Re: how do i restrict servlet access? / blocking URLs
you can use a Remote Host or Address Filter for webapp B that only allows localhost or whatever server webapp A runs on: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html something like this: -Lou --- Jason Novotny <[EMAIL PROTECTED]> wrote: > > Hi Jim, > >Thanks-- I just looked at using a filter as a > solution, but there > seems to be a problem. I want the servlet in webapp > A to be able to > dispatch to B but not a user. The problem is the > filter will block all > requests including the dispatch from A. I need a way > to somehow ensure > that A can invoke servlet B in web app B but not a > user navigating > directly... any ideas are greatly appreciated. > Actually one question would be how to create a > filter that allows > incoming requests from that same machine but not > IP's outside of it I guess? > >Thanks, Jason > > > Jim Henderson wrote: > > >Take a look at yesterdays (6/23 5:02 PM) posting > "Blocking urls". That > >should help. > > > >-Original Message- > >From: Jason Novotny [mailto:[EMAIL PROTECTED] > >Sent: Thursday, June 23, 2005 10:13 PM > >To: tomcat-user@jakarta.apache.org > >Subject: how do i restrict servlet access? > > > > > > > >Hi, > > > >I have a webapp A that uses cross-context to > dispatch requests to > >webapp B. However, I want users to have to go thru > webapp A and the > >mapping I set in web.xml. How do I restrict access > so only webapp A can > >invoke B's servlet but B should be inaccessible to > users navigation. Is > >there something I can set in the web.xml of B or > would I need to modify > >server.xml as a site wide configuration? > > > >Thanks, Jason > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: context battle?
From http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html: In addition to nesting Context elements inside a Host element, you can also store them in individual files (with a ".xml" extension) in the $CATALINA_HOME/conf/[enginename]/[hostname]/ directory. See Automatic Application Deployment for more information. This method allows dynamic reconfiguration of the web application, since the main conf/server.xml file cannot be reloaded without restarting Tomcat. Please note that for tomcat 5.x, unlike tomcat 4.x, it is NOT recommended to place elements directly in the server.xml file. Instead, put them in the META-INF/context.xml directory of your WAR file or the conf directory as described above. I *think* if you use the META-INF/context.xml method it will overwrite the $CATALINA_HOME/conf/[enginename]/[hostname]/*.xml file on deployment. Someone please correct me if I'm wrong. - Lou --- Aaron Hackney <[EMAIL PROTECTED]> wrote: > Thanks for the response Patrick. I'm probably going > about this all wrong. > > Simply put, I'm just trying to make a datasource > available to my > application. Sounds sinple enough. I have found a > lot of conflicting > information out there on the implementation. > > I develop with JBuilder (good, bad or indifferent!) > But anyhowwhere > does one properly make a datasource for a tomcat > application available? > I'm using Tomcat 5.0 (I could use 5.5 if I had to). > > Thanks in advance. I'm a bit blind and stubling > around here and really > tried to research it on my own this weekend but to > no avail. > > -Aaron > > Patrick Thomas wrote: > > >>and if a context with the same name is defined in > a webapp WEB-INF/xml > >>file which would "win" such a fight? I have a > feeling my context defined > >>in /localhost is being overwritten by the app. > (I'm fighting with > >>JBuilder 2005 trying to get some JNDI naming stuff > to work for my > >>datasources) > >> > >>Ideas? Or am I way off? > >> > >> > > > >I'm gonna go with "possibly way off" because you > shouldn't be putting > >the context name into web.xml (context.xml is okay, > though not > >required, but web.xml no... in fact, I don't think > it'll even > >acknowledge it there). Did you mean to say > "META-INF/context.xml"? If > >so, then we've got a meatier discussion; let us > know. > > > >Cheers, > >Patrick > > > >On 5/31/05, Aaron Hackney <[EMAIL PROTECTED]> > wrote: > > > > > >>Hello. I'm hoping someone can help me with a > context question. > >> > >>If I define a context in an xml file in > /tomcathome/conf/catalina/localhost > >> > >>and if a context with the same name is defined in > a webapp WEB-INF/xml > >>file which would "win" such a fight? I have a > feeling my context defined > >>in /localhost is being overwritten by the app. > (I'm fighting with > >>JBuilder 2005 trying to get some JNDI naming stuff > to work for my > >>datasources) > >> > >>Ideas? Or am I way off? > >> > >>Thanks in advance. > >>-Aaron > >> > >>-- > >> > >>Aaron Hackney > >>MCP, MCSA, MCSE 2003/NT4, MCT, > >>Net+, A+, CCNA, CCDA, CCAI > >>[EMAIL PROTECTED] > >>http://www.aaronhackney.com > >>309-472-7033 > >> > >> > >> > >>- > >>To unsubscribe, e-mail: > [EMAIL PROTECTED] > >>For additional commands, e-mail: > [EMAIL PROTECTED] > >> > >> > >> > >> > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > -- > > Aaron Hackney > MCP, MCSA, MCSE 2003/NT4, MCT, > Net+, A+, CCNA, CCDA, CCAI > [EMAIL PROTECTED] > http://www.aaronhackney.com > 309-472-7033 > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
truncated responses tomcat 5/apache2/mod_jk
Hi, I'm running tomcat 5.0.28 with mod_jk 1.2.10 and apache 2.0.46 with the worker MPM. This is a new setup, and for the most part everything works fine, but I've had a couple reports of truncated pages being returned to customers. After turning on debug logging for jk, I see the below sequence often in the logs, but from what I've read elsewhere it's most likely just a browser being closed or a new request being sent from the browser before the previous one completes. Can anyone who's seen this before verify whether this could be indicative of a real problem? My workers.properties and AJP connector from server.xml are below as well. Thanks, Lou >From mod_jk.log: [Wed May 11 12:30:37 2005] [2244:39856] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1024): received from ajp13 pos=0 len=8188 max=8192 [Wed May 11 12:30:37 2005] [2244:39856] [debug] ws_write::mod_jk.c (380): writing 4096 (4096) out of 8184 [Wed May 11 12:30:37 2005] [2244:39856] [debug] ws_write::mod_jk.c (380): writing 4088 (4088) out of 4088 [Wed May 11 12:30:37 2005] [2244:39856] [debug] ajp_connection_tcp_get_message::jk_ajp_common.c (1024): received from ajp13 pos=0 len=12 max=8192 [Wed May 11 12:30:37 2005] [2244:39856] [debug] ws_write::mod_jk.c (380): writing 8 (-1) out of 8 [Wed May 11 12:30:37 2005] [2244:39856] [info] ajp_process_callback::jk_ajp_common.c (1363): Connection aborted or network problems [Wed May 11 12:30:37 2005] [2244:39856] [info] ajp_service::jk_ajp_common.c (1706): Receiving from tomcat failed, because of client error without recovery in send loop 0 [Wed May 11 12:30:37 2005] [2244:39856] [debug] ajp_done::jk_ajp_common.c (2046): recycling connection cache slot=4 for worker local [Wed May 11 12:30:37 2005] [2244:39856] [info] jk_handler::mod_jk.c (1968): Aborting connection for worker=local workers.properties: worker.list=local worker.local.type=ajp13 worker.local.host=localhost worker.local.port=8009 # Number of connections made to the AJP backend that are maintained as a connection pool. It does not limit the number of those connection. # Should reflect the number of threads per child process in Apache2 conf. worker.local.cachesize=50 # Used with cachesize to specify how long JK should keep an open socket in cache before closing it. # recycle_timeout similar to cache_timeout but works for uncached connections also worker.local.cache_timeout=300 worker.local.recycle_timeout=300 # Socket timeout in seconds used for communication channel between JK and remote host. worker.local.socket_timeout=300 server.xml AJP connector: - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]