RE: the Tomcat generates more than one session id with the same http request, please help me
Seems like a propietary way of storing the session ID, I'm not much into JSP stuff so I really don't know. Someone else here may be able to explain. You can store whatever you need in parameters, either by putting into URLs or by creating (hidden) controls on web forms. This is the preferred method of parameter passing, as it allows multiple instances (e.g. browser tabs) to coexist. You should only store things in a session that are related to the connection and user (e.g. user credentials, preferences and such), but absolutely not the page he's navigating now. You can also add a "path" to the URL, e.g. getparts.jsp/137063/4 Then "getPathInfo()" will return "137063/4" in getparts.jsp. M > -Original Message- > From: Peter Chen [mailto:peter.c...@aicent.com] > Sent: dinsdag 08 december 2009 07:49 > To: Tomcat Users List > Subject: RE: the Tomcat generates more than one session id > with the same http request, please help me > > Thanks for Mike's reply. > > I searched on the Internet, and I got a method, the detail is > as follows: > > document.write(''); > > > The most important sentence is > "getParts.jsp;jsessionid=B01FF12CBC92F9BA1682E9A883A3A1AD?time > stamp=1260252638867&contentid=137063&timemark=20091110&index=4" > > I know the URL like > "getParts.jsp?timestamp=1260252638867&contentid=137063&timemar > k=20091110&index=4", this URL is used to pass parameters from > one Jsp to another one. And we can get parameters with > sentences like "request.getParameter("timestamp"); > request.getParameter("contentid ")". > > But I don't know the part > "getParts.jsp;jsessionid=B01FF12CBC92F9BA1682E9A883A3A1AD", > is it also used to pass parameter? > > If so, how to get the parameter? Thanks. > > > > -Original Message- > From: Looijmans, Mike [mailto:mike.looijm...@oce.com] > Sent: 2009年12月7日 16:39 > To: Tomcat Users List > Subject: RE: the Tomcat generates more than one session id > with the same http request, please help me > > Put the session ID in the URL and it will work on all systems. > > Alternatively, don't use sessions for the audio file. > > > > -Original Message- > > From: Peter Chen [mailto:peter.c...@aicent.com] > > Sent: maandag 07 december 2009 09:22 > > To: users@tomcat.apache.org > > Subject: the Tomcat generates more than one session id with > the same > > http request, please help me > > > > Hi, all > > > > > > > > I am testing a website with the server Tomcat. I am using Tomcat > > 5.5.26, and I found one problem. > > > > > > > > The website is used to display audio files. After I log in the > > website, I can see the icon of the audio file. But after I > press the > > button "play", it has different results with different browsers. > > > > When I use firefox3.5.5 and Google Chrome 3.0, I found the > Tomcat will > > create more than one session id, and it can not be played. > > > > But if I use IE6.0/IE7.0/IE8.0, I found there is only one > session id, > > and it plays well. > > > > > > > > I don't know the reason, has someone met this problem > before, please > > help me to solve this problem, thanks. > > > > > > This message and attachment(s) are intended solely for use by > the addressee and may contain information that is privileged, > confidential or otherwise exempt from disclosure under applicable law. > > If you are not the intended recipient or agent thereof > responsible for delivering this message to the intended > recipient, you are hereby notified that any dissemination, > distribution or copying of this communication is strictly prohibited. > > If you have received this communication in error, please > notify the sender immediately by telephone and with a 'reply' message. > > Thank you for your co-operation. > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > This message and attachment(s) are intended solely for use by the addressee and may contain inf
RE: the Tomcat generates more than one session id with the same http request, please help me
Hi pid, I used a JavaBean to pass the parameter, the sentence is like this: And the scope is session, in the Jsp page, I use this JavaBean like this: Message msg = bean.getMessage(); And in the object of Message, I stored a MMS(Multimedia Message Service, include video and audio files), and I will get this MMS file later on. But after testing, I found that, sometimes I executed the sentence "Message msg = bean.getMessage();", and the variable msg return null. But most time, it works well, and return a correct object. Could you tell me the reason? Or is something I have done wrong? -Original Message- From: Pid [mailto:p...@pidster.com] Sent: 2009年12月7日 18:21 To: users@tomcat.apache.org Subject: Re: the Tomcat generates more than one session id with the same http request, please help me On 07/12/2009 08:22, Peter Chen wrote: > Hi, all > > > > I am testing a website with the server Tomcat. I am using Tomcat > 5.5.26, and I found one problem. > > > > The website is used to display audio files. After I log in the website, > I can see the icon of the audio file. But after I press the button > "play", it has different results with different browsers. > > When I use firefox3.5.5 and Google Chrome 3.0, I found the Tomcat will > create more than one session id, and it can not be played. What bearing does the session have on this? Are you storing data in it? > But if I use IE6.0/IE7.0/IE8.0, I found there is only one session id, > and it plays well. > > I don't know the reason, has someone met this problem before, please > help me to solve this problem, thanks. Are you properly encoding all link URLs on each page with HttpServletResponse.encodeURL()? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: the Tomcat generates more than one session id with the same http request, please help me
Thanks for Mike's reply. I searched on the Internet, and I got a method, the detail is as follows: document.write(''); The most important sentence is "getParts.jsp;jsessionid=B01FF12CBC92F9BA1682E9A883A3A1AD?timestamp=1260252638867&contentid=137063&timemark=20091110&index=4" I know the URL like "getParts.jsp?timestamp=1260252638867&contentid=137063&timemark=20091110&index=4", this URL is used to pass parameters from one Jsp to another one. And we can get parameters with sentences like "request.getParameter("timestamp"); request.getParameter("contentid ")". But I don't know the part "getParts.jsp;jsessionid=B01FF12CBC92F9BA1682E9A883A3A1AD", is it also used to pass parameter? If so, how to get the parameter? Thanks. -Original Message- From: Looijmans, Mike [mailto:mike.looijm...@oce.com] Sent: 2009年12月7日 16:39 To: Tomcat Users List Subject: RE: the Tomcat generates more than one session id with the same http request, please help me Put the session ID in the URL and it will work on all systems. Alternatively, don't use sessions for the audio file. > -Original Message- > From: Peter Chen [mailto:peter.c...@aicent.com] > Sent: maandag 07 december 2009 09:22 > To: users@tomcat.apache.org > Subject: the Tomcat generates more than one session id with > the same http request, please help me > > Hi, all > > > > I am testing a website with the server Tomcat. I am using > Tomcat 5.5.26, and I found one problem. > > > > The website is used to display audio files. After I log in > the website, I can see the icon of the audio file. But after > I press the button "play", it has different results with > different browsers. > > When I use firefox3.5.5 and Google Chrome 3.0, I found the > Tomcat will create more than one session id, and it can not be played. > > But if I use IE6.0/IE7.0/IE8.0, I found there is only one > session id, and it plays well. > > > > I don't know the reason, has someone met this problem before, > please help me to solve this problem, thanks. > > This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message. Thank you for your co-operation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
Am Montag, den 07.12.2009, 10:25 -0800 schrieb Vadim Letitchevski: > Bill. > > I have followed the recommendations in that document but did not succeed. > So I have a set of self-generated (using OpenSSL) credentials. OpenSSL server > and client work fine (connect) using these credentials with authentication > both ways. > Following the instructions in > (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) I have done: > > openssl pkcs12 -export -in /etc/pki/tls/certs/localhost.crt -inkey > /etc/pki/tls/private/localhost.key -out mycert.p12 -name tomcat -CAfile > /etc/pki/tls/cacert.pem -caname root -chain > > I have used the password changeit. > > Next I have edited server.xml to have these strings: > > > keystoreFile="conf/mycert.p12" keystorePass="changeit" >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >enableLookups="false" disableUploadTimeout="true" >scheme="https" secure="true" >clientAuth="false" sslProtocol="TLS" /> try to add keystoreType="pkcs12" truststoreType="pkcs12" the default values for these are JKS. Look at http://tomcat.apache.org/tomcat-6.0-doc/config/http.html at section SSL support. > > > keystoreFile="conf/mycert.p12" keystorePass="changeit" >truststoreFile="conf/mycert.p12" truststorePass="changeit" >maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >enableLookups="false" disableUploadTimeout="true" >scheme="https" secure="true" >clientAuth="true" sslProtocol="TLS" /> same here. bye Felix > > Then I started server and used Firefox trying to open https://localhost:8442 > or https:/localhost:8443 with no success (failed to connect page). > Catalina log file shows "java.io.exception: Invalid keystore format." > What have I done wrong? > > Thanks > Vadim. > > -Original Message- > From: news [mailto:n...@ger.gmane.org] On Behalf Of Bill Barker > Sent: Friday, December 04, 2009 7:25 PM > To: users@tomcat.apache.org > Subject: Re: JSSE question > > > "Vadim Letitchevski" wrote in message > news:e17da276f9a0c84fad22739de29c389005dafc3...@entmail01.tad.teledyne.com... > >I am confused. Can Tomcat use only JKS keystore or it can also use pem > >or some other certificate storages? > > > > In the Tomcat docs (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html), > it shows how to use a PKCS12 keystore. At some point that should be updated > to include an example for using a PKCS11 keystore. > > The actual answer is that the JSSE Connector can use any keystore format that > is supported by your Java vendor. In particular, with the Sun JVM, you can't > use PEM (however the APR Connector does use PEM). However, it is usually > pretty easy to convert PEM to PKCS12 (see the link above for an example). > > > > > Thanks > > Vadim. > > (310)765-3812 > > > > > > > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_proxy tomcat6 question
I figured it out. It turns out the module configuration is getting overwritten by the configuration of another module. Answers to your questions inline. > But what is getting close to off-topic, is being confusing in your > explanations, to the point of making people wonder what exactly you are > trying to achieve. This can be easily explained. I am a C programmer trying to sink my teeth into Java and webapps and still learning to think in those terms and terminology :) I am trying to set up mod_proxy_ajp to bridge apache and tomcat. I did succeed in being able to call jsps and servlets directly in the webapp but am running into problems when the servlet sends back a jsp file. The client will always see the webapp code as residing under /test/ and so any response to the client will need to have the hrefs pointing to /test. But by using the RequestDispatcher the resource is getting created as /A/ > What exactly is the layout below your Tomcat /webapps/ directory ? The webapp is in /webapps/A/ in my tomcat directory. # ls /webapps/A/ # index.jsp jsp META-INF WEB-INF # ls /webapps/A/jsp/ # hi.jsp > Why do you insist on redirecting your calls to that "/webapps/A/" place when > obviously your servlets or jsp pages live under "/webapps/jsp/" ? > Why do you think you need a RequestDispatcher ? Isn't this the way to send a new resource to the client in response to a invoked servlet? I probably still have a lot to learn but this I thought is standard. More so when I talk directly to tomcat over 8080 the RequestDispatcher code works. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Publishing Java webservice - tomcat 5.5 shared hosting
Dear All, Thanks for your valuable suggestions. We managed to achieve this by developing the web service using lomboz and just copied the entire application folder from the local tomcat server into our web hosting environment ( /webapps/mywebsite/mywebservice ). It worked fine. Thank you very much. Regards, Abdul Raheem S -Original Message- From: Gerwood Stewart [mailto:gstew...@une.edu.au] Sent: Monday, December 07, 2009 11:59 PM To: Tomcat Users List Subject: RE: Publishing Java webservice - tomcat 5.5 shared hosting Abdul Have you developed the Web-service? There are a few frameworks that allow you to develop ws (Axis, CXF) but I can't tell if these are going to far. Axis (from memory) you can add more or less as a sub directory in your context, from there you should be able to create individual web-services as you see fit. It will require knowledge from java though. I'm not sure what the result of trying to do it in JSP directly would be, but from previous experiences I would recommend you don't unless you can't avoid it. You will also need to check what the Axis requirements are, you will probably need to modify the web.xml to be aware of it. Gerwood Stewart Senior Programmer/System Administrator Information Technology Directory Armidale NSW Australia 2351 Phone: +61 02 6773 2068 gstew...@une.edu.au www.une.edu.au CRICOS Provider Number: 3G -Original Message- From: Abdul Raheem Seyed (NDC IS&T) [mailto:ase...@ndc.ae] Sent: Monday, December 07, 2009 5:51 PM To: Tomcat Users List Subject: RE: Publishing Java webservice - tomcat 5.5 shared hosting Hi, Thanks for looking in to my question. 1) Web hosting provider doesn't have any defined policy as such. 2) No, the context was developed and configured by the provider. We have only ftp access to the /webapps/mywebsite folder. So, we can not redeploy it. 3) Yes, We can request for a restart Thanks, Abdul Raheem S -Original Message- From: Gerwood Stewart [mailto:gstew...@une.edu.au] Sent: Monday, December 07, 2009 10:43 AM To: Tomcat Users List Subject: RE: Publishing Java webservice - tomcat 5.5 shared hosting I'd first check your hosting providers policy on webservices etc. Do you develop the context /webapps/mywebsite? Can you fully redeploy it or modify it? Can you ask for it to be restarted? Gerwood Stewart Senior Programmer/System Administrator Information Technology Directory Armidale NSW Australia 2351 Phone: +61 02 6773 2068 gstew...@une.edu.au www.une.edu.au CRICOS Provider Number: 3G -Original Message- From: Abdul Raheem Seyed (NDC IS&T) [mailto:ase...@ndc.ae] Sent: Monday, December 07, 2009 5:18 PM To: users@tomcat.apache.org Subject: Publishing Java webservice - tomcat 5.5 shared hosting Hi, We have requirement to host a webservice in a shared tomcat 5.5 webhosting environment ( virtual server ). The hosting company doesn't provide access to tomcat Manager as it's shared web hosting. Can some one tell how we can deploy a java webservice in tomcat 5.5. We have access to specific folder of the tomcat only (tomcat root \ webapps\mywebsite\). We can't restart the server as well we don't have admin access to the server. Appreciate your help. Thanks in advance, Abdul Raheem S Disclaimer: This e-mail has been scanned by Microsoft Forefront Online Security for Exchange. This e-mail and its attachments may be confidential and are intended solely for the use of the individual(s) to whom it is addressed. If you have received it by mistake, please reply by e-mail to sender or ad...@ndc.ae and delete it from your system; you may not copy this message or disclose its contents to anyone. Statements and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of National Drilling Company (NDC). Although reasonable precautions have been taken to ensure no viruses are present in this e-mail, NDC cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments. Disclaimer: This e-mail has been scanned by Microsoft Forefront Online Security for Exchange. This e-mail and its attachments may be confidential and are intended solely for the use of the individual(s) to whom it is addressed. If you have received it by mistake, please reply by e-mail to sender or ad...@ndc.ae and delete it from your system; you may not copy this message or disclose its contents to anyone. Statements and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of National Drilling Company (NDC). Although reasonable precautions have been taken to ensure no viruses are present in this e-mail, NDC cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail:
directory path
Hi Team, I have started using Tomcat 5.5.27 recently and now I would like to integrate with Axis for web service development.However, I could see many web-inf and lib folders so I am confused where I should keep my library files. I thought of using this location C:\Documents and Settings\minglau\My Documents\Tomcat5.5\apache-tomcat-5.5.27\webapps. However, it does not seem to be appropriate. Another thing - I also wrote jsp and kept it at C:\Documents and Settings\minglau\My Documents\Tomcat5.5\apache-tomcat-5.5.27\webapps\ROOT location but its not getting detected from browser by typing the url http://localhost:8080/xyz.jsp. Can any one please suggest the answers for these two issues. I appreciate your help. Thanks, Ming
Re: CGI on Tomcat 5.5.28
nicoli wrote: > Mark, > > I also tried to run it from http://localhost/cgi-bin/cognos.cgi > but for some reason IE doesn't find cognos.cgi in that directory, even > WEB-INF/cgi value is specified for cgiPathPrefix: > > cgiPathPrefix > WEB-INF/cgi > > > Thank you cognos.cgi is located where now? Exactly what error message do you get? Mark > > > markt-2 wrote: >> nicoli wrote: >>> Hi Mark, >>> >>> Thank you for quick response. >>> I'm using URL as http://localhost/cognos.cgi >>> cognos.cgi is located in Tmcat's ROOT directory. >>> What IE is doing - just asking to choose program to open cognos.cgi >>> The same issue happens when it’s trying to open cognos.cgi file from a >>> virtual directory that I configured in server.xml >> Go back and re-read http://tomcat.apache.org/tomcat-5.5-doc/cgi-howto.html >> >> cognos.cgi needs to be located at >> /WEB-INF/cgi/cognos.cgi >> The URL to request it is >> http://localhost/cgi-bin/cognos.cgi >> >> All of that is configurable as per the docs (link above) and the >> comments in the global web.xml >> >> Mark >> >>> Thank you in advance >>> >>> >>> >>> markt-2 wrote: nicoli wrote: > But when I'm trying to execute cgi module from IE, it doesn't recognize > it > as executable. > Please help. > What is wrong? A few questions: - What URL are you requesting ? - Where is the cgi script located in the web app? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CGI on Tomcat 5.5.28
Mark, I also tried to run it from http://localhost/cgi-bin/cognos.cgi but for some reason IE doesn't find cognos.cgi in that directory, even WEB-INF/cgi value is specified for cgiPathPrefix: cgiPathPrefix WEB-INF/cgi Thank you markt-2 wrote: > > nicoli wrote: >> Hi Mark, >> >> Thank you for quick response. >> I'm using URL as http://localhost/cognos.cgi >> cognos.cgi is located in Tmcat's ROOT directory. >> What IE is doing - just asking to choose program to open cognos.cgi >> The same issue happens when it’s trying to open cognos.cgi file from a >> virtual directory that I configured in server.xml > > Go back and re-read http://tomcat.apache.org/tomcat-5.5-doc/cgi-howto.html > > cognos.cgi needs to be located at > /WEB-INF/cgi/cognos.cgi > The URL to request it is > http://localhost/cgi-bin/cognos.cgi > > All of that is configurable as per the docs (link above) and the > comments in the global web.xml > > Mark > >> >> Thank you in advance >> >> >> >> markt-2 wrote: >>> nicoli wrote: >>> But when I'm trying to execute cgi module from IE, it doesn't recognize it as executable. Please help. What is wrong? >>> A few questions: >>> - What URL are you requesting ? >>> - Where is the cgi script located in the web app? >>> >>> Mark >>> >>> >>> >>> >>> - >>> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >>> >>> >> > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/CGI-on-Tomcat-5.5.28-tp26683636p26686198.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CGI on Tomcat 5.5.28
nicoli wrote: > Hi Mark, > > Thank you for quick response. > I'm using URL as http://localhost/cognos.cgi > cognos.cgi is located in Tmcat's ROOT directory. > What IE is doing - just asking to choose program to open cognos.cgi > The same issue happens when it’s trying to open cognos.cgi file from a > virtual directory that I configured in server.xml Go back and re-read http://tomcat.apache.org/tomcat-5.5-doc/cgi-howto.html cognos.cgi needs to be located at /WEB-INF/cgi/cognos.cgi The URL to request it is http://localhost/cgi-bin/cognos.cgi All of that is configurable as per the docs (link above) and the comments in the global web.xml Mark > > Thank you in advance > > > > markt-2 wrote: >> nicoli wrote: >> >>> But when I'm trying to execute cgi module from IE, it doesn't recognize >>> it >>> as executable. >>> Please help. >>> What is wrong? >> A few questions: >> - What URL are you requesting ? >> - Where is the cgi script located in the web app? >> >> Mark >> >> >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: CGI on Tomcat 5.5.28
Hi Mark, Thank you for quick response. I'm using URL as http://localhost/cognos.cgi cognos.cgi is located in Tmcat's ROOT directory. What IE is doing - just asking to choose program to open cognos.cgi The same issue happens when it’s trying to open cognos.cgi file from a virtual directory that I configured in server.xml Thank you in advance markt-2 wrote: > > nicoli wrote: > >> But when I'm trying to execute cgi module from IE, it doesn't recognize >> it >> as executable. >> Please help. >> What is wrong? > > A few questions: > - What URL are you requesting ? > - Where is the cgi script located in the web app? > > Mark > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/CGI-on-Tomcat-5.5.28-tp26683636p26685673.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat, uPortal, error messages and confusion
> From: Egeste [mailto:ege...@egeste.net] > Subject: Re: tomcat, uPortal, error messages and confusion > > To clarifty, do you want the web.xml and context.xml files > before or after I build the war file? We don't want to see Tomcat's conf/web.xml and conf/context.xml files, we want to see the ones from your webapp - they're in WEB-INF/web.xml and META-INF/context.xml inside the webapp. It's whatever you give to Tomcat as part of the webapp deployment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat, uPortal, error messages and confusion
Chuck, Thank you for volunteering assistance. To clarifty, do you want the web.xml and context.xml files before or after I build the war file? On Dec 7, 2009, at 3:18 PM, Caldarale, Charles R wrote: From: Egeste [mailto:ege...@egeste.net] Subject: tomcat, uPortal, error messages and confusion in communication with the uPortal mailing list, I was advised to seek advice from this group regarding the following thread: Is this a real Tomcat, or a Ubuntu-mangled version? Please post your server.xml file, which should be in Tomcat's conf directory (unless the Ubuntu distribution moved it somewhere else). Also post the META-INF/context.xml and WEB-INF/web.xml for your uPortal webapp, if they exist. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat, uPortal, error messages and confusion
> From: Egeste [mailto:ege...@egeste.net] > Subject: tomcat, uPortal, error messages and confusion > > in communication with the uPortal mailing list, I was advised to seek > advice from this group regarding the following thread: Is this a real Tomcat, or a Ubuntu-mangled version? Please post your server.xml file, which should be in Tomcat's conf directory (unless the Ubuntu distribution moved it somewhere else). Also post the META-INF/context.xml and WEB-INF/web.xml for your uPortal webapp, if they exist. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat, uPortal, error messages and confusion
I've recently been trying to implement uPortal on my debian linux server running the following binaries: tomcat5.5 maven2 ant 1.7.1 Again, attempting to deploy uPortal version 3.0.4 in communication with the uPortal mailing list, I was advised to seek advice from this group regarding the following thread: ==BEGIN uPortal THREAD== If you stop tomcat (kill if needed), clear out all your logs, rm -rf work/Catalina/localhost, and start tomcat, what do you see in your logs? also, there is a chance that you don't have tomcat configured to autodeploy, which could be the reason for no response (it isn't deploying uPortal etc. and/or compiling the jsps etc. and putting them in the work/... dir). If you are new to tomcat, you might also want to check out the tomcat- users list and ask there to get up to speed with Tomcat first: http://tomcat.apache.org/lists.html Unfortunately even though uPortal uses Tomcat, admining Tomcat is not the point of this list. :( Wish I could be of better help. Thanks, Gary Egeste wrote: Gary, thank you for your advice. I had not run the deployPortletApp task. After running the task and restarting tomcat, no new errors were generated in catalina.log, however browsing to localhost on port 8080 returns 0 bytes, or localhost:8080/uPortal returns a tomcat 404 message, and i cant seem to locate any portal.log file. Following this I proceeded with step 2, changing the ownership of tomcat_home/webapps and tomcat_home/logs to tomcat55 (the user tomcat runs as), as well as deleting tomcat_home/work/Catalina/ localhost. Once again, after restarting tomcat I get a 0 byte response from localhost:8080 and a tomcat 404 from localhost:8080/ uPortal. Again, no portal.log is created. Is there any more insight anyone could shed on this? Thanks in advance -Steve On Dec 7, 2009, at 12:19 PM, Gary Weaver wrote: As a correction for solution to issue 2, I meant a recursive chown (it is unlikely that the files themselves have wrong attributes, so chmod prob not needed). Gary Weaver wrote: Issue 1: Did you use uPortal to deploy your portlet via the ant/maven task? Looking at your web.xml I don't see the part that is automatically generated by that process. That "plutofication" process will add portlet.tld to the deployed portlet (webapp) and will modify (add some XML to) web.xml (using your portlet.xml). While you *can* include these changes yourself in the portlet without going through uPortal, it is highly recommended by the uPortal developers to use the deployPortletApp process instead because it includes the portlet.tld and web.xml changes that are specific for the version of the Apache Pluto that uPortal uses. Issue 2: Looks like you have some permissions issues. If possible do a recursive chmod to add read and write rights to the user/group that Tomcat is running as on your (tomcat home)/webapps directory, do the same for your (tomcat home)/logs and you might want to remove (rm -rf) (tomcat home)/work/Catalina/localhost directory just in case it compiled some stuff as a diff user if you ran Tomcat as one user and then later as another user. Hope this helps, Gary Egeste wrote: When I deploy war and start tomcat, I'm getting this error. Any advice? Error: http://pastebin.ca/1701299 portlet.tld http://pastebin.ca/1701300 web.xml http://pastebin.ca/1701301 --- You are currently subscribed to uportal-u...@lists.ja-sig.org as: gary.wea...@duke.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user --- You are currently subscribed to uportal-u...@lists.ja-sig.org as: ege...@egeste.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user ---You are currently subscribed to uportal-u...@lists.ja-sig.org as: gary.wea...@duke.edu To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user --- You are currently subscribed to uportal-u...@lists.ja-sig.org as: ege...@egeste.net To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/uportal-user ==END THREAD== I've read through much of the documentation in my learning process attempting to deploy this app, but have not come across anything that has jumped out as a feasible or probable solution or coherent definition of the problem I'm experiencing. At this point I no longer have any error logs to interpret and would appreciate any guidance. -Steve
Re: CGI on Tomcat 5.5.28
nicoli wrote: Hi, I have installed Tomcat 5.5.28 on my Windows XP computer. I did all recommended changes to a web.xml: - uncommented cgi org.apache.catalina.servlets.CGIServlet debug 0 cgiPathPrefix WEB-INF/cgi executable perl 5 ssi org.apache.catalina.ssi.SSIServlet buffered 1 debug 0 expires 666 isVirtualWebappRelative 0 4 ssi *.shtml cgi /cgi-bin/* Renamemed $CATALINA_BASE/server/lib/servlets-cgi.renametojar to $CATALINA_BASE/server/lib/servlets-cgi.jar. But when I'm trying to execute cgi module from IE, it doesn't recognize it as executable. What does it do then ? What is the URL you are using in the browser ? Where is your cgi script (on disk) ? Is Perl installed on your computer ? If yes, is it in the PATH (for Tomcat) ? What if you replace the above > > executable > perl > by > > executable > c:/perl/bin/perl.exe > (or wherever perl.exe really is) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
sure! protected void setCookieValueIfEnabled(String value) { FacesContext ctx = FacesContext.getCurrentInstance(); if ( isCookieEnabled() && ctx != null) { HttpServletResponse response = (HttpServletResponse) ctx.getExternalContext().getResponse(); Cookie cookie = new Cookie( getCookieName(), value ); cookie.setMaxAge( getCookieMaxAge() ); cookie.setPath(cookiePath); response.addCookie(cookie); } } On Mon, Dec 7, 2009 at 10:26 PM, André Warnier wrote: > itay sahar wrote: > >> sure! >> protected void clearCookieValue() >> { >> Cookie cookie = getCookie(); >> if ( cookie!=null ) >> { >> HttpServletResponse response = (HttpServletResponse) >> FacesContext.getCurrentInstance().getExternalContext().getResponse(); >> >> cookie.setValue(null); >> cookie.setPath(cookiePath); >> cookie.setMaxAge(0); >> response.addCookie(cookie); >> } >> } >> > > That's not the code setting the cookie, it is code clearing a cookie value. > But nevertheless.. > > > But look like problem is fixed. I extended the encodeToken method and >> change >> it to be >> return Base64.encodeBytes(sb.toString().getBytes(), >> Base64.DONT_BREAK_LINES); >> And now it works (like a charm)! >> > > And may I point you to a remark from quite a few posts ago, which went like > : > ... > --quote-- > > Except that some Base64 encoders, in some cases, will "wrap" the output > string at 76 bytes, by inserting a CR/LF pair, which are both "control > characters". (Note that the output string of Base64 is longer than the > input string, since it encodes 3 consecutive input bytes into 4 output > bytes.) > My guess is that this is what happens here, and that could trigger the > exception above. > Maybe this Base64.encodeBytes() method has an optional argument which would > tell it to not wrap the output value ? > --end of quote-- > > > > but i'm not sure it solve all the > > scenarios/possibilities. > > No, as also already pointed out, considering the code you posted before, a > control character could also creep into cookiePath or getCookieMaxAge(). > > Also read what Mark posted previously, about possible "=" signs getting > into the Base64 encoded value (at the end, for padding). > > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: CGI on Tomcat 5.5.28
nicoli wrote: > But when I'm trying to execute cgi module from IE, it doesn't recognize it > as executable. > Please help. > What is wrong? A few questions: - What URL are you requesting ? - Where is the cgi script located in the web app? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
CGI on Tomcat 5.5.28
Hi, I have installed Tomcat 5.5.28 on my Windows XP computer. I did all recommended changes to a web.xml: - uncommented cgi org.apache.catalina.servlets.CGIServlet debug 0 cgiPathPrefix WEB-INF/cgi executable perl 5 ssi org.apache.catalina.ssi.SSIServlet buffered 1 debug 0 expires 666 isVirtualWebappRelative 0 4 ssi *.shtml cgi /cgi-bin/* Renamemed $CATALINA_BASE/server/lib/servlets-cgi.renametojar to $CATALINA_BASE/server/lib/servlets-cgi.jar. But when I'm trying to execute cgi module from IE, it doesn't recognize it as executable. Please help. What is wrong? Thank you in advance -- View this message in context: http://old.nabble.com/CGI-on-Tomcat-5.5.28-tp26683636p26683636.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
itay sahar wrote: sure! protected void clearCookieValue() { Cookie cookie = getCookie(); if ( cookie!=null ) { HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse(); cookie.setValue(null); cookie.setPath(cookiePath); cookie.setMaxAge(0); response.addCookie(cookie); } } That's not the code setting the cookie, it is code clearing a cookie value. But nevertheless.. But look like problem is fixed. I extended the encodeToken method and change it to be return Base64.encodeBytes(sb.toString().getBytes(), Base64.DONT_BREAK_LINES); And now it works (like a charm)! And may I point you to a remark from quite a few posts ago, which went like : ... --quote-- Except that some Base64 encoders, in some cases, will "wrap" the output string at 76 bytes, by inserting a CR/LF pair, which are both "control characters". (Note that the output string of Base64 is longer than the input string, since it encodes 3 consecutive input bytes into 4 output bytes.) My guess is that this is what happens here, and that could trigger the exception above. Maybe this Base64.encodeBytes() method has an optional argument which would tell it to not wrap the output value ? --end of quote-- > but i'm not sure it solve all the > scenarios/possibilities. No, as also already pointed out, considering the code you posted before, a control character could also creep into cookiePath or getCookieMaxAge(). Also read what Mark posted previously, about possible "=" signs getting into the Base64 encoded value (at the end, for padding). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
sure! protected void clearCookieValue() { Cookie cookie = getCookie(); if ( cookie!=null ) { HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse(); cookie.setValue(null); cookie.setPath(cookiePath); cookie.setMaxAge(0); response.addCookie(cookie); } } But look like problem is fixed. I extended the encodeToken method and change it to be return Base64.encodeBytes(sb.toString().getBytes(), Base64.DONT_BREAK_LINES); And now it works (like a charm)! but i'm not sure it solve all the scenarios/possibilities. On Mon, Dec 7, 2009 at 9:47 PM, Pid Ster wrote: > On 7 Dec 2009, at 19:26, itay sahar wrote: > > > I add log for the following method: > > > > protected String encodeToken(String username, String value) > > { > > StringBuilder sb = new StringBuilder(); > > sb.append(username); > > sb.append(":"); > > sb.append(value); > > return Base64.encodeBytes(sb.toString().getBytes()); > > } > > *Before encoding:* > > sb.toString().getBytes() = > > [105, 116, 97, 121, 46, 115, 97, 104, 97, 114, 64, 103, 109, 97, > > 105, 108, > > 46, 99, 111, 109, 58, 45, 51, 51, 99, 100, 102, 98, 54, 102, 58, 49, > > 50, 53, > > 54, 97, 57, 48, 99, 57, 97, 99, 58, 45, 56, 48, 48, 48, 58, 51, 54, > > 55, 56, > > 53, 55, 52, 53, 54, 55, 52, 56, 55, 53, 56, 54, 57, 51, 56] > > > > *After encoding:* > > Base64.encodeBytes(sb.toString().getBytes()) = > > > > > aXRheS5zYWhhckBnbWFpbC5jb206LTMzY2RmYjZmOjEyNTZhOTBjOWFjOi04MDAwOjM2Nzg1NzQ1 > > > > > > Base64.encodeBytes(sb.toString().getBytes()).getBytes() > > [97, 88, 82, 104, 101, 83, 53, 122, 89, 87, 104, 104, 99, 107, 66, > > 110, 98, > > 87, 70, 112, 98, 67, 53, 106, 98, 50, 48, 54, 76, 84, 77, 122, 89, > > 50, 82, > > 109, 89, 106, 90, 109, 79, 106, 69, 121, 78, 84, 90, 104, 79, 84, > > 66, 106, > > 79, 87, 70, 106, 79, 105, 48, 52, 77, 68, 65, 119, 79, 106, 77, 50, > > 78, 122, > > 103, 49, 78, 122, 81, 49, 10, 78, 106, 99, 48, 79, 68, 99, 49, 79, > > 68, 89, > > 53, 77, 122, 103, 61] > > > > Please note that any change in the above might affect the decoder. > > Thanks! > > This is nice, but what does it prove? > > How about posting the bit of code where you create and set the cookie? > > Then we might see what you're doing wrong. > > p > > > On Mon, Dec 7, 2009 at 3:04 PM, itay sahar > > wrote: > > > >> Thanks André, > >> * > >> * > >> *I agree with you about the doubt you have about the ":" being in C > >> (after > >> encoding).* > >> return Base64.encodeBytes(sb.toString().getBytes()); > >> *I guess you suggest to log somthing like * > >> *(new String(C)).getBytes ? If yes I post it here later. I hope you > >> can > >> then suggest somthing to sove this.* > >> > >> > >> On Mon, Dec 7, 2009 at 1:57 PM, André Warnier wrote: > >> > >>> itay sahar wrote: > >>> > Pid, > I'm not using B as the cookie value. A & B go to encode and > finally you > have *one *value(C). this value > is sent to addCookie. > > C is somthing like: > > > aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 > > > > >>> > >>> Ok, let's take this at face value. > >>> > >>> So yet, you are still getting an exception, which says that there > >>> is a > >>> "control character" in the value of the cookie which you are > >>> trying to add. > >>> > >>> Let's assume for now that the addCookie method itself has no bug, > >>> and that > >>> what it says in the exception is the truth. > >>> > >>> It also does not look (in these email communications), as if your > >>> value C > >>> above has a "control character" in it. > >>> > >>> (But note : there still could be one, that we do not see here in > >>> these > >>> emails. For example, if the value C above was in reality ending > >>> in a CR/LF > >>> pair. Apart from the string C itself above, you should maybe also > >>> log its > >>> length in bytes, so that we can really make sure that this is not > >>> the case). > >>> > >>> Then, if I remember well the code which really adds the cookie > >>> (and which > >>> is not the one shown below), independently of the "value", there > >>> is also in > >>> these cookies an expiration date, and a path, which you add to the > >>> cookie > >>> string one by one. > >>> So really, when you do the addCookie, what you do is creating a > >>> cookie > >>> header which looks like : > >>> Set-Cookie: cookie-name=cookie-value > >>> (C);expires=somedate;path=somepath > >>> > >>> Any one of "somedate" or "somepath" could (potentially) contain a > >>> control > >>> character, and the exception would only show up when you actually > >>> do the > >>> addCookie() of the whole value (including expiration date and > >>> path) at once. > >>> > >>> > >>> > >>> > >>> > >>> > On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: > > On 06/12/2009 21:51, itay sahar wrote: > > > > Hi Andre, > >>
RE: Publishing Java webservice - tomcat 5.5 shared hosting
Abdul Have you developed the Web-service? There are a few frameworks that allow you to develop ws (Axis, CXF) but I can't tell if these are going to far. Axis (from memory) you can add more or less as a sub directory in your context, from there you should be able to create individual web-services as you see fit. It will require knowledge from java though. I'm not sure what the result of trying to do it in JSP directly would be, but from previous experiences I would recommend you don't unless you can't avoid it. You will also need to check what the Axis requirements are, you will probably need to modify the web.xml to be aware of it. Gerwood Stewart Senior Programmer/System Administrator Information Technology Directory Armidale NSW Australia 2351 Phone: +61 02 6773 2068 gstew...@une.edu.au www.une.edu.au CRICOS Provider Number: 3G -Original Message- From: Abdul Raheem Seyed (NDC IS&T) [mailto:ase...@ndc.ae] Sent: Monday, December 07, 2009 5:51 PM To: Tomcat Users List Subject: RE: Publishing Java webservice - tomcat 5.5 shared hosting Hi, Thanks for looking in to my question. 1) Web hosting provider doesn't have any defined policy as such. 2) No, the context was developed and configured by the provider. We have only ftp access to the /webapps/mywebsite folder. So, we can not redeploy it. 3) Yes, We can request for a restart Thanks, Abdul Raheem S -Original Message- From: Gerwood Stewart [mailto:gstew...@une.edu.au] Sent: Monday, December 07, 2009 10:43 AM To: Tomcat Users List Subject: RE: Publishing Java webservice - tomcat 5.5 shared hosting I'd first check your hosting providers policy on webservices etc. Do you develop the context /webapps/mywebsite? Can you fully redeploy it or modify it? Can you ask for it to be restarted? Gerwood Stewart Senior Programmer/System Administrator Information Technology Directory Armidale NSW Australia 2351 Phone: +61 02 6773 2068 gstew...@une.edu.au www.une.edu.au CRICOS Provider Number: 3G -Original Message- From: Abdul Raheem Seyed (NDC IS&T) [mailto:ase...@ndc.ae] Sent: Monday, December 07, 2009 5:18 PM To: users@tomcat.apache.org Subject: Publishing Java webservice - tomcat 5.5 shared hosting Hi, We have requirement to host a webservice in a shared tomcat 5.5 webhosting environment ( virtual server ). The hosting company doesn't provide access to tomcat Manager as it's shared web hosting. Can some one tell how we can deploy a java webservice in tomcat 5.5. We have access to specific folder of the tomcat only (tomcat root \ webapps\mywebsite\). We can't restart the server as well we don't have admin access to the server. Appreciate your help. Thanks in advance, Abdul Raheem S Disclaimer: This e-mail has been scanned by Microsoft Forefront Online Security for Exchange. This e-mail and its attachments may be confidential and are intended solely for the use of the individual(s) to whom it is addressed. If you have received it by mistake, please reply by e-mail to sender or ad...@ndc.ae and delete it from your system; you may not copy this message or disclose its contents to anyone. Statements and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of National Drilling Company (NDC). Although reasonable precautions have been taken to ensure no viruses are present in this e-mail, NDC cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments. Disclaimer: This e-mail has been scanned by Microsoft Forefront Online Security for Exchange. This e-mail and its attachments may be confidential and are intended solely for the use of the individual(s) to whom it is addressed. If you have received it by mistake, please reply by e-mail to sender or ad...@ndc.ae and delete it from your system; you may not copy this message or disclose its contents to anyone. Statements and opinions expressed in this e-mail are those of the sender, and do not necessarily reflect those of National Drilling Company (NDC). Although reasonable precautions have been taken to ensure no viruses are present in this e-mail, NDC cannot accept responsibility for any loss or damage arising from the use of this e-mail or attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
On 7 Dec 2009, at 19:26, itay sahar wrote: > I add log for the following method: > > protected String encodeToken(String username, String value) > { > StringBuilder sb = new StringBuilder(); > sb.append(username); > sb.append(":"); > sb.append(value); > return Base64.encodeBytes(sb.toString().getBytes()); > } > *Before encoding:* > sb.toString().getBytes() = > [105, 116, 97, 121, 46, 115, 97, 104, 97, 114, 64, 103, 109, 97, > 105, 108, > 46, 99, 111, 109, 58, 45, 51, 51, 99, 100, 102, 98, 54, 102, 58, 49, > 50, 53, > 54, 97, 57, 48, 99, 57, 97, 99, 58, 45, 56, 48, 48, 48, 58, 51, 54, > 55, 56, > 53, 55, 52, 53, 54, 55, 52, 56, 55, 53, 56, 54, 57, 51, 56] > > *After encoding:* > Base64.encodeBytes(sb.toString().getBytes()) = > > aXRheS5zYWhhckBnbWFpbC5jb206LTMzY2RmYjZmOjEyNTZhOTBjOWFjOi04MDAwOjM2Nzg1NzQ1 > > Base64.encodeBytes(sb.toString().getBytes()).getBytes() > [97, 88, 82, 104, 101, 83, 53, 122, 89, 87, 104, 104, 99, 107, 66, > 110, 98, > 87, 70, 112, 98, 67, 53, 106, 98, 50, 48, 54, 76, 84, 77, 122, 89, > 50, 82, > 109, 89, 106, 90, 109, 79, 106, 69, 121, 78, 84, 90, 104, 79, 84, > 66, 106, > 79, 87, 70, 106, 79, 105, 48, 52, 77, 68, 65, 119, 79, 106, 77, 50, > 78, 122, > 103, 49, 78, 122, 81, 49, 10, 78, 106, 99, 48, 79, 68, 99, 49, 79, > 68, 89, > 53, 77, 122, 103, 61] > > Please note that any change in the above might affect the decoder. > Thanks! This is nice, but what does it prove? How about posting the bit of code where you create and set the cookie? Then we might see what you're doing wrong. p > On Mon, Dec 7, 2009 at 3:04 PM, itay sahar > wrote: > >> Thanks André, >> * >> * >> *I agree with you about the doubt you have about the ":" being in C >> (after >> encoding).* >> return Base64.encodeBytes(sb.toString().getBytes()); >> *I guess you suggest to log somthing like * >> *(new String(C)).getBytes ? If yes I post it here later. I hope you >> can >> then suggest somthing to sove this.* >> >> >> On Mon, Dec 7, 2009 at 1:57 PM, André Warnier wrote: >> >>> itay sahar wrote: >>> Pid, I'm not using B as the cookie value. A & B go to encode and finally you have *one *value(C). this value is sent to addCookie. C is somthing like: aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 >>> >>> Ok, let's take this at face value. >>> >>> So yet, you are still getting an exception, which says that there >>> is a >>> "control character" in the value of the cookie which you are >>> trying to add. >>> >>> Let's assume for now that the addCookie method itself has no bug, >>> and that >>> what it says in the exception is the truth. >>> >>> It also does not look (in these email communications), as if your >>> value C >>> above has a "control character" in it. >>> >>> (But note : there still could be one, that we do not see here in >>> these >>> emails. For example, if the value C above was in reality ending >>> in a CR/LF >>> pair. Apart from the string C itself above, you should maybe also >>> log its >>> length in bytes, so that we can really make sure that this is not >>> the case). >>> >>> Then, if I remember well the code which really adds the cookie >>> (and which >>> is not the one shown below), independently of the "value", there >>> is also in >>> these cookies an expiration date, and a path, which you add to the >>> cookie >>> string one by one. >>> So really, when you do the addCookie, what you do is creating a >>> cookie >>> header which looks like : >>> Set-Cookie: cookie-name=cookie-value >>> (C);expires=somedate;path=somepath >>> >>> Any one of "somedate" or "somepath" could (potentially) contain a >>> control >>> character, and the exception would only show up when you actually >>> do the >>> addCookie() of the whole value (including expiration date and >>> path) at once. >>> >>> >>> >>> >>> >>> On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: On 06/12/2009 21:51, itay sahar wrote: > > Hi Andre, >> >> please see below input and output of: >> protected String encodeToken(String username, String value) >> { >> StringBuilder sb = new StringBuilder(); >> sb.append(username); >> sb.append(":"); >> sb.append(value); >> return Base64.encodeBytes(sb.toString().getBytes()); >> } >> >> Input is: >> >> username= itay.sa...@gmial.com >> value=6de5ca4f:1254c461110:-7feb:9135486247122677484 >> >> Output is (this is what actually addCookie get as parameter): >> >> 6de5ca4f:1254c461110:-7feb:9135486247122677484 >> >> Can you suggest solution ? >> >> Yep. > > You are claiming that you are supplying A & B to the encodeToken > function, > but then you are using B as the cookie value. > > Try using the value returned from the encodeToken function > instead. > Hint, if it contains a ":" character, it's not Base64 encoded. > > >>
RE: JSSE question
Thanks again Chuck. Unfortunately Bill's suggestion did not work or I did something wrong. Thanks Vadim. (310)765-3812 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, December 07, 2009 11:23 AM To: Tomcat Users List Subject: RE: JSSE question > From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I checked the log file and it states that APR library was not found. O.k., good to know that. Ignore the pointer to the APR configuration that I gave you and go back to the original one Bill B pointed you to. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up x planner plus using Tomcat
After much fustration I managed to get it working but thanks for your help it was greatly appreciated. Peter Crowther wrote: > > Given that the samples run fine, this doesn't look like a Tomcat issue. I > suspect you'd have better luck on a MySQL, Hibernate or x-planner list. > > I'm slightly bemused that the username in the error message is in > UPPERCASE > when you've specified it in lower case - is something assuming particular > case-sensitivity on MySQL? > > - Peter > > 2009/12/7 joe_sad > >> >> Hi, >> >> I am trying to configure Tomcat so that I can run x-planner plus on it. >> >> I have been following some tutorials but don't seem to be getting >> anywhere >> with it. >> >> Im getting what looks like some database errors when running Tomcat with >> my >> xplanner plus application in the web apps dir. If the xplanner app is not >> there then I do not getting any errors. Also the example applications >> seem >> to work fine. >> >> The errors that I am getting are sql.SQLException: User not found: >> XPLANNER >> >> I have created a user using this script in mysql >> >> GRANT ALL PRIVILEGES ON xplanner.* TO 'xplanner'@'localhost' IDENTIFIED >> BY >> 'xp' WITH GRANT OPTION; >> >> Also in the xplanner file : >> xplanner.properties && >> xplanner-custom.properties >> >> I have changed the connection part to this: >> >> # Hibernate MySQL Configuration >> hibernate.dialect=com.technoetic.xplanner.db.hibernate.XPlannerMySQLDialect >> hibernate.connection.driver_class=com.mysql.jdbc.Driver >> hibernate.connection.dbname=xplanner >> hibernate.connection.url=jdbc:mysql://localhost/ >> hibernate.connection.username=xplanner >> hibernate.connection.password=xp >> xplanner.migration.databasetype=mysql >> >> xplanner.migration.patchpath=patches:com.technoetic.xplanner.upgrade:com.technoetic.xplanner.security.install >> >> Any advice would be much appreciated >> >> Thanks in advance >> -- >> View this message in context: >> http://old.nabble.com/Setting-up-x-planner-plus-using-Tomcat-tp26680216p26680216.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > > -- View this message in context: http://old.nabble.com/Setting-up-x-planner-plus-using-Tomcat-tp26680216p26682691.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
I add log for the following method: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } *Before encoding:* sb.toString().getBytes() = [105, 116, 97, 121, 46, 115, 97, 104, 97, 114, 64, 103, 109, 97, 105, 108, 46, 99, 111, 109, 58, 45, 51, 51, 99, 100, 102, 98, 54, 102, 58, 49, 50, 53, 54, 97, 57, 48, 99, 57, 97, 99, 58, 45, 56, 48, 48, 48, 58, 51, 54, 55, 56, 53, 55, 52, 53, 54, 55, 52, 56, 55, 53, 56, 54, 57, 51, 56] *After encoding:* Base64.encodeBytes(sb.toString().getBytes()) = aXRheS5zYWhhckBnbWFpbC5jb206LTMzY2RmYjZmOjEyNTZhOTBjOWFjOi04MDAwOjM2Nzg1NzQ1 Base64.encodeBytes(sb.toString().getBytes()).getBytes() [97, 88, 82, 104, 101, 83, 53, 122, 89, 87, 104, 104, 99, 107, 66, 110, 98, 87, 70, 112, 98, 67, 53, 106, 98, 50, 48, 54, 76, 84, 77, 122, 89, 50, 82, 109, 89, 106, 90, 109, 79, 106, 69, 121, 78, 84, 90, 104, 79, 84, 66, 106, 79, 87, 70, 106, 79, 105, 48, 52, 77, 68, 65, 119, 79, 106, 77, 50, 78, 122, 103, 49, 78, 122, 81, 49, 10, 78, 106, 99, 48, 79, 68, 99, 49, 79, 68, 89, 53, 77, 122, 103, 61] Please note that any change in the above might affect the decoder. Thanks! On Mon, Dec 7, 2009 at 3:04 PM, itay sahar wrote: > Thanks André, > * > * > *I agree with you about the doubt you have about the ":" being in C (after > encoding).* > return Base64.encodeBytes(sb.toString().getBytes()); > *I guess you suggest to log somthing like * > *(new String(C)).getBytes ? If yes I post it here later. I hope you can > then suggest somthing to sove this.* > > > On Mon, Dec 7, 2009 at 1:57 PM, André Warnier wrote: > >> itay sahar wrote: >> >>> Pid, >>> I'm not using B as the cookie value. A & B go to encode and finally you >>> have *one *value(C). this value >>> is sent to addCookie. >>> >>> C is somthing like: >>> >>> aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 >>> >> >> Ok, let's take this at face value. >> >> So yet, you are still getting an exception, which says that there is a >> "control character" in the value of the cookie which you are trying to add. >> >> Let's assume for now that the addCookie method itself has no bug, and that >> what it says in the exception is the truth. >> >> It also does not look (in these email communications), as if your value C >> above has a "control character" in it. >> >> (But note : there still could be one, that we do not see here in these >> emails. For example, if the value C above was in reality ending in a CR/LF >> pair. Apart from the string C itself above, you should maybe also log its >> length in bytes, so that we can really make sure that this is not the case). >> >> Then, if I remember well the code which really adds the cookie (and which >> is not the one shown below), independently of the "value", there is also in >> these cookies an expiration date, and a path, which you add to the cookie >> string one by one. >> So really, when you do the addCookie, what you do is creating a cookie >> header which looks like : >> Set-Cookie: cookie-name=cookie-value(C);expires=somedate;path=somepath >> >> Any one of "somedate" or "somepath" could (potentially) contain a control >> character, and the exception would only show up when you actually do the >> addCookie() of the whole value (including expiration date and path) at once. >> >> >> >> >> >> >>> On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: >>> >>> On 06/12/2009 21:51, itay sahar wrote: Hi Andre, > > please see below input and output of: > protected String encodeToken(String username, String value) > { > StringBuilder sb = new StringBuilder(); > sb.append(username); > sb.append(":"); > sb.append(value); > return Base64.encodeBytes(sb.toString().getBytes()); > } > > Input is: > > username= itay.sa...@gmial.com > value=6de5ca4f:1254c461110:-7feb:9135486247122677484 > > Output is (this is what actually addCookie get as parameter): > > 6de5ca4f:1254c461110:-7feb:9135486247122677484 > > Can you suggest solution ? > > Yep. You are claiming that you are supplying A & B to the encodeToken function, but then you are using B as the cookie value. Try using the value returned from the encodeToken function instead. Hint, if it contains a ":" character, it's not Base64 encoded. p On Sun, Dec 6, 2009 at 11:28 PM, itay sahar wrote: > Hi Andre, > >> please see below input and output of: >> protected String encodeToken(String username, String value) >> { >> StringBuilder sb = new StringBuilder(); >> sb.append(username); >> sb.append(":"); >> sb.append(value); >> return Base64.encodeBytes(sb.toString().getBytes());
RE: JSSE question
> From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I checked the log file and it states that APR library was not found. O.k., good to know that. Ignore the pointer to the APR configuration that I gave you and go back to the original one Bill B pointed you to. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
Hi Chuck. Thank you for your quick response. It makes it really interactive. I checked the log file and it states that APR library was not found. I am using the binary distribution 6.0.20 from the Tomcat website on CentOS 5. Thanks Vadim. (310)765-3812 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, December 07, 2009 11:12 AM To: Tomcat Users List Subject: RE: JSSE question > From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I have noticed the strings > >SSLEngine="on" /> > In my server.xml. The presence of the listener does not necessarily mean you're using APR. If you have a libtcnative .dll or .so file in your bin directory, you should be using APR; you can verify this in the Tomcat logs, which will record that APR is being used, but does *not* display any particular message if APR is not being used. Only set your for APR if you really are using APR. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
> From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I have noticed the strings > >SSLEngine="on" /> > In my server.xml. The presence of the listener does not necessarily mean you're using APR. If you have a libtcnative .dll or .so file in your bin directory, you should be using APR; you can verify this in the Tomcat logs, which will record that APR is being used, but does *not* display any particular message if APR is not being used. Only set your for APR if you really are using APR. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
Hi Chuck It does not help either. You are probably right about APR, I have noticed the strings In my server.xml. So following the document you suggested I have changed my server.xml (see attached) and copied pem forkat files localhost.crt and localhost.key from their default locations to conf folder. So now the Tomcat does not recognize the keystore format. If I had to use pkcs12 certificate which I have exported before then what key file should I use? Should I also export it into pkcs12? How? Thanks Vadim. (310)765-3812 -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Monday, December 07, 2009 10:30 AM To: Tomcat Users List Subject: RE: JSSE question > From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I have followed the recommendations in that document but did not > succeed. Are you using APR with Tomcat? If so, the proper doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org server.xml Description: server.xml - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
> From: Vadim Letitchevski [mailto:vletitchev...@teledyne.com] > Subject: RE: JSSE question > > I have followed the recommendations in that document but did not > succeed. Are you using APR with Tomcat? If so, the proper doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html#HTTPS - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
Bill. I have followed the recommendations in that document but did not succeed. So I have a set of self-generated (using OpenSSL) credentials. OpenSSL server and client work fine (connect) using these credentials with authentication both ways. Following the instructions in (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html) I have done: openssl pkcs12 -export -in /etc/pki/tls/certs/localhost.crt -inkey /etc/pki/tls/private/localhost.key -out mycert.p12 -name tomcat -CAfile /etc/pki/tls/cacert.pem -caname root -chain I have used the password changeit. Next I have edited server.xml to have these strings: Then I started server and used Firefox trying to open https://localhost:8442 or https:/localhost:8443 with no success (failed to connect page). Catalina log file shows "java.io.exception: Invalid keystore format." What have I done wrong? Thanks Vadim. -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Bill Barker Sent: Friday, December 04, 2009 7:25 PM To: users@tomcat.apache.org Subject: Re: JSSE question "Vadim Letitchevski" wrote in message news:e17da276f9a0c84fad22739de29c389005dafc3...@entmail01.tad.teledyne.com... >I am confused. Can Tomcat use only JKS keystore or it can also use pem >or some other certificate storages? > In the Tomcat docs (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html), it shows how to use a PKCS12 keystore. At some point that should be updated to include an example for using a PKCS11 keystore. The actual answer is that the JSSE Connector can use any keystore format that is supported by your Java vendor. In particular, with the Sun JVM, you can't use PEM (however the APR Connector does use PEM). However, it is usually pretty easy to convert PEM to PKCS12 (see the link above for an example). > > Thanks > Vadim. > (310)765-3812 > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting up x planner plus using Tomcat
Given that the samples run fine, this doesn't look like a Tomcat issue. I suspect you'd have better luck on a MySQL, Hibernate or x-planner list. I'm slightly bemused that the username in the error message is in UPPERCASE when you've specified it in lower case - is something assuming particular case-sensitivity on MySQL? - Peter 2009/12/7 joe_sad > > Hi, > > I am trying to configure Tomcat so that I can run x-planner plus on it. > > I have been following some tutorials but don't seem to be getting anywhere > with it. > > Im getting what looks like some database errors when running Tomcat with my > xplanner plus application in the web apps dir. If the xplanner app is not > there then I do not getting any errors. Also the example applications seem > to work fine. > > The errors that I am getting are sql.SQLException: User not found: XPLANNER > > I have created a user using this script in mysql > > GRANT ALL PRIVILEGES ON xplanner.* TO 'xplanner'@'localhost' IDENTIFIED BY > 'xp' WITH GRANT OPTION; > > Also in the xplanner file : > xplanner.properties && > xplanner-custom.properties > > I have changed the connection part to this: > > # Hibernate MySQL Configuration > hibernate.dialect=com.technoetic.xplanner.db.hibernate.XPlannerMySQLDialect > hibernate.connection.driver_class=com.mysql.jdbc.Driver > hibernate.connection.dbname=xplanner > hibernate.connection.url=jdbc:mysql://localhost/ > hibernate.connection.username=xplanner > hibernate.connection.password=xp > xplanner.migration.databasetype=mysql > > xplanner.migration.patchpath=patches:com.technoetic.xplanner.upgrade:com.technoetic.xplanner.security.install > > Any advice would be much appreciated > > Thanks in advance > -- > View this message in context: > http://old.nabble.com/Setting-up-x-planner-plus-using-Tomcat-tp26680216p26680216.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat, out of memory and hot reployment
Thanks very much for your answers. My question has been clarified. Malcolm Pid ha scritto: On 07/12/2009 10:53, Malcolm Warren wrote: Dear All, I've seen that using hot deploy too often for apps on my production server (more than seven or eight times) without restarting Tomcat causes an Out of memory exception. Whereas it doesn't happen on my mac test machine, presumably because it has a different jvm from the debian linux production machine. And I've read in several places the reason for this, for example: "Hot redeployment always leads to an eventual JVM death as it runs out of PermGen memory space that stores class definitions". Just to clarify, that is not an accurate statement. Replace "always leads" with "might lead (depending on what your app is doing)", then check the credibility of the source. p What I was wondering is: If I turn off hot redeployment and use the Tomcat manager to redeploy applications, does that solve the problem? I would assume that it does not, but any information from the experts would be very welcome. Thanks, Malcolm Warren - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: JSSE question
Thank you Bill. Vadim. -Original Message- From: news [mailto:n...@ger.gmane.org] On Behalf Of Bill Barker Sent: Friday, December 04, 2009 7:25 PM To: users@tomcat.apache.org Subject: Re: JSSE question "Vadim Letitchevski" wrote in message news:e17da276f9a0c84fad22739de29c389005dafc3...@entmail01.tad.teledyne.com... >I am confused. Can Tomcat use only JKS keystore or it can also use pem >or some other certificate storages? > In the Tomcat docs (http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html), it shows how to use a PKCS12 keystore. At some point that should be updated to include an example for using a PKCS11 keystore. The actual answer is that the JSSE Connector can use any keystore format that is supported by your Java vendor. In particular, with the Sun JVM, you can't use PEM (however the APR Connector does use PEM). However, it is usually pretty easy to convert PEM to PKCS12 (see the link above for an example). > > Thanks > Vadim. > (310)765-3812 > > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting up x planner plus using Tomcat
Hi, I am trying to configure Tomcat so that I can run x-planner plus on it. I have been following some tutorials but don't seem to be getting anywhere with it. Im getting what looks like some database errors when running Tomcat with my xplanner plus application in the web apps dir. If the xplanner app is not there then I do not getting any errors. Also the example applications seem to work fine. The errors that I am getting are sql.SQLException: User not found: XPLANNER I have created a user using this script in mysql GRANT ALL PRIVILEGES ON xplanner.* TO 'xplanner'@'localhost' IDENTIFIED BY 'xp' WITH GRANT OPTION; Also in the xplanner file : xplanner.properties && xplanner-custom.properties I have changed the connection part to this: # Hibernate MySQL Configuration hibernate.dialect=com.technoetic.xplanner.db.hibernate.XPlannerMySQLDialect hibernate.connection.driver_class=com.mysql.jdbc.Driver hibernate.connection.dbname=xplanner hibernate.connection.url=jdbc:mysql://localhost/ hibernate.connection.username=xplanner hibernate.connection.password=xp xplanner.migration.databasetype=mysql xplanner.migration.patchpath=patches:com.technoetic.xplanner.upgrade:com.technoetic.xplanner.security.install Any advice would be much appreciated Thanks in advance -- View this message in context: http://old.nabble.com/Setting-up-x-planner-plus-using-Tomcat-tp26680216p26680216.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Can service output be redirected to the terminal window?
Hi Andre. I am using CentOS 5. The binary distribution of Tomcat 6.0.20 is downloaded from Tomcat website. Thanks Vadim. -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Saturday, December 05, 2009 4:08 AM To: Tomcat Users List Subject: Re: Can service output be redirected to the terminal window? Vadim Letitchevski wrote: > I am working under Linux actually. Ok, then what kind of Linux ? Also, tell us the version of Tomcat you are talking about, and whether you installed it from the pre-packaged version offered by your Linux version, or directly from the Tomcat website. It matters, so that we know which startup scripts may be involved. If you installed it from a package from your Linux distribution, then look into the startup script in /etc/init.d/tomcat... Usually, that is where redirections of STDOUT happen. > > > Thanks > Vadim. > > -Original Message- > From: André Warnier [mailto:a...@ice-sa.com] > Sent: Friday, December 04, 2009 3:46 PM > To: Tomcat Users List > Subject: Re: Can service output be redirected to the terminal window? > > Vadim Letitchevski wrote: >> >> I am new to Tomcat. >> 1. I have several services written under axis2. I deployed them statically >> into Tomcat but don't seem to be able to list those services. >> 2. I have noticed that startup.bat (under Windows) starts the separate >> terminal for the service output in oppose to startup.sh (in Unix). >> Is there way to direct my service output into the separate terminal window? >> I was using the apache axis2 server until now, but have to switch to Tomcat >> because I do not know how to make apache server to use SSL (how to configure >> it?) My service uses println output, it is a test utility and I want to keep >> it simple even if it is not most beautiful or optimal solution. >> > Vadim, I cannot really answer your question; but it is not very clear here if > your question relates to Tomcat under Windows, or under Unix. > Maybe this is due to the fact that the word "service" under Windows can be > confusing. > Under Windows, startup.bat is used to run Tomcat in a console window, not as > a "Windows Service". Running Tomcat as a "Windows Service" > happens through another mechanism, which does not use startup.bat. > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] Application speed (was Re: Tomcat performance benchmark)
2009/12/7 André Warnier > On the other hand, it would be really interesting to compare the > performance of a set of webservers 5 years ago, with the current ones, if > the comparison is in terms of real-world application requests served. > Granted, servers have become faster, memory and disk have become cheaper, > bandwidth has increased, code may have been somewhat improved in the > meantime. But on the other hand applications have also gotten bloated in > the meantime, so I am not quite sure that there would be that much > difference in the end. > > I suspect you'd find that the application servers used similar numbers of instructions on the common code paths, OSs varied a little but hadn't bloated too much, and the cost/benefit trade-off of application developer time against hardware cost was the same as ever: once the system is "fast enough", no more optimisation is done. If the system becomes "no longer fast enough", another round of optimisation or hardware acquisition is performed, depending on the expected costs of the two paths. If you look at computers and application software as a means to an end, rather than an end in itself, this is surely the most economically appropriate way of constructing it? Even though artisan and craftsman programmers might like to pretend otherwise. - Peter
Re: Tomcat performance benchmark
Peter Crowther wrote: 2009/12/7 Neil Aggarwal Here is one that is somewhat dated: http://www.webperformanceinc.com/library/reports/ServletReport/ Good grief, that's not so much "dated" as "coming back from beyond the grave"! It's two major versions and a lot of performance optimisations out of date for Tomcat, and I assume about the same for the other containers benchmarked. Benchmarking current performance based on that report is rather like assuming the current Formula 1 motor racing teams are showing similar relative performance to their placing in the 1970s. On the other hand, it would be really interesting to compare the performance of a set of webservers 5 years ago, with the current ones, if the comparison is in terms of real-world application requests served. Granted, servers have become faster, memory and disk have become cheaper, bandwidth has increased, code may have been somewhat improved in the meantime. But on the other hand applications have also gotten bloated in the meantime, so I am not quite sure that there would be that much difference in the end. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat performance benchmark
> From: peter.crowth...@googlemail.com > [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther > Subject: Re: Tomcat performance benchmark > > Benchmarking current performance based on that report is rather like > assuming the current Formula 1 motor racing teams are showing similar > relative performance to their placing in the 1970s. So Matra and Tyrrell aren't doing so well now? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [/jakarta/isapi_redirect.dll] is not a servlet url
Yes, my worker files are in the path I have specified in the registry. I am confused by this as well. I don't know where that worker name is coming from. The workers.minimal settings I posted are the ones I am using. If indeed the redirector is looking for a worker called ajp13 then, yes, it is not finding it. awarnier wrote: > > magillagorilla wrote: > ... >> [Fri Dec 04 12:56:25 2009] [0160:3124] [debug] >> HttpExtensionProc::jk_isapi_plugin.c (1084): could not get a worker for >> name >> ajp13 >> [Fri Dec 04 12:56:25 2009] [0160:3124] [error] >> HttpExtensionProc::jk_isapi_plugin.c (1109): could not get a worker for >> name >> ajp13 > ... >> > I don't really know what the problem is, but I am intrigued by the above > 2 lines in your logs. It looks as if mod_jk is looking for a worker > whose /name/ is ajp13, but that does not seem to be reflected in the > configuration files that you quoted. > Are you sure that the configuration files you listed are really the ones > that are being used ? > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/--jakarta-isapi_redirect.dll--is-not-a-servlet-url-tp26636373p26679053.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat performance benchmark
2009/12/7 Neil Aggarwal > Here is one that is somewhat dated: > http://www.webperformanceinc.com/library/reports/ServletReport/ > > Good grief, that's not so much "dated" as "coming back from beyond the grave"! It's two major versions and a lot of performance optimisations out of date for Tomcat, and I assume about the same for the other containers benchmarked. Benchmarking current performance based on that report is rather like assuming the current Formula 1 motor racing teams are showing similar relative performance to their placing in the 1970s. - Peter
RE: Tomcat performance benchmark
Hello: > I would like to know if anybody could provide me with a > unbiased "tomcat vs > others" peformance benchmark Here is one that is somewhat dated: http://www.webperformanceinc.com/library/reports/ServletReport/ Neil -- Neil Aggarwal, (281)846-8957, http://UnmeteredVPS.net Host your tomcat app on a CentOS VPS for only $25/month! Unmetered bandwidth, 7 day free trial, Google Checkout - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging into TOMCAT Manager
> From: joe_sad [mailto:joesadd...@gmail.com] > Subject: RE: Logging into TOMCAT Manager > > It did not ask me for a username or password though is this normal? Your browser may have remembered it for you. > I have placed my xplanner-plus dir with files in the below path. > C:\Program Files\apache-tomcat-6.0.20\apache-tomcat-6.0.20\webapps\ The above looks very strange, since apache-tomcat-6.0.20 is duplicated... How did you install Tomcat? If from the Windows .exe, the above path is incorrect. > When I try and select it i get this message > HTTP Status 404 - Start a new thread for a new topic. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging into TOMCAT Manager
I didn't restart the server so this now lets me in. It did not ask me for a username or password though is this normal? Now that I am in... I have placed my xplanner-plus dir with files in the below path. C:\Program Files\apache-tomcat-6.0.20\apache-tomcat-6.0.20\webapps\ When I try and select it i get this message HTTP Status 404 - type Status report message description The requested resource () is not available. Apache Tomcat/6.0.20 Do you have any idea why it can't find the files inside? what is it looking for I have an index.jsp file should it not find this by default. Apologies I am very new to this Thanks Caldarale, Charles R wrote: > >> From: joe_sad [mailto:joesadd...@gmail.com] >> Subject: Logging into TOMCAT Manager > >> I am new to using TomCat. > > It's Tomcat, not TomCat. > >> I have configured the tomcat-users.xml file so that I have a manager >> username and password like so.. > > 1) Did you restart Tomcat after making the changes? > > 2) Did you remove the comment markers from around the user and role lists? > Using an XML-aware editor is beneficial here. > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you > received this in error, please contact the sender and delete the e-mail > and its attachments from all computers. > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > > -- View this message in context: http://old.nabble.com/Logging-into-TOMCAT-Manager-tp26677781p26678087.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat, out of memory and hot reployment
On 07/12/2009 10:53, Malcolm Warren wrote: Dear All, I've seen that using hot deploy too often for apps on my production server (more than seven or eight times) without restarting Tomcat causes an Out of memory exception. Whereas it doesn't happen on my mac test machine, presumably because it has a different jvm from the debian linux production machine. And I've read in several places the reason for this, for example: "Hot redeployment always leads to an eventual JVM death as it runs out of PermGen memory space that stores class definitions". Just to clarify, that is not an accurate statement. Replace "always leads" with "might lead (depending on what your app is doing)", then check the credibility of the source. p What I was wondering is: If I turn off hot redeployment and use the Tomcat manager to redeploy applications, does that solve the problem? I would assume that it does not, but any information from the experts would be very welcome. Thanks, Malcolm Warren - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat, out of memory and hot reployment
> From: Malcolm Warren [mailto:malc...@villeinitalia.com] > Subject: Tomcat, out of memory and hot reployment > > If I turn off hot redeployment and use the Tomcat manager to redeploy > applications, does that solve the problem? No, that is a hot redeployment. > I would assume that it does not, but any information from the experts > would be very welcome. Fix your webapp (or libraries that it uses) so that it doesn't hang onto references to objects that it doesn't need. (Logging packages are infamous for causing this problem.) Make sure that any ThreadLocal usage is cleaned up at the end of *each* request. Watch out for anything in a shared library that keeps persistent references to webapp objects. Use a profiler to find out where the unwanted references to superseded objects come from. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Logging into TOMCAT Manager
> From: joe_sad [mailto:joesadd...@gmail.com] > Subject: Logging into TOMCAT Manager > I am new to using TomCat. It's Tomcat, not TomCat. > I have configured the tomcat-users.xml file so that I have a manager > username and password like so.. 1) Did you restart Tomcat after making the changes? 2) Did you remove the comment markers from around the user and role lists? Using an XML-aware editor is beneficial here. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Logging into TOMCAT Manager
Hi, I am new to using TomCat. I have used an apache server like WAMP before for a PHP project. I think that TomCat should be fairly simmilar. All I am trying to do is to login to the manager section so that I can start to use an application called x-planner plus. I have configured the tomcat-users.xml file so that I have a manager username and password like so.. You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file will contain the credentials to let you use this webapp. When I try and login to manager using these credentials it will not allow me and i get the below error. 401 Unauthorized You are not authorized to view this page. If you have not changed any configuration files, please examine the file conf/tomcat-users.xml in your installation. That file will contain the credentials to let you use this webapp. You will need to add manager role to the config file listed above. For example: For more information - please see the Manager App HOW-TO. Does anybody please have any advise. Thanks in advance. -- View this message in context: http://old.nabble.com/Logging-into-TOMCAT-Manager-tp26677781p26677781.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat performance benchmark
Cae Fernandes wrote: > Hello guys, > > I would like to know if anybody could provide me with a unbiased "tomcat vs > others" peformance benchmark with full tests and full system specs > (hardware, os, etc). > > I'm interested in concurrent amount of users, hardware load and specs. > I've been designing a new system that may need to sustaint a heavy amount of > users and I need to know what to expect. > > Any help is apreciated. Performance will be 98% your app, 2% the container. If you get to the point where the container is the major differentiating factor in performance then either a) you have the container configured badly or b) you are close to getting as much performance as you can out of one instance of your app and you'd be better off looking at options for scaling. Some related observations: - Benchmarks are pretty meaningless. You can construct a benchmark to show pretty much whatever you want. For example, I've seen benchmarks that 'prove' that each of the BIO, NIO and APR/native connector gives the 'best' performance. - The only benchmark that matters is how your app performs - A good profiler is your friend. I use YourKit (because they give open source committers free copies) Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
Thanks André, * * *I agree with you about the doubt you have about the ":" being in C (after encoding).* return Base64.encodeBytes(sb.toString().getBytes()); *I guess you suggest to log somthing like * *(new String(C)).getBytes ? If yes I post it here later. I hope you can then suggest somthing to sove this.* On Mon, Dec 7, 2009 at 1:57 PM, André Warnier wrote: > itay sahar wrote: > >> Pid, >> I'm not using B as the cookie value. A & B go to encode and finally you >> have *one *value(C). this value >> is sent to addCookie. >> >> C is somthing like: >> >> aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 >> > > Ok, let's take this at face value. > > So yet, you are still getting an exception, which says that there is a > "control character" in the value of the cookie which you are trying to add. > > Let's assume for now that the addCookie method itself has no bug, and that > what it says in the exception is the truth. > > It also does not look (in these email communications), as if your value C > above has a "control character" in it. > > (But note : there still could be one, that we do not see here in these > emails. For example, if the value C above was in reality ending in a CR/LF > pair. Apart from the string C itself above, you should maybe also log its > length in bytes, so that we can really make sure that this is not the case). > > Then, if I remember well the code which really adds the cookie (and which > is not the one shown below), independently of the "value", there is also in > these cookies an expiration date, and a path, which you add to the cookie > string one by one. > So really, when you do the addCookie, what you do is creating a cookie > header which looks like : > Set-Cookie: cookie-name=cookie-value(C);expires=somedate;path=somepath > > Any one of "somedate" or "somepath" could (potentially) contain a control > character, and the exception would only show up when you actually do the > addCookie() of the whole value (including expiration date and path) at once. > > > > > > >> On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: >> >> On 06/12/2009 21:51, itay sahar wrote: >>> >>> Hi Andre, please see below input and output of: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } Input is: username= itay.sa...@gmial.com value=6de5ca4f:1254c461110:-7feb:9135486247122677484 Output is (this is what actually addCookie get as parameter): 6de5ca4f:1254c461110:-7feb:9135486247122677484 Can you suggest solution ? Yep. >>> >>> You are claiming that you are supplying A & B to the encodeToken >>> function, >>> but then you are using B as the cookie value. >>> >>> Try using the value returned from the encodeToken function instead. >>> Hint, if it contains a ":" character, it's not Base64 encoded. >>> >>> >>> >>> p >>> >>> >>> On Sun, Dec 6, 2009 at 11:28 PM, itay sahar >>> wrote: >>> Hi Andre, > please see below input and output of: > protected String encodeToken(String username, String value) > { > StringBuilder sb = new StringBuilder(); > sb.append(username); > sb.append(":"); > sb.append(value); > return Base64.encodeBytes(sb.toString().getBytes()); > } > > Input is: > > username= itay.sa...@gmial.com > > value=6de5ca4f:1254c461110:-7feb:9135486247122677484 > > > Output is: > > > > aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 > > > > Can you suggest solution ? > > On Sat, Dec 5, 2009 at 6:20 PM, André Warnier wrote: > > Mark Thomas wrote: > >> itay sahar wrote: >> >>> Caused by: java.lang.IllegalArgumentException: Control character in >>> cookie value, consider BASE64 encoding your value at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396) To cause this, there must be a character in the value with an ASCII >>> code >>> of less than 0x20 or greater or equal to 0x7f and is not 0x09. >>> >>> You need to fix that first. >>> >>> Then you'll need to worry about Base64 using '=' in cookie values. >>> The >>> value needs to be quoted for this to work. Tomcat will do this >>> automatically if necessary. >>> >>> >>> Mark above is talking about the output value of the Base64 encoder >>> >> which >> you are using, and which you then feed to the >> response.addCookie(cookie) >> method. >> >> It is not clear (to me) where the used Base64.encodeBytes() method >> com
Tomcat performance benchmark
Hello guys, I would like to know if anybody could provide me with a unbiased "tomcat vs others" peformance benchmark with full tests and full system specs (hardware, os, etc). I'm interested in concurrent amount of users, hardware load and specs. I've been designing a new system that may need to sustaint a heavy amount of users and I need to know what to expect. Any help is apreciated. Thanks. -- View this message in context: http://old.nabble.com/Tomcat-performance-benchmark-tp26676954p26676954.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
itay sahar wrote: Pid, I'm not using B as the cookie value. A & B go to encode and finally you have *one *value(C). this value is sent to addCookie. C is somthing like: aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 Ok, let's take this at face value. So yet, you are still getting an exception, which says that there is a "control character" in the value of the cookie which you are trying to add. Let's assume for now that the addCookie method itself has no bug, and that what it says in the exception is the truth. It also does not look (in these email communications), as if your value C above has a "control character" in it. (But note : there still could be one, that we do not see here in these emails. For example, if the value C above was in reality ending in a CR/LF pair. Apart from the string C itself above, you should maybe also log its length in bytes, so that we can really make sure that this is not the case). Then, if I remember well the code which really adds the cookie (and which is not the one shown below), independently of the "value", there is also in these cookies an expiration date, and a path, which you add to the cookie string one by one. So really, when you do the addCookie, what you do is creating a cookie header which looks like : Set-Cookie: cookie-name=cookie-value(C);expires=somedate;path=somepath Any one of "somedate" or "somepath" could (potentially) contain a control character, and the exception would only show up when you actually do the addCookie() of the whole value (including expiration date and path) at once. On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: On 06/12/2009 21:51, itay sahar wrote: Hi Andre, please see below input and output of: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } Input is: username= itay.sa...@gmial.com value=6de5ca4f:1254c461110:-7feb:9135486247122677484 Output is (this is what actually addCookie get as parameter): 6de5ca4f:1254c461110:-7feb:9135486247122677484 Can you suggest solution ? Yep. You are claiming that you are supplying A & B to the encodeToken function, but then you are using B as the cookie value. Try using the value returned from the encodeToken function instead. Hint, if it contains a ":" character, it's not Base64 encoded. p On Sun, Dec 6, 2009 at 11:28 PM, itay sahar wrote: Hi Andre, please see below input and output of: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } Input is: username= itay.sa...@gmial.com value=6de5ca4f:1254c461110:-7feb:9135486247122677484 Output is: aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 Can you suggest solution ? On Sat, Dec 5, 2009 at 6:20 PM, André Warnier wrote: Mark Thomas wrote: itay sahar wrote: Caused by: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396) To cause this, there must be a character in the value with an ASCII code of less than 0x20 or greater or equal to 0x7f and is not 0x09. You need to fix that first. Then you'll need to worry about Base64 using '=' in cookie values. The value needs to be quoted for this to work. Tomcat will do this automatically if necessary. Mark above is talking about the output value of the Base64 encoder which you are using, and which you then feed to the response.addCookie(cookie) method. It is not clear (to me) where the used Base64.encodeBytes() method comes from. But wherever it comes from, it should encode any input series of bytes according to http://tools.ietf.org/html/rfc3548#section-3 which cannot produce "control characters". Except that some Base64 encoders, in some cases, will "wrap" the output string at 76 bytes, by inserting a CR/LF pair, which are both "control characters". (Note that the output string of Base64 is longer than the input string, since it encodes 3 consecutive input bytes into 4 output bytes.) My guess is that this is what happens here, and that could trigger the exception above. Maybe this Base64.encodeBytes() method has an optional argument which would tell it to not wrap the output value ? Note also that with the code you were showing, the control character(s) could presumably be also in "cookiePath". Why do you not log the cookie value, just before you call setCookieValueIfEnabled(String value) ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional
Re: Control character in cookie value
Pid, I'm not using B as the cookie value. A & B go to encode and finally you have *one *value(C). this value is sent to addCookie. C is somthing like: aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 On Mon, Dec 7, 2009 at 12:16 PM, Pid wrote: > On 06/12/2009 21:51, itay sahar wrote: > >> Hi Andre, >> >> please see below input and output of: >> protected String encodeToken(String username, String value) >>{ >> StringBuilder sb = new StringBuilder(); >> sb.append(username); >> sb.append(":"); >> sb.append(value); >> return Base64.encodeBytes(sb.toString().getBytes()); >> } >> >> Input is: >> >> username= itay.sa...@gmial.com >> value=6de5ca4f:1254c461110:-7feb:9135486247122677484 >> >> Output is (this is what actually addCookie get as parameter): >> >> 6de5ca4f:1254c461110:-7feb:9135486247122677484 >> >> Can you suggest solution ? >> > > Yep. > > You are claiming that you are supplying A & B to the encodeToken function, > but then you are using B as the cookie value. > > Try using the value returned from the encodeToken function instead. > Hint, if it contains a ":" character, it's not Base64 encoded. > > > > p > > > On Sun, Dec 6, 2009 at 11:28 PM, itay sahar wrote: >> >> Hi Andre, >>> >>> please see below input and output of: >>> protected String encodeToken(String username, String value) >>>{ >>> StringBuilder sb = new StringBuilder(); >>> sb.append(username); >>> sb.append(":"); >>> sb.append(value); >>> return Base64.encodeBytes(sb.toString().getBytes()); >>> } >>> >>> Input is: >>> >>> username= itay.sa...@gmial.com >>> >>> value=6de5ca4f:1254c461110:-7feb:9135486247122677484 >>> >>> >>> Output is: >>> >>> >>> aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 >>> >>> >>> >>> Can you suggest solution ? >>> >>> On Sat, Dec 5, 2009 at 6:20 PM, André Warnier wrote: >>> >>> Mark Thomas wrote: itay sahar wrote: > > Caused by: java.lang.IllegalArgumentException: Control character in >> cookie >> value, consider BASE64 encoding your value >>at >> >> >> org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396) >> >> > To cause this, there must be a character in the value with an ASCII > code > of less than 0x20 or greater or equal to 0x7f and is not 0x09. > > You need to fix that first. > > Then you'll need to worry about Base64 using '=' in cookie values. The > value needs to be quoted for this to work. Tomcat will do this > automatically if necessary. > > > Mark above is talking about the output value of the Base64 encoder which you are using, and which you then feed to the response.addCookie(cookie) method. It is not clear (to me) where the used Base64.encodeBytes() method comes from. But wherever it comes from, it should encode any input series of bytes according to http://tools.ietf.org/html/rfc3548#section-3 which cannot produce "control characters". Except that some Base64 encoders, in some cases, will "wrap" the output string at 76 bytes, by inserting a CR/LF pair, which are both "control characters". (Note that the output string of Base64 is longer than the input string, since it encodes 3 consecutive input bytes into 4 output bytes.) My guess is that this is what happens here, and that could trigger the exception above. Maybe this Base64.encodeBytes() method has an optional argument which would tell it to not wrap the output value ? Note also that with the code you were showing, the control character(s) could presumably be also in "cookiePath". Why do you not log the cookie value, just before you call setCookieValueIfEnabled(String value) ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat, out of memory and hot reployment
Dear All, I've seen that using hot deploy too often for apps on my production server (more than seven or eight times) without restarting Tomcat causes an Out of memory exception. Whereas it doesn't happen on my mac test machine, presumably because it has a different jvm from the debian linux production machine. And I've read in several places the reason for this, for example: "Hot redeployment always leads to an eventual JVM death as it runs out of PermGen memory space that stores class definitions". What I was wondering is: If I turn off hot redeployment and use the Tomcat manager to redeploy applications, does that solve the problem? I would assume that it does not, but any information from the experts would be very welcome. Thanks, Malcolm Warren
Re: Apache Tomcat Windows Installer Insecure Password Vulnerability
On 07/12/2009 04:53, Saw Chee Hong wrote: I seen this at one of apache website. *[Summary]* Apache Tomcat is prone to an insecure-password vulnerability in the Windows installer. The administrative password defaults to a blank password during the install process. Attackers may exploit this issue to obtain administrative access to the application. Other attacks may also be possible. * [Affected Version]* Tomcat 6.0.0 through 6.0.20 and Tomcat 5.5.0 through 5.5.28 are vulnerable; Unsupported versions in the 3.x, 4.x, 4.1.x, and 5.0.x branches may also be affected. * [Solution/Workaround]* The following workarounds are available: 1. Install the application via the .zip or .tar.gz distributions instead of using the Windows installer method. 2. Remove the 'admin' user from 'tomcat-users.xml' after the Windows installer has completed. 3. Edit the 'tomcat-users.xml' file to provide the 'admin' user with a strong password after the Windows installer has completed. Currently mytomcat version was 5.0.27. I have check the ‘tomcat-users.xml’ file and it doesn’t consist the ‘admin’ user in the file. Then you are not at risk from *this particular* issue. Does this mean that my tomcat is safe? No idea. That's too open ended a question - we can't tell what else you've done to it. p Thank you for answering my question. Best Regards, Saw Chee Hong - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: the Tomcat generates more than one session id with the same http request, please help me
On 07/12/2009 08:22, Peter Chen wrote: Hi, all I am testing a website with the server Tomcat. I am using Tomcat 5.5.26, and I found one problem. The website is used to display audio files. After I log in the website, I can see the icon of the audio file. But after I press the button "play", it has different results with different browsers. When I use firefox3.5.5 and Google Chrome 3.0, I found the Tomcat will create more than one session id, and it can not be played. What bearing does the session have on this? Are you storing data in it? But if I use IE6.0/IE7.0/IE8.0, I found there is only one session id, and it plays well. I don't know the reason, has someone met this problem before, please help me to solve this problem, thanks. Are you properly encoding all link URLs on each page with HttpServletResponse.encodeURL()? p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Control character in cookie value
On 06/12/2009 21:51, itay sahar wrote: Hi Andre, please see below input and output of: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } Input is: username= itay.sa...@gmial.com value=6de5ca4f:1254c461110:-7feb:9135486247122677484 Output is (this is what actually addCookie get as parameter): 6de5ca4f:1254c461110:-7feb:9135486247122677484 Can you suggest solution ? Yep. You are claiming that you are supplying A & B to the encodeToken function, but then you are using B as the cookie value. Try using the value returned from the encodeToken function instead. Hint, if it contains a ":" character, it's not Base64 encoded. p On Sun, Dec 6, 2009 at 11:28 PM, itay sahar wrote: Hi Andre, please see below input and output of: protected String encodeToken(String username, String value) { StringBuilder sb = new StringBuilder(); sb.append(username); sb.append(":"); sb.append(value); return Base64.encodeBytes(sb.toString().getBytes()); } Input is: username= itay.sa...@gmial.com value=6de5ca4f:1254c461110:-7feb:9135486247122677484 Output is: aXRheS5zYWhhckBnbWFpbC5jb206NmRlNWNhNGY6MTI1NGM0NjExMTA6LTdmZWI6OTEzNTQ4NjI0 Can you suggest solution ? On Sat, Dec 5, 2009 at 6:20 PM, André Warnier wrote: Mark Thomas wrote: itay sahar wrote: Caused by: java.lang.IllegalArgumentException: Control character in cookie value, consider BASE64 encoding your value at org.apache.tomcat.util.http.ServerCookie.maybeQuote2(ServerCookie.java:396) To cause this, there must be a character in the value with an ASCII code of less than 0x20 or greater or equal to 0x7f and is not 0x09. You need to fix that first. Then you'll need to worry about Base64 using '=' in cookie values. The value needs to be quoted for this to work. Tomcat will do this automatically if necessary. Mark above is talking about the output value of the Base64 encoder which you are using, and which you then feed to the response.addCookie(cookie) method. It is not clear (to me) where the used Base64.encodeBytes() method comes from. But wherever it comes from, it should encode any input series of bytes according to http://tools.ietf.org/html/rfc3548#section-3 which cannot produce "control characters". Except that some Base64 encoders, in some cases, will "wrap" the output string at 76 bytes, by inserting a CR/LF pair, which are both "control characters". (Note that the output string of Base64 is longer than the input string, since it encodes 3 consecutive input bytes into 4 output bytes.) My guess is that this is what happens here, and that could trigger the exception above. Maybe this Base64.encodeBytes() method has an optional argument which would tell it to not wrap the output value ? Note also that with the code you were showing, the control character(s) could presumably be also in "cookiePath". Why do you not log the cookie value, just before you call setCookieValueIfEnabled(String value) ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat server start up without looking dependency jars
On 06/12/2009 17:10, ahmed kasim wrote: Hi thanks a lot for your response and valuable inputs. I want to avoid looking of that classes during server startup, my requirement is, specified classes/properties should lookup only when my war file deployed. If the app is not deployed before start up, then it gets deployed at the end of start up. Any classes (and the classes they are dependant on) defined in web.xml as Servlets, for example, will also be loaded. Why do you have such a requirement? p many thanks, Kasim From: Jorge Medina To: Tomcat Users List Sent: Sat, December 5, 2009 8:03:30 PM Subject: Re: tomcat server start up without looking dependency jars hi Ahmed, JAR files are not "loaded" by Tomcat. A jar file is just a container of classes, the classes are loaded by the JVM when the code makes reference to them. If you specify a on your context.xml, then Tomcat will look for those classes (the driverClassName), but that does not mean that a connection to the database is established at that point in time. It only means that the driver has been loaded. Your application is responsible to ask for a connection whenever it wishes. On Sat, Dec 5, 2009 at 7:17 AM, ahmed kasim wrote: Hi, I have few jars which need to get loaded only when the war file is getting loaded or when the request comes, to be more clear I have some jar which is having connection to DB, if I specify in my context.xml file it is getting loaded when the server getting started up initially, so I want to avoid this and make it when my war file gets loaded the db connection should get loaded. I have three jar file specified for Resource , if i place jar file it is getting loaded and server starts up looking for connection with db. How can I avoid server starting time look up and make it available only when I deploy the war file. many thanks, Kasim - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: the Tomcat generates more than one session id with the same http request, please help me
Put the session ID in the URL and it will work on all systems. Alternatively, don't use sessions for the audio file. > -Original Message- > From: Peter Chen [mailto:peter.c...@aicent.com] > Sent: maandag 07 december 2009 09:22 > To: users@tomcat.apache.org > Subject: the Tomcat generates more than one session id with > the same http request, please help me > > Hi, all > > > > I am testing a website with the server Tomcat. I am using > Tomcat 5.5.26, and I found one problem. > > > > The website is used to display audio files. After I log in > the website, I can see the icon of the audio file. But after > I press the button "play", it has different results with > different browsers. > > When I use firefox3.5.5 and Google Chrome 3.0, I found the > Tomcat will create more than one session id, and it can not be played. > > But if I use IE6.0/IE7.0/IE8.0, I found there is only one > session id, and it plays well. > > > > I don't know the reason, has someone met this problem before, > please help me to solve this problem, thanks. > > This message and attachment(s) are intended solely for use by the addressee and may contain information that is privileged, confidential or otherwise exempt from disclosure under applicable law. If you are not the intended recipient or agent thereof responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify the sender immediately by telephone and with a 'reply' message. Thank you for your co-operation. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
the Tomcat generates more than one session id with the same http request, please help me
Hi, all I am testing a website with the server Tomcat. I am using Tomcat 5.5.26, and I found one problem. The website is used to display audio files. After I log in the website, I can see the icon of the audio file. But after I press the button "play", it has different results with different browsers. When I use firefox3.5.5 and Google Chrome 3.0, I found the Tomcat will create more than one session id, and it can not be played. But if I use IE6.0/IE7.0/IE8.0, I found there is only one session id, and it plays well. I don't know the reason, has someone met this problem before, please help me to solve this problem, thanks.