Problems accessing xls and ppt files over ajp13
I added mime types to conf/web.xml for xls and ppt: application/vnd.ms-excel application/vnd.ms-powerpoint and this works fine when I access tomcat directly, However, when I access tomcat via our IIS server in the firewall (SSL), they are sent as text. Other MS filetypes (doc, mdb) seem fine. Any idea what is wrong here and how to fix it? Does IIS have to be restarted if I add mime types for tomcat? Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Tomcat 4 clears login parameters?
Craig, Thanks for the response. Yes, I agree that our use of parameters to determine the state of the login page wasn't portable, etc., but it did have the advantage of working reliably (on Tomcat 3.x). Unfortunately the use of the standard browser tags for no-cache, expiration, etc. don't seem to work reliably at all. Even IE6 doesn't work right. MS has a couple of pages on this, but their suggestions doesn't work either. With the large number of people who want this you would think it shouldn't be hard for the browsers to make the tags work. Can Tomcat help avoid this problem by putting up the form-based login page in its own window without any controls on it (like basic auth does)? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]] Sent: Saturday, May 18, 2002 12:34 PM To: Tomcat Users List Subject: Re: Tomcat 4 clears login parameters? On Sat, 18 May 2002, Lawlor, Frank wrote: Date: Sat, 18 May 2002 01:00:11 -0500 From: Lawlor, Frank [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat (E-mail)' [EMAIL PROTECTED] Subject: Tomcat 4 clears login parameters? One problem that Tomcat web apps have is that the login page remains in the browser history and if the user navigates to one of these and tries to use it, they get a rather incomprehensible result. In Tomcat 3.x we had a good solution (the only one I have been able to find anywhere) which depends upon setting a parameter to indicate that the page has been used (this is used by JavaScript) to write Page invalidated or whatever you want). Unfortunately Tomcat 4.x seems to clear all the parameters. I suppose there may be some good security reason for clearing the username and password, but can't it leave other parameters alone? Storing the username and password (from a form-based login) as attributes visible to the application was a very poor design decision in 3.3. You have unfortunately gotten yourself dependent on a container-specific implementation detail that isn't portable to anywhere else (even to other Tomcat versions). You should put the appropriate HTML meta tags at the top of your login page to tell the browser not to cache the data -- that way, the user will get an expired error if they try to resubmit it, the same as you could do on any other form in the app when you want to avoid resubmits. Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. Craig -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Problem Uploading Image files
We solved our problem by getting the latest cos.jar. Our original code was from the rather old code in the original article from the O'Reilly site, which doesn't seem to handle non-text files properly. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat 4 clears login parameters?
One problem that Tomcat web apps have is that the login page remains in the browser history and if the user navigates to one of these and tries to use it, they get a rather incomprehensible result. In Tomcat 3.x we had a good solution (the only one I have been able to find anywhere) which depends upon setting a parameter to indicate that the page has been used (this is used by JavaScript) to write Page invalidated or whatever you want). Unfortunately Tomcat 4.x seems to clear all the parameters. I suppose there may be some good security reason for clearing the username and password, but can't it leave other parameters alone? Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Problem Uploading Image files
We have been using the O'Reilly multipart upload code, but are having problems uploading image (jpg, gif) files. I have tried this on Tomcat 3.3, 4.0.3 and 4.0.425 with same results. Same results going thru IIS front end and talking directly to tomcat on port 8080. The uploaded file is ALMOST identical to the original, but all the x8X values are converted to x3F ('?'). Any ideas what may be causing this or how to fix it? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: manager reload not processing new security constraints
The application security constraints are in its web.xml, not server.xml. Does anyone know if reload is supposed to process the web.xml? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 11:58 AM To: 'Tomcat Users List' Subject: RE: manager reload not processing new security constraints I don't think that manager reads server.xml on reload. You can use the manager's stop/start instead. Charlie -Original Message- From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 12:09 PM To: 'Tomcat (E-mail)' Subject: manager reload not processing new security constraints Tomcat 4.0.3: If I add a security constraint to the web.xml of my application and do a manager/reload of the app, it claims to have restarted the app OK, but the new constraint is not effected. If I restart Tomcat, the new constraint does take effect. Is this a bug in the manger reload? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: manager reload not processing new security constraints
Charlie, Your suggestion to use stop/start worked. I still don't know if reload is supposed to process the web.xml (would be nice if this was made clear), but start/stop does the job. Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Cox, Charlie [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 11:58 AM To: 'Tomcat Users List' Subject: RE: manager reload not processing new security constraints I don't think that manager reads server.xml on reload. You can use the manager's stop/start instead. Charlie -Original Message- From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] Sent: Monday, May 06, 2002 12:09 PM To: 'Tomcat (E-mail)' Subject: manager reload not processing new security constraints Tomcat 4.0.3: If I add a security constraint to the web.xml of my application and do a manager/reload of the app, it claims to have restarted the app OK, but the new constraint is not effected. If I restart Tomcat, the new constraint does take effect. Is this a bug in the manger reload? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
manager reload not processing new security constraints
Tomcat 4.0.3: If I add a security constraint to the web.xml of my application and do a manager/reload of the app, it claims to have restarted the app OK, but the new constraint is not effected. If I restart Tomcat, the new constraint does take effect. Is this a bug in the manger reload? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
I tested nightly build 4.0.425 and the problem with getRemoteUser() == '' is fixed there. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Lawlor, Frank [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 2:16 PM To: 'Tomcat Users List' Subject: RE: getRemoteUser(), getAuthType() returning empty string instead of NULL? The problem (in Tomcat) IS that getRemoteUser() doesn't return null. Tomcat does not support multiple logins. If you look at the code you will see that it does a getRemoteUser() and if not null and not authenticated by Tomcat, it bails. I tried it on 4.0.3, as someone suggested, and it still fails with the same problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Jason MacLane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 5:31 AM To: Tomcat Users List Subject: Re: getRemoteUser(), getAuthType() returning empty string instead of NULL? Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code. In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James Garrison Athens Group, Inc. mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. The Tomcat version is 4.0.2. Here's the Connector definition: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ The results are the same with tomcatAuthentication=true and also when the tomcatAuthentication parameter is omitted. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: getRemoteUser(), getAuthType() returning empty string instead of NULL?
The problem (in Tomcat) IS that getRemoteUser() doesn't return null. Tomcat does not support multiple logins. If you look at the code you will see that it does a getRemoteUser() and if not null and not authenticated by Tomcat, it bails. I tried it on 4.0.3, as someone suggested, and it still fails with the same problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Jason MacLane [mailto:[EMAIL PROTECTED]] Sent: Wednesday, April 24, 2002 5:31 AM To: Tomcat Users List Subject: Re: getRemoteUser(), getAuthType() returning empty string instead of NULL? Did someone find a solution ? We are stuck on the same problem. In fact, the problem is not really that the getRemoteUser() returns an empty string instead of a null string : Normally, when a user is already authenticated but is trying to access to a ressource for which he is not in a valid role, the server should open the login box a second time ; so even if getRemoteUser() returns and that Tomcat considers it's the user name, it should open the login box and not send a 403 error code. In fact, when I test the same web application on Tomcat 3.3, it works (I mean I can identify myself on the login box) but with Tomcat 4 it directly rejects me... Every piece of info would help... Regards. Scenario: (1) Browser - http://TomcatHTTPServer:8080 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (2) Browser - https://TomcatHTTPServer:8443 (no authentication) getRemoteUser() and getAuthType() return NULL, as expected (3) Browser - https://IISServer:443(BASIC Auth) - ISAPI - AJP13 getRemoteUser() returns authenticated user name, getAuthType() returns Basic, as expected (4) Browser - http://IISServer:80(NO Auth) - ISAPI - AJP13 getRemoteUser() and getAuthType() return (Empty String) This is NOT as expected, and causes Tomcat to reject the request because it thinks the request is already authenticated but doesn't match the requested page's realm. Is this: a) Working as specified? b) A bug in the ISAPI filter? c) A bug in Tomcat? d) Something else? Thanks in advance. -- James Garrison Athens Group, Inc. mailto: [EMAIL PROTECTED] 5608 Parkcrest Dr http://www.athensgroup.com Austin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 Ignacio J. Ortega wrote: De: James Garrison [mailto:[EMAIL PROTECTED]] Enviado el: martes 23 de abril de 2002 18:48 Needed more information, which Tomcat version?, post the connector or interceptor line for ajp13 prsent in your server.xml file.. The Tomcat version is 4.0.2. Here's the Connector definition: Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0 tomcatAuthentication=false/ The results are the same with tomcatAuthentication=true and also when the tomcatAuthentication parameter is omitted. -- James GarrisonAthens Group, Inc. mailto:[EMAIL PROTECTED]5608 Parkcrest Dr http://www.athensgroup.comAustin, TX 78731 PGP: RSA=0x92E90A3B DH/DSS=0x498D331C (512) 345-0600 x150 -- ___ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Please Help!! SSL problem
Did you follow all the directions in the SSL HowTo exactly: You need to provide more detail on the error. What is the full stack trace with the error message. Look in the logs in the log directory and note any messages that occur that may be connected with the problem. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: tomcat with ssl
How are you trying to connect? What is the URL you are using? Is there anything in the logs? I assume you followed all the directions in the How-to? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Sunday, March 31, 2002 11:46 PM To: Tomcat Users List Subject: tomcat with ssl I am configuring Tomcat with ssl. my system is; jakarta-tomcat-4.0.1 jsse-1_0_2-gl j2sdk-1_3_1_03 I put jcert.jar jnet.jar jsse.jar in $JAVA_HOME/jre/lib/ext. My apache is OK with ssl, and also Tomcat without ssl. When I take away --- and -- from text below, !-- Connector className=org.apache.catalina.connector.http.HttpConnector port=8443 minProcessors=5 maxProcessors=75 enableLookups=false acceptCount=10 debug=0 scheme=https secure=true Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ /Connector -- Tomcat seems ok to bootup, But can not connect from web browser, just keeping timeout. Wnen I coment out the text below; !-- Factory className=org.apache.catalina.net.SSLServerSocketFactory clientAuth=false protocol=TLS/ -- Tomcat works, but not with SSL. Please someone help me? Akihiro -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Understand the security in tomcat
I'm no expert here, but for the types of things in your example, you need to enable the java system security (also controls access to the filesystem, etc). You enable this by starting Tomcat with the - security option. The permissions given to your app are defined, I believe, in tomcat.policy (catalina.policy in 4.x) in the conf directory. Take a look at Using the Java SecurityManager with Tomcat on the jakarta site http://jakarta.apache.org/tomcat/tomcat-3.3-doc/tomcat-security.html Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Terence Dewaele [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 9:14 AM To: [EMAIL PROTECTED] Subject: Understand the security in tomcat Hello, I have Apache 1.3.23 + Tomcat 3.3 in the debian linux server. It's work togheter. I have configured tomcat for using virtualhost : -- server.xml -- Host name=test.felling.org Context path= docBase=/data/www/test.felling.org / Permission className=java.io.FilePermission attribute=- value=read/ Permission className=java.lang.RuntimePermission attribute=stopThread/ /Host -- httpd.conf -- VirtualHost . JkMount /*.jsp ajp13 /VirtualHost If i put test.jsp in my test.felling.org and i execute him it's work - ok Now if i put % System.exit(1); % in my test.jsp and i execute, i d'ont have security exception, my tomcat was killed !! Howto disabled this and get security exception ? Howto configure a chrooted enviroment to forbidden access reading file in directory up ? Thx P.S: Sorry for my english :( --- Térence Dewaele -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
How to get basic app environment info
In my application I would like to have some way to get the following information programmatically from my app about the deployed environment: 1) the deployed name of my web app (although I developed it as 'Foo', it can be deployed as anything). I know how to get this from the URL in a request, but how can I tell at app init time? 2) What ports were configured as the normal and SSL ports? 3) the deployed name of some companion app (developed as 'Bar', but deployed as ???). Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Can't Start Tomcat 4.0
In the startup.bat (?) change the 'start' to 'run' so you can see the error messages after running startup on the command line. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -Original Message- From: Andy McVicker [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 27, 2002 11:14 AM To: [EMAIL PROTECTED] Subject: Can't Start Tomcat 4.0 I'm a Tomcat newbie and I need some advice on getting Tomcat 4 started. Can someone help with the info I've provided below??? TIA Andy I've installed on NT Workstation (sp5): Apache 1.3.23 Tomcat 4.0 JDK 1.3.1.02 Problem: 1. http://localhost:8080 returns page not found. 2. When I run the tomcat startup the messages flip by quick but I managed to see java.net.ConnectException: connection refused... Things I've tried: 1. Changed the port from 8080 to 8090 in the server.xml file and tried http://localhost:8090 - no change 2. Configure IE to have proxy bypass local addresses - no change 3. set enviro variable CATALINA_HOME to c:\jsp\jakarta-tomcat-4.0 4. set enviro variable JAVA_HOME to c:\jsp\jdk13102 -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED] -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tomcat Security Exposure
During development and deployment I discovered that many types of errors while reading the web.xml file would result in the app coming up (at least partly), but with no security. This seems like a serious security exposure in a production environment. I believe this is potentially a serious security exposure and suggest that tomcat should never allow access to the app if it has any problems reading the web.xml file or establishing any of the security environment. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: SecurityManager - pulling my hair out
Yes, strange. I ran into a couple of odd things when I turned java security on. One problem I saw once related to processing files in jars. If you are really desperate, unzip xerces.jar and servlet.jar into the neighboring classes dir (and remove the jars) and see if it helps. Make sure the .dtd file is there. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: SecurityManager - pulling my hair out
I also just remembered that Xerces seems to have problems sometimes resolving paths correctly. I found that it would 'assume' the wrong base file directory location for resolving DTDs. To see if this might be the case you can create a /javax/servlet/resources/web-app_2_3.dtd and put it in some likely places (root of drive, under your web app, etc.). This seems to match the error message a little better. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Security problem with 4.0.2
When I start tomact 4.0.2 with the -security option I get the errors below. If I move it to server\lib the tomcat startup problems go away, but the app startup gets SAX classNotFound errors. After the error info is the first part of the output with set CATALINA_OPTS=-Djava.security.debug=all D:\jakarta-tomcat-4.0.2\bincall ..\bin\catalina.bat run -security Using CATALINA_BASE: .. Using CATALINA_HOME: .. Using CATALINA_TMPDIR: ..\temp Using JAVA_HOME: D:\JDK1.3.1 Using Security Manager Starting service Tomcat-Standalone Apache Tomcat/4.0.2 logClassName=null Security Violation, attempt to use Restricted Class: org.apache.jasper.resources.messages java.security.AccessControlException: access denied (java.lang.RuntimePermission accessClassInPackag e.org.apache.jasper.resources) at java.security.AccessControlContext.checkPermission(AccessControlContext.java :272) at java.security.AccessController.checkPermission(AccessController.java:399) at java.lang.SecurityManager.checkPermission(SecurityManager.java:545) at java.lang.SecurityManager.checkPackageAccess(SecurityManager.java:1501) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader .java:1056) at org.apache.catalina.loader.StandardClassLoader.loadClass(StandardClassLoader .java:992) at java.util.ResourceBundle.loadBundle(ResourceBundle.java:910) at java.util.ResourceBundle.findBundle(ResourceBundle.java:791) at java.util.ResourceBundle.getBundleImpl(ResourceBundle.java:621) at java.util.ResourceBundle.getBundle(ResourceBundle.java:546) at org.apache.jasper.Constants.initResources(Constants.java:216) at org.apache.jasper.Constants.getString(Constants.java:235) at org.apache.jasper.parser.MyEntityResolver.resolveEntity(ParserUtils.java:413 ) at org.apache.xerces.readers.DefaultEntityHandler.startReadingFromExternalEntit y(DefaultEnti tyHandler.java:750) at org.apache.xerces.readers.DefaultEntityHandler.startReadingFromExternalSubse t(DefaultEnti tyHandler.java:566) at org.apache.xerces.framework.XMLDTDScanner.scanDoctypeDecl(XMLDTDScanner.java :1139) at org.apache.xerces.framework.XMLDocumentScanner.scanDoctypeDecl(XMLDocumentSc anner.java:21 45) at org.apache.xerces.framework.XMLDocumentScanner.access$0(XMLDocumentScanner.j ava:2100) at org.apache.xerces.framework.XMLDocumentScanner$PrologDispatcher.dispatch(XML DocumentScann er.java:831) at org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentScanner. java:381) at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1081) at org.apache.xerces.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:19 5) at javax.xml.parsers.DocumentBuilder.parse(DocumentBuilder.java:122) at org.apache.jasper.parser.ParserUtils.parseXMLDocument(ParserUtils.java:200) at org.apache.jasper.compiler.TldLocationsCache.processWebDotXml(TldLocationsCa che.java:165) at org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:1 38) at org.apache.jasper.EmbededServletOptions.init(EmbededServletOptions.java:34 5) at org.apache.jasper.servlet.JspServlet.init(JspServlet.java:266) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:91 6) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:808) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java: 3266) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3395) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:614) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) - jar: beginEntry META-INF/MANIFEST.MF jar: done with meta! jar: nothing to verify! policy: reading file:D:/jakarta-tomcat-4.0.2/conf/catalina.policy policy: Adding policy entry: policy: signedBy null policy: codeBase file:D:/JDK1.3.1/jre/lib/- policy: policy: (java.security.AllPermission all permissions all actions) policy: policy: Adding policy entry: policy: signedBy null policy: codeBase
Re: Problem with run Tomcat 4.0.3 as a service on win2k
There are other differences between 3.x and 4.x that require wrapper.properties changes. Failure to start the service is most often a wrapper.properties problem. You do not have to un/reinstall the service to make wrapper.properties changes. Just stop/start. Here are some of the key lines in mine: # Remove all the 3.3 entries and have only this for 4.x: wrapper.class_path=$(wrapper.tomcat_home)\bin\bootstrap.jar # # This is Tomcat's startup class (the class that contains Tomcat's # starting point. # wrapper.startup_class=org.apache.catalina.startup.Bootstrap # I set the xml parser in the invocation # -Xrs is only required if jdk is pre 1.3.1? wrapper.cmd_line=$(wrapper.javabin) -Xrs -Dorg.xml.sax.driver=org.apache.xerces.parsers.SAXParser -Dcatalina.home=$(wrapper.tomcat_home) -classpath $(wrapper.class_path) $(wrapper.startup_class) -config $(wrapper.server_xml) start Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: manually stopping one application
In Tomcat 4.x take a look at the manager application which is included. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Another directory question
How are you writing the file? Using the File class you can specify the desired directory. The file path to your app is getServletContext().getRealPath(/) If you have java security enabled, you need to give your app permission to write there. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: SecurityManager - pulling my hair out
Here are some of my aded catalina.policy statements: 1. // Allow read of SAX Parser name permission java.util.PropertyPermission org.xml.sax.driver, read; 2. Allow the Autoweb application to do whatever it wants: // The permissions granted to the AGCW application grant codeBase file:${catalina.home}/webapps/AGCW/- { permission java.security.AllPermission; }; But is seems like TldLocationsCache (is this in your app?) is having trouble getting to /javax/servlet/resources/web-app_2_3.dtd (in common\lib\servlet.jar). What is the dtd spec in your web.xml? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Redeployment Problem under Tomcat 4.0.2
I've run into some problems with 4.0.2. - I do NOT have persistent sessions enabled in server.xml I can initially deploy a web app by placing the .war file in webapps dir. However, if I try to redeploy I run into problems. To re-deploy I ususally stop Tomcat, delete the current app directory and existing .war file, put the new .war file in webapps and restart Tomcat. Is it necessary to delete my current app directory? I need to GUARANTEE that any existing contents are totally removed. Using the above procedure I run into these problems: When I start Tomcat the log has the following: 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Error initializing resources: Document base ..\webapps\Autoweb2 does not exist or is not a readable directory 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Context startup failed due to previous errors 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Exception during cleanup after start failed LifecycleException: Container StandardContext[/Autoweb2] has not been started at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1147) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3451) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3408) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:614) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) If I create an app directory (Autoweb2) I instead get the following: 2002-03-11 15:13:45 WebappLoader[/Autoweb2]: Reloading checks are enabled for this Context 2002-03-11 15:13:45 StandardManager[/Autoweb2]: Seeding random number generator class java.security.SecureRandom 2002-03-11 15:13:45 StandardManager[/Autoweb2]: Seeding of random number generator has been completed 2002-03-11 15:13:45 StandardManager[/Autoweb2] ClassNotFoundException while loading persisted sessions: java.lang.ClassNotFoundException: com.athensgroup.autoweb2.forms.ListForm java.lang.ClassNotFoundException: com.athensgroup.autoweb2.forms.ListForm at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1394) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1243) at org.apache.catalina.util.CustomObjectInputStream.resolveClass(CustomObjectIn putStream.java:119) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at org.apache.catalina.session.StandardSession.readObject(StandardSession.java: 1268) at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.j ava:810) at org.apache.catalina.session.StandardManager.load(StandardManager.java:411) at org.apache.catalina.session.StandardManager.start(StandardManager.java:617) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1104) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3345) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:614) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) Note that persistent sessions is NOT enabled in server.xml, but the above seems to indicate that some type
Redeployment Problems under Tomcat 4.0.2
I've run into some problems with 4.0.2. - I do NOT have persistent sessions enabled in server.xml I can initially deploy a web app by placing the .war file in webapps dir. However, if I try to redeploy I run into problems. To re-deploy I ususally stop Tomcat, delete the current app directory and existing .war file, put the new .war file in webapps and restart Tomcat. Is it necessary to delete my current app directory? I need to GUARANTEE that any existing contents are totally removed. Using the above procedure I run into these problems: When I start Tomcat the log has the following: 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Error initializing resources: Document base ..\webapps\Autoweb2 does not exist or is not a readable directory 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Context startup failed due to previous errors 2002-03-11 15:10:12 StandardContext[/Autoweb2]: Exception during cleanup after start failed LifecycleException: Container StandardContext[/Autoweb2] has not been started at org.apache.catalina.core.ContainerBase.stop(ContainerBase.java:1147) at org.apache.catalina.core.StandardContext.stop(StandardContext.java:3451) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3408) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:614) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) If I create an app directory (Autoweb2) I instead get the following: 2002-03-11 15:13:45 WebappLoader[/Autoweb2]: Reloading checks are enabled for this Context 2002-03-11 15:13:45 StandardManager[/Autoweb2]: Seeding random number generator class java.security.SecureRandom 2002-03-11 15:13:45 StandardManager[/Autoweb2]: Seeding of random number generator has been completed 2002-03-11 15:13:45 StandardManager[/Autoweb2] ClassNotFoundException while loading persisted sessions: java.lang.ClassNotFoundException: com.athensgroup.autoweb2.forms.ListForm java.lang.ClassNotFoundException: com.athensgroup.autoweb2.forms.ListForm at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1394) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav a:1243) at org.apache.catalina.util.CustomObjectInputStream.resolveClass(CustomObjectIn putStream.java:119) at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386) at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236) at org.apache.catalina.session.StandardSession.readObject(StandardSession.java: 1268) at org.apache.catalina.session.StandardSession.readObjectData(StandardSession.j ava:810) at org.apache.catalina.session.StandardManager.load(StandardManager.java:411) at org.apache.catalina.session.StandardManager.start(StandardManager.java:617) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1104) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3345) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardHost.start(StandardHost.java:614) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at java.lang.reflect.Method.invoke(Native Method) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) Note that persistent sessions is NOT enabled in server.xml, but the above seems to indicate that some type
RE: Sense of realm element in login-config
This is what I want to do: 1) I want to setup a database which includes multiple realms 2) user are linked to realms 3) I want to use protect a servlet with basic authentication, and I want to be able refer to the correct realm when performing the authentication (this means sending the correct realm/user to the database. And I don't want to do this by hacking the tomcat configuration files. I didn't see the original post, but just Craig's answer. I'm not sure exactly what you want, but I did something similar that required NO modification of the tomcat mechanisms. My goal was to allow users to log in with domain\userid to the same application (and use the domain to show them different data) and allow each domain to have its own set of users (e.g. same userid) and be managed independently. I did this with only a couple of minor modifications: My login.jsp collects domain, userid and password. It uses a simple JavaScript one-liner to concatenate domain\userid to create j_username (I use a '\', but you can use any separator char you want (don't use ':' since HTTP uses that as the userid:password separator.). If you want to use BASIC authentication to do this you just need to enter domain\userid as the userid. In the database I use the domain\userid as the 'userid' that I tell Tomcat about in the Realm statement (actually I use an Oracle view to concat the two fields, but that isn't important). This creates multiple user 'domains' very simply but does require the user to enter a domain name in addition to userid and password. Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Getting target URL in login JSP
In my login.jsp I need to know what URL the person used to cause the login. The only thing I've found is that the attribute tomcat.auth.originalLocation has this. This appears very specific to Tomcat. Is there any more general way to determine this information? Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions.