login events
Hi, I'm guessing there's no 'official' mechanism within the servlet spec to identify when a user has logged in. I've looked at the session lifecycle events but these relate to creating and destroying sessions http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpSessionListener.html which happen independently of login. Is there a prefered mechanism to detect when login occurs? I'd like to set up various state variables and log the user login when a user logs in. This is a solution I'm thinking of implementing. 1) Have a filter that detects the absence of a session variable. 2) If the variable is missing, call request.getUserPrincipal(); 3) If user principal returned then user has logged in, set up vars log login etc. 4) If no user returned. User has not yet logged in. I'd be interested to hear how others have solved this problem. I use my own implementation of a Realm class so I can detect login here but the Realm api has no access to the session or request so that doesn't really help. cheers Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
realm configuration
Hi, I have the following db structure for my user / role tables: User User-Role Role -- --- -- id -- user_id usernamerold_id --- id passwordrolename Is there a realm implementation that support this structure? AFAICT, the JDBC and DataSourceRealm classes require the following structure: User User-Role -- --- username -- username passwordrole_name cheers Nathan -- Nathan Coast Managing Director Codeczar Ltd mob : (852) 9049 5581 tel : (852) 2834 8733 fax : (852) 2834 8755 web : http://www.codeczar.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: realm configuration
thanks for your suggestions, I started to dig around in the code, and also looked at a jaas login module from jboss. the jboss solution is to have a login module that takes two parameters (queries) 1) to return credentials for a username 2) to return the rolenames for a username this is exactly what JDBCRealm and DataSourceRealm do except they construct the query Strings from parameters StringBuffer sb = new StringBuffer(SELECT ); sb.append(userCredCol); sb.append( FROM ); sb.append(userTable); sb.append( WHERE ); sb.append(userNameCol); sb.append( = ?); preparedCredentials = dbConnection.prepareStatement(sb.toString()); StringBuffer sb = new StringBuffer(SELECT ); sb.append(roleNameCol); sb.append( FROM ); sb.append(userRoleTable); sb.append( WHERE ); sb.append(userNameCol); sb.append( = ?); preparedRoles = dbConnection.prepareStatement(sb.toString()); Unfortunately the methods that construct these strings are private so I can't simply override them. I have hacked around with the code and produced my own security realm class that works. My solution takes the following config parameters: credentialsQuery=SELECT password FROM User WHERE emailAddress =? rolesQuery=SELECT name FROM Role r, User u, user_roles ur WHERE u.id = ur.user_id AND r.id = ur.role_id AND u.emailAddress = ? I think with a bit of refactoring the existing DB realm classes would support this enabling any db structure (without the need for a view). cheers Nathan Nathan Coast wrote: Hi, I have the following db structure for my user / role tables: User User-Role Role -- --- -- id -- user_id usernamerold_id --- id passwordrolename Is there a realm implementation that support this structure? AFAICT, the JDBC and DataSourceRealm classes require the following structure: User User-Role -- --- username -- username passwordrole_name cheers Nathan -- Nathan Coast Managing Director Codeczar Ltd mob : (852) 9049 5581 tel : (852) 2834 8733 fax : (852) 2834 8755 web : http://www.codeczar.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
context path confusions
Hi, When I declare this context in server.xml: Context path=/tomcat/codebar docBase=${catalina.home}\czwork\codebar debug=5 reloadable=true crossContext=false /Context the webapp deploys to /tomcat/codebar - great, this is what I want. However, when I specify the same context in its own context.xml file [catalina-home]/conf/Catalina/localhost/codebar.xml, the webapp deploys to /codebar which is the wrong context. Is this the correct way to deploy to a path like /foo/bar/whiz rather than just /foo? Also is there any way (on a windows machine) to specify the docBase on a different drive? If I specfiy: docBase=X:\codebar\target\codebar I get: java.lang.IllegalArgumentException: Document base X:\codebar\target\codebar does not exist or is not a readable directory The path is valid and readable on the machine tomcat is running on. thanks Nathan -- Nathan Coast Managing Director Codeczar Ltd mob : (852) 9049 5581 tel : (852) 2834 8733 fax : (852) 2834 8755 web : http://www.codeczar.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 4.1.27 log4j problem
if you use log4j on a tomcat-wide basis (ie 1 configuration for the tomcat runtime and all your webapps), place your log4j.xml in [tomcat-home]/shared/classes/ if you use log4j on a per-webapp basis, make sure the log4j classes aren't on the tomcat classpath and configure commons-logging to use jdk logging (assuming you are using jdk 1.4). Zsolt Koppany wrote: Hi, my application uses log4j and with tomcat 4.1.27 (but not with 4.1.24) I get the following error message: log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester). log4j:WARN Please initialize the log4j system properly. How can I fix this problem? Zsolt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
UTF-8 problems
Hi, I have an text fields in a form that will contain UTF-8 characters e.g. ''. I can retrieve utf-8 chars from the db and display them correctly in jsps via tomcat. The only problem comes with submiting forms to tomcat. request.getParameter() returns the incorrect value for the char e.g. '' instead of ''. AFAIK the default encoding of java is UTF-8 so I'm not to sure where to look. Anyone have any suggestions as to what I have to do? thanks Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Announce Log4J Web Interface
Hi, The first release of LogWeb is now available. A fully functional web interface for the runtime configuration of log4j within servlet containers and j2ee application servers. LogWeb is freely available at http://www.codeczar.com/projects/logweb/ All configurable behaviour of Log4J is available through the the LogWeb interface. Loggers, Appenders, ErrorHandlers, Filters, Layouts, Renderers. Also upload / download of configuration files. For a full description of the features see: http://www.codeczar.com/projects/logweb/features.html If there are any problems, comments or missing features, please email me at this address. Cheers Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
packaging jsps in jar files
Hi, is it possible to package jsp files within a jar file so that the jsps will be available if the jar is placed within the WEB-INF dir of some web application. I have developed a utility for web-apps that has both jsp and servlet components. I am lazy and so would like to be able to make this utility available within other web apps simply be placing a jar file within the WEB-INF dir. The alternative is to place the various components of the utility in the appropriate places within the webapp. thanks Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
precompiling jsps
Hi, How do you precompile jsps for tomcat? Is it possible to package compiled jsps in a jar file to be included in the WEB-INF dir of another war file? If this is documented somewhere, I'd appreciate a shove in the right direction. thanks Nathan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
error starting webapp
Hi, I have succesfully deployed a webapp within tomcat using the catalina.ant.DeployTask. However, the webapp isn't and can't be started. from manager/list: /cbserver:stopped:0:D:\java\jwsdp-1.0\work\Standard Engine\localhost\manager\cbserver.war When I run the manager/start command from the ant task, I recieve this message: FAIL - Application at context path /cbserver could not be started I've tried increasing debug levels and I've checked the log files for reasons why the webapp wont start but can't find any error messages. Where should I look for error messages? what do I need to configure to recieve error logging for errant webapps? thanks Nathan -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: error starting webapp
answered myself :) added this tag to webapp context within server.xml Logger className=org.apache.catalina.logger.FileLogger debug=4 verbosity=4 prefix=localhost_cbserver_log. directory=logs timestamp=true suffix=.txt/ Nathan Coast wrote: Hi, I have succesfully deployed a webapp within tomcat using the catalina.ant.DeployTask. However, the webapp isn't and can't be started. from manager/list: /cbserver:stopped:0:D:\java\jwsdp-1.0\work\Standard Engine\localhost\manager\cbserver.war When I run the manager/start command from the ant task, I recieve this message: FAIL - Application at context path /cbserver could not be started I've tried increasing debug levels and I've checked the log files for reasons why the webapp wont start but can't find any error messages. Where should I look for error messages? what do I need to configure to recieve error logging for errant webapps? thanks Nathan -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: tomcat deployment
Thanks, It seems you are looking for a difficult way. I think the easiest way would be having some ant targets that put your war files in TOMCAT_HOME/webapps. Don't forget to have unpackWARs to be true in the Host element (in server.xml). does this work for updates to the war file? If I update the war file 10 times, will re-copying the file to the webapps directory re-deploy the webapp? Nathan -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
tomcat deployment
hi, I'm looking for the correct way to deploy / redeploy webapps into the tomcat web container from ant. I've followed a few threads in tomcat and ant user lists but am just getting confused. http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg51926.html http://www.mail-archive.com/ant-user%40jakarta.apache.org/msg13402.html I'm keen not to do work that is going to be obsolete in the near future so I'd be greatful if someone could point me in the right direction. as far as I can see there are a number of options: 1) write a task that communicates with the manager app via http get commands. 2) write a task that communicates with catalina api calls. 3) copy someone elses work - always my preferred option :) thanks Nathan -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
tomcat 4.1 source
hi, can someone let me know where to find the tomcat 4.1 sources? trying to find the ant deploy task code. thanks Nathan -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
manager app comands
Hi, I'm trying to determine what tasks / methods I should be calling on the manager app, to deploy etc. What is the difference between install and deploy? (also remove and undeploy). what sequence of commands to I need to call to a) install a webapp from a war b) replace an existing webapp with an updated war? The reload command doesn't seem to take a parameter for the new war file so is presumably used to reload the original war within tomcat. Thanks Nathan -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: starting tomcat in debug VM
doh! I should try reading the docs -Xnoagent did the trick Nathan Coast wrote: Hi, I'm trying to start tomcat in debug mode using these options: TOMCAT_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n as I understand it, the address to which the debuger should connect should be displayed on stdout. However, all that is being displayed is the agent password. Any ideas what (if any) other parameters need to be passed to java in order to obtain the port that the vm is waiting for? I've tried specifying the port using address=localhost:1234 but this makes no difference. Thanks in advance Nathan
starting tomcat in debug VM
Hi, I'm trying to start tomcat in debug mode using these options: TOMCAT_OPTS=-Xdebug -Xrunjdwp:transport=dt_socket,server=y,suspend=n as I understand it, the address to which the debuger should connect should be displayed on stdout. However, all that is being displayed is the agent password. Any ideas what (if any) other parameters need to be passed to java in order to obtain the port that the vm is waiting for? I've tried specifying the port using address=localhost:1234 but this makes no difference. Thanks in advance Nathan
j_security_check
Hi, I have a login page which is configured in web.xml as the form based login page for a web app: /pages/login/login.jsp If the login page is arrived at by browsing to some content restriced by a security constraint in web.xml, then submitting to j_security_check works fine. If the user browses to the login page directly, this 404 occurs: Not Found (404) Original request: /giftstore/pages/login/null Not found request: /giftstore/pages/login/null Is this correct? Is there some way of making the j_security_check work irrespective of how the user arrived at the login page? I'm using 3.2.1, is this behaviour the same in later Tomcats 3.X, 4.0? Thanks Nathan
web-app context / relative urls
Hi, Does anyone know of a way to get the context of a web app prior to compilation of any jsps? I've got a number of jsp's which all contain urls to static content (images etc), the jsps themselves are often accessed from a number of different urls: /jsp/myPage.jsp /someUrl/actionservlet/someAction.do this obviously rules out using relative urls to the static content. An alternative would be to use urls based on the root, but this is a problem as I want to deploy the web app to different contexts: /test/ /dev/ / etc. An option would be to have a method which looks up the context and prefixes all urls within the jsps with the appropriate context. This would be inefficient if every jsp contains many pieces of content. What I'd like to do is to use a public static final String which prefixes the urls. This value would then be compiled into the jsp source just like any string literal - much more efficient. To do this I need to have a way of guaranteeing that the variable is loaded with the context prior to any jsp compilation. Any ideas? Is there a better way? Cheers Nathan
context name
Hi, Is there any way to get the web-app context (as it appears in the url) during servlet.init(ServletConfig config){} ? e.g. myserver/mycontext/index.html context = mycontext myserver/index.html context = Thanks Nathan
Roles Tomcat
Sorry if this is a repost, I'm having trouble with mail Hi, I'm observing some unexpected behaviour in Tomcat (3.2.1) in conjuction with roles. This is the situation: (web.xml is at the bottom) two roles: Customer Gold Customer a user: Joe Bloggs Joe is a Customer but not a Gold Customer This is what I observe: 1) new browser (not logged in) browse to /control/CustomerSecurePage 2) browser is redirected to /login.jsp 3) Joe logs in and is redirected to /control/CustomerSecurePage 4) browse to /control/GoldSecurePage 5) browser redirected to /control/loginerror 6) Joe is now logged out, any subsequent attempts to browse to a page secured by the customer role results in a redirection to the login page. Is this correct behaviour? I would have expected an attempt to access to the gold url to have denied access but not to have logged the user out! Any thoughts? Thanks in advance, Nathan this is the relevant section of web.xml: security-constraint web-resource-collection web-resource-nameMySecureBit0/web-resource-name descriptionno description/description url-pattern/control/GoldSecurePage/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionno description/description role-namegold/role-name /auth-constraint /security-constraint security-constraint web-resource-collection web-resource-nameMySecureBit1/web-resource-name descriptionno description/description url-pattern/control/CustomerSecurePage/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint descriptionno description/description role-namecustomer/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameTheGiftStore/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/control/loginerror/form-error-page /form-login-config /login-config security-role descriptionthe customer role/description role-namecustomer/role-name /security-role security-role descriptionthe gold customer role/description role-namegold/role-name /security-role
Multiple JDBCRealms
(sorry if this is a repost, mail is playing up) Hi, I've got two contexts within my tomcat install. I want the login for each context to go to different databases / tables for authentication. Is it possible to configure different contexts to send authentication requests to different places? Is this done by having multiple ContextManager elements defined in server.xml? Cheers Nathan
server.xml / dtd
Hi, where can I find the dtd of server.xml? - is there such a thing? Is the dtd the best place to find docs on server.xml or is there a complete configuration doc elsewhere? Thanks Nathan
Re: server.xml / dtd
thanks, I've found web.dtd but this seems to be the servlet spec dtd for web app deployment descriptors (web.xml files) and not the server config dtd (server.xml). Nathan Hari Yellina wrote: it can be found in cofig directory of u r tomcat - Original Message - From: Nathan Coast [EMAIL PROTECTED] To: tomcat user [EMAIL PROTECTED] Sent: Friday, May 04, 2001 9:39 PM Subject: server.xml / dtd Hi, where can I find the dtd of server.xml? - is there such a thing? Is the dtd the best place to find docs on server.xml or is there a complete configuration doc elsewhere? Thanks Nathan
Re: server.xml / dtd
Hi, I'm just interested in what should / shouldn't be in the server.xml - I'm looking for a complete doc of what can be configured using server.xml - does such a thing exist? Cheers Nathan Hari Yellina wrote: why do you require DTD. To check whether it is a validate documet. it is ,u dont have to worry much. One more thing it. If it is a XML file. You dont neccesarily require a DTD. Regard, Yellina - Original Message - From: Gerteis, Roman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, May 04, 2001 11:10 PM Subject: AW: server.xml / dtd Nope, in the /conf folder, this is the web.dtd for validating web.xml configuration files. TomCat is not coming with a server.dtd, at least slocate was not finding anything ;) I'm searching for the server.dtd as well. It's not specified in the Java Servlet Standard. So it must be something Tomcat specific. regards... ...roman. -Ursprüngliche Nachricht- Von: Hari Yellina [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 4. Mai 2001 14:43 An: [EMAIL PROTECTED] Betreff: Re: server.xml / dtd it can be found in cofig directory of u r tomcat - Original Message - From: Nathan Coast [EMAIL PROTECTED] To: tomcat user [EMAIL PROTECTED] Sent: Friday, May 04, 2001 9:39 PM Subject: server.xml / dtd Hi, where can I find the dtd of server.xml? - is there such a thing? Is the dtd the best place to find docs on server.xml or is there a complete configuration doc elsewhere? Thanks Nathan
JDBC Realm Roles
Hi, Is the user-role information obtained via a JDBCRealm stored against a session? If not, each attempt to access a secured resource must result in a hit on the database - surely this would be bad for performance. The downside of storing the role info is that if a users role changes during a session, they will not obtain their updated role information until they next login. Can anyone shed any light on this? Thanks in advance Nathan
Multiple JDBC Realms
Hi, I've got two contexts within my tomcat install. I want the login for each context to go to different databases / tables for authentication. Is it possible to configure different contexts to send authentication requests to different places? Is this done by having multiple ContextManager elements defined in server.xml? Cheers Nathan