Tomcat 5.0.28; Struts 1.2.4 - - FileUploadException
Hi All - We are using the Struts fileupload. Periodically (on the order of 100 of 3000 uploads) we get the error below where the upload request fails with a Read timed out: SEVERE: Failed to parse multipart request org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed out at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase .java:429) at org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest(Co mmonsMultipartRequestHandler.java:195) Does anyone know where and how to reset the time out interval for the fileuploader in an effort to get around this issue? Or is there another fix? or there a known issue with the fileuploader? Thanks! -- William J. Sweeney| ChartOne, Inc. 617.648.4764 voice [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
clientAuth=true; non-SSL?
Hello folks - I am working with Tomcat 5.0.28; j2sdk 1_4_2_07 The question is this: Do I need an SSL connection in order to get Tomcat to force the presentation of a client side certificate? In other words, I only want to force authentication, not wrap the connection in SSL. Here is the connector config: Connector port=8080maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 scheme=http secure=true clientAuth=true acceptCount=100keystoreType=JKS keystoreFile=C:\j2sdk1.4.2_07\bin\client.keystore keystorePass=changeit debug=0 connectionTimeout=2 disableUploadTimeout=true / The result is that I am not able to access the page at port 8080, but I am not getting the normal certificate request either. Any help welcome and appreciated! - wjs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[QUAR]Re: clientAuth=true; non-SSL?
Thanks QM - Agreed. No way around SSL, as the client certificate request is dependent on the SSL handshake. For those in the list who have followed these links while building their own keystores and self signed certs and client certs for authentication: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html#SSL%20S upport http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#genkey Cmd http://mark.foster.cc/kb/openssl-keytool.html I needed to add to the Java Options: -Djavax.net.ssl.trustStore=[path to]\myClient.keystore -Djavax.net.ssl.trustStorePassword=mypassword Else the server was not finding the client.keystore and was throwing bad_certificate errors. Now works fine. Tested in IE6 and Firefox. - wjs -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:10 PM To: Tomcat Users List Subject: [QUAR]Re: clientAuth=true; non-SSL? On Wed, Mar 23, 2005 at 01:21:11PM -0800, Sweeney, Bill wrote: : The question is this: Do I need an SSL connection in order to get : Tomcat to force the presentation of a client side certificate? In other : words, I only want to force authentication, not wrap the connection in : SSL. If you want to force authentication using certs (which is what clientAuth is all about) then I don't see a way around SSL. The cert exchange takes place during the SSL handshake. If you want to just protect access to certain areas of the webapp, check the Tomcat docs for realms and skim the servlet spec for FORM authentication. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]RE: Address localhost:8080 already in use
try %catalina_home%\bin\catalina stop Has always worked for me. - wjs -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:52 PM To: Tomcat Users List Subject: [QUAR]RE: Address localhost:8080 already in use I killed the java processes that were bound to 8080 but there must be a better way. I'm sure I'm not the only one that accidentally tried to start tomcat 2 times. -Original Message- From: Folashade Adeyosoye [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 4:42 PM To: 'Tomcat Users List' Subject: RE: Address localhost:8080 already in use Reboot ! -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:30 PM To: Tomcat Users List Subject: Address localhost:8080 already in use Here is a big problem that I've run into so many times. I run start tomcat. And then by accident I start it again while it is running. After that I can't shut it down again. And if I try to run it it says the address is in use. Have someone found any solution to this problem? Any suggestions would be appreciated. /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]SSL tomcat support
Start with: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Then, this page details the procedure for you to set your systems up using keytool: http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml To use the keystore generated with keytool you will need to extract and convert the client key and cert to a PFX: http://mark.foster.cc/kb/openssl-keytool.html server should know his clients... To set Tomcat up to require client certificates set clientAuth=true in the server.xml definition for the SSL connector. - wjs -Original Message- From: Shahin Hadjikuliev [mailto:[EMAIL PROTECTED] Sent: Friday, March 11, 2005 8:45 AM To: tomcat-user@jakarta.apache.org Subject: [QUAR]SSL tomcat support Hi , list! I want to configure tomcat running on https, main purpose is that: server should know his clients (only specified clients can user server) I want to achieve it with certificates I have read some documentation on java.sun.com http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.ht m but it doesnt sufficient for me, can anybody tell me more info about this Thanx a lot - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]Re: Tomcat5 and Client Certificates
Thanks guys - Got the configs and logging worked out. Your help appreciated. Still stuck on getting the .pfx out of the client.keystore. Trying java forums on that front. If anyone interested in the solution let me know and I'll fill you in when I get it worked out. - wjs -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Saturday, March 05, 2005 3:27 PM To: tomcat-user@jakarta.apache.org Subject: [QUAR]Re: Tomcat5 and Client Certificates Jason Bainbridge [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill [EMAIL PROTECTED] wrote: Hello TC5 Users - I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? I think you are going to have to use openssl to convert the file after exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html has a little info on that but the reverse. I'm sure there are better resources but that was the first Google I saw. (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) There is a parameter (keyStoreFile?) that you can specify the location in the Connector properties it's detailled in one of those links you have. The one you want is: truststoreFile. (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat5 and Client Certificates
Hello TC5 Users - I am setting up Tomcat 5 in a production environment. The requirement is to lock down the site so that only users with trusted personal certificates may access the site. I believe I have everything configured in server.xml. Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=3 scheme=https secure=true clientAuth=true sslProtocol=TLS / I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Environment is J2sdk1.4.2_07; Tomcat 5.0.28 running as a service on Win2003 Server. FYI - for others working with Tomcat and SSL these links are an excellent resource: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html#SSL%20S upport http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#genkey Cmd Thanks in advance to everyone in the group ! - wjs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]