Re: Error with content-type application/pdf and Internet Explorer
Thanks, Steve With response.setHeader(Cache-Control, cache); response.setHeader(Pragma, cache); runs OK in IE regards, Luis Steve Ochani escribió: Date sent: Thu, 05 Jun 2008 10:36:32 +0200 From: Luis Pascual Forner [EMAIL PROTECTED] Subject:Error with content-type application/pdf and Internet Explorer To: Tomcat Users List users@tomcat.apache.org Send reply to: Tomcat Users List users@tomcat.apache.org Organization: IVAL informática http://www.ival. com Hello, The JSP script that follows produces an error when accessing with Internet Explorer: Your problem seems to be very similar to some previous postings, including this: http://www.nabble.com/PDF-problem-on-IE-from-JSP-td14879788.html I would search via google or one of the tomcat users archive. %@ page contentType=application/pdf % %@ page import=java.io.File % %@ page import=java.io.FileInputStream % %@ page import=java.io.InputStreamReader % % InputStreamReader in = new InputStreamReader( new FileInputStream(new File(document.pdf)), ISO-8859-1); char[] b = new char[128]; int i = in.read(b, 0, 128); while (i = 0) { out.write(b, 0, i); i = in.read(b, 0, 128); } in.close(); % More info: * Tomcat version: 5.5.26. * Internet Explorer open a download window, and then the error No puede descargar xx de www..es. El archivo no pudo ser escrito en la caché (my IE is localized in spanish). * The same script runs OK with Firefox in Linux and with Mozilla in Windows. * The same script runs OK with Internet Explorer and Tomcat 5.0.19 + Apache 2.0.49. * No messages in log. * In the conf/web.xml file appears the mime-type application/pdf. regards, Luis - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticate with X509 certification
No, because I want that the certificate was required ONLY when I acces to some pages. In fact, this is how now works, but sometimes the method getAttribute(javax.servlet.request.X509Certificate) returns null. Finally, I store the certificate in the session, and get it from there when I need it. thanks, Luis ahuelsing escribió: Hi, you have to set clientAuth=true andreas Luis Pascual Forner schrieb: Thanks, Bill, I use the JIO connector. That's my server.xml: ?xml version=1.0 encoding=UTF-8? Server port=8006 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector acceptCount=100 clientAuth=false disableUploadTimeout=true keystoreFile=/X/x.p12 keystorePass=XX keystoreType=PKCS12 port=8443 scheme=https secure=true sslProtocol=TLS truststoreFile=/XXX/trustcacerts truststorePass=XXX truststoreType=JKS/ Connector port=8010 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=com.ival.tomcat.X509Realm debug=0 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context docBase=cavi path=/cavi reloadable=true / Context docBase=x509 path=/x509 reloadable=true allowLinking=true / /Host /Engine /Service /Server Bill Barker escribió: Luis Pascual Forner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need autheticate ONLY with client certificate (i.e., I don't want to check any user's database) . I did that follow: 1. I write a X509Realm, with a method authenticate that only check the validity of each certificate in the certification's chain (don't check if the user exists in any database). 2. Declare this new class in org/apache/catalina/realm/mbeans-descriptors.xml and rg/apache/catalina/mbeans/mbeans-descriptors.xml. 3. Edit server.xml and configure the realm. 4. Edit web.xml to set the auth-method to CLIENT-CERT 5. Put X509Realm.class and mbeans-descriptors.xml in server/classes, with the correct path. 6. Restart Tomcat. Now, I can authenticate with X509 certificate, and get the client certificate with getAttribute(javax.servlet.request.X509Certificate). But, sometimes, this method returns null. Why? Almost certainly means that the client didn't send a cert. But more info on your setup would get a better response. For example are you using the APR or the JIO Connector? regards - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Apache with Tomcat using mod_jk connector
Caldarale, Charles R schrieb: From: Thanuja Danda [mailto:[EMAIL PROTECTED] Subject: Re: Configuring Apache with Tomcat using mod_jk connector I removed the workers.java_home and workers.tomcat_home from workers.properties. I was just following the instructions from http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html. I'm curious - where in those instructions does it say (or even imply) to declare workers.java_home and workers.tomcat_home? I'm curious too, but I found a reference to those in the worker generic howto and just now removed it (not yet live). - Chuck Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Jk connector stops working
Andrea Di Muro schrieb: Is your OOME coming from heap? What's the exact message, JVM version and TC version? Tomcat version is 5.5.20 running on JVM 1.5.0_10-b03 This is the error I get in the log file: Exception in thread ContainerBackgroundProcessor[StandardEngine[Catalina]] java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:28:08 PM org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run SEVERE: Caught exception (java.lang.OutOfMemoryError: Java heap space) executing [EMAIL PROTECTED], terminating thread Exception in thread TP-Processor2 java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:28:51 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Exception in thread TP-Processor32 java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:28:50 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Exception in thread Timer-133 java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:28:50 PM org.apache.tomcat.util.threads.ThreadPool$ControlRunnable run SEVERE: Caught exception (java.lang.OutOfMemoryError: Java heap space) executing [EMAIL PROTECTED], terminating thread Jun 6, 2008 5:31:07 PM org.apache.jasper.runtime.JspFactoryImpl internalGetPageContext SEVERE: Exception initializing page context java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:31:18 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:31:14 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:31:12 PM org.apache.catalina.connector.CoyoteAdapter service SEVERE: An exception or error occurred in the container during the request processing java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:31:19 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Jun 6, 2008 5:32:05 PM org.apache.catalina.core.StandardWrapperValve invoke SEVERE: Servlet.service() for servlet jsp threw exception java.lang.OutOfMemoryError: Java heap space Yes, those are heap space OOMEs, so you must restart the process. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with FarmWarDeployer
Hi guys! I have a little problem with the FarmWarDeployer. Im using Tomcat 6.0.16 (win32), and I have 2 instances on the same machine. All is working ok except when I try to deploy a war file.=20 I have this cluster config(this is for node 2, node 1 only changes ports = and dirs): Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster Manager className=org.apache.catalina.ha.session.BackupManager expireSessionsOnShutdown=false notifyListenersOnReplication=true mapSendOptions=8/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-temp/ deployDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/webapps/ watchDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-listen/ watchEnabled=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter= Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSende= r timeout=15000/ /Sender /Channel /Cluster I drop the war on node 1 dir: C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-listen The FarmDeployer listener detects the change and deploys the war ok on = node 1, but I fails deploying on node 2, I get this message: 09-jun-2008 8:38:07 org.apache.catalina.ha.deploy.FarmWarDeployer messageReceived GRAVE: Unable to read farm deploy file message. java.io.IOException: Write error at java.io.FileOutputStream.writeBytes(Native Method) at java.io.FileOutputStream.write(FileOutputStream.java:260) at org.apache.catalina.ha.deploy.FileMessageFactory.writeMessage(FileMessage= Fac tory.java:209) at org.apache.catalina.ha.deploy.FarmWarDeployer.messageReceived(FarmWarDepl= oye r.java:233) at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpClus= ter .java:899) at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpClus= ter .java:880) at org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChanne= l.j ava:269) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.messageR= ece ived(TcpFailureDetector.java:110) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(Chann= elC oordinator.java:241) at org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(Rec= eiv erBase.java:225) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(= Nio ReplicationTask.java:188) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplic= ati onTask.java:91) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor= .ja va:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.jav= a:9 07) at java.lang.Thread.run(Thread.java:619) 09-jun-2008 8:38:07 org.apache.catalina.startup.HostConfig deployWAR INFO: Despliegue del archivo prueba1.war de la aplicaci=F3n web 09-jun-2008 8:38:07 org.apache.catalina.startup.ContextConfig init GRAVE: Exception fixing docBase: {0}=20 java.util.zip.ZipException: invalid END header (bad central directory offset) at java.util.zip.ZipFile.open(Native Method) ... I think Tomcat is trying to deploy the file when it is still being = written , but I dont know how to fix that, maybe I can change a timeout attr or something? Ive tried setting backgroundProcessorDelay to 60, but it = doesn=92t solve the problem. Please help me! __ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 2945 (20080313) __ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
krusek schrieb: We use tomcat forms authentication and it is cookies being used. There are 3 cookies, JSESSONIDSSO, test and JSESSONID. Not sure how you tell if its marked secure? The test cookie is for testing to assure cookies are enabled. As explained below, my Firefox tells me, for which connctions (secure or all) it uses a cookie, when I look at the cookie in my preferences. You can also use firebug with cleared cookies and have a look at the Set-Cookie header (the header will contain a ; secure), or you can sniff your network traffic on the client side with wireshark, or on the server side with tcpdump/snoop etc. for the same header. Remember that you clear the cookies in the client/browser before looking for the Set-Cookie header. Thanks for your help! Regards, Rainer Rainer Jung-3 wrote: krusek wrote: I have Apache 2 with SSL, mod_jk connection, and Tomcat. Everything has worked peachy from one tomcat upgrade after another. However now I upgraded to tomcat 6 and I am loosing the session when switching from https to http within the same domain. For clarity, Apache 2 is handling SSL not tomcat. Does anyone know why this is happening? Are you using cookies for the sessions (JSESSIONID cookie) or URL encoding (;jsessionid=)? Is some cookie flagged as being secure? You can check how the cookie looks like e.g. using Firefox (Preferences - Privacy - Cookies). Thanks! Kevin Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
Hello, using Tomcat 6.0.12 on one jsp page sometimes the following error occurs: java.lang.ArrayIndexOutOfBoundsException: 8192 at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:720) at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:627) at org.apache.coyote.http11.InternalOutputBuffer.sendHeader(InternalOutputBuffer.java:500) at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1615) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:962) at org.apache.coyote.Response.action(Response.java:180) at org.apache.coyote.http11.InternalOutputBuffer.doWrite(InternalOutputBuffer.java:572) at org.apache.coyote.Response.doWrite(Response.java:559) at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:361) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:433) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:348) at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverter.java:235) at sun.nio.cs.StreamEncoder.writeBytes(StreamEncoder.java:202) at sun.nio.cs.StreamEncoder.implFlushBuffer(StreamEncoder.java:272) at sun.nio.cs.StreamEncoder.implFlush(StreamEncoder.java:276) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:122) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:212) at org.apache.tomcat.util.buf.WriteConvertor.flush(C2BConverter.java:184) at org.apache.tomcat.util.buf.C2BConverter.flushBuffer(C2BConverter.java:127) at org.apache.catalina.connector.OutputBuffer.realWriteChars(OutputBuffer.java:536) at org.apache.tomcat.util.buf.CharChunk.append(CharChunk.java:259) at org.apache.catalina.connector.OutputBuffer.write(OutputBuffer.java:456) at org.apache.catalina.connector.CoyoteWriter.write(CoyoteWriter.java:142) at org.apache.jasper.runtime.JspWriterImpl.flushBuffer(JspWriterImpl.java:118) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:325) at org.apache.jasper.runtime.JspWriterImpl.write(JspWriterImpl.java:341) at org.apache.jasper.runtime.JspWriterImpl.print(JspWriterImpl.java:467) at org.apache.jsp.M30102_jsp._jspService(M30102_jsp.java:958) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:334) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at de.indv.logging.DefaultLogFilter.doFilter(DefaultLogFilter.java:98) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684) at java.lang.Thread.run(Thread.java:619) I have found a similar error in bugzilla, but there was the problem with sendHeader. There is also a customized Status-Code 500 errorpage, where this error occurs: java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at org.apache.coyote.http11.InternalOutputBuffer.write(InternalOutputBuffer.java:689) at org.apache.coyote.http11.InternalOutputBuffer.sendStatus(InternalOutputBuffer.java:428) at org.apache.coyote.http11.Http11Processor.prepareResponse(Http11Processor.java:1604) at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:962) at
Re: Authenticate with X509 certification
Ok, you know, that you have to use ssl/tsl or some challenge-response protocol to ensure that the owner of the certificate also owns the corresponding private key? So the best way might be to use ssl with client auth and an all trusting trustmanager which accepts every certificate but checks for knowledge of the private key. This also forces the client to send a certificate. andreas Luis Pascual Forner schrieb: No, because I want that the certificate was required ONLY when I acces to some pages. In fact, this is how now works, but sometimes the method getAttribute(javax.servlet.request.X509Certificate) returns null. Finally, I store the certificate in the session, and get it from there when I need it. thanks, Luis ahuelsing escribió: Hi, you have to set clientAuth=true andreas Luis Pascual Forner schrieb: Thanks, Bill, I use the JIO connector. That's my server.xml: ?xml version=1.0 encoding=UTF-8? Server port=8006 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector acceptCount=100 clientAuth=false disableUploadTimeout=true keystoreFile=/X/x.p12 keystorePass=XX keystoreType=PKCS12 port=8443 scheme=https secure=true sslProtocol=TLS truststoreFile=/XXX/trustcacerts truststorePass=XXX truststoreType=JKS/ Connector port=8010 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=com.ival.tomcat.X509Realm debug=0 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context docBase=cavi path=/cavi reloadable=true / Context docBase=x509 path=/x509 reloadable=true allowLinking=true / /Host /Engine /Service /Server Bill Barker escribió: Luis Pascual Forner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need autheticate ONLY with client certificate (i.e., I don't want to check any user's database) . I did that follow: 1. I write a X509Realm, with a method authenticate that only check the validity of each certificate in the certification's chain (don't check if the user exists in any database). 2. Declare this new class in org/apache/catalina/realm/mbeans-descriptors.xml and rg/apache/catalina/mbeans/mbeans-descriptors.xml. 3. Edit server.xml and configure the realm. 4. Edit web.xml to set the auth-method to CLIENT-CERT 5. Put X509Realm.class and mbeans-descriptors.xml in server/classes, with the correct path. 6. Restart Tomcat. Now, I can authenticate with X509 certificate, and get the client certificate with getAttribute(javax.servlet.request.X509Certificate). But, sometimes, this method returns null. Why? Almost certainly means that the client didn't send a cert. But more info on your setup would get a better response. For example are you using the APR or the JIO Connector? regards - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL
Re: Access static content (logs folder) ?
Hi Thnx ... This really works with regards Karthik Johnny Kewl wrote: - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, June 08, 2008 2:54 AM Subject: RE: Access static content (logs folder) ? From: Johnny Kewl [mailto:[EMAIL PROTECTED] Subject: Re: Access static content (logs folder) ? Where were you yesterday?... cant leave me alone here, hey. and run off and play golf ;) That's what my boss does - and she's very good at it; never tried it myself. I drive on race tracks, fly airplanes, and today, play tennis and go eagle watching. Cut the wings off your plane, put it into an inverted spin, and try land it on a tennis court --- thats golf, with 17 to go ;) Wanted to ask you if its possible to enable a listing for just one webapp... couldnt figure that out. Yes, it can be done. You have to create a WEB-INF/web.xml file under the webapp's docBase, declare its own DefaultServlet, and set the listings value to true. For example: ?xml version=1.0 encoding=ISO-8859-1? web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 servlet servlet-namelogdefault/servlet-name servlet-classorg.apache.catalina.servlets.DefaultServlet/servlet-class init-param param-namedebug/param-name param-value0/param-value /init-param init-param param-namelistings/param-name param-valuetrue/param-value /init-param load-on-startup1/load-on-startup /servlet servlet-mapping servlet-namelogdefault/servlet-name url-pattern//url-pattern /servlet-mapping /web-app Note that you must change the servlet-name to something that doesn't conflict with what's in the global conf/web.xml file. Ah... this is what I got wrong, thx. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] . - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
webapp not working any more since Tomcat 5.5.26
Hi all: I've been strugling with this weird problem with no luck, so I finally decided to post it to the list hoping someone has any clue on how to go on. I have a beatiful webapp (well, a webapp) that has been working flawlessly with different Tomcat versions from 5.5.9 to 5.5.25. Exactly the same war file across vesions, no problem. But then Tomcat 5.5.26 was released and my webapp stopped working. Strange, uh? The funny point is that failure is coming from SAXParser complaining about null pointer on its argument. Of course the first thing was looking at my app, but I didn't find anything; after all, if there wasn't any null pointer till 5.5.25 and the app hasn't been changed, why should it appear now? I though about some dirty-work-dir issue, so I decided to clean all run, work and temp directories related with Tomcat. I redeployed the app. And still the same. I configured every log to DEBUG and checked, but still nothing enlightening. And then, to my confusion, I downgraded back to 5.5.25 and everything worked again. As a workaround I'm stuck with 5.5.25, but I wonder if I'll have to keep like this forever :-S. A snippet of the error message, just in case it rings a bell: ** An error has been detected. Click here for more details. Error parsing pattern finder file skins/CustomSilvano/jsp/patternFinderConfiguration.xml: java.lang.IllegalArgumentException: InputStream cannot be null at javax.xml.parsers.SAXParser.parse(SAXParser.java:172) at com.transtools.tt.export.xml.HandledSaxParser.parse(SourceFile:128) at [goes on] ** Thanks in advance, Abraham Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authenticate with X509 certification
Hi, Andreas I think that I did'nt explained correctly. What I would is to have some pages that requires authentication, and others not (as in Apache server, where is possible to set SSLVerifyClient at directory level). Because the clientAuth attribute is at the Connector level, I do'nt want to set it to true. I set the auth-method to CLIENT-CERT to force some pages to require authentication. With the standards realms, the authenticate user needs to exists in the users database (conf/tomcat-users.xml, by example). I want only that the users have a valid certificate. So, I used a custom realm, that only checks the validity of the certificate's chain. This works, and the certificate is required only in those pages but, sometimes, the getAttribute(javax.servlet.request.X509Certificate) returns null. The first time a user access a page from the context, the certificate is asked. As a work-around, I store the certificate in the session the first time the page is accessed, and reuse after. Thanks, and sorry for my poor english. I do my best. Regards, Luis Andreas Huelsing escribió: Ok, you know, that you have to use ssl/tsl or some challenge-response protocol to ensure that the owner of the certificate also owns the corresponding private key? So the best way might be to use ssl with client auth and an all trusting trustmanager which accepts every certificate but checks for knowledge of the private key. This also forces the client to send a certificate. andreas Luis Pascual Forner schrieb: No, because I want that the certificate was required ONLY when I acces to some pages. In fact, this is how now works, but sometimes the method getAttribute(javax.servlet.request.X509Certificate) returns null. Finally, I store the certificate in the session, and get it from there when I need it. thanks, Luis ahuelsing escribió: Hi, you have to set clientAuth=true andreas Luis Pascual Forner schrieb: Thanks, Bill, I use the JIO connector. That's my server.xml: ?xml version=1.0 encoding=UTF-8? Server port=8006 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector acceptCount=100 clientAuth=false disableUploadTimeout=true keystoreFile=/X/x.p12 keystorePass=XX keystoreType=PKCS12 port=8443 scheme=https secure=true sslProtocol=TLS truststoreFile=/XXX/trustcacerts truststorePass=XXX truststoreType=JKS/ Connector port=8010 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=com.ival.tomcat.X509Realm debug=0 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context docBase=cavi path=/cavi reloadable=true / Context docBase=x509 path=/x509 reloadable=true allowLinking=true / /Host /Engine /Service /Server Bill Barker escribió: Luis Pascual Forner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need autheticate ONLY with client certificate (i.e., I don't want to check any user's database) . I did that follow: 1. I write a X509Realm, with a method authenticate that only check the validity of each certificate in the certification's chain (don't check if the user exists in any database). 2. Declare this new class in org/apache/catalina/realm/mbeans-descriptors.xml and rg/apache/catalina/mbeans/mbeans-descriptors.xml. 3. Edit server.xml and configure the realm. 4. Edit web.xml to set the auth-method to CLIENT-CERT 5. Put X509Realm.class and mbeans-descriptors.xml in server/classes, with the correct path. 6. Restart Tomcat. Now, I can authenticate with X509 certificate, and get the client certificate with getAttribute(javax.servlet.request.X509Certificate). But, sometimes, this method returns null. Why? Almost certainly means that the client didn't send a cert. But more info on your setup would get a better response. For example are
Re: Authenticate with X509 certification
Hi Luis, sorry, at this point I can't help you. Never done sth. similar. andreas Luis Pascual Forner schrieb: Hi, Andreas I think that I did'nt explained correctly. What I would is to have some pages that requires authentication, and others not (as in Apache server, where is possible to set SSLVerifyClient at directory level). Because the clientAuth attribute is at the Connector level, I do'nt want to set it to true. I set the auth-method to CLIENT-CERT to force some pages to require authentication. With the standards realms, the authenticate user needs to exists in the users database (conf/tomcat-users.xml, by example). I want only that the users have a valid certificate. So, I used a custom realm, that only checks the validity of the certificate's chain. This works, and the certificate is required only in those pages but, sometimes, the getAttribute(javax.servlet.request.X509Certificate) returns null. The first time a user access a page from the context, the certificate is asked. As a work-around, I store the certificate in the session the first time the page is accessed, and reuse after. Thanks, and sorry for my poor english. I do my best. Regards, Luis Andreas Huelsing escribió: Ok, you know, that you have to use ssl/tsl or some challenge-response protocol to ensure that the owner of the certificate also owns the corresponding private key? So the best way might be to use ssl with client auth and an all trusting trustmanager which accepts every certificate but checks for knowledge of the private key. This also forces the client to send a certificate. andreas Luis Pascual Forner schrieb: No, because I want that the certificate was required ONLY when I acces to some pages. In fact, this is how now works, but sometimes the method getAttribute(javax.servlet.request.X509Certificate) returns null. Finally, I store the certificate in the session, and get it from there when I need it. thanks, Luis ahuelsing escribió: Hi, you have to set clientAuth=true andreas Luis Pascual Forner schrieb: Thanks, Bill, I use the JIO connector. That's my server.xml: ?xml version=1.0 encoding=UTF-8? Server port=8006 shutdown=SHUTDOWN Listener className=org.apache.catalina.core.AprLifecycleListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8081 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector acceptCount=100 clientAuth=false disableUploadTimeout=true keystoreFile=/X/x.p12 keystorePass=XX keystoreType=PKCS12 port=8443 scheme=https secure=true sslProtocol=TLS truststoreFile=/XXX/trustcacerts truststorePass=XXX truststoreType=JKS/ Connector port=8010 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost Realm className=com.ival.tomcat.X509Realm debug=0 / Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Context docBase=cavi path=/cavi reloadable=true / Context docBase=x509 path=/x509 reloadable=true allowLinking=true / /Host /Engine /Service /Server Bill Barker escribió: Luis Pascual Forner [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need autheticate ONLY with client certificate (i.e., I don't want to check any user's database) . I did that follow: 1. I write a X509Realm, with a method authenticate that only check the validity of each certificate in the certification's chain (don't check if the user exists in any database). 2. Declare this new class in org/apache/catalina/realm/mbeans-descriptors.xml and rg/apache/catalina/mbeans/mbeans-descriptors.xml. 3. Edit server.xml and configure the realm. 4. Edit web.xml to set the auth-method to CLIENT-CERT 5. Put X509Realm.class and mbeans-descriptors.xml in server/classes, with the correct path. 6. Restart Tomcat. Now, I can authenticate with X509 certificate, and get the client certificate with getAttribute(javax.servlet.request.X509Certificate). But, sometimes, this method returns null. Why? Almost certainly
Re: webapp not working any more since Tomcat 5.5.26
[EMAIL PROTECTED] wrote: Hi all: I've been strugling with this weird problem with no luck, so I finally decided to post it to the list hoping someone has any clue on how to go on. I have a beatiful webapp (well, a webapp) that has been working flawlessly with different Tomcat versions from 5.5.9 to 5.5.25. Exactly the same war file across vesions, no problem. But then Tomcat 5.5.26 was released and my webapp stopped working. Strange, uh? Are the requests which trigger the exception all POST requests? If so, it is maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=44494 which came with 5.5.26 and applies to POST requests biugger than 8KB. Regards, Rainer The funny point is that failure is coming from SAXParser complaining about null pointer on its argument. Of course the first thing was looking at my app, but I didn't find anything; after all, if there wasn't any null pointer till 5.5.25 and the app hasn't been changed, why should it appear now? I though about some dirty-work-dir issue, so I decided to clean all run, work and temp directories related with Tomcat. I redeployed the app. And still the same. I configured every log to DEBUG and checked, but still nothing enlightening. And then, to my confusion, I downgraded back to 5.5.25 and everything worked again. As a workaround I'm stuck with 5.5.25, but I wonder if I'll have to keep like this forever :-S. A snippet of the error message, just in case it rings a bell: ** An error has been detected. Click here for more details. Error parsing pattern finder file skins/CustomSilvano/jsp/patternFinderConfiguration.xml: java.lang.IllegalArgumentException: InputStream cannot be null at javax.xml.parsers.SAXParser.parse(SAXParser.java:172) at com.transtools.tt.export.xml.HandledSaxParser.parse(SourceFile:128) at [goes on] ** Thanks in advance, Abraham - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Slight confusion about httpd with Tomcat.
Hi, On this page:- http://tomcat.apache.org/tomcat-6.0-doc/connectors.html it says, When using a single server, the performance when using a native webserver in front of the Tomcat instance is most of the time significantly worse than a standalone Tomcat with its default HTTP connector, even if a large part of the web application is made of static files. Does it say when using a single server because it assumes you'd need httpd to do load-balancing if you had multiple servers? I'm asking because we have an environment with multiple servers and a hardware load-balancer so I don't need httpd for load-balancing, so does the above statement apply to me too? (ie. Running without httpd on each server would be give better performance). Or is there something else I haven't considered? Kind regards, Phil. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Run several applications on different ports, isolated from each other
Hello, I use tomcat 5.5 on debian etch, for running OpemCms, which is set up to run in the ROOT webapp. I need to run now another application on tomcat, and what I think to do is to have another instance of tomcat running on another port, isolated from my OpenCms, with a different webapps folder as well. To sum up: tomcat-instance 1: port 8001 webapps-folder: /var/lib/tomcat5.5/webapps tomcat-instance 2: port 8002 webapps-folder: /home/tomcat/webapps Note that I do not need to to virtualhosting, since I have an ordinary apache 2.2 in front which uses mod_proxy_ajp to redirect some of the urls to tomcat. Also, I would prefer not to touch the debian startup scripts, nor modify any other distributed files. All config should be done in the tomcat config-files. I read through the documentation, but got confused of hosts, contexts, servers, and connectors... :-( Can someone explain how to achieve this configuration, or maybe provide example-files? Best regards, Yves - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Junk Mail problem on intranet application
Hi, I have struts2/spring/JPA/hibernate HR application. I am sending mails using Spring's helper. My app is sending out an email which contans a url which points to my app http://10.201.0.18:8080/myapp. And which ever mail this contains the url is getting into junk mail folder of outlook. Is there any way I can avoid it.? I am using our local exchange server. -- Thanks Arun George
RE: Slight confusion about httpd with Tomcat.
From: Philip Wigg [mailto:[EMAIL PROTECTED] Subject: Slight confusion about httpd with Tomcat. Does it say when using a single server because it assumes you'd need httpd to do load-balancing if you had multiple servers? Yes. I don't need httpd for load-balancing, so does the above statement apply to me too? (ie. Running without httpd on each server would be give better performance). Also yes. Adding path length and comm links is highly unlikely to ever make things faster. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jkmanager node limitation
Thank you. Mladen Turk-4 wrote: Mohan2005 wrote: Hello All; Can you please tell me the maximum number of nodes a JkManager can handle without any issues ? Theoretically unlimited, but number of workers is defined by int, thus 2^31 - 1, for 32-bit integer systems. Each node consumes around 1K of data so multiply that by the number of nodes and number of child processes, and you'll get a rough estimate about configuration footprint. JkManager uses table scan for finding nodes (workers), so it's O(n). However this is still much faster then any database like structure, because this data is in shared memory. In general, the size what jkmanager can handle will be the last thing you'll need to worry about. Regards -- ^(TM) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/jkmanager-node-limitation-tp17720375p17732214.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem in starting tomcat
Hi, I downloaded apache-tomcat-5.5.23.tar.gz and extracted it. Am using jdk 1.6.0_05. When i start tomcat it starts fine and no error is been shown in the catalina.out. But when i open the browser and load http://localhost:8080/ its showing a blank page. The OS is Fedora 8. What should i do to make it work -- View this message in context: http://www.nabble.com/Problem-in-starting-tomcat-tp17732711p17732711.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Junk Mail problem on intranet application
Date sent: Mon, 09 Jun 2008 18:06:38 +0530 From: Arun [EMAIL PROTECTED] Subject:Junk Mail problem on intranet application To: Tomcat Users List users@tomcat.apache.org Send reply to: Tomcat Users List users@tomcat.apache.org Hi, I have struts2/spring/JPA/hibernate HR application. I am sending mails using Spring's helper. My app is sending out an email which contans a url which points to my app http://10.201.0.18:8080/myapp. And which ever mail this contains the url is getting into junk mail folder of outlook. Is there any way I can avoid it.? I am using our local exchange server. This has nothing to do with Tomcat. I would ask on a MS Exchange or outlook forum/mailing list. My guess is that your url has an ip address instead of a hostname that is why exchange or outlook is flagging it as spam. So configure whichever one is flagging it as spam to not flag mails coming from your tomcat server as spam. -Steve O. --- Steve O. http://www.steveo.us B17G WWII Bomber Yankee Lady Flight http://www.steveo.us/b17ride - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem in starting tomcat
Do you have Native POSIX Thread Library installed? Identification of this subsystem features as well as which package you should download are available at http://linux-sxs.org/internet_serving/c140.html also be aware of the environmental parameters that tomcat uses an example is located at # you could also override JAVA_HOME as illustrated here # Where your java installation lives JAVA_HOME=/usr/lib/jvm/java JRE_HOME=/usr/lib/jvm/java # Where your tomcat installation lives # That change from previous RPM where TOMCAT_HOME # used to be /var/tomcat. # Now /var/tomcat will be the base for webapps only CATALINA_HOME=/usr/share/tomcat5 JASPER_HOME=/usr/share/tomcat5 CATALINA_TMPDIR=/usr/share/tomcat5/temp /* Be aware that TC may only execute under elevated privs under sudo as in this example */ sudo - tomcat -c $CATALINA_HOME/bin/startup.sh HTH Martin - Original Message - From: Raghavan_sat [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, June 09, 2008 9:23 AM Subject: Problem in starting tomcat Hi, I downloaded apache-tomcat-5.5.23.tar.gz and extracted it. Am using jdk 1.6.0_05. When i start tomcat it starts fine and no error is been shown in the catalina.out. But when i open the browser and load http://localhost:8080/ its showing a blank page. The OS is Fedora 8. What should i do to make it work -- View this message in context: http://www.nabble.com/Problem-in-starting-tomcat-tp17732711p17732711.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem in starting tomcat
Date sent: Mon, 09 Jun 2008 06:23:08 -0700 (PDT) From: Raghavan_sat [EMAIL PROTECTED] Subject:Problem in starting tomcat To: users@tomcat.apache.org Send reply to: Tomcat Users List users@tomcat.apache.org Hi, I downloaded apache-tomcat-5.5.23.tar.gz and extracted it. Am using jdk 1.6.0_05. Why use an older version of tomcat? When i start tomcat it starts fine and no error is been shown in the catalina.out. But when i open the browser and load http://localhost:8080/ its showing a blank page. Then I doubt that is truly your tomcat page. I would stop tomcat or restart your machine, before starting tomcat I would make sure that a program isn't listening on port 8080 and 8009. netstat -anp should do the trick. Also just double check the catalina.out log. The OS is Fedora 8. Off topic remark. I hope you don't use fedora on production machines. Fedora is not designed for that. -Steve O. --- Steve O. http://www.steveo.us B17G WWII Bomber Yankee Lady Flight http://www.steveo.us/b17ride - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Application versioning
I have multiple version of an application and i would like to switch from one to the other in a transparent way. This means that i would like to access it always through the same url ( localhost/myapp ), but pointing to myapp-1.1, or myapp-1.2 etc. etc. Thanks
tomcat connection pooling problem
Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:158) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:382) at oracle.jdbc.driver.T4CPreparedStatement.execute_for_describe(T4CPreparedStatement.java:521) at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:979) at oracle.jdbc.driver.T4CPreparedStatement.execute_maybe_describe(T4CPreparedStatement.java:552)... ... I am pretty sure it is the connection issue from db server, since it can be resolved by restarting tomcat. but this solution is not acceptable for our production system. Is there anyway that I can systematically resolve the issue (from my source code using try catch) OR tomcat connection pooling configuration? I need to resolve without restarting tomcat. Thanks in advance. Nick
Re: Application versioning
Hi Denis, I think you just need to properly config your Context node in server.xml. You can specify on one hand the context (that is, the text after localhost/ in the URL) and the location (that is, where your app actually is). Changing location while keeping context will make you serve different versions on same URL (or even different apps, up to you ;-)). HTH, Abraham Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ Denis Cossutta [EMAIL PROTECTED] 09/06/2008 16:04 Por favor, responda a Tomcat Users List Para: users@tomcat.apache.org cc: Asunto: Application versioning I have multiple version of an application and i would like to switch from one to the other in a transparent way. This means that i would like to access it always through the same url ( localhost/myapp ), but pointing to myapp-1.1, or myapp-1.2 etc. etc. Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Junk Mail problem on intranet application
Both the Exchange server and the email client (Outlook) can filter messages. You'll have to check the filtering settings on both client server to find out exactly why your emails are marked as spam. -- Len On Mon, Jun 9, 2008 at 08:36, Arun [EMAIL PROTECTED] wrote: Hi, I have struts2/spring/JPA/hibernate HR application. I am sending mails using Spring's helper. My app is sending out an email which contans a url which points to my app http://10.201.0.18:8080/myapp. And which ever mail this contains the url is getting into junk mail folder of outlook. Is there any way I can avoid it.? I am using our local exchange server. -- Thanks Arun George - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Application versioning
Hi all, hi Rainer, Thanks for your quick reply. I checked your suggestion, they are indeed POST requests, but its size never exceeds 0,5KB, far below the 8KB threshold. On the other hand, the request is done over a JSP file, that file compiles properly (also checked); the thing is this jsp uses an xml file to find out some configuration, and the null pointer comes precisely when reading this file (SAXParser complains about a null InputStream). That makes me think the request completely arrives at the server and is correctly processed, the problem comes after on. Any other hint? Regards, Abraham [EMAIL PROTECTED] wrote: Hi all: I've been strugling with this weird problem with no luck, so I finally decided to post it to the list hoping someone has any clue on how to go on. I have a beatiful webapp (well, a webapp) that has been working flawlessly with different Tomcat versions from 5.5.9 to 5.5.25. Exactly the same war file across vesions, no problem. But then Tomcat 5.5.26 was released and my webapp stopped working. Strange, uh? Are the requests which trigger the exception all POST requests? If so, it is maybe https://issues.apache.org/bugzilla/show_bug.cgi?id=44494 which came with 5.5.26 and applies to POST requests biugger than 8KB. Regards, Rainer Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ Abraham Marin 09/06/2008 16:42 Para: Tomcat Users List users@tomcat.apache.org cc: Asunto: Re: Application versioning Hi Denis, I think you just need to properly config your Context node in server.xml. You can specify on one hand the context (that is, the text after localhost/ in the URL) and the location (that is, where your app actually is). Changing location while keeping context will make you serve different versions on same URL (or even different apps, up to you ;-)). HTH, Abraham Abraham Marín Pérez [EMAIL PROTECTED] Responsable de I+D SILVANO CONSULTORES Tfno.: 93.412.79.12 -- Fax: 93.410.92.90 http://www.silvanoc.com/ Denis Cossutta [EMAIL PROTECTED] 09/06/2008 16:04 Por favor, responda a Tomcat Users List Para: users@tomcat.apache.org cc: Asunto: Application versioning I have multiple version of an application and i would like to switch from one to the other in a transparent way. This means that i would like to access it always through the same url ( localhost/myapp ), but pointing to myapp-1.1, or myapp-1.2 etc. etc. Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Help Tomcat 6
Hello @ll, I don't find any solution for my problem. I have a Webserver with three Applications and need 3 SSL Certificates. How I have to generate the CSRs? It is correct to generate one KEystore and generate 3 CSRs out of this Keystore?
Re: Moving from a very old Tomcat to a new Tomcat.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Bill Davidson wrote: | Martin wrote: | if your client doesnt want to write cookies | URL-rewrite is the answer | http://tuckey.org/urlrewrite/ | | Apache analog is mod_rewrite | | I don't understand. That's because Martin's comment is neither coherent not useful. Feel free to ignore it. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhNVmkACgkQ9CaO5/Lv0PD+ZgCgrj52CsELKQM5ztOyhRz6a2qg FT0AoJpETo2iDrtoGtM+lMCr1W7U54E6 =I0eC -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill, Bill Davidson wrote: | One other thing I just noticed. The login servlet runs | under https. After successful login, including creating a valid | session, it calls | HttpServletResponse.sendRedirect(http://myHost.myDomain.com/context/servlets/main;); | | which is the one that ends up with no cookie. Unfortunately, this is expected behavior. If the JSESSIONID cookie is created for the first time during an HTTPS transaction, then the cookie will me marked as secure, and the browser will not send it when switching back to non-SSL HTTP. You have two options, here: 1. Make sure that the user has a session /before/ going into SSL mode or 2. Make everything after login use SSL Neither choice is particularly appetizing. :( You might be able to write a filter to adjust the secure bit on the cookie as it goes out the door, but I can't guarantee that would work. I'm unsure of the security implications, there, either, but I suspect they are not too bad. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhNVwQACgkQ9CaO5/Lv0PAUGQCfehJgt99wZS9ItEvCCf5Gv3U/ pSoAn07PTth6+tRUOObbSWjLUBke8dK0 =Z7p5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Unable to Start Tomcat 6 with Catalina Base Set
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen, Stephen Wick wrote: | I installed Tomcat 6.0.16 to /usr/local/apache-tomcat-6.0.16 (this is | my CATALINA_HOME). Then I made an instance of tomcat at | /var/www/tomcat-instances/default-tomcat6 (this is my CATALINA_BASE). | | My CATALINA_BASE/bin/startup.sh looks like this: | | CATALINA_BASE=/var/www/tomcat-instances/default-tomcat6 | export CATALINA_BASE | | CATALINA_HOME=/usr/local/apache-tomcat-6.0.16 | export CATALINA_HOME | | CATALINA_OPTS=-Xms768m -Xmx768m -XX:MaxPermSize=768m | export CATALINA_OPTS | | JAVA_HOME=/usr/local/java | export JAVA_HOME | | $CATALINA_HOME/bin/startup.sh This looks okay. | I am executing CATALINA_BASE/bin/startup.sh as root. :( | When I execute CATALINA_HOME/bin/startup.sh, tomcat starts up fine. Strange. So, if you set all those environment variables directly on the command-line, and then run CATALINA_HOME/bin/startup.bat, everything works okay? All the scripts I've ever written set only JAVA_HOME and CATALINA_BASE. Try /not/ setting CATALINA_HOME (although that should make no difference at all). Also, try adding some 'echo' statements to CATALINA_HOME/bin/catalina.sh to print out the values of various environment vars, especially CLASSPATH (which you should definitely not set yourself... just observe what path is determined). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhNW8oACgkQ9CaO5/Lv0PBIzgCfebd9hmvocNEwxyLSzjjlrQhU QqgAoIkviT22UDOBB8L8mLWdu6B/vCts =uQJF -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ArrayIndexOutOfBoundsException at InternalOutputBuffer.write
Jörg Fröber wrote: Hello, using Tomcat 6.0.12 on one jsp page sometimes the following error occurs: java.lang.ArrayIndexOutOfBoundsException: 8192 That looks like a Tomcat bug. Do you see the same problem with the latest 6.0.x source from subversion? Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
Johnny Kewl wrote: Bill... Just lose the FORM authentication, replace it with DIGEST, or even BASIC I think all your problems will go away. I'm not exactly sure what you're saying. Are you saying that I shouldn't be authenticating through a form? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat connection pooling problem
Htin Kyaw Nyo wrote: Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error http://commons.apache.org/dbcp/configuration.html Look for validationQuery Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Help Tomcat 6
Alexander Diedler wrote: Hello @ll, I don't find any solution for my problem. I have a Webserver with three Applications and need 3 SSL Certificates. How I have to generate the CSRs? keytool It is correct to generate one KEystore and generate 3 CSRs out of this Keystore? That should work although I would keep them separate myself. Note that you'll need three connectors since a connector can have a maximum of one SSL certificate. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat connection pooling problem
is this possibly Oracle rebooting by its own settings? -Original Message- From: Htin Kyaw Nyo [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 9:27 AM To: Tomcat Users List Subject: tomcat connection pooling problem Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:158) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:382) at oracle.jdbc.driver.T4CPreparedStatement.execute_for_describe(T4CPreparedStatement.java:521) at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:979) at oracle.jdbc.driver.T4CPreparedStatement.execute_maybe_describe(T4CPreparedStatement.java:552)... ... I am pretty sure it is the connection issue from db server, since it can be resolved by restarting tomcat. but this solution is not acceptable for our production system. Is there anyway that I can systematically resolve the issue (from my source code using try catch) OR tomcat connection pooling configuration? I need to resolve without restarting tomcat. Thanks in advance. Nick - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat connection pooling problem
for oracle database, you can just use their native driver (oci driver), they have a Pooled DataSource that will manage the pooling natively ... you don't need dbcp then. On Mon, Jun 9, 2008 at 5:26 PM, Htin Kyaw Nyo [EMAIL PROTECTED] wrote: Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:158) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:382) at oracle.jdbc.driver.T4CPreparedStatement.execute_for_describe(T4CPreparedStatement.java:521) at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:979) at oracle.jdbc.driver.T4CPreparedStatement.execute_maybe_describe(T4CPreparedStatement.java:552)... ... I am pretty sure it is the connection issue from db server, since it can be resolved by restarting tomcat. but this solution is not acceptable for our production system. Is there anyway that I can systematically resolve the issue (from my source code using try catch) OR tomcat connection pooling configuration? I need to resolve without restarting tomcat. Thanks in advance. Nick -- Regards, Youssef
Re: Problem with FarmWarDeployer
no work has been done on the farm deployer, and I can't say it has been working reliably in 5.5 and 6.0 work and patches are welcome Filip Vicente Tarín Font wrote: Hi guys! I have a little problem with the FarmWarDeployer. Im using Tomcat 6.0.16 (win32), and I have 2 instances on the same machine. All is working ok except when I try to deploy a war file.=20 I have this cluster config(this is for node 2, node 1 only changes ports = and dirs): Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster Manager className=org.apache.catalina.ha.session.BackupManager expireSessionsOnShutdown=false notifyListenersOnReplication=true mapSendOptions=8/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-temp/ deployDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/webapps/ watchDir=C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-listen/ watchEnabled=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter= Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSende= r timeout=15000/ /Sender /Channel /Cluster I drop the war on node 1 dir: C:/Archivos de programa/Apache Software Foundation/Cluster/N2/temp/war-listen The FarmDeployer listener detects the change and deploys the war ok on = node 1, but I fails deploying on node 2, I get this message: 09-jun-2008 8:38:07 org.apache.catalina.ha.deploy.FarmWarDeployer messageReceived GRAVE: Unable to read farm deploy file message. java.io.IOException: Write error at java.io.FileOutputStream.writeBytes(Native Method) at java.io.FileOutputStream.write(FileOutputStream.java:260) at org.apache.catalina.ha.deploy.FileMessageFactory.writeMessage(FileMessage= Fac tory.java:209) at org.apache.catalina.ha.deploy.FarmWarDeployer.messageReceived(FarmWarDepl= oye r.java:233) at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpClus= ter .java:899) at org.apache.catalina.ha.tcp.SimpleTcpCluster.messageReceived(SimpleTcpClus= ter .java:880) at org.apache.catalina.tribes.group.GroupChannel.messageReceived(GroupChanne= l.j ava:269) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.interceptors.TcpFailureDetector.messageR= ece ived(TcpFailureDetector.java:110) at org.apache.catalina.tribes.group.ChannelInterceptorBase.messageReceived(C= han nelInterceptorBase.java:79) at org.apache.catalina.tribes.group.ChannelCoordinator.messageReceived(Chann= elC oordinator.java:241) at org.apache.catalina.tribes.transport.ReceiverBase.messageDataReceived(Rec= eiv erBase.java:225) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.drainChannel(= Nio ReplicationTask.java:188) at org.apache.catalina.tribes.transport.nio.NioReplicationTask.run(NioReplic= ati onTask.java:91) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor= .ja va:885) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.jav= a:9 07) at java.lang.Thread.run(Thread.java:619) 09-jun-2008 8:38:07 org.apache.catalina.startup.HostConfig deployWAR INFO: Despliegue del archivo prueba1.war de la aplicaci=F3n web 09-jun-2008 8:38:07 org.apache.catalina.startup.ContextConfig init GRAVE: Exception fixing docBase: {0}=20 java.util.zip.ZipException: invalid END header (bad central directory offset) at java.util.zip.ZipFile.open(Native Method) ... I think Tomcat is trying to deploy the file when it is still being = written , but I dont know how to fix that, maybe I can change a timeout attr or something? Ive tried setting backgroundProcessorDelay to 60, but it = doesn=92t solve the problem. Please help me! __ Información de ESET NOD32 Antivirus, versión de la base de firmas de virus 2945 (20080313) __ ESET NOD32 Antivirus ha comprobado este mensaje. http://www.eset.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request for simplistic Tomcat 5.5 log config
On Fri, Jun 06, 2008 at 12:54:26AM +0200, André Warnier wrote: Mark Thomas wrote: André Warnier wrote: (This is Linux Debian Etch, with Tomcat5.5 out of the box, standard apt-get install.) Without knowing if/how 5.5.x has been mangled by the packaging process it is going to be difficult to help you. The packaging process tends to play all sorts of games with file locations and default configurations. Yes, it mangles quite a bit. Tomcat5.5 is split (as files and links) between /etc/tomcat5.5, /var/lib/tomcat5.5, and /usr/share/tomcat5.5. I suppose the Debian packagers have their very good and smart reasons for doing this, but it doesn't make searching config files easier. They do. On Linux, for example, see the FileSystem Standard or whatever it's called now. On a production system, /usr might be mounted read-only, so you can't keep log files or scratch stuff (like auto-expanded .war files) there. /usr might not even be physically connected to the box; you might have racks of machines all mounting a common /usr image from some NFS server. /usr is a great place to put stuff which is changed only by replacing the whole file when the system is not available to end users, like executables and JARs. Since each host may require different settings, configuration data (like server.xml and context descriptor files) go in /etc so they can be customized per-host. Stuff that has to be writable should be in /var, which had better be mounted read-write or nearly every program on the box will break. /var is the place for state data or scratch storage -- stuff created at runtime or, if we must, empty structured files built by the installation process. Things just copied from the install kit don't belong here. If log files are hidden away outside of /var/log, the sysadmin will mutter something unprintable and either move or symlink them there. /var/log might be on its own volume, so that applications won't fail when they go to write scratch files and find that the logs have eaten up all the available space. If /var/log fills up, we lose a few data that have a 1:1 chance of being interesting; if /var fills up, we lose customers because nothing works for them. So, that's why some people insist on separating files that have different lifetime, scope, and access requirements. -- Mark H. Wood, Lead System Programmer [EMAIL PROTECTED] Typically when a software vendor says that a product is intuitive he means the exact opposite. pgp4cXSNZyjTp.pgp Description: PGP signature
Re: multiple tomcat process scenario
Hi! Guys, I have experience the following scenario in several instances without any clue: 1) I have tomcat 5.5 configured on Solaris 10 machine and started automatically using jsvc. 2) After the service is initiated, there are two processes staying resident in memory: one is the jsvc controller process and the other is the main tomcat process. Everything is fine. The main process is detached from the controller process. 3) It seems that, at random times and may be affected by the service load also, the main tomcat thread could spawn additional tomcat processes. This can be clearly verified by the parent and child process IDs. 4) Also, the newly spawned tomcat processes are seldom accessed because their accumulated use time is 0:00. The following is the snapshot of the scenario: I have seen other people posting similar questions without answers. Do we know why the main tomcat process could spawn new process? Please help. Ming DISCLAIMER: Important Notice * This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unintended recipients are prohibited from taking action on the basis of information in this e-mail.E-mail messages may contain computer viruses or other defects, may not be accurately replicated on other systems, or may be intercepted, deleted or interfered with without the knowledge of the sender or the intended recipient. If you are not comfortable with the risks associated with e-mail messages, you may decide not to use e-mail to communicate with IPC. IPC reserves the right, to the extent and under circumstances permitted by applicable law, to retain, monitor and intercept e-mail messages to and from its systems.
Tomcat-5.5 run error on red hat
Hi, I downloaded and installed apache-tomcat-5.5.26.tar.gz on /usr/local/apache-tomcat-5.5.26 And I set up PATH and JAVA_HOME on* .bash_profile*: PATH=$PATH:$HOME/bin export PATH=$PATH:/usr/java/jdk1.6.0_02/bin export JAVA_HOME=/usr/java/jdk1.6.0_02 -- when i run startup.sh get: Using CATALINA_BASE: /usr/local/jakarta-tomcat Using CATALINA_HOME: /usr/local/jakarta-tomcat Using CATALINA_TMPDIR: /usr/local/jakarta-tomcat/temp Using JRE_HOME: /usr/java/jdk1.6.0_02 In *catalina.ou*t get error: /usr/local/jakarta-tomcat/bin/catalina.sh: line 275: /usr/java/jdk1.6.0_02/bin*/java*: *No such file or directory* My question is, why tomcat searchs for the JAVA directory after bin ? Thanks, mk
RE: Tomcat-5.5 run error on red hat
From: kohanm [mailto:[EMAIL PROTECTED] Subject: Tomcat-5.5 run error on red hat And I set up PATH and JAVA_HOME on* .bash_profile*: In *catalina.ou*t get error: line 275: /usr/java/jdk1.6.0_02/bin*/java*: *No such file or directory* Why does your e-mail have so many apparently spurious asterisks in it? My question is, why tomcat searchs for the JAVA directory after bin ? It's not looking for the java directory, it's looking for the java executable. It's either not there or has incorrect permissions (e.g., no execute access). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-5.5 run error on red hat
Thanks Charles, I am new to linux. I changed all files owner and grp to the root but still I get the same error. this is what i have: [EMAIL PROTECTED] usr]# cd java [EMAIL PROTECTED] java]# ls -l total 19328 drwxr-xr-x 9 root root 4096 Mar 6 10:57 jdk1.6.0_02 drwxr-xr-x 8 root root 4096 Mar 6 12:58 jre1.6.0_05 -rwxr-xr-x 1 root root 19745768 Mar 6 12:51 jre-6u5-linux-i586.bin [EMAIL PROTECTED] java]# cd jdk* [EMAIL PROTECTED] jdk1.6.0_02]# ls -l total 19220 drwxr-xr-x 2 root root 4096 Mar 6 10:54 bin -rwxr-xr-x 1 root root 2539 Jun 22 2007 COPYRIGHT drwxr-xr-x 5 root root 4096 Mar 6 10:54 db drwxr-xr-x 10 root root 4096 Mar 6 10:55 demo drwxr-xr-x 3 root root 4096 Mar 6 10:55 include drwxr-xr-x 4 root root 4096 Mar 6 10:56 jre drwxr-xr-x 2 root root 4096 Mar 6 10:56 lib -rwxr-xr-x 1 root root13471 Jul 9 2007 LICENSE -rwxr-xr-x 1 root root19780 Jul 9 2007 LICENSE.rtf -rwxr-xr-x 1 root root25379 Jun 14 2007 README.html -rwxr-xr-x 1 root root23521 Jun 14 2007 README_ja.html -rwxr-xr-x 1 root root18329 Jun 14 2007 README_zh_CN.html drwxr-xr-x 9 root root 4096 Mar 6 10:57 sample -rwxr-xr-x 1 root root 19264985 Jun 14 2007 src.zip -rwxr-xr-x 1 root root 178596 Jun 14 2007 THIRDPARTYLICENSEREADME.txt [EMAIL PROTECTED] local]# ls -l total 6400 -rw--- 1 root root1253 May 29 15:44 1212100216273-integrated.jnlp drwxr-xr-x 3 root root4096 Jun 27 2007 adm drwxrwxrwx 16 root root4096 May 28 09:03 apache2 drwx-- 11 root root4096 May 29 15:10 apache-tomcat-5.5.26 -rw--- 1 root root 6372195 May 29 15:10 apache-tomcat-5.5.26.tar.gz drwxr-xr-x 2 root root4096 Aug 12 2004 bin lrwxrwxrwx 1 root root 10 Jun 27 2007 etc - /local/etc drwxr-xr-x 2 root root4096 Aug 12 2004 games lrwxrwxrwx 1 root root 10 Jun 27 2007 home - ./var/home drwxr-xr-x 2 root root4096 Aug 12 2004 include lrwxrwxrwx 1 root root 20 May 29 15:17 jakarta-tomcat - apache-tomcat-5.5.26 drwxrwxrwx 2 root root4096 May 29 10:16 java drwxr-xr-x 2 root root4096 Aug 12 2004 lib drwxr-xr-x 2 root root4096 Aug 12 2004 libexec drwxrwxrwx 2 root root4096 Mar 6 13:34 mysql drwxr-xr-x 2 root root4096 Aug 12 2004 sbin drwxr-xr-x 4 root root4096 Jun 27 2007 share drwxr-xr-x 2 root root4096 Aug 12 2004 src drwx-T 2 root root4096 May 29 15:00 tmp lrwxrwxrwx 1 root root 10 Jun 27 2007 var - /local/var -rw--- 1 root root5530 May 26 13:10 wget-log -rw--- 1 root root5075 May 27 10:16 wget-log.1 [EMAIL PROTECTED] local]# cd ja* [EMAIL PROTECTED] jakarta-tomcat]# cd bin [EMAIL PROTECTED] bin]# ./startup.sh Using CATALINA_BASE: /usr/local/jakarta-tomcat Using CATALINA_HOME: /usr/local/jakarta-tomcat Using CATALINA_TMPDIR: /usr/local/jakarta-tomcat/temp Using JRE_HOME: /usr/java/jdk1.6.0_02 [EMAIL PROTECTED] bin]# I get the same error on catalina.out. I appreciate your help. mk On 6/9/08, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: kohanm [mailto:[EMAIL PROTECTED] Subject: Tomcat-5.5 run error on red hat And I set up PATH and JAVA_HOME on* .bash_profile*: In *catalina.ou*t get error: line 275: /usr/java/jdk1.6.0_02/bin*/java*: *No such file or directory* Why does your e-mail have so many apparently spurious asterisks in it? My question is, why tomcat searchs for the JAVA directory after bin ? It's not looking for the java directory, it's looking for the java executable. It's either not there or has incorrect permissions (e.g., no execute access). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Massoud
RE: Tomcat-5.5 run error on red hat
From: kohanm [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat-5.5 run error on red hat I changed all files owner and grp to the root Not a particularly good idea. this is what i have: But you didn't show us what's in /usr/java/jdk1.6.0_02/bin - which appears to be where the problem lies. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
Bill Davidson wrote: I'm confused so I'm not sure what I say below makes sense. If I'm reading these posts correctly, the cookie is issued by the front end (which is Apache web server). Since it is created on an https session, it is being marked as secure. When browser switches to a non-secure page on the same site, that cookie is not passed because it is a secure cookie. I was right about one thing: I was confused. Apparently it was actually Tomcat creating the cookie. I've found a usable workaround. I'm having my login servlet create and set the cookie (without setting it to secure). That seems to have made the problem go away. I was trying to get away without changing the app but this is a pretty minor change. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-5.5 run error on red hat
here they are: [EMAIL PROTECTED] usr]# cd java [EMAIL PROTECTED] java]# ls [EMAIL PROTECTED] java]# ls -ls total 19328 8 drwxr-xr-x 9 root root 4096 Mar 6 10:57 jdk1.6.0_02 8 drwxr-xr-x 8 root root 4096 Mar 6 12:58 jre1.6.0_05 19312 -rwxr-xr-x 1 root root 19745768 Mar 6 12:51 jre-6u5-linux-i586.bin [EMAIL PROTECTED] java]# cd jdk* [EMAIL PROTECTED] jdk1.6.0_02]# ls bindemo lib README.htmlsample COPYRIGHT include LICENSE README_ja.html src.zip db jre LICENSE.rtf README_zh_CN.html THIRDPARTYLICENSEREADME.txt [EMAIL PROTECTED] jdk1.6.0_02]# ls -l total 19220 drwxr-xr-x 2 root root 4096 Mar 6 10:54 bin -rwxr-xr-x 1 root root 2539 Jun 22 2007 COPYRIGHT drwxr-xr-x 5 root root 4096 Mar 6 10:54 db drwxr-xr-x 10 root root 4096 Mar 6 10:55 demo drwxr-xr-x 3 root root 4096 Mar 6 10:55 include drwxr-xr-x 4 root root 4096 Mar 6 10:56 jre drwxr-xr-x 2 root root 4096 Mar 6 10:56 lib -rwxr-xr-x 1 root root13471 Jul 9 2007 LICENSE -rwxr-xr-x 1 root root19780 Jul 9 2007 LICENSE.rtf -rwxr-xr-x 1 root root25379 Jun 14 2007 README.html -rwxr-xr-x 1 root root23521 Jun 14 2007 README_ja.html -rwxr-xr-x 1 root root18329 Jun 14 2007 README_zh_CN.html drwxr-xr-x 9 root root 4096 Mar 6 10:57 sample -rwxr-xr-x 1 root root 19264985 Jun 14 2007 src.zip -rwxr-xr-x 1 root root 178596 Jun 14 2007 THIRDPARTYLICENSEREADME.txt [EMAIL PROTECTED] jdk1.6.0_02]# cd bin [EMAIL PROTECTED] bin]# ls -l total 2396 -rwxr-xr-x 1 root root 25600 Jun 14 2007 appletviewer.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 apt.exe -rwxr-xr-x 1 root root 29184 Jun 14 2007 beanreg.dll -rwxr-xr-x 1 root root 25600 Jun 14 2007 extcheck.exe -rwxr-xr-x 1 root root 45056 Jun 14 2007 HtmlConverter.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 idlj.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jar.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jarsigner.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 javac.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 javadoc.exe -rwxr-xr-x 1 root root 135168 Jun 14 2007 java.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 javah.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 javap.exe -rwxr-xr-x 1 root root 25088 Jun 14 2007 java-rmi.exe -rwxr-xr-x 1 root root 135168 Jun 14 2007 javaw.exe -rwxr-xr-x 1 root root 139264 Jun 14 2007 javaws.exe -rwxr-xr-x 1 root root 26112 Jun 14 2007 jconsole.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jdb.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jhat.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jinfo.exe -rwxr-xr-x 1 root root 77824 Jun 14 2007 jli.dll -rwxr-xr-x 1 root root 25600 Jun 14 2007 jmap.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jps.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jrunscript.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jstack.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jstatd.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 jstat.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 keytool.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 kinit.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 klist.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 ktab.exe -rwxr-xr-x 1 root root 348160 Jun 22 2007 msvcr71.dll -rwxr-xr-x 1 root root 25600 Jun 14 2007 native2ascii.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 orbd.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 pack200.exe -rwxr-xr-x 1 root root 73728 Jun 14 2007 packager.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 policytool.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 rmic.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 rmid.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 rmiregistry.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 schemagen.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 serialver.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 servertool.exe -rwxr-xr-x 1 root root 26112 Jun 14 2007 tnameserv.exe -rwxr-xr-x 1 root root 122880 Jun 14 2007 unpack200.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 wsgen.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 wsimport.exe -rwxr-xr-x 1 root root 25600 Jun 14 2007 xjc.exe [EMAIL PROTECTED] bin]# Thanks, mk On 6/9/08, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: kohanm [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat-5.5 run error on red hat I changed all files owner and grp to the root Not a particularly good idea. this is what i have: But you didn't show us what's in /usr/java/jdk1.6.0_02/bin - which appears to be where the problem lies. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic,
Re: tomcat connection pooling problem
Thanks Thomas, validationQuery method seems promising. I will configure and see if the issue is still there when the db server reboot. Thanks a lot. On Mon, Jun 9, 2008 at 1:21 PM, Mark Thomas [EMAIL PROTECTED] wrote: Htin Kyaw Nyo wrote: Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error http://commons.apache.org/dbcp/configuration.html Look for validationQuery Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat connection pooling problem
yes, i believe my oracle db reboot once in a while, but I have no control over rebooting db server since its for weekly maintenance. I will try to use validationQuery as Thomas mentioned. Thanks On Mon, Jun 9, 2008 at 1:43 PM, Propes, Barry L [EMAIL PROTECTED] wrote: is this possibly Oracle rebooting by its own settings? -Original Message- From: Htin Kyaw Nyo [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2008 9:27 AM To: Tomcat Users List Subject: tomcat connection pooling problem Hi I am using tomcat55 and ojdbc14_g and tomcat connection pooling. I am getting this error when i leave tomcat run for a couple of days. I searched around the internet and people blaming firewall and connection issues by db server. here is a brief error: java.sql.SQLException: Io exception: Connection reset by peer: socket write error at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:158) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:206) at oracle.jdbc.driver.DatabaseError.throwSqlException(DatabaseError.java:382) at oracle.jdbc.driver.T4CPreparedStatement.execute_for_describe(T4CPreparedStatement.java:521) at oracle.jdbc.driver.OracleStatement.execute_maybe_describe(OracleStatement.java:979) at oracle.jdbc.driver.T4CPreparedStatement.execute_maybe_describe(T4CPreparedStatement.java:552)... ... I am pretty sure it is the connection issue from db server, since it can be resolved by restarting tomcat. but this solution is not acceptable for our production system. Is there anyway that I can systematically resolve the issue (from my source code using try catch) OR tomcat connection pooling configuration? I need to resolve without restarting tomcat. Thanks in advance. Nick - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OutOfMemoryError while deploying
Hi, I have a web app that includes a large amount of data and I am having trouble deploying it. Nearly every time I try it fails with the following error. SEVERE: HTMLManager: FAIL - Deploy Upload Failed, Exception: Error invoking method check javax.management.RuntimeErrorException: Error invoking method check at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:308) at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213) at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220) at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815) at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784) at org.apache.catalina.manager.ManagerServlet.check(ManagerServlet.java:1465) at org.apache.catalina.manager.HTMLManagerServlet.doPost(HTMLManagerServlet.java:243) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:613) Caused by: java.lang.OutOfMemoryError at java.util.zip.ZipFile.open(Native Method) at java.util.zip.ZipFile.init(ZipFile.java:203) at java.util.jar.JarFile.init(JarFile.java:132) at java.util.jar.JarFile.init(JarFile.java:97) at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:746) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:515) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1229) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) ... 21 more I am running Mac OSX 10.4.11 with java version 1.5.0_07 Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_07-164) Java HotSpot(TM) Client VM (build 1.5.0_07-87, mixed mode) and tomcat 6.0.16 I've defined JAVA_OPTS to JAVA_OPTS=-Xms512m -Xmx1024m -XX:MaxPermSize=512m -XX:PermSize=256m -XX:+UseConcMarkSweepGC -XX:+CMSPermGenSweepingEnabled -XX:+CMSClassUnloadingEnabled But basically no matter what I set JAVA_OPTS to the deployment will fail and the JVM never seems to use more than about 70MB of memory. Any help would be greatly appreciated. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
BTW, I forgot to thank everyone for helping me to understand what this problem better. Understanding that the cookie was being created by Tomcat with the secure flag and that the flag was causing the problem was the key. Thanks everyone. --Bill Davidson - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
If you're in a secure location that disallows cookies..you can always try url-rewrite Tomcat http://tuckey.org/urlrewrite/ Caucho http://www.caucho.com/resin/doc/rewrite-tags.xtp Apache mod_rewrite http://httpd.apache.org/docs/1.3/mod/mod_rewrite.html HTH Martin - Original Message - From: Bill Davidson [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Monday, June 09, 2008 7:10 PM Subject: Re: Session lost when switching from https to http after upgrade to Tomcat 6 BTW, I forgot to thank everyone for helping me to understand what this problem better. Understanding that the cookie was being created by Tomcat with the secure flag and that the flag was causing the problem was the key. Thanks everyone. --Bill Davidson - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
Martin wrote: If you're in a secure location that disallows cookies..you can always try url-rewrite Sorry if I seem a bit dim but I don't understand how url-rewriting helps me with cookie problems. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
- Original Message - From: Bill Davidson [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Monday, June 09, 2008 7:17 PM Subject: Re: Session lost when switching from https to http after upgrade to Tomcat 6 Johnny Kewl wrote: Bill... Just lose the FORM authentication, replace it with DIGEST, or even BASIC I think all your problems will go away. I'm not exactly sure what you're saying. Are you saying that I shouldn't be authenticating through a form? Yes... Just because all your problems seem related to cookies, and FORM authentication relies on cookies. Also because I have no idea how to tell tomcat when creating the session to lose that secure attribute, I guess one has to override a class somewhere, and that probably just a good indication (these TC designers are guru gods, as clever as hell ;) that maybe moving from HTTPs to HTTP is just a bad idea. Then I started thinking about say DIGEST/BASIC authentication which does not work on a cookie, its going to have its own authentication headers and I think the browser will return those even when moving from HTTPs to HTTP... so now with FORM replaced with DIGEST say... its all legal. And its is actually safe... it would drop the session, and make a new one... and for the most webapps (that are not using cookies in security) thats no problem, cookies are free ;) So (if I'm right) FORM auth when moving from HTTPs to HTTP is bad news and requires a kludge, ie overriding secure cookies... and even though thats clever, it is a security hole... a hacker gets that cookie, they in. But... DIGEST would allow the same thing, no kludge and would be safe. Thats kinda interesting... or maybe I'm just bored ;) I dont like the idea of fixing it... thats all. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
Johnny Kewl wrote: maybe moving from HTTPs to HTTP is just a bad idea. No doubt. However, I didn't design this app and it's not up to me. BTW, it's an old app. It's running on Tomcat 3.2.4 in production to give you an idea of its age. We want to move to a newer server first and then work on modernizing the app itself. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
- Original Message - From: Johnny Kewl [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, June 10, 2008 3:19 AM Subject: Re: Session lost when switching from https to http after upgrade to Tomcat 6 - Original Message - From: Bill Davidson [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Monday, June 09, 2008 7:17 PM Subject: Re: Session lost when switching from https to http after upgrade to Tomcat 6 Johnny Kewl wrote: Bill... Just lose the FORM authentication, replace it with DIGEST, or even BASIC I think all your problems will go away. I'm not exactly sure what you're saying. Are you saying that I shouldn't be authenticating through a form? Yes... Just because all your problems seem related to cookies, and FORM authentication relies on cookies. Also because I have no idea how to tell tomcat when creating the session to lose that secure attribute, I guess one has to override a class somewhere, and that probably just a good indication (these TC designers are guru gods, as clever as hell ;) that maybe moving from HTTPs to HTTP is just a bad idea. Then I started thinking about say DIGEST/BASIC authentication which does not work on a cookie, its going to have its own authentication headers and I think the browser will return those even when moving from HTTPs to HTTP... so now with FORM replaced with DIGEST say... its all legal. And its is actually safe... it would drop the session, and make a new one... and for the most webapps (that are not using cookies in security) thats no problem, cookies are free ;) So (if I'm right) FORM auth when moving from HTTPs to HTTP is bad news and requires a kludge, ie overriding secure cookies... and even though thats clever, it is a security hole... a hacker gets that cookie, they in. But... DIGEST would allow the same thing, no kludge and would be safe. Thats kinda interesting... or maybe I'm just bored ;) I dont like the idea of fixing it... thats all. Heres a better way of saying it When a webapp moves from HTTPs to HTTP... the sessions must get a bad case of amnesia. Thats what the security is doing. If DIGEST is used... it will still work (I think) even though the webapp has a bad case of amnesia. ie the Webapp will just start remembering state from the change over. ok I am bored ;) --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session lost when switching from https to http after upgrade to Tomcat 6
- Original Message - From: Bill Davidson [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, June 10, 2008 3:43 AM Subject: Re: Session lost when switching from https to http after upgrade to Tomcat 6 Johnny Kewl wrote: maybe moving from HTTPs to HTTP is just a bad idea. No doubt. However, I didn't design this app and it's not up to me. BTW, it's an old app. It's running on Tomcat 3.2.4 in production to give you an idea of its age. We want to move to a newer server first and then work on modernizing the app itself. ... its more just the thought that as soon as FORM auth, is used, theres other issues that kick in. + You for example have the HTTPs to HTTP issue But another query somewhere here had a similar issue where the guy was authenticating against tomcat, and then again for static content against apache on JK, and the FORM auth was making life difficult there as well. Thats what I'm thinking... and it always seems to be a tricky problem when it does show itself. Those little sec dialogs that browsers pop up, actually take a whole lot of potential issues out of the equation. No critique, I'm just beginning to think pretty forms come at a cost ;) I think I'm a DIGEST kinda guy ;) --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Moving from a very old Tomcat to a new Tomcat.
Christopher Schultz wrote: Unfortunately, this is expected behavior. If the JSESSIONID cookie is created for the first time during an HTTPS transaction, then the cookie will me marked as secure, and the browser will not send it when switching back to non-SSL HTTP. You have two options, here: 1. Make sure that the user has a session /before/ going into SSL mode or 2. Make everything after login use SSL Neither choice is particularly appetizing. :( True. #1 is bad because I want the login servlet to be https to protect the password and because that is the way the app has worked in the past. I want to avoid changing the app any more than absolutely necessary. #2 is even worse because I'd have to change a whole lot of links in a very large app. However today, I discovered door #3. Make the login servlet (which is https) create and set the cookie as a non-secure cookie instead of letting Tomcat create the JSESSIONID itself. This is a minor change to the code and it seems to make everything work under Tomcat 6.0.16 as it did under Tomcat 3.2.4. You might be able to write a filter to adjust the secure bit on the cookie as it goes out the door, but I can't guarantee that would work. I'm unsure of the security implications, there, either, but I suspect they are not too bad. Wait, that sounds a lot like #3. :D I didn't really do it as a filter though. The login servlet, after verifying the user's login and password, just creates and sets the cookie in the response rather than letting Tomcat create the cookie. The cookie does not have the secure flag set because the Cookie constructor doesn't set it by default. Thank you very much for your help. Long term, I think we need to switch everything after the login to https but I'm getting some resistance to that idea based upon performance concerns. Most of the app's pages don't have sensitive data so it has been set up to only do https on pages that can contain sensitive data. I didn't design it. I just inherited it a few months ago. Keeping it working as users expect is of paramount importance so changing the way everything is done cannot be done lightly. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]