrote: When I start tomcat 5, I always get this error. I tried to delete the configListener.class of the jsf-ri.jar that i need for my jsf application, but i still get a similar error about the ConfigListener.class and my webapp can't run. What should I do to make my jsf webapp with an Action Listener run? Thanks for any help. ConfigListener is very important to JSF (will not work if you remove it). Are you running with the security manager turned on? Do you have multiple version of jsf installed (ex: under common/lib/) -- Jeanfrancois error: 2004-03-30 21:37:47 StandardContext[/projet]Error configuring application listener of class com.sun.faces.config.ConfigListener java.lang.SecurityException: class com.sun.faces.config.ConfigListener's signer information does not match signer information of other classes in the same package at java.lang.ClassLoader.checkCerts(ClassLoader.java:599) at java.lang.ClassLoader.defineClass(ClassLoader.java:532) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3721) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4270) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:866) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:850) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:638) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.java:320) at org.apache.catalina.core.StandardHost.install(StandardHost.java:875) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:657) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:476) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1008) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:394) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1134) at org.apache.catalina.core.StandardHost.start(StandardHost.java:832) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345) at org.apache.catalina.startup.Catalina.start(Catalina.java:594) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398) _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Error about ConfigListener.class
Have you previously run JavaServer Faces applications? If yes, you should remove the web server's cached files before migrating to the new release. So, the cached files in |TOMCAT_HOME/work/Catalina/localhost/jsf-*|. should be removed before restarting the server. I usually remove entire work directory to be on the safe side. There are similar complaints on the JSF forum but they all turned out to be a caching issue. -- Jeanfrancois pkhadra24 wrote: I have download the jsf_1-0.zip from java.sun.com and extract it in WEB-INF/lib of my webapp folder. I have build my war file with ant-1.6.1 then copied it to the webapps folder of tomcat-5.0.19. I have the j2sdk1.4.2_03 installed on my machine. When i start tomcat i have this error. - Original Message - From: Jeanfrancois Arcand [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, April 01, 2004 5:48 PM Subject: Re: Error about ConfigListener.class patrick khadra wrote: When I start tomcat 5, I always get this error. I tried to delete the configListener.class of the jsf-ri.jar that i need for my jsf application, but i still get a similar error about the ConfigListener.class and my webapp can't run. What should I do to make my jsf webapp with an Action Listener run? Thanks for any help. ConfigListener is very important to JSF (will not work if you remove it). Are you running with the security manager turned on? Do you have multiple version of jsf installed (ex: under common/lib/) -- Jeanfrancois error: 2004-03-30 21:37:47 StandardContext[/projet]Error configuring application listener of class com.sun.faces.config.ConfigListener java.lang.SecurityException: class com.sun.faces.config.ConfigListener's signer information does not match signer information of other classes in the same package at java.lang.ClassLoader.checkCerts(ClassLoader.java:599) at java.lang.ClassLoader.defineClass(ClassLoader.java:532) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) at org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLo ader.java:1677) at org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.jav a:900) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1350) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1230) at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java: 3721) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4270) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:8 66) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:850) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:638) at org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.j ava:320) at org.apache.catalina.core.StandardHost.install(StandardHost.java:875) at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:657) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:476) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1008) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:394) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:166) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1134) at org.apache.catalina.core.StandardHost.start(StandardHost.java:832) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1126) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:521) at org.apache.catalina.core.StandardService.start(StandardService.java:519) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2345) at org.apache.catalina.startup.Catalina.start(Catalina.java:594) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398) _ The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: problem with security manager and manager webapp
Jason Keltz wrote:
Hi.
I've been using the manager webapp, but after enabling the security
manager (-security on tomcat startup), the manager doesn't run any longer,
giving this error:
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException: Wrapper cannot find servlet class
org.apache.catalina.manager.ManagerServlet or a class it depends on
And in the log file, I see that:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
That's abug bug on our side. I will take a look latter today. As a
workaround, you can do:
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina;
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina;
or remove that package in catalina.properties.
-- Jeanfrancois
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1491)
at java.lang.ClassLoader$1.run(ClassLoader.java:313)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:311)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:537)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230)
at
org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:962)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:958)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:187)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:587)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
---
In the default Catalina.policy file, I see:
// libraries installed in the server directory
grant codeBase file:${catalina.home}/server/- {
permission java.security.AllPermission;
};
Why can I not get the manager app to work with the security manager
enabled?
Thanks,
Jason Keltz
[EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with security manager and manager webapp
Jason Keltz wrote:
Hi Jeanfrancois,
I'm not sure now if it's a bug or not. I realized that the problem is
that the code in catalina.policy to allow access refers to
${catalina.home}:
// These permissions apply to the container's core code, plus any additional
// libraries installed in the server directory
grant codeBase file:${catalina.home}/server/- {
permission java.security.AllPermission;
};
I had copied the server directory to CATALINA_BASE to get the manager
app working a while ago. The default context for the manager app refers
to ../server, which, of course wouldn't otherwise exist in CATALINA_BASE
unless copied. When the conf directory along with
Catalina/localhost/manager.xml was copied to CATALINA_BASE, the manager
app couldn't be found.
I've tried these two things and they both work:
1) Change ${catalina.home}/server to ${catalina.base}/server
2) Get rid of the server directory in CATALINA_BASE, and change
the context descriptor for the manager app in the CATALINA_BASE
directory to refer to the full path to the manager in CATALINA_HOME. Now,
the existing security policy works.
Yes, except it is not supposed to work like that. I will try to fix it
tonigh or tomorrow.
Thanks
-- Jeanfrancois
Jason.
On Tue, 16 Mar 2004, Jeanfrancois Arcand wrote:
Jason Keltz wrote:
Hi.
I've been using the manager webapp, but after enabling the security
manager (-security on tomcat startup), the manager doesn't run any longer,
giving this error:
type Exception report
message
description The server encountered an internal error () that prevented it
from fulfilling this request.
exception
javax.servlet.ServletException: Wrapper cannot find servlet class
org.apache.catalina.manager.ManagerServlet or a class it depends on
And in the log file, I see that:
java.security.AccessControlException: access denied
(java.lang.RuntimePermission accessClassInPackage.org.apache.catalina)
That's abug bug on our side. I will take a look latter today. As a
workaround, you can do:
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina;
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina;
or remove that package in catalina.properties.
-- Jeanfrancois
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
at
java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1491)
at java.lang.ClassLoader$1.run(ClassLoader.java:313)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.checkPackageAccess(ClassLoader.java:311)
at java.lang.ClassLoader.defineClass0(Native Method)
at java.lang.ClassLoader.defineClass(ClassLoader.java:537)
at
java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLoader.java:1677)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.java:900)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1350)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1230)
at
org.apache.catalina.core.StandardWrapper$1.run(StandardWrapper.java:962)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:958)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:187)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:587)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:567)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:184)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
---
In the default Catalina.policy file
Re: Any Known issues with TomCat and Solaris9?
Chris Wilt wrote: Are there any known issues with TomCat running on a Solaris9 OS? I am currently running TomCat v4.1.27 running on Solaris 2.6 and we are in the process of upgrading to Solaris9. Not that I am aware of. Works fine for us. -- Jeanfrancois Thanks in advance for your help. -- Chris Wilt Systems Consultant - iPlanet Email Support IBM E-enablement Services/Calgary Health Region 227 - 11th Ave. SW; Calgary, Alberta; T2R 1R9 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader issues
SH Solutions wrote:
Hi
I experience problems using 5.0.18 that did not occur running 4.0.6, but I
do NOT want to revert to it.
Maybe you could help me:
Actually I have a system that uses classloaders for loading add-in groups.
The two most important functions are:
protected Class findClass( String className )
throws ClassNotFoundException
{
if ( className.startsWith( com.companyname. ) )
return getClass().getClassLoader().loadClass( className );
byte classData[] = getTypeFromBasePath( className );
if ( classData == null )
throw new ClassNotFoundException();
return defineClass( className, classData, 0, classData.length );
}
private byte[] getTypeFromBasePath( String typeName )
{
return Utils.readFile( classPath + typeName.replace( '.',
File.separatorChar ) + .class );
}
This works that far. It worked completely in tomcat4.0.6.
Now, having switched to 5.0.18 something wired occued:
java.lang.ClassNotFound javax.mail.Address
we used to have mailapi.jar in common (including its dependencies) which
worked well.
Now with 5.0.18 these classes are not found anymore, but nothing was changed
inside the code.
Could you give me any hints?
Have you added the mail's jar file to your WEB-INF/lib or common/lib? If
not, then that's the problem. Tomcat 5 doesn't ship with the mail api.
-- Jeanfrancois
Thanks,
Steffen
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring connector (embedded)
Michael Mangeng wrote: Hi I´ve embedded tomcat within our application. In the embedded class (API-docs) is described: ... Call |createConnector()| to create at least one TCP/IP connector, and then call its property setters as desired. ... The problem is that the Connector interface ( http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/apache/catalina/Connector.html ) does not provide any setters for example the min/maxProcessors attribute. Do i have to upcast to the coyoteconnector to set these properties (my sense instructs me not to do this) or is there another way to do this (with the use of the createConnector method) ? Yes, you have too. Those parameters are specific to the CoyoteConnector. -- Jeanfrancois A setPropperty(String propertyName) method would be fine :-) greets, mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logger issues
Nathan Maves wrote: My webapp that is configured for logging work perfect on sun one app server but now nothing show up in the catalina.out on Tomcat 5. Any ideas? Humm...SunOne App Server uses Tomcat 5 and I don't remember fixing such problem when I integrated Tomcat 5 ;-) Are you sure your log level is correct? What are you doing exactly? -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What changed between 5.0.18 and 5.0.19?
Brandon Goodin wrote: I've looked through the release notes and various other files. But, I cannot find anything that actually shows a list of changes for the versions. Am I missing it? If not, then that seems pretty crucial to a release. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/changelog.html -- Jeanfrancois Thanks, Brandon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSO
rlipi wrote: Hi, I found that it is possible to set Single Sign On for all web aplications running in some Host. I do that according to this topic: http://www.ingrid.org/jajakarta/tomcat/tomcat-4.0b5/src/catalina/docs/si nglesignon.html#Security. And it also works on Tomcat 5. I welcome this feature. Nevertheless, by this way, it authenticates user to the ALL web applications. But I have a few of them where I need special authentication (for example manager or admin web application). Is it possible to configure Tomcat server: 1) to use SSO authentication for nearly all web aplication 2) to use specific authentication (Realm) for a few particular web aplications? Not with the current version since we don't support the notion of group/realm. But a patch will be welcome. I don't have any free time right now, but that will be nice to implement such feature in Tomcat 5. -- Jeanfrancois Thank You, Radek. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi !
On Tue, 27 Jan 2004 12:14:16 -0500, Jeanfrancois Arcand [EMAIL PROTECTED] escreveu:
De: Jeanfrancois Arcand [EMAIL PROTECTED]
Data: Tue, 27 Jan 2004 12:14:16 -0500
Para: Tomcat Users List [EMAIL PROTECTED]
Assunto: Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi all,
I know this is a little bit out of topic, but the general concept is useful for everybody.
I run tomcat with security manager for a dozen users. Recently, people started to use the hibernate 2 which requires some funky permissions.
I had to put these lines in the 'global' permission to make it work:
grant {
...
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.lang.RuntimePermission defineCGLIBClassInJavaPackage;
...
}
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the security manager.
Do you have the exception? Which Tomcat version are you using?
I'm using 4.1.29. The classes that hibernate creates dinamically are the ones that don't follow the codebase anymore, it's like they have a 'null' codebase after they are created.
Are there any security risks on a security setup with those 3 lines for all classes in the JVM ?
Yes. It will now allow a Servlet to load tomcat internal classes and
maybe do malicious things.
Right now, my clients don't have permissions to read the classes in /server/lib directory ( I don't give file io permission to this directory, only to /common/lib ). Would that be enough to stop these malicious things ?
Yes. But you should only grant those permission to the Hibernate jar
files, not the entire folder.
-- Jeanfrancois
-- Jeanfrancois
Thanks
Renato.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloading issue: common/lib/servlet-api.jar
Can you post the entire stack trace? This exception usually occurs when a doPrivileged block is missing (when -security). I will try to reproduce the problem since it is a bug in Tomcat. Do you have the same exception if you don't turn security on? What your servlet is trying to do? Thanks -- Jeanfrancois Guy Rouillier wrote: I found this message in the archives from Michael Duffy that is relevant to my question: When Tomcat starts, it assumes the CLASSPATH for your Web app consists of: (1) The rt.jar, of course, (2) All the JARs in TOMCAT_HOME/common/lib, which are visible to all apps, (3) All the JARs in the TOMCAT_HOME/server/lib, which are visible only to Tomcat, (4) All the JARs in your WEB-INF/lib, which are visible only to your app, (5) All the .class files in your WEB-INF/classes, which are visible only to your app. That's it. If your Web app needs a JAR, put it in the WEB-INF/lib and you should be all set. - MOD My page (which is running with a security manager, i.e, -security) is getting the following error (partial stack trace): java.lang.NoClassDefFoundError: javax/servlet/http/HttpSessionBindingListener at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:537) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123 ) I found that common/lib/servlet-api.jar contains this class, and if I manually add it to the classpath (by editing catalina.sh), my page will then work. According to the note above, all jars on common/lib should be automatically available to my pages. I haven't touched catalina.properties. Any idea why this jar is not being picked up automatically out of common/lib? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Hibernate2 + Security Manager
Webmaster wrote:
Hi all,
I know this is a little bit out of topic, but the general concept is useful for everybody.
I run tomcat with security manager for a dozen users. Recently, people started to use the hibernate 2 which requires some funky permissions.
I had to put these lines in the 'global' permission to make it work:
grant {
...
permission java.lang.RuntimePermission accessDeclaredMembers;
permission java.lang.reflect.ReflectPermission suppressAccessChecks;
permission java.lang.RuntimePermission defineCGLIBClassInJavaPackage;
...
}
Note: I DID test using a codebase like:
grant codeBase file:/home//client/public_html/WEB-INF/lib/hibernate2.jar!/- {
but the classes hibernate creates after reflection stop obeying the security manager.
Do you have the exception? Which Tomcat version are you using?
Are there any security risks on a security setup with those 3 lines for all classes in the JVM ?
Yes. It will now allow a Servlet to load tomcat internal classes and
maybe do malicious things.
-- Jeanfrancois
Thanks
Renato.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloading issue: common/lib/servlet-api.jar
Guy Rouillier wrote: Jeanfrancois Arcand wrote: Can you post the entire stack trace? This exception usually occurs when a doPrivileged block is missing (when -security). I will try to reproduce the problem since it is a bug in Tomcat. Jeanfrancois, I'll include the entire stack trace at the bottom on this message. Before spending time on this, let me get ahold of the jars this page uses and recompile them with the Tomcat 5 servlet jars. Yoav gave me the impression that version differences between compile and run time can cause this error. If that doesn't make this go away, I'll report back again. Thanks for your offer. Do you have the same exception if you don't turn security on? What your servlet is trying to do? Yes, I see the same thing without -security. Not clear on why it would still be using a SecureClassloader if I'm not running with -security. OK, then Yoav's recommendation is the way to go since doPrivileged block is not required when there is no security manager. -- Jeanfrancois Thanks -- Jeanfrancois Guy Rouillier wrote: I found this message in the archives from Michael Duffy that is relevant to my question: When Tomcat starts, it assumes the CLASSPATH for your Web app consists of: (1) The rt.jar, of course, (2) All the JARs in TOMCAT_HOME/common/lib, which are visible to all apps, (3) All the JARs in the TOMCAT_HOME/server/lib, which are visible only to Tomcat, (4) All the JARs in your WEB-INF/lib, which are visible only to your app, (5) All the .class files in your WEB-INF/classes, which are visible only to your app. That's it. If your Web app needs a JAR, put it in the WEB-INF/lib and you should be all set. - MOD My page (which is running with a security manager, i.e, -security) is getting the following error (partial stack trace): java.lang.NoClassDefFoundError: javax/servlet/http/HttpSessionBindingListener at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:537) at java.security.SecureClassLoader.defineClass(SecureClassLoader .java:123 ) I found that common/lib/servlet-api.jar contains this class, and if I manually add it to the classpath (by editing catalina.sh), my page will then work. According to the note above, all jars on common/lib should be automatically available to my pages. I haven't touched catalina.properties. Any idea why this jar is not being picked up automatically out of common/lib? Thanks. Stack trace java.lang.NoClassDefFoundError: javax/servlet/http/HttpSessionBindingListener at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:537) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123) at java.net.URLClassLoader.defineClass(URLClassLoader.java:251) at java.net.URLClassLoader.access$100(URLClassLoader.java:55) at java.net.URLClassLoader$1.run(URLClassLoader.java:194) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:187) at java.lang.ClassLoader.loadClass(ClassLoader.java:289) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader .java:1296) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader .java:1230) at org.apache.jasper.servlet.JasperLoader$1.run(JasperLoader.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:174) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:110) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at org.apache.jsp.scc.myservices.html.mpm_jsp._jspService(mpm_jsp.java:841) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:133) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.ja va:311) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:301) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:248) at javax.servlet.http.HttpServlet.service(HttpServlet.java:856) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:284) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:500) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.jav a:200
Re: Tomcat 5 for production?
Candyman wrote: Tomcat 5.0.18 more stable than 16, but it still have a lot of errors and bugs. He! before making such statement, can you dress a list of lot of errors and bugs? Your statement is completely wrong. There is not a lot of errors and bugs: http://nagoya.apache.org/bugzilla/buglist.cgi?bug_status=NEWbug_status=ASSIGNEDbug_status=REOPENEDemail1=emailtype1=substringemailassigned_to1=1email2=emailtype2=substringemailreporter2=1bugidtype=includebug_id=changedin=votes=chfieldfrom=chfieldto=Nowchfieldvalue=product=Tomcat+5short_desc=short_desc_type=allwordssubstrlong_desc=long_desc_type=allwordssubstrbug_file_loc=bug_file_loc_type=allwordssubstrkeywords=keywords_type=anywordsfield0-0-0=nooptype0-0-0=noopvalue0-0-0=cmdtype=doitorder=Reuse+same+sort+as+last+time -- Jeanfrancois If somebody will ask me I will recommend Jboss for the same purposes. Hello, Katz. 19 2004 ., 5:54:18 you wrote: KG Hi; KG I am a bi confused. KG It the current release of 5.0.16 stable a production ready release? KG If not, when could we expect a tomcat 5.x which is ready for production. KG P.S: when I say ready for production I think of non beta and ok with KG licensing. (never mind the bugs) KG Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.HttpRequest.setRequestURI() and valves
Green, Jeffrey wrote: Hello all. Using valves in Tomcat 4, we successfully managed to intercept requests to specific contexts and direct them elsewhere. For example, we could intercept all requests to /SECRETWEBAPP and redirect them to /. In order to accomplish this, we used valves which would call setRequestURI(/) on all requests that were prefixed with /SECRETWEBAPP. Unfortunately, this technique no longer seems to work with Tomcat 5. Does anyone know if anything changed regarding such usage of this method or if there is a better way to do this? Yes, the HTTP Mapper has been completely re-written. The mapping occurs *before* entering the pipeline (valve) instead of *after* in Tomcat 4. You may want to try a re-direct instead. Something like: if ( bla bla) hresponse.sendRedirect( hresponse.encodeRedirectURL(/)); -- Jeanfrancois Thanks. -- This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: -security with 5.0.16 doesn't work
Marten Lehmann wrote:
Hello,
I was setting fine grained permissions to my webapp, but always an
exception was thrown. So I tried to use
grant {
permission java.security.AllPermission;
};
but even with that, my application doesn't run (which it does without
-security). When calling the site, I get:
javax.servlet.ServletException: Servlet.init() for servlet action
threw exception
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:509)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:805)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:696)
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
java.lang.Thread.run(Thread.java:568)
root cause
java.lang.SecurityException: java.lang.reflect.InvocationTargetException
javax.security.auth.Subject$5.run(Subject.java:733)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.createContext(Subject.java:717)
javax.security.auth.Subject.doAsPrivileged(Subject.java:708)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:306)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:200)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:153)
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:509)
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:805)
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:696)
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
java.lang.Thread.run(Thread.java:568)
catalina.log says:
INFO: Server startup in 8985 ms
StandardWrapperValve[action]: Allocate exception for servlet action
javax.servlet.ServletException: Servlet.init() for servlet action
threw exception
javax.servlet.ServletException: Servlet.init() for servlet action
threw exception
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1086)
at
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:186)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:245)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:199)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:509)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:195)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:164)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:149)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:156)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:151)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:972)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:211)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:805)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:696)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:605)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:677)
at java.lang.Thread.run(Thread.java:568)
I really don't have an idea
Re: org.apache.catalina.HttpRequest.setRequestURI() and valves
Green, Jeffrey wrote: Aaah. I see. Unfortunately sendRedirect() does not work at the valve level. That's not true ;-) SunOne AppServ is using that technique :-) Why are you saying it doesn't work at the valve level? I could use that solution only if I implemented the redirect for each specific webapp, but this is a bit too much code duplication to be productive / condusive to change. Why? It depends where you put the valve? Remember you can also place your valve at the engine level. It seems that this decision has crippled some of Tomcat's functionality - whereas before, I could redirect requests across a whole host, now I can only do that per webapp. Was anything else implemented to achieve such functionality instead? Yes, by using the mapper directly. But that's a lot of works (you need to understand how the mapper works, etc.). The main object to look at is MappingData where the result of the mapping is stored. -- Jeanfrancois Thanks again. -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 11:21 AM To: Tomcat Users List Subject: Re: org.apache.catalina.HttpRequest.setRequestURI() and valves Green, Jeffrey wrote: Hello all. Using valves in Tomcat 4, we successfully managed to intercept requests to specific contexts and direct them elsewhere. For example, we could intercept all requests to /SECRETWEBAPP and redirect them to /. In order to accomplish this, we used valves which would call setRequestURI(/) on all requests that were prefixed with /SECRETWEBAPP. Unfortunately, this technique no longer seems to work with Tomcat 5. Does anyone know if anything changed regarding such usage of this method or if there is a better way to do this? Yes, the HTTP Mapper has been completely re-written. The mapping occurs *before* entering the pipeline (valve) instead of *after* in Tomcat 4. You may want to try a re-direct instead. Something like: if ( bla bla) hresponse.sendRedirect( hresponse.encodeRedirectURL(/)); -- Jeanfrancois Thanks. --- --- This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: org.apache.catalina.HttpRequest.setRequestURI() and valves
Green, Jeffrey wrote: Regarding the last post on this topic: 1) sendRedirect() doesn't seem to work because ValveBase's invoke() method takes an org.apache.catalina.Response object and that class has no sendRedirect() method. Am I missing something here? Yes :-) Downcast the object to ((HttpServletResponse)response).sendRedirect(...) 2) if I put the valve at the engine level, will it be invoked before the Mapper, allowing me to call setRequestURI()? No. 3) that looks as you say, to be no trivial task, so I'll avoid it. I really think sendRedirect is a way you should explore Thanks again for the responses. -- Jeanfrancois Aaah. I see. Unfortunately sendRedirect() does not work at the valve level. That's not true ;-) SunOne AppServ is using that technique :-) Why are you saying it doesn't work at the valve level? I could use that solution only if I implemented the redirect for each specific webapp, but this is a bit too much code duplication to be productive / condusive to change. Why? It depends where you put the valve? Remember you can also place your valve at the engine level. It seems that this decision has crippled some of Tomcat's functionality - whereas before, I could redirect requests across a whole host, now I can only do that per webapp. Was anything else implemented to achieve such functionality instead? Yes, by using the mapper directly. But that's a lot of works (you need to understand how the mapper works, etc.). The main object to look at is MappingData where the result of the mapping is stored. -- Jeanfrancois Thanks again. -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: Thursday, January 15, 2004 11:21 AM To: Tomcat Users List Subject: Re: org.apache.catalina.HttpRequest.setRequestURI() and valves Green, Jeffrey wrote: Hello all. Using valves in Tomcat 4, we successfully managed to intercept requests to specific contexts and direct them elsewhere. For example, we could intercept all requests to /SECRETWEBAPP and redirect them to /. In order to accomplish this, we used valves which would call setRequestURI(/) on all requests that were prefixed with /SECRETWEBAPP. Unfortunately, this technique no longer seems to work with Tomcat 5. Does anyone know if anything changed regarding such usage of this method or if there is a better way to do this? Yes, the HTTP Mapper has been completely re-written. The mapping occurs *before* entering the pipeline (valve) instead of *after* in Tomcat 4. You may want to try a re-direct instead. Something like: if ( bla bla) hresponse.sendRedirect( hresponse.encodeRedirectURL(/)); -- Jeanfrancois Thanks. -- - --- This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- --- This message is intended only for the personal and confidential use of the designated recipient(s) named above. If you are not the intended recipient of this message you are hereby notified that any review, dissemination, distribution or copying of this message is strictly prohibited. This communication is for information purposes only and should not be regarded as an offer to sell or as a solicitation of an offer to buy any financial product, an official confirmation of any transaction, or as an official statement of Lehman Brothers. Email transmission cannot be guaranteed to be secure or error-free. Therefore, we do not represent that this information is complete or accurate and it should not be relied upon as such. All information is subject to change without notice
Re: WAS: tomcat 5.0.16 Replication
BTW you can get the nightly build here: http://cvs.apache.org/builds/jakarta-tomcat-5/nightly/ Instead of building tomcat from scratch :-) -- Jeanfrancois [EMAIL PROTECTED] wrote: That sounds good. I'll get the CVS head and check this out. We won't really put much stress on those server for a while, but as long as the behavior is the same. I buy! :) btw: is there a pool config or is it hardcoded for now? Thanks again Filip. Jean-Philippe Belanger Filip Hanik wrote: Steve and Jean-Philippe, I've been working on some more replication stuff and made a major change that I think you might want to use. I have added a third configuration to the parameter replicationMode, replicationMode=pooled With this setting it still is synchronized replication, but uses a pool of sockets to replicate the data. It improves performance a lot. Try it out, and let me know how it works for you You will notice the improvement under load. of course, get latest from cvs first Filip -Original Message- From: Steve Nelson [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 12:05 PM To: 'Tomcat Users List' Subject: RE: tomcat 5.0.16 Replication Hrmmm, perhaps I should reboot using the non-SMP kernel and try it. I'll have to do that when I get back to the servers. -Original Message- From: Steve Nelson [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 2:04 PM To: 'Tomcat Users List' Subject: RE: tomcat 5.0.16 Replication uname -a machine #1) Linux draco 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux machine #2) Linux scorpio 2.4.20-8smp #1 SMP Thu Mar 13 17:45:54 EST 2003 i686 i686 i386 GNU/Linux java -version: java version 1.4.2_03 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02) Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode) same on both -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 1:56 PM To: Tomcat Users List Subject: RE: tomcat 5.0.16 Replication [EMAIL PROTECTED] bin]# uname -a Linux rh9 2.4.20-8 #1 Thu Mar 13 17:54:28 EST 2003 i686 i686 i386 GNU/Linux [EMAIL PROTECTED] bin]# java -version java version 1.4.2_03 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_03-b02) Java HotSpot(TM) Client VM (build 1.4.2_03-b02, mixed mode) -Original Message- From: Steve Nelson [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 11:05 AM To: 'Tomcat Users List' Subject: RE: tomcat 5.0.16 Replication sun JDK 1.4.2 for Linux Kernel 2.4.20-8smp Tomcat 5.0.16 with catalina-cluster.jar from CVS head Hrmmmare yours SMP servers? Could be something odd with synch if that is the case. -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 1:01 PM To: Tomcat Users List Subject: RE: tomcat 5.0.16 Replication interesting, mine doesn't work at all unless I set the LD_ASSUME_KERNEL what VM (version and name) are you using? Filip -Original Message- From: Steve Nelson [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 10:59 AM To: 'Tomcat Users List' Subject: RE: tomcat 5.0.16 Replication Now that's really very strange. I am running RH9 and everything seems to go through just fine. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 12:56 PM To: Tomcat Users List Subject: Re: tomcat 5.0.16 Replication The replication message ACK never get back to the sender. So my webpages never loads without that flag. I think it is only needed under REDHAT 9. Jean-Philippe Bélanger Steve Nelson wrote: I don't seem to need the ld_assume_kernel thing. What are the symptoms when it is required? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, January 09, 2004 12:33 PM To: Tomcat Users List Subject: Re: tomcat 5.0.16 Replication Just tried the CVS head and everything works with any CPU going crazy! only if ld_assume_kernel is set to 2.4 One more question for you Filip, is the useDirtyFlag working at all? It seams like even if it's set to true, the whole session gets replicated after each request. :( Jean-Philippe [EMAIL PROTECTED] wrote: Hurray for Fillip! :) I'll get the CVS head for the module today and test this out. Happy to see that it got fixed that quickly! Thanks again and I'll let you know how it goes Jean-Philippe Filip Hanik wrote: Jean-Philippe and Steve, I fixed the bug, and tried replication on RH9. Immediately it didn't work. The problem is that when RH9 tries to write the ACK back to the NIO socket, it never reaches the other node. and times out after a long time. I set LD_ASSUME_KERNEL=2.4 and it started to work Filip -Original Message- From: Filip Hanik [mailto:[EMAIL PROTECTED] Sent: Thursday, January 08, 2004 6:43 PM To: Tomcat Users List Subject: RE: tomcat 5.0.16 Replication ok guys, good news. The 100% cpu is totally my fault. I messed up on that one. I was
Re: java.security.AccessControlException
thuret olivier wrote:
no thanks i see my error i'm a noobie ..
Have you fixed your problem?
-- Jeanfrancois
- Original Message -
From: thuret olivier [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Friday, January 09, 2004 5:00 PM
Subject: java.security.AccessControlException
hello,
i'm problem with my tomcat 5.0.16.
i have a error message when tomcat start with the following message :
java.security.AccessControlException: access denied (java.io.FilePermission
C:\Tomcat\webapps\V2\WEB-INF\classes\mx4j\tools\naming\NamingService.class
read)
at java.security.AccessControlContext.checkPermission(Unknown
Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkRead(Unknown Source)
at java.io.File.exists(Unknown Source)
at
org.apache.naming.resources.FileDirContext.file(FileDirContext.java:873)
at
org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:255)
at
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:334)
at
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClas
sLoader.java:1726)
at
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLo
ader.java:1594)
at
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.jav
a:883)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1333)
at
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1213)
at java.lang.ClassLoader.loadClassInternal(Unknown Source)
at
test.maclasse.database.rmi.ReloadCacheEngine.startServerRmi(ReloadCacheEngin
e.java:83)
at test.maclasse.servlet.Init.init(ClientVersion.java:56)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:10
44)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:887)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
3948)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4271)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1125)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:816)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1125)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:518)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2343)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)
Caused by: java.lang.RuntimeException: access denied
(java.util.PropertyPermission catalina.base read)
at
org.apache.catalina.core.ApplicationContextFacade.doPrivileged(ApplicationCo
ntextFacade.java:489)
at
org.apache.catalina.core.ApplicationContextFacade.log(ApplicationContextFaca
de.java:315)
at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:10
81)
at
org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:887)
at
org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:
3948)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4271)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1125)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:816)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1125)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:518)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2343)
at org.apache.catalina.startup.Catalina.start(Catalina.java:581)
... 6 more
i modified the catalina.policy (WEB APPLICATION PERMISSIONS) to :
grant {
Re: Custom-Principal
anis wrote: Hi, I am using JBoss 3.2.3 with embedded Tomcat 4. I am developping a secure web-application based on JAAS. The problem is that I want to use my own custom Principal. I made the necessary changes in JBoss and EJBContext.getUserprincopal delivers the right Implementation. But when I call request.getUserprincipal() in my servlet, I get don´t !! Why doesn´t tomcat use the defined custom Principal? How to set this? You can't unless you create your own Realm (see: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/realm.html), but It may interfere with JBoss internal behaviour ( I don't know how JBoss works) -- Jeanfrancois Please help as soon as possible !!! Best regards anis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Persistent User Login
J2EE 1.4 SDK (which contains Tomcat 5) uses the Single Sign on feature and it is working fine. So just add the SingleSignOn valve in your server.xml. -- Jeanfrancois Chris Ward wrote: Hi, I was asking about this subject on this list a while back http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg111700.h tml but I've not managed to get it working yet. In short. I'm working on an intranet application and I want my users to only have to log in once. If they start a new browser session it should pick up their details and not ask them to log in. I expect the username/password should live in a persistent cookie, and I've been using FORM based authentication on Tomcat 4.1.23. I've spent days faffing about with redirects from servlets to j_security_check (which has never worked for me) and filters on / etc. etc. etc. I came back to this today and played with Single Sign-on and Persistent sessions in the hope that might do it. Does anyone out there have this working? Best regards Chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: cannot get Filters to work with Tomcat 5.0.16
To be sure your web.xml is correct, turn xml validation on. In server.xml, replace: Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false by Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=true xmlNamespaceAware=true That may help next time you see such problem. -- Jeanfrancois Patrick Scheuerer wrote: Shapira, Yoav wrote: Howdy, OK, now that's the 3rd different version of the filter elements in your web.xml ;) You shouldn't have both servlet-name and url-pattern children of filter-mapping, only one of them. I tried to add the filters with the Struts Studio Web Deployment Editor just as another test. It's quite interesting: Struts Studio tells me that servlet-name is required. But in the DTD it says servlet-url OR servlet-name. So i guess that's a bug in Struts Studio. It also put the empty servlet-name element there although left the field blank... Anyway, I tried it with the correct version like this filter filter-nameUserFilter/filter-name filter-classch.ctc.support.common.UserFilter/filter-class /filter filter filter-nameAdminFilter/filter-name filter-classch.ctc.support.common.AdminFilter/filter-class /filter filter-mapping filter-nameUserFilter/filter-name url-pattern/*/url-pattern /filter-mapping filter-mapping filter-nameAdminFilter/filter-name url-pattern/admin/*/url-pattern /filter-mapping - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help in Tomcat 5.0
Read: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/index.html Then ask more technical questions (make sure you search the list first) -- Jeanfrancois Rahul Toraskar wrote: Hi, I am new to Tomcat env. I am using Tomcat 5.0 with Oracle 8.1.7 on Windows 2000 Platform. Earlier i was working on Weblogic 5.1 Platform. I want to port my application from Weblogic 5.1 to Tomcat 5.0. I need help in setting of server.xml, web.xml and oracle pool settings etc. So can anyone help me in that? Please reply back ASAP. Thanks in anticipation, Rahul Toraskar. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: looking for a progamer
FRANCOIS Dufour wrote: near off mtl for a couple hour off work ill pay 40$ an hour ..and I was under the impression my english was bad ;-) mtl = Montreal and you are probably looking for a JSP/Servlet expert, not a Tomcat programmer. Va voir sur Jobboom ou Monster.ca/fr et rediges ton message en francais :-) -- Jeanfrancois [EMAIL PROTECTED] crazy-wilys webmaster _ MSN Search, le moteur de recherche qui pense comme vous ! http://fr.ca.search.msn.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: permission problem
Algirdas M. wrote:
Hello,
I've edited catalina.policy and added line:
grant codeBase file:${catalina.home}/webapps/vvv/WEB-INF/lib/- {
permission java.security.AllPermission;
};
restarted Tomcat. And when I'm running an application from
vvv/WEB-INF/lib, I'm still becoming exception:
Unable to connect to any hosts due to exception:
java.security.AccessControlException: access denied
(java.net.SocketPermission 111.101.68.165:3306 connect,resolve)
Which Tomcat version are you using?
Try adding the jar file name instead of granting the entire directory.
-- Jeanfrancois
Why it doesn't work?
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Security Policy
Kwok Peng Tuck wrote: Hi list , With regards to the security manager in tomcat, is it possible to ship a policy file with each webapp ? No it is not. You have to put those permission in catalina.policy. -- Jeanfrancois - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TC5 + SSL: Keystore password bound to default changeit?
Baer Peter Christoph Alexander wrote: Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah: Remy Maucherat wrote: Baer Peter Christoph Alexander wrote: Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? I didn't test that particular feature myself, but I believe this works ok. The way connectors parameters (and in particular SSL parameters) are defined changed in TC 5.0.x. Look there: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html There's the SSL howto also. Also, you might want to make sure that the password of your *target key* matches your keystore password. I'm not sure how that plays out in tomcat world, but I can see that to be a problem if the server assumes the key's password to be the same as that of the keystore. Thoughts Just an idea server.xml is an XML file. It used to be XML in TC4, and it ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T stylesheet converting old config files into newer formats? That would considerably ease migration/upgrade pains... /Just an idea Yes, it could. You're more than Welcome to submit a patch :-) Just an idea If we had an XML schema definition (be it W3C XML schema, Relax NG or whatever), an XML editor like Pollo or XML Spy could validate the config file. This would help to avoid and reveal mistakes and thus speed up Tomcat configuration... /Just an idea Just search that list on the topic ;-) It is not possible at the moment to have a DTD or schema for the server.xml (due to its complexity). If you have time and think you can come with something, a second patch is welcome! -- Jeanfrancois /Thoughts Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange output in localhost_log
You probably have some left over from an unsucessful deployment. This exception means the Context(your app) wasn't started properly and Tomcat is now trying to stop it. -- Jeanfrancois Luc Foisy wrote: First, what would cause this output in my localhost_log file? Is this a tomcat shutdown? 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /admin 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /webdav 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /qbsottweblive2 2003-12-09 21:09:36 StandardHost[localhost]: ContainerBase.removeChild: stop: LifecycleException: Container StandardContext[/qbsottweblive2] has not been started at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3643) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:1036) at org.apache.catalina.core.StandardHostDeployer.remove(StandardHostDeployer.java:420) at org.apache.catalina.core.StandardHost.remove(StandardHost.java:852) at org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:919) at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:899) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:370) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1221) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1233) at org.apache.catalina.core.StandardService.stop(StandardService.java:554) at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2224) at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:624) 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /qbsottweblive 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /tomcat-docs 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /quicktrack 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /quick 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /portalbackup 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /manager Second, what would cause this output in my localhost_log file? 2003-12-07 12:55:26 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-07 14:06:26 StandardHost[localhost]: MAPPING configuration error for request URI /mstshash=cmpherson 2003-12-07 19:39:57 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-07 20:09:48 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 00:48:25 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 04:38:39 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 07:44:43 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 07:44:43 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 10:18:06 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 11:05:12 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 13:23:20 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 13:26:35 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 13:26:35 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 14:15:17 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 14:15:17 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 14:43:52 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-10 07:54:12 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-10 07:54:12 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-10 09:00:28 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: strange output in localhost_log
Luc Foisy wrote: It wasn't actually the exception I was concerned about. It was the fact that it appears that tomcat is shuting down (is that what it looks like?) when its completely not expected to. Are you running with a security manager? Tomcat die or shutdown properly? As well I was concerned over the second set of log entries, what is this MAPPING thing, and why would it be refering to those things, none of those files exist. Yes, but it seems you receiving request for thoses. Can this be indication that someone is trying to get to those things some how, or are they normal tomcat log entries for some strange reason? Like that. -- Jeanfrancois -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 9:33 AM To: Tomcat Users List Subject: Re: strange output in localhost_log You probably have some left over from an unsucessful deployment. This exception means the Context(your app) wasn't started properly and Tomcat is now trying to stop it. -- Jeanfrancois Luc Foisy wrote: First, what would cause this output in my localhost_log file? Is this a tomcat shutdown? 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /admin 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /webdav 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /qbsottweblive2 2003-12-09 21:09:36 StandardHost[localhost]: ContainerBase.removeChild: stop: LifecycleException: Container StandardContext[/qbsottweblive2] has not been started at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3643) at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:1036) at org.apache.catalina.core.StandardHostDeployer.remove(StandardHostDeployer.java:420) at org.apache.catalina.core.StandardHost.remove(StandardHost.java:852) at org.apache.catalina.startup.HostConfig.undeployApps(HostConfig.java:919) at org.apache.catalina.startup.HostConfig.stop(HostConfig.java:899) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:370) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1221) at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1233) at org.apache.catalina.core.StandardService.stop(StandardService.java:554) at org.apache.catalina.core.StandardServer.stop(StandardServer.java:2224) at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:624) 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /qbsottweblive 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /tomcat-docs 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /quicktrack 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /quick 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /portalbackup 2003-12-09 21:09:36 StandardHost[localhost]: Removing web application at context path /manager Second, what would cause this output in my localhost_log file? 2003-12-07 12:55:26 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-07 14:06:26 StandardHost[localhost]: MAPPING configuration error for request URI /mstshash=cmpherson 2003-12-07 19:39:57 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-07 20:09:48 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 00:48:25 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 04:38:39 StandardHost[localhost]: MAPPING configuration error for request URI /robots.txt 2003-12-09 07:44:43 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 07:44:43 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 10:18:06 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 11:05:12 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 13:23:20 StandardHost[localhost]: MAPPING configuration error for request URI /favicon.ico 2003-12-09 13:26:35 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 13:26:35 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 14:15:17 StandardHost[localhost]: MAPPING configuration error for request URI /_vti_bin/owssvr.dll 2003-12-09 14:15:17 StandardHost[localhost]: MAPPING configuration error for request URI /MSOffice/cltreq.asp 2003-12-09 14:43:52 StandardHost[localhost
Re: XSL-T migration stylesheet [was: RE: TC5 + SSL: Keystore password bound to default changeit?]
Baer Peter Christoph Alexander wrote: Hi Jeanfrancois, not that I want to deny my responsibility. If I felt being able to do one of the patches, I would not hesitate. I wouldn't post my thoughts here, but the ready-made patches instead, of course. ;-) But: I think the only persons who really have the knowledge required to create a migration stylesheet are the Tomcat developers, as they are the only persons knowing what tags there actually are, and how they were changed over the time. People like me could derive this kind of information from a DTD or schema, but there is none... Vicious circle, here! ;-) But I'll think about starting the XSL-T migration thing. Maybe we can persuade the Tomcat developers to add there wisdom. In fact, I think, it would be possible to start very simple. The migration wouldn't be completely done by the stylesheet, but some conversion would already be done automatically, that has not to be done by hand. Like removing Factory tags and changing attribute name Protocol to sslProtocol. What do you think? Do you think it could be done, and lead to a really useful result? I'm optimistic, but I'm only a Tomcat user, not a Tomcat developer, and so I might overlook the big rock right in my way... ;-) Yes, it could be done, but that needs a lot of works and as a developper, I have more critical things to do right now (and I'm sure most of the developper has). But I agree, we are very bad sometimes when user experience come into the picture (or I'm very bad...). -- Jeanfrancois Regards Alex -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 10, 2003 3:21 PM To: Tomcat Users List Cc: Ankur Shah Subject: Re: TC5 + SSL: Keystore password bound to default changeit? Baer Peter Christoph Alexander wrote: Am Dienstag, 9. Dezember 2003 20:54 schrieb Ankur Shah: Remy Maucherat wrote: Baer Peter Christoph Alexander wrote: Hi! I have a question about something, I observe, but don't want to believe... ;-) Tomcat 5 can use my keystore, but only if the password is changeit, the default password. Now, the docs say, one should use this, but with TC 4.0.6 it was possible to change it. Is the password hard coded in TC 5? I didn't test that particular feature myself, but I believe this works ok. The way connectors parameters (and in particular SSL parameters) are defined changed in TC 5.0.x. Look there: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/coyote.html There's the SSL howto also. Also, you might want to make sure that the password of your *target key* matches your keystore password. I'm not sure how that plays out in tomcat world, but I can see that to be a problem if the server assumes the key's password to be the same as that of the keystore. Thoughts Just an idea server.xml is an XML file. It used to be XML in TC4, and it ist still XML in TC5. Shouldn't it be possible, then, to write an XSL-T stylesheet converting old config files into newer formats? That would considerably ease migration/upgrade pains... /Just an idea Yes, it could. You're more than Welcome to submit a patch :-) Just an idea If we had an XML schema definition (be it W3C XML schema, Relax NG or whatever), an XML editor like Pollo or XML Spy could validate the config file. This would help to avoid and reveal mistakes and thus speed up Tomcat configuration... /Just an idea Just search that list on the topic ;-) It is not possible at the moment to have a DTD or schema for the server.xml (due to its complexity). If you have time and think you can come with something, a second patch is welcome! -- Jeanfrancois /Thoughts Regards Alex - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TC 4 -oreillyMultipart- TC5
3 methods has been added to HttpServletRequest: public int getRemotePort() public java.lang.String getLocalName() public java.lang.String getLocalAddr() public int getLocalPort() See section SRV.1.6.2 Be aware that this addition causes source incompatibility in some cases, such as when a developer implements the ServletRequest interface. In this case, ensure that all the new methods are implemented. That probably not related, but just double check to be sure. -- Jeanfrancois Dirk Griesbach wrote: Hi folks, I encountered a strange behaviour using 'oreilly's' multipartlibary (from Nov,2002): It works fine on TC 4.1.27 but exactly the same servlet and library with TC 5.0.12 and 5.0.14 (just copied them) the error log reads: java.lang.IllegalAccessError: tried to access method com.oreilly.servlet.multipart.Part.init(Ljava/lang/String;)V from class com.oreilly.servlet.multipart.ParamPart Class 'Part' IS public, so why this error on TC5 ? And no error on TC 4 ? Any suggestions ? greets grisi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: endorsed directory
See http://java.sun.com/j2se/1.4.1/docs/guide/standards/ -- Jeanfrancois Basavaraju P. Banakar [SLK-India] wrote: Hey all, I found from the tomcat users list that xalan.jar has to be placed in the ..\common\endorsed folder. but i could'nt find reason behind that... could someone help in understanding this please.. This might not be the right place to ask this question but might be releated with the above reason... Why do we need to create endorsed directory? Thanks, Basu. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to install new version of application (war file)
See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/deployer-howto.html -- Jeanfrancois Rainer Stransky wrote: What is the common way to install a new version of a war file ? My experience is, that I have to stop tomcat, delete the .../webapps/app_dir copy a new app_dir.war to .../webapps and start tomcat. But this is not appropriate on a production system. I do not want to restart tomcat. What will be a better solution ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: servlet redeploy
See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/manager-howto.html [ and search the list before asking :-) ] -- Jeanfrancois Kumar, Sumit wrote: Hello, I am running tomcat 4.1. Can I deploy the servlet after my servlet code has changed without restarting the server. I am running Tomcat in stand-alone mode. -sumit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 vs Tomcat 5 and MIME settings
Bill Barker has already fixed this: org.apache.coyote.Response revision 1.31 date: 2003/11/16 05:20:23; author: billbarker; state: Exp; lines: +10 -3 Restore the ability to explicitly set the charset to iso-latin-1. Download the latest Tomcat 5 source and try it. -- Jeanfrancois Stephen Thomas wrote: Hi, I must apologise, I've never used these types of systems before and have sent this email to a couple of addresses. I am a developer of Voice applications. I use the Tomcat servlet engine to host my applications which are then fetched from the voice server. I am currently having an issue with Tomcat 5 and 'content-type'. The voice server can play .vox files and I fetch such a file from Tomcat 5 and get the following header: lwp-request -d -e http://10.100.1.113:8080/test/soxTest1.vox Connection: close Date: Mon, 01 Dec 2003 09:30:03 GMT Server: Apache-Coyote/1.1 Content-Length: 8130 Content-Type: audio/x-vox;charset=ISO-8859-1 ETag: W/8130-1069965466970 Last-Modified: Thu, 27 Nov 2003 20:37:46 GMT Client-Date: Mon, 01 Dec 2003 09:29:38 GMT Client-Peer: 10.100.1.113:8080 I have added the following lines to web.xml mime-mapping extensionvox/extension mime-typeaudio/x-vox/mime-type /mime-mapping The file fails to play because of the charset being appended to the 'content-type'. When I host the application and .vox file on Tomcat 4 I can play the file as the content-type is returned as only 'audio/x-vox'. Please could you help me as I'd rather use Tomcat 5 but this issue is currently stopping me. Thanks in advance, Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 vs Tomcat 5 and MIME settings
Stephen Thomas wrote: Does this mean it will still return a charset? I don't need any charset returned. Now, you won't get the charset unless you ask for it (so no more Content-Type: image/gif; charset=iso-8859-1 ). However, if you call response.setCharacterEncoding(iso-9959-1), you now get it in the response. I will continue using Tomcat 4.1.27 until the fixed release of 5 is stable. Will be released soon. -- Jeanfrancois Thanks, Steve -Original Message- From: Jeanfrancois Arcand [mailto:[EMAIL PROTECTED] Sent: 01 December 2003 17:54 To: Tomcat Users List Subject: Re: Tomcat 4 vs Tomcat 5 and MIME settings Bill Barker has already fixed this: org.apache.coyote.Response revision 1.31 date: 2003/11/16 05:20:23; author: billbarker; state: Exp; lines: +10 -3 Restore the ability to explicitly set the charset to iso-latin-1. Download the latest Tomcat 5 source and try it. -- Jeanfrancois Stephen Thomas wrote: Hi, I must apologise, I've never used these types of systems before and have sent this email to a couple of addresses. I am a developer of Voice applications. I use the Tomcat servlet engine to host my applications which are then fetched from the voice server. I am currently having an issue with Tomcat 5 and 'content-type'. The voice server can play .vox files and I fetch such a file from Tomcat 5 and get the following header: lwp-request -d -e http://10.100.1.113:8080/test/soxTest1.vox Connection: close Date: Mon, 01 Dec 2003 09:30:03 GMT Server: Apache-Coyote/1.1 Content-Length: 8130 Content-Type: audio/x-vox;charset=ISO-8859-1 ETag: W/8130-1069965466970 Last-Modified: Thu, 27 Nov 2003 20:37:46 GMT Client-Date: Mon, 01 Dec 2003 09:29:38 GMT Client-Peer: 10.100.1.113:8080 I have added the following lines to web.xml mime-mapping extensionvox/extension mime-typeaudio/x-vox/mime-type /mime-mapping The file fails to play because of the charset being appended to the 'content-type'. When I host the application and .vox file on Tomcat 4 I can play the file as the content-type is returned as only 'audio/x-vox'. Please could you help me as I'd rather use Tomcat 5 but this issue is currently stopping me. Thanks in advance, Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JPDA_ADDRESS default in catalina.sh is 8000, but jdbconnin catalina.bat
I suspect you need to add something like JPDA_Connector=SharedMemoryAttach. I'm using Netbean and that's very easy using the current catalina.bat setting. You maybe want to ask the question to JSwat peoples since they probably know how to to that on win2k. -- Jeanfrancois. Wendy Smoak wrote: catalina.bat defaults to: JPDA_TRANSPORT=dt_shmem JPDA_ADDRESS=jdbconn I was not able to get JSwat to attach to Tomcat (4.1.20 on Win2000) using these settings, mostly because when I try to attach with a transport type of shared memory, it wants a shared name and I can't figure out what to type in that box. catalina.sh defaults to: JPDA_TRANSPORT=dt_socket JPDA_ADDRESS=8000 These settings worked on Win2000, JSwat connects to localhost at port 8000 and debugging works fine. Do most people debugging on Windows use the shared memory option? If I want to use it, and I start tomcat with 'catalina.bat jpda start', what is the shared name to connect to? Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JPDA_ADDRESS default in catalina.sh is 8000, but jdbconnin catalina.bat
It depends on which JPDA connection method you use. Under windoses, you can use SharedMemoryAttach (transport dt_shmem) or dt_socket (like UNIX).. See the JPDA documentation for more info :-) -- Jeanfrancois Karr, David wrote: It seems perfectly reasonable to me to default JPDA_ADDRESS to 8000, as is set in catalina.sh. However, I noticed that in catalina.bat, the default is not 8000, and isn't even a number, being jdbconn, whatever that means. What is the reason for that difference? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The string -- is not permitted within comments
Xerces 2.2.1 is broken :-) 2.2.2 also :-) ... with Tomcat. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13282 for the real story. The file that produce the error is struts-config.xml, but you cannot predict on which file it will crach. Xerces 2.3.0 works fine for me. You should give it a try (XML Schema validation is faster). -- Jeanfrancois Jesus M. Salvo Jr. wrote: I know this question has been asked before here: http://marc.theaimsgroup.com/?l=tomcat-userm=103649805401229w=2 So I posted a question to the Xerces mailing list trying to confirm on which release it was fixed, but I got no response: http://marc.theaimsgroup.com/?l=xerces-j-userm=104425379902979w=2 I really need to use Xerces 2.2.1 because of the bug fixes for schema and namespaces. My question is, does anyone know which XML filein Tomcat ( 4.1.18 ) that Xerces is complaining about? At least I can then just fix the XML file. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: get User object from tomcat
Humm...not clear. I guess you mean the principal. Looks at: HttpServletRequest.getUserPrincipal() that returns the current authenticated user HttpServletRequest.isUserInRole(String role) to see if the current authenticated user is included in the specified logical role. -- Jeanfrancois fangfang cai wrote: Hi, Does anyone know how to get the User object(MemoryUser object) which contains user's fullname, roles .? Thanks, Fang - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The string -- is not permitted within comments
Sorry, you are right. That's the dtd file I am reffering to (web-app_2_3.dtd). Sorry for the confusion.Still, I strongly recommend you try Xerces 2.3 :-). If you look how long it tooks to reproduce the problem (OK I'm was slow on that one :-) ), I'm not sure removing the 80 characters in all the DTD will help. -- Jeanfrancois Jesus M. Salvo Jr. wrote: Didn't know there was a 2.2.2 and there is also a bug in 2.3.0 that may actually affect me ( but not Tomcat ). Anyway ... thanks for that ... but I am a little bit confused: You mentioned below that the file that Xerces is complaining about is struts-config.xml, but in the URL you mentioned, you mentioned there that the problem is with a DTD that contains more than 80 characters in one line. strust-config.xml is not a DTD ( or were you referring to strust-config_1_0.dtd? ) and does not seem to have any lines with more than 80 characters. Or were you referring to web-app_2_3.dtd that comes with struts.jar? Am I missing something? Jeanfrancois Arcand wrote: Xerces 2.2.1 is broken :-) 2.2.2 also :-) ... with Tomcat. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13282 for the real story. The file that produce the error is struts-config.xml, but you cannot predict on which file it will crach. Xerces 2.3.0 works fine for me. You should give it a try (XML Schema validation is faster). -- Jeanfrancois Jesus M. Salvo Jr. wrote: I know this question has been asked before here: http://marc.theaimsgroup.com/?l=tomcat-userm=103649805401229w=2 So I posted a question to the Xerces mailing list trying to confirm on which release it was fixed, but I got no response: http://marc.theaimsgroup.com/?l=xerces-j-userm=104425379902979w=2 I really need to use Xerces 2.2.1 because of the bug fixes for schema and namespaces. My question is, does anyone know which XML filein Tomcat ( 4.1.18 ) that Xerces is complaining about? At least I can then just fix the XML file. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with Security manager
java.util.PropertyPermission java.vm.version, read;
permission java.util.PropertyPermission java.vm.vendor, read;
permission java.util.PropertyPermission java.vm.name, read;
// Required for getting BeanInfo
permission java.lang.RuntimePermission
accessClassInPackage.sun.beans.*;
// Allow read of JAXP compliant XML parser debug
permission java.util.PropertyPermission jaxp.debug, read;
};
// You can assign additional permissions to particular web applications by
// adding additional grant entries here, based on the code base for that
// application, /WEB-INF/classes/, or /WEB-INF/lib/ jar files.
//
// Different permissions can be granted to JSP pages, classes loaded from
// the /WEB-INF/classes/ directory, all jar files in the /WEB-INF/lib/
// directory, or even to individual jar files in the /WEB-INF/lib/
directory.
//
// For instance, assume that the standard examples application
// included a JDBC driver that needed to establish a network connection to
the
// corresponding database and used the scrape taglib to get the weather from
// the NOAA web server. You might create a grant entries like this:
//
// The permissions granted to the context root directory apply to JSP pages.
// grant codeBase file:${catalina.home}/webapps/examples/- {
// permission java.net.SocketPermission dbhost.mycompany.com:5432,
connect;
// permission java.net.SocketPermission *.noaa.gov:80, connect;
// };
//
// The permissions granted to the context WEB-INF/classes directory
// grant codeBase file:${catalina.home}/webapps/examples/WEB-INF/classes/-
{
// };
//
// The permission granted to your JDBC driver
// grant codeBase
file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- {
// permission java.net.SocketPermission dbhost.mycompany.com:5432,
connect;
// };
// The permission granted to the scrape taglib
// grant codeBase
file:${catalina.home}/webapps/examples/WEB-INF/lib/scrape.jar!/- {
// permission java.net.SocketPermission *.noaa.gov:80, connect;
// };
grant codeBase file:/my_jspfolderpath/- {
permission java.io.FilePermission
my_jspfolderpath/images/site,read,write;
};
** End of catalina.policy
**
- Original Message -
From: Jeanfrancois Arcand [EMAIL PROTECTED]
To: Tomcat Users List [EMAIL PROTECTED]
Sent: Thursday, February 06, 2003 7:34 AM
Subject: Re: Tomcat with Security manager
Can you post your catalina.policy file? Your file should contains that
permission:
// These permissions apply to the server startup code
grant codeBase file:${catalina.home}/bin/bootstrap.jar {
permission java.security.AllPermission;
}
-- Jeanfrancois
Harish Kumar K.K. wrote:
Hello All
Hope somebody can help me!
I am using Tomcat 4.0.3 on a Red Hat Linux 7.1 system with Apache 1.3.27,
and it works fine if started without the security manager. Recently I had to
put up a file upload form on one of my web sites, and when I deployed the
jsp to accept the form data and save the uploaded file to disk...it came up
with the error File cannot be saved. I am using jspSmartUpload class to
handle the multipart form data and to save the file to disk, which can be
downloaded from www.jspsmart.com
So I read the documentation and figured, the security manager might have
to be enabled with appropriate File IO permissions set for the directory to
which I was trying to save the file.
I proceeded to add the required grant directive in the catalina.policy
file, and when I started Tomcat with the security manager enabledit
wouldn't start! I checked catalina.out and saw that Tomcat is not able to
read server.xml. Here is the stacktrace I found in catalina.out
Catalina.start: java.security.AccessControlException: access denied
(java.io.FilePermission /var/tomcat4/conf/server.xml read)
java.security.AccessControlException: access denied
(java.io.FilePermission /var/tomcat4/conf/server.xml read)
at
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:270)
at
java.security.AccessController.checkPermission(AccessController.java:401)
at
java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at java.io.File.isDirectory(File.java:698)
at
sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:6
5)
at
sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection
.java:148)
at java.net.URL.openStream(URL.java:955)
at
org.apache.xerces.readers.DefaultReaderFactory.createReader(DefaultReaderFac
tory.java)
at
org.apache.xerces.readers.DefaultEntityHandler.startReadingFromDocument(Defa
ultEntityHandler.java)
at
org.apache.xerces.framework.XMLParser.parseSomeSetup(XMLParser.java
Re: Any particular JDK version required for Tomcat?
Tomcat 4.1.1x requires JDK 1.2.x and higher. Tomcat 5 requires 1.3.x and Tomcat 3.x requires 1.1. -- Jeanfrancois Tref Gare wrote: Hi all, A quick question for a friend who needs to install Tomcat 4.1.12 into a JDK 1.2 environment. Are there any limitations or constraints regarding which version of the JDK Tomcat requires to be happy? Thanks -- Tref Gare Development Consultant Areeba Level 19/114 William St, Melbourne VIC 3000 email: [EMAIL PROTECTED] phone: +61 3 9642 5553 fax: +61 3 9642 1335 website: http://www.areeba.com.au -- This email is intended only for the use of the individual or entity named above and contains information that is confidential. No confidentiality is waived or lost by any mis-transmission. If you received this correspondence in error, please notify the sender and immediately delete it from your system. You must not disclose, copy or rely on any part of this correspondence if you are not the intended recipient. Any communication directed to clients via this message is subject to our Agreement and relevant Project Schedule. Any information that is transmitted via email which may offend may have been sent without knowledge or the consent of Areeba. -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat exploding 1.4.1 JVM
Seems to me that you don't have all the Solaris paches required to run the VM. I don't have any problems under Solaris 5.8 but if you think you have all the patches, you may file a bugs against the VM (not Tomcat since it is a VM crash) -- Jeanfrancois Will Hartung wrote: Anyone else getting these? The information provided is remarkably content free to my eyes. Thanx! Regards, Will Hartung ([EMAIL PROTECTED]) SunOS icmsweb 5.8 Generic_108528-17 sun4u sparc SUNW,Ultra-80 An unexpected exception has been detected in native code outside the VM. Unexpected Signal : 11 occurred at PC=0x0 Function=[Unknown.] Library=(N/A) NOTE: We are unable to locate the function name symbol for the error just occurred. Please refer to release documentation for possible reason and solutions. Current Java thread: Dynamic libraries: 0x1 /usr/j2se_1.4.1_01/bin/java 0xff35 /lib/libthread.so.1 0xff39 /lib/libdl.so.1 0xff20 /lib/libc.so.1 0xff33 /usr/platform/SUNW,Ultra-80/lib/libc_psr.so.1 0xfe00 /export/home/j2se_1.4.1_01/jre/lib/sparc/server/libjvm.so 0xff2e /lib/libCrun.so.1 0xff1e /lib/libsocket.so.1 0xff10 /lib/libnsl.so.1 0xff0d /lib/libm.so.1 0xff31 /lib/libw.so.1 0xff0b /lib/libmp.so.2 0xff08 /export/home/j2se_1.4.1_01/jre/lib/sparc/native_threads/libhpi.s o 0xff05 /export/home/j2se_1.4.1_01/jre/lib/sparc/libverify.so 0xfe7c /export/home/j2se_1.4.1_01/jre/lib/sparc/libjava.so 0xff03 /export/home/j2se_1.4.1_01/jre/lib/sparc/libzip.so 0xe5ec /export/home/j2se_1.4.1_01/jre/lib/sparc/libnet.so Local Time = Fri Feb 7 12:47:10 2003 Elapsed Time = 19349 # # The exception above was detected in native code outside the VM # # Java VM: Java HotSpot(TM) Server VM (1.4.1_01-b01 mixed mode) # # An error report file has been saved as hs_err_pid24255.log. # Please refer to the file for further information. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS login context propagation to JBoss
The feature you want has been implemented in Tomcat 5 (not in Tomcat 4.1.x). You can probably port it if you realy needs it (see http://cvs.apache.org/viewcvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/security/SecurityUtil.java) or starts using Tomcat 5. -- Jeanfrancois Peter Kelley wrote: I tell a lie, you can't get access to the users session easily from a realm's authenticate method. Perhaps I could write a valve that looks at the request and looks up the realm the user belongs to. I could then cache the subjects in the realm and run the rest of the pipeline using doAs(subject, ). This seems awfully low level but I can't see another way. Can anyone suggest an alternative ? Surely this problem has been encountered before. On Thu, 2003-02-06 at 15:43, Peter Kelley wrote: I have set up form based authentication for Tomcat 4.1.18 using the JAASRealm and I am using it to connect to a remote JBoss server. Whenever a new user logs in all of the sessions of the existing users take on the identity of the new user on the EJB server. It appears as if something needs to be done to associate the JAAS subject with the current thread every time a request comes in. I can cache the subject in the session but I'm not sure how to go about doing the association. Any ideas ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat with Security manager
Can you post your catalina.policy file? Your file should contains that
permission:
// These permissions apply to the server startup code
grant codeBase file:${catalina.home}/bin/bootstrap.jar {
permission java.security.AllPermission;
}
-- Jeanfrancois
Harish Kumar K.K. wrote:
Hello All
Hope somebody can help me!
I am using Tomcat 4.0.3 on a Red Hat Linux 7.1 system with Apache 1.3.27, and it works fine if started without the security manager. Recently I had to put up a file upload form on one of my web sites, and when I deployed the jsp to accept the form data and save the uploaded file to disk...it came up with the error File cannot be saved. I am using jspSmartUpload class to handle the multipart form data and to save the file to disk, which can be downloaded from www.jspsmart.com
So I read the documentation and figured, the security manager might have to be enabled with appropriate File IO permissions set for the directory to which I was trying to save the file.
I proceeded to add the required grant directive in the catalina.policy file, and when I started Tomcat with the security manager enabledit wouldn't start! I checked catalina.out and saw that Tomcat is not able to read server.xml. Here is the stacktrace I found in catalina.out
Catalina.start: java.security.AccessControlException: access denied (java.io.FilePermission /var/tomcat4/conf/server.xml read)
java.security.AccessControlException: access denied (java.io.FilePermission /var/tomcat4/conf/server.xml read)
at java.security.AccessControlContext.checkPermission(AccessControlContext.java:270)
at java.security.AccessController.checkPermission(AccessController.java:401)
at java.lang.SecurityManager.checkPermission(SecurityManager.java:542)
at java.lang.SecurityManager.checkRead(SecurityManager.java:887)
at java.io.File.isDirectory(File.java:698)
at sun.net.www.protocol.file.FileURLConnection.connect(FileURLConnection.java:65)
at sun.net.www.protocol.file.FileURLConnection.getInputStream(FileURLConnection.java:148)
at java.net.URL.openStream(URL.java:955)
at org.apache.xerces.readers.DefaultReaderFactory.createReader(DefaultReaderFactory.java)
at org.apache.xerces.readers.DefaultEntityHandler.startReadingFromDocument(DefaultEntityHandler.java)
at org.apache.xerces.framework.XMLParser.parseSomeSetup(XMLParser.java)
at org.apache.xerces.framework.XMLParser.parse(XMLParser.java)
at org.xml.sax.helpers.XMLReaderAdapter.parse(XMLReaderAdapter.java:223)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:314)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:253)
at org.apache.catalina.util.xml.XmlMapper.readXml(XmlMapper.java:228)
at org.apache.catalina.startup.Catalina.start(Catalina.java:725)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
Then, I found from the security manager howto on the web site, that if no security manager is enabled, its just like giving all permissions...I am guessing this means that in that case the operating system file permission system only will be in effect. So I made the directory I wanted to save the file into, world writable, just to make sure the OS is not preventing the save operation. Then started Tomcat without the security manager...still the same result!
Now I am totally confused! What am I doing wrong?
Can anybody help me? Please?
Thanks and Regards
Harish
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [offtopic] Opinion - Error messages
Jim Henderson wrote: I have been in IT for approximately 25 years Scary ;-) and worked with Cobol, C++, Fortran, PL1, Java, and others on IBM S390, PDPs, AS400s, PCs. No Lisp? That's the problem! I believe Tomcat is a great server environment. It has a lot of strengths and is evolving rapidly. Many talented developers dedicate vast amounts of time to the project. I appreciate their efforts. In all cases, error processing and reporting could be a difficult task. I appreciate the effort that it requires. But I do believe for Tomcat to flourish, which I hope it does, it needs more attention in this area. For over a week I have been painstakingly trying to set up Server.xml with my context data. Yet, I am simply rewarded with the following non-descriptive error message. I pity people that are in a production environment with development schedules who encounter similar situations. In general, Tomcat deserves high marks. But for error processing and reporting, it deserves an F. You deverse an F also for the kind of information you just posted ;-) Please tell us more what you are trying to do. Which platform?, Which Tomcat version (I guess its 4.1.x...but I don't like guessing), What your app is trying to do and most importantly, add your web.xml file. Is the Tomcat example working? Have you try to increase the logging level? Then we will revise your note and maybe help you and give a C ;-) -- Jeanfrancois ---see--- (http://jakarta.apache.org/site/mail.html) :-) Just my $0.02 2003-02-03 09:32:57 StandardContext[/mfnettags]: Starting 2003-02-03 09:32:57 StandardContext[/mfnettags]: Processing start(), current available=false 2003-02-03 09:32:57 StandardContext[/mfnettags]: Configuring default Resources 2003-02-03 09:32:57 StandardContext[/mfnettags]: Resources start failed: 2003-02-03 09:32:57 StandardContext[/mfnettags]: Configuring non-privileged default Loader 2003-02-03 09:32:57 StandardContext[/mfnettags]: Configuring default Manager 2003-02-03 09:32:57 StandardContext[/mfnettags]: Processing standard container startup 2003-02-03 09:32:57 StandardContext[/mfnettags]: Context startup failed due to previous errors 2003-02-03 09:32:57 StandardContext[/mfnettags]: Exception during cleanup after start failed LifecycleException: Container StandardContext[/mfnettags] has not been started at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3643) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3621) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188) at org.apache.catalina.core.StandardHost.start(StandardHost.java:738) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1188) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:347) at org.apache.catalina.core.StandardService.start(StandardService.java:497) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2189) at org.apache.catalina.startup.Catalina.start(Catalina.java:512) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Conflicts between 2 lib in Tomcat 4.0.3
Or maybehe is using the old Xerces (1.4.4) with the new Xerces(2.x). They have make huge changes between the 2 versions and backward compatibility is no longer supported (Xerces 1.4.4 doesn't fully supports JAXP, Xerces 2.x does). They probably use a public API, but not the JAXP one. You will have to stick with that version or ask other app to update to Xerces 2.x :-( Also, the classloader will not properly load the second jar since it doesn't load a class that is in memory. Since your 2 xerces share some base classes, that's probably why it doesn't work. -- Jeanfrancois Jacob Kjome wrote: hmm Seems to me that they might have been accessing the Xerces implementation classes rather than just the public interfaces. If they were doign things like loading classes dynamically such as using Class.forName(com.mypackage.MyClass) you would get exactly this problem because that will only look for the class in the current classloader instead of looking at all available classloaders. If you can post a stacktrace, we might be able to make that determination. Without a full stack trace, no one will be able to help you much further. Also, in what environment was all this working before? A previous versions of Tomcat? If so, which version? And why not stick with that versionor make the developers fix the bad coding? Jake At 04:25 PM 2/3/2003 +0100, you wrote: I already tried to remove those libs from WEB-INF/lib to CATALINA_HOME/common/lib or CATALINA_HOME/lib, but all the classes in WEB-INF/classes that were coded by another developpers didn't worked any more ! Put it in CATALINA_HOME/common/endorsed or common/lib. You aren't supposed to put endorsed packages such as javax.* and org.w3c.* in WEB-INF/lib. It causes all sorts of problems and violates the Sun classloading spec which Tomcat, as of 4.0.2, enforces. Jake At 10:11 AM 2/3/2003 +0100, you wrote: Hi, I'm working with TC 4.0.3. In the WEB-INF/lib directory, I've got 2 libraries : xerces.jar (I think it's an old Xerces, I didn't put myself there : someone else need it) and xercesImpl.jar (a newer version of xerces). I coded a class that need xerces2, but when I launch it (via a servlet) in my Tomcat, it throws a NoSuchMethoError cause it doesn't take the good jar ! How can I force TC to take the new librairy ? Thanx in advance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Encrypt tomcat-users.xml
A better solution is to use a database to store your username/password information and configure the JDBCDatabaseRealm (instead of the default one: MemoryRealm). See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html -- Jeanfrancois A.VERGES wrote: Hi, Do you know any way to encrypt the Tomcat users file called tomcat-users.xml or another way to prevet the hacking of users file? Thank you Aleix Vergés - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: web.xml question
Is your Servlet have a package name? If no, it should. example: WEB-INF/classes/my/package/SessionTestServlet and then try something like that servlet-nameSessionTest/servlet-name servlet-classmy.package.SessionTestServlet/servlet-class -- Jeanfrancois Pooleery, Manoj wrote: Maybe I am doing this incorrectly - but I have a servlet class in my WEB-INF/classes directory(SessionTestServlet.class) and in my web.xml, I have an entry like this servlet servlet-nameSessionTest/servlet-name servlet-classSessionTestServlet/servlet-class /servlet When I type http://localhost:8080/test/SessioinTest, it gives me an error saying requested resource not found. What could I be doing wrong? Thanks -Manoj. -Original Message- From: Paul Hsu [mailto:[EMAIL PROTECTED]] Sent: Monday, February 03, 2003 5:24 PM To: Tomcat Users List Subject: Re: web.xml question Not really, if you have a servlet is used for startup a background process, then you do not need a mapping section. - Original Message - From: Pooleery, Manoj [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Monday, February 03, 2003 2:22 PM Subject: web.xml question Is it necessary that for each of the servlet elements in the web.xml, a corresponding servlet-mapping element should be there? (For a context other than root). Thanks -Manoj. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: include for server.xml
There is no such concept associated with server.xml.But there is in XML :-) You can define an ENTITY element at the top of your server.xml file and reference it inside the body of the server element. Do something like this: !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; and then inside the server element: server . coyoteConnector /server -- Jeanfrancois Ward Vandewege wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a tomcat/apache setup with several virtual hosts. The information for the virtual hosts lives in a database. In the apache config file, I can just use the 'Include' directive to include my automatically generated configuration file (with all the virtual host definitions) in the httpd.conf. I've been looking all over the archives of this list, the jakarta site, and google, but have not been able to locate an equivalent for use in the server.xml file. Is there one? Bye for now, Ward. - -- Pong.be -( Those who do not understand Unix are condemned to)- Virtual hosting -( reinvent it, poorly. -- Henry Spencer )- http://pong.be -( )- GnuPG public key: http://gpg.dtype.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+PYaBqC3O5tzmh5wRAsKtAJ9376Ne/7o9iX/oe0YwysUtSvNukACfTt3s JzWbEwo6Y+ETChW0FEWTZec= =a2/6 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: kept getting HTTP Status 404 - please help. thanx.
Could you post your web.xml file? That will be a good starting point for us to help you :-) -- Jeanfrancois John Qin wrote: Ijust installed tomcat 4.1.18 today. everything seems fine. i can see this page http://localhost:8080/index.jsp. and i run those Servlet Examples, it showed up, everyting is good. then i wrote a servlet page myself, and try to run it. it told me cannot find it, I got http status 404 error. I am sure my coding is rite. cuz I download htem directly from web site. after i compile the .java file, I put it .class file into WEB-INF/classes folder. I followed hte instruction step by step. I check thousands time, still have no clue whts wrong. if u have any ideas please help me out. thanx. john. __ Do you Yahoo!? Yahoo! Mail Plus - Powerful. Affordable. Sign up now. http://mailplus.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Could not reserve enough space for object heap
Seems you JAva VM is not properly installed. If you type java -version, does it works? Are other Java programs work? -- Jeanfrancois Pierre-Philipp Braun wrote: Hi all, now i'm trying the binaries from http://jakarta.apache.org/ but i've got difficulties setting this up even. When i do: # bin/startup.sh Using CATALINA_BASE: /home/elge/tp/lala2/jakarta-tomcat-4.1.18 Using CATALINA_HOME: /home/elge/tp/lala2/jakarta-tomcat-4.1.18 Using CATALINA_TMPDIR: /home/elge/tp/lala2/jakarta-tomcat-4.1.18/temp Using JAVA_HOME: /usr/pkg/java/sun-1.4.0 # nothing seems to be lauched. Here is the whole content of catalina.out: Shared object libjava.so not found Error occurred during initialization of VM Could not reserve enough space for object heap Error occurred during initialization of VM Could not reserve enough space for object heap Unable to initialize threads: cannot find class java/lang/Thread Error occurred during initialization of VM Could not reserve enough space for object heap Error occurred during initialization of VM Could not reserve enough space for object heap Any advice would be appreciated. Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: include for server.xml
Try this: !DOCTYPEblablabla [ !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; ] and then reference it using -- Jeanfrancois Ward Vandewege wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey thanks for that. Unfortunately, the Xerces doesn't seem to like the first line: !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; Feb 2, 2003 11:22:56 PM org.apache.commons.digester.Digester fatalError SEVERE: Parse Fatal Error at line 1 column 3: The markup in the document preceding the root element must be well-formed. org.xml.sax.SAXParseException: The markup in the document preceding the root element must be well-formed. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:232) at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:213) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:375) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:305) at org.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1269) at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(XMLDocumentScannerImpl.java:681) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175) ... Any advice? bfn, Ward. On Sun, Feb 02, 2003 at 04:17:13PM -0500, Jeanfrancois Arcand wrote: There is no such concept associated with server.xml.But there is in XML :-) You can define an ENTITY element at the top of your server.xml file and reference it inside the body of the server element. Do something like this: !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; and then inside the server element: server . coyoteConnector /server -- Jeanfrancois Ward Vandewege wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a tomcat/apache setup with several virtual hosts. The information for the virtual hosts lives in a database. In the apache config file, I can just use the 'Include' directive to include my automatically generated configuration file (with all the virtual host definitions) in the httpd.conf. I've been looking all over the archives of this list, the jakarta site, and google, but have not been able to locate an equivalent for use in the server.xml file. Is there one? Bye for now, Ward. - -- Pong.be -( Those who do not understand Unix are condemned to )- Virtual hosting -( reinvent it, poorly. -- Henry Spencer )- http://pong.be -( )- GnuPG public key: http://gpg.dtype.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+PYaBqC3O5tzmh5wRAsKtAJ9376Ne/7o9iX/oe0YwysUtSvNukACfTt3s JzWbEwo6Y+ETChW0FEWTZec= =a2/6 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Ward Vandewege. - -- Pong.be -( The Linux philosophy is 'Laugh in the face of )- Virtual hosting -(danger'. Oops. Wrong One. 'Do it yourself'. Yes, )- http://pong.be -( that's it. -- Linus )- GnuPG public key: http://gpg.dtype.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+PZp4qC3O5tzmh5wRAmCpAJ9ZUO9gR0dS0iSUBWEmeNqCFz2B8ACcDG41 m0z78XVHHraB6WcMc3tgkPU= =Q/4J -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: include for server.xml
Try this: !DOCTYPE blablabla [ !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; ] and then reference it using -- Jeanfrancois Ward Vandewege wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hey thanks for that. Unfortunately, the Xerces doesn't seem to like the first line: !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; Feb 2, 2003 11:22:56 PM org.apache.commons.digester.Digester fatalError SEVERE: Parse Fatal Error at line 1 column 3: The markup in the document preceding the root element must be well-formed. org.xml.sax.SAXParseException: The markup in the document preceding the root element must be well-formed. at org.apache.xerces.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:232) at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(ErrorHandlerWrapper.java:213) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:375) at org.apache.xerces.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:305) at org.apache.xerces.impl.XMLScanner.reportFatalError(XMLScanner.java:1269) at org.apache.xerces.impl.XMLDocumentScannerImpl$PrologDispatcher.dispatch(XMLDocumentScannerImpl.java:681) at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:329) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:525) at org.apache.xerces.parsers.DTDConfiguration.parse(DTDConfiguration.java:581) at org.apache.xerces.parsers.XMLParser.parse(XMLParser.java:152) at org.apache.xerces.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1175) ... Any advice? bfn, Ward. On Sun, Feb 02, 2003 at 04:17:13PM -0500, Jeanfrancois Arcand wrote: There is no such concept associated with server.xml.But there is in XML :-) You can define an ENTITY element at the top of your server.xml file and reference it inside the body of the server element. Do something like this: !ENTITY coyoteConnector SYSTEM http://your_configuration.xml; and then inside the server element: server . coyoteConnector /server -- Jeanfrancois Ward Vandewege wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, I have a tomcat/apache setup with several virtual hosts. The information for the virtual hosts lives in a database. In the apache config file, I can just use the 'Include' directive to include my automatically generated configuration file (with all the virtual host definitions) in the httpd.conf. I've been looking all over the archives of this list, the jakarta site, and google, but have not been able to locate an equivalent for use in the server.xml file. Is there one? Bye for now, Ward. - -- Pong.be -( Those who do not understand Unix are condemned to )- Virtual hosting -( reinvent it, poorly. -- Henry Spencer )- http://pong.be -( )- GnuPG public key: http://gpg.dtype.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+PYaBqC3O5tzmh5wRAsKtAJ9376Ne/7o9iX/oe0YwysUtSvNukACfTt3s JzWbEwo6Y+ETChW0FEWTZec= =a2/6 -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Ward Vandewege. - -- Pong.be -( The Linux philosophy is 'Laugh in the face of )- Virtual hosting -(danger'. Oops. Wrong One. 'Do it yourself'. Yes, )- http://pong.be -( that's it. -- Linus )- GnuPG public key: http://gpg.dtype.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE+PZp4qC3O5tzmh5wRAmCpAJ9ZUO9gR0dS0iSUBWEmeNqCFz2B8ACcDG41 m0z78XVHHraB6WcMc3tgkPU= =Q/4J -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: username as a variable?
You can also use HttpServletRequest.getUserPrincipal() to get the current user. -- Jeanfrancois Barney Hamish wrote: see the j2ee documentation on the request object... There is the method getRemoteUser() -Original Message- From: Shah, Sanjay [mailto:[EMAIL PROTECTED]] Sent: Friday, January 24, 2003 6:28 PM To: 'Tomcat Users List' Subject: username as a variable? Is there a way to catch the username from tomcat-user.xml file as a variable? I want to use the username that a user logs in as into my servlet. Thanks -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Question about tomcat 4.1.19
Yes, they were a lot of change between 4.1.18 and 4.1.19. That's why it is considered alpha... -- Jeanfrancois Steve Vanspall wrote: Hi there, I reported a bug, in tomcat 4.1.18, to bugzilla. The reply I got stated that it was fixed in Tomcat 4.1.19, having not found a link to the binary for 4.1.19, I navigated tharere, and found an alpha release of it on the website. Does this mean it is still in development stage? Does anyone have any idea of it's stability? Not completely sure what alpha means, but assume, logically, it is the release before a beta release. Regards Steve Vanspall -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Running standard CGI perl scripts under Apache
Yes, you can. See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/cgi-howto.html -- Jeanfrancois Red Hat wrote: Is it possible to run standard cgi perl scripts under tomcat 4.x? Thx, CC Chuck Carson Sr. Systems Engineer Syrrx, Inc. 10410 Science Center Drive San Diego, CA 92121 Work: 858.731.3540 Cell: 858.442.1791 -- This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message, which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: tomcat 4.1.18 can't start on W2K - java.endorsed.dirs is empty?
The endorsed dir is used when you want to use another parser that the one included by default with JDK 1.4 (Crimson). The error you have is produced because Tomcat requires the full JDK, not only the JRE (the jsp compiler uses classes from tools.jar, which is only included with the JDK). - Jeanfrancois Pierre Yves Monnet wrote: Hello, Here my problem : I install on a W2000 professional a J2re1.4.1, then a Tomcat 4.1.18-LE-JDK14 Tomcat don't want to start correctly. After a start, I receive on the URL the following error via a web browser : ETAT HTTP 500 Message : Description : the server meet an internal error Exception: org.apache.jasper.JasperException: Unable to compile class for JSP An error occurred at line: -1 in the jsp file: null Generated servlet error: [javac] Compiling 1 source file at org.apache.jasper.compiler.DefaultErrorHandler.javacError(DefaultErrorHandle r.java:130) at org.apache.jasper.compiler.ErrorDispatcher.javacError(ErrorDispatcher.java:2 93) at org.apache.jasper.compiler.Compiler.generateClass(Compiler.java:340) at org.apache.jasper.compiler.Compiler.compile(Compiler.java:352) at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:4 74) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:1 84) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:260) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:170) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:432) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:386) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:534) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:530) at java.lang.Thread.run(Unknown Source) I tried to start the service manualy to see what's happen, and an error arrive in the catalina.bat script : D:\Tomcat 4.1.18start Tomcat -Djava.endorsed.dirs= -classpath ;.\bin\b ootstrap.jar -Dcatalina.base=. -Dcatalina.home=. -Djava.io.tmpdir=.\te mp org.apache.catalina.startup.Bootstrap start The system cannot find the file -Djava.endorsed.dirs=. I tried to install oon a second machine : same problem. Tomcat 3.1 is run correctly,else I can't run it as a service... Is someone has this error and fix it ? I look in the bug report database, bu no bug event are referenced. Same in FAQ. Thanks you ! Pierre-Yves Monnet Pierre-Yves Monnet Pierre-Yves Monnet - Project Manager Cap Gemini Ernst Young Tél : 33 (0) 4 76 52 64 23 GSM: 33 (0) 6 86 74 49 86 FAX : 33 (0)4 76 52 62 01 mail : [EMAIL PROTECTED] -- To
Re: Web Deployment Descriptor Realm
No since web.xml is servlet specific (and Realm are Tomcat specific). On solution is to create your_app_name.xml that contains a Context element that define your realm, put it under /WED-INF and include an HOW-TO-DEPLOY-THIS-WEB-APP file somewhere in your war file to tell people how to deploy your app (meaning tell the Tomcat administrator to add the realm information to the server.xml for you) -- Jeanfrancois Harsha Yalagach wrote: Greetings, I have developed an application that uses Realm. I have put the information regarding the Realm in the serverl.xml file of Tomcat. I want move this information to the web.xml file or any other configuration file in the war file. Is there a way to do it. If yes, please show me some light in this regard. Thanks in advance... Warm Regards, Harsha Yalagach -- Any opinions, explicit or implied, are solely those of the authors and do not necessarily represent those of Cerebra.This Email may contain confidential and/or privileged information. If you are not the intended recipient or have received this Email in error, please notify us at [EMAIL PROTECTED] immediately and destory this Email. Any unauthorized copying, disclosure or distribution of the material in this mail is strictly forbidden. -- Cerebra Integrated Technologies Ltd , Bangalore, India -- Cerebra Integrated Technologies Ltd., Bangalore, India -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: manager app permissions issue
Which Tomcat version are you using (works for me with 4.1/5.0)? From the
error you have provided, seems you are trying to get access to class
ManagerServlet from one of your class. ManagerServlet class is package
protected by Tomcat when running with the security manager (your case).
If you want to use it (and open a possible SECURITY hole), add this to
your catalina.policy:
permission java.lang.RuntimePermission
accessClassInPackage.org.apache.catalina.servlets.;
At your own risk :-)
-- Jeanfrancois
Durham David Cntr 805CSS/SCBE wrote:
Hello,
I'm trying to use the manager app but recieve the following error:
java.lang.SecurityException: Servlet of class org.apache.catalina.servlets.ManagerServlet is privileged and cannot be loaded by this web application
Did some looking around and the only thing I can come up with is changing the catalina.policy file. So I added:
grant codeBase file:${catalina.home}/webapps/manager/- {
permission java.security.AllPermission;
};
to catalina.policy, but that did not fix it.
Has anyone seen this before and no what the problem is?
Thanks,
David Durham
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: DTD problem starting tomcat 4
That should not make any differences since Tomcat (aka the Digester) use local copy of the DTD. So even if the URL is wrong, internally, Tomcat uses the previous one and your app should still deploy. As why the URL change, I guess it is related when java.sun.com where re-designed :-( -- Jeanfrancois Turner, John wrote: Not sure. I've never really paid any attention to it. John -Original Message- From: Dean Anderson [mailto:[EMAIL PROTECTED]] Sent: Friday, January 10, 2003 4:03 PM To: Tomcat Users List Subject: RE: DTD problem starting tomcat 4 That helped. But that was the DOCTYPE since August. Why did it work before? Has something changed at Sun? --Dean On Thu, 9 Jan 2003, Turner, John wrote: I'm pretty sure it's you, not Tomcat. My web.xml is different: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; Note Sun Microsystems, Inc., not Sun Micro as it is in yours. Or is that an edit/typo? John -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.1.18 Admin Page
No, only manager and admin role are known by Tomcat. -- Jeanfrancois Peter Lee wrote: Does anyone know the usage of the rolename provider Any special meaning to that? user username=user password=sec roles=admin,manager,provider/ On 3 Jan 2003 at 10:58, Jeanfrancois Arcand wrote: If you click on the link you just provided, read in the middle of the page :-), you will read : NOTE: For security reasons, using the administration webapp is restricted to users with role admin. The manager webapp is restricted to users with role manager. Users are defined in |$CATALINA_HOME/conf/tomcat-users.xml|. So open tomcat-user.xml and define something like that: user username=karthikeyan password=always_read_the_doc roles=admin/ ;-) -- Jeanfrancois karthikeyan.balasubramanian wrote: Hi, How do i manage the admin section that comes along with tomcat. I can see the page when i type http://localhost:8080 It is password protected, by defualt i cant access it seems. How do i set new password and what are the things that can be achieved through this interface. Have a great day. Karthikeyan B. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: DTD for server.xml??
I thin it should be defined like this: !DOCTYPE web-app[ !ENTITY vhost1 SYSTEM /path/to/tomcat/conf/vhost1.xml ] I did not try it but that the way ENTITY works usually. -- Jeanfrancois Turner, John wrote: Sorry, that should be !ENTITY vhost1 SYSTEM /path/to/tomcat/conf/vhost1.xml Typo in vhost. John -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:42 AM To: 'Tomcat Users List' Subject: RE: DTD for server.xml?? That makes sense. OK, next question, in a thread started yesterday, it was mentioned (correctly, I assume) that you could use XML entities to include external XML files into server.xml. So, this link came up on Google: http://tech.irt.org/articles/js212/#example_2 Which leads a person to believe that something like !ENTITY vhost SYSTEM /path/to/tomcat/conf/vhost1.xml Then towards the bottom: vhost1 would work in server.xml, but it doesn't. Error: Catalina.start: org.xml.sax.SAXParseException: The content beginning ! is not legal markup. Is this a futile path, or is it possible to include external XML into server.xml when server.xml is parsed? If so, how? Thanks! John -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:37 AM To: Tomcat Users List Subject: Re: DTD for server.xml?? It would be almost impossible to write a DTD for server.xml since an admin may inject custom classes (Listeners/Loggers). To have a dtd, we would need to know every property which can be set for every class (which may be made known in server.xml) since tomcat uses reflection from Diegester. -Tim Turner, John wrote: Hello - I notice that the top of web.xml has: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; yet the top of server.xml has nothing. I'm very new to XML, so forgive me if this is a lame or FA question, but is there a DTD for server.xml? If so, why isn't it specified in server.xml, and what is the URL? Is server.xml real, official XML or just convenience XML? - John John Turner [EMAIL PROTECTED] | 248-488-3466 Advertising Audit Service http://www.aas.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: DTD for server.xml??
Oups (remove the quote) !DOCTYPE web-app[ !ENTITY vhost1 SYSTEM /path/to/tomcat/conf/vhost1.xml ] -- Jeanfrancois Jeanfrancois Arcand wrote: I thin it should be defined like this: !DOCTYPE web-app[ !ENTITY vhost1 SYSTEM /path/to/tomcat/conf/vhost1.xml ] I did not try it but that the way ENTITY works usually. -- Jeanfrancois Turner, John wrote: Sorry, that should be !ENTITY vhost1 SYSTEM /path/to/tomcat/conf/vhost1.xml Typo in vhost. John -Original Message- From: Turner, John [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:42 AM To: 'Tomcat Users List' Subject: RE: DTD for server.xml?? That makes sense. OK, next question, in a thread started yesterday, it was mentioned (correctly, I assume) that you could use XML entities to include external XML files into server.xml. So, this link came up on Google: http://tech.irt.org/articles/js212/#example_2 Which leads a person to believe that something like !ENTITY vhost SYSTEM /path/to/tomcat/conf/vhost1.xml Then towards the bottom: vhost1 would work in server.xml, but it doesn't. Error: Catalina.start: org.xml.sax.SAXParseException: The content beginning ! is not legal markup. Is this a futile path, or is it possible to include external XML into server.xml when server.xml is parsed? If so, how? Thanks! John -Original Message- From: Tim Funk [mailto:[EMAIL PROTECTED]] Sent: Wednesday, January 08, 2003 11:37 AM To: Tomcat Users List Subject: Re: DTD for server.xml?? It would be almost impossible to write a DTD for server.xml since an admin may inject custom classes (Listeners/Loggers). To have a dtd, we would need to know every property which can be set for every class (which may be made known in server.xml) since tomcat uses reflection from Diegester. -Tim Turner, John wrote: Hello - I notice that the top of web.xml has: ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; yet the top of server.xml has nothing. I'm very new to XML, so forgive me if this is a lame or FA question, but is there a DTD for server.xml? If so, why isn't it specified in server.xml, and what is the URL? Is server.xml real, official XML or just convenience XML? - John John Turner [EMAIL PROTECTED] | 248-488-3466 Advertising Audit Service http://www.aas.com -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: HELP with catalina.policy
Arthur Chan wrote: Hi. I use j2sdk1.4.0 + Apache2 + Tomcat4.0.4 + mod_jk My applets access tomcat servlets to query an Ora9i database. Most of the client W98, NT4 and W-XP can access my applet to query the servlets with the exception of 2. One client uses java 1.3.1_03 and when he tries to use applet over www , java console throws these error : [code] RemotedemoClient : set URL to http://my site : java.security.AccessControlException access denied (java.nt.SocketPermission proxy-iap resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getByName(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.checkCookieHeader(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at com.developer.Tunnel.QueryCollection.retrieveQueries(QueryCollection.java:62) at com.developer.Tunnel.QueryCollection.run(QueryCollection.java:38) at java.lang.Thread.run(Unknown Source) java.security.AccessControlException: access denied (java.net.SocketPermission proxy-iap resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getByName(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.checkCookieHeader(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at com.developer.Tunnel.client.BaseTunnelClient._invokeMethod(BaseTunnelClient.java:193) at com.developer.Tunnel.client.BaseTunnelClient._initialize(BaseTunnelClient.java:89) at com.developer.Tunnel.RemotedemoClient.init(RemotedemoClient.java:28) at com.developer.Tunnel.demoApplet.init(demoApplet.java:80) at sun.applet.AppletPanel.run(Unknown Source) at java.lang.Thread.run(Unknown Source) java.security.AccessControlException: access denied (java.net.SocketPermission proxy-iap resolve) at java.security.AccessControlContext.checkPermission(Unknown Source) at java.security.AccessController.checkPermission(Unknown Source) at java.lang.SecurityManager.checkPermission(Unknown Source) at java.lang.SecurityManager.checkConnect(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getAllByName0(Unknown Source) at java.net.InetAddress.getByName(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHttpProxyAuthentication(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at sun.net.www.protocol.http.HttpURLConnection.getHeaderField(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.checkCookieHeader(Unknown Source) at sun.plugin.protocol.jdk12.http.HttpURLConnection.getInputStream(Unknown Source) at com.developer.Tunnel.QueryCollection.retrieveQueries(QueryCollection.java:62) at com.developer.Tunnel.QueryCollection.run(QueryCollection.java:38) at java.lang.Thread.run(Unknown Source) [/code] Is this a firewall problem from their end ??? Yes, It could be a firewall problem. IMO, It is more a privilege issue with NT. Have you try with Administrator privilege? Also, double check that your usesr have the proper java.security file with their JRE. Is this a catalina.policy problem from my end ??? No, the catalina.policy file is for Tomcat server side, and doesn't protect anything on the client side. -- Jeanfrancois -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: xerces version
This is against the spec. You cannot replace endorsed library within your web app (http://java.sun.com/j2se/1.4/docs/guide/standards/). The Tomcat classloader just ignore the jar file. see : SRV.9.7.2Web Application Classloader in the Servlet 2.4 specification (http://jcp.org/aboutJava/communityprocess/first/jsr154/) -- Jeanfrancois Morten Bøhmer wrote: Personally I just dropped having libraries like this in my webapps, and just installing 1 version of them in jdk/jre/lib/ext for global use on the system. Might not be such a good idea, but it works for me :) -Original Message- From: Reto Bachmann-Gmuer [mailto:[EMAIL PROTECTED]] Sent: 7. januar 2003 20:39 To: Tomcat List Subject: xerces version -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 hello my web-app uses a newer (at least different) version of xerces than the one in common/endorsed. When I have my xercer.jar in my WEB-INF/lib the two file conflicts and I get strange exceptions. when i replace xercesImpl/ in common/endorsed everything works fine, however installation of my web-app becomes significantly more complex. Is there a way (such as an entry in web.xml) so that this is not needed? thanks, reto -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.7 (Darwin) iD8DBQE+GyzQD1pReGFYfq4RAjhWAJsGNFmN/b3O7ry6Nn66lEd2mPZrBQCeIcS+ kNJ4iZKvcPyti7Y0mpkspgo= =Btm1 -END PGP SIGNATURE- -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat Distrobution Bundle
What kind of errors are you seeing? There is a defaut parser that comes
with JDK 1.4.x (Crimson) and if you want to use Xerces, copy the
xercesImpl,.jar under ${catalina_home}/common/endorsed. With which
Tomcat version it was working before?
-- Jeanfrancois
Jared Walker wrote:
hi all,
I recently upgraded to the jakarta-tomcat-4.1.18-LE-jdk14 distribution
and I was wondering if it included any XML parsers or related tools? It
seems that something in this new version is now killing my XML code in
my web application (unreadable/missing files). Anyone know whats been
added that could do this?
thanks,
-Jared
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Tomcat 4.1.18 Admin Page
If you click on the link you just provided, read in the middle of the page :-), you will read : NOTE: For security reasons, using the administration webapp is restricted to users with role admin. The manager webapp is restricted to users with role manager. Users are defined in |$CATALINA_HOME/conf/tomcat-users.xml|. So open tomcat-user.xml and define something like that: user username=karthikeyan password=always_read_the_doc roles=admin/ ;-) -- Jeanfrancois karthikeyan.balasubramanian wrote: Hi, How do i manage the admin section that comes along with tomcat. I can see the page when i type http://localhost:8080 It is password protected, by defualt i cant access it seems. How do i set new password and what are the things that can be achieved through this interface. Have a great day. Karthikeyan B.
Re: Help with Tomcat on HP-UX 10.20
John Clark wrote: I have spent some time looking at the FAQs, archives, etc. but cannot find the information I need, can anyone help. I have an intranet application (using JSP) that currently runs using Oracle 9i (Apache built in) on Linux and using Oracle 8 and Tomcat on NT/2000. I now want to use it with Oracle 8 on HP-UX 10.20 and need answers to the following: 1. Can I just use Tomcat, or do I also need Apache? Yes, you can. 2. I have downloaded a version of JDK (1.18.07) from the HP website, will this work? You need at least JDK 1.2 to run Tomcat 4.1.18. Tomcat 3.2.2 3.3 will work with your current JDK. -- Jeanfrancois Any help much appreciated. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: how to disable cookies in tomcat ?
Cookies are disabled in your browser, not in Tomcat :-) Look under preferences or options menu (based on your browser) -- Jeanfrancois Albrecht Berger wrote: Hello, I read that it is possible to disable cookies. Could someone provide a server.xml or web.xml where cookies are disabled ? The information I get out of the tomcat-docs didn't worked. Thx berger -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
