Re: Tomcat 6 does not start in a cluster. It simply hangs... Any Idea..

2009-01-07 Thread jsandhu2204 

I have created stack trace when servers hangs.  Please see attached.  I would
appreciate if you can help me with this.
If I put  flag in the web.xml of the application. Tomcat6
does not start sometimes.  It simply hangs.

http://www.nabble.com/file/p21347289/CheatSheet-ltr1vs02-Tomcat6-hangs-if-put-distributeable-tag.rtf
CheatSheet-ltr1vs02-Tomcat6-hangs-if-put-distributeable-tag.rtf 

http://www.nabble.com/file/p21347289/CheatSheet-Tomcat6-hangs-if-put-distributeable-tag.rtf
CheatSheet-Tomcat6-hangs-if-put-distributeable-tag.rtf 

Filip Hanik - Dev Lists wrote:
> 
> When this happens, simply take a thread dump, and we can see  why it is 
> hanging
> 
> Unix:
> kill -3 
> jstack -l 
> 
> Windows
> Ctrl+Break in the console
> jstack -l 
> 
> Filip
> 
> jsandhu2204 wrote:
>> Problem1 :  While starting tomcat6, sometimes it starts other times it
>> simply
>> hangs on the following message: 
>> INFO: Manager [localhost#/ivos]; session state send at 12/12/08 12:34 AM
>> received in 110 ms. 
>> Tomcat Log: 
>>
>> INFO: Register manager /ivos to cluster element Engine with name Catalina
>> Dec 12, 2008 12:34:53 AM org.apache.catalina.ha.session.DeltaManager
>> start 
>>
>> INFO: Starting clustering manager at /ivos Dec 12, 2008 12:34:53 AM
>> org.apache.catalina.ha.session.DeltaManager getAllClusterSessions 
>>
>> WARNING: Manager [localhost#/ivos], requesting session state from
>> org.apache.catalina.tribes.membership.MemberImpl[tcp://{10, 88, 8,
>> 28}:4002,{10, 88, 8, 28},4002, alive=123501,id={27 -68 111 -64 -49 -117
>> 68
>> 38 -98 -27 -49 39 -22 6 -88 -38 }, payload={}, command={}, domain={}, ].
>> This operation will timeout if no session state has been received within
>> 60
>> seconds. 
>>
>> Dec 12, 2008 12:34:53 AM org.apache.catalina.ha.session.DeltaManager
>> waitForSendAllSessions 
>>
>> INFO: Manager [localhost#/ivos]; session state send at 12/12/08 12:34 AM
>> received in 110 ms. 
>>
>>   
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Tomcat-6-does-not-start-in-a-cluster.--It-simply-hangs...-Any-Idea..-tp21130862p21347289.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat not responding to https

2009-01-07 Thread Binu Mohan 
Hi,

I have an Apache Tomcat installation on a Windows Server 2003 machine. I 
have configured Tomcat to work with SSL by following the instructions given in 
the documentation (using the java ketytool utility).

However, the configuration works fine on my development machine (XP 
desktop), but it is not working on the server. When try and access the Tomcat 
homepage from the server using https://localhost:8443/ it waits for a long time 
and times out. If I try and access the site using http://localhost:8443/, the 
Tomcat server displays the home page where it should have displayed some 
unprintable characters (as I have accessed using http).

The same keystore and server configuration file are working fine on my 
development machine. Any idea what could be causing the https requests to time 
out and the http requests to the secure port 8443 to display the actual page 
and not the encrypted response?

Everything works as expected on the development machine

Thanks & Regards,
Binu

This e-mail and any files transmitted with it are for the sole use of the 
intended recipient(s) and may contain confidential and privileged information. 
If you are not the intended recipient, please contact the sender by reply 
e-mail and destroy all copies of the original message.  Any unauthorised 
review, use, disclosure, dissemination, forwarding, printing or copying of this 
email or any action taken in reliance on this e-mail is strictly prohibited and 
may be unlawful.

RE: http-only cookies

2009-01-07 Thread Mark Thomas 
> Http-Only is support Tomcat 6?

Not yet. Might make it for 6.0.19 if the current patch gets re-written to
align it with the servlet 3 spec in time.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: MemoryUserDatabaseMBean Broken in Tomcat 6?

2009-01-07 Thread Mark Thomas 
> I couldn't find any mention of this in the Tomcat 6 bug database.
> Should I submit a bug report?

Yes please. one with a patch to fix it woudl be even better.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: pb compilation on jsp param with tomcat 5.5.27

2009-01-07 Thread Mark Thomas 
> Line is
>  archive="dclock.jar" height="36" width="166">
>  
>etc"%
> >" />

The spec says you can't do this:

You have to do:

or


Alternatively you can disable this check with a system property. See 
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html

Be careful if you do disable this check. Strange things can go wrong with
the JSP parsing.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat 5.5.X End of Life

2009-01-07 Thread Mark Thomas 
> -Original Message-
> From: Chad Kellerman [mailto:sunck...@gmail.com]
> Sent: 07 January 2009 16:38
> To: Tomcat Users List
> Subject: Apache Tomcat 5.5.X End of Life
> 
> Tomcat Users,
> Is there an expected End of Life date for Tomcat 5.5.x?  I couldn't
> find
> anything on the apache site or google?

No firm plans as yet. Best guess is that it will move to security fixes only
some time later this year. Security fixes are likely to continue for several
years.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 6 and log4j

2009-01-07 Thread Mark Thomas 
> From: Gregor Schneider [mailto:rc4...@googlemail.com]
> Ain't it just enough to copy "commons-logging-1.1.jar" do
> ${CATALINA_HOME}/lib, and that's it?
No.
 
> And one suggestion:
> 
> Why make it so difficult and have the user to do the build? Why not
> put the appropriate jars for download on the Tomcat website? Or did I
> miss them?
It is in bin/extras on all the mirrors.

The logging page coudl do with updating with that information and a browse
option on the downoad page woudl help find it. I'll add those changes to my
todo list.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

http-only cookies

2009-01-07 Thread Diego Armando Gusava 
Http-Only is support Tomcat 6?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6; getting logging to work

2009-01-07 Thread Filip Hanik - Dev Lists 

yes, but you havent defined what 6mmi actually logs to
all the other loggers have defined what directory and what file name is 
used,

Filip

juan.velez wrote:

Yes I have

handlers = 1catalina.org.apache.juli.FileHandler,
2localhost.org.apache.juli.FileHandler, \
   3manager.org.apache.juli.FileHandler,
4admin.org.apache.juli.FileHandler, \
   5host-manager.org.apache.juli.FileHandler,
6mmi.org.apache.juli.FileHandler, \
   java.util.logging.ConsoleHandler


Filip Hanik - Dev Lists wrote:
  

have you defined

6mmi.org.apache.juli.FileHandler

I don't see that in your addition

Filip

juan.velez wrote:


I followed the directions in that link
(http://tomcat.apache.org/tomcat-6.0-doc/logging.html) and my logging
messages still do not show up. I mean, I see the INFO messages generated
by
my web-app but if I change the level to FINE (or FINEST) I do not see it.
I
am using Tomcat 6.0.18 and Java Util Logging

I have modified the %CATALINA_HOME%\conf\logging.properties (Using
Jconsole
I can see that this is the file being used as the logging properties) to
add
a new file handler 6mmi.org.apache.juli.FileHandler, changed the level
for
the console handler to FINEST

java.util.logging.ConsoleHandler.level = FINEST

And added

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].level
=
FINEST
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].handlers
= 6mmi.org.apache.juli.FileHandler

I do see the mmi.-mm-dd.log file created but the only contents are
INFO
messages generated by catalina. And messages below INFO are not seen on
either the console or any of the log files.

Any idea what I am doing wrong?

Thanks,

Juan





Mark Thomas-18 wrote:
  
  

Peter Hawkins wrote:



Basically, I would like to enable logging for my JSP app.  How do I do
it?
  
  

Take a look at http://tomcat.apache.org/tomcat-6.0-doc/logging.html
You want the java.util.logging section. Replace the examples web app
with 
your own and then just use java.util.logging as per normal.





Is it the same procedure for tomcat 5.5 and 6.0?
  
  

No.




Do I need to rebuild tomcat with log4j to get ANY logging?
  
  

No. Only if you want to use log4j for all Tomcat logging.



Where is the catalina.out file?  I can't find it anyplace, but I see it 
being discussed.
  
  

It is now catalina.-mm-dd and is in the logs directory.




How do I direct the stdout logging to a file with Tomcat 6.
  
  
Set the swallowOutput for the context. See 
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html


HTH,

Mark


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





  
  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tribes Startup Help

2009-01-07 Thread Filip Hanik - Dev Lists 

hi Mike, it all looks good.
There is one side effect you may not be aware of.
by default the 'receiver' autobind is enabled. that means if 
receiver.setPort(port) is not available, it will increment the port 
number and try again.

so the actual port might be different from what you think you have set.
To disable this behavior, you would receiver.setAutoBind(0);


Filip

Mike Wannamaker wrote:

Hi,

We are using 5.5.27 and using tribes, however instead of tomcat
initializing and starting tribes we are doing it ourselves.  Below is my
code.  I was just wondering if you see anything wrong with what I'm
doing.

public synchronized void startup()
{
if(_tribesChannel == null)
{ // nothing to do if already running
try
{
_tribesChannel = new GroupChannel();
// must be done before start:
MembershipService mService =
_tribesChannel.getMembershipService();
McastService mCastService = (McastService)mService;
mCastService.setPort(_mainPort);
mCastService.setAddress(_multicastIPAddr);
mCastService.setRecoveryCounter(10);
// 10 Seconds instead of 3 seconds?
mCastService.setDropTime(10*1000);
ChannelReceiver receiver =
_tribesChannel.getChannelReceiver();
// _desiredLocalIPAddr may be set to select one nic in multihome
environments
if(_desiredLocalIPAddr != null &&
_desiredLocalIPAddr.length() > 0)
{
// Question: Set both of these, to have heartbeat and messages sent on
same nic?
mCastService.setBind(_desiredLocalIPAddr);
if(receiver instanceof ReceiverBase)
{

((ReceiverBase)receiver).setAddress(_desiredLocalIPAddr);
}
}
// Set if we want a different port than what tomcat uses as default
"4000"
if(_ancillaryPort > 0)
{
if(receiver.getPort() != _ancillaryPort)
{
if(receiver instanceof ReceiverBase)
{

((ReceiverBase)receiver).setPort(_ancillaryPort);
}
}
}
_tribesChannel.addInterceptor(new
TcpFailureDetector());
 
_tribesChannel.addMembershipListener(_tribesMembershipListener);
 
_tribesChannel.addChannelListener(_tribesChannelListener);

_tribesChannel.start(CHANNEL_COMPONENTS);
// This just adds this machine to our internal cluster topology list
addToTopology();
}
catch(ChannelException ex)
{
try { _tribesChannel.stop(CHANNEL_COMPONENTS); }
catch(Throwable t) { /*gulp*/}
_tribesChannel = null;
throw new RuntimeException(ex); // todo, exception
handling?
}
}
}

public void shutdown()
{
super.shutdown();
if(_tribesChannel != null)
{
try
{
synchronized(_tribesChannel)
{
 
_tribesChannel.removeMembershipListener(_tribesMembershipListener);
 
_tribesChannel.removeChannelListener(_tribesChannelListener);

_tribesChannel.stop(CHANNEL_COMPONENTS);
}
}
catch(ChannelException ex)
{
throw new RuntimeException(ex); // todo, exception
handling?
}
finally
{
_tribesChannel = null;
}
}
}

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat 6; getting logging to work

2009-01-07 Thread Chris Hut 
 
I believe these config lines only specify logging for Container-specific
message (such as webapp initialization-related messaging):

org.apache.catalina.core.ContainerBase.[Catalina].[localhost]...

What you could do is specify a named handler like this:

com.nmi.handlers=6mmi.org.apache.juli.FileHandler
com.nmi.level=FINEST

assuming all of your logger names start with "com.nmi" this should work
for you.

Chris

-Original Message-
From: juan.velez [mailto:juan.ve...@areva-td.com] 
Sent: Wednesday, January 07, 2009 1:30 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat 6; getting logging to work


I followed the directions in that link
(http://tomcat.apache.org/tomcat-6.0-doc/logging.html) and my logging
messages still do not show up. I mean, I see the INFO messages generated
by
my web-app but if I change the level to FINE (or FINEST) I do not see
it. I
am using Tomcat 6.0.18 and Java Util Logging

I have modified the %CATALINA_HOME%\conf\logging.properties (Using
Jconsole
I can see that this is the file being used as the logging properties) to
add
a new file handler 6mmi.org.apache.juli.FileHandler, changed the level
for
the console handler to FINEST

java.util.logging.ConsoleHandler.level = FINEST

And added

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].lev
el =
FINEST
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].han
dlers
= 6mmi.org.apache.juli.FileHandler

I do see the mmi.-mm-dd.log file created but the only contents are
INFO
messages generated by catalina. And messages below INFO are not seen on
either the console or any of the log files.

Any idea what I am doing wrong?

Thanks,

Juan





Mark Thomas-18 wrote:
> 
> Peter Hawkins wrote:
>> Basically, I would like to enable logging for my JSP app.  How do I
do
>> it?
> Take a look at http://tomcat.apache.org/tomcat-6.0-doc/logging.html
> You want the java.util.logging section. Replace the examples web app
with 
> your own and then just use java.util.logging as per normal.
> 
>> Is it the same procedure for tomcat 5.5 and 6.0?
> No.
> 
>> Do I need to rebuild tomcat with log4j to get ANY logging?
> No. Only if you want to use log4j for all Tomcat logging.
> 
>> Where is the catalina.out file?  I can't find it anyplace, but I see
it 
>> being discussed.
> It is now catalina.-mm-dd and is in the logs directory.
> 
>> How do I direct the stdout logging to a file with Tomcat 6.
> Set the swallowOutput for the context. See 
> http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
> 
> HTH,
> 
> Mark
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context:
http://www.nabble.com/Tomcat-6--getting-logging-to-work-tp15491669p21340
734.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

MemoryUserDatabaseMBean Broken in Tomcat 6?

2009-01-07 Thread Richard Eggert 
It appears that MemoryUserDatabaseMBean is broken in Tomcat 6 (and
probably earlier versions of Tomcat, though I haven't tried them).

I've been playing around with the Tomcat's support for the MX4J
HttpAdaptor as described at
http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html , and tried
using the MemoryUserDatabaseMBean
(Users:type=UserDatabase,database=UserDatabase) to edit my
tomcat-users.xml file on the fly without restarting Tomcat.  Some of
its operations sort of work (notably, "save" appears to work properly,
and "createGroup", "createUser", and "createRole" do appear to create
groups, users, and roles, respectively), but for the most part, the
MBean appears to be horribly broken.

When I call one of the "create" operations, the role, group, or user
does get created (at least, they show up in tomcat-users.xml after I
call "save"), but no corresponding RoleMBean, GroupMBean, or UserMBean
is registered, so there's no way to assign roles and groups to users
after they are created (and a user with no roles is fairly useless).

According to their descriptions, the "find" operations are supposed to
return MBean names, but instead they return the XML snippets that
appear in tomcat-users.xml.

The "remove" operations don't work at all.  For example, when I try to
invoke "removeUser", I get the error "Cannot find method removeUser
with this signature."

I couldn't find any mention of this in the Tomcat 6 bug database.
Should I submit a bug report?

-- 
Rich

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Oracle database calling the web app?

2009-01-07 Thread Bill Davidson 

Ken Bowen wrote:
Whoops, hold that.  This is ok for outbound.  For inbound, it seems 
Jboss is needed:  http://activemq.apache.org/jboss-integration.html


I'm not sure I understand how that says JBoss is needed to do inbound
communications.

There is a page on configuring Tomcat:

http://activemq.apache.org/tomcat.html

I'm finding the ActiveMQ docs less than obvious.  I'm not entirely clear
on what it is I'm trying to do when setting this up.

I'm confused about whether I need to run ActiveMQ as a stand alone
process with a connector to Tomcat or whether I can run ActiveMQ
inside Tomcat (is that what they mean by embeded?).  The latter sounds
better.

I've had no luck finding an "Introduction to setting up ActiveMQ with
Tomcat for people who've never set up JMS before" tutorial.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Oracle database calling the web app?

2009-01-07 Thread Bill Davidson 

Juha Laiho wrote:

However, have you actually measured how much load it would put to various
pieces of your system to not cache this data, but just fetch it from the
DB more or less each time it is needed?
  


We currently have the ability to turn the caching on or off.  We 
generally only
turn it on when we anticipate a massive traffic storm coming to our site 
(caused
by new highly in demand items going on sale).  At the moment, once we 
turn the
cache on, the cached data only gets updated by turning caching off and 
then back
on -- which is something we don't like to do when we are getting 
thousands of hits

per minute.

While I'm not aware of exact measurements, the system can handle major
traffic loads much better when we have the caching on.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Oracle database calling the web app?

2009-01-07 Thread Juha Laiho 
Bill Davidson wrote:
> Is it possible to set up a callback like situation so that a trigger in an
> Oracle 10g database can call a method in a currently running webapp
> that's running in Tomcat 6?

Yes, there's UTL_HTTP PL/SQL package available in Oracle, which provides
HTTP client functionality. AQ can also do the job, as others have already
told. See f.ex. http://www.psoug.org/reference/utl_http.html for details.

> My situation is that I want to cache some infrequently changed database
> data in memory but when that data does change in the database, I want
> the web applications, running on multiple servers, to immediately pick
> up the change.

As you say it's "on multiple servers", remember that you'll also need to
send the "update" event to multiple destinations. If it were just
a single server, I think you could've arranged things so that also the
update would arrive via the single server.

However, have you actually measured how much load it would put to various
pieces of your system to not cache this data, but just fetch it from the
DB more or less each time it is needed?

> Right now, one idea I have for this is to have the database trigger
> create a file in a file system that's shared by the database server and
> the application servers and have the web apps check for the existence
> of this file to know whether to update the cache.  It feels ugly and
> means hitting a networked file system a lot but it seems like it should
> work and it seems like it should not be as bad as hitting the database
> constantly for something that doesn't change very often.

DB's are pretty adept at caching frequently used data (and queries and ...),
so I'm not certain whether you're achieving anything by replacing one
cache with another (esp. if handling the whole use case does anyway
require accessing some data from the same database).
-- 
..Juha

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tribes Startup Help

2009-01-07 Thread Mike Wannamaker 
Hi,

We are using 5.5.27 and using tribes, however instead of tomcat
initializing and starting tribes we are doing it ourselves.  Below is my
code.  I was just wondering if you see anything wrong with what I'm
doing.

public synchronized void startup()
{
if(_tribesChannel == null)
{ // nothing to do if already running
try
{
_tribesChannel = new GroupChannel();
// must be done before start:
MembershipService mService =
_tribesChannel.getMembershipService();
McastService mCastService = (McastService)mService;
mCastService.setPort(_mainPort);
mCastService.setAddress(_multicastIPAddr);
mCastService.setRecoveryCounter(10);
// 10 Seconds instead of 3 seconds?
mCastService.setDropTime(10*1000);
ChannelReceiver receiver =
_tribesChannel.getChannelReceiver();
// _desiredLocalIPAddr may be set to select one nic in multihome
environments
if(_desiredLocalIPAddr != null &&
_desiredLocalIPAddr.length() > 0)
{
// Question: Set both of these, to have heartbeat and messages sent on
same nic?
mCastService.setBind(_desiredLocalIPAddr);
if(receiver instanceof ReceiverBase)
{

((ReceiverBase)receiver).setAddress(_desiredLocalIPAddr);
}
}
// Set if we want a different port than what tomcat uses as default
"4000"
if(_ancillaryPort > 0)
{
if(receiver.getPort() != _ancillaryPort)
{
if(receiver instanceof ReceiverBase)
{

((ReceiverBase)receiver).setPort(_ancillaryPort);
}
}
}
_tribesChannel.addInterceptor(new
TcpFailureDetector());
 
_tribesChannel.addMembershipListener(_tribesMembershipListener);
 
_tribesChannel.addChannelListener(_tribesChannelListener);
_tribesChannel.start(CHANNEL_COMPONENTS);
// This just adds this machine to our internal cluster topology list
addToTopology();
}
catch(ChannelException ex)
{
try { _tribesChannel.stop(CHANNEL_COMPONENTS); }
catch(Throwable t) { /*gulp*/}
_tribesChannel = null;
throw new RuntimeException(ex); // todo, exception
handling?
}
}
}

public void shutdown()
{
super.shutdown();
if(_tribesChannel != null)
{
try
{
synchronized(_tribesChannel)
{
 
_tribesChannel.removeMembershipListener(_tribesMembershipListener);
 
_tribesChannel.removeChannelListener(_tribesChannelListener);
_tribesChannel.stop(CHANNEL_COMPONENTS);
}
}
catch(ChannelException ex)
{
throw new RuntimeException(ex); // todo, exception
handling?
}
finally
{
_tribesChannel = null;
}
}
}

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6; getting logging to work

2009-01-07 Thread juan.velez 

Yes I have

handlers = 1catalina.org.apache.juli.FileHandler,
2localhost.org.apache.juli.FileHandler, \
   3manager.org.apache.juli.FileHandler,
4admin.org.apache.juli.FileHandler, \
   5host-manager.org.apache.juli.FileHandler,
6mmi.org.apache.juli.FileHandler, \
   java.util.logging.ConsoleHandler


Filip Hanik - Dev Lists wrote:
> 
> have you defined
> 
> 6mmi.org.apache.juli.FileHandler
> 
> I don't see that in your addition
> 
> Filip
> 
> juan.velez wrote:
>> I followed the directions in that link
>> (http://tomcat.apache.org/tomcat-6.0-doc/logging.html) and my logging
>> messages still do not show up. I mean, I see the INFO messages generated
>> by
>> my web-app but if I change the level to FINE (or FINEST) I do not see it.
>> I
>> am using Tomcat 6.0.18 and Java Util Logging
>>
>> I have modified the %CATALINA_HOME%\conf\logging.properties (Using
>> Jconsole
>> I can see that this is the file being used as the logging properties) to
>> add
>> a new file handler 6mmi.org.apache.juli.FileHandler, changed the level
>> for
>> the console handler to FINEST
>>
>> java.util.logging.ConsoleHandler.level = FINEST
>>
>> And added
>>
>> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].level
>> =
>> FINEST
>> org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].handlers
>> = 6mmi.org.apache.juli.FileHandler
>>
>> I do see the mmi.-mm-dd.log file created but the only contents are
>> INFO
>> messages generated by catalina. And messages below INFO are not seen on
>> either the console or any of the log files.
>>
>> Any idea what I am doing wrong?
>>
>> Thanks,
>>
>> Juan
>>
>>
>>
>>
>>
>> Mark Thomas-18 wrote:
>>   
>>> Peter Hawkins wrote:
>>> 
 Basically, I would like to enable logging for my JSP app.  How do I do
 it?
   
>>> Take a look at http://tomcat.apache.org/tomcat-6.0-doc/logging.html
>>> You want the java.util.logging section. Replace the examples web app
>>> with 
>>> your own and then just use java.util.logging as per normal.
>>>
>>> 
 Is it the same procedure for tomcat 5.5 and 6.0?
   
>>> No.
>>>
>>> 
 Do I need to rebuild tomcat with log4j to get ANY logging?
   
>>> No. Only if you want to use log4j for all Tomcat logging.
>>>
>>> 
 Where is the catalina.out file?  I can't find it anyplace, but I see it 
 being discussed.
   
>>> It is now catalina.-mm-dd and is in the logs directory.
>>>
>>> 
 How do I direct the stdout logging to a file with Tomcat 6.
   
>>> Set the swallowOutput for the context. See 
>>> http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
>>>
>>> HTH,
>>>
>>> Mark
>>>
>>>
>>> -
>>> To start a new topic, e-mail: users@tomcat.apache.org
>>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>>
>>>
>>>
>>> 
>>
>>   
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Tomcat-6--getting-logging-to-work-tp15491669p21341246.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6; getting logging to work

2009-01-07 Thread Filip Hanik - Dev Lists 

have you defined

6mmi.org.apache.juli.FileHandler

I don't see that in your addition

Filip

juan.velez wrote:

I followed the directions in that link
(http://tomcat.apache.org/tomcat-6.0-doc/logging.html) and my logging
messages still do not show up. I mean, I see the INFO messages generated by
my web-app but if I change the level to FINE (or FINEST) I do not see it. I
am using Tomcat 6.0.18 and Java Util Logging

I have modified the %CATALINA_HOME%\conf\logging.properties (Using Jconsole
I can see that this is the file being used as the logging properties) to add
a new file handler 6mmi.org.apache.juli.FileHandler, changed the level for
the console handler to FINEST

java.util.logging.ConsoleHandler.level = FINEST

And added

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].level =
FINEST
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].handlers
= 6mmi.org.apache.juli.FileHandler

I do see the mmi.-mm-dd.log file created but the only contents are INFO
messages generated by catalina. And messages below INFO are not seen on
either the console or any of the log files.

Any idea what I am doing wrong?

Thanks,

Juan





Mark Thomas-18 wrote:
  

Peter Hawkins wrote:


Basically, I would like to enable logging for my JSP app.  How do I do
it?
  

Take a look at http://tomcat.apache.org/tomcat-6.0-doc/logging.html
You want the java.util.logging section. Replace the examples web app with 
your own and then just use java.util.logging as per normal.




Is it the same procedure for tomcat 5.5 and 6.0?
  

No.



Do I need to rebuild tomcat with log4j to get ANY logging?
  

No. Only if you want to use log4j for all Tomcat logging.


Where is the catalina.out file?  I can't find it anyplace, but I see it 
being discussed.
  

It is now catalina.-mm-dd and is in the logs directory.



How do I direct the stdout logging to a file with Tomcat 6.
  
Set the swallowOutput for the context. See 
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html


HTH,

Mark


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org






  



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat 6; getting logging to work

2009-01-07 Thread juan.velez 

I followed the directions in that link
(http://tomcat.apache.org/tomcat-6.0-doc/logging.html) and my logging
messages still do not show up. I mean, I see the INFO messages generated by
my web-app but if I change the level to FINE (or FINEST) I do not see it. I
am using Tomcat 6.0.18 and Java Util Logging

I have modified the %CATALINA_HOME%\conf\logging.properties (Using Jconsole
I can see that this is the file being used as the logging properties) to add
a new file handler 6mmi.org.apache.juli.FileHandler, changed the level for
the console handler to FINEST

java.util.logging.ConsoleHandler.level = FINEST

And added

org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].level =
FINEST
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/mmi].handlers
= 6mmi.org.apache.juli.FileHandler

I do see the mmi.-mm-dd.log file created but the only contents are INFO
messages generated by catalina. And messages below INFO are not seen on
either the console or any of the log files.

Any idea what I am doing wrong?

Thanks,

Juan





Mark Thomas-18 wrote:
> 
> Peter Hawkins wrote:
>> Basically, I would like to enable logging for my JSP app.  How do I do
>> it?
> Take a look at http://tomcat.apache.org/tomcat-6.0-doc/logging.html
> You want the java.util.logging section. Replace the examples web app with 
> your own and then just use java.util.logging as per normal.
> 
>> Is it the same procedure for tomcat 5.5 and 6.0?
> No.
> 
>> Do I need to rebuild tomcat with log4j to get ANY logging?
> No. Only if you want to use log4j for all Tomcat logging.
> 
>> Where is the catalina.out file?  I can't find it anyplace, but I see it 
>> being discussed.
> It is now catalina.-mm-dd and is in the logs directory.
> 
>> How do I direct the stdout logging to a file with Tomcat 6.
> Set the swallowOutput for the context. See 
> http://tomcat.apache.org/tomcat-6.0-doc/config/context.html
> 
> HTH,
> 
> Mark
> 
> 
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> 

-- 
View this message in context: 
http://www.nabble.com/Tomcat-6--getting-logging-to-work-tp15491669p21340734.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: SSL Accelerator - Front ending Tomcat

2009-01-07 Thread Brian Clark 






From: Rainer Jung 
To: Tomcat Users List 
Sent: Tuesday, October 14, 2008 9:46:56 AM
Subject: Re: SSL Accelerator - Front ending Tomcat

Mike Koponick schrieb:
> Hello Everyone,
> 
> I have not been a frequent administrator of Tomcat, but it seems that
> I am becoming one!
> 
> So, Here is my setup, I using an SSL accelerator in front of a Tomcat
> server running two instances. When I try to access the website, the
> webserver (rightfully so) redirects me to another page on the same
> machine for the same instance. Thusly, I do not have the "https" URL
> any longer, but have "http" instead, of course this kills the
> connection.
> 
> So, I was wondering if anyone has had any experience setting up this
> type of environment. It seems to me that Tomcat doesn't know that
> this is a secure connection.
> 
> Any information is good information.

So look at

  http://tomcat.apache.org/tomcat-6.0-doc/config/http.html

especially proxyName, proxyPort, scheme and secure.

Regards,

Rainer
--

Anyone have success doing this?  I am having lots of problems getting this to 
work, and in choosing the config directives to use to get it to work. 

For example, I set secure="true" and scheme="https" in the Connector block of 
my server.xml. In testing, However, when I call request.isSecure()it returns 
"false". When I call request.getScheme() it returns "http". I tested this with 
a simple page on my local instance of Tomcat--I accessed that page via 
http://localhost:8080.  Shouldn't the secure and scheme directives override 
whatever connection the browser initiated and return the configured value? 

Am I missing something? Do I need to define the proxyName and proxyPort config 
directives? I tried that, and it didnt' seem to have an effect. 

I have the exact scenario (SSL accelerator in front of Tomcat) described above 
and am having problems forcing my apps to generate https URLs instead of http. 
(BTW:  I'm running Tomcat 6.0.16 on Windows 2003)

Thanks,
Brian

Re: Single WAR to update multiple contexts

2009-01-07 Thread Alan Chaney 

Sean

Wouldn't it be easier to have ONE webapp and determine the database 
from, for example, the URL its invoked with?


Its a little difficult to know exactly how you are doing things but 
instead of having /ctx1 /ctx2 /ctx3 and mapping each one to ctx1.war
why not have a filter in your setup which determines that its invoked 
with /ctx1 and passes a parameter to the actual servlet which selects 
the database you require? You could have one web app as ROOT and do it

that way.

Maybe you could explain further why you need 200 separate versions where 
the only difference is the name of the database?


Regards

Alan Chaney


Sean W wrote:

Greetings!

I have a single war packaged application that needs to have about 200 unique
context paths running (200 copies of the application running - each uses a
different database based on the context name).

I know how to deploy 1 context at a time, but how can I do this so that if I
want to update all these contexts to the "next version", I can update them
all at the same time easily?

Any suggests are much appreciated. Thanks!
-Sean W





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_headers and .htaccess for P3P policy

2009-01-07 Thread David Fisher 
When I had to deal with p3p policy then I simply put a directory  
called "w3c" in my webapps and dropped in a "p3p.xml" and  
"policy.xml". Afterwards my webapp on a different url in tomcat could  
be opened in an iframe by our partners IIS served ASP application.


w3c/p3p.xml
w3c/policy.xml

Is this what you are looking for?

Regards,
Dave

On Jan 7, 2009, at 7:49 AM, Sergio Arrighi wrote:


Hello to everyone,

I'm using apache 6 on a Windows server machine.
I'm hosting a webapplication which is used in a third party web site  
included in an IFRAME.
I've an issue with IE6 an IE7 about session replication. I've read  
on the internet that this issue is dued to P3P policies and that  
it's sufficient to add a clause to the header like this:



Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR  
ADM DEV OUR BUS\""

# OR THIS, SIMPLER
Header set P3P "policyref=\"/w3c/p3p.xml\""


I've read on the internet that this is possible using .htaccess file  
in the webapp directory.

I've tried with no success.
Could someone please explain this procedure to me??

Thanks a lot

Sergio Arrighi

--
*I.M.I.N. Holding s.r.l.*
Sergio Arrighi
sergio.arri...@iminholding.com 
Cell. 3455805121

Vicolo Molino, 2
21052 Busto Arsizio
Varese
Tel. +39 0331324679
Fax. +39 0331324678
www.iminholding.com


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Single WAR to update multiple contexts

2009-01-07 Thread Sean W 

Greetings!

I have a single war packaged application that needs to have about 200 unique
context paths running (200 copies of the application running - each uses a
different database based on the context name).

I know how to deploy 1 context at a time, but how can I do this so that if I
want to update all these contexts to the "next version", I can update them
all at the same time easily?

Any suggests are much appreciated. Thanks!
-Sean W



-- 
View this message in context: 
http://www.nabble.com/Single-WAR-to-update-multiple-contexts-tp21338593p21338593.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: mod_headers and .htaccess for P3P policy

2009-01-07 Thread Hassan Schroeder 
On Wed, Jan 7, 2009 at 5:49 AM, Sergio Arrighi
 wrote:

> I'm using apache 6 on a Windows server machine.

> I've read on the internet that this is possible using .htaccess file in the
> webapp directory.

You've read wrong :-)  '.htaccess' files are used with Apache httpd,
/not/ Apache Tomcat.

However, you can add headers via code in your JSPs, servlets, or
cover the whole app with a Filter.

HTH,
-- 
Hassan Schroeder  hassan.schroe...@gmail.com

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Compilation problem when i release tomcat 5.5.26 to tomcat 5.5.27

2009-01-07 Thread Caldarale, Charles R 
> From: Philippe Couas [mailto:pco...@infodev.fr]
> Subject: Compilation problem when i release tomcat 5.5.26 to
> tomcat 5.5.27
>
> /jsp/servlet24/supervisionv5.jsp(6,23) Attribute value
> request.getContextPath()+"/jsp/servlet24/supervisionv4.jsp" is quoted
> with " which must be escaped when used within the value

Read this:
https://issues.apache.org/bugzilla/show_bug.cgi?id=45015

The old behavior can be reinstated by setting the system property:
  org.apache.jasper.compiler.Parser.STRICT_QUOTE_ESCAPING
to false.  See:
http://tomcat.apache.org/tomcat-5.5-doc/config/systemprops.html

 - Chuck

P.S. Double-posting is annoying.


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

pb compilation on jsp param with tomcat 5.5.27

2009-01-07 Thread Philippe Couas 
Hi
 
I have change tomcat 5.5.26 to 5.5.27 and i have following compilation error
message
 
Code :
 
org.apache.jasper.JasperException: /jsp/servlet24/supervisionv2.jsp(180,35)
Attribute value
((servlet24.PosteBean)context.getPoste("**")).getCodePoste()+"_appletc"
is quoted with " which must be escaped when used within the value
 
org.apache.jasper.compiler.DefaultErrorHandler.jspError(DefaultErrorHandler.
java:40)
 
org.apache.jasper.compiler.ErrorDispatcher.dispatch(ErrorDispatcher.java:407
)
 
Line is

 
  " />
 
 
  Unable to load applet
 


Could you help me ?
 
Regards
Philippe

Re: Compilation problem when i release tomcat 5.5.26 to tomcat 5.5.27

2009-01-07 Thread Mark Hagger 
I had a similar problem when I switched to tomcat6, as a workaround I
ended up modifying my jsp to build the string outside of the <%=..%> bit
and insert it in one lump.

Ie changed something like


<%= "'" + otherthing + "'"%>

into

<%
String txt = "'" + otherthing + "'";
%>
<%= txt %>

which seemed to make it work again.  I couldn't really decide if this
was a tomcat bug or not and promptly forgot all about it really.

Mark


On Wed, 2009-01-07 at 17:40 +0100, Philippe Couas wrote:
> Hi,
>  
> I have replace tomcat 5.5.26 to tomcat 5.5.27 on same server with same JDK
> and same config.
> 
> 
> I have folowing error message
> jasper.JasperException: /jsp/servlet24/supervisionv5.jsp(6,23) Attribute
> value request.getContextPath()+"/jsp/servlet24/supervisionv4.jsp" is quoted
> with " which must be escaped when used within the value
> Code :
> 
> 
>  page="<%=request.getContextPath()+"/jsp/servlet24/supervisionv4.jsp"%>">
> " />
> " />
> 
>  %>" />
> " />
> " />
> " />
>  value="<%=request.getParameter("sectionspreffix") %>" />
> 
> 
> Problem is in line
>  page="<%=request.getContextPath()+"/jsp/servlet24/supervisionv4.jsp"%>">
> Why could i not make this now ?
>  
> Regards
> Philippe
> 
>  
> 
> 
> 
> This email has been scanned for all known viruses by the MessageLabs SkyScan 
> service.



This email has been scanned for all known viruses by the MessageLabs SkyScan 
service.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Compilation problem when i release tomcat 5.5.26 to tomcat 5.5.27

2009-01-07 Thread Philippe Couas 
Hi,
 
I have replace tomcat 5.5.26 to tomcat 5.5.27 on same server with same JDK
and same config.


I have folowing error message
jasper.JasperException: /jsp/servlet24/supervisionv5.jsp(6,23) Attribute
value request.getContextPath()+"/jsp/servlet24/supervisionv4.jsp" is quoted
with " which must be escaped when used within the value
Code :


">
" />
" />

" />
" />
" />
" />
" />


Problem is in line
">
Why could i not make this now ?
 
Regards
Philippe

Apache Tomcat 5.5.X End of Life

2009-01-07 Thread Chad Kellerman 
Tomcat Users,
Is there an expected End of Life date for Tomcat 5.5.x?  I couldn't find
anything on the apache site or google?


Thanks,
Chad

Re: Tomcat restart using code

2009-01-07 Thread Michael Rooz 
Hi Jan,
well - like I said I need to be able to refresh the ServerSocketFactory to
reflect an updated truststore.  I looked at the code and found a way to do
this but it is not documented and I don't want to take the risk of
experiencing undesirable side effects.  My only option at this point then,
is to restart Tomcat which will of course cause the ServerSocketFactory to
be initialized with an updated truststore.  I use self signed certificates
dp I can't have a single truststore CA do the job for me, rather the trust
store must be updated from time to time for each client wishing to connect.


I will need the restart to be automated preferable through an api or
alternatively using some sort of a restart batch file.
thanks for your input,
Mike
On Wed, Jan 7, 2009 at 6:03 PM, Kees Jan Koster  wrote:

> Dear Mike,
>
> Since I have not found a documented way of refreshing the
>> ServerSocketFactory (in order to reload the ssl trust store)
>> I would like to be able to perform a Tomcat Restart "from within" i.e.
>> restart Tomcat using java code inside the servlet.
>> Restarting the connector would also do the job for me.
>>
>
>
> There was some discussion about this subject on Java-monitor:
> http://java-monitor.com/forum/showthread.php?t=152
>
> You can use JMX to find the connector mbeans to restart them.
>
> I'm curious why you would want to do that, though?
> --
> Kees Jan
>
> http://java-monitor.com/forum/
> kjkos...@kjkoster.org
> 06-51838192
>
> The secret of success lies in the stability of the goal. -- Benjamin
> Disraeli
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>

Embedded.createConnector() problem

2009-01-07 Thread JimK 

My code was already working fine to create a secure connector on all
addresses on a port via:

   Embedded.createConnector((String)null, port, true);

and afterwards set the properites needed for the secure connector including
the cert file, etc:

   Connector.setproperty("keystore", filename);

We now need to use a different keystore on the same port for the localhost
address. I tried creating a connector for localhost on the same port using
the other cert file, but when i tried starting tomcat I got a 

java.net.BindException saying the port was already in use.

I presume thats because I already created a connector on ALL ports using
that same port.

So if that is why it failed, how can I go about doing this? I don't have a
list of all valid ip addresses to use in the first case, so I am trying to
find some way to define all but the localhost for the first case and just
localhost for the second case.
-- 
View this message in context: 
http://www.nabble.com/Embedded.createConnector%28%29-problem-tp21334557p21334557.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat restart using code

2009-01-07 Thread Kees Jan Koster 

Dear Mike,


Since I have not found a documented way of refreshing the
ServerSocketFactory (in order to reload the ssl trust store)
I would like to be able to perform a Tomcat Restart "from within" i.e.
restart Tomcat using java code inside the servlet.
Restarting the connector would also do the job for me.



There was some discussion about this subject on Java-monitor: 
http://java-monitor.com/forum/showthread.php?t=152

You can use JMX to find the connector mbeans to restart them.

I'm curious why you would want to do that, though?
--
Kees Jan

http://java-monitor.com/forum/
kjkos...@kjkoster.org
06-51838192

The secret of success lies in the stability of the goal. -- Benjamin  
Disraeli



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat ./shutdown

2009-01-07 Thread Gregor Schneider 
Sometime there's an even more simple solution to it: Some applications
just take ages when they're shut down.
Very nice example for this is Apache Roller. Shutting down Tomcat
without Roller goes instantly, shutting down Tomcat with Roller takes
up to 5 minutes.

So what happens if you shut down Tomcat *before* having your
lunchbreak - is it still alive when you return?

That's a serious question

Except from that: Any hints in the logs?

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat restart using code

2009-01-07 Thread Michael Rooz 
Hi,

Since I have not found a documented way of refreshing the
ServerSocketFactory (in order to reload the ssl trust store)
I would like to be able to perform a Tomcat Restart "from within" i.e.
restart Tomcat using java code inside the servlet.
Restarting the connector would also do the job for me.

I'd appreciate any help,

thanks,
Mike

RE: Tomcat ./shutdown

2009-01-07 Thread Caldarale, Charles R 
> From: l...@informatik.uni-hamburg.de
> [mailto:l...@informatik.uni-hamburg.de]
> Subject: Tomcat ./shutdown
>
> I use apache-tomcat-5.5.17 and sometimes when I call ./shutdown.sh,
> the java process which runs Tomcat still alive.

The usual cause of this is non-daemon threads improperly managed by a webapp.  
If such threads do exist, the JVM will not terminate until those threads do.  
Try using JConsole or jstack to examine the JVM instance when the shutdown 
fails to see what the remaining threads are doing.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat ./shutdown

2009-01-07 Thread Dennis Thrysøe 

On 7Jan, 2009, at 16:11, l...@informatik.uni-hamburg.de wrote:

Hello,

I use apache-tomcat-5.5.17 and sometimes when I call ./shutdown.sh,  
the java process which runs Tomcat still alive.


Because this java process is still alive, the next call ./startup.sh  
does not work. Thus, I have to kill this Java process first.


Could you please give me a hint how I avoid this problem?



I'm actually having trouble with this as well. It does look, however,  
like the tomcat process dies after a while in my case. But using  
"restart" (stop immediately followed by start) does not work though.


Is it possible to stop tomcat "synchronously" such that the "stop"  
invocation does not return before tomcat is entirely show down?


-dennis

--
Geysir IT
d...@geysirit.dk
http://geysirit.dk
+45 31 51 60 00


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat ./shutdown

2009-01-07 Thread Kees Jan Koster 

Dear Thinh,

I use apache-tomcat-5.5.17 and sometimes when I call ./shutdown.sh,  
the java process which runs Tomcat still alive.


Because this java process is still alive, the next call ./startup.sh  
does not work. Thus, I have to kill this Java process first.


Could you please give me a hint how I avoid this problem?



Here is some discussion on your issue: 
http://java-monitor.com/forum/showthread.php?t=83

Basically, kill -3 Tomcat as it hangs after you tried to shut it down.  
Then solve the problem that causes your Tomcat to hang.

--
Kees Jan

http://java-monitor.com/forum/
kjkos...@kjkoster.org
06-51838192

The secret of success lies in the stability of the goal. -- Benjamin  
Disraeli



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Tomcat ./shutdown

2009-01-07 Thread le 

Hello,

I use apache-tomcat-5.5.17 and sometimes when I call ./shutdown.sh,  
the java process which runs Tomcat still alive.


Because this java process is still alive, the next call ./startup.sh  
does not work. Thus, I have to kill this Java process first.


Could you please give me a hint how I avoid this problem?

Thank you.

Thinh

--







-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Delay / caching of resources?

2009-01-07 Thread Dennis Thrysøe 

On 7Jan, 2009, at 15:44, Caldarale, Charles R wrote:

From: Dennis Thrysøe [mailto:d...@geysirit.dk]
Subject: Re: Delay / caching of resources?

I have now found a potential explanation with the help of a good
debugger: StandardContext.setCacheTTL()


Who's calling that API?  The only internal calls I find in Tomcat  
simply propagate the value from one context to another.


That's what I was wondering. Some kind of reflective setting from the  
XML file I guess?



I am, however, unable to find any configuration that can be used to
control this caching?


Look at the cacheTTL and cachingAllowed attributes:
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html



Thanks guys. I bet that'll help. I'll try it out right away.

-dennis

--
Geysir IT
d...@geysirit.dk
http://geysirit.dk
+45 31 51 60 00


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Delay / caching of resources?

2009-01-07 Thread Caldarale, Charles R 
> From: Dennis Thrysøe [mailto:d...@geysirit.dk]
> Subject: Re: Delay / caching of resources?
>
> I have now found a potential explanation with the help of a good
> debugger: StandardContext.setCacheTTL()

Who's calling that API?  The only internal calls I find in Tomcat simply 
propagate the value from one context to another.

> I am, however, unable to find any configuration that can be used to
> control this caching?

Look at the cacheTTL and cachingAllowed attributes:
http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Delay / caching of resources?

2009-01-07 Thread Mark Thomas 
Dennis Thrysøe wrote:
> On 7Jan, 2009, at 10:40, Dennis Thrysøe wrote:
>> Hi,
>>
>> I have a tomcat 6 setup on linux (CentOS 5) and see some odd behaviour.
>>
>> There are some JSP's that include (in a custom tag with
>> pageContext.include()) static HTML resources that are in the webapp.
>>
>> However, when such HTML files are added or modified to the webapp
>> (exploded directory) it takes something like 5 or 10 seconds before
>> they can be served by tomcat.
>>
>> Direct access to the filesystem sees the new file but tomcat says that
>> the resource cannot be found. When modifying a HTML file tomcat keeps
>> serving the old version for some seconds.
>>
>> The same seems to be a problem for images which are added to the
>> webapp at runtime. These are requested directly (not included obviously).
>>
>> Changing the "modificationTestInterval" for the JSP servlet does not
>> seem to have effect. (And the HTML is not served by the JSP servlet
>> anyway, right?)
> 
> 
> I have now found a potential explanation with the help of a good
> debugger: StandardContext.setCacheTTL()
> 
> This method seems to be altering the TTL of the context cache
> (ProxyDirContext via BaseDirContext) that is used by DefaultServlet
> which is serving my HTML files )from the default 5 seconds).
> 
> I am, however, unable to find any configuration that can be used to
> control this caching? I am interested in getting the latest file version
> always.
> 
> Otherwise I might need to implement serving of static resources in a
> servlet myself?

http://tomcat.apache.org/tomcat-6.0-doc/config/context.html

Look for cachingAllowed

Mark

> 
> 
> Thanks,
> 
> -dennis
> 
> -- 
> Geysir IT
> d...@geysirit.dk
> http://geysirit.dk
> +45 31 51 60 00
> 
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Delay / caching of resources?

2009-01-07 Thread Dennis Thrysøe 

On 7Jan, 2009, at 10:40, Dennis Thrysøe wrote:

Hi,

I have a tomcat 6 setup on linux (CentOS 5) and see some odd  
behaviour.


There are some JSP's that include (in a custom tag with  
pageContext.include()) static HTML resources that are in the webapp.


However, when such HTML files are added or modified to the webapp  
(exploded directory) it takes something like 5 or 10 seconds before  
they can be served by tomcat.


Direct access to the filesystem sees the new file but tomcat says  
that the resource cannot be found. When modifying a HTML file tomcat  
keeps serving the old version for some seconds.


The same seems to be a problem for images which are added to the  
webapp at runtime. These are requested directly (not included  
obviously).


Changing the "modificationTestInterval" for the JSP servlet does not  
seem to have effect. (And the HTML is not served by the JSP servlet  
anyway, right?)



I have now found a potential explanation with the help of a good  
debugger: StandardContext.setCacheTTL()


This method seems to be altering the TTL of the context cache  
(ProxyDirContext via BaseDirContext) that is used by DefaultServlet  
which is serving my HTML files )from the default 5 seconds).


I am, however, unable to find any configuration that can be used to  
control this caching? I am interested in getting the latest file  
version always.


Otherwise I might need to implement serving of static resources in a  
servlet myself?



Thanks,

-dennis

--
Geysir IT
d...@geysirit.dk
http://geysirit.dk
+45 31 51 60 00


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

mod_headers and .htaccess for P3P policy

2009-01-07 Thread Sergio Arrighi 

Hello to everyone,

I'm using apache 6 on a Windows server machine.
I'm hosting a webapplication which is used in a third party web site 
included in an IFRAME.
I've an issue with IE6 an IE7 about session replication. I've read on 
the internet that this issue is dued to P3P policies and that it's 
sufficient to add a clause to the header like this:



Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR 
BUS\""
# OR THIS, SIMPLER
Header set P3P "policyref=\"/w3c/p3p.xml\""


I've read on the internet that this is possible using .htaccess file in the 
webapp directory.
I've tried with no success.
Could someone please explain this procedure to me??

Thanks a lot

Sergio Arrighi

--
*I.M.I.N. Holding s.r.l.*
Sergio Arrighi
sergio.arri...@iminholding.com 
Cell. 3455805121

Vicolo Molino, 2
21052 Busto Arsizio
Varese
Tel. +39 0331324679
Fax. +39 0331324678
www.iminholding.com


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: j_security_check with https

2009-01-07 Thread Pid 
Justin Randall wrote:
> Hello,
> 
> I'm not going to bother responding to the many posts that said the solution I 
> mentioned was wrong, instead I'll just provide the example of how to do it, 
> since it works.
> 
> 
> 
> . lines removed .
> 
> package blah;
> 
> . lines removed .
> 
> public final class SomeFilterClass implements Filter {
> 
> . lines removed .
> 
> public void doFilter(ServletRequest request, ServletResponse response, 
> FilterChain filterChain) throws IOException, ServletException {
> HttpServletRequest req = (HttpServletRequest) request;
> HttpServletResponse rsp = (HttpServletResponse) response;
> rsp.sendRedirect(req.getRequestURI());
> filterChain.doFilter(request, response);
> }
> 
> . lines removed .
> 
> }
> =
> 
> And below is what the web.xml looks like:
> 
> =
> 
>  lines removed .
> 
>   
>   SomeFilterClass
>   blah.SomeFilterClass
>   
>   
>   SomeFilterClass
>   /ssl/*
>   FORWARD
>   INCLUDE
>   ERROR
>   
> 
> . lines removed .
> 
>   
>   
>   RequiresLogin
>   /html/*
>   
>   
>   somerole
>   
>   
>   
>   
>   
>   RequiresSSL
>   /ssl/*
>   
>   
>   CONFIDENTIAL
>   
>   
>   
>   
>   somerole
>   
>   
>   
>   FORM
>   
>   /ssl/login.jsp
>   /ssl/login-error.jsp
>   
>   
> 
> . lines removed .
> 
> =
> 
> Of course you'll need to change the login/security constraint URLs and role 
> name to match those in your environment.
> 
> For anyone who stated the earlier statements were incorrect, I encourage you 
> to provide another "better" working example.  This one works for me and is 
> used by other industry professionals.

Your example is mostly correct, in that you have the transport guarantee
in place for a given path which will force a redirect to the configured
HTTPS port; it's just that the additional filter is surplus.

Thus the first example I gave would seem to be an improvement.

It is also used by 'industry professionals' and works perfectly well for me.

Am happy to be corrected if I'm wrong.


p



> Regards,
> 
> Justin
> 
> Here is an example:
> 
>> Date: Wed, 7 Jan 2009 09:35:33 +0100
>> From: rc4...@googlemail.com
>> To: users@tomcat.apache.org
>> Subject: Re: j_security_check with https
>>
>> Hi Justin,
>>
>> On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall  wrote:
>>> Create a Filter subclass with the sole purpose of having its "doFilter" 
>>> method call "sendRedirect" on the HttpServletResponse object.  Map this 
>>> Filter to the same URL pattern you use for SSL and make sure to use the 
>>>  tags for FORWARD, INCLUDE, ERROR, and whatever other 
>>> RequestDispatcher operations you want to ensure use SSL.
>>>
>> You've got any example using this solution?
>>
>> Gregor
>> -- 
>> just because your paranoid, doesn't mean they're not after you...
>> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
>> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
>>
>> -
>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>> For additional commands, e-mail: users-h...@tomcat.apache.org
>>
> 
> _
> Keep in touch and up to date with friends and family. Make the connection now.
> http://www.microsoft.com/windows/windowslive/


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: j_security_check with https

2009-01-07 Thread Justin Randall 

Hello,

I'm not going to bother responding to the many posts that said the solution I 
mentioned was wrong, instead I'll just provide the example of how to do it, 
since it works.



. lines removed .

package blah;

. lines removed .

public final class SomeFilterClass implements Filter {

. lines removed .

public void doFilter(ServletRequest request, ServletResponse response, 
FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse rsp = (HttpServletResponse) response;
rsp.sendRedirect(req.getRequestURI());
filterChain.doFilter(request, response);
}

. lines removed .

}
=

And below is what the web.xml looks like:

=

 lines removed .

  
  SomeFilterClass
  blah.SomeFilterClass
  
  
  SomeFilterClass
  /ssl/*
  FORWARD
  INCLUDE
  ERROR
  

. lines removed .

  
  
  RequiresLogin
  /html/*
  
  
  somerole
  
  
  
  
  
  RequiresSSL
  /ssl/*
  
  
  CONFIDENTIAL
  
  
  
  
  somerole
  
  
  
  FORM
  
  /ssl/login.jsp
  /ssl/login-error.jsp
  
  

. lines removed .

=

Of course you'll need to change the login/security constraint URLs and role 
name to match those in your environment.

For anyone who stated the earlier statements were incorrect, I encourage you to 
provide another "better" working example.  This one works for me and is used by 
other industry professionals.

Regards,

Justin

Here is an example:

> Date: Wed, 7 Jan 2009 09:35:33 +0100
> From: rc4...@googlemail.com
> To: users@tomcat.apache.org
> Subject: Re: j_security_check with https
> 
> Hi Justin,
> 
> On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall  wrote:
> >
> > Create a Filter subclass with the sole purpose of having its "doFilter" 
> > method call "sendRedirect" on the HttpServletResponse object.  Map this 
> > Filter to the same URL pattern you use for SSL and make sure to use the 
> >  tags for FORWARD, INCLUDE, ERROR, and whatever other 
> > RequestDispatcher operations you want to ensure use SSL.
> >
> 
> You've got any example using this solution?
> 
> Gregor
> -- 
> just because your paranoid, doesn't mean they're not after you...
> gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
> gpgp-key available @ http://pgpkeys.pca.dfn.de:11371
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 

_
Keep in touch and up to date with friends and family. Make the connection now.
http://www.microsoft.com/windows/windowslive/

Tomcat 6 and log4j

2009-01-07 Thread Gregor Schneider 
Dear all,

actually I like Tomcat. I like the Apache Group. Most docs are quite useful.

However, things are changing slightly since I'm trying to implement
log4j with Tomcat 6.

I've got it nicely running on my boxes running Tomcat 5.5, btw.

I started taking a look at the docs at
http://tomcat.apache.org/tomcat-6.0-doc/logging.html. Well, I don't
care about typos and such, but I'm caring about docs which are
understandable and at least have a working example.

I stumbled across the following statements:

= [ snip ] ==

# Build the commons-logging additional component using the extras.xml
Ant build script which is part of the Tomcat source bundle.
# Replace $CATALINA_HOME/bin/tomcat-juli.jar with output/extras/tomcat-juli.jar.

= [ snap ] ==

WTF?? To my understanding, it looked as if there's no
"comons.logging" in the directory, but it got some new name
("tomcat-juli.jar").

Ok, since sometimes I try to be a nice guy, I usually stick to the
docs. So I downloaded the Tomcat 6 source, started the build-script
"extras.xml", which was about to build "tomcat-juli.jar". But what's
that? It  tries to download commons-logging?!?!

Needles to say that the ant-build-job didn''t work since I'm behind a
firewall and the download fails.

So before I start to analyze that build-script in detail:

Ain't it just enough to copy "commons-logging-1.1.jar" do
${CATALINA_HOME}/lib, and that's it?

And one suggestion:

Why make it so difficult and have the user to do the build? Why not
put the appropriate jars for download on the Tomcat website? Or did I
miss them?

Any suggestions appreciated...

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: j_security_check with https

2009-01-07 Thread Pid 
Pid wrote:
> Justin Randall wrote:
>> Howdy,
>>
>> First, to clear an incorrect point made...
>>
>> There is a point of switching back to HTTP after HTTPS.  From a server load 
>> perspective having to perform SSL computations for every single HTTP request 
>> can be a serious performance bottleneck.  As for the security aspect, 
>> transmission of the username/password should be done over HTTPS, as this is 
>> considered "private/confidential" data and can be used to establish future 
>> authenticated sessions, however unless you are in a location where 
>> eavesdropping attacks are a risk, there is no need for encryption as the 
>> session ID is either a hashed string in a cookie, or the servlet is making 
>> use of URL re-writing, both of which are only "temporary passes" until the 
>> HttpSession has been invalidated.
>>
>> Second, to answer the question regarding actions redirect to HTTP...
>>
>> The reason the redirects are not going to HTTPS is because of the 
>> RequestDispatcher.  When Tomcat sees that you are trying to access a 
>> resource for which login is required, it FOWARDs the request to the login 
>> form.  The security constraints defined in web.xml are for when requests are 
>> made directly for those resources.  What this means is that your 
>> configuration to make sure that the login pages use SSL only come into 
>> affect when the browser requests them directly.  Requests that have been 
>> FORWARDed by the RequestDispatcher totally bypass the SSL constraints.
> 
> False: the built-in login mechanism occurs below the level of the
> Servlet Spec compliant part of the code, in the Valve processing chain
> (@see org.apache.catalina.authenticator.FormAuthenticator).
> 
> A correctly configured FORM auth, with transport-guarantee ==
> CONFIDENTIAL *will* pre-emptively redirect the connection to the
> specified secure port, thus ensuring that the username and password is
> sent over an HTTPS connection.
> 
> In order for this to work, you need to have a correctly configured
> web.xml, two connectors working including one on SSL and the correct
> HTML on the form login page.
> 
> OP, please provide: the relevant bit of your web.xml, your connector
> config definitions and the HTML contents of the form on your login page.
> 
> 
> We should be asking the OP for configuration details instead of
> inventing technical solutions for something that should already work.
> 
> 
>> What is the solution?
>>
>> Create a Filter subclass with the sole purpose of having its "doFilter" 
>> method call "sendRedirect" on the HttpServletResponse object.  Map this 
>> Filter to the same URL pattern you use for SSL and make sure to use the 
>>  tags for FORWARD, INCLUDE, ERROR, and whatever other 
>> RequestDispatcher operations you want to ensure use SSL.
> 
> False: this is spurious.
> 
> Because the Valve operations occur below the level of Filter processing,
> the dispatchers are not called when the FormAuthenticator determines
> that the login page needs to be displayed.  If you're using the same URL
> pattern then the Valve operation will occur *before* the Filter
> operation, thus rendering the Filter useless until *after* the login
> completes.
> 
> If the correct operation was to engage SSL *after* the login page had
> been displayed there would be something horribly wrong with the spec or
> implementation, and we'd all be moaning about it.
> 
> 
> 
> I think the point re: going back to HTTP (after HTTPS) has already been
> addressed, but I'd add the following: in many cases the computation
> required to provide SSL is actually insignificant compared to the sum of
> other operations required to display the contents of the page.
> 
> It might be inconvenient to correctly configure, especially if it means
> securing all other sources of displayed content, (e.g. static or cached
> content), but if you want a secure site you've got to lock it down, from
> top to bottom.

In fact, in regard to the email example: I think I'd rather my email was
private actually, when I consider how many passwords/resets I get...

p



> p
> 
> 
>> Hope this helps.
>>
>> Justin
>>
>>> Date: Tue, 6 Jan 2009 19:01:24 -0200
>>> From: diegogus...@gmail.com
>>> To: users@tomcat.apache.org
>>> Subject: Re: j_security_check with https
>>>
>>> this didnt work
>>>
>>> 
>>>
>>> 
>>> 
>>> Usuario  
>>> /login/*
>>> POST
>>> GET  
>>>
>>> 
>>> 
>>> 
>>> CONFIDENTIAL
>>> 
>>>
>>> 
>>>
>>> if i try /login/login.jsp  work, but when i try an action and
>>> has restrict access, and havent user logged, tomcat redirect to login
>>> page with http !!!
>>>
>>> 2009/1/6 Caldarale, Charles R :
> From: Diego Armando Gusava [mailto:diegogus...@gmail.com]
> Subject: Re: j_security_check with https
>
> when u login, your username and pa

Re: j_security_check with https

2009-01-07 Thread Pid 
Justin Randall wrote:
> Howdy,
> 
> First, to clear an incorrect point made...
> 
> There is a point of switching back to HTTP after HTTPS.  From a server load 
> perspective having to perform SSL computations for every single HTTP request 
> can be a serious performance bottleneck.  As for the security aspect, 
> transmission of the username/password should be done over HTTPS, as this is 
> considered "private/confidential" data and can be used to establish future 
> authenticated sessions, however unless you are in a location where 
> eavesdropping attacks are a risk, there is no need for encryption as the 
> session ID is either a hashed string in a cookie, or the servlet is making 
> use of URL re-writing, both of which are only "temporary passes" until the 
> HttpSession has been invalidated.
> 
> Second, to answer the question regarding actions redirect to HTTP...
> 
> The reason the redirects are not going to HTTPS is because of the 
> RequestDispatcher.  When Tomcat sees that you are trying to access a resource 
> for which login is required, it FOWARDs the request to the login form.  The 
> security constraints defined in web.xml are for when requests are made 
> directly for those resources.  What this means is that your configuration to 
> make sure that the login pages use SSL only come into affect when the browser 
> requests them directly.  Requests that have been FORWARDed by the 
> RequestDispatcher totally bypass the SSL constraints.

False: the built-in login mechanism occurs below the level of the
Servlet Spec compliant part of the code, in the Valve processing chain
(@see org.apache.catalina.authenticator.FormAuthenticator).

A correctly configured FORM auth, with transport-guarantee ==
CONFIDENTIAL *will* pre-emptively redirect the connection to the
specified secure port, thus ensuring that the username and password is
sent over an HTTPS connection.

In order for this to work, you need to have a correctly configured
web.xml, two connectors working including one on SSL and the correct
HTML on the form login page.

OP, please provide: the relevant bit of your web.xml, your connector
config definitions and the HTML contents of the form on your login page.


We should be asking the OP for configuration details instead of
inventing technical solutions for something that should already work.


> What is the solution?
> 
> Create a Filter subclass with the sole purpose of having its "doFilter" 
> method call "sendRedirect" on the HttpServletResponse object.  Map this 
> Filter to the same URL pattern you use for SSL and make sure to use the 
>  tags for FORWARD, INCLUDE, ERROR, and whatever other 
> RequestDispatcher operations you want to ensure use SSL.

False: this is spurious.

Because the Valve operations occur below the level of Filter processing,
the dispatchers are not called when the FormAuthenticator determines
that the login page needs to be displayed.  If you're using the same URL
pattern then the Valve operation will occur *before* the Filter
operation, thus rendering the Filter useless until *after* the login
completes.

If the correct operation was to engage SSL *after* the login page had
been displayed there would be something horribly wrong with the spec or
implementation, and we'd all be moaning about it.



I think the point re: going back to HTTP (after HTTPS) has already been
addressed, but I'd add the following: in many cases the computation
required to provide SSL is actually insignificant compared to the sum of
other operations required to display the contents of the page.

It might be inconvenient to correctly configure, especially if it means
securing all other sources of displayed content, (e.g. static or cached
content), but if you want a secure site you've got to lock it down, from
top to bottom.

p


> Hope this helps.
> 
> Justin
> 
>> Date: Tue, 6 Jan 2009 19:01:24 -0200
>> From: diegogus...@gmail.com
>> To: users@tomcat.apache.org
>> Subject: Re: j_security_check with https
>>
>> this didnt work
>>
>> 
>>
>>  
>>  
>>  Usuario  
>>  /login/*
>>  POST
>>  GET  
>>
>>  
>>  
>>  
>> CONFIDENTIAL
>>  
>>
>>  
>>
>> if i try /login/login.jsp  work, but when i try an action and
>> has restrict access, and havent user logged, tomcat redirect to login
>> page with http !!!
>>
>> 2009/1/6 Caldarale, Charles R :
 From: Diego Armando Gusava [mailto:diegogus...@gmail.com]
 Subject: Re: j_security_check with https

 when u login, your username and password will be transport https, but
 after that, you are in http! u dont need https because, you are only
 reading messages(emails)
>>> And what does that have to do with the behavior of a servlet container?
>>>
>>>  - Chuck
>>>
>>>
>>> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRI

Re: Delay / caching of resources?

2009-01-07 Thread Dennis Thrysøe 

On 7Jan, 2009, at 10:45, Peter Crowther wrote:

From: Dennis Thrysøe [mailto:d...@geysirit.dk]
However, when such HTML files are added or modified to the webapp
(exploded directory) it takes something like 5 or 10 seconds before
they can be served by tomcat.


A wild stab in the dark based on something that happened to me...

How are you adding the files to the webapp?  In particular, are you  
referencing the folder via a network file system, and if so is there  
any clock skew between the server and the machine from which you're  
adding the files?  This can cause odd timestamps on the new files,  
which may in turn lead to some applications not using them correctly  
if the timestamps are "in the future" as far as the server's  
concerned.


No, the webapp is local and the modifications (new files and/or  
altered content) actually come from a servlet in the same tomcat  
context.


If you're adding the files on the same machine, this doesn't apply  
and I'll crawl back under my rock ;-).


Thanks anyway :)


-dennis

--
Geysir IT
d...@geysirit.dk
http://geysirit.dk
+45 31 51 60 00


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Delay / caching of resources?

2009-01-07 Thread Peter Crowther 
> From: Dennis Thrysøe [mailto:d...@geysirit.dk]
> However, when such HTML files are added or modified to the webapp
> (exploded directory) it takes something like 5 or 10 seconds before
> they can be served by tomcat.

A wild stab in the dark based on something that happened to me...

How are you adding the files to the webapp?  In particular, are you referencing 
the folder via a network file system, and if so is there any clock skew between 
the server and the machine from which you're adding the files?  This can cause 
odd timestamps on the new files, which may in turn lead to some applications 
not using them correctly if the timestamps are "in the future" as far as the 
server's concerned.

If you're adding the files on the same machine, this doesn't apply and I'll 
crawl back under my rock ;-).

- Peter

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Delay / caching of resources?

2009-01-07 Thread Dennis Thrysøe 

Hi,

I have a tomcat 6 setup on linux (CentOS 5) and see some odd behaviour.

There are some JSP's that include (in a custom tag with  
pageContext.include()) static HTML resources that are in the webapp.


However, when such HTML files are added or modified to the webapp  
(exploded directory) it takes something like 5 or 10 seconds before  
they can be served by tomcat.


Direct access to the filesystem sees the new file but tomcat says that  
the resource cannot be found. When modifying a HTML file tomcat keeps  
serving the old version for some seconds.


The same seems to be a problem for images which are added to the  
webapp at runtime. These are requested directly (not included  
obviously).


Changing the "modificationTestInterval" for the JSP servlet does not  
seem to have effect. (And the HTML is not served by the JSP servlet  
anyway, right?)


Any good suggesions to what's going on? Are there any obious features  
or problems in tomcat that could cause this?


Any good suggestions for how to debug the problem further?


Thanks,

-dennis


--
Geysir IT
d...@geysirit.dk
http://geysirit.dk
+45 31 51 60 00


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: j_security_check with https

2009-01-07 Thread Gregor Schneider 
Hi Justin,

On Wed, Jan 7, 2009 at 4:13 AM, Justin Randall  wrote:
>
> Create a Filter subclass with the sole purpose of having its "doFilter" 
> method call "sendRedirect" on the HttpServletResponse object.  Map this 
> Filter to the same URL pattern you use for SSL and make sure to use the 
>  tags for FORWARD, INCLUDE, ERROR, and whatever other 
> RequestDispatcher operations you want to ensure use SSL.
>

You've got any example using this solution?

Gregor
-- 
just because your paranoid, doesn't mean they're not after you...
gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2
gpgp-key available @ http://pgpkeys.pca.dfn.de:11371

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org