Re: tomcat 4 (final) quits without notice
Are there errors in the logs? Jon - Original Message - From: pero [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 1:54 PM Subject: tomcat 4 (final) quits without notice Hi there, After months of developing with tomcat 4 (yes, I was there from the very first beta :-) I always considered tomcat to run in the production environment, too. While it is working fine on my staging-server (Suse Linux 7.2, Sun's 1.3.1 JDK) it stops after a random amount of time on my production server, which is also Suse Linux 7.2. According to the last discussions on the mailinglists I started using different VMs (Sun's 1.3.0, 1.3.1 and 1.4.0 Beta 2) but the result was the same. Now I'm on my last try with IBM's 1.3-9.0 (which I did not intend to use...) If that doesn't work either - I got a very serious problem, because the project I am working on is going to go final very soon. In another project (my band's homepage) I use tomcat 3.1 since january and all works fine... It works under Suse 6.2 and Sun's 1.3.0. Are there others facing the die-problem? pero
Re: Has anyone configured tomcat 4.0 with IIS???
Have a look at $CATALINA_HOME/conf/server.xml. That's where all the settings are such as what ports it listens on. Jon - Original Message - From: Tia Haenni [EMAIL PROTECTED] To: Tomcat Mailing List [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:34 PM Subject: Has anyone configured tomcat 4.0 with IIS??? I have installed the .exe version of tomcat 4.0. It went well, other than IIS and tomcat don't seem to be communicating. Tomcat is not listening on port 8007 as in older versions. I can only access tomcat by including port 8080 in the url, such as http://locvalhost:8080/examples Please PLEASE help if you can. Thanks!!
Re: New xml parser on startup in Tomcat ?
The reason it's slow is because it's creating a SecureRandom object (used for creating session IDs and for SSL) and that is true for all platforms. There's a way to speed it up, but, it is supposed to decrease security. Jon - Original Message - From: Anthony Green [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 3:38 AM Subject: Re: New xml parser on startup in Tomcat ? Franck wrote: It works perfectly, although Tomcat is veery long to start (almost as long as netbeans !) The point is that there is no JIT implementation for Linux PPC :-( But still, it's long, even after I commented out the Tomcat-Apache in server.xml... Any idea on how to make it start quicker ? Yes, help me test and debug Tomcat built with gcj on LinuxPPC. Tomcat is precompiled to native code (like C/C++). Servlets are compiled to shared libraries. When I finish hacking GnuJavaCompiler for jasper, JSP pages will also be compiled to shared libraries and loaded. Gcj is known to work well on PowerPC Linux systems. Tomcat starts in just a couple of seconds on my x86 box. I would expect the same on PowerPC Linux. You'll need the very latest GCC development sources which includes important fixes for gcj and libgcj (the runtime library). See http://sources.redhat.com/rhug AG
Re: Tomcat 4.0 Session Timeout
I haven't tested this using the configuration files or not, so, I can't verify whether that's a problem or not, but, failing that, you can use HttpSession.setMaxInactiveInterval() from within your Web application. Actually, I should probably test this myself to make sure that it's still working OK. Jon - Original Message - From: Jim Urban [EMAIL PROTECTED] To: Tomcat-User [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 7:15 AM Subject: FW: Tomcat 4.0 Session Timeout OK, I've spent the 30 minutes browsing the Tomcat 4.0 documentation and I can't find it. How do I set the session time out for a context in Tomcat 4.0. The session time out is defaulting to 18000 seconds (5 hours?). I have tried adding the following to both my context's WEB-INF/web.xml file and the $CATALINA_HOME/conf/web.xml file but both are ignored. session-config session-timeout300/session-timeout /session-config How do I go about setting the time out to 5 minutes? Thanks, Jim Urban Product Manager Netsteps Inc. Suite 505E 1 Pierce Pl. Itasca, IL 60143 Voice: (630) 250-3045 x2164 Fax: (630) 250-3046 PS: Love Tomcat 4.0, it seems really solid!
Re: Tomcat Spontaneously Restarting System
I concur, sounds like a hardware or other problem. Jon - Original Message - From: Matt Hudson [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 6:56 AM Subject: Re: Tomcat Spontaneously Restarting System I've had flaky hardware before, so I know how frustrating that can be. Also, I'm running around 4 instances of Tomcat on various machines that behave just fine. The JVM process runs as Administrator or 'nobody' depending on which OS, and I've never seen it misbehave like that. Given spontaneous restarts, I'd run a comprehensive memory tester, and the one built into BIOS doesn't count. Failing that, you may need to visit your local hardware guru(tm). -matt On Wed, Sep 19, 2001 at 09:36:58PM +0100, C. Schlegelmilch wrote: Thanks Chris, I thought the class was doing something odd, but it has happened to me from time-to-time without warning. I must admit to not having seen stuff like this before, although this is the first time using win2k. I'm pretty sure the problem lies in a conflict with some software on the lab machines. It could be anything... Craig --- Curtis Dougherty [EMAIL PROTECTED] wrote: I suspect your class... They may be trying to trick you into lower the protection around the class computers in an attempt to gain unauthorized access. I have never seen TOMCAT spontansouly do anything that couldn't be tracked back to humna error. my-2-cents cd -Original Message- From: C. Schlegelmilch [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 2:23 PM To: [EMAIL PROTECTED] Subject: Tomcat Spontaneously Restarting System Hello all, I'm teaching a web development class and have the class develop their apps with Tomcat v3.2.3 Stand-alone on win2k and have been having problems with it restarting the odd system with the first request to localhost:8080 after startup (I've had the same problem with 4.0b7 as well). There have been no problems with running on win98. I've shutdown all personal firewall software as well as any anti-virus software running in the background. This seems to reduce the frequency of these spontaneous restarts but it still seems to happen on the odd machine. Has anybody else had this problem? I'm hoping there is an obvious solution that I've been too oblivious to see. Thanks, Craig Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie Do You Yahoo!? Get your free @yahoo.co.uk address at http://mail.yahoo.co.uk or your free @yahoo.ie address at http://mail.yahoo.ie -- A weird imagination is most useful to gain full advantage of all the features. matt hudson [EMAIL PROTECTED]http://www.spaceship.com/~matt
Fw: Tomcat security questions
For some reason this didn't seem to go through the first time... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 10:11 PM Subject: Tomcat security questions I'm wondering if anyone has any suggestions on how to best setup Tomcat for maximum security? Currently, I'm running Tomcat in a chrooted environment. I see that there is also a way to run Tomcat as a non-root user. I'm wondering what the best configuration is. It seems like running it chrooted is probably the best way to go. Also, I'm wondering how much of an issue buffer overflows are for Tomcat considering it's written in Java which as far as I know makes them close to impossible. You would have to basically find an over flow in the JVM, right? Any other suggestions on how Tomcat should be configured for security? i.e. removing sample applications, etc. Jon
Re: Authentication issue
Yes, you can do that. I don't recall the specific commands that you need to put in httpd.conf off hand though. Actually, the way that I did it, it wasn't protecting directories, it was protecting the URL pattern. Jon - Original Message - From: Jaime Garcia [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 20, 2001 3:14 AM Subject: Authentication issue Hi this is Jaime I,m using Apache 1.3 and Tomcat 3.2. I would like to know if there are any way to try the authentication scheme that Apache has to grant or denied directories on Tomcat. If it is possible how i could do??? Thanks
Re: Tomcat 4.0
That you're on your own on, haven't tried that. ;-) Jon - Original Message - From: Ricardo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 1:10 AM Subject: Re: Tomcat 4.0 And how must be configured the CA public key certificate in tomcat to perform client authentication ?? Thanks, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 9:37 PM Subject: Re: Tomcat 4.0 I haven't tried it with a Verisign cert yet, but, I've been able to import certs signed by my test CA no problem. Have a look at the tools documentation that comes with the JDK for the keytool command. After you have the tomcat key in there, you do a -certreq, give that certificate request to Verisign, get back the signed certificate, then do a -import and that's it. Jon - Original Message - From: Nick Torenvliet [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 17, 2001 3:21 PM Subject: Tomcat 4.0 Thanks to the Tomcat docs I've managed to get sssl working on my tomcat4.0 w/ Java sdk1.4 installation. I've been going through the mailing list archives looking to see if anyone has had any success using a verisign certificate with Tomcat. I've seen lots of questions about it but not too many responses. Has anyone been able to get a stand alone Tomcat working with a verisign certificate yet? Nick
Re: Using JNI from a servlet (solution)
There's another problem to look out for as well with regard to servlet reloading and where you place your .jar files that use JNI. See the latest release notes regarding that. Jon - Original Message - From: Les Parkin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 4:22 AM Subject: Using JNI from a servlet (solution) Hi, There has been quite a bit of discussion on this mailing list (and others) concerning the use of JNI from within a servlet. If you are experiencing the UnsatisfiedLinkError when trying to run your servlet, check the following (I'm assuimg a Unix environment here, but the same general principles should apply to Windows. I'm also assuming that you're deploying everything directly under Tomcat's directory and not using a Context entry for your app): 1. Ensure your .class and .jar files are deployed in the correct place within your Tomcat directory: All .class files go in $TOMCAT_HOME/webapps/myapplication/WEB-INF/classes All .jar files go in $TOMCAT_HOME/webapps/myapplication/WEB-INF/lib 2. Set your LD_LIBRARY_PATH environment variable so that it points to the directory containing the .so file (the native code)/ The .so file can be anywhere, the main point is that it is in your LD_LIBRARY_PATH I had a great deal of difficulty trying to get things working until I copied the files into the correct place as described in step 1 above. I originally had my .jar file (that calls the native code) in a different location and then set my CLASSPATH variable to point to it but this didn't work.
Re: Question on conf
I noticed the following in the default server.xml. !-- Tomcat Root Context -- !-- Context path= docBase=ROOT debug=0/ -- Maybe you need to set a blank context path for that? i.e. not /? Jon - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 10:30 AM Subject: RE: Question on conf nothing, it still address to index in ROOT :- other ideas ? Bye, Ste
Re: Getting a Verisign certificate
Also, checkout the documentation on the keytool command in the Tools section in Sun's JDK documentation. Jon - Original Message - From: pero [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 1:16 PM Subject: RE: Getting a Verisign certificate first generate a local certificate (see http://jakarta.apache.org/tomcat/tomcat-4.0-doc/ssl-howto.html). after you have this, generate a CSR using: keytool -certreq -alias tomcat -file whateveryouthink the generate file (whateveryouthink) contains the csr. -Original Message- From: Alex Colic [mailto:[EMAIL PROTECTED]] Sent: Wednesday, September 19, 2001 7:57 PM To: Tomcat-User Subject: Re: Getting a Verisign certificate I am trying to get a certificate from Verisign. I am trying to get a demo certificate and it is asking me for a (CSR) Certificate Signing Request. Alex
Re: Logout with basic autorization
The only way to logout with basic authentication is to close the Web browser. Otherwise, you may want to do form-based authentication. Jon - Original Message - From: Oleksandr Fedorenko [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 8:43 AM Subject: Re: Logout with basic autorization P.Miller wrote: Hi Oleksandr, you can 'logout' with session.invalidate(). You have to login again afterwards. I do it exactly. But Browser already contains information for authentication, and when I want to access protected page ( I want to get auth prompt ) , it pass it by. Hth Peter Oleksandr Fedorenko wrote: Hi. How to do really logout using basic authorization ? I mean to get authorization prompt again by using tomcat engine ? , i.e. tomcat should care about it . To send smth. in response ? If yes, so what to send ? Thanks. Alex.
Tomcat security questions
I'm wondering if anyone has any suggestions on how to best setup Tomcat for maximum security? Currently, I'm running Tomcat in a chrooted environment. I see that there is also a way to run Tomcat as a non-root user. I'm wondering what the best configuration is. It seems like running it chrooted is probably the best way to go. Also, I'm wondering how much of an issue buffer overflows are for Tomcat considering it's written in Java which as far as I know makes them close to impossible. You would have to basically find an over flow in the JVM, right? Any other suggestions on how Tomcat should be configured for security? i.e. removing sample applications, etc. Jon
Re: Tomcat port configuration
It's been awhile since I've looked at Tomcat 3.x, but, if it's like 4.0, it's just a setting in conf/server.xml. Do a search in that file for 8443. Basically, just changes all the values of 8443 in that file to 443. Jon - Original Message - From: Peter L. Markowsky [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Paul Downs [EMAIL PROTECTED] Sent: Wednesday, September 19, 2001 11:37 AM Subject: Tomcat port configuration I've run into a small problem using tomcat-3.2.3 in that the secure port 8443 that it uses for https is blocked by a firewall and is not allowed. However the port 443 is allowed, that I'm told apache uses. So the question is how do I switch which port tomcat listens on for https? and can I? I'm running win2k server edition and downloaded a binary version of tomcat-3.2.3 thanks for the help in advance. -Pete
Link to JSR-000053 JavaTM Servlet 2.3 and JavaServer PagesTM 1.2 Specifications broken?
This isn't really Tomcat specific, but, I'm guessing that some of the Tomcat developers might be able to fix it if it's broken. I tried downloading the final Servlet spec at the following link which I found off of java.sun.com. http://www.jcp.org/aboutJava/communityprocess/final/jsr053/ But, when I click on the PDF link, it goes to the following link which seems to be broken? http://webwork.eng/Download5 Jon
Re: JNDI Realms and Win2000 Active Directory
I'm pretty sure that it currently doesn't work, but, likely will in the hopefully near future. There are two different modes of authentication. One queries for the user password and then compares it (on the Tomcat side of things). This is the mode that is currently supported. The other mode attempts to bind as the user to authenticate. This mode, to my knowledge isn't yet supported. It's in the specs though, and I know that they're planning on implementing it. In Active Directory, the password field isn't queryable and that's why it won't work. Unless, you store the passwords redundantly in another attribute. Jon - Original Message - From: Lawson, Rick [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 8:34 AM Subject: JNDI Realms and Win2000 Active Directory Has anybody successfully used Active Directory as a source for JNDI Realms in Tomcat 4.0? If so, I can dump ASP at last... Rick Lawson Infrastructure Specialist Napp Pharmaceutical Holdings ___ CONFIDENTIALITY NOTICE The information contained in this e-mail is intended only for the individual or entity to whom it is addressed. It may contain confidential and privileged information and if you are not an intended recipient, you must not copy, distribute or take any action in reliance on it. If you have received this e-mail in error, please notify the sender and destroy and delete the message from your computer. _ This message has been checked for all known viruses by UUNET delivered through the MessageLabs Virus Control Centre. For further information visit http://www.uk.uu.net/products/security/virus/
Re: TC 4.0 Final breaks my ldap
Yup, I'm having the same problem. Looking into how to solve it... Jon - Original Message - From: Holscher, David M [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 7:55 AM Subject: TC 4.0 Final breaks my ldap For some reason TC 4.0 Final includes more jars in the common/lib directory that the release candidates. My ldap connections are no longer work without removing ldap.jar. (I further suspect that including other jars that weren't included before like jaxp and crimson will break other applications.) Shouldn't it be up to users of JRE's prior to 1.3 to include the LDAP library on their own? I'm simply trying to make an LDAP connection: ldap = (new InitialDirContext()).open(ictx, ldap://ldapserver/cn=Recipients,ou=USAEXCH01,o=NAV;) I suspect there is some conflict with the LDAP library included with TC and the one included with 1.3. Here is the exception I get: java.lang.NoClassDefFoundError: com/sun/jndi/toolkit/chars/CharacterEncoder at com.sun.jndi.ldap.Connection.(Connection.java:238) at com.sun.jndi.ldap.LdapClient.(LdapClient.java:113) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2384) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:244) at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLC ontextFactory.java:55) at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:4 7) at com.sun.jndi.toolkit.url.GenericURLContext.lookup(Unknown Source) at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:80) at javax.naming.InitialContext.lookup(Unknown Source) at itec.biz.Contact.open(Contact.java:38) at itec.biz.Contact.ldapConnection(Contact.java:48) at itec.biz.Contact.reallySearch(Contact.java:100) at itec.biz.Contact.search(Contact.java:131) at itec.biz.Contact.search(Contact.java:127) at org.apache.jsp.Home$jsp._jspService(Home$jsp.java:105) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.ja va:201) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:381) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:215) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:518) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2366) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1005) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1098 ) at java.lang.Thread.run(Unknown Source) ___ David Holscher It is a painful thing to look at your own trouble and know that you yourself and no one else has made it. - Sophocles, Ajax, c. 450 B.C.
Re: TC 4.0 Final breaks my ldap
I think the problem is that providerutil.jar isn't included in the common/lib directory. Based on the file size of ldap.jar, it appears to be the LDAP 1.2.2 provider. So, if you download that from Sun and then copy the providerutil.jar from that into common/lib, that seems to correct the problem. On a related note, LDAP 1.2.3 is out. Is it safe to update ldap.jar to the most recent version? Also, if you put these files under WEBINF/lib (per application libraries), will that override the older versions which are accessible at the global level? Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 11:48 AM Subject: Re: TC 4.0 Final breaks my ldap Yup, I'm having the same problem. Looking into how to solve it... Jon - Original Message - From: Holscher, David M [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 7:55 AM Subject: TC 4.0 Final breaks my ldap For some reason TC 4.0 Final includes more jars in the common/lib directory that the release candidates. My ldap connections are no longer work without removing ldap.jar. (I further suspect that including other jars that weren't included before like jaxp and crimson will break other applications.) Shouldn't it be up to users of JRE's prior to 1.3 to include the LDAP library on their own? I'm simply trying to make an LDAP connection: ldap = (new InitialDirContext()).open(ictx, ldap://ldapserver/cn=Recipients,ou=USAEXCH01,o=NAV;) I suspect there is some conflict with the LDAP library included with TC and the one included with 1.3. Here is the exception I get: java.lang.NoClassDefFoundError: com/sun/jndi/toolkit/chars/CharacterEncoder at com.sun.jndi.ldap.Connection.(Connection.java:238) at com.sun.jndi.ldap.LdapClient.(LdapClient.java:113) at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2384) at com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:244) at com.sun.jndi.url.ldap.ldapURLContextFactory.getUsingURLIgnoreRootDN(ldapURLC ontextFactory.java:55) at com.sun.jndi.url.ldap.ldapURLContext.getRootURLContext(ldapURLContext.java:4 7) at com.sun.jndi.toolkit.url.GenericURLContext.lookup(Unknown Source) at com.sun.jndi.url.ldap.ldapURLContext.lookup(ldapURLContext.java:80) at javax.naming.InitialContext.lookup(Unknown Source) at itec.biz.Contact.open(Contact.java:38) at itec.biz.Contact.ldapConnection(Contact.java:48) at itec.biz.Contact.reallySearch(Contact.java:100) at itec.biz.Contact.search(Contact.java:131) at itec.biz.Contact.search(Contact.java:127) at org.apache.jsp.Home$jsp._jspService(Home$jsp.java:105) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.ja va:201) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:381) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:215) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:518) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2366) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :163
Re: nonroot standalone tomcat 4? how?
This is the response that I received a few days ago. I haven't had a chance to test it yet though. I'm running it chrooted, so, I don't think that I need to run it as non-root. Jon Jonathan Eric Miller [EMAIL PROTECTED] wrote: RELEASE-NOTES-4.0-B7.txt in Tomcat 4 mentions the following. - Catalina New Features: - Connectors - Refactored the startup code so that Catalina can run on port 80 (without being root) when started by JavaService or equivalent service managers. I'm wondering if there is further documentation on this somewhere? It's in CVS, repository jakarta-tomcat-4.0 under /service/... The sources run perfectly on Solaris 8 and Darwin, we wanted to get also a Windows integration before starting to build binaries (and that might involve also some mergers with JSR-096). Also, I'm wondering if anyone has any tips on how to get Tomcat running in a chrooted environment? i.e. as far as figuring out which libraries and what not are required. Never tried, but it should be possible... For both the Java command line, and service code, the main JVM library is something like libjvm.so, so just do an ldd libjvm.so and see what are the dependancies... When installing stuff CHROOTED usually I start copying the first binary (in this case install the JVM) in the CHROOTED path, and then try to run it until it doesn't complain anymore (copying libraries as you go)... Pier - Original Message - From: Taavi Tiirik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 11:27 AM Subject: nonroot standalone tomcat 4? how? How to run standalone tomcat 4 under solaris as a non root user? I have tried following: 1. configured tomcat to listen port 8080 (as it is by default :-) 2. redirected port 80 to 8080 using port redirector (rinetd) Now, it almoust works but whenever I access url like http://myhost/ then tomcat completes url by adding default document (index.jsp) and as a result of this I will still end up with having url like http://myhost:8080/index.jsp. Is there a way to configure tomcat not to add port 8080 into url? with very best wishes, Taavi
Re: [ANNOUNCEMENT] Apache Tomcat 4.0 Final Release
I second that. You guys are doing a great job. Keep it up. I particularly like the fact that the developers appear to pay a lot of attention to these lists. I've gotten answers to questions many times late at night and I just wanted to say that I very much appreciate it. Jon - Original Message - From: Jim Cheesman [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 18, 2001 1:57 AM Subject: Re: [ANNOUNCEMENT] Apache Tomcat 4.0 Final Release At 05:25 AM 18/09/01, you wrote: It's official! Congratulations on finally getting to a release! Now you can catch up on the sleep you've no doubt been missing... Jim -- * Jim Cheesman * Trabajo: [EMAIL PROTECTED] - (34)(91) 724 9200 x 2360 If Stupidity got us into this mess, then why can't it get us out?
Re: Tomcat 4.0
I haven't tried it with a Verisign cert yet, but, I've been able to import certs signed by my test CA no problem. Have a look at the tools documentation that comes with the JDK for the keytool command. After you have the tomcat key in there, you do a -certreq, give that certificate request to Verisign, get back the signed certificate, then do a -import and that's it. Jon - Original Message - From: Nick Torenvliet [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 17, 2001 3:21 PM Subject: Tomcat 4.0 Thanks to the Tomcat docs I've managed to get sssl working on my tomcat4.0 w/ Java sdk1.4 installation. I've been going through the mailing list archives looking to see if anyone has had any success using a verisign certificate with Tomcat. I've seen lots of questions about it but not too many responses. Has anyone been able to get a stand alone Tomcat working with a verisign certificate yet? Nick
RE: Generate PDF with Java
Hello, You can check http://xml.apache.org/fop if you already use XML (it's an implementation of XSL:FO that can produce pdf with XML). Eric -Original Message- From: Olivier MAYEUX [mailto:[EMAIL PROTECTED]] Sent: Monday, September 17, 2001 9:04 AM To: '[EMAIL PROTECTED]' Subject: Generate PDF with Java Hi ! I want to generate PDF from jsp code. I heard about a package Java PDFWriter but i don't know where i can find it. If anyone have an idea, any suggestions are welcome... Thanks Olivier
Re: Possible to import SSL private/public key pair from Apache into Tomcat?
Thanks, Ricardo, I'll check it out and give it a try. Jon - Original Message - From: Ricardo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 17, 2001 1:19 AM Subject: Re: Possible to import SSL private/public key pair from Apache into Tomcat? There's a way to do this - http://www.comu.de/docs/tomcat_ssl.htm. I recently solve this problem, because i was working with openssl. But i have a question in the group and nobody answer me yet. I'm usign client authentication with apache+mod_ssl and i want to change to tomcat. The fact is that i don't know how to configure the keystore with the CA public key for validating client certificates... I hope the information i give you will be useful, and i will be very happy if i get an answer. Thanks all, Ricardo Borillo Domenech Programació - Servei d'Informàtica Universitat Jaume I - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Saturday, September 15, 2001 5:28 AM Subject: Possible to import SSL private/public key pair from Apache into Tomcat? This question is kind of about Tomcat, but, also to some extent about keytool and SSL in general. I've been running Apache Web Server 1.3.x as a Web server with JRun as a Java Servlet engine in our production environment. I have SSL enabled on the Apache Web Server and I have the certificate signed by Verisign which I paid $$$ for. What I want to do now is to switch to using Tomcat in standalone mode. I have this up and running no problem. I was able to generate a private key and then sign that with a test CA that I have. The steps to do this are to run keytool with -genkey, then -certreq, and then -import. However, I want to import the private/public key pair from Apache Web Server into my Java keystore. Does anyone know if this is possible? As far as I can tell, there is no way to import a private key. I wonder if I send Verisign a certificate request that I generated from Tomcat, if they will make me buy another certificate (even though it's for use on the same server and will replace the original certificate)? Jon
Re: Thanks for the note on JNI and class loading in the release notes
I'm using $CATALINA_HOME/lib, not $CATALINA_HOME/common/lib. I wonder if the problem is specific to using common/lib? Jon - Original Message - From: Jochen Schneider [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, September 17, 2001 3:06 AM Subject: Re: Thanks for the note on JNI and class loading in the release notes Hi Jonathan, we had the same problem and fixed it in the way described now in the Tomcat documentation. Probably one additional remark should be added to the documentation : If you place the Java code loading the native library outside of the web application (for example in $CATALINA_HOME/common/lib) it is loaded only once and the problem is solved. This sollution has some implication : The classes containing the native code are loaded by a classloader which has no knowledge about any class which resides in \Web-inf\lib. You will get an exception if you try to instanciate a class which resides in the \Web-inf\lib directory from your native code! You will also get an exception if you try to import a class which resides in the \Web-inf\lib\ directory from your java code in $CATALINA_HOME/common/lib since the two classes are loaded by different classloaders. This will not work (ClassA in $CATALINA_HOME/common/lib ansd ClassB in \Web-inf\lib\ ) : ClassA : import ClassB; public native static void doSomething(ClassB obj); ClassB : import ClassA public static void main(String[] args) { ClassA.doSomething(this); } Now it works again : ClassA : public native static void doSomething(Object obj); ClassB : import ClassA public static void main(String[] args) { ClassA.doSomething((Object)this); } Is this description correct? How do you handle this problem? Is there a more elegant sollution ? Regards, Jochen - Tomcat 4.0 and JNI Based Applications: - Applications that require native libraries must ensure that the libraries have been loaded prior to use. Typically, this is done with a call like: static { System.loadLibrary(path-to-library-file); } in some class. However, the application must also ensure that the library is not loaded more than once. If the above code were placed in a class inside the web application (i.e. under /WEB-INF/classes or /WEB-INF/lib), and the application were reloaded, the loadLibrary() call would be attempted a second time. To avoid this problem, place classes that load native libraries outside of the web application, and ensure that the loadLibrary() call is executed only once during the lifetime of a particular JVM. - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat Developer List [EMAIL PROTECTED] Sent: Saturday, September 15, 2001 5:59 AM Subject: Thanks for the note on JNI and class loading in the release notes I'm guessing that Craig is the one that added the section about JNI and class loading in the RC1 release notes. I just wanted to say that I appreciate that you documented this. I also noticed that you fixed a problem that I noticed with the Base64 encoder where it had trailing zeroes. Thanks, Jon
Re: System.err.println
I think at least for Tomcat 4, it depends on what platform you are running on. I noticed that on UNIX it gets redirected to catalina.out, but, on Windows it just gets displayed to the screen. Jon - Original Message - From: Abhijat Thakur [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 9:20 PM Subject: System.err.println Hi, I have gone through the archives and have looked at the original responses and tried it but my System.err.println does not go to /logs/tomcat.log. I am using log4j for logging but at some place have to put System.err.println statements which i want should be printed to tomcat logs. I have made modifications to server.xml and it has Logger name=tc_log verbosityLevel = INFORMATION path=logs/tomcat.log / Logger name=servlet_log path=logs/servlet.log verbosityLevel = DEBUG / Logger name=JASPER_LOG path=logs/jasper.log verbosityLevel = INFORMATION / The three are files are made under logs but my System.err.println messages dont go there. Please advise. Thanks a lot. Abhijat Thakur bDNA Corporation
Re: TOMCAT RC1 SERVLET RELOADING NOT WORKING ON AIX
Yeah, next time make the entire message in caps. ;-) Jon - Original Message - From: De Ridder, Bavo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 14, 2001 6:15 AM Subject: RE: TOMCAT RC1 SERVLET RELOADING NOT WORKING ON AIX Could you shout a little harder next time ... -Original Message- From: paul [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 12:26 PM To: [EMAIL PROTECTED] Subject: TOMCAT RC1 SERVLET RELOADING NOT WORKING ON AIX I am still unable to make servlet reloading work on AIX4.3 with tomcat 4 and apache 1.3.19 I have included some of my webapps directory structure and my server.xml which is the install version with my editing at the bottom The context is ct and the service is tomcat-apache In desperation and frustration trying really hard to use tomcat 4 Paul ./ct ./ct/ErrorPage.jsp ./ct/CSS_select.jsp ./ct/Navbar.jsp ./ct/getenvs.jsp ./ct/LogonTest.jsp ./ct/DisplayLogon.jsp ./ct/Logon.jsp ./ct/Receive.jsp ./ct/Send.jsp ./ct/WHControl.jsp ./ct/receive.jar ./ct/Nev-bar.jsp ./ct/send.jar ./ct/LoadLogon.jsp ./ct/CTListSC.jsp ./ct/CTViewJob.jsp ./ct/WHListStock.jsp ./ct/WHListStockSum.jsp ./ct/wml_ErrorPage.jsp ./ct/wml_joblist.jsp ./ct/wml_logon.jsp ./ct/wml_viewjob.jsp ./ct/WEB-INF ./ct/WEB-INF/web.xml ./ct/WEB-INF/classes ./ct/WEB-INF/classes/playjsp ./ct/WEB-INF/classes/playjsp/Logon.class ./ct/WEB-INF/classes/playjsp/Logon$1.class ./ct/WEB-INF/classes/playjsp/Job$1.class ./ct/WEB-INF/classes/playjsp/Job.class ./ct/WEB-INF/classes/playjsp/ListStatusChanges$1.class ./ct/WEB-INF/classes/playjsp/ListStatusChanges.class ./ct/WEB-INF/classes/playjsp/ListWHStockSummary.class ./ct/WEB-INF/classes/playjsp/ListWHStockSummary$1.class ./ct/WEB-INF/classes/playjsp/ListWHStock.class ./ct/WEB-INF/classes/playjsp/ListWHStock$1.class ./ct/WEB-INF/classes/playjsp/CTControl.class ./b2b ./b2b/WEB-INF ./b2b/WEB-INF/classes ./b2b/WEB-INF/classes/playjsp ./b2b/WEB-INF/classes/playjsp/BBControl.class ./b2b/WEB-INF/classes/playjsp/ListB2B.class ./b2b/WEB-INF/classes/playjsp/ListB2B$1.class ./b2b/WEB-INF/classes/playjsp/Parameters.class ./b2b/WEB-INF/classes/playjsp/Parameters$1.class ./b2b/WEB-INF/classes/playjsp/Parameters$2.class ./b2b/WEB-INF/classes/playjsp/ListB2B$2.class ./b2b/WEB-INF/classes/playjsp/ListB2B$3.class ./b2b/WEB-INF/web.xml ./b2b/BBListTransactions.jsp ./b2b/panpars.xml ./b2b/hostpars.xml ./b2b/BBTest.jsp ./b2b/apachepars.xml ./b2b/testpars.xml ./b2b/BBListSummaryTrans.jsp My server.xml !-- Alternate Example-less Configuration File -- !-- Note that component elements are nested corresponding to their parent-child relationships with each other -- !-- A Server is a singleton element that represents the entire JVM, which may contain one or more Service instances. The Server listens for a shutdown command on the indicated port. Note: A Server is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- Server port=8005 shutdown=SHUTDOWN debug=0 !-- A Service is a collection of one or more Connectors that share a single Container (and therefore the web applications visible within that Container). Normally, that Container is an Engine, but this is not required. Note: A Service is not itself a Container, so you may not define subcomponents such as Valves or Loggers at this level. -- !-- Define the Tomcat Stand-Alone Service -- Service name=Tomcat-Standalone !-- A Connector represents an endpoint by which requests are received and responses are returned. Each Connector passes requests on to the associated Container (normally an Engine) for processing. By default, a non-SSL HTTP/1.1 Connector is established on port 8080. You can also enable an SSL HTTP/1.1 Connector on port 8443 by following the instructions below and uncommenting the second Connector entry. SSL support requires the following steps: * Download and install JSSE 1.0.2 or later, and put the JAR files into $JAVA_HOME/jre/lib/ext. * Edit $JAVA_HOME/jre/lib/security/java.security and add security.provider.2=com.sun.net.ssl.internal.ssl.Provider * Execute: keytool -genkey -alias tomcat -keyalg RSA with a password value of changeit. By default, DNS lookups are enabled when a web application calls request.getRemoteHost(). This can have an adverse impact on performance, so you can disable it by setting the enableLookups attribute to false. When DNS lookups are disabled, request.getRemoteHost() will return the String version of the IP address of the
Re: Spaces in TOMCAT_HOME
If you are running Windows 2000/NT, you need to include the /X parameter as in, DIR /X I'm pretty sure that as long as you put the path in quotes (), you don't need to use the 8.3 names though. Jon - Original Message - From: David Smith [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 14, 2001 4:06 PM Subject: Re: Spaces in TOMCAT_HOME Go to a DOS window, and type: dir c:\ The file name on the left will be the 8.3 version while the filename on the right will be the long version. Both look at the same file or directory. You can do this for any folder or filename. Hint: not every file or folder will have ~1 in it. Some might have ~2 if the letters before it match up with another file or folder name. --David Smith On Friday 14 September 2001 04:40 pm, you wrote: What's the 8.3 format for C:\Java Tools\ -Original Message- From: Bryan Lipscy [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 3:18 PM To: [EMAIL PROTECTED] Subject: RE: Spaces in TOMCAT_HOME Use the 8.3 format. Progra~1\Apache~1\jakart~1 -Original Message- From: Hoggatt Matt - mahogg [mailto:[EMAIL PROTECTED]] Sent: Friday, September 14, 2001 1:15 PM To: '[EMAIL PROTECTED]' Subject: Spaces in TOMCAT_HOME Is it impossible to run tomcat as an NT service if there are spaces in TOMCAT_HOME? For example, I want my tomcat path to be c:\Program Files\Apache Group\jakarta-tomcat-3.2.3, but it won't work because of the spaces. Any work arounds? -Matt
Re: Catalina RC2 BASIC still *NOT* working
If you're talking about the nullPointerException that was occurring in MemoryRealm in RC1, that is gone as far as I can tell. I have it working fine here. Jon - Original Message - From: Raimee Stevens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 14, 2001 10:39 AM Subject: Catalina RC2 BASIC still *NOT* working The docs say that it's been fixed. I haven't seen any other reports that the docs are wrong, but I don't have it working. Windows NT4, Apache 1.3.20 Catalina RC2 Sun JDK 1.3 Please confirm or deny??? = - Best Regards, Raimee Stevens __ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/
Re: JDBC Realms
JDBCRealm lets you store user accounts, passwords, and roles in a SQL database. Then, you can protect things like servlets so that they require a user to authenticate using a user name and password before they are granted access to the servlet/resource. By default, Tomcat uses MemoryRealm which does the same thing, but, the user accounts, passwords, and role information is stored in a file named tomcat-users.xml. Jon - Original Message - From: Ryan Ford [EMAIL PROTECTED] To: Tomcat-User (E-mail) [EMAIL PROTECTED] Sent: Friday, September 14, 2001 4:39 PM Subject: JDBC Realms Hello List, I am wondering what JDBC Realms are used for. I successfully configured it with mysql and tomcat 3.2.3, but I dont know what its for or what to do with it. I read http://jakarta.apache.org/tomcat/tomcat-3.2-doc/JDBCRealm.howto But it doesnt really say what it is. Ive searched the archives and on google. If anyone could offer an explanation of what its for, maybe a brief example on how to use it, or point me to a good reference on the net or even in a book, it would be much appreciated. Ryan Ford
Re: Tomcat - Running as non root and thread limiting.
How do you get it to listen on port 80? I thought you needed to be root to listen on ports less than 1024? I saw something in the release notes about a JavaService or something, but, I haven't been able to locate much else on it (running Tomcat as a non-root user). Jon - Original Message - From: Simon Brooke [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 14, 2001 7:08 AM Subject: Re: Tomcat - Running as non root and thread limiting. Hi, Anther two questions (should be the last 2 and then maybe I can help people). Is there any way in configuration to run tomcat as a non root user, or is the only way to su to the user and then run tomcat? We have a process killer that won't kill tasks with a main root thread, i.e. how apache runs. Surely! I *never* run tomcat as root. On my production servers it runs as user 'tomcat'. Create the user (and group if you like); unpack tomcat as that user, to create all the bits with that user's permissions; write your startup script to start tomcat as that user. -- [EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/ ;; It appears that /dev/null is a conforming XSL processor.
Possible to run Tomcat 4 as non-root user?
RELEASE-NOTES-4.0-B7.txt in Tomcat 4 mentions the following. - Catalina New Features: - Connectors - Refactored the startup code so that Catalina can run on port 80 (without being root) when started by JavaService or equivalent service managers. I'm wondering if there is further documentation on this somewhere? Also, I'm wondering if anyone has any tips on how to get Tomcat running in a chrooted environment? i.e. as far as figuring out which libraries and what not are required. Jon
Possible to import SSL private/public key pair from Apache into Tomcat?
This question is kind of about Tomcat, but, also to some extent about keytool and SSL in general. I've been running Apache Web Server 1.3.x as a Web server with JRun as a Java Servlet engine in our production environment. I have SSL enabled on the Apache Web Server and I have the certificate signed by Verisign which I paid $$$ for. What I want to do now is to switch to using Tomcat in standalone mode. I have this up and running no problem. I was able to generate a private key and then sign that with a test CA that I have. The steps to do this are to run keytool with -genkey, then -certreq, and then -import. However, I want to import the private/public key pair from Apache Web Server into my Java keystore. Does anyone know if this is possible? As far as I can tell, there is no way to import a private key. I wonder if I send Verisign a certificate request that I generated from Tomcat, if they will make me buy another certificate (even though it's for use on the same server and will replace the original certificate)? Jon
Is the Jakarta Web site running Tomcat?
Anyone know if the Jakarta Web site is running Tomcat? I know that it's mostly static content, but, I think that would be cool if it was. Jon
Re: JDBC Realms 3.3 or maybe 4.0
You might want to have a look at JNDIRealm in Tomcat 4. If you're also running a LDAP or NIS server, you might be able to tie into that. For example, I'm pretty sure iPlanet Directory Server has account expirations. It depends on what you already have to some extent. I figured that I would mention it though, since you might not have known about it. It's a relatively new feature and was just documented. Jon - Original Message - From: Mark Muffett [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 11, 2001 11:08 AM Subject: JDBC Realms 3.3 or maybe 4.0 I have been using JDBC Realms (with v3.3) with success for some months. I have come to a point where I need to add some new features (expiry dates mainly). I expect I can hack the code to do it, but is there any documentation on how best to proceed with this? (since I'd prefer my hack to be portable from 3.3 to the next 3.x version). I don't suppose it's of sufficient interest to try to incorporate within Tomcat proper, but if anyone else is working on similar extensions I'd be happy to share code. Mark Muffett
Re: tomcat-users.xml reload.
IMHO, a reload method in MemoryRealm would be very useful though. IMHO, using JDBC or JNDI in some cases is overkill. For example, if you otherwise had no need for a SQL server or directory server. Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 10:53 AM Subject: Re: tomcat-users.xml reload. On Wed, 12 Sep 2001, Benoit Bertrand wrote: Date: Wed, 12 Sep 2001 21:26:35 +0200 From: Benoit Bertrand [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: tomcat-users.xml reload. hello, I have got a question concerning tomcat-users.xml reloading. I am developping a web application where an administrator can add/remove user(s) (to contraints access to this web app). This operation add/remove the necessary information to/from tomcat-users.xml file. Unfortunately, i discovered that this file is not updated until the next startup of tomcat. This is to say that to complete the add/remove operation, tomcat should be stopped an restarted (which is not what i intended to do). My question is the following: is there a way to reload the user access from tomcat-users.xml ? If not this should say that i can not use tomcat-users.xml to contraints access for my web app ? Sincerely, Benoit Bertrand. There is no current mechanism to reload tomcat-users.xml. The memory realm is not really designed for production use - it is just there to get things working initially without requiring you to set up a database or a directory server. You should use JDBCRealm in a real application -- any changes to the underlying data are reflected immediately the next time that user logs on, with no need to restart anything. Craig McClanahan
Re: Using Windows Native Security
In the future when username login mode authentication is supported in JNDIRealm, you could probably get it to authenticate against ActiveDirectory that way. It wouldn't actually be using NTLM though. Also, I was thinking that it might be cool to have a KerberosRealm class that you could use to authenticate using Kerberos. Kerberos on the backend anyway (not the way you're supposed to use Kerberos, but, useful if what you want is single sign-on). Kerberos authentication is supported natively in JDK 1.4. I did some testing of it using it with JNDI and I was able to authenticate to Active Directory using Kerberos. Jon - Original Message - From: Frank Lawlor [EMAIL PROTECTED] To: Tomcat (E-mail) [EMAIL PROTECTED] Sent: Wednesday, September 12, 2001 4:39 PM Subject: Using Windows Native Security Does anyone have any references or information on using native windows security (NTLM?) for Tomcat security? Are there any Java JNI wrappers for the native system calls? Are there any higher-lever implementations to some other more usable interface (JAAS, LDAP, etc.)? Thanks, Frank Lawlor Athens Group, Inc. (512) 345-0600 x151 Athens Group, an employee-owned consulting firm integrating technology strategy and software solutions.
Re: The pitfalls in restarting tomcat
IMHO, it would still be nice to have a true easy way to completely restart Tomcat. For example, say you were running into memory leak problems or something like that. You might want to schedule a script to run once a day to restart the server. In a perfect world, one would never have to do this, but, sometimes you run into bugs and you want to make sure that things are completely reset. Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 10:57 AM Subject: Re: The pitfalls in restarting tomcat On Wed, 12 Sep 2001, Jonathan Eric Miller wrote: Date: Wed, 12 Sep 2001 23:57:07 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: The pitfalls in restarting tomcat I agree that there should be a restart.sh. However, it is possible to restart/reload a servlet without having to stop and start Tomcat, in version 4 that is, which is due for release any day now. I think you can do it in Tomcat 3 as well. In 4, you can mark a Context as reloadable. Then, it will check the files when they are requested, and if the time stamp is new, then, it will automatically reload the servlet. Also, there is a management servlet that allows you to restart other servlets in case you don't want to have auto-reloading on. Nonetheless, I still think a restart.sh command would be useful. In Tomcat 4, you can also use the Manager webapp to restart a particular app at any time (whether or not you have declared it to be reloadable) through an HTTP request like: http://localhost:8080/manager/reload?path=/exmaples This can also be scripted into shell scripts if you need to restart periodically for some reason (such as to switch log files). For more info, see http://jakarta.apache.org/tomcat/tomcat-4.0-doc/manager-howto.html Jon Craig - Original Message - From: Jeff Turner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 09, 2001 9:55 PM Subject: The pitfalls in restarting tomcat Hi, I was wondering how people who use Tomcat every day) do the stop/start cycle that's required whenever something in WEB-INF/lib changes. ./shutdown.sh ; ./startup.sh is a bad idea, because Tomcat 3.x seems to shut down it's threads asynchronously. So after shutdown.sh has returned, Tomcat has not necessarily stopped. Then startup.sh comes along, finds that your port is in use, and gives you Address already in use errors. With Tomcat 3.3, it is very easy to confuse Tomcat into thinking that it has shut down (the ajp12.id file does not exist), but it actually running. In this (common) situation, there is no way to kill tomcat other than killing the processes ('killall java'). Killing tomcat in this way is *very* dangerous, because it sometimes leaves threads in the state described by 'man ps' as: D uninterruptible sleep (usually IO) Then you're plain screwed; the thread is completely unkillable even by root, and is holding onto your tomcat port (8080). The only option is to reboot the machine. So anyway, has anyone got a safer way of restarting tomcat? Perhaps a script that waits until Tomcat is *really* dead before restarting? It would be nice if there was direct support in Tomcat for this everyday task (a restart.sh script). --Jeff
Re: To all people who are mailing me.
Yeah, I noticed that this morning. I was going to complain, but, I figured, I'd be nice. ;-) Jon - Original Message - From: Paul Downs [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 10:54 AM Subject: Re: To all people who are mailing me. Hi, and what did u do? My mail client had the mailing list address as bcc and was automatically cc'ing peoples personal address. I didn't notice until I got the usual flames. Paul
Re: The pitfalls in restarting tomcat
- Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 7:40 PM Subject: Re: The pitfalls in restarting tomcat On Thu, 13 Sep 2001, Jonathan Eric Miller wrote: Date: Thu, 13 Sep 2001 19:24:08 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: The pitfalls in restarting tomcat IMHO, it would still be nice to have a true easy way to completely restart Tomcat. For example, say you were running into memory leak problems or something like that. You might want to schedule a script to run once a day to restart the server. In a perfect world, one would never have to do this, but, sometimes you run into bugs and you want to make sure that things are completely reset. On Unix, many /etc/rc.d/init.d scripts I've seen implement their restart command as a shutdown followed by a startup. Why is it any more complicated than this? You have to put a pause in there too, otherwise you'll get an error message about the port already listening. This is because when you start it, sometimes, the previous instance hasn't stopped yet. Note also that, if you don't physically restart the JVM, you don't give any of the memory it grabbed back to the operating system. The restart command that I'm thinking of would completely stop Tomcat and start it again, and also shut down the JVM. It would basically, run shutdown.sh and then startup.sh. However, the difference is that it would shut it down in a synchronous manner not asynchronous. Therefore, it would start the server back up immediately after it was shut down rather than pausing for an arbitrary period of time waiting for Tomcat to shut down. I think this may be becoming less of an issue than it was before. Prior to Tomcat 7, the shutdown process seemed very laggy. As of 7 it was a lot better. Now, with RC1, maybe it's just me, but, it seems even better yet. On a somewhat unrelated note, but, speaking of lag, anyone know if Sun is planning doing anything to speed up the initialization of JSSE? Jon Jon Craig
Re: The pitfalls in restarting tomcat
- Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 9:08 PM Subject: Re: The pitfalls in restarting tomcat On Thu, 13 Sep 2001, Jonathan Eric Miller wrote: Date: Thu, 13 Sep 2001 21:00:01 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: The pitfalls in restarting tomcat - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 13, 2001 7:40 PM Subject: Re: The pitfalls in restarting tomcat On Thu, 13 Sep 2001, Jonathan Eric Miller wrote: Date: Thu, 13 Sep 2001 19:24:08 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: The pitfalls in restarting tomcat IMHO, it would still be nice to have a true easy way to completely restart Tomcat. For example, say you were running into memory leak problems or something like that. You might want to schedule a script to run once a day to restart the server. In a perfect world, one would never have to do this, but, sometimes you run into bugs and you want to make sure that things are completely reset. On Unix, many /etc/rc.d/init.d scripts I've seen implement their restart command as a shutdown followed by a startup. Why is it any more complicated than this? You have to put a pause in there too, otherwise you'll get an error message about the port already listening. This is because when you start it, sometimes, the previous instance hasn't stopped yet. A pause won't cut it -- the amount of time a shutdown takes is non-deterministic, because the destroy() method of all the initialized servlets, filters, and the contextDestroyed() method of listeners is called during the shutdown process. It would take code to do this reliably. My point exactly. ;-) Note also that, if you don't physically restart the JVM, you don't give any of the memory it grabbed back to the operating system. The restart command that I'm thinking of would completely stop Tomcat and start it again, and also shut down the JVM. It would basically, run shutdown.sh and then startup.sh. However, the difference is that it would shut it down in a synchronous manner not asynchronous. Therefore, it would start the server back up immediately after it was shut down rather than pausing for an arbitrary period of time waiting for Tomcat to shut down. I think this may be becoming less of an issue than it was before. Prior to Tomcat 7, the shutdown process seemed very laggy. As of 7 it was a lot better. Now, with RC1, maybe it's just me, but, it seems even better yet. There have been substantial improvements in RC1. On a somewhat unrelated note, but, speaking of lag, anyone know if Sun is planning doing anything to speed up the initialization of JSSE? I would bet this is related to initializing the random number generator. Yup. Do you *really* want to reduce the security of your cryptography? No, but, what I want to know is why I'm able to start Apache Web Server with SSL and I don't get this lag? I'm pretty sure that IIS with SSL doesn't take that long either. There are also numerous other SSL enabled clients that don't suffer from this kind of lag. I can see if it was only servers that suffered from this, but that isn't the case. Say I want to write a console app that is the rough equivalent of ldapsearch in Java that uses SSL. Everytime, I run that program I'm going to get 15 seconds of lag before it does anything. iPlanet's ldapsearch doesn't take that long. IMHO, they should speed it up using native code if that's what it takes (now that JSSE comes standard with JDK 1.4). Jon The same issue shows up in Tomcat with initialization of the random number generator used for session ids. The current initialization algorithm is fast, but subject to predictable session ids if an attacker can read server.xml. Jon Jon Craig Craig
Re: The pitfalls in restarting tomcat
I agree that there should be a restart.sh. However, it is possible to restart/reload a servlet without having to stop and start Tomcat, in version 4 that is, which is due for release any day now. I think you can do it in Tomcat 3 as well. In 4, you can mark a Context as reloadable. Then, it will check the files when they are requested, and if the time stamp is new, then, it will automatically reload the servlet. Also, there is a management servlet that allows you to restart other servlets in case you don't want to have auto-reloading on. Nonetheless, I still think a restart.sh command would be useful. Jon - Original Message - From: Jeff Turner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, September 09, 2001 9:55 PM Subject: The pitfalls in restarting tomcat Hi, I was wondering how people who use Tomcat every day) do the stop/start cycle that's required whenever something in WEB-INF/lib changes. ./shutdown.sh ; ./startup.sh is a bad idea, because Tomcat 3.x seems to shut down it's threads asynchronously. So after shutdown.sh has returned, Tomcat has not necessarily stopped. Then startup.sh comes along, finds that your port is in use, and gives you Address already in use errors. With Tomcat 3.3, it is very easy to confuse Tomcat into thinking that it has shut down (the ajp12.id file does not exist), but it actually running. In this (common) situation, there is no way to kill tomcat other than killing the processes ('killall java'). Killing tomcat in this way is *very* dangerous, because it sometimes leaves threads in the state described by 'man ps' as: D uninterruptible sleep (usually IO) Then you're plain screwed; the thread is completely unkillable even by root, and is holding onto your tomcat port (8080). The only option is to reboot the machine. So anyway, has anyone got a safer way of restarting tomcat? Perhaps a script that waits until Tomcat is *really* dead before restarting? It would be nice if there was direct support in Tomcat for this everyday task (a restart.sh script). --Jeff
Re: Re[2]: IP binding for server shutdown (tomcat 4)
Although, you can't control what IP address it binds to, you can control what port it listens on. I'm guessing the easiest solution to your problem would be to just set each of the different Tomcat installations up to use a different port? I think you basically, just need to change the following line in server.xml. Server port=8005 shutdown=SHUTDOWN debug=0 Jon - Original Message - From: Jochen Schwoerer [EMAIL PROTECTED] To: Pier Fumagalli [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Saturday, September 08, 2001 1:27 PM Subject: Re[2]: IP binding for server shutdown (tomcat 4) Hello Pier, Saturday, September 08, 2001, 8:20:30 PM, you wrote: PF Jochen Schwoerer [EMAIL PROTECTED] wrote: hello all, does somebody know if it is possible to bind the shutdown listener of tomcat 4 on a specific ip address like it is possible for connectors? PF I believe that for security reasons, in the upcoming version, the binding PF will be allowed and done only to localhost (127.0.0.1) in our case we have a machine with multiple ip addresses and want to run several instances on different ips but with the same control ports. it would be good to have the possibilty to configure the binding ip like in the connector directive. PF Pier jochen schwoerer [EMAIL PROTECTED]
Re: Question from a relatively new user: Minimizing the installation footprint of Tomcat
He's talking about what is required for running in a production environment, not a development environment. Jon - Original Message - From: Raimee [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 11:17 PM Subject: Re: Question from a relatively new user: Minimizing the installation footprint of Tomcat Actually, you'll need at least the servletapi if you want to write either and certainly a JDK . The servlet api ships with Tomcat and Java Runtimes are commonly packaged with JDK's. Jonathan Eric Miller wrote: If you write servlets instead of JSPs I would assume that you can get away with only using the JRE instead of the full JDK. I've never tried it myself though. I see that RUNNING.TXT says to download the JDK though. That could be because they're assuming that you're setting up a development environment though. Jon - Original Message - From: Anthony T Matsushita [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 3:39 PM Subject: Question from a relatively new user: Minimizing the installation footprint of Tomcat Hi, I'm working on an embedded system using Linux as the OS. My group is currently evaluating technologies to use as a front end to our configuration software and would like a Web front-end. We're evaluating JSP versus Perl / CGI (maybe embPerl). I was wondering how to minimize Tomcat's installation for deployment after we have developed our web-application (all the html and jsp pages and supporting classes and beans would be finalized). Is Java SDK 1.3 really necessary to run Tomcat. Can we have a Java Runtime Environment installed instead? (I'm guessing that Tomcat might use something in SDK 1.3 to complie it's JSP pages into Servlets) I need to get the footprint to be under 30 MB total, hopefully well under that if possible. I was wondering if this is at all attainable, and if anyone has any comments or suggestions? Thanks! -Anthony
Re: tomcat4: sealing violation when reloading servlets
I don't know for sure if this will help, but, if you have application specific .jar files that are stored somewhere other than under your WEB-INF/lib directory, you might want to try to move them there and see if that makes a difference. What I always try to do when resolving a problem like this is revert back to the basic installation, test out the sample programs, make sure that works, then, start adding things back one at a time until it breaks. Jon - Original Message - From: Taavi Tiirik [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 07, 2001 2:48 AM Subject: tomcat4: sealing violation when reloading servlets I am encountering sealing violation problems with tomcat 4.0 (nightly build 20010825). Whenever I recompile a servlet or change any .properties files that I use for i18n text messages press reload, it gives ServletException like this: Exception Report: javax.servlet.ServletException: Servlet.init() for servlet jsp threw exception at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:875) ... Root Cause: java.lang.SecurityException: sealing violation at java.net.URLClassLoader.defineClass(URLClassLoader.java:234) ... As I have understood it can be avoided by not having conflicts between certain class libraries. I have plenty of them in jre/lib/ext directory... Is there any changes to the class loading mechanism in more current nightly builds? with best wishes, Taavi
Re: How can I have a class run on start-up?
I don't know the answer to your question, but, I'm wondering if the application actually has to run in Tomcat. It sounds like you might want to just create a standalone application that listens on a port. Jon - Original Message - From: Alex Colic [EMAIL PROTECTED] To: Tomcat-User [EMAIL PROTECTED] Sent: Friday, September 07, 2001 8:36 AM Subject: How can I have a class run on start-up? Hi, hopefully someone can help me with this. I need some type of a class to start when the web server starts. This class is going to bind itself to a port and listen to commands from a VB app. Other classes in other web apps will register themselves with this class to receive these commands. My questions are: 1: how can you have a class start when the web server starts? This needs to work with all web servers. 2: how can you have a class in a web app register itself with the class listening on the port? Any suggestions are appreciated. Regards Alex Colic
Re: Basic question about Apache+Tomcat Memory usage
You mean the first time you access the JSP after starting Tomcat? This is because the JSP has to be compiled into a class before it can be executed. Jon - Original Message - From: srini [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 07, 2001 2:14 PM Subject: Basic question about Apache+Tomcat Memory usage hi users, i have this basic question in mind from so many days but din't get an answer for it. when i try to execute a simple JSP or Servlet , generally first time my CPU usage goes to 80-100%.I tried with default examples which comes with Tomcat. where as i have seen big application which don't use that much memory even u do some heavy jobs. Why is it so ??? System configuration: Pentium3900mHz processor 256MB Ram. Operating system: win2K Tomcat 3.2.2 Thanks in advance. -srini
Re: Specify outbound port on tomcat
It seems like to me the solution to the problem is to tweak the firewall rules. If a site is a host. Then, you can just create a rule that allows host A and B to communicate. You could set it up so that outgoing connections from host A are permitted/restricted to host B on port 443. Assuming it's a stateful firewall, the firewall will keep track of things. So, if host A binds to local port 4000 (or whatever other random port number the TCP stack chooses) and connects to host B on destination port 443, the firewall sees this and dynamically generates a rule that allows packets that have the opposite values to flow through. The key is that you need a stateful firewall. I would assume that most standalone firewalls, if that is what you're using, are. Jon - Original Message - From: Joe Pearse [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 07, 2001 7:19 PM Subject: Re: Specify outbound port on tomcat That's just it, though. Take the firewall out of the equation, and the application works fine. I understand that the destination port is what matters, and it does; you're right about that. Let me describe a scenario, to see if this helps explain the problem. I'm running tomcat + application at location A, you're running the same application + tomcat at location B. Scenario 1) You, site B, have no firewall restrictions. I, site A, send you, site B a message to port 443. Application does its thing, and sends a confirmation message, on _your_ local port, between 1024-5000. The destination is port 443 of site A. I receive the confirmation, and everyone is happy. Scenario 2) Now, your new security guru puts the clamps down on all outbound ports at site B. Taking the same scenario as 1), all works fine UNTIL you, site B, tries to send the response. Because all outbound ports have been blocked, the message does not get back to site A. Having said all that (sorry so long), at site B, you convince your security guy to open ports 2000-2005 (for example). What can I alter to guarantee that messages will be sent out on these ports? Thanks again for your help. From: Craig R. McClanahan [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Specify outbound port on tomcat Date: Fri, 7 Sep 2001 16:56:50 -0700 (PDT) On Fri, 7 Sep 2001, Joe Pearse wrote: Date: Fri, 07 Sep 2001 16:49:09 -0700 From: Joe Pearse [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Specify outbound port on tomcat The application itself is generating the message being sent out. In the basic sense, a browser is not involved. For example, information is received on port 443, and processed by the application. From that, a java.net.URL object is created, and the message is fired off to the specified client URL. When firing off the message, the outbound port (1024-5000) is chosen, and I'm not sure what chooses the port, and if I can restrict it. OK, to make an outbound connection, you definitely need a port on the local server. But what matters to a firewall is the port on the *destination* of that connection, not the *origin*. What port number on the client are you sending to? In order for things to work, *this* is the port number your firewall has to allow through (assuming that the client is on the other side of it, of course). Which, of course, raises the question of why do this anyway, when you can simply return data in the HTTP response to the request you are processing, but that's a different question. Craig _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
JNDIRealm working, but, I have a few problems
First off, I want to thank Craig for writing up those JNDIRealm instructions. Those worked great. That's exactly the information that I was looking for. I have JNDIRealm working using both clear-text and digest passwords. However, there are a few problems that need to be resolved before I will be able to make use of it in our environment. The main reason why I want to use it, is for single-sign on and there are some issues that are preventing me from being able to do that. 1. It doesn't support binding as the user rather than as an admin user. If it did support this, that would solve all the password encryption/format related issues. 2. It doesn't check all userPassword attribute values (some directories may have more than one value). It should compare each value for a match and if a match is found, succeed, otherwise fail. 3. I'm not sure if this problem is specific to iPlanet Directory Server or not, but, iPlanet prefixes encrypted passwords with the name of a hash/encryption algorithm enclosed in {} followed by the base64 encoded password. For example, the following is what the password changeit looks like. {SHA}BzE/DjIPIsv6Nc/CIFCOs/9FfH4= However, the Tomcat digest application produces what appears to be a string of hex values like the following. b91cd1a54781790beaa2baf741fa6789 I think just compares these values (the text reprsentation and doesn't know to strip off the leading {SHA}), so, it fails. As far as I know the binary values should be the same because they are both using SHA. 4. It doesn't support SSL. 5. It doesn't support crypt encrypted passwords. crypt may not be the mose secure, but, it's helpful from the stand point of supporting legacy systems. Again, if it bound as the user rather than queried for and compared attributes, this wouldn't be an issue. I don't know what kind of impact that would have on performance, if any, but, it would IMHO be a lot more secure and more generalized because you could then use whatever password encryption in the directory that you wanted and not have to worry about it. Jon
Re: JNDIRealm working, but, I have a few problems
- Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 4:45 PM Subject: Re: JNDIRealm working, but, I have a few problems On Thu, 6 Sep 2001, Jonathan Eric Miller wrote: Date: Thu, 6 Sep 2001 15:42:52 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Subject: JNDIRealm working, but, I have a few problems First off, I want to thank Craig for writing up those JNDIRealm instructions. Those worked great. That's exactly the information that I was looking for. I have JNDIRealm working using both clear-text and digest passwords. However, there are a few problems that need to be resolved before I will be able to make use of it in our environment. The main reason why I want to use it, is for single-sign on and there are some issues that are preventing me from being able to do that. 1. It doesn't support binding as the user rather than as an admin user. If it did support this, that would solve all the password encryption/format related issues. This is definitely on the list of things to address. Before 4.0 final might be a challenge, though. Cool, yeah, I just noticed the functional specs that you have in there regarding username login mode. I found it comforting to see that in there because that is the method that I would prefer to use. I don't really like the idea of storing an admin password in my configuration file. Also, for some users, this might not be an option because they not be the directory administrator. Also, I think it's a good idea to minimize sending the userPassword attribute over the wire, even if it is encrypted. I kind of figured that you might not be able to implement that before 4.0 was released. I'm crossing my fingers though. ;-) 2. It doesn't check all userPassword attribute values (some directories may have more than one value). It should compare each value for a match and if a match is found, succeed, otherwise fail. It never occured to me that userPassword would have multiple values :-). But that doesn't sound too hard to support. Yeah, that's what I was hoping. I haven't looked too close at the source code, but, I'm hoping that just adding a for loop when checking the values would do it. The reason it might be helpful at our site is because we are going to be merging NIS into another directory. Having both passwords in there allows a user to authenticate successfully using either. Then, when they change their password for the first time, it gets replaced with a single password. It might also help having multiple different hashes in there for applications such as this that do queries against the userPassword field and only support certain digests. 3. I'm not sure if this problem is specific to iPlanet Directory Server or not, but, iPlanet prefixes encrypted passwords with the name of a hash/encryption algorithm enclosed in {} followed by the base64 encoded password. For example, the following is what the password changeit looks like. {SHA}BzE/DjIPIsv6Nc/CIFCOs/9FfH4= However, the Tomcat digest application produces what appears to be a string of hex values like the following. b91cd1a54781790beaa2baf741fa6789 Oops, I posted the wrong value here. It should be the following. The value above is an MD5 hash. 07313f0e320f22cbfa35cfc220508eb3ff457c7e I think just compares these values (the text reprsentation and doesn't know to strip off the leading {SHA}), so, it fails. As far as I know the binary values should be the same because they are both using SHA. Hmm, those values don't appear to match -- maybe the iPlanet value has been Base64 encoded instead of rendered in hex? Yeah, iPlanet returns {SHA} followed by the Base64 encoded SHA hash of the user's password. I'm not sure how standard this convention is. I think OpenLDAP may do the same thing? If the password is clear-text, it isn't prefixed with anything. If it's crypt encrypted it uses {crypt}. The only other hashing algorithm it supports is Salted Secure Hash Algorithm which is {SSHA}. I wrote a little program to test it. import org.apache.catalina.realm.*; import org.apache.catalina.util.*; public class Test4 { public static void main (String[] args) { try { System.out.println(JDBCRealm.Digest(changeit, SHA)); System.out.println(HexUtils.convert(Base64.decode(BzE/DjIPIsv6Nc/CIFCOs/9Ff H4=.getBytes(; } catch(Exception e) { e.printStackTrace(); } } } The following is the output. As you can see they are pretty much the same. Not sure why that extra is on there. C:\java Test4 07313f0e320f22cbfa35cfc220508eb3ff457c7e 07313f0e320f22cbfa35cfc220508eb3ff457c7e I haven't figured out why the extra is at the end. 4. It doesn't support SSL. Also on the list of things to support -- assuming that the JNDI LDAP provider does most
Re: using a central repository for servlets
Basically, if you are using Tomcat 4, you just have to copy your servlets to CATALINA_HOME$/webapps/ROOT/WEB-INF/classes. I created a symlink under CATALINA_HOME$ named servlets that is linked to webapps/ROOT/WEB-INF/classes. So, when I copy my servlets over I just copy them to /opt/jakarta-tomcat/servlets. ROOT is the default context. Jon - Original Message - From: echaiguer abderrahim [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 2:39 AM Subject: Re: using a central repository for servlets That's exactly what I am look for. Abde At 08:31 PM 9/5/2001 -0300, Joao Carlos wrote: I've searched in many many many places an answer for this before asking. There are some answers, but it didn't get clear for me. I'm using JServ for a long time, and i'm trying, for a long time too, to migrate my servers for using Apache+Tomcat. The problem is that i really can't understand well the way tomcat is configured. The main problem, and the reason i'm writing is: I have today in many JServ's, only one repository, which is called by using the /servlets alias. All servlets that run on the server are keeped on /var/servlets So, in this way that's very easy to include a servlet, it's only put it on /var/servlet and call http://my.host/servlets/name_of_the_servlet I simply want to migrate to tomcat using this kind of configuration. Many servlets have links to others servlets (written in code) using /servlets/any_servlet, so that's impossible to me to create a context and access the servlets using /context/servlet Is there any way to create a central repository that can be accessed by /servlets and only this? Is the web-inf directory mandatory for using servlets? Thanks in advance, --- Joao Carlos [EMAIL PROTECTED] Unix IS user friendly. It's just selective about who its friends are
Re: No one answering my question (security realted problem)
Completely clear your CLASSPATH. Then, install a fresh copy of Tomcat. Then, try to access some of the sample servlets. If that doesn't work, you might want to give Tomcat 4 a try. Tomcat 4 is due out in mid-September. Tomcat 4 doesn't use CLASSPATH at all, so, maybe that'll fix your problem. Also, make sure you're running the latest version of Sun's JDK, 1.3.1. Jon - Original Message - From: Sukhwinder Singh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 4:10 PM Subject: Re: No one answering my question (security realted problem) It's unclear to me why you're recompiling tomcat. Why not just use a binary distribution? I've never compiled it from source... dwh Hello, I have also downloaded binary version of tomcat 3.2.3 but even that doesn't start. SS ___ http://inbox.excite.com
Re: Apache / mod_jk / Tomcat with Hardware SSL box?
One thing that you might want to look into assuming you haven't already bought new hardware is that I think that you can get SSL hardware accelerator cards rather than a separate box to do it? I don't know much about it. I just know that I heard something about this where I work. They were planning on doing this on a Sun box for our LDAP servers. I think that OpenSSL was supposed to support the cards or something. So, basically, everything would work the same way as if you weren't using hardware acceleration, except that some of OpenSSL's processing would be offloaded to hardware instead. I'm not an expert on this, so, I could be wrong, but, I figured that I would mention it. Jon - Original Message - From: Mike Roberts [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 7:32 AM Subject: Apache / mod_jk / Tomcat with Hardware SSL box? Hi, My company currently use Apache / mod_ssl / mod_jk / Tomcat to support SSL in our application My SysAdmin department would like to switch our SSL handling to a dedicated hardware solution (eg http://www.intel.com/network/idc/products/accel_7115.htm) to take the SSL load off of our Webservers. My concern with this though is that our application will no longer be able to discern whether a request was secure or not. Has anyone tried this kind of thing? I guess one option would be for the Hardware SSL box to point to port 443 of Apache, but for Apache not to actually pass these requests to mod_ssl (Apache's 443 could then be firewalled off from the outside world and assumed only used as a target from the hardware SSL box for originally secure requests.) As the port is 443 though, would mod_jk still treat it as though SSL was enabled? I doubt it, but thought I would ask. Another alternative would be for our app to look for the port requested, rather than whether the request was secure or not. We could get the Hardware SSL box to pass originally secure requests to port 443 (or anything other than 80 for that matter) as above. In that case though, our App would need to know the port number that was attached to on Apache - is this passed through by mod_jk? Details: Apache 1.3.20 / mod_ssl 2.8.4-1.3.20 / Tomcat 3.2 (with mod_jk setup to use AJP13) / Solaris 8 Thanks for any help, Mike --- Mike Roberts Developer DigitalRum mailto:mike.roberts@**spamdeflector**.digitalrum.com
Re: mac question from yesterday
Are you sure it only happens on a Mac? Maybe you don't have the image files stored in the correct location? Jon - Original Message - From: Henry Yeh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 1:03 PM Subject: RE: mac question from yesterday no it wasn't solved, as no one seems to have this problem but me ! Henry -Original Message- From: Thomas Cherry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 10:44 PM To: [EMAIL PROTECTED] Subject: Re: mac question from yesterday somebody ask a question about images not showing up under a few mac browsers, and I wanted to know if this person solved the problem. It could have been two days ago, but I really thought that it was yesterday. - Original Message - From: Pier Fumagalli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 11:48 AM Subject: Re: mac question from yesterday Thomas Cherry [EMAIL PROTECTED] wrote: was the mac question posted yesterday ever answered? Errr... I didn't see any mac-related question... Pier (typing on a mac!)
Re: java.lang.SecurityException: sealing violation - jBuilder4
Tomcat 4 doesn't use the CLASSPATH variable. So, all the .jar files that aren't in the jakarta-tomcat directory will be ignored AFAIK. I did notice one thing that looks odd also. servlet.jar is normally found in common\lib, not server\lib. Not sure if that would make a difference. Jon - Original Message - From: Raimee Stevens [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 1:01 PM Subject: Re: java.lang.SecurityException: sealing violation - jBuilder4 Catalina's Classpath: D:\tomcat\jakarta-tomcat-4.0-b7\webapps\genNLV\WEB-INF\classes; D:\tomcat\jakarta-tomcat-4.0-b7\bin\bootstrap.jar; D:\tomcat\jakarta-tomcat-4.0-b7\server\lib\catalina.jar; D:\tomcat\jakarta-tomcat-4.0-b7\server\lib\warp.jar; D:\tomcat\jakarta-tomcat-4.0-b7\server\lib\jakarta-regexp-1.2.jar; D:\tomcat\jakarta-tomcat-4.0-b7\server\lib\crimson.jar; D:\tomcat\jakarta-tomcat-4.0-b7\server\lib\jaxp.jar; D:\tomcat\jakarta-tomcat-4.0-b7\lib\namingfactory.jar; D:\tomcat\jakarta-tomcat-4.0-b7\lib\jasper-runtime.jar; D:\tomcat\jakarta-tomcat-4.0-b7\jasper\jaxp.jar; D:\tomcat\jakarta-tomcat-4.0-b7\jasper\jasper-compiler.jar; D:\tomcat\jakarta-tomcat-4.0-b7\jasper\crimson.jar; D:\tomcat\jakarta-tomcat-4.0-b7\common\lib\jndi.jar; D:\tomcat\jakarta-tomcat-4.0-b7\common\lib\naming.jar; D:\tomcat\jakarta-tomcat-4.0-b7\common\lib\resources.jar; D:\tomcat\jakarta-servletapi-4-b7\lib\servlet.jar; D:\SQLLIB\java\db2java.zip;D:\oreilly\lib\cos.jar; D:\jBuilder\jdk1.3\demo\jfc\Java2D\Java2Demo.jar; D:\jBuilder\jdk1.3\jre\lib\i18n.jar; D:\jBuilder\jdk1.3\jre\lib\jaws.jar; D:\jBuilder\jdk1.3\jre\lib\rt.jar;D:\jBuilder\jdk1.3\jre\lib\sunrsasign.jar; D:\jBuilder\jdk1.3\lib\dt.jar; D:\jBuilder\jdk1.3\lib\tools.jar = - Best Regards, Raimee Stevens __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
Re: mac question from yesterday
Are you sure it only happens on a Mac? Maybe you don't have the image files stored in the correct location? Jon - Original Message - From: Henry Yeh [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 1:03 PM Subject: RE: mac question from yesterday no it wasn't solved, as no one seems to have this problem but me ! Henry -Original Message- From: Thomas Cherry [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 10:44 PM To: [EMAIL PROTECTED] Subject: Re: mac question from yesterday somebody ask a question about images not showing up under a few mac browsers, and I wanted to know if this person solved the problem. It could have been two days ago, but I really thought that it was yesterday. - Original Message - From: Pier Fumagalli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 11:48 AM Subject: Re: mac question from yesterday Thomas Cherry [EMAIL PROTECTED] wrote: was the mac question posted yesterday ever answered? Errr... I didn't see any mac-related question... Pier (typing on a mac!)
Re: I admit it -- I'm too lazy to read the documentation
You're kidding, right? If you changed all the 8080's in server.xml to 80, that should have done it. You remembered to restart the server, right? Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 3:38 PM Subject: RE: I admit it -- I'm too lazy to read the documentation You have an additional file to change to make TOMCAT work on any port lower than 1024... -Original Message- From: Brent Hughes [mailto:[EMAIL PROTECTED]] Sent: Thursday, September 06, 2001 8:40 AM To: [EMAIL PROTECTED] Subject: RE: I admit it -- I'm too lazy to read the documentation I was just kidding I'm not really that lazy. I just thought someone would respond faster if I said that. I actually already tried to change the one in server.xml to port 80 before I sent the email. That was probably pretty stupid but I thought it might work anyway. A full text search of the conf directory only revealed two instances of 8080, and I tried changing them both to 80, but the thing stopped working. ***Is what I'm trying to do even possible, or is Tomcat just designed to require a numerical extension to the URL?*** If it is, that's okay. I just thought it would be cooler if my URL remained constant. Did it stop working because of a port conflict on 80? I actually read most of the docs, and I text searched the doc directory for 8080. Most of the results were just hyperlink examples. Thanks, Brent /// /// -Original Message- From: Thomas Cherry [mailto:[EMAIL PROTECTED]] Sent: Friday, September 07, 2001 6:39 AM To: [EMAIL PROTECTED] Subject: Re: I admit it -- I'm too lazy to read the documentation Since you are lazy, why stop with reading at all, just grep the config files for 8080 and hope it's the right one. - Original Message - From: Brent Hughes [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 7:32 AM Subject: I admit it -- I'm too lazy to read the documentation I have the thing running... It only works on localhost:8080 though... I need to get rid of this 8080 thing. If you guys could point me to the right section of the docs it would be a big help. Thanks, Brent
Re: Newbie question
If you are using Tomcat 4, check out the following link. You don't actually need to build Tomcat from the source code (if that's what you are trying to do) in order to get SSL to work. It's just a matter of running a keytool command and then uncommenting a few lines of code in server.xml. This also assumes that you are using Tomcat in standalone mode and aren't trying to compile SSL into Apache Web Server. http://jakarta.apache.org/tomcat/tomcat-4.0-doc-exp/ssl-howto.html Jon - Original Message - From: Brown, Matthew A. [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 1:31 PM Subject: Newbie question Hi- I'm new to tomcat- I've got jakarta-ant installed- and I've got tomcat working. I want to rebuild tomcat so that it supports SSL. I've got all of the SSL stuff needed-(per the how to configure SSL document) I just don't know how to rebuild the instance easily. Thanks in advance for any help
Re: New nt_service
Are you sure it wasn't really a .c.exe file and Explorer didn't just hide the extension. ;-) Jon - Original Message - From: Pier Fumagalli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 8:09 PM Subject: Re: New nt_service Tim O'Neil [EMAIL PROTECTED] wrote: Can you sign those before you send em like that? There's nothing bad in sending a C file and an HTML zipped... C'mon :) Let's not get paranoid, at least he didn't send an executable... (BTW, Michael, next time, a patch to the current code will be way better). This, as a principle. I'll just offload it to my colleagues in JK land... Pier
Re: Question from a relatively new user: Minimizing the installation footprint of Tomcat
If you write servlets instead of JSPs I would assume that you can get away with only using the JRE instead of the full JDK. I've never tried it myself though. I see that RUNNING.TXT says to download the JDK though. That could be because they're assuming that you're setting up a development environment though. Jon - Original Message - From: Anthony T Matsushita [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, September 06, 2001 3:39 PM Subject: Question from a relatively new user: Minimizing the installation footprint of Tomcat Hi, I'm working on an embedded system using Linux as the OS. My group is currently evaluating technologies to use as a front end to our configuration software and would like a Web front-end. We're evaluating JSP versus Perl / CGI (maybe embPerl). I was wondering how to minimize Tomcat's installation for deployment after we have developed our web-application (all the html and jsp pages and supporting classes and beans would be finalized). Is Java SDK 1.3 really necessary to run Tomcat. Can we have a Java Runtime Environment installed instead? (I'm guessing that Tomcat might use something in SDK 1.3 to complie it's JSP pages into Servlets) I need to get the footprint to be under 30 MB total, hopefully well under that if possible. I was wondering if this is at all attainable, and if anyone has any comments or suggestions? Thanks! -Anthony
Re: Intermittent UnsatisfiedLinkError
John, I don't know if your JNI calls are in separate .jar files or in your servlets themselves, but, if they are in separate .jar files, I found that you can put those .jar files in CATALINA_HOME$/lib rather than in CATALINA_HOME$/webapps/ROOT/WEB-INF/lib. When you do this, the .jar files will only be loaded when Tomcat starts, instead of everytime your servlet is reloaded. This is with Tomcat 4. Not sure about Tomcat 3.x. Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: Tomcat User List [EMAIL PROTECTED] Sent: Wednesday, September 05, 2001 12:23 PM Subject: Re: Intermittent UnsatisfiedLinkError John, I'm running into the same exact problem. Were you ever able to resolve this? The reason it is intermittent is it happens when you update a servlet and auto servlet reloading happens and you don't restart the server. The work around that I've been using is to just restart the server after updating a servlet. However, that is a pain, so, I want to find the real solution. I'm getting an error of java.lang.UnsatisfiedLinkError: Native Library /opt/NSIT/lib/libccso_CCSOConnection.so already loaded in another classloader in Tomcat 4. So, I'm going to look and see if there is a way to check whether a library is loaded or not and possibly add some conditional code that I only call System.loadLibrary() when it isn't already loaded. Jon Intermittent UnsatisfiedLinkError From: John Doyle Subject: Intermittent UnsatisfiedLinkError Date: Sat, 21 Jul 2001 13:03:00 -0700 Hello, We are using tomcat 3.2.1 on RedHat 6.2. Many of our servlets use Java native methods. The problem we are seeing is that our system runs OK for a while, then for some unknown reason we get UnsatisfiedLinkError on native methods that were running previously. We are confident that the System.loadLibrary() calls are working. (They are in a try-catch {} block w/ application-level tracing). We are calling System.loadLibrary() in a static initializer block of a class that is used by every servlet. Could anyone advise me on how to debug this problem? I could really use some advice on how to zero in on this. Thanks in advance Regards, John Doyle NAS Configuration Development Bldg 660/ E200, Research Triangle Park, NC 27709 Phone: 919-254-7634 No sense being a pessimist - it wouldn't work anyway.
Re: how is a session identified
I think it's basically just a random number that is stored either in a cookie or using URL rewriting. You can call HttpSession.getId() to get the value. Jon - Original Message - From: Wouter Boers [EMAIL PROTECTED] To: Tomcat-User@Jakarta. Apache. Org [EMAIL PROTECTED] Sent: Wednesday, September 05, 2001 3:01 AM Subject: how is a session identified Hello, I have a question reguarding the session. What is this session based on? How is a client browser uniquely identified by tomcat to map that session to its own context. I'm looking for the data that is required to identify the client browser and the identification process. I would love to have some pointers to the specs and sources implementing the specs. Wouter
Re: Intermittent UnsatisfiedLinkError
John, I'm running into the same exact problem. Were you ever able to resolve this? The reason it is intermittent is it happens when you update a servlet and auto servlet reloading happens and you don't restart the server. The work around that I've been using is to just restart the server after updating a servlet. However, that is a pain, so, I want to find the real solution. I'm getting an error of java.lang.UnsatisfiedLinkError: Native Library /opt/NSIT/lib/libccso_CCSOConnection.so already loaded in another classloader in Tomcat 4. So, I'm going to look and see if there is a way to check whether a library is loaded or not and possibly add some conditional code that I only call System.loadLibrary() when it isn't already loaded. Jon Intermittent UnsatisfiedLinkError From: John Doyle Subject: Intermittent UnsatisfiedLinkError Date: Sat, 21 Jul 2001 13:03:00 -0700 Hello, We are using tomcat 3.2.1 on RedHat 6.2. Many of our servlets use Java native methods. The problem we are seeing is that our system runs OK for a while, then for some unknown reason we get UnsatisfiedLinkError on native methods that were running previously. We are confident that the System.loadLibrary() calls are working. (They are in a try-catch {} block w/ application-level tracing). We are calling System.loadLibrary() in a static initializer block of a class that is used by every servlet. Could anyone advise me on how to debug this problem? I could really use some advice on how to zero in on this. Thanks in advance Regards, John Doyle NAS Configuration Development Bldg 660/ E200, Research Triangle Park, NC 27709 Phone: 919-254-7634 No sense being a pessimist - it wouldn't work anyway.
Where to place native code called by JNI?
Not sure if this is a FAQ or not, but, is there a recommended location where to put native code that is called by a servlet? Currently, I put code similar to the following in startup.sh to tell it where to look. LD_LIBRARY_PATH=/path/to/native/code export LD_LIBRARY_PATH Is this what everyone else is doing? Or is there some other recommended way of doing it? i.e. is there a directory within Tomcat 4's directory structure specifically where it will look for native code (similar to how it looks for .jar files)? Jon
JNDIRealm docs to be released soon?
Craig, A week or so ago, you mentioned that you are in the process of re-writing the docs on how to configure Realms. I'm wondering if you've had a chance to do that yet? When you do, please let me know, as I'm interested in trying to get JNDIRealm to work. Thanks, Jon
Re: Upcoming Tomcat 4.0 Final Release
I just wanted to say, thank you, to all the developers. I think you guys are doing a great job. I had a chance to read through the docs more thoroughly recently and I'm starting to get an idea of all the hard work you've been putting in. I'm looking forward to using Tomcat 4 in our production environment. Thanks and great work. Jon - Original Message - From: Pier Fumagalli [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, September 04, 2001 9:37 PM Subject: Re: Upcoming Tomcat 4.0 Final Release Craig R. McClanahan [EMAIL PROTECTED] wrote: I've just announced a release plan for Tomcat 4.0 (final release) on the Tomcat developer's list. Assuming it gets approved, you will see a final release of Tomcat 4 on or about September 17, 2001. How can you help? By downloading the beta-7 release (or, better, a more recent nightly build) and banging your applications against it. Any bugs you find should be reported (as soon as possible) to: http://nagoya.apache.org/bugzilla/ under product category Tomcat 4, so that they can be addressed before the final release. There are two release candidate releases scheduled prior to the final release, on September 9 and September 12. It would be very helpful if people would download and test these releases as well, to make sure we don't break something while fixing something else. Thanks for your help! For fellow folks of the WebApp module development, I'm going to do the same with our little Apache connector, especially now that we have support for the iPlanet web server, and Apache 2.0 (last one was a precious week!)... I still need to fix a couple of issues with the build process, before decretating martial law on that, but we should be ready to roll a new alpha release by the end of the week, and then go beta when Tomcat 4.0 goes final. Thanks to ALL of you who report bugs and hints... Really appreciate it... Pier
RE: Problems with IIS and Tomcat
Just thought I'd reply saying that I also experienced problems using tomcat and the iis that would send the inetinfo service into cpu lock. It's a dual processor machine running NT 4.0. The only way we resolved the problem was to run tomcat in standalone mode. --- Shay Mandel [EMAIL PROTECTED] wrote: No, it doesn't. This is a simple, single CPU NT machine. Shay. -Original Message- From: Govind Agarwal [mailto:[EMAIL PROTECTED]] Sent: Monday, September 03, 2001 1:29 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; Shay Mandel Subject: RE: Problems with IIS and Tomcat Hi, This problem is encountered by us also when the System has Dual CPU Processor. Does your system also have dual cpu configuration ? Govind -Original Message- From: Shay Mandel [mailto:[EMAIL PROTECTED]] Sent: Monday, September 03, 2001 5:55 PM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Problems with IIS and Tomcat Hi, This sounds familiar. I am having the same problems sometime, and when moving to work with Tomcat alone the problem disappears. I doesn't a clue about how to solve it, as I haven't found the code of the isapi-redirect.dll so I can't debug it. Does someone knows where can I download this code from ? Shay. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Monday, September 03, 2001 12:16 PM To: [EMAIL PROTECTED] Subject: Problems with IIS and Tomcat Hallo, i have problems with IIS (win NT 4.0) and tomcat. Normaly it is working, but sometimes the IIS needs 100% of the cpu and then nothing works until I restart the IIS and the tomcat. The IIS only redirect to the tomcat. Is this a problem of the tomcat or of the IIS?? Frank -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net __ Do You Yahoo!? Get email alerts NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com
mod_jk Virtual Host Problems
I am trying to get apache setup with four virtual hosts that send requests for .jsp files to four separate tomcat workers. I am using mod_jk to do this with the commands below in my httpd.conf file. My problem is that mod_jk seems to only pay attention to the first set of JKMount commands. So the end result is that ALL my virtual hosts get sent to the worker called service. I am using Tomcat 3.2.3 and the mod_jk from the following URL: http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.2.3/bin/win32/i38 6/ Any help would be greatly appreciated! I KNOW this can be done as the Tomcat documentation tells me how to do it with mod_jserv. VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot d:/webdocs/service ServerName service.int.mydomain.com ErrorLog d:/logs/service/apache/error.log CustomLog d:/logs/service/apache/access.log common JkMount /*.jsp service JkMount /servlet/* service /VirtualHost VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot d:/webdocs/demo ServerName demo.int.mydomain.com ErrorLog d:/logs/demo/apache/error.log CustomLog d:/logs/demo/apache/access.log common JkMount /*.jsp demo JkMount /servlet/* demo /VirtualHost VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot d:/webdocs/store ServerName store.int.mydomain.com ErrorLog d:/logs/store/apache/error.log CustomLog d:/logs/store/apache/access.log common JkMount /*.jsp store JkMount /servlet/* store /VirtualHost VirtualHost * ServerAdmin [EMAIL PROTECTED] DocumentRoot d:/webdocs/payment ServerName payment.int.mydomain.com ErrorLog d:/logs/payment/apache/error.log CustomLog d:/logs/payment/apache/access.log common JkMount /*.jsp payment JkMount /servlet/* payment /VirtualHost -Eric
response.sendRedirect problems with IE5.5
When I call the response.sendRedirect() function from a Java Bean I get a response that already has data in it, the only problem is that the response shouldn't have any data in it already. I have a function call before anything is written to the output buffer that determines if this page should call a response.sendRedirect(). The weird thing is that only IE has the data that shouldn't be returned in the html page (from the view source option). Netscape doesn't have the garbage data when I view source. What is going on here? Info: Tomcat 3.2.3 jdk1.2.2 NT 4.0 ### data that shouldn't be returned ### !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN http://www.w3.org/TR/REC-html40/loose.dtd; html head ... omitted data ... CircImage4.src = HTTP/1.1 200 OK Via: 1.0 MAIL Connection: Keep-Alive Content-Length: 1536 Content-Type: text/html Last-Modified: Thu, 16 Aug 2001 16:54:28 GMT Servlet-Engine: Tomcat Web Server/3.2.3 (JSP 1.1; Servlet 2.2; Java 1.2.2; Windows NT 4.0 x86; java.vendor=Sun Microsystems Inc.) ### page that should be returned ### html head ... rest of response ... ### relevent parts of index. jsp ### /*** session operations ***/ try { sessionBean.setResponse(response); sessionBean.setRequest(request); sessionBean.setIP(request.getRemoteAddr()); sessionBean.setFile(path + name); sessionBean.log(); } catch(IOException ignored) { } catch(SQLException ignored) { } // output header,nav application.getRequestDispatcher(/main.jsp).include(request,response); // output static page if no processing needed on content if(proc == null || proc.equals(false)) { application.getRequestDispatcher(/static.jsp).include(request,response); } else { application.getRequestDispatcher(/ + name).include(request,response); } // output footer application.getRequestDispatcher(/footer.jsp).include(request,response); % ### relevent portion of SessionBean ### public void log() { ... if(visits == 1) { res.sendRedirect(/intro.html); } ... }
Re: a simple ( irritating) classpath problem
- Original Message - From: Dmitri Colebatch [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 11:33 PM Subject: Re: a simple ( irritating) classpath problem hi, There are three basic areas that classes can be put in tomcat: WEB-INF/classes - contains all the classes that form the web application WEB-INF/lib - contains jars that the web application uses TOMCAT_HOME/lib - contains jars that are available to _all_ applications using tomcat There's one other one that I came across yesterday as well. TOMCAT_HOME/server/lib I think this is probably Tomcat 4 specific, not sure. I found that in order to get JDBCRealm to work, I had to copy the .jar file for my JDBC driver to this directory. Note, it didn't work when I first tried copying it to TOMCAT_HOME/lib. Jon
Re: JDBCRealm Security setup Help Required.
As far as I know, the users, roles, and user_roles tables are global and will get used by whatever Web applications you have protected. Are you saying that you want to have a separate set of these table, one for each Web application? Why not just create different roles, one for each Web application? Personally, I'm hoping that the MemoryRealm class will be improved upon in the future. Putting this information in a SQL database seems like a lot of overhead to me (even though it does seem to work well, once you get it setup). Basically, the functionality that I'm looking for in MemoryRealm is the ability to tell Tomcat to reload the user database. Also, it would be nice to have a digest property like you have with JDBCRealm, so that you can store the passwords as hashes instead of in clear-text. Jon - Original Message - From: Nitin Goyal [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 6:46 AM Subject: JDBCRealm Security setup Help Required. Hi, We are setting up the JDBCRealm security with Tomcat. We have seen the jdbcrealm.howto file and we are able to make a small test sample run perfectly fine. However, there are some clarifications in the implementation scenario that require your inputs: We have more than one webapps running in the Tomcat Server. I understand that it is recommended to create a separate schema for jdbcrealm authentication, but one can create the authentication schema in the application database too rather then create a new schema. Lets say we have 5 database schemas in a single database, which are for 5 different webapps, and we want to use JDBCrealm authentication. One option is to create a separate schema (as mentioned in the .howto document), but this will require extensive changes in our code for each web app. In case we are to bundle the security schema with the application database schema, how do we create the corresponding multiple RequestInterceptor entries in server.xml for all of these? How will tomcat validate the username with the correct username/password? Are there any other ways to implement this authentication? Are there any disadvantages in NOT creating a separate database schema? Any suggestions are most welcome! Regards Nitin Goyal Webrizon eSolutions Pvt. Ltd., INDIA [EMAIL PROTECTED] There is no failure except in no longer trying.
Re: JDBC Driver for sql server 2000
Oops, actually the link is http://www.inetsoftware.de. Always forget about that... Jon - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 11:05 AM Subject: Re: JDBC Driver for sql server 2000 http://www.inetsoftware.com has a great driver IMHO. It's a JDBC type 4 and they seem to be very proactive about keeping it up to date. I tried JTurbo awhile back and I liked Inet's driver better. The JTurbo one seemed buggy to me. I don't remember what the specific issue was that I found with it. It was a long time ago, so, it may no longer be an issue. I can say that I really like the driver that Inetsoftware has though. I've been using it for about a year and a half and it works great. Also, they come out with periodic updates. Probably at least one per quarter. I'm using the Opta2000 driver, version 4.11. Jon - Original Message - From: Saritha Pula [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 11:00 AM Subject: RE: JDBC Driver for sql server 2000 Hi JTurbo JDBC driver works well with SQLServer2000 --Pula -Original Message- From: Trig Gullberg [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:54 AM To: '[EMAIL PROTECTED]' Subject: JDBC Driver for sql server 2000 Does any one know of a good sql server 2000 jdbc driver that works well with tomcat? Any help or suggestions are appreciated.
Re: Tomcat 4.0.7b and lib help
My guess is that this may be the same problem that I ran into while trying to use JDBCRealm. I think you have to put the .jar file in TOMCAT_HOME/server/lib instead of TOMCAT_HOME/lib for low-level .jar files that get used by Tomcat itself? I'm not an expert, that just seemed to be experience that I had. Jon - Original Message - From: Shawn Evans [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 11:45 AM Subject: Tomcat 4.0.7b and lib help I have a servlet FBJServlet that uses a DB connection pool, and I have the JDBC driver for Oracle installed as well in the /lib/classes12.jar... I open the jar and see OracleDataSource... but I get the error below. Root Cause: java.lang.NoClassDefFoundError: oracle/jdbc/pool/OracleDataSource at com.sterling.util.db.pooling.DBPoolManager.init(DBPoolManager.java:110) at com.sterling.util.db.pooling.DBPoolManager.(DBPoolManager.java:17) at com.sterling.util.db.pooling.DBPoolManager.getInstance(DBPoolManager.java:23 ) at com.sterling.ForceBrowserJ.FBJServlet.init(FBJServlet.java:15) at javax.servlet.GenericServlet.init(GenericServlet.java:366) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:833) at org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:602) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:214) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:215) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:2 46) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2314) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164 ) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 64) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:5 66) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java: 1000) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1093 ) at java.lang.Thread.run(Thread.java:484)
Re: JNDIRealm questions
I did a search of the Tomcat Developer List archive and found that it looks like #2 is possible (or was only planned and isn't yet implemented?), so, that's cool. Now, if I could only find the documentation on how to use this... ;-) Craig, if you're listening, can you post an example Realm entry for JNDIRealm that would go in server.xml? If there were a JNDIRealm.howto, like the JDBCRealm.howto, that would be great. I'm guessing that you guys just haven't had a chance to do that yet. I'd being willing to write one up similar to the JDBC one once I get it figured out. A sample entry for a user and a role in LDIF format would also be very helpful. Also, I like the example JDBCRealm entries that are currently in server.xml, if there was a sample one for JNDIRealm that would be great. Jon [Tomcat 4] - JndiRealm Proposals From: Craig R. McClanahan Subject: [Tomcat 4] - JndiRealm Proposals Date: Tue, 10 Apr 2001 10:05:39 -0700 Over the last few weeks, there has been a high degree of interest in having a Realm implementation for Tomcat 4.0 that authorizes users via a JNDI-accessed directory server (typically, but not limited to, LDAP servers). There have been proposed contributions on both TOMCAT-USER and TOMCAT-DEV towards this end. I'd like to combine the best features of these submissions, but wanted to get some feedback and agreement on overall goals before doing so. Here's my list so far: * Usable via JNDI 1.2 (or the JNDI classes built in to J2SDK 1.3). * Does not interfere with existing use of JNDI APIs inside Catalina, or in user web apps. * Pluggable initial context factory, and factory initialization parameters (so you can use any JNDI-accessible service you want). * Configurable access to the internal data elements and attributes, so we don't have to predefine the structure (in the same way that JDBCRealm lets you configure table and column names). * Reuse functionality in existing Realm implementations as appropriate (may cause a little minor refactoring along the way). * Support for two major modes of operation: * SYSTEM LOGIN. Realm implementation binds itself to the server using a system-level username/password, then reads the username and password attributes to perform authentication (analogous to how JDBCRealm works). Would also support the optional digesting functionality that JDBCRealm supports. * USER LOGIN. Realm implementation attempts to bind to the server using the username and password specified by the user. If this is successful, the user is considered to be authenticated, and the associated roles are looked up. Comments? Questions? Changes? Craig - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 5:25 PM Subject: JNDIRealm questions I'm currently looking at trying to use JNDIRealm for authentication and I've come up with a number of questions. I'm wondering if anyone knows the answers to any of the following questions. 1. Does anyone have it working that can provide an example entry of what should go in server.xml and also an example entry for a user (and a role, if separate entry is required for that)? 3. What are the specific digest formats that are supported with regard to the userPassword attribute? Clear-text and MD5, or are there more? Does it support crypt? Also, does it check all userPassword values or only one? 2. Is it possible to get it to bind as the user being authenticated and not require access to the userPassword attribute? If not, why? I'm guessing performance, but, this is problematic because it requires the password to be in a specific format. Also, it is less secure since the password is sent out over the wire even if it is encrypted and it won't work with directories such Active Directory which won't let you query the password attribute. 4. Does it query the server for each page request, or does it do caching? Jon
Re: JDBC Driver for sql server 2000
Doesn't look very up to date though. The file date is 1/25/2000. I guess if it works, that's all that matters... Jon - Original Message - From: Chris McNeilly [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 3:25 PM Subject: RE: JDBC Driver for sql server 2000 I can vouch for FreeTDS as well. We've had no problems with it. -Original Message- From: Jim Urban [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 4:23 PM To: [EMAIL PROTECTED] Subject: RE: JDBC Driver for sql server 2000 FreeTDS is free and it works fine. http://www.freetds.org/ Jim Urban Product Manager Netsteps Inc. Suite 505E 1 Pierce Pl. Itasca, IL 60143 Voice: (630) 250-3045 x2164 Fax: (630) 250-3046 -Original Message- From: Stéphane De Jonghe [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 11:35 AM To: [EMAIL PROTECTED] Subject: RE: JDBC Driver for sql server 2000 Hi, But is there any free (or open source) JDBC driver for MS SQL Server who is not using the jdbc:odbc link ? I tried JSQLConnect, but it is a trial version... Thanks, Stef -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 6:05 PM To: [EMAIL PROTECTED] Subject: Re: JDBC Driver for sql server 2000 http://www.inetsoftware.com has a great driver IMHO. It's a JDBC type 4 and they seem to be very proactive about keeping it up to date. I tried JTurbo awhile back and I liked Inet's driver better. The JTurbo one seemed buggy to me. I don't remember what the specific issue was that I found with it. It was a long time ago, so, it may no longer be an issue. I can say that I really like the driver that Inetsoftware has though. I've been using it for about a year and a half and it works great. Also, they come out with periodic updates. Probably at least one per quarter. I'm using the Opta2000 driver, version 4.11. Jon - Original Message - From: Saritha Pula [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 11:00 AM Subject: RE: JDBC Driver for sql server 2000 Hi JTurbo JDBC driver works well with SQLServer2000 --Pula -Original Message- From: Trig Gullberg [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 23, 2001 8:54 AM To: '[EMAIL PROTECTED]' Subject: JDBC Driver for sql server 2000 Does any one know of a good sql server 2000 jdbc driver that works well with tomcat? Any help or suggestions are appreciated.
Re: JNDIRealm questions
Thanks, can you confirm that binding as the user rather as system is supported? Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 3:21 PM Subject: Re: JNDIRealm questions On Thu, 23 Aug 2001, Jonathan Eric Miller wrote: Date: Thu, 23 Aug 2001 15:08:12 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: JNDIRealm questions I did a search of the Tomcat Developer List archive and found that it looks like #2 is possible (or was only planned and isn't yet implemented?), so, that's cool. Now, if I could only find the documentation on how to use this... ;-) Craig, if you're listening, can you post an example Realm entry for JNDIRealm that would go in server.xml? If there were a JNDIRealm.howto, like the JDBCRealm.howto, that would be great. I'm guessing that you guys just haven't had a chance to do that yet. I'd being willing to write one up similar to the JDBC one once I get it figured out. A sample entry for a user and a role in LDIF format would also be very helpful. Also, I like the example JDBCRealm entries that are currently in server.xml, if there was a sample one for JNDIRealm that would be great. Jon I'm about halfway through a new HOWTO page that covers all three realm implementations -- it should be done by next week. It will need to include more than one example, because there's more than one usual way that people populate their LDAP servers. Craig
Re: JNDIRealm questions
Another thing to look at is that it would be good to have it iterate through all userPassword values in the user's entry if you do it the system way. i.e. the userPassword attribute might be multivalued and might contain the password in multiple different hash formats. For example, it might have it in crypt format and also in MD5 format. I was just looking at the source code and it looked like it was only checking the first value. Thanks, Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 3:42 PM Subject: Re: JNDIRealm questions On Thu, 23 Aug 2001, Jonathan Eric Miller wrote: Date: Thu, 23 Aug 2001 15:35:09 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: JNDIRealm questions Thanks, can you confirm that binding as the user rather as system is supported? At present it does not :-(. There are some proposed patches that provide this facility on the developer mailing list, and I plan to integrate those soon. Jon Craig - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, August 23, 2001 3:21 PM Subject: Re: JNDIRealm questions On Thu, 23 Aug 2001, Jonathan Eric Miller wrote: Date: Thu, 23 Aug 2001 15:08:12 -0500 From: Jonathan Eric Miller [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: JNDIRealm questions I did a search of the Tomcat Developer List archive and found that it looks like #2 is possible (or was only planned and isn't yet implemented?), so, that's cool. Now, if I could only find the documentation on how to use this... ;-) Craig, if you're listening, can you post an example Realm entry for JNDIRealm that would go in server.xml? If there were a JNDIRealm.howto, like the JDBCRealm.howto, that would be great. I'm guessing that you guys just haven't had a chance to do that yet. I'd being willing to write one up similar to the JDBC one once I get it figured out. A sample entry for a user and a role in LDIF format would also be very helpful. Also, I like the example JDBCRealm entries that are currently in server.xml, if there was a sample one for JNDIRealm that would be great. Jon I'm about halfway through a new HOWTO page that covers all three realm implementations -- it should be done by next week. It will need to include more than one example, because there's more than one usual way that people populate their LDAP servers. Craig
Re: Jsse / SSL / Tomcat
- Original Message - From: zze-messager FTM balr002 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 2:42 AM Subject: Jsse / SSL / Tomcat Hello, I need to use HTTPS 1. I've installed jsse.jar, jnet.jar and jcert.jar both in $JDK/jre/lib/ext and in $TOMCAT/lib. 2. I need now to create a server certificate : I've tried the command line : keytool -genkey -alias tomcat -keyalg RSA - i'm asked for the password : changeit but, the following error appears : keytool generator notr available. What version of the JDK are you using? Are you using Sun's JVM? What's haapened ? What can i do ? What's does it mean tomcat after the key word alias ?? That's the alias/name that is associated with the certificate that you are creating. Jon Tanks for help, Delphine
Re: Possible to return multiple responses/pages for a request?
Thanks for the response. Currently, I'm not doing any client-side scripting though and I want to try to avoid doing so if at all possible. I appreciate the suggestion though. It's something to think about. Jon - Original Message - From: Jim Urban [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 7:24 AM Subject: RE: Possible to return multiple responses/pages for a request? This is an unproven browser side solution which involves JavaScript and framesets... 1. The page that submits to the long running servlet should consists of a frame set. The one frame is visible and displays the page that allows the user to input the data. The second frame is invisible and contains a form containing duplicate form variables. 2. The submit button on the user input page does the following: 1. Copies the contents of its form variables to the hidden frame's form variables. 2. Redirects the current frame to your Processing your request, please wait... page. 3. Your Processing your request, please wait... contains an onload function which calls a JavaScript function in the hidden frame telling the hidden frame to submit itself to your servlet, targeting either the visible frame or top to replace the frameset completely. I have not tried this, but I think it should work. If you try it, please let me know if it works. Jim Urban Product Manager Netsteps Inc. Suite 505E 1 Pierce Pl. Itasca, IL 60143 Voice: (630) 250-3045 x2164 Fax: (630) 250-3046 -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 21, 2001 4:48 PM To: Tomcat User List Subject: Possible to return multiple responses/pages for a request? I'm wondering if it is possible to return multiple responses/pages from a given request? I have a servlet that performs some processing after a form is submitted to it. This processing sometimes takes several seconds to complete. What I want to do is first display a page which says Processing your request, please wait... Then, after the processing is done, I want to display another page. The second page should replace the first page in the user's browser. Does anyone know if this is possible to do? I want to say that at some point someone told me that you can do this with multi-part something-or-other? Basically, I want to do something like the following, but, it doesn't work. resp.setContentType(text/html); PrintWriter pw = resp.getWriter(); pw.println(htmlheadtitleTest/title/headbody); pw.println(pPlease wait.../p ); pw.println(/body/html); pw.close(); Thread.sleep(1); resp.setContentType(text/html); pw = resp.getWriter(); pw.println(htmlheadtitleTest/title/headbody); pw.println(pProcessing completed.../p); pw.println(/body/html); pw.close(); Jon
Re: Jsse / SSL / Tomcat
I'd do a search of IBM's documentation for keytool and see if they have that command. I don't know if that is a required part of the JDK or not. It may be that they have an equivalent command, but, it's called something else? Jon - Original Message - From: zze-messager FTM balr002 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 8:31 AM Subject: RE: Jsse / SSL / Tomcat i use jdk1.2.2 (ibm) -Message d'origine- De : Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Envoyé : mercredi 22 août 2001 15:29 À : [EMAIL PROTECTED] Objet : Re: Jsse / SSL / Tomcat - Original Message - From: zze-messager FTM balr002 [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 2:42 AM Subject: Jsse / SSL / Tomcat Hello, I need to use HTTPS 1. I've installed jsse.jar, jnet.jar and jcert.jar both in $JDK/jre/lib/ext and in $TOMCAT/lib. 2. I need now to create a server certificate : I've tried the command line : keytool -genkey -alias tomcat -keyalg RSA - i'm asked for the password : changeit but, the following error appears : keytool generator notr available. What version of the JDK are you using? Are you using Sun's JVM? What's haapened ? What can i do ? What's does it mean tomcat after the key word alias ?? That's the alias/name that is associated with the certificate that you are creating. Jon Tanks for help, Delphine
Re: where is build-solaris.sh
Have you guys thought about just using Tomcat in standalone mode? That's what I'm planning to do once 4.0 comes out. Previously, I had the same problems as you guys with regard to building mod_jk. There were never any Solaris binaries available by default. Once I figured it out, it wasn't too bad. But, it did seem that there were a few gotchas. Also, it seemed that the docs improved a bit later on. It's been awhile since I did that, so, I don't remember the specific issues that I had. Jon - Original Message - From: Peter Shankey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 4:42 AM Subject: RE: where is build-solaris.sh Please let me know how it goes for you. I am struggling with the same issues. I have just posted a message about compiling mod_jk with Solaris 8. If I get it to work I will certainly send mod_jk to you. Pete [EMAIL PROTECTED] Shahed A Moolji [EMAIL PROTECTED] wrote: Hi, I just downloaded the tomcat 3.2.3 src tarball. I cant find the build-solaris.sh or README.solaris or any Makefile for building the solaris mod_jk.so Thanks Shahed __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
Re: Help: Can't build mod_jserv.so for tomcat
I'm pretty sure that it's no longer recommended that people use mod_jserv. I think mod_jk replaced it, or maybe there is something even newer? Jon - Original Message - From: Rob Cartier [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 5:27 AM Subject: Help: Can't build mod_jserv.so for tomcat I have downloaded the source for tomcat 3.2.3 and am trying to build the mod_jserv.so module. But no matter what I do I get the following error: apxs:Error: @sbindir@httpd not found or executable or apxs: Error @LIBEXECDIR@ not found or executable any ideas or does someone have a generic module for use with tomcat 3.2.3 and apache 1.3.19-5 (RH 7.1 distribution) Rob
Re: ldap authentication with tomcat
I think JNDIRealm will do this. However, it seems to be a pretty newly added feature and as far as I can tell, it isn't documented very well. I've been wondering the same thing. If you figure it out, please let me know. You might want to do a search of the mail list archives. I saw a few messages about it in there. However, it looked like it was about a 3rd party add-on that did it. I'm pretty sure the functionality now exists in it natively. I think it's configured similar to JDBCRealm in server.xml. So, I've been thinking that I might try to figure that out first, since, it seems to be better documented. Jon - Original Message - From: Astrid Wagner [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 6:04 AM Subject: ldap authentication with tomcat Hi, I am new to the subject: How can I enforce ldap authentication for certain resources using tomcat - similar to the Directory toProtectResourcePath Options FollowSymLinks AllowOverride None AuthType Basic AuthName Authentication AuthLDAPURL ldap://ldapUrl require valid-user /Directory for apache in order to be able to get user information via e.g. getRemoteUser() etc. ? And by the way: Where is a valuable description of the configuration with server.xml and web.xml? Thanks. Astrid
Re: Sending email from servlet?
Yeah, that's what I'm doing and it seems to work well. Jon - Original Message - From: Leandro de Oliveira e Ferreira [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 8:08 AM Subject: Re: Sending email from servlet? Download javamail from www.javasoft.com There you'll find the classes and lots of examples , including this one. []s Leandro At 16:05 22/08/01 +0200, you wrote: can someone please explain to me how to send email from a servlet. Regards, Yuval Domain The Net Technologies Ltd. 6 Weitzman Blvd. Ramat-Hasharon Israel 47211 Tel: 972-3-5474443 Fax: 972-3-5474446 www.DomainTheNet.com This email message and any attachments hereto are intended only for use by the addressee(s) named above, and may contain legally privileged and/or confidential information. If you are not the intended addressee, you are hereby kindly notified that any dissemination, distribution or copying of this email and any attachments hereto is strictly prohibited. If you have received this email in error, kindly delete it from your computer system, and notify us at the telephone number or email address appearing above. Thank you
Re: Pre-install question
Yup. Jon - Original Message - From: Gregory Reddin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 6:38 PM Subject: RE: Pre-install question So if I only need to be able to run JSPs then all I need is Tomcat? It's its own webserver? -Greg --- Rob S. [EMAIL PROTECTED] wrote: Apache serves documents plain and simple. You request a file from the server and it gives it back to you. Of course, there are lots of modules written for Apache that enable it to do extra things, this is just an extreeemely high level description =) Tomcat is a servlet container (an environment that servlets run in) and a jsp engine (process JSP requests). Check out the introduction in the Tomcat 3.x guides on integrating Apache with Tomcat for more info... - r -Original Message- From: Gregory Reddin [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 22, 2001 11:17 AM To: [EMAIL PROTECTED] Subject: Pre-install question I have a Windows 2000 Server that I would like to be able to process JSP files with. I do not have IIS installed on this server. I am getting confused with the difference between Apache webserver and Tomcat. Do I need to download and install Apache before using Tomcat? What would be the best to do? Thank you, -Gregory Reddin __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/ __ Do You Yahoo!? Make international calls for as low as $.04/minute with Yahoo! Messenger http://phonecard.yahoo.com/
Re: Bug in ServletResponse.flushBuffer() in Tomcat 4.0b7?
Cool, thanks, I appreciate it. I'll give it a try. If this works, that's good investigative work. Jon - Original Message - From: Mauro Bertapelle [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 21, 2001 12:56 PM Subject: Re: Bug in ServletResponse.flushBuffer() in Tomcat 4.0b7? Jonathan, this was already discussed in this list some times ago.. Regards, mauro -- Scott, I've finally got it. The problem with Internet Explorer is that, no matter how many flavors of no-cache, cache-no, no-cache-thanks, etc.. you put in your header, it'll not output anything until it has read at least 256 characters: public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType(text/html); response.setIntHeader(Expires, -1); response.addHeader(Cache-Control, no-cache); response.addHeader(pragma, no-cache); PrintWriter out = response.getWriter(); out.println(html); // 7 out.println(headtitleTitle/title); // 34 out.println(/headbody); // 48 out.println(!- ); // 128 out.println(--- ); // 208 // out.println(- phase 1br); // 255, doesn't display till end of page out.println(-- phase 1br); // 256, start display immediately response.flushBuffer(); try { Thread.sleep(5000); } catch (Exception e) { }; out.println(phase 2); out.println(/body); out.println(/html); out.close(); } Regards, Mauro Bertapelle JMatica Srl [EMAIL PROTECTED] --
Re: Mozilla and Tomcat
I've ran into similar problems with Internet Explorer. Not exactly though. Basically, I've seen IE display a cached page, even if you have caching turned off. What I do is completely exit and restart my browser each time I test a change to a servlet. Jon - Original Message - From: John Baker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 21, 2001 3:13 PM Subject: Mozilla and Tomcat Hello. Ever since the Mozilla builds between 0.9.2 and 0.9.3 (and I mean all builds, including 0.9.3), I have experienced some problems with redering Tomcat generated pages. If I change a jsp (I have reloadable on for development) then I will often see just this when the page reloads: htmlbody/body/html If I keep pressing refresh. after four or five attempts the page will reload properly. Now I assume this is something odd tomcat is doing, and Mozilla is then getting confused, because this doesn't happen with any other website I've visited. Any other Mozilla users seen this? Or have a solution? Cheers John Baler -- John Baker, BSc CS. Java Developer, TEAM Slb. (http://www.teamenergy.com) The views expressed in this mail are my own.
Possible to return multiple responses/pages for a request?
I'm wondering if it is possible to return multiple responses/pages from a given request? I have a servlet that performs some processing after a form is submitted to it. This processing sometimes takes several seconds to complete. What I want to do is first display a page which says Processing your request, please wait... Then, after the processing is done, I want to display another page. The second page should replace the first page in the user's browser. Does anyone know if this is possible to do? I want to say that at some point someone told me that you can do this with multi-part something-or-other? Basically, I want to do something like the following, but, it doesn't work. resp.setContentType(text/html); PrintWriter pw = resp.getWriter(); pw.println(htmlheadtitleTest/title/headbody); pw.println(pPlease wait.../p ); pw.println(/body/html); pw.close(); Thread.sleep(1); resp.setContentType(text/html); pw = resp.getWriter(); pw.println(htmlheadtitleTest/title/headbody); pw.println(pProcessing completed.../p); pw.println(/body/html); pw.close(); Jon
Re: Possible to return multiple responses/pages for a request?
I have a book named Java Servlet Programming which mentions a class called MultipartResponse that looks like it might do what I want, but, it says that IE doesn't support it. Also, it seems to be using a class provided by oreilly. It would be nice to be able to handle the problem in a synchronous fashion. Jon - Original Message - From: Shunsuke Masuda [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 21, 2001 8:06 PM Subject: Re: Possible to return multiple responses/pages for a request? Hello, I have the same requirement on the current project. What I am doing is to use threads for heavy tasks and let browsers reload by meta Refresh. References to the threads are setAttr'ed into HttpSession, and a servlet checks on each reload whether or not the threads complete. Shunsuke Masuda - Original Message - From: Jonathan Eric Miller [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Wednesday, August 22, 2001 6:48 AM Subject: Possible to return multiple responses/pages for a request? I'm wondering if it is possible to return multiple responses/pages from a given request? I have a servlet that performs some processing after a form is submitted to it. This processing sometimes takes several seconds to complete. What I want to do is first display a page which says Processing your request, please wait... Then, after the processing is done, I want to display another page. The second page should replace the first page in the user's browser.
Re: SSL-How-2 for Tomcat 4
Try reading server.xml, I haven't had any problems here. All you have to do is uncomment a few lines of code and run the keytool command that's listed there. Also, you need to make sure you have JSSE is installed. Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 10:19 AM Subject: RE: SSL-How-2 for Tomcat 4 I wonder if anyone else has seen the eratic differences in behavior between Win2k Pro and Win2K Server... BIG Difference in IIS5 but... Chris - If you see this thread... Why won't the /examples site won't encrypt properly (https://localhost:8443/examples/servlets/index.html Thnx! cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 10:05 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Interesting... well Chris is a regular so I'm sure he'll have something to add =) - r On Mon, 20 Aug 2001 09:54:15 -0500 [EMAIL PROTECTED] wrote: I would LOVE to think that BUT... alas...that has NOT been my experience... I did it to two different machines... step-by-step (good instruction / lousy program) is my guess... I using Win2K / IIS 5 / Tomcat4 b6...my app aside... I could NOT get /examples to come over with SSL... I'm seeing a LOT of inconsistency (between win2k and win2k server et al) cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 9:48 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 If you follow the steps... you CAN'T EVEN GET /examples in SSLThat sinches it... Abandom Hope All Ye Who Enter Here... I surmise that Tomcat4 b6 does NOT support SSL (any flavor / any way / never)... Looks like Bill will win again since the OSC is too busy writing viruses... That's interesting... several people have written saying how good that documentation is. Maybe you're missing something? Is that a possibility? - r
Anyone using JNDIRealm?
Anyone out there using JNDIRealm? Jon
Re: SSL-How-2 for Tomcat 4
Are you receiving a specific error message? Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 1:03 PM Subject: RE: SSL-How-2 for Tomcat 4 I did... Still won't work... :( -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Try reading server.xml, I haven't had any problems here. All you have to do is uncomment a few lines of code and run the keytool command that's listed there. Also, you need to make sure you have JSSE is installed. Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 10:19 AM Subject: RE: SSL-How-2 for Tomcat 4 I wonder if anyone else has seen the eratic differences in behavior between Win2k Pro and Win2K Server... BIG Difference in IIS5 but... Chris - If you see this thread... Why won't the /examples site won't encrypt properly (https://localhost:8443/examples/servlets/index.html Thnx! cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 10:05 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Interesting... well Chris is a regular so I'm sure he'll have something to add =) - r On Mon, 20 Aug 2001 09:54:15 -0500 [EMAIL PROTECTED] wrote: I would LOVE to think that BUT... alas...that has NOT been my experience... I did it to two different machines... step-by-step (good instruction / lousy program) is my guess... I using Win2K / IIS 5 / Tomcat4 b6...my app aside... I could NOT get /examples to come over with SSL... I'm seeing a LOT of inconsistency (between win2k and win2k server et al) cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 9:48 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 If you follow the steps... you CAN'T EVEN GET /examples in SSLThat sinches it... Abandom Hope All Ye Who Enter Here... I surmise that Tomcat4 b6 does NOT support SSL (any flavor / any way / never)... Looks like Bill will win again since the OSC is too busy writing viruses... That's interesting... several people have written saying how good that documentation is. Maybe you're missing something? Is that a possibility? - r
Re: SSL-How-2 for Tomcat 4
What URL did you use to access the page? Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 4:15 PM Subject: RE: SSL-How-2 for Tomcat 4 No error message - per se... just no page to display -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 2:23 PM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Are you receiving a specific error message? Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 1:03 PM Subject: RE: SSL-How-2 for Tomcat 4 I did... Still won't work... :( -Original Message- From: Jonathan Eric Miller [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 1:01 PM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Try reading server.xml, I haven't had any problems here. All you have to do is uncomment a few lines of code and run the keytool command that's listed there. Also, you need to make sure you have JSSE is installed. Jon - Original Message - From: Curtis Dougherty [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 20, 2001 10:19 AM Subject: RE: SSL-How-2 for Tomcat 4 I wonder if anyone else has seen the eratic differences in behavior between Win2k Pro and Win2K Server... BIG Difference in IIS5 but... Chris - If you see this thread... Why won't the /examples site won't encrypt properly (https://localhost:8443/examples/servlets/index.html Thnx! cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 10:05 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 Interesting... well Chris is a regular so I'm sure he'll have something to add =) - r On Mon, 20 Aug 2001 09:54:15 -0500 [EMAIL PROTECTED] wrote: I would LOVE to think that BUT... alas...that has NOT been my experience... I did it to two different machines... step-by-step (good instruction / lousy program) is my guess... I using Win2K / IIS 5 / Tomcat4 b6...my app aside... I could NOT get /examples to come over with SSL... I'm seeing a LOT of inconsistency (between win2k and win2k server et al) cd -Original Message- From: Rob S. [mailto:[EMAIL PROTECTED]] Sent: Monday, August 20, 2001 9:48 AM To: [EMAIL PROTECTED] Subject: Re: SSL-How-2 for Tomcat 4 If you follow the steps... you CAN'T EVEN GET /examples in SSLThat sinches it... Abandom Hope All Ye Who Enter Here... I surmise that Tomcat4 b6 does NOT support SSL (any flavor / any way / never)... Looks like Bill will win again since the OSC is too busy writing viruses... That's interesting... several people have written saying how good that documentation is. Maybe you're missing something? Is that a possibility? - r
Bug in ServletResponse.flushBuffer() in Tomcat 4.0b7?
I'm having problems using ServletResponse.flushBuffer() and Tomcat 4.0b7. The following servlet demonstrates. What I want it to do is print out the title and the Test 1 line. Then, pause for 10 seconds and print out the Test 2 line. It doesn't work the first time through. However, if I then hit Refresh in my browser after going through it once, you can see clearly that it prints out the first line pauses and prints out the last line as I would expect it to. Is this a bug? Can someone else reproduce this? The reason I want to get this to work is that I have a servlet where I have a page with a Submit button on it, then on the next page, there is sometimes a few second lag while performing an update on a directory/database. I've had problems in the past where users click the Submit multiple times because they think it's stuck. Actually, it's not, it's just slow. So, what I want to do is print out at least the top part of the page so that the Submit button/previous page is no longer available for them to click on. If someone could fix this for the final version of Tomcat 4, I would greatly appreciate it. Either that or, if anyone else knows of a work around, that would be appreciated too. Thanks, Jon import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SimpleServlet extends HttpServlet { public void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { try { resp.setContentType(text/html); PrintWriter pw = resp.getWriter(); pw.println(htmlheadtitleSimpleServlet/title/headbody); pw.println(pTest 1/p); pw.flush(); resp.flushBuffer(); Thread.sleep(1); pw.println(pTest 2/p); pw.println(/body/html); pw.close(); } catch(Exception e) { System.out.println(e); } } }
Tomcat 4 restart command?
I'm wondering if in Tomcat 4 there is a restart command that you can use to restart it rather than having to stop and start it using startup and shutdown scripts? The problem that I have is that it takes time for it to startup and shutdown, especially when you have SSL enabled. So, a restart command would be nice. Or, if it printed out messages like it does in Tomcat 3.x where as each listening port becomes active (i.e. first port 8080 for HTTP, then later when HTTPS is available and the SecureRandom has been generated), it prints out a message to the screen. This way you know when Tomcat is fully started or stopped. Otherwise, the scripts just return you back to the UNIX prompt before it's actually started up or shutdown and you don't know exactly when that process is complete. I guess a restart command isn't really that important although it would be nice. I like the messages that are displayed in Tomcat 3.x better though. I like knowing exactly when the ports are ready for use. Jon
Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?
Does anyone know if there is a way to tell Tomcat 4 to reload the tomcat-users.xml file? I want to give users the ability to change their passwords without having to restart Tomcat in order for the changes to take affect. I was able to this with Apache Web Server without a problem because it apparently continuously checks that file to see if it has changed. Tomcat doesn't seem to do that. Also, I'm wondering if there are plans to make it so that the passwords in this file are encrypted? Jon
Re: Tomcat 4 restart command?
Thanks for the info. Actually, I just enabled the reloadable option on my Context (development server). So, as long as that works reliably, I should have to restart my server far less often. Thanks, Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 3:17 PM Subject: Re: Tomcat 4 restart command? On Thu, 16 Aug 2001, Jonathan Eric Miller wrote: I'm wondering if in Tomcat 4 there is a restart command that you can use to restart it rather than having to stop and start it using startup and shutdown scripts? The problem that I have is that it takes time for it to startup and shutdown, especially when you have SSL enabled. So, a restart command would be nice. Or, if it printed out messages like it does in Tomcat 3.x where as each listening port becomes active (i.e. first port 8080 for HTTP, then later when HTTPS is available and the SecureRandom has been generated), it prints out a message to the screen. This way you know when Tomcat is fully started or stopped. Otherwise, the scripts just return you back to the UNIX prompt before it's actually started up or shutdown and you don't know exactly when that process is complete. You know it's done when you see the second Starting service x line in $CATALINA_HOME/logs/catalina.out. I guess a restart command isn't really that important although it would be nice. I like the messages that are displayed in Tomcat 3.x better though. I like knowing exactly when the ports are ready for use. Jon There's no restart command for the whole server, but there is a convenient way to restart a particular webapp (say, because you just updated it). Prerequisite: set up a user in your conf/tomcat-users.xml file that has a role named manager. It doesn't matter which user and password it is (Tomcat will only check for the presence of this role). Now, assume you want to force the web app at context path /examples to reload. Simply go to a browser and type: http://localhost:8080/manager/reload?path=/examples The first time you do this, you will be challenged for the username and password you have entered. But, after that, you can just hit reload to resubmit the same command again. This stuff will be covered in a (soon to be written, I promise :-) HOWTO document about the Manager web app. In the mean time, consult the source code of the Manager servelt (org.apache.catalina.servlets.ManagerServlet) for all the things it can do. Craig
Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart?
OK, thanks again. JNDIRealm cool! That was another question that I was going to ask is if it is possible to have it query an LDAP directory for the password information. I'll have to take a look at that. JDBCRealm never seemed like a good idea to me considering most SQL connections aren't encrypted. Hopefully JNDIRealm uses SSL. I'm wondering if the role information has to be stored in the directory? I'll see if I can find the docs... Thanks, Jon - Original Message - From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat User List [EMAIL PROTECTED] Sent: Thursday, August 16, 2001 3:19 PM Subject: Re: Way to tell Tomcat 4 to reload tomcat-users.xml without having to restart? On Thu, 16 Aug 2001, Jonathan Eric Miller wrote: Does anyone know if there is a way to tell Tomcat 4 to reload the tomcat-users.xml file? No, although it would be technically feasible to implement somethng. I want to give users the ability to change their passwords without having to restart Tomcat in order for the changes to take affect. I was able to this with Apache Web Server without a problem because it apparently continuously checks that file to see if it has changed. Tomcat doesn't seem to do that. If you want to do this, you really want to be storing your users in a database and using JDBCRealm, or a directory server and using JNDIRealm. The tomcat-users.xml file is there primarily as the minimum level of stuff necessary to use container-managed security - it is not designed for use as the production means for storing usernames. Also, I'm wondering if there are plans to make it so that the passwords in this file are encrypted? Jon Craig
JNDIRealm questions
I'm currently looking at trying to use JNDIRealm for authentication and I've come up with a number of questions. I'm wondering if anyone knows the answers to any of the following questions. 1. Does anyone have it working that can provide an example entry of what should go in server.xml and also an example entry for a user (and a role, if separate entry is required for that)? 3. What are the specific digest formats that are supported with regard to the userPassword attribute? Clear-text and MD5, or are there more? Does it support crypt? Also, does it check all userPassword values or only one? 2. Is it possible to get it to bind as the user being authenticated and not require access to the userPassword attribute? If not, why? I'm guessing performance, but, this is problematic because it requires the password to be in a specific format. Also, it is less secure since the password is sent out over the wire even if it is encrypted and it won't work with directories such Active Directory which won't let you query the password attribute. 4. Does it query the server for each page request, or does it do caching? Jon
Are many people running Tomcat 4 in standalone mode?
I'm curious to know if there are a lot of people out there running Tomcat in standalone mode versus using it with Apache Web Server or some other Web server? Previously, I've been using it with Apache Web server on Solaris 8 with mod_jk. However, as of version 4, it seems like it's pretty stable and it seems to be getting sufficiently robust. So, I'm planning on running it in standalone mode. Everything seems to be working fine. I'm wondering if using it with Apache Web Server really makes that much difference in terms of performance? My Web application isn't taking a massive amount of hits, so, I think I should be OK. I was just curious what others are doing. Jon
Question regarding servlet/jsp mapping using uriworkermap.properties
I have a question regarding mapping with uriworkermap.properties. We have Tomcat running with IIS and I would like to set things up so that IIS serves up static content (html files) leaving Tomcat to handle JSP and Struts. My question is this: if the directories holding the JSPs are structured as follows: \myContext\jsp\a1\b1\ {some JSP files} \myContext\jsp\a1\b2\ {some JSP files} \myContext\jsp\a2\c1\ {some JSP files} \myContext\jsp\a3\c2\ {some JSP files} Can I map these to Tomcat using the following entries in uriworkermap.properties? \myContext\jsp\*.jsp=ajp12 Or will I need to specify a rule for each directory? \myContext\jsp\a1\b1\*.jsp=ajp12 \myContext\jsp\a1\b2\*.jsp=ajp12 \myContext\jsp\a2\c1\*.jsp=ajp12 \myContext\jsp\a3\c2\*.jsp=ajp12 Eric Wu Java Architect GlobalMedic Inc., a Canadian Medical Association subsidiary 8200 Decarie Blvd., Suite 205 Montreal, Qc. Canada, H4P 2P5 Tel: (514) 738-6770 Ext. 239 Fax: (514) 738-4827 Email: [EMAIL PROTECTED] Web: http://www.globalmedic.com/ Gold Medal Winner at the 2000 WWW Health Awards