Re: Communicating between webapps
Johnny, Indeed. I only yesterday discovered the crossContext flag and the getServletContext(String) call in the API, however my reading tells me that most servlet containers don't support it, being that they simply return null. For Tomcat you can specify the crossContext flag for that not to happen, but it is unique to Tomcat (I think?). Regardless, since I am in full control of the container, and both the webapps, it is an option I'm considering. I don't like to go with 'hacks', preferring to stick to standard solutions to problems being that experience has taught me that the hacks come back to bite you in the long run, but in this case, I might make an exception. - Darryl - Original Message From: Johnny Kewl [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 9, 2008 1:57:28 AM Subject: Re: Communicating between webapps - Original Message - From: Darryl Pentz [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Wednesday, October 08, 2008 10:02 PM Subject: Re: Communicating between webapps Bill, You would think so but it isn't that easy. Which is good to some degree, because that would seem like a scary security vulnerability. Nevertheless, besides that, Tomcats classloader hierarchy also prevents this mechanism. It would be useful if there was some form of publish-subscribe message bus that one could, well, publish or subscribe to. I realize that JMS falls into this category, but JMS is overkill to what I'm referring to. I recall using a message bus type of approach in a Swing application many moons ago. Forget the name of the library now. Had 'bus' in its name, perhaps somebody here knows. Anyway, from the responses one can tell this isn't an easy peasy no brainer. *shrug* - Original Message From: Bill Davidson [EMAIL PROTECTED] Since you're running in the same JVM, I'm not sure why you can't set up some sort of observer-subject scheme (kind of like ActionListener if you're familiar with that) so that the apps can just access each other's object directly. You can set up a singleton object to register the observers between webapps. Just be sure to synchronize properly. What Bill is suggesting is not that difficult... but then its probably because we thinking outside of your framework... Have you looked at this sort of stuff... ServletContext ctx = getServletContext().getContext(/someOtherContext); RequestDispatcher rd = ctx.getNamedDispatcher(servlet-name); rd.forward(request, response); Cookies dont go with it... but you can play with attributes ServletContext myContext = getServletContext(); String url = /someWebAppPrefix; ServletContext otherContext = myContext.getContext(url); Object someData = otherContext.getAttribute(someKey); This is just stuff I grabbed... not flowing code that I've tried... but in kinda sounds like you want to forward across webapps?? Req into A... do some stuff set some data tell some servlet in webapp B to process it and return the response... ? ... maybe... If you really get writers block... or it starts getting really ugly... normally means the architecture is screwed somewhere... Do they have to be separate webapps... etc? ... good luck... --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- If you cant pay in gold... get lost... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
Hi. This is not my thread, so if anyone thinks I'm pushing the envelope a bit, tell me and I'll start another one. I am interested in this same issue, but in a broader sense : how to share some data, in general, between collaborating webapps within the same container. My case goes somewhat like this : an application consisting of several webapps needs access to some common data (read/write). Each webapp can modify this data, and the changes should be immediately visible to the other webapps. The data is originally loaded and parsed from a disk file, expensively. I would like to avoid each individual webapp to have to reload and reparse this data each time it needs to access it. In other words, a kind of global in-memory DB is what I'm looking for, where individual webapps can create/modify/read/delete records with known keys, in shared mode. I believe that this would also cover the requirements of the OP, although it's probably more than he needs. I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
It's my thread, but you're welcome to it now. I'm done. :-) - Original Message From: André Warnier [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 9, 2008 9:59:50 AM Subject: Re: Communicating between webapps Hi. This is not my thread, so if anyone thinks I'm pushing the envelope a bit, tell me and I'll start another one. I am interested in this same issue, but in a broader sense : how to share some data, in general, between collaborating webapps within the same container. My case goes somewhat like this : an application consisting of several webapps needs access to some common data (read/write). Each webapp can modify this data, and the changes should be immediately visible to the other webapps. The data is originally loaded and parsed from a disk file, expensively. I would like to avoid each individual webapp to have to reload and reparse this data each time it needs to access it. In other words, a kind of global in-memory DB is what I'm looking for, where individual webapps can create/modify/read/delete records with known keys, in shared mode. I believe that this would also cover the requirements of the OP, although it's probably more than he needs. I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
On Thu, Oct 9, 2008 at 9:59 AM, André Warnier [EMAIL PROTECTED] wrote: I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. Well, it is possible by placing stuff in shared/lib and access it from different contextes, but it will make your life extremely complicated, especially if you start to reload applications on the fly, probably causing an outofmemory exception at some point. On the other side an rmi connection on the local machine is extremely cheap (same applies to corba), if you make one call to rmi (or corba) in one request to the application you won't even be able to measure the transport overhead (far below 1 ms), and taking in account that transport from browser to server is much much slower, you can ignore the overhead. The overhead of http or soap is much higher due to larger footprint of the call, parsing, connection issues (you have to reconnect or handle keep alives yourself) and so on. Behind your rmi service you can have an external db or just a hashmap (concurrent one) or whatever serves best. To sum it up, the TOC (total cost of ownership) of an RMI service are much much lower as of most other solutions. regards Leon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
On Thu, Oct 9, 2008 at 10:36 AM, André Warnier [EMAIL PROTECTED] wrote: Leon Rosenberg wrote: On Thu, Oct 9, 2008 at 9:59 AM, André Warnier [EMAIL PROTECTED] wrote: I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. Well, it is possible by placing stuff in shared/lib and access it from different contextes, but it will make your life extremely complicated, especially if you start to reload applications on the fly, probably causing an outofmemory exception at some point. On the other side an rmi connection on the local machine is extremely cheap (same applies to corba), if you make one call to rmi (or corba) in one request to the application you won't even be able to measure the transport overhead (far below 1 ms), and taking in account that transport from browser to server is much much slower, you can ignore the overhead. The overhead of http or soap is much higher due to larger footprint of the call, parsing, connection issues (you have to reconnect or handle keep alives yourself) and so on. Behind your rmi service you can have an external db or just a hashmap (concurrent one) or whatever serves best. To sum it up, the TOC (total cost of ownership) of an RMI service are much much lower as of most other solutions. Many thanks. So, assuming that I am now convinced by RMI (Remote Method Invocation ?), how would such a scheme be implemented ? Are you talking about a separate daemon, running on the same host, which would offer RMI services to all these webapps ? That would be the standard way of doing it. However, it is well possible that the RMI Service is running in one of the webapps or a special 'dummy' webapp if you want to bundle startup/shutdown. You would also need to start the rmiregistry which is just a programm supplied with the jdk/jre and started by nohup rmiregistry (on *nix/mac) Or would this thing be living inside Tomcat ? If so, what kind of thing would this be ? It would, I guess, have to start before the webapps do, load its original data, then remain there waiting for client webapp RMI calls, yes ? Yes, that would be probably the best :-) It could look like following: public interface CentralDataService extends Remote { void setData(String key, Object value) throws CentralDataServiceException, RemoteException; Object getData(String key)throws CentralDataServiceException, RemoteException; } impl public class CentralDataServiceImpl implements CentralDataService{ private MapString,Object data = new ConcurrentHashMapString,Object(); public void setData(String key, Object value){ data.put(key,value); } public Object getData(String key){ return data.get(key); } } server, the class you start from command line if run separately. public class CentralDataServer{ private static Logger log = Logger.getLogger(CentralDataServer.class); private static final String REG_HOST = localhost; private static final int REG_PORT = Registry.REGISTRY_PORT; //default public static void main(String a[]){ DOMConfigurator.configureAndWatch(/log4j.xml); Registry rmiRegistry = null; // lookup rmi registry try{ rmiRegistry = LocateRegistry.getRegistry(REG_HOST, REG_PORT); }catch(Exception e){ log.fatal(Coulnd't obtain rmi registry, e); System.err.println(Coulnd't obtain rmi registry); System.exit(-1); } try{ startService(rmiRegistry); }catch(Exception e){ log.fatal(Couldn't start service, e); System.err.println(Couldn't start service); System.exit(-2); } } public static final String getServiceId(){ //use your own well known string, might be class name return net_anotheria_xxx_CentralDataService; } public static void startService(Registry registry) throws Exception{ CentralDataService myServant = new CentralDataService(); CentralDataService rmiServant = (CentralDataService) UnicastRemoteObject.exportObject(myServant, 0);; // //register service.
Tomcat 6 : timeoutConnect issues, intermitent long page load times
Hi, I am in the process of testing a move of our apache httpd tomcat application server from win2k3 to a solaris10 (5.10) environment. Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8h mod_jk/1.2.26 Apache Tomcat/6.0.16 running on java 1.6.0_07-b06 During testing I am seeing intermitent high load times for jsp pages. 20s+ when normally they are around 5s To try and remove potential causes of the high load times I have been removing layers of the application, ie oracle backend etc Currently I am hitting a simple jsp directly on tomcat port 8080 this jsp just has img tags to 10 jpg files 105756 bytes in size html head/head body img src=images/100kb0.jpg img src=images/100kb1.jpg img src=images/100kb2.jpg img src=images/100kb3.jpg img src=images/100kb4.jpg img src=images/100kb5.jpg img src=images/100kb6.jpg img src=images/100kb7.jpg img src=images/100kb8.jpg img src=images/100kb9.jpg /body /html Even this simple page is showing intermitent high load times 20s plus when it is normally 5s I have been using jmeter to run multiple tests of accessing this page and this shows that the culprit for the long load time, however if I look in the tomcat access log file it thinks it has served up the files as soon as it has seen the request, it just gets the request 20 seconds later than the previous, note that the second request below is recived 20s after the first. extract from tomcat access log 160.95.12.187 - - [09/Oct/2008:10:23:27 +0100] 0 0.000 GET /dlTest/images/100kb1.jpg HTTP/1.1 200 - 160.95.12.187 - - [09/Oct/2008:10:23:48 +0100] 0 0.000 GET /dlTest/images/100kb2.jpg HTTP/1.1 200 - 160.95.12.187 - - [09/Oct/2008:10:23:48 +0100] 0 0.000 GET /dlTest/images/100kb3.jpg HTTP/1.1 200 - looking at the snoop log of the network interface we see that a repeat request has had to be made for this image, and is made 20s later 10:23:27.79488 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb1.jpg HTTP/1.1 10:23:27.80185 redcstcttapdm01 - l3bd5s3j.ced.corp.cummins.com HTTP HTTP/1.1 200 OK 10:23:28.31777 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb2.jpg HTTP/1.1 10:23:48.36992 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb2.jpg HTTP/1.1 10:23:48.37639 redcstcttapdm01 - l3bd5s3j.ced.corp.cummins.com HTTP HTTP/1.1 200 OK 10:23:48.90253 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb3.jpg HTTP/1.1 10:23:48.90934 redcstcttapdm01 - l3bd5s3j.ced.corp.cummins.com HTTP HTTP/1.1 200 OK This 20s happens to coincide with the connectionTimeout in the server.xml Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 maxThreads=150 redirectPort=8443 / Changing this to 2s i then see the delay in re-requests at 2s 9:00:29.1 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb9.jpg HTTP/1.1 9:00:31.08255 l3bd5s3j.ced.corp.cummins.com - redcstcttapdm01 HTTP GET /dlTest/images/100kb9.jpg HTTP/1.1 I think I have eliminated the network and any possible client issues as Apache will serve up this page over and over (basically the same page but .html extension) with no slow loads, i have been using jmeter to make 100s of requests for this page at different times of the day and not seen an issue. So I assume I am seeing some sort of connectionTimeout issue and the issue is with tomcat. I built tomcat from src using apache-ant-1.7.1 and java 1.5.0_06-b05 as I was seeing issues when it was built under 1.6.0_07-b06, but running it under the 1.6 version My question is why am I seeing the request coming into the server on the network card and it not being recieved by tomcat? Running top at the time of these delays shows the server is idle, I am the only person testing on this server. Can any one shed any light on this? Thanks ___ Gary Johnstone PLM System Administrator Cummins Turbo Technologies Ltd - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
Leon Rosenberg wrote: [...] It could look like following: [...] (200 lines of code snipped) Just a question : what do you answer when people ask for *really* detailed specifications ? :-) Many thanks. I'll need some time to digest that. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
A very similar architecture would be offered by using JMS (say openjms or activeMQ; we've been using the latter; check for others at http://java-source.net/open-source/jms ). In this case, there is a message broker which runs separately. At the moment, we're using it on one development machine, but we fully expect to be using it across multiple machines, integrating both Tomcat-based apps as well as other non-Tomcat-based (Java) applications. We ensure that it is started before any of the webapps start. We're doing this manually now, but shortly we'll be doing it by running it as a system service. An excellent place to start is http://java.sun.com/products/jms/ http://java.sun.com/products/jms/tutorial/ We are only using Java clients, but one of the advantages of JMS is that one can utilize a wide variety of other standards-based clients. --Ken On Oct 9, 2008, at 4:36 AM, André Warnier wrote: Leon Rosenberg wrote: On Thu, Oct 9, 2008 at 9:59 AM, André Warnier [EMAIL PROTECTED] wrote: I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/ IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. Well, it is possible by placing stuff in shared/lib and access it from different contextes, but it will make your life extremely complicated, especially if you start to reload applications on the fly, probably causing an outofmemory exception at some point. On the other side an rmi connection on the local machine is extremely cheap (same applies to corba), if you make one call to rmi (or corba) in one request to the application you won't even be able to measure the transport overhead (far below 1 ms), and taking in account that transport from browser to server is much much slower, you can ignore the overhead. The overhead of http or soap is much higher due to larger footprint of the call, parsing, connection issues (you have to reconnect or handle keep alives yourself) and so on. Behind your rmi service you can have an external db or just a hashmap (concurrent one) or whatever serves best. To sum it up, the TOC (total cost of ownership) of an RMI service are much much lower as of most other solutions. Many thanks. So, assuming that I am now convinced by RMI (Remote Method Invocation ?), how would such a scheme be implemented ? Are you talking about a separate daemon, running on the same host, which would offer RMI services to all these webapps ? Or would this thing be living inside Tomcat ? If so, what kind of thing would this be ? It would, I guess, have to start before the webapps do, load its original data, then remain there waiting for client webapp RMI calls, yes ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
problems of 5.0 to 5.5 upgrade
All, I encounter some problems when migrating our web application from Tomcat 5.0.25 to 5.5.25. The reason is some classes or methods are removed in 5.5.25. I need some help since I don't have much background in Tomcat API. 1. Class org.apache.catalina.Deployer was removed. In our program it used Deployer.install() to install web application manually. It seems in version 5.5 the Class was dropped. I know another deployer is to use ant deploy. But that doesn't satisfy the requirement. Where could I find the deployer class? 2. CoyoteConnector and CoyoteServerSocketFactory I find Class CoyoteConnector was moved to org.apache.catalina.connector.Connector. But some function is removed, such as setAddress(), setFactory(). So this is the problem. We used to create a CoyoteServerSocketFactory and call CoyoteConnector.setFactory(ssf), and now we can't find this function. Is it mean that it doesn't need to new this Factory? Or other function can work as complement? Look like some stupid question :-( Any comment will be very helpful. Thank you in advance. -- View this message in context: http://www.nabble.com/problems-of-5.0-to-5.5-upgrade-tp19896877p19896877.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
On Thu, Oct 9, 2008 at 1:01 PM, André Warnier [EMAIL PROTECTED] wrote: Leon Rosenberg wrote: [...] It could look like following: [...] (200 lines of code snipped) Just a question : what do you answer when people ask for *really* detailed specifications ? :-) Usually I'm asking them whether they are willing to pay my daily rate :-) Leon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm - mapping LDAP group to security role
I am trying to configure a JNDIRealm to authenticate against an Active Directory. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm The authentication seems to work but I wonder how to map LDAP groups to security roles. I do not want to add groups in the LDAP server, but to map existing ones to the roles defined in my web application instead. Is it possible ? I did not found any doc / post about this topic. You could write a custom JNDIRealm that does the mapping/authentication. I've seen this done with postgres, but not with an LDAP server (or AD), but it should be a similar process. Then you add it to tomca/lib and configure your context and web.xml to use the custom JNDIRealm instead of the provided realm Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
Leon Rosenberg wrote: On Thu, Oct 9, 2008 at 9:59 AM, André Warnier [EMAIL PROTECTED] wrote: I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. Well, it is possible by placing stuff in shared/lib and access it from different contextes, but it will make your life extremely complicated, especially if you start to reload applications on the fly, probably causing an outofmemory exception at some point. On the other side an rmi connection on the local machine is extremely cheap (same applies to corba), if you make one call to rmi (or corba) in one request to the application you won't even be able to measure the transport overhead (far below 1 ms), and taking in account that transport from browser to server is much much slower, you can ignore the overhead. The overhead of http or soap is much higher due to larger footprint of the call, parsing, connection issues (you have to reconnect or handle keep alives yourself) and so on. Behind your rmi service you can have an external db or just a hashmap (concurrent one) or whatever serves best. To sum it up, the TOC (total cost of ownership) of an RMI service are much much lower as of most other solutions. Many thanks. So, assuming that I am now convinced by RMI (Remote Method Invocation ?), how would such a scheme be implemented ? Are you talking about a separate daemon, running on the same host, which would offer RMI services to all these webapps ? Or would this thing be living inside Tomcat ? If so, what kind of thing would this be ? It would, I guess, have to start before the webapps do, load its original data, then remain there waiting for client webapp RMI calls, yes ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
redirector
I have installed tomcat 5.5 with iis 6 and using the isapi redirector I can point to the http://localhost:8050/Abc/servelt and that reslove fine. However when I try to use http://local/Abc/servelt it give me a web page that states Incorrect function. there nothing else on the web page I look at logs and do not see any errors Please I am newbie hewith tomcat and when I look at the tomcat documatation it just go over my head please if some can help at least point me in the right direction I would greatly appearicate it Thanks Frank
RE: Communicating between webapps
From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: Communicating between webapps My case goes somewhat like this : an application consisting of several webapps needs access to some common data (read/write). What you're describing is referred to as a bean in Java terminology. These can range from simple ad hoc ones implemented for one specific sharing need to full-blown Enterprise Java Beans as defined in the Java EE spec. EJBs are supported by full application servers such as JBoss, but not by streamlined servlet containers like Tomcat. There are various open source packages that can be added to Tomcat to provide support for beans if you want to use them (GIYF). The RMI mechanism espoused by Leon R is a formalized remote procedure call implementation built into the JRE. When the caller and callee are inside the same machine, the overhead is quite low but still involves object serialization and loopback TCP/IP traffic. Whether or not that's a concern depends on how much data you push across the interface. Read this for RMI info: http://java.sun.com/javase/6/docs/platform/rmi/spec/rmiTOC.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm - mapping LDAP group to security role
2008/10/9 Kevin Jackson [EMAIL PROTECTED]: I am trying to configure a JNDIRealm to authenticate against an Active Directory. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm The authentication seems to work but I wonder how to map LDAP groups to security roles. I do not want to add groups in the LDAP server, but to map existing ones to the roles defined in my web application instead. Is it possible ? I did not found any doc / post about this topic. You could write a custom JNDIRealm that does the mapping/authentication. I've seen this done with postgres, but not with an LDAP server (or AD), but it should be a similar process. Then you add it to tomca/lib and configure your context and web.xml to use the custom JNDIRealm instead of the provided realm Kev Thanks Kevin, that's exactly what I finally done! ;-) - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Migration tomcat 6.0.16 to 6.0.18
How can I migrate a tomcat 6.0.16 to tomcat 6.0.18? Where I can found any tutorial? Thanks -- View this message in context: http://www.nabble.com/Migration-tomcat-6.0.16-to-6.0.18-tp19900027p19900027.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Migration tomcat 6.0.16 to 6.0.18
What problems are you having? This is a very simply migration. I was able to just deploy my apps and my server.xml to the 6.0.18 server and go. No code, no configuration changes for me at least. vicens wrote: How can I migrate a tomcat 6.0.16 to tomcat 6.0.18? Where I can found any tutorial? Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Communicating between webapps
From: Bill Davidson [mailto:[EMAIL PROTECTED] Subject: Re: Communicating between webapps So if I'm understanding you correctly, different webapps use different class loader instances and so the singleton is actually instantiated separately for each class loader? Depends on where the class file for the singleton is located. Look at this: http://tomcat.apache.org/tomcat-6.0-doc/class-loader-howto.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Exception while running web application with Tomcat security manager enabled
From: Vijayaraghavan Amirisetty [mailto:[EMAIL PROTECTED] Subject: Re: Exception while running web application with Tomcat security manager enabled Does the Tomcat Security Manager use any native libraries for it's operations? No. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Migration tomcat 6.0.16 to 6.0.18
I doesn't have any problem yet, but why I need to re-deploy my apps when I only want to upgrade a minor version of tomcat? stdunbar wrote: What problems are you having? This is a very simply migration. I was able to just deploy my apps and my server.xml to the 6.0.18 server and go. No code, no configuration changes for me at least. vicens wrote: How can I migrate a tomcat 6.0.16 to tomcat 6.0.18? Where I can found any tutorial? Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/Migration-tomcat-6.0.16-to-6.0.18-tp19900027p19900829.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problems of 5.0 to 5.5 upgrade
ancles wrote: All, I encounter some problems when migrating our web application from Tomcat 5.0.25 to 5.5.25. The reason is some classes or methods are removed in 5.5.25. I need some help since I don't have much background in Tomcat API. In both cases what are you actually trying to achieve. The 5.0-5.5 refactoring means that the 'new' classes might not be the best way to achieve what you are trying to achieve. Mark 1. Class org.apache.catalina.Deployer was removed. In our program it used Deployer.install() to install web application manually. It seems in version 5.5 the Class was dropped. I know another deployer is to use ant deploy. But that doesn't satisfy the requirement. Where could I find the deployer class? 2. CoyoteConnector and CoyoteServerSocketFactory I find Class CoyoteConnector was moved to org.apache.catalina.connector.Connector. But some function is removed, such as setAddress(), setFactory(). So this is the problem. We used to create a CoyoteServerSocketFactory and call CoyoteConnector.setFactory(ssf), and now we can't find this function. Is it mean that it doesn't need to new this Factory? Or other function can work as complement? Look like some stupid question :-( Any comment will be very helpful. Thank you in advance. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JNDIRealm - mapping LDAP group to security role
Geronimo maps roles to security principals: http://cwiki.apache.org/GMOxDOC10/jboss-to-geronimo-security-migration.html Maybe this feature could be ported into tomcat. On Thu, Oct 9, 2008 at 3:18 PM, Kevin Jackson [EMAIL PROTECTED] wrote: I am trying to configure a JNDIRealm to authenticate against an Active Directory. http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm The authentication seems to work but I wonder how to map LDAP groups to security roles. I do not want to add groups in the LDAP server, but to map existing ones to the roles defined in my web application instead. Is it possible ? I did not found any doc / post about this topic. You could write a custom JNDIRealm that does the mapping/authentication. I've seen this done with postgres, but not with an LDAP server (or AD), but it should be a similar process. Then you add it to tomca/lib and configure your context and web.xml to use the custom JNDIRealm instead of the provided realm Kev - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Migration tomcat 6.0.16 to 6.0.18
Ok, I may have assumed too much. My configuration has virtual hosts spread over the file system. I stopped 6.0.16, copied over the server.xml and Context XML's to 6.0.18, copied a required JDBC library to the lib directory, started 6.0.18 and I was done. I guess that this isn't really a re-deploy. vicens wrote: I doesn't have any problem yet, but why I need to re-deploy my apps when I only want to upgrade a minor version of tomcat? stdunbar wrote: What problems are you having? This is a very simply migration. I was able to just deploy my apps and my server.xml to the 6.0.18 server and go. No code, no configuration changes for me at least. vicens wrote: How can I migrate a tomcat 6.0.16 to tomcat 6.0.18? Where I can found any tutorial? Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Forwarding an exception to the default HTTP 500 error page
I have a web application that uses a proxy class to exchange information with an external system. When this proxy class throws an exception, it always appears as a cause in some other exception, typically javax.el.ELException. I have built a custom error page to handle an exception where the proxy exception is in the cause chain and I have updated my web.xml so that my custom error page gets control. error-page exception-type javax.el.ELException /exception-type location /ViewPOCManagerProxyException.jsp /location /error-page Everything works fine when the proxy exception is in the cause chain, but I don't want to handle all the cases were the javax.el.ELException is caused by something else! Instead, I want to forward those cases to the existing Tomcat HTTP 500 error report page. Imagine my surprise when I discovered that the default HTTP 500 error report page is implemented as a Tomcat valve, not a servlet or JavaServer page that I can easily forward to. I can't be the only person in the world who wants to do something like this. I surely don't want to implement a valve to handle my proxy exceptions. Is there some way to forward an exception to the default HTTP 500 error page? Is there a better alternative to handle common exceptions with a specific cause? Lance
dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
Hi All, I am using jdbc to connect to an oracle database but having a bit of a problem. Here is some details Jdbc driver - Type 4 App server - Tomcat 5.5 Oracle Version - 10g I have placed the jdbc driver on both the following directories [code] $TOMCAT_HOME/common/lib/ $APPLICATION_ROOT_DIR/WEB-INF/lib/ [/code] Here is the stack trace of the error i am getting. [code] 09/10/2008 16:38:30 ERR http-8080-Processor23 com.bt.ccs21.presentation.events.CCS21EventAction: Throwable:org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper at oracle.sql.ArrayDescriptor.createDescriptor(ArrayDescriptor.java:149) at oracle.sql.ArrayDescriptor.createDescriptor(ArrayDescriptor.java:115) at com.bt.ccs21.data.accessors.ConsignmentDAO.submitDeclaration(ConsignmentDAO.java:251) at com.bt.ccs21.presentation.events.consignment.search.SubmitDeclaration.midAction(SubmitDeclaration.java:107) at com.bt.ccs21.presentation.events.CCS21EventAction.execute(CCS21EventAction.java:67) at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58) at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67) at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51) at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304) at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:595) [/code] Here is the java code to get my connection [code] // JNDI Context ctx = null; DataSource ds = null; Connection conn = null; ctx = new InitialContext(); Context envContext = (Context)ctx.lookup(java:/comp/env); if (ctx != null) { ds = (DataSource)envContext.lookup(fullname); if (ds != null) { // Enable tracing on this connection... if (jdbcTraceFile != null ds.getLogWriter() == null) { try { Log.threadLog(Log.DEBUG, CLASSNAME, METHOD + : setting JDBC trace file on DataSource); jdbcTraceFile.println(Tracing on JDBC DataSource + ds.toString()); ds.setLogWriter(jdbcTraceFile); } catch (SQLException sqle) { Log.threadLog(Log.ERROR, CLASSNAME, METHOD + : Exception while setting JDBC trace file); Log.threadLog(Log.ERROR, CLASSNAME, sqle); } } conn = ds.getConnection(); } } [/code] And here is the datasource configuration. This is configured in the following file $TOMCAT_HOME/catalina/localhost/context.xml [code] Resource name=jdbc/testdb auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.driver.OracleDriver
RE: dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
From: Ziggy [mailto:[EMAIL PROTECTED] Sent: 2008 October 09, Thursday 11:12 org.apache.tomcat.dbcp.dbcp.PoolingDataSource I have placed the jdbc driver on both the following directories [code] $TOMCAT_HOME/common/lib/ $APPLICATION_ROOT_DIR/WEB-INF/lib/ [/code] Never, never, never put the same class(es) in more than one location in a given branch of the classloader tree. Since you're using Tomcat to manage the DB connection pool, the .jar file containing the JDBC driver classes must be placed in common/lib. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
Hi, I originally only had it on $TOMCAT_HOME/common/lib but it didnt work. I only put it on both locations to test it out. I have now removed the copy from $APPLICATION_ROOT_DIR/WEB-INF/lib/ and i still have the same problem described below. Thanks On Thu, Oct 9, 2008 at 5:35 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Ziggy [mailto:[EMAIL PROTECTED] Sent: 2008 October 09, Thursday 11:12 org.apache.tomcat.dbcp.dbcp.PoolingDataSource I have placed the jdbc driver on both the following directories [code] $TOMCAT_HOME/common/lib/ $APPLICATION_ROOT_DIR/WEB-INF/lib/ [/code] Never, never, never put the same class(es) in more than one location in a given branch of the classloader tree. Since you're using Tomcat to manage the DB connection pool, the .jar file containing the JDBC driver classes must be placed in common/lib. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: context.xml in META-INF
Please ingnore this. There was a typo in the filename thats why it wasnt working. Thanks On Thu, Oct 9, 2008 at 5:17 PM, Ziggy [EMAIL PROTECTED] wrote: Hi all, I have the following datasource definition in my /META-INF/context.xml Resource name=jdbc/testdb auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.driver.OracleDriver url=jdbc:oracle:thin:@10.10.10.10:1521:testdb username=testuser password=testuser maxActive=20 maxIdle=10 maxWait=-1/ For some reason the above does not work when i deploy the .war file. It does however work if i rename the context.xml file into [applicationname].xml and put it into $TOMCAT_HOME/catalina/localhost/ Does anyone know why it doesnt work if in app/META-INF/context.xml? I am using tomcat 5.5 Thanks
Re: Communicating between webapps
- Original Message - From: André Warnier [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 09, 2008 9:59 AM Subject: Re: Communicating between webapps Hi. This is not my thread, so if anyone thinks I'm pushing the envelope a bit, tell me and I'll start another one. I am interested in this same issue, but in a broader sense : how to share some data, in general, between collaborating webapps within the same container. My case goes somewhat like this : an application consisting of several webapps needs access to some common data (read/write). Each webapp can modify this data, and the changes should be immediately visible to the other webapps. The data is originally loaded and parsed from a disk file, expensively. I would like to avoid each individual webapp to have to reload and reparse this data each time it needs to access it. In other words, a kind of global in-memory DB is what I'm looking for, where individual webapps can create/modify/read/delete records with known keys, in shared mode. I believe that this would also cover the requirements of the OP, although it's probably more than he needs. I realise that this can be done via e.g. an external DB. It could also probably be done, most portably, by creating an entirely separate application accessed via HTTP calls e.g. (à la Amazon DB ?). But it looks as if within the same container, it would be much more efficient if kept in local memory, and avoiding overhead like TCP/IP or JDBC or RMI. Not being an expert in any of the underlying matters, I would just like to know from the eperts here, but preferably without too many difficult words like classloader and dispatchers, if this is in theory possible/allowed, if it could be done in such a way as to be portable to a different container etc.. There is an Application Server like this... its mine... ha ha... but is not open soure... awe gee... Has to be classified as new because we little guys... no onsite Java campus here ;) We use it to do exactly this kind of thing... I'm proud of it, and it has become our core internal tool of choice... but only use it in experimental stuff. Its a webapp... so you drop it into any Tomcat... Its not bean based, it runs applications... In your case this is what we would do... Make the Java Lib... test it in your webapp as normal... When you ready drop it nto the Harbor webapp... Then in any Tomcat that wants to use it... vessel = new Vessel(URL OF HARBOR TOMCAT); i_MailEngine = (I_MailEngine)vessel.loadRemoteSingleton(I_MailEngine.class,kewlstuff.harbor.mailer.MailEngine,APP_ID); ... use that class eg i_MailEngine.Send(message); // etc Like RMI and all the rest its doing serialization and typically one has to know how to use an interface with a class... but thats it. If we did this Class uiApp = vessel.getRemoteClass(kewlstuff.mailer.test.ui.UI); Then that class runs on the users machine... so even our Swing apps now live in Tomcat... Its like RMI but my baby runs full applications for example in one app we have, we load up a client side, that actually uses a complete H2 dB... on the client (not installed on the client) and we leave the Postgres side on the server... all still works as one app ;) Andre all these tools are on the EJB spectrum... thats where you actually going... RMI is remote procedure calls EJB is RMI with Beans PAS (my baby) is remote applications. The PAS is http based thus no Registry stuff needed... it addresses in the same way the internet does... so there are differences, but underneath its all much of the same core technologies... sockets are talking, data is serializing, classes are moving over the wire... yada yada RMI and My Baby are binary based... and that why they kick a web services butt (SOAP is wrapped in XML) its got to translate images to text and and and... But Soap will work between .Net and Java... in theory anyway... the PAS is Java only... These tools work across the world... doesnt have to be in the same TC... if it is, then all this stuff reduces to a little old Class (or the lesser bean) in little old Java. You have to study the stuff out there... and you need to try them... I remember rushing out years ago, and getting all excited about SOAP (web services)... damn that is slow... the answer is always... it depends... I'm very much for the KISS principle... if you dont need it, dont use it... nothing is more powerful that POJO (plain old Java). Thing is KISS does not mean novice... you'll find only the guys that have been around for a while can really KISS ;) Have fun... study em all... --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm
Re: Authentication behaviour
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Maurizio, Maurizio Lotauro wrote: On 6 Oct 2008 at 14:58, Christopher Schultz wrote: Is it a problem to get this 401 before the request is complete? In my case it was a problem because the receive of the server response trigger an end of operation state. Then the repeat of the transmission implicitly interrupt the previous one. Internally it works asyncronous, and this behaviour breaks its state diagram. If you are writing network code, you need to handle disconnects at any time. That's a reasonable interpretation of the spec, but obviously not a practical one. Even omitting and interpreting? Sure. The server can interpret part of the request and respond whenever it wants. Here's another good example: some servers have a file-size upload limit. If the server were required to process the entire file upload before rejecting it (based upon the Content-Length header), DOS attacks would be trivial to mount against any web server. Anyway, as said I my client now is able to handle this situation. The point I wanted only raise up was what IMHO doesn't fully adhere to the rfc 2616. Maybe other clients can have the same problem. I think my file upload example is a compelling one. I'm glad you were able to update your client. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjuSnQACgkQ9CaO5/Lv0PBn5gCgjXyZMYnGtb0sA+Ljmh/cjj6t m9UAnR0z5us+dQjzSN1Bja8xGX6PGT5s =ge2Q -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Dynamically change log4j.xml
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohit, Mohit Anchlia wrote: Is there a way to dynamically change the logging level of log4j.xml in tomcat? I wrote a pair of JSPs a long time ago to do this. It requires a 1.2.x version of log4j, but you can change lots of stuff on the fly. See the last entry on this page: http://www.christopherschultz.net/projects/java/ Enjoy, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjuT40ACgkQ9CaO5/Lv0PAHewCfS+f2aricXJfnQ0LK/RSISnIk rpQAn0HzV1B8OkFIBMDYFJNm6yAAi1Qw =oI5Z -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout and Realm Authentication and Posted Error Message
Hi, My application has an ajax layer which asynchronously polls my tomcat server. When the session for the user is destroyed, the next request causes a forward to the login jsp defined for the form realm. On the login jsp I would like to output an error message like Your session has been timed out. Currently I've setup my ajax to detect a poll which returned a session timed out error, I then post a form with error=session.timeout to the url. The way the realm typically works is that you request a url say /hello.jsp, the app detects you need authenticate so it saves the original request and forwards you over to the login.jsp. You fill in the fields, the auth recoignizes you, restores your original request and forwards you to hello.jsp. Now in my case, the session times out, the client code detects the timeout and posts to /myapp. The problem is that that auth then removes the post parameter but I need that to display the error message. If I change the code to post to login.jsp then the post parameter shows up but the form authetication does work as it doesn't know where to take me once I click login as the original request specified the login page. Any ideas? I've tried using a query string and that works but then I end up with the query string being displayed from that point forward on the address bar of the browser. I'd like to avoid that hence the post. Thank you, Fu-Tung - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
On Thu, Oct 9, 2008 at 7:16 PM, Johnny Kewl [EMAIL PROTECTED] wrote: I'm very much for the KISS principle... if you dont need it, dont use it... nothing is more powerful that POJO (plain old Java). Thing is KISS does not mean novice... you'll find only the guys that have been around for a while can really KISS ;) just a side note Johnny, you need a container for something that can be done without, how is that KIS(S)? regards Leon - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0.18 empties tomcat-users.xml
Hi, I installed Tomcat 6.0.18 on Mac OS 10.4.11 / java version 1.5.0_16 and Ubuntu Hardy / java version 1.6.0_06 and in both cases I get the following strange behaviour: Before starting, $CATALINA_HOME/conf/tomcat-users.xml contains the default user entries. After starting Tomcat, $CATALINA_HOME/conf/tomcat-users.xml is pretty much empty and looks like ?xml version='1.0' encoding='utf-8'? tomcat-users /tomcat-users The log files do not show any error message. My installation procedure was: unpack the tar file, cd to $CATALINA_HOME, fire up bin/startup.sh. Anything I did do completely wrong ? kind regards Robert -- [EMAIL PROTECTED]
RE: Tomcat 6.0.18 empties tomcat-users.xml
From: Robert Hufsky [mailto:[EMAIL PROTECTED] Subject: Tomcat 6.0.18 empties tomcat-users.xml Before starting, $CATALINA_HOME/conf/tomcat-users.xml contains the default user entries. Look again - they're all commented out. After starting Tomcat, $CATALINA_HOME/conf/tomcat-users.xml is pretty much empty and looks like ?xml version='1.0' encoding='utf-8'? tomcat-users /tomcat-users That's expected behavior. If you don't want Tomcat to rewrite the file on startup, set the readonly attribute to true in the Resource element for UserDatabase in the conf/server.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
- Original Message - From: Leon Rosenberg [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Thursday, October 09, 2008 9:54 PM Subject: Re: Communicating between webapps On Thu, Oct 9, 2008 at 7:16 PM, Johnny Kewl [EMAIL PROTECTED] wrote: I'm very much for the KISS principle... if you dont need it, dont use it... nothing is more powerful that POJO (plain old Java). Thing is KISS does not mean novice... you'll find only the guys that have been around for a while can really KISS ;) just a side note Johnny, you need a container for something that can be done without, how is that KIS(S)? I'm just saying that I think a lot of time people lock themselves into complex technology, additional containers, whatever, and if they had just thought about it, done it slightly differently, they would have done it all in a little old webapp... Not into driving a CV and sending poor admin people to the funny farm... kind of thing. Simple as possible is best... if you dont have to use an additional container, dont, whether that be mine or yours... I think --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- If you cant pay in gold... get lost... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK and IIS - troubles?
Hello again Rainer, Rainer Jung-3 wrote: But if you are really actively using 300 connections, it means there are 300 requests processed in parallel inside Tomcat. So you should first check with the thread dump, what those are actually doing, and whether it's a good idea to send even more requests there. Definitely it is not a good idea. Details and a thread dump below. Rainer Jung-3 wrote: If the web server can't acquire another connection from the pool, further requests should fail, not block. Totally agreed. Please note, if I was not clear enough before, that my goal is to avoid that any failing Tomcat application hangs the whole web server (and site). This should not happen at all, whatever settings in the JK connector.. I am not going to solve this particular application's problem before the JK connection works properly - though I will send thread dumps as appropriate to the application developer, and drink a beer with him when this is all over.. but this is another story. I changed the settings just a bit, so now the IIS side JK connections are limited to 50 instead of the previous 250 and 300. I managed to schedule a few thread dumps (3, with a 5 seconds interval) and a Tomcat restart in case of troubles, and just implemented some more logging. I kept the faulty Tomcat app running all day. There were three failures today, but thanks to the logging I just added I can be only sure about the last one, and it was blocking the whole site. As usual, a simple Tomcat restart cured the whole site hang. The HTTP error the application gives, as well as the error of the site root (that BTW is a static html page) simply is: The connection with the server was terminated abnormally Very strangely, an (automated) netstat in this last event shows just four (4) ESTABLISHED connections on the Tomcat server from the IIS server when everything was failing. I am enclosing the last thread dump here, hoping it could shed some light. Please let me know - and forgive me - if I forgot to provide additional information, configuration files, etc. Some of my colleagues use to tell me: Someone, somewhere in the world, had some problem using something. Can you please solve this. Thanks for your help, Br1 http://www.nabble.com/file/p19907446/tomcat%2Bthread%2Bdump%2B3%2B-%2Bfiltered.zip tomcat+thread+dump+3+-+filtered.zip -- View this message in context: http://www.nabble.com/JK-and-IIS---troubles--tp19750760p19907446.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Realm Authentication and Posted Error Message
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fu-Tung, Fu-Tung Cheng wrote: The way the realm typically works is that you request a url say /hello.jsp, the app detects you need authenticate so it saves the original request and forwards you over to the login.jsp. You fill in the fields, the auth recoignizes you, restores your original request and forwards you to hello.jsp. Now in my case, the session times out, the client code detects the timeout and posts to /myapp. The problem is that that auth then removes the post parameter but I need that to display the error message. I have a similar setup on my own application, and I have elected to poke a hole through my authentication for those few URLs affected. This URLs are handled by code that will simply respond with a session timeout error. Then, your client can perform whatever login is necessary and then re-attempt the connection to the service URL. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjud6AACgkQ9CaO5/Lv0PCv9gCgiI4ZmYKYi5uiTugFMN13/a4n D9wAoJhUvgY8Nv8l+Py5HCPAi+kPtxg0 =kJJT -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout and Realm Authentication and Posted Error Message
Hi Chris, Thank you for the response! So the user will be sent to a non-secure page that just says Session Timed out and a link that they click to go back to the login page? The link will then be to a url that requires authentication and then the application works as before? Interesting I think I was stuck in the details of how to get it to work just using the one login.jsp. Learned a lot about the internals of tomcat doing that =) Fu-Tung --- On Thu, 10/9/08, Christopher Schultz [EMAIL PROTECTED] wrote: From: Christopher Schultz [EMAIL PROTECTED] Subject: Re: Session Timeout and Realm Authentication and Posted Error Message To: Tomcat Users List users@tomcat.apache.org Date: Thursday, October 9, 2008, 9:29 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Fu-Tung, Fu-Tung Cheng wrote: The way the realm typically works is that you request a url say /hello.jsp, the app detects you need authenticate so it saves the original request and forwards you over to the login.jsp. You fill in the fields, the auth recoignizes you, restores your original request and forwards you to hello.jsp. Now in my case, the session times out, the client code detects the timeout and posts to /myapp. The problem is that that auth then removes the post parameter but I need that to display the error message. I have a similar setup on my own application, and I have elected to poke a hole through my authentication for those few URLs affected. This URLs are handled by code that will simply respond with a session timeout error. Then, your client can perform whatever login is necessary and then re-attempt the connection to the service URL. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjud6AACgkQ9CaO5/Lv0PCv9gCgiI4ZmYKYi5uiTugFMN13/a4n D9wAoJhUvgY8Nv8l+Py5HCPAi+kPtxg0 =kJJT -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[SECURITY] CVE-2008-3271 - Apache Tomcat information disclosure
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 CVE-2008-3271: Tomcat information disclosure vulnerability Severity: Low Vendor: The Apache Software Foundation Versions Affected: Tomcat 4.1.0 to 4.1.31 Tomcat 5.5.0 Tomcat 6.0.x is not affected The unsupported Tomcat 3.x, 4.0.x and 5.0.x versions may be also affected Description: Bug 25835 (https://issues.apache.org/bugzilla/show_bug.cgi?id=25835) can, in very rare circumstances, permit a user from a non-permitted IP address to gain access to a context protected with a valve that extends RemoteFilterValve. Mitigation: Upgrade to: 4.1.32 or later 5.5.1 or later 6.0.0 or later Example: This has only been reproduced using a debugger to force a particular processing sequence across two threads. 1. Set a breakpoint right after the place where a value is to be entered in the instance variable of regexp (search:org.apache.regexp.CharacterIterator). 2. Send a request from the IP address* which is not permitted. (stopped at the breakpoint) *About the IP address which is not permitted. The character strings length of the IP address which is set in RemoteAddrValve must be same. 3. Send a request from the IP address which was set in RemoteAddrValve. (stopped at the breakpoint) In this way, the instance variable is to be overwritten here. 4. Resume the thread which is processing the step 2 above. 5. The request from the not permitted IP address will succeed. Credit: This issue was discovered by Kenichi Tsukamoto (Development Dept. II, Application Management Middleware Div., FUJITSU LIMITED) and reported to the Tomcat security team via JPCERT. References: http://tomcat.apache.org/security.html Mark Thomas -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjuibsACgkQb7IeiTPGAkO33wCgiBY0nBdTaXBC8oPoHqMWH4mt OtgAmQHjgnxg0vKKSp43vez8XaBIZpOj =9Z/F -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problems of 5.0 to 5.5 upgrade
So how could I find the best way to achieve this in programming? Mark Thomas-18 wrote: In both cases what are you actually trying to achieve. The 5.0-5.5 refactoring means that the 'new' classes might not be the best way to achieve what you are trying to achieve. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/problems-of-5.0-to-5.5-upgrade-tp19896877p19911224.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setHeader after DoFilter delegation in filter?
Thanks for the response Christopher. Unfortunately I need to set a value in the header after the doFilter() delegation. The reason is that header valuedepends on the result of the page rendering. So, if autoflush is disabled and the buffer size is not exceeded for the page shouldn't a setHeader() call made after the doFilter() call be able to set the value in the response header? Or, to put it another way, does the j2ee spec (or tomcat design) always start sending the response to the client when the page is rendered (after the last filter has been executed in a filter chain), or after the filterchain has completed its processing? Mike Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Michael, Michael Larson wrote: I'm debugging a tomcat filter. The filter has been designed as follows: MyFilter::DoFilter(ServletRequest request, ServletResponse response, FilterChain chain) { do_some_stuff(); //now delegate the call the chain chain.DoFilter(); //the header value below doesn't always show up at the client response.setHeader(post-filter,true); } This might not work because the response could have been committed. If the response buffer is filled, then the headers will be sent back to the client. If you come along later and try to set a header, you'll get an exception. For the jsp page being accessed I've turned off AutoFlush (via a server side directive). However, I'm still seeing this page (if it exceeds a certain size but well below the jspwriter buffer size) will be sent back to the client before the response header has been modified. I'm not sure about autoFlush, but it may be that you're hitting a hard buffer limit and the data is being sent, anyway. If AutoFlush is turned off for the jsp page and the page doesn't exceed the buffer size can it still send the response back to the client before the filter chain has completed (and in this example before the header has been modified)? Is it a bad idea to modify the response header after the call to chain.DoFilter()? It's much better to do it up front if you can. Why do you need the header to be set after the fact? If you really must do this, you can always do your own buffering by wrapping the request along with your own OutputStream/Writer that buffers itself. The version of tomcat is v5.5.23, and no exceptions are thrown when the setHeader call is made. That's interesting that no exceptions are thrown. :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjrrxwACgkQ9CaO5/Lv0PAKdwCfbEXaoIj5cnMLIYZciiEXcAL8 0TMAn0CWqgdA8qQNsZwDabIQHbRHPoqY =Gqzj -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/setHeader-after-DoFilter-delegation-in-filter--tp19862960p19912296.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]