Re: Caching rendered page - reducing hits to the backend?
Have you already measured the performance of your application and determined that caching the rendered pages is the appropriate thing to do - ie how have you determined that database access is the bottleneck? If not, caching page content may just hide a multitude of performance related sins. JPA's built-in caching may already provide enough in the way of performance improvements to make an additional caching layer pointless. Is the database on a different machine or the same one and are you clustering Tomcat? You're probably worrying unnecessarily. p Markus Stauffer wrote: like this: http://www.opensymphony.com/oscache/ ? Am 30.05.2009 um 21:51 schrieb Andre-John Mas: Hi, Much of the content on the site which I am in the process will be semi-static, and I want to be able to cache the rendered pages to reduce database hits. To explain: A given page will depend on dynamic data that is stored in the database, but that data is updated about once a month. The only true dynamic information will be the header where the user login state is shown. There will likely be a few million entries in this database and we are planning to support high traffic. The pages can be localised. The page is going to be queried as such: http://myhost.com/myapp.action?id=12345678 Although I am using a direct JPA access, we might change to use web services in the future. Am I worrying unecessarily? At the same time are there recommended approaches. I am currently using struts2 and JPA for the web site, if it makes a difference. André-John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Caching rendered page - reducing hits to the backend?
On 2-Jun-2009, at 04:37, Pid wrote: Have you already measured the performance of your application and determined that caching the rendered pages is the appropriate thing to do - ie how have you determined that database access is the bottleneck? If not, caching page content may just hide a multitude of performance related sins. JPA's built-in caching may already provide enough in the way of performance improvements to make an additional caching layer pointless. Is the database on a different machine or the same one and are you clustering Tomcat? You're probably worrying unnecessarily. I think I may end up simply ensuring that the database has enough memory and slowly evaluate where the bottle necks are. What I will do at the same time is have a number of points to watch out for, with possible solutions. I will also make sure that the last results for the search are cached in the user session. André-John - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Caching rendered page - reducing hits to the backend?
From: Andre-John Mas [mailto:aj...@sympatico.ca] I think I may end up simply ensuring that the database has enough memory and slowly evaluate where the bottle necks are. It's often the best approach. You can spend a lot of time optimising places that turn out not to be the bottleneck. You can also spend a lot of time testing a new app, only to find out that the real usage patterns aren't like that at all and you suddenly need to optimise one operation that you never thought would be used heavily! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Problems retrieving client certificates with mod_jk
Hi. I'm using client certificates in certain parts of my webapp. When I was using mod_proxy_ajp I could retrieve the client certificates from a request attribute: request.getAttribute(javax.servlet.request.X509Certificate); But now I've switched to mod_jk and I always get null. This is my current config in Apache 2.2: ## LoadModule jk_module modules/mod_jk.so JkWorkersFile workers.properties JkShmFile logs/mod_jk.shm JkLogFile logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardSSLCertChain VirtualHost _default_:8443 JkMount /WSindex worker1 JkMount /WSindex/* worker1 SSLVerifyClient require SSLVerifyDepth 10 # More irrelevant SSL configuration... /VirtualHost ## In Tomcat 5.5.26: ## Connector port=8009 enableLookups=false protocol=AJP/1.3 URIEncoding=UTF-8 connectionTimeout=60 / ## workers.properties: ## worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.connection_pool_timeout=600 worker.worker1.socket_timeout=60 worker.worker1.socket_keepalive=1 ## Any idea? Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems retrieving client certificates with mod_jk
OK, problem solved. I added SSLOptions +ExportCertData and now it's working again. Regards, Diego Diego Manilla Suárez escribió: Hi. I'm using client certificates in certain parts of my webapp. When I was using mod_proxy_ajp I could retrieve the client certificates from a request attribute: request.getAttribute(javax.servlet.request.X509Certificate); But now I've switched to mod_jk and I always get null. This is my current config in Apache 2.2: ## LoadModule jk_module modules/mod_jk.so JkWorkersFile workers.properties JkShmFile logs/mod_jk.shm JkLogFile logs/mod_jk.log JkLogLevel info JkLogStampFormat [%a %b %d %H:%M:%S %Y] JkOptions +ForwardSSLCertChain VirtualHost _default_:8443 JkMount /WSindex worker1 JkMount /WSindex/* worker1 SSLVerifyClient require SSLVerifyDepth 10 # More irrelevant SSL configuration... /VirtualHost ## In Tomcat 5.5.26: ## Connector port=8009 enableLookups=false protocol=AJP/1.3 URIEncoding=UTF-8 connectionTimeout=60 / ## workers.properties: ## worker.list=worker1 worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8009 worker.worker1.connection_pool_timeout=600 worker.worker1.socket_timeout=60 worker.worker1.socket_keepalive=1 ## Any idea? Thanks in advance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Which listeners required in server.xml?
Bill Barker wrote: !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / This looks like it is left over from the admin webapp (RIP). It doesn't look like it does anything particularly useful anymore, but again the warning about weird errors. There is almost certainly some code in there that is now redundant. However, this listener is currently where we make sure all of the mbeans are destroyed when a server stops. Only an issue when embedding and starting/stopping the server. So, scope for clean-up but at least some code needs to remain here or elsewhere. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Query timeout in dbcp
Hi Martin Chris, Thing i actually need is, if a query executed from web application then it shold not execute more then 22mins. If it execute more then that means query shold be cancelled from postgres and java should get exception on this event. Is it possible? Thanks, Arvind S * Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison* On Tue, Jun 2, 2009 at 2:40 AM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Arvind, On 6/1/2009 3:26 PM, S Arvind wrote: Is there any possibility to mention max time a query can execute from DBCP side? What do you want to happen after the timeout? The connection execute* method throws an exception? That is going to be very database-specific. Martin's response about using removeAbandoned=true is not going to help: this will only remove the connection from the connection pool... it won't interfere with its operation in any way. Is there some kind of query you can execute on the client side that will modify the connection properties? You could make that the validationQuery for your connection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkokQ78ACgkQ9CaO5/Lv0PD8zgCgsdVaJGsaFkz50mO0nkip/uJb a3IAnA0W6Unug48rmCs94SYa6L5OkGEy =1LuH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Update server.xml without restart?
Hi, is it possible to update server.xml with out restart? thanks, Lars - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Update server.xml without restart?
From: Lars Nielsen Lind [mailto:lan...@tidtilforandring.dk] is it possible to update server.xml with out restart? You can edit the file, but Tomcat will not notice the new configuration until you restart Tomcat. What do you want to do? There may be other ways to achieve your goal. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Query timeout in dbcp
S Arvind wrote: Hi Martin Chris, Thing i actually need is, if a query executed from web application then it shold not execute more then 22mins. If it execute more then that means query shold be cancelled from postgres and java should get exception on this event. Is it possible? If a) your database supports it, b) your JDBC driver supports it and c) it can be configured in the connection string then yes. The other option is that you might be able to set it on the connection. That is a little trickier but not impossible. Get it working with a non-pooled connection, show us the code and we can tell you how to get it working with DBCP. Mark Thanks, Arvind S * Many of lifes failure are people who did not realize how close they were to success when they gave up. -Thomas Edison* On Tue, Jun 2, 2009 at 2:40 AM, Christopher Schultz ch...@christopherschultz.net wrote: Arvind, On 6/1/2009 3:26 PM, S Arvind wrote: Is there any possibility to mention max time a query can execute from DBCP side? What do you want to happen after the timeout? The connection execute* method throws an exception? That is going to be very database-specific. Martin's response about using removeAbandoned=true is not going to help: this will only remove the connection from the connection pool... it won't interfere with its operation in any way. Is there some kind of query you can execute on the client side that will modify the connection properties? You could make that the validationQuery for your connection. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Which Do I SSL - httpd or Tomcat?
Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Unless you need secure communication between httpd and Tomcat (rare), keep the Tomcat comms unsecured and add SSL only to httpd. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? Thank You From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 9:15 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Which Do I SSL - httpd or Tomcat?
Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? It depends, is your tomcat accessible directly instead of through httpd? HTH Regards, Serge Fonville - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? SSL between httpd and Tomcat will protect the channel between httpd and Tomcat from eavesdropping and some tampering. How likely is someone to be able to intercept and/or tamper with the communication between your httpd and your Tomcat servers? If it's unlikely (for example, because the httpd = Tomcat communication is via a LAN that you reckon is secure enough), you probably have better targets for your security effort. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Newbie question: How to test if Tomcat is running?
Dear users, I have installed tomcat on a Debian Etch-System via apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps and started it with /etc/init.d/tomcat start Now I would like to test if it runs on my remote server, but if I type: http://www.myhomepage.de:8180 nothing at all appears? Is this the normal way? Shall I change some entries (and if so, whre?)? Thank you very much, Kai -- View this message in context: http://www.nabble.com/Newbie-question%3A-How-to-test-if-Tomcat-is-running--tp23832841p23832841.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
if your tomcats are accessible from out side world then, you have to add ssl on Tomcats as well otherwise its ok and there should be some security (e.g Firewall) on the network level, thanks. Best Regards, Zeeshan Ahmad. Associate Manager SCM. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:25 PM To: Tomcat Users List Subject: RE: Which Do I SSL - httpd or Tomcat? Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? Thank You From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 9:15 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie question: How to test if Tomcat is running?
From: Kai Behncke [mailto:kai-behn...@gmx.de] I have installed tomcat on a Debian Etch-System via apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps and started it with /etc/init.d/tomcat start Now I would like to test if it runs on my remote server, but if I type: http://www.myhomepage.de:8180 nothing at all appears? Unless Debian changes Tomcat's configuration a lot, the default port is port 8080, not 8180. Try that? - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Which Do I SSL - httpd or Tomcat?
All Well ... I believe I have my answer. Thank you all very much for reading and replying. Have a good day From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 10:05 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? if your tomcats are accessible from out side world then, you have to add ssl on Tomcats as well otherwise its ok and there should be some security (e.g Firewall) on the network level, thanks. Best Regards, Zeeshan Ahmad. Associate Manager SCM. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:25 PM To: Tomcat Users List Subject: RE: Which Do I SSL - httpd or Tomcat? Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? Thank You From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 9:15 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Newbie question: How to test if Tomcat is running?
Peter Crowther: From: Kai Behncke [mailto:kai-behn...@gmx.de] I have installed tomcat on a Debian Etch-System via http://www.myhomepage.de:8180 nothing at all appears? Unless Debian changes Tomcat's configuration a lot, the default port is port 8080, not 8180. Try that? IIRC Debian does change the port in Tomcat's default configuration (I'm not sure if anyone knows why, though). -- Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie question: How to test if Tomcat is running?
test locally e.g. http://localhost:PORT port attribute defined in http connector in server.xml please display $TOMCAT_HOME/conf/server.xml viel gluck, Martin __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Tue, 2 Jun 2009 06:46:48 -0700 From: kai-behn...@gmx.de To: users@tomcat.apache.org Subject: Newbie question: How to test if Tomcat is running? Dear users, I have installed tomcat on a Debian Etch-System via apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps and started it with /etc/init.d/tomcat start Now I would like to test if it runs on my remote server, but if I type: http://www.myhomepage.de:8180 nothing at all appears? Is this the normal way? Shall I change some entries (and if so, whre?)? Thank you very much, Kai -- View this message in context: http://www.nabble.com/Newbie-question%3A-How-to-test-if-Tomcat-is-running--tp23832841p23832841.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Windows Live™: Keep your life in sync. http://windowslive.com/explore?ocid=TXT_TAGLM_WL_BR_life_in_synch_062009
RE: Which Do I SSL - httpd or Tomcat?
Brian if you're running TC standalone (without Apache or any other webserver FE) an excellent tutorial on implementing SSL in TC available to read at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Q:does outside world assume outside the uk? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: brian.als...@baesystems.com To: users@tomcat.apache.org Date: Tue, 2 Jun 2009 10:15:47 -0400 Subject: RE: Which Do I SSL - httpd or Tomcat? All Well ... I believe I have my answer. Thank you all very much for reading and replying. Have a good day From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 10:05 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? if your tomcats are accessible from out side world then, you have to add ssl on Tomcats as well otherwise its ok and there should be some security (e.g Firewall) on the network level, thanks. Best Regards, Zeeshan Ahmad. Associate Manager SCM. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:25 PM To: Tomcat Users List Subject: RE: Which Do I SSL - httpd or Tomcat? Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? Thank You From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 9:15 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290
RE: Which Do I SSL - httpd or Tomcat?
What I have is 3 virtual servers (VMWare - Windows Server 2003). One server has Apache httpd v2.2.11 and two other servers running Apache Tomcat v6.0.18. The Tomcat servers are independently accessible from outside of the httpd server; so, I assume that I will need to place SSL on all three servers. From: Martin Gainty [mgai...@hotmail.com] Sent: Tuesday, June 02, 2009 10:27 AM To: Tomcat Users List Subject: RE: Which Do I SSL - httpd or Tomcat? Brian if you're running TC standalone (without Apache or any other webserver FE) an excellent tutorial on implementing SSL in TC available to read at http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Q:does outside world assume outside the uk? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: brian.als...@baesystems.com To: users@tomcat.apache.org Date: Tue, 2 Jun 2009 10:15:47 -0400 Subject: RE: Which Do I SSL - httpd or Tomcat? All Well ... I believe I have my answer. Thank you all very much for reading and replying. Have a good day From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 10:05 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? if your tomcats are accessible from out side world then, you have to add ssl on Tomcats as well otherwise its ok and there should be some security (e.g Firewall) on the network level, thanks. Best Regards, Zeeshan Ahmad. Associate Manager SCM. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:25 PM To: Tomcat Users List Subject: RE: Which Do I SSL - httpd or Tomcat? Hi, Thank you for reading and replying. Can I assume from your reply that if I am not on a secure LAN that I should SSL httpd and both Tomcat servers? Thank You From: Zeeshan Ahmad [zah...@i2cinc.com] Sent: Tuesday, June 02, 2009 9:15 AM To: 'Tomcat Users List' Subject: RE: Which Do I SSL - httpd or Tomcat? Hello, If your web and application servers are on a secure LAN then this would be better technique if you will add SSL on httpd rather then on all of them, your communication will be over ssl from the client to web server and vice versa. Best Regards, Zeeshan Ahmad. P Save a tree...pls don't print this e-mail unless necessary -Original Message- From: Alston, Brian (US SSA) [mailto:brian.als...@baesystems.com] Sent: Tuesday, June 02, 2009 7:03 PM To: users@tomcat.apache.org Subject: Which Do I SSL - httpd or Tomcat? Hello All I have a clustered/load-balanced Apache httpd and Tomcat setup. I have one httpd front end that load balances for two Tomcat back ends. I now want to add SSL to the mix but I am confused. Do I add the SSL to the httpd server, to the two Tomcat servers, or to all of them? Thank you for reading. Have a good day - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands,
Re: Newbie question: How to test if Tomcat is running?
On Tue, Jun 2, 2009 at 8:46 AM, Kai Behncke kai-behn...@gmx.de wrote: Dear users, I have installed tomcat on a Debian Etch-System via apt-get install tomcat5.5 tomcat5.5-admin tomcat5.5-webapps and started it with /etc/init.d/tomcat start Now I would like to test if it runs on my remote server, but if I type: http://www.myhomepage.de:8180 nothing at all appears? Is this the normal way? Shall I change some entries (and if so, whre?)? Make sure you know which ports it's using: apt-get install lsof lsof -ni | egrep 'tomcat|java' Hope this helps! -- will trillich Tis the set of the sails / And not the gales / That tells the way we go. -- Ella Wheeler Wilcox - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to do with response.sendError() after the ServletOutputStream is established?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 流水音, On 6/1/2009 1:55 AM, 流水音 wrote: when the maxcount() returns 15, the exception is thrown out before the first buffer is flushed, then client can get the response code of: 605 but when the maxcount() returns 9, the exception is thrown out after some buffers flushes, so the client can not get the exception anymore, the response code is 200. Right. After a certain number of characters have been sent to the output stream (8192 by default, I think), the buffer is flushed and the first byte (along with others) is sent to the client. This usually includes all the HTTP response headers, and certainly will include the response header (the first header sent back to the client). After the response header has been sent, you cannot change it. so, if I want to get the exception during the data transferring in the client, do you guys have any idea hot to do that? Once you've sent a certain amount of data, you will not be able to change the response code. That's why it's a good idea to do all the work that could fail /before/ you start sending data back to the client. Of course, this is not always practical, but a reasonable goal. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkolPskACgkQ9CaO5/Lv0PB+FgCdF242btCuPF0RMEkoC+AEQXb1 anUAoKdxi70CeC/vwrr3X21HdPjTTSFq =NecE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Windows x64 Installer
On May 29, 2009, at 7:15 PM, Markus Schönhaber wrote: János Löbb: Because the electron has resting mess, it will never go with speed of light. The info by the way is not supplied by the electron, but rather with electromagnetic waves around the wire who have no resting mess, Oh, what a mess! ;-) -- Regards mks Yeah, the electron mass at c is a mess :) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Caching of static content
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jukka, On 5/19/2009 7:58 AM, Jukka Raanamo wrote: I was trying to create a Filter that generates the some content as files (if required) into the file system and lets the default servlet handle the rest. Interesting idea. However I noticed that if the uri was such that TC would interpret it as static content like /foobar.html - I would get a 404 on the first request. If the uri refers to more dynamic content such as /foobar.jsp - you don't get a 404. Let's see your code... public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; String uri = httpRequest.getRequestURI(); // assumes not deployed as ROOT String relativeURI = uri.substring(uri.indexOf(/, 1), uri.length()); Why assume non-ROOT deployment? It's just as easy to use ServletContext.getContextPath() than it is to arbitrarily chop characters out of a URI. if (relativeURI.equals(/)) { relativeURI = index.jsp; } else if (relativeURI.endsWith(/)) { relativeURI += index.jsp; } This seems like a bad idea: why not just leave the URI alone? try { createFile(relativeURI); if (request.getParameter(include) != null) { httpRequest.getRequestDispatcher(relativeURI). include(request, response); What is this include parameter? Is that something else for testing? Why not set up better tests from outside (that use includes) rather than trying to rig them this way? } else if (request.getParameter(forward) != null) { httpRequest.getRequestDispatcher(relativeURI). forward(request, response); } else { chain.doFilter(request, response); } You will definitely have to capture the response to the request which is a non-trivial exercise. I have written code to do this (and more) which can be found in the archives for this list here: http://marc.info/?l=tomcat-userm=123603411023864w=2 private void createFile(String relativeURI) throws Exception { String webAppDir = filterConfig.getServletContext().getRealPath(); File contentFile = new File(webAppDir, relativeURI); contentFile.getParentFile().mkdirs(); FileWriter writer = new FileWriter(contentFile); This is going to be a problem. You should store your files somewhere other than the webapp directory or things are going to be a real headache. writer.write(htmlbody + pre + Current Servlet time: + new Date() + br/ + Current JSP time: %=new java.util.Date()%br/ + /pre); That doesn't seem to capture the server's response or are you just trying to see if your technique will work before you implement everything? It appears that you are trying to capture content, write a file into the webapps directory, and then have the DefaultServlet serve that content for you. That's not going to work because of two things: 1. Webapp deployment sometimes doesn't allow you write to the webapps (or other deployment) directory 2. The DefaultServlet does its own caching of directory information (which I find irritating, honestly) so that newly-created files are not always (or ever?) able to be served by it. You will probably have to do your own interception of the request and serve the bytes yourself. You have already seen that disabling caching makes this work. Finally, you are messing with the URI by changing / to index.jsp and other foolish things like that. If you need to make-up a name for the file, make up something that is used solely for the filename, instead of re-writing the URI that you use for request dispatching. Making those changes will surely help. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkolXksACgkQ9CaO5/Lv0PBSKgCgimJQlCRi6eab/xsEfVE/3GrC OQMAn2wBeSJzFWdJEL0nw+oG/IyZsO5J =M+P4 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Authentication from the browser
I implemented a servlet and deployed it in Tomcat 6.0. The servlet is secured using Tomcat authentication mechanism which reads user credentials from the conf/users.xml file. We have a customer who would like to put a link on a web page (hosted by their server) which will invoke the servlet (hosted on our Tomcat server). We would also like to continue using the existing authentication mechanism. So, the question is how can we configure the customer environment, the link or my Tomcat server to allow authentication to happen without requiring the end-user to type in the user name and password? Can we implement link authentication using JavaScript to set HTTP headers? Thanks.
Re: Authentication from the browser
On Tue, Jun 2, 2009 at 10:22 AM, Alec Swan alecs...@gmail.com wrote: We would also like to continue using the existing authentication mechanism. So, the question is how can we ... allow authentication to happen without requiring the end-user to type in the user name and password? Your goals seem contradictory. Maybe you need to rethink... :-) -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
ISAPI issues
I have a Tomcat install that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? -- View this message in context: http://www.nabble.com/ISAPI-issues-tp23837289p23837289.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JSP/Japer in batch
I'm looking for a good general purpose template engine to use with various Java projects, not just web projects. Is it possible to use Jasper outside of a servlet engine? Mitch - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSP/Japer in batch
A better fit is Velocity or Freemarker for templating outside of a web environment. -Tim Mitch Claborn wrote: I'm looking for a good general purpose template engine to use with various Java projects, not just web projects. Is it possible to use Jasper outside of a servlet engine? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. Also, in general it is possible to authenticate a user without requiring the user to enter the user name and password in the application, e.g. NTLM-based authentication or authentication based on the client's IP address. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? Can you think of any other ways to have two different authentication mechanisms for the same servlet? Thanks! On Tue, Jun 2, 2009 at 11:37 AM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Tue, Jun 2, 2009 at 10:22 AM, Alec Swan alecs...@gmail.com wrote: We would also like to continue using the existing authentication mechanism. So, the question is how can we ... allow authentication to happen without requiring the end-user to type in the user name and password? Your goals seem contradictory. Maybe you need to rethink... :-) -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan alecs...@gmail.com wrote: Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have a customer who would like to put a link on a web page to your servlet, that servlet's URL is now in the wild -- anyone who finds it can access it. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk Status not showing errors
Unfortunately I'm not seeing that. What I did was start both Tomcats in my LB pair, start Apache, then I take the second Tomcat down to see if it will detect it being failed. Unfortunately it never seems to, it just shows the second as OK/IDLE, and happily directs all requests to the first. This concerns me, because if the second were to fail, then later the first, everything would die and I'd have no advance warning. I can't seem to make it ping and detect a dead Tomcat. I am using the latest version of mod_jk, I upgraded that before I began playing with the load balancer settings. I'd appreciate any feedback on what I might be doing wrong. Thanks. workers.properties: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.lbbasic.ping_mode=CI worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Lawrence Lamprecht wrote: I do not know if this is relevant or not, but I have just installed the latest version of mod_jk and the jkstatus is very much better than it used to be. I had the same issue with loadbalancers not showing when they are offline or broken. With the latest version, jksataus has the possibility to auto refresh itself. This now shouws when load balancers go down without a request being send to it. It is pretty dynamic as well. I ran several tests where I took one of the balancers down, and left jkstatus refreshing every 10 seconds and that told me that the worker was in error. It also shows you that the work is OK - IDLE when the worker is not being used but is good. As soon as it receives a request the status then changes to OK. Hope this helps. Kind regards / Met vriendelijke groet, Lawrence Lamprecht Application Content Manager QUADREM Netherlands B.V. Kabelweg 61, 1014 BA Amsterdam Post Office Box 20672, 1001 NR Amsterdam Office: +31 20 880 41 16 Mobile: +31 6 13 14 26 31 Fax: +31 20 880 41 02 Read our blog: Intelligent Supply Management - Your advantage -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Saturday, May 30, 2009 2:46 PM To: Tomcat Users List Subject: Re: jk Status not showing errors On 29.05.2009 22:50, Matthew Laird wrote: Good afternoon, I've been trying to get the jkstatus component of mod_jk running, and I'm not quite sure what I'm doing wrong in trying to have it report dead Tomcat instances. I have two tomcat instances setup in a load balancer, as a test I've taken down one of them. However the jkstatus screen still shows both of them as OK. I'm not sure what I'm missing from my workers.properties file to make it test the Tomcat and report a failed instance, so I can set Nagios to monitor this page and report problems. My workers.properties is: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost #worker.production1.redirect=production2 worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost #worker.production2.activation=disabled worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Any advice on extra options to make jkstatus check and report when one of the Tomcat instances isn't responding would be appreciated. I assume, that the actual error detection works and you are really only asking about display in status worker. I also assume your are using a recent mod_jk. Nevertheless do yourself a favor and look at the Timeouts documentation page to improve your configuration. Until recently, only workers used via a load balancing worker had good manageability with jkstatus. Very recently also pure AJP workers without any load balancer got more useful information in their display. So let's talk about your worker production. Whenever a request comes in the lb first checks whether it already carries a session for one of the
Custom annotations in a backing bean
I use some custom annotations in backing beans in my application. They works fine as long as the attribute metadata-complete in web.xml is set to false. However, when I set it to true, I get the following exception when JSF is trying to create an instance of the backing bean: java.lang.NullPointerException at com.sun.faces.vendor.Tomcat6InjectionProvider.inject(Tomcat6InjectionProvider.java:82) at com.sun.faces.mgbean.BeanBuilder.injectResources(BeanBuilder.java:203) at com.sun.faces.mgbean.BeanBuilder.build(BeanBuilder.java:107) at com.sun.faces.mgbean.BeanManager.createAndPush(BeanManager.java:368) The exception occurs because the statement servletContext.getAttribute(AnnotationProcessor.class.getName()) in Tomcat6InjectionProvider returns null. It looks like turning off the standard JEE annotations makes it impossible to use custom annotations. Has anyone else encountered this problem? Is there a workaround? Here are components of my applications: Java 6, Tomcat 6.0.18, JSF 1.2 Mojarra, Spring 2.5.6, Facelets 1.1.14. _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: jk Status not showing errors
What you could do is tail -f mod_jk.log file. Then take down the tomcat, see if the errors appear. You should see something like the following. Good Entries to Track Attempting to map context URI '/search-engine*' ajp_unmarshal_response::jk_ajp_common.c (621): status = 302 Maintaining worker loadbalancer1 Maintaining worker prod_se1 Maintaining worker prod_se2 Maintaining worker prod_sea Maintaining worker prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_sea service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_se1 service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_se2 Possible Error Entries Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se1 failed Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se2 failed You should be able to trace where your config is problematic. Kind regards / Met vriendelijke groet, Lawrence Lamprecht -Original Message- From: Matthew Laird [mailto:lai...@sfu.ca] Sent: Tuesday, June 02, 2009 8:53 PM To: Tomcat Users List Subject: Re: jk Status not showing errors Unfortunately I'm not seeing that. What I did was start both Tomcats in my LB pair, start Apache, then I take the second Tomcat down to see if it will detect it being failed. Unfortunately it never seems to, it just shows the second as OK/IDLE, and happily directs all requests to the first. This concerns me, because if the second were to fail, then later the first, everything would die and I'd have no advance warning. I can't seem to make it ping and detect a dead Tomcat. I am using the latest version of mod_jk, I upgraded that before I began playing with the load balancer settings. I'd appreciate any feedback on what I might be doing wrong. Thanks. workers.properties: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.lbbasic.ping_mode=CI worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Lawrence Lamprecht wrote: I do not know if this is relevant or not, but I have just installed the latest version of mod_jk and the jkstatus is very much better than it used to be. I had the same issue with loadbalancers not showing when they are offline or broken. With the latest version, jksataus has the possibility to auto refresh itself. This now shouws when load balancers go down without a request being send to it. It is pretty dynamic as well. I ran several tests where I took one of the balancers down, and left jkstatus refreshing every 10 seconds and that told me that the worker was in error. It also shows you that the work is OK - IDLE when the worker is not being used but is good. As soon as it receives a request the status then changes to OK. Hope this helps. Kind regards / Met vriendelijke groet, Lawrence Lamprecht Application Content Manager QUADREM Netherlands B.V. Kabelweg 61, 1014 BA Amsterdam Post Office Box 20672, 1001 NR Amsterdam Office: +31 20 880 41 16 Mobile: +31 6 13 14 26 31 Fax: +31 20 880 41 02 Read our blog: Intelligent Supply Management - Your advantage -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Saturday, May 30, 2009 2:46 PM To: Tomcat Users List Subject: Re: jk Status not showing errors On 29.05.2009 22:50, Matthew Laird wrote: Good afternoon, I've been trying to get the jkstatus component of mod_jk running, and I'm not quite sure what I'm doing wrong in trying to have it report dead Tomcat instances. I have two tomcat instances setup in a load balancer, as a test I've taken down one of them. However the jkstatus screen still shows both of them as OK. I'm not sure what I'm missing from my workers.properties file to make it test the Tomcat and report a failed instance, so I can set Nagios to monitor this page and report problems. My workers.properties is: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1
Re: ISAPI issues
On 02.06.2009 19:42, dljohnson69 wrote: I have a Tomcat install that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? Bad gateway plus log file means your redirector is working, but you have your configuration wrong. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk Status not showing errors
I'm not seeing anything like that. I just took both Tomcats down, I instantly get the 503 from Apache when I try to load the application. However tailing the mod_jk.log, I just see entries like this: [Tue Jun 02 12:36:23 2009] jkstatus www.innatedb.ca 0.000360 [Tue Jun 02 12:36:26 2009] jkstatus www.innatedb.ca 0.000263 [Tue Jun 02 12:36:39 2009] production www.innatedb.ca 0.498998 [Tue Jun 02 12:36:40 2009] jkstatus www.innatedb.ca 0.000282 mod_jk seems happy sending the requests to Tomcat, and doesn't seem to notice there's no actual Tomcat responding. Only after a few minutes does the JK Status screen go to ERR/REC for both. I would think this is the kind of thing mod_jk should notice instantly, when there's no Tomcat where there should be one. Or am I missing something? Thanks. Lawrence Lamprecht wrote: What you could do is tail -f mod_jk.log file. Then take down the tomcat, see if the errors appear. You should see something like the following. Good Entries to Track Attempting to map context URI '/search-engine*' ajp_unmarshal_response::jk_ajp_common.c (621): status = 302 Maintaining worker loadbalancer1 Maintaining worker prod_se1 Maintaining worker prod_se2 Maintaining worker prod_sea Maintaining worker prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_sea service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_se1 service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_se2 Possible Error Entries Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se1 failed Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se2 failed You should be able to trace where your config is problematic. Kind regards / Met vriendelijke groet, Lawrence Lamprecht -Original Message- From: Matthew Laird [mailto:lai...@sfu.ca] Sent: Tuesday, June 02, 2009 8:53 PM To: Tomcat Users List Subject: Re: jk Status not showing errors Unfortunately I'm not seeing that. What I did was start both Tomcats in my LB pair, start Apache, then I take the second Tomcat down to see if it will detect it being failed. Unfortunately it never seems to, it just shows the second as OK/IDLE, and happily directs all requests to the first. This concerns me, because if the second were to fail, then later the first, everything would die and I'd have no advance warning. I can't seem to make it ping and detect a dead Tomcat. I am using the latest version of mod_jk, I upgraded that before I began playing with the load balancer settings. I'd appreciate any feedback on what I might be doing wrong. Thanks. workers.properties: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.lbbasic.ping_mode=CI worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Lawrence Lamprecht wrote: I do not know if this is relevant or not, but I have just installed the latest version of mod_jk and the jkstatus is very much better than it used to be. I had the same issue with loadbalancers not showing when they are offline or broken. With the latest version, jksataus has the possibility to auto refresh itself. This now shouws when load balancers go down without a request being send to it. It is pretty dynamic as well. I ran several tests where I took one of the balancers down, and left jkstatus refreshing every 10 seconds and that told me that the worker was in error. It also shows you that the work is OK - IDLE when the worker is not being used but is good. As soon as it receives a request the status then changes to OK. Hope this helps. Kind regards / Met vriendelijke groet, Lawrence Lamprecht Application Content Manager QUADREM Netherlands B.V. Kabelweg 61, 1014 BA Amsterdam Post Office Box 20672, 1001 NR Amsterdam Office: +31 20 880 41 16 Mobile: +31 6 13 14 26 31 Fax: +31 20 880 41 02 Read our blog: Intelligent Supply Management - Your advantage -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Saturday, May 30, 2009 2:46 PM To: Tomcat Users List Subject: Re: jk Status not showing errors On 29.05.2009 22:50, Matthew Laird wrote: Good afternoon, I've been trying to get
Re: jk Status not showing errors
On 02.06.2009 20:53, Matthew Laird wrote: Unfortunately I'm not seeing that. What I did was start both Tomcats in my LB pair, start Apache, then I take the second Tomcat down to see if it will detect it being failed. Unfortunately it never seems to, it just shows the second as OK/IDLE, and happily directs all requests to the first. This concerns me, because if the second were to fail, then later the first, everything would die and I'd have no advance warning. I can't seem to make it ping and detect a dead Tomcat. Assuming that you did refresh the jkstatus display: what is your test client? The fact that you see OK/IDLE, but all requests go to the other node indicates, that you are using requests with associated session, so the balancer is not allowed to send them to the other node and thus does not detect the down node. Check to remove the JSESSIONID cookie before sending requests, or use a client which allows cookie disabling (like curl). I am using the latest version of mod_jk, I upgraded that before I began playing with the load balancer settings. I'd appreciate any feedback on what I might be doing wrong. Thanks. workers.properties: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.lbbasic.ping_mode=CI worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Looks OK. Rainer Lawrence Lamprecht wrote: I do not know if this is relevant or not, but I have just installed the latest version of mod_jk and the jkstatus is very much better than it used to be. I had the same issue with loadbalancers not showing when they are offline or broken. With the latest version, jksataus has the possibility to auto refresh itself. This now shouws when load balancers go down without a request being send to it. It is pretty dynamic as well. I ran several tests where I took one of the balancers down, and left jkstatus refreshing every 10 seconds and that told me that the worker was in error. It also shows you that the work is OK - IDLE when the worker is not being used but is good. As soon as it receives a request the status then changes to OK. Hope this helps. Kind regards / Met vriendelijke groet, Lawrence Lamprecht Application Content Manager QUADREM Netherlands B.V. Kabelweg 61, 1014 BA Amsterdam Post Office Box 20672, 1001 NR Amsterdam Office: +31 20 880 41 16 Mobile: +31 6 13 14 26 31 Fax: +31 20 880 41 02 Read our blog: Intelligent Supply Management - Your advantage -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Saturday, May 30, 2009 2:46 PM To: Tomcat Users List Subject: Re: jk Status not showing errors On 29.05.2009 22:50, Matthew Laird wrote: Good afternoon, I've been trying to get the jkstatus component of mod_jk running, and I'm not quite sure what I'm doing wrong in trying to have it report dead Tomcat instances. I have two tomcat instances setup in a load balancer, as a test I've taken down one of them. However the jkstatus screen still shows both of them as OK. I'm not sure what I'm missing from my workers.properties file to make it test the Tomcat and report a failed instance, so I can set Nagios to monitor this page and report problems. My workers.properties is: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.production1.reference=worker.lbbasic worker.production1.port=8009 worker.production1.host=localhost #worker.production1.redirect=production2 worker.production2.reference=worker.lbbasic worker.production2.port=8012 worker.production2.host=localhost #worker.production2.activation=disabled worker.development.port=8010 worker.development.host=localhost worker.development.type=ajp13 worker.old.port=8011 worker.old.host=localhost worker.old.type=ajp13 worker.jkstatus.type=status Any advice on extra options to make jkstatus check and report when one of the Tomcat instances isn't responding would be appreciated. I assume, that the actual error
Re: jk Status not showing errors
On 02.06.2009 21:40, Matthew Laird wrote: I'm not seeing anything like that. I just took both Tomcats down, I instantly get the 503 from Apache when I try to load the application. Assuming that there is no mod_proxy in the game. When there is a 503, you will have [error] log lines in the JK log. However tailing the mod_jk.log, I just see entries like this: [Tue Jun 02 12:36:23 2009] jkstatus www.innatedb.ca 0.000360 [Tue Jun 02 12:36:26 2009] jkstatus www.innatedb.ca 0.000263 [Tue Jun 02 12:36:39 2009] production www.innatedb.ca 0.498998 [Tue Jun 02 12:36:40 2009] jkstatus www.innatedb.ca 0.000282 Note that these lines only contain a single request to the backend, the one with production. mod_jk seems happy sending the requests to Tomcat, and doesn't seem to notice there's no actual Tomcat responding. Only after a few minutes does the JK Status screen go to ERR/REC for both. I would think this is the kind of thing mod_jk should notice instantly, when there's no Tomcat where there should be one. Or am I missing something? Show us your full access and jk log. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk Status not showing errors
Rainer Jung wrote: Assuming that you did refresh the jkstatus display: what is your test client? The fact that you see OK/IDLE, but all requests go to the other node indicates, that you are using requests with associated session, so the balancer is not allowed to send them to the other node and thus does not detect the down node. Check to remove the JSESSIONID cookie before sending requests, or use a client which allows cookie disabling (like curl). Is there any way to make it ping and detect a dead Tomcat without a request coming in? I thought I was doing that with the worker.lbbasic.ping_mode=CI setting. Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ISAPI issues
Cool, maybe you can help more than the log files then. Are you referring to the configuration of the workers.properties and/or the uriworkermap files or is there something else that could be involved as well? I just started with a basic setup as instructed by some sites. Here is what I have, if you see something that is suspect please point it out...thanks! #/examples/*=testWorker #/examples/*.jsp=testWorker #/examples/servlet/*=testWorker /admin/*=wlb /manager/*=wlb /jsp-examples/*=wlb /servlets-examples/*=wlb /wealthstation/*=ws /planningstation/*=ps /jkmanager=jkstatus workers.properties worker.list=ws,ps,wb,jkstatus worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8010 socket_timeout=0 worker.wlb.type=lb worker.wlb.balance_workers=ajp13w worker.jkstatus.type=status also, I have 2 apps, 2 instancesone houses the ps app, one for the ws app but from ws the user goes to the ps app once you are in it. Should each apps workers.properties file ONLY point to that context or should each have both? Thanks again! dljohnson69 wrote: I have a new Tomcat install and deployed app that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? I would assume that all is fine since the app works fine when going directly to Tomcat.The isapi-redirector is loaded and green but will not load through IIS. Thanks for any helpful advice, we are new to this. -- View this message in context: http://www.nabble.com/ISAPI-issues-tp23837289p23839567.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
I may not be explaining it clearly. We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. We can also tell the customer to put whatever we need in the link, such as HTTP headers. Does this give you enough information to propose a solution? On Tue, Jun 2, 2009 at 12:22 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan alecs...@gmail.com wrote: Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have a customer who would like to put a link on a web page to your servlet, that servlet's URL is now in the wild -- anyone who finds it can access it. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ISAPI issues
I assume you are using the latest version 1.2.28. That makes things easier to discuss. On 02.06.2009 21:53, dljohnson69 wrote: Cool, maybe you can help more than the log files then. Are you referring to the configuration of the workers.properties and/or the uriworkermap files or is there something else that could be involved as well? I just started with a basic setup as instructed by some sites. Here is what I have, if you see something that is suspect please point it out...thanks! #/examples/*=testWorker #/examples/*.jsp=testWorker #/examples/servlet/*=testWorker /admin/*=wlb /manager/*=wlb /jsp-examples/*=wlb /servlets-examples/*=wlb /wealthstation/*=ws /planningstation/*=ps /jkmanager=jkstatus Can you see those in the display of the status worker (/jkmanager)? workers.properties worker.list=ws,ps,wb,jkstatus worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8010 Better remove the socket_timeout=0, because that disables it, but it is disabled by default, and we don't want to rely a 0 to mean disable in all versions. socket_timeout=0 worker.wlb.type=lb worker.wlb.balance_workers=ajp13w worker.jkstatus.type=status also, I have 2 apps, 2 instancesone houses the ps app, one for the ws app but from ws the user goes to the ps app once you are in it. Should each apps workers.properties file ONLY point to that context or should each have both? There is only one workers.properties, not one per context. A worker is the same as a Tomcat connector (at least a worker of type ajp13). So for each Tomcat you need to define one worker. You can optionally wrap them in lb workers. Which requests get send there is decided by the uriworkermap.properties shown above. So if you only have one Tomcat, you would only use one worker (ajp13w) and not also ws and ps. Since you wrapped ajp13w into wlb, you would then map /wealthstation/*=wlb /planningstation/*=wlb Theoretically you can define more than one connector (port) for ajp13 use in Tomcat and separate a ws, ps, ajp13w worker from each other, but you need to have a serious reason for this. If you want a simple start, don't separate. Which requests do not work, example-URL? Regards, Rainer Thanks again! dljohnson69 wrote: I have a new Tomcat install and deployed app that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? I would assume that all is fine since the app works fine when going directly to Tomcat.The isapi-redirector is loaded and green but will not load through IIS. Thanks for any helpful advice, we are new to this. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: jk Status not showing errors
On 02.06.2009 21:46, Matthew Laird wrote: Rainer Jung wrote: Assuming that you did refresh the jkstatus display: what is your test client? The fact that you see OK/IDLE, but all requests go to the other node indicates, that you are using requests with associated session, so the balancer is not allowed to send them to the other node and thus does not detect the down node. Check to remove the JSESSIONID cookie before sending requests, or use a client which allows cookie disabling (like curl). Is there any way to make it ping and detect a dead Tomcat without a request coming in? I thought I was doing that with the worker.lbbasic.ping_mode=CI setting. Yes, but: - you need to activate a watchdog thread by using JkWatchdogInterval - you might need to tune connection_ping_interval - finally you will end up not getting what you want, because all of that doesn't give you real time monitoring The idea of this type of ping is to detect connections that are no longer usable, because they were idle for to long and have been cut e.g. by a firewall. Broken backends usually are detected reliable, e.g. via prepost ping. Yes, that only happens when you start to use them. There is no backend probing in the watchdog thread at the moment. Yes that's one of the enhancements on the list for a future release. Usually detecting on demand is enough. You can have your own probing: regularly probe your service, using a dummy session cookie of the form JSESSIONID=X.NODE where you replace NODE with the jvmRoute of the backend you want to probe. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: jk Status not showing errors
Below is the config that I have and this works. I have looked at your workers.properties file. There are few entries that I am not sure of. So I would suggest trying to simplify your config until you get a functional system. Once you reach that stage, then you can add more complication to it until you are happy with a final config. All the while tailing the mod_jk.log file to monitor the changes and see the effct of the system. Hop this helps. **Workers.properties file** worker.list= loadbalancer1, loadbalancer2, prod_se1, prod_se2, prod_sea, prod_seb worker.prod_se1.port=8009 worker.prod_se1.host=10.16.6.166 worker.prod_se1.type=ajp13 worker.prod_se1.lbfactor=1 worker.prod_se2.port=8009 worker.prod_se2.host=10.16.6.167 worker.prod_se2.type=ajp13 worker.prod_se2.lbfactor=1 worker.prod_sea.port=8210 worker.prod_sea.host=10.16.6.166 worker.prod_sea.type=ajp13 worker.prod_sea.lbfactor=1 worker.prod_seb.port=8210 worker.prod_seb.host=10.16.6.167 worker.prod_seb.type=ajp13 worker.prod_seb.lbfactor=1 worker.loadbalancer1.type=lb worker.loadbalancer1.balance_workers=prod_se1,prod_se2 worker.loadbalancer2.type=lb worker.loadbalancer2.balance_workers=prod_sea,prod_seb **jk.conf file** JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel debug ErrorLog /etc/httpd/logs/jk_error_log CustomLog /etc/httpd/logs/jk_access_log common JkMount /search-engine* loadbalancer1 JkMount /2-search-engine* loadbalancer2 Kind regards / Met vriendelijke groet, Lawrence Lamprecht -Original Message- From: Matthew Laird [mailto:lai...@sfu.ca] Sent: Tuesday, June 02, 2009 9:41 PM To: Tomcat Users List Subject: Re: jk Status not showing errors I'm not seeing anything like that. I just took both Tomcats down, I instantly get the 503 from Apache when I try to load the application. However tailing the mod_jk.log, I just see entries like this: [Tue Jun 02 12:36:23 2009] jkstatus www.innatedb.ca 0.000360 [Tue Jun 02 12:36:26 2009] jkstatus www.innatedb.ca 0.000263 [Tue Jun 02 12:36:39 2009] production www.innatedb.ca 0.498998 [Tue Jun 02 12:36:40 2009] jkstatus www.innatedb.ca 0.000282 mod_jk seems happy sending the requests to Tomcat, and doesn't seem to notice there's no actual Tomcat responding. Only after a few minutes does the JK Status screen go to ERR/REC for both. I would think this is the kind of thing mod_jk should notice instantly, when there's no Tomcat where there should be one. Or am I missing something? Thanks. Lawrence Lamprecht wrote: What you could do is tail -f mod_jk.log file. Then take down the tomcat, see if the errors appear. You should see something like the following. Good Entries to Track Attempting to map context URI '/search-engine*' ajp_unmarshal_response::jk_ajp_common.c (621): status = 302 Maintaining worker loadbalancer1 Maintaining worker prod_se1 Maintaining worker prod_se2 Maintaining worker prod_sea Maintaining worker prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_sea service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_seb service::jk_lb_worker.c (612): service worker=prod_sea jvm_route=prod_se1 service::jk_lb_worker.c (612): service worker=prod_seb jvm_route=prod_se2 Possible Error Entries Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se1 failed Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=prod_se2 failed You should be able to trace where your config is problematic. Kind regards / Met vriendelijke groet, Lawrence Lamprecht -Original Message- From: Matthew Laird [mailto:lai...@sfu.ca] Sent: Tuesday, June 02, 2009 8:53 PM To: Tomcat Users List Subject: Re: jk Status not showing errors Unfortunately I'm not seeing that. What I did was start both Tomcats in my LB pair, start Apache, then I take the second Tomcat down to see if it will detect it being failed. Unfortunately it never seems to, it just shows the second as OK/IDLE, and happily directs all requests to the first. This concerns me, because if the second were to fail, then later the first, everything would die and I'd have no advance warning. I can't seem to make it ping and detect a dead Tomcat. I am using the latest version of mod_jk, I upgraded that before I began playing with the load balancer settings. I'd appreciate any feedback on what I might be doing wrong. Thanks. workers.properties: worker.list=production,development,old,jkstatus worker.production.type=lb worker.production.balance_workers=production1,production2 worker.production.sticky_session=True worker.production.method=S worker.lbbasic.type=ajp13 worker.lbbasic.connect_timeout=1 worker.lbbasic.recovery_options=7 worker.lbbasic.socket_keepalive=1 worker.lbbasic.socket_timeout=60 worker.lbbasic.ping_mode=CI
Re: Authentication from the browser
Alec, so basically members of your client company should be able to have direct access to a servlet that is otherwise restricted to a handful of users who must authenicate themselves with a username/password login, right? One solution to this situation would be to create a simple servlet that sniffs incoming request IPs, if they match the range/set of IPs of your client, then you bypass the authenication mechanism of your existing servlet and give them a full view of whatever goodies your servlet has. If incoming requests don't match the IPs then bounce them off somewhere. However this approach is not a complete solution, a very interested party could observe your system and deduce that it was based upon privileged IPs and then spoof them. It all depends upon how important this servlet is you and your organization. If it is absolutely mission critical, then you'll want to use SSL and require logins. On Tue, Jun 2, 2009 at 4:01 PM, Alec Swan alecs...@gmail.com wrote: I may not be explaining it clearly. We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. We can also tell the customer to put whatever we need in the link, such as HTTP headers. Does this give you enough information to propose a solution? On Tue, Jun 2, 2009 at 12:22 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan alecs...@gmail.com wrote: Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have a customer who would like to put a link on a web page to your servlet, that servlet's URL is now in the wild -- anyone who finds it can access it. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
On Tue, Jun 2, 2009 at 1:01 PM, Alec Swan alecs...@gmail.com wrote: We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. Seems iffy -- none of these users will ever be working remotely and need access? We can also tell the customer to put whatever we need in the link, such as HTTP headers. ? You can't put HTTP headers in a link, unless you're processing it through some proxy mechanism... Does this give you enough information to propose a solution? I suspect you need to write your own solution, though this: http://securityfilter.sourceforge.net/ :: has been recommended by others on this list many times, and might help (I've never used it). HTH, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows x64 Installer
Eureka I figured this out!! First, on 3) below. The reason it worked was that Tomcat just ignored the 32-bit APR library. Acted as though it wasn't there. Once I set up an HTTPS connector, I noticed this because the error came back that it couldn't find .keystore file. Now the reason why 4) below was not working (all 64-bit), is that I didn't have an address specified in my connector tag. Apparently, at all windows revs prior to 2008 server, if you didn't supply an IP address, Windows would gladly supply 0.0.0.0, but now at 2008 it doesn't (possibly vista also?). You will see this if you go to the command window and do a netstat -an. Instead of seeing 0.0.0.0:80 in the first column, you'll see [::]:80. So once I added an address=0.0.0.0 to my connector tags, everything started working. Once again, Microsoft breaks the stack and goes their own way. Amazingly, with no 3rd party software running, there are a number of these [::] addresses in the list, so MS possibly hasn't ported all their services yet. Really wondering what else isn't working correctly. Jeff -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Monday, June 01, 2009 9:03 AM To: Tomcat Users List Subject: RE: Windows x64 Installer Oops, on 3) I should have said I was using the APR, but for HTTP only, not HTTPS. I was thinking AJP for some reason. -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Friday, May 29, 2009 5:53 PM To: Tomcat Users List Subject: RE: Windows x64 Installer 1) Correct 2) Didn't try and agree with you. 3) Correct. Not using APR, just HTTP (HTTPS later, but not tried) 4) Correct. System config: Windows 2008 Standard (64-bit), Tomcat 5.5 standard install running as standalone web server. Copied the 32-bit install and replaced tomcat5.exe, tomcat5w.exe and tcnative-1.dll with the current 64-bit versions from apache.org web/ftp site. Issued a tomcat5.exe //is, with appropriate options and jvm, to create as a service. There are no proxys on the system. Windows firewall is off. Using Symantec Endpoint Protection 11.0.4 for virus firewall security (same results with firewall enabled/disabled). Just trying to pull up the welcome page (http://ip:8080) and getting the results described. Also on 4) telnet ip 8080 will get a connection failure. Jeff -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, May 29, 2009 12:54 PM To: Tomcat Users List Subject: RE: Windows x64 Installer From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: Windows x64 Installer Tested all those options before I sent the mail. Let me summarize to see if I understand this properly: 1) 32-bit JVM, 32-bit DLL: works from localhost and from a separate system 2) 32-bit JVM, 64-bit DLL: ?? (shouldn't work) 3) 64-bit JVM, 32-bit DLL: works from localhost and from a separate system (it shouldn't work - you probably aren't using APR in this case) 4) 64-bit JVM, 64-bit DLL: works from localhost, but not from a separate system Is the above correct? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby
Re: ISAPI issues
Actually I am still on 1.2.27 but am willing to update, just cannot find a compiled download of the 1.2.28 dll. However, I made those changes and now there are no errors in the isapi.log but the browser errors with service temporary unavailable. When I check the logs I get All Tomcat instances failed, no more workers left. The next line says, all tomcat instances are busy or in error state. This was AFTER a reboot of the physical box. I have done nothing nor know how to use the jkstatus, it was just in the work or uri example files. Let me know if I should remove it or if further configuration needs to be done if it is needed. Actually I have 2 Tomcat installs, one for ps and one for ws. We are trying to mimic a 3rd party app of a vendor and this is the way they have theirs. Only difference is they have Apace and we have IIS, hence the lack of knowledge on it. I have the examples working from IIS, just not the apps for ws and ps. Rainer Jung-3 wrote: I assume you are using the latest version 1.2.28. That makes things easier to discuss. On 02.06.2009 21:53, dljohnson69 wrote: Cool, maybe you can help more than the log files then. Are you referring to the configuration of the workers.properties and/or the uriworkermap files or is there something else that could be involved as well? I just started with a basic setup as instructed by some sites. Here is what I have, if you see something that is suspect please point it out...thanks! #/examples/*=testWorker #/examples/*.jsp=testWorker #/examples/servlet/*=testWorker /admin/*=wlb /manager/*=wlb /jsp-examples/*=wlb /servlets-examples/*=wlb /wealthstation/*=ws /planningstation/*=ps /jkmanager=jkstatus Can you see those in the display of the status worker (/jkmanager)? workers.properties worker.list=ws,ps,wb,jkstatus worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8010 Better remove the socket_timeout=0, because that disables it, but it is disabled by default, and we don't want to rely a 0 to mean disable in all versions. socket_timeout=0 worker.wlb.type=lb worker.wlb.balance_workers=ajp13w worker.jkstatus.type=status also, I have 2 apps, 2 instancesone houses the ps app, one for the ws app but from ws the user goes to the ps app once you are in it. Should each apps workers.properties file ONLY point to that context or should each have both? There is only one workers.properties, not one per context. A worker is the same as a Tomcat connector (at least a worker of type ajp13). So for each Tomcat you need to define one worker. You can optionally wrap them in lb workers. Which requests get send there is decided by the uriworkermap.properties shown above. So if you only have one Tomcat, you would only use one worker (ajp13w) and not also ws and ps. Since you wrapped ajp13w into wlb, you would then map /wealthstation/*=wlb /planningstation/*=wlb Theoretically you can define more than one connector (port) for ajp13 use in Tomcat and separate a ws, ps, ajp13w worker from each other, but you need to have a serious reason for this. If you want a simple start, don't separate. Which requests do not work, example-URL? Regards, Rainer Thanks again! dljohnson69 wrote: I have a new Tomcat install and deployed app that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? I would assume that all is fine since the app works fine when going directly to Tomcat.The isapi-redirector is loaded and green but will not load through IIS. Thanks for any helpful advice, we are new to this. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/ISAPI-issues-tp23837289p23841286.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
element type taglib must be declared
I am having a hell of a time trying to deploy an app I wrote in JDeveloper on tomcat. I put the war file under the webapps directory and when I start tomcat is creates a folder for it but I get some errors messages. Starting service Tomcat-Standalone Apache Tomcat/4.0.1 PARSE error at line 1 column 238 org.xml.sax.SAXParseException: Element type taglib must be declared. PARSE error at line 2 column 200 org.xml.sax.SAXParseException: Element type taglib must be declared. PARSE error at line 1 column 238 org.xml.sax.SAXParseException: Element type taglib must be declared. Starting service Tomcat-Apache Apache Tomcat/4.0.1 Here is my web.xml where I think the problem is: ?xml version=1.0 encoding=WINDOWS-1252? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; web-app taglib taglib-uri/WEB-INF/music.tld/taglib-uri taglib-location/WEB-INF/music.tld/taglib-location /taglib !-- /jsp-config -- /web-app Any help on how I can declare taglib would be great also is my web.xml ok for tomcat 4.0.1? -- View this message in context: http://www.nabble.com/element-type-%22taglib%22-must-be-declared-tp23841581p23841581.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: ISAPI issues
On 02.06.2009 23:30, dljohnson69 wrote: Actually I am still on 1.2.27 but am willing to update, just cannot find a compiled download of the 1.2.28 dll. http://tomcat.apache.org/download-connectors.cgi However, I made those changes and now there are no errors in the isapi.log but the browser errors with service temporary unavailable. When I check the logs I get All Tomcat instances failed, no more workers left. The next line says, all tomcat instances are busy or in error state. This was AFTER a reboot of the physical box. IIS and Tomcat on the same box? Could you get your pages directly from Tomcat via its http connector (8080 or so)? So does it - work never - work sometimes, but sometimes not? Which URL did you use, what's exactly in the log file? I have done nothing nor know how to use the jkstatus, it was just in the work or uri example files. Let me know if I should remove it or if further Should be available under the URL /jkmanager and is very helpful. There's a security problem with an open jkstatus though. configuration needs to be done if it is needed. Actually I have 2 Tomcat installs, one for ps and one for ws. So you need to find out the port numbers (and if on different hosts the host names) and define two workers ws and ps in the way you have done with ajp13w. We are trying to mimic a 3rd party app of a vendor and this is the way they have theirs. Only difference is they have Apace and we have IIS, hence the lack of knowledge on it. I have the examples working from IIS, just not the apps for ws and ps. Define the ws and ps workers with correct host names and ports, wrap them in a new lb, like lbps and lbws worker.lbps.type=lb worker.lbps.balance_workers=ps worker.lbws.type=lb worker.lbws.balance_workers=ws and put lbps resp. lbws behind the equal sign in the lines of uriworkermap.properties you want to be mapped to ps resp. ws. Regards, Rainer Rainer Jung-3 wrote: I assume you are using the latest version 1.2.28. That makes things easier to discuss. On 02.06.2009 21:53, dljohnson69 wrote: Cool, maybe you can help more than the log files then. Are you referring to the configuration of the workers.properties and/or the uriworkermap files or is there something else that could be involved as well? I just started with a basic setup as instructed by some sites. Here is what I have, if you see something that is suspect please point it out...thanks! #/examples/*=testWorker #/examples/*.jsp=testWorker #/examples/servlet/*=testWorker /admin/*=wlb /manager/*=wlb /jsp-examples/*=wlb /servlets-examples/*=wlb /wealthstation/*=ws /planningstation/*=ps /jkmanager=jkstatus Can you see those in the display of the status worker (/jkmanager)? workers.properties worker.list=ws,ps,wb,jkstatus worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8010 Better remove the socket_timeout=0, because that disables it, but it is disabled by default, and we don't want to rely a 0 to mean disable in all versions. socket_timeout=0 worker.wlb.type=lb worker.wlb.balance_workers=ajp13w worker.jkstatus.type=status also, I have 2 apps, 2 instancesone houses the ps app, one for the ws app but from ws the user goes to the ps app once you are in it. Should each apps workers.properties file ONLY point to that context or should each have both? There is only one workers.properties, not one per context. A worker is the same as a Tomcat connector (at least a worker of type ajp13). So for each Tomcat you need to define one worker. You can optionally wrap them in lb workers. Which requests get send there is decided by the uriworkermap.properties shown above. So if you only have one Tomcat, you would only use one worker (ajp13w) and not also ws and ps. Since you wrapped ajp13w into wlb, you would then map /wealthstation/*=wlb /planningstation/*=wlb Theoretically you can define more than one connector (port) for ajp13 use in Tomcat and separate a ws, ps, ajp13w worker from each other, but you need to have a serious reason for this. If you want a simple start, don't separate. Which requests do not work, example-URL? Regards, Rainer Thanks again! dljohnson69 wrote: I have a new Tomcat install and deployed app that is working okay but going through the isapi_redirect it gets a bad gateway error. The isapi.log has errors that says it cannot connect to tomcat, tomcat is down or refused connection. Any ideas?? I would assume that all is fine since the app works fine when going directly to Tomcat.The isapi-redirector is loaded and green but will not load through IIS. Thanks for any helpful advice, we are new to this. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
On Tue, Jun 2, 2009 at 2:34 PM, Jonathan Mast jhmast.develo...@gmail.comwrote: Alec, so basically members of your client company should be able to have direct access to a servlet that is otherwise restricted to a handful of users who must authenicate themselves with a username/password login, right? Yes, this is exactly what we need. One solution to this situation would be to create a simple servlet that sniffs incoming request IPs, if they match the range/set of IPs of your client, then you bypass the authenication mechanism of your existing servlet and give them a full view of whatever goodies your servlet has. If incoming requests don't match the IPs then bounce them off somewhere. However this approach is not a complete solution, a very interested party could observe your system and deduce that it was based upon privileged IPs and then spoof them. It all depends upon how important this servlet is you and your organization. If it is absolutely mission critical, then you'll want to use SSL and require logins. The servlet is not mission critical and provides only read-only access. I like this idea, but as Hassaan pointed out it does not allow our customer users to access this page if they are outside of the VPN. On Tue, Jun 2, 2009 at 4:01 PM, Alec Swan alecs...@gmail.com wrote: I may not be explaining it clearly. We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. We can also tell the customer to put whatever we need in the link, such as HTTP headers. Does this give you enough information to propose a solution? On Tue, Jun 2, 2009 at 12:22 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan alecs...@gmail.com wrote: Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have a customer who would like to put a link on a web page to your servlet, that servlet's URL is now in the wild -- anyone who finds it can access it. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: element type taglib must be declared
From: Tom1973 [mailto:garyp1...@gmail.com] Subject: element type taglib must be declared Starting service Tomcat-Standalone Apache Tomcat/4.0.1 You're trying to use a Tomcat that's over 7.5 years old? Please try this on a supported level (even 4.1.39, if you absolutely must have ancient history, but best on 6.0.18). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Authentication from the browser
? You can't put HTTP headers in a link, unless you're processing it through some proxy mechanism... Looks like the last SecurityFilter build was released on Dec. 14, 2004, which makes me hesitant to use it. I am wondering if it is possible to use JavaScript to include the user name and password in the HTTP header when the link is clicked. According to the following statement I borrowed from http://securityfilter.sourceforge.net/this won't work either: With container managed security, the container will not process login requests unless the container itself has initiated the authentication sequence .. Does this mean that there is no way to authenticate against Tomcat server unless the server initiated the request itself? Does this give you enough information to propose a solution? I suspect you need to write your own solution, though this: http://securityfilter.sourceforge.net/ :: has been recommended by others on this list many times, and might help (I've never used it). HTH, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Which Do I SSL - httpd or Tomcat?
Alston, Brian (US SSA) wrote: What I have is 3 virtual servers (VMWare - Windows Server 2003). One server has Apache httpd v2.2.11 and two other servers running Apache Tomcat v6.0.18. The Tomcat servers are independently accessible from outside of the httpd server; so, I assume that I will need to place SSL on all three servers. I think the question to ask is : do your Tomcat servers /have to be/ accessible directly, without going through httpd ? If not, then it is possible to configure Tomcat so that it will /only/ accept connections from the IP address of your httpd server, and from nowhere else. The point is : using HTTPS is expensive (all communications have to be encrypted, which has a cost). So if you can make it so that the http - Tomcat connection is private, you don't heve to use HTTPS between them. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Windows x64 Installer
János Löbb wrote: On May 29, 2009, at 7:15 PM, Markus Schönhaber wrote: János Löbb: Because the electron has resting mess, it will never go with speed of light. The info by the way is not supplied by the electron, but rather with electromagnetic waves around the wire who have no resting mess, Oh, what a mess! ;-) -- Regards mks Yeah, the electron mass at c is a mess :) The electron, having a mass, can never reach c, or its mass would become infinite. In fact, just before that, its mass would become so large that it should become a black hole. And since it would be a tiny black hole, it should evaporate almost instantly (from the point of view of at least some external observers) by virtue of the so-called quantum Hawking radiation, triggering a conical burst of high-velocity particles. In fact, this happens all the time, explaining why sometimes Tomcat does not start under Windows 64 bit and other bizarre computer phenomenons. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
fonts in linux
Hi all We have recently moved from a windows to a Linux platform and we have noticed that the default fonts seem to have changed. Is there any way of setting them that same as on the windows system. we are using tomcat5 on centos. cheers - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: fonts in linux
//here is 1 style excerpted from styles/form.css /* A CSS Framework by Mike Stenhouse of Content with Style */ /* FORM ELEMENTS */ form { margin:0; padding:0; } //import of forms.css from /styles/main.css @import url(layout-navtop-localleft.css); @import url(layout.css); @import url(forms.css); @import url(typo.css); @import url(tools.css); WEB-INF/decorators.xml contains patterns to exclude ?xml version=1.0 encoding=ISO-8859-1? !-- SiteMesh filter reads these patterns for files/folders to exclude -- decorators defaultdir=/WEB-INF/decorators.xml !-- Any urls that are excluded will never be decorated by Sitemesh -- excludes pattern/debug.jsp/pattern pattern/styles/*/pattern !-- pattern/scripts/*/pattern -- pattern/images/*/pattern pattern/dojo/*/pattern pattern/struts/*/pattern pattern/ajax/AjaxResult*/pattern pattern/AjaxTest.action/pattern pattern/ajax/remoteforms/AjaxRemoteForm.action/pattern pattern/tags/ui/ajax/*/pattern pattern/chat/ajax/*/pattern pattern/hangman/ajax/*/pattern pattern/nodecorate/*/pattern /excludes decorator name=main page=main.jsp pattern/*/pattern /decorator !--decorator name=panel page=panel.jsp/-- !--decorator name=dashedBox page=dashedBox.jsp/-- !--decorator name=printable page=printable.jsp/-- /decorators //where sitemesh filter is enabled as seen here in /WEB-INF/web.xml by // /* in url-pattern filter filter-namesitemesh/filter-name filter-classcom.opensymphony.module.sitemesh.filter.PageFilter/filter-class /filter filter-mapping filter-namesitemesh/filter-name url-pattern/*/url-pattern /filter-mapping //assuming if you have sitemesh or any other filter make sure you disable from //excludes e.g. !-- pattern/scripts/*/pattern -- anyone ? Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 3 Jun 2009 11:31:31 +1200 From: newslet...@energyts.com To: users@tomcat.apache.org Subject: fonts in linux Hi all We have recently moved from a windows to a Linux platform and we have noticed that the default fonts seem to have changed. Is there any way of setting them that same as on the windows system. we are using tomcat5 on centos. cheers - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009
RE: Authentication from the browser
Alec- Here are the index.jsp contents from securityfilter h2POST to the Secure Page/h2 This form POSTs to the Secure Page. By entering a value here and clicking the submit button below, you can verify that POSTed parameters are maintained through the login sequence. form id=%=Constants.HOME_FORM_ID% action=%=response.encodeURL(request.getContextPath() + /securePage.jsp)% method=POST input type=text name=%=Constants.HOME_POST_FIELD% input type=submit /form make sure you supply a valid url to securePage.jsp (now its supplied as) request.getContextPath() + /securePage.jsp supply valid values for HOME_FORM_ID public static final String HOME_FORM_ID = homeForm; and valid value for HOME_POST_FIELD now initialised to public static final String HOME_POST_FIELD = postMe; got it working on my server if you need a link Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Tue, 2 Jun 2009 16:08:58 -0600 Subject: Re: Authentication from the browser From: alecs...@gmail.com To: users@tomcat.apache.org ? You can't put HTTP headers in a link, unless you're processing it through some proxy mechanism... Looks like the last SecurityFilter build was released on Dec. 14, 2004, which makes me hesitant to use it. I am wondering if it is possible to use JavaScript to include the user name and password in the HTTP header when the link is clicked. According to the following statement I borrowed from http://securityfilter.sourceforge.net/this won't work either: With container managed security, the container will not process login requests unless the container itself has initiated the authentication sequence .. Does this mean that there is no way to authenticate against Tomcat server unless the server initiated the request itself? Does this give you enough information to propose a solution? I suspect you need to write your own solution, though this: http://securityfilter.sourceforge.net/ :: has been recommended by others on this list many times, and might help (I've never used it). HTH, -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009
Just a few questions on my Tomcat Configuration
I have tomcat running on a dedicated Windows server (this is a web server). I have been reading apache's site on Virtual Hosts for tomcat and I have a few questions. Here is how I need to get the software up and running. 1 instance of tomcat to serve on port 80 across all sub-domains (not an issue) 1 instance of MySQL serving on port 3306 across all sub-domains (not an issue) Create a virtual host for each company, by following the instructions in the virtual hosting section of the docs. I do have a question though. My /conf directory is not exactly the same as what it is calling for (Approach #2). Should I go ahead and mirror my /conf directory to have the same structure as what the doc's are calling for? Bind each virtual host to the corresponding sub-domain (not a clue on how to do this) Any information would be greatly appreciated. Thank you all in advance! - Josh
Re: Authentication from the browser
Alec Swan alecs...@gmail.com wrote in message news:34abb48b0906021503t158542a5ube612b5ccfad0...@mail.gmail.com... On Tue, Jun 2, 2009 at 2:34 PM, Jonathan Mast jhmast.develo...@gmail.comwrote: Alec, so basically members of your client company should be able to have direct access to a servlet that is otherwise restricted to a handful of users who must authenicate themselves with a username/password login, right? Yes, this is exactly what we need. Awhile back, I had a request to do something similar. However, in this case the (then) client was providing a portal that their users logged onto, and proxied to our app. What we did is to clone the webapp and make the clone authenticate with CLIENT-CERT. The client portal would then proxy to the clone and provide the same certificate for all users that it had authenticated (which Tomcat then accepted). In this case, even if a blackhat could find the URL for the clone, she still couldn't get in. One solution to this situation would be to create a simple servlet that sniffs incoming request IPs, if they match the range/set of IPs of your client, then you bypass the authenication mechanism of your existing servlet and give them a full view of whatever goodies your servlet has. If incoming requests don't match the IPs then bounce them off somewhere. However this approach is not a complete solution, a very interested party could observe your system and deduce that it was based upon privileged IPs and then spoof them. It all depends upon how important this servlet is you and your organization. If it is absolutely mission critical, then you'll want to use SSL and require logins. The servlet is not mission critical and provides only read-only access. I like this idea, but as Hassaan pointed out it does not allow our customer users to access this page if they are outside of the VPN. On Tue, Jun 2, 2009 at 4:01 PM, Alec Swan alecs...@gmail.com wrote: I may not be explaining it clearly. We have one corporate customer who is putting a link to our servlet on their intranet web page. Therefore, we know the domain name of the users who need custom authentication. We can also tell the customer to put whatever we need in the link, such as HTTP headers. Does this give you enough information to propose a solution? On Tue, Jun 2, 2009 at 12:22 PM, Hassan Schroeder hassan.schroe...@gmail.com wrote: On Tue, Jun 2, 2009 at 11:03 AM, Alec Swan alecs...@gmail.com wrote: Hassan, I don't think that the goals are contradictory, because each goal applies to its own group of users: our customer users and everybody else. Customer users should not have to enter user name and password, but everybody else should. IOW, you want it protected, and you want it openly accessable. Sorry, that sounds contradictory to me :-) If you have a customer who would like to put a link on a web page to your servlet, that servlet's URL is now in the wild -- anyone who finds it can access it. I am glad that you made me think about this, because maybe it is possible to extend Tomcat authentication to also use client IP address or domain? How would you know a priori the IP or domain of the clients? -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: fonts in linux
From: newsletter [mailto:newslet...@energyts.com] Subject: fonts in linux We have recently moved from a windows to a Linux platform and we have noticed that the default fonts seem to have changed. Is there any way of setting them that same as on the windows system. we are using tomcat5 on centos. Do you really mean fonts? Or are you actually referring to the default language and character set? Let's presume the latter, since the former makes little sense. You might want to read the FAQ on the subject: http://wiki.apache.org/tomcat/FAQ/CharacterEncoding If you really are referring to the fonts, that's under control of the browser, not the server. A web page can supply font suggestions (frequently by use of a style sheet), but it's the browser that actually decides what font to display text in. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Just a few questions on my Tomcat Configuration
From: Josh Gooding [mailto:josh.good...@gmail.com] Subject: Just a few questions on my Tomcat Configuration I have tomcat running on a dedicated Windows server (this is a web server). Tomcat version? Always tell us that - we're not mind readers. My /conf directory is not exactly the same as what it is calling for (Approach #2). What's different? Again, we can't read your mind. Choice of the two approaches is up to you; some find it easier keeping Context elements inside each webapp (in META-INF/context.xml), some prefer to keep them separate from the webapp itself by placing them in conf/Catalina/[host]/[appName].xml. Bind each virtual host to the corresponding sub-domain (not a clue on how to do this) Use the sub-domain as the name attribute on the associated Host. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Windows x64 Installer
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: RE: Windows x64 Installer Now the reason why 4) below was not working (all 64-bit), is that I didn't have an address specified in my connector tag. Apparently, at all windows revs prior to 2008 server, if you didn't supply an IP address, Windows would gladly supply 0.0.0.0, but now at 2008 it doesn't (possibly vista also?). Works fine on my Vista 64 box, with no address attribute for the Connector. Looks like there's some 2008 Server setting that's ignoring IPv4 and using only IPv6 if no bind address is given. Instead of seeing 0.0.0.0:80 in the first column, you'll see [::]:80. On my Vista 64 box, I see 0.0.0.0:8080 but not [::]:8080, with no address attribute in my Connector. I've got IPv6 disabled on my router, so I can't test that at the moment. there are a number of these [::] addresses in the list, so MS possibly hasn't ported all their services yet. Has nothing to do with porting services, but rather with IPv6-only being the default on your installation. I do see both IPv4 and IPv6 addresses in listening mode for the various Windows services on my system. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org