Re: APR SSL error: Socket bind failed: [98] Address already in use
On 19 Nov 2011, at 18:44, Eric Kemp cruisingat90...@gmail.com wrote: Summary: I'm looking for ideas on how to resolve this Address already in use error when configuring SSL in Tomcat APR. Environment: Running Apache Tomcat/6.0.24 on OS is Ubuntu 10.04.2 LTS with JVM 1.7.0_01-b08 // // Prior to configuring SSL, and after starting Tomcat I run netstat -tulpn and see that port 8443 is not used: // Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 29002/mysqld tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2136/sshd tcp6 0 0 127.0.0.1:8005 :::* LISTEN 12796/java tcp6 0 0 :::8080 :::* LISTEN 12796/java tcp6 0 0 :::22 :::* LISTEN 2136/sshd udp0 0 0.0.0.0:68 0.0.0.0:* 2087/dhclient3 // // I stop Tomcat, and add the following to my server.xml file: // Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt / // // I restart Tomcat, and see the following in the catalina.out file: How are you start/stop/restarting Tomcat - bin/script or service? After calling stop, are you sure Tomcat has actually stopped? p // SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1080) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.catalina.connector.Connector.start(Connector.java:1087) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) // // Running netstat -tulpn I see that port 8443 is now being used: // Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 29002/mysqld tcp0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2136/sshd tcp6 0 0 127.0.0.1:8005 :::* LISTEN 10696/java tcp6 0 0 :::8080 :::* LISTEN 10696/java tcp6 0 0 :::22 :::* LISTEN 2136/sshd tcp6 0 0 :::8443 :::* LISTEN 10696/java udp0 0 0.0.0.0:68 0.0.0.0:* 2087/dhclient3 If I change Connector port=8443 to Connector port=8445, I get the same error message, and netstat -tulpn shows: tcp6 0 0 :::8445 :::* LISTEN 10696/java I have also tried adding the following to my server.xml as an attribute to Connector and still get the same error:
Re: Grabbing the user's info
Terence M. Bandoian wrote: On 1:59 PM, chris derham wrote: But for _transparent_ authentication IIS is required as Christopher mentioned. That is not true. You can use SPNEGO to setup transparent authentication directly to tomcat. You do not need IIS. This means that a browser accesses a protected url on the server, and the server and browser discuss who the user is, and then the application is presented with that information. This discussion is transparent and involves no user interaction. This can be done by default in IE and I believe chrome, but firefox is more secure so needs to have explicitly have this authentication security enabled - by default it is turned off to stop hackers falsely requesting the details from a malicious server HTH Chris You might also consider using Waffle: http://waffle.codeplex.com/ which does not require IIS and supports NTLM and Kerberos. I've used it as a valve with Tomcat and believe it is also available as a filter. Both Internet Explorer and Firefox have settings to enable or disable automatic login. A brief mention is made in the Tomcat docs: http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html You might also consider using Jespa (www.ioplex.com). Not free, but very reasonably priced and works perfectly. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
Isnt 8005 shutdown port for tomcat? I can see sshd bound to that port already. On Nov 20, 2011 6:33 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/11/19 Eric Kemp cruisingat90...@gmail.com: Summary: I'm looking for ideas on how to resolve this Address already in use error when configuring SSL in Tomcat APR. Environment: Running Apache Tomcat/6.0.24 That one is old. Maybe you can upgrade to 6.0.33? on OS is Ubuntu 10.04.2 LTS with JVM 1.7.0_01-b08 There were severe issues with 1.7.0, such as Loop unroll optimization causes incorrect result. I do not know whether all of them are fixed in 7u1. http://tomcat.markmail.org/thread/oghpdg2whkrpnk7w Anyway, maybe you can try running with Java 6? // // I restart Tomcat, and see the following in the catalina.out file: // SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1080) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) What INFO messages are before this one? Maybe you can post your entire server.xml (without comments and passwords)? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
On 20 Nov 2011, at 12:49, Igor Cicimov icici...@gmail.com wrote: Isnt 8005 shutdown port for tomcat? I can see sshd bound to that port already. I think that's the line above... There is a java process holding 8005 On Nov 20, 2011 6:33 PM, Konstantin Kolinko knst.koli...@gmail.com wrote: 2011/11/19 Eric Kemp cruisingat90...@gmail.com: Summary: I'm looking for ideas on how to resolve this Address already in use error when configuring SSL in Tomcat APR. Environment: Running Apache Tomcat/6.0.24 That one is old. Maybe you can upgrade to 6.0.33? on OS is Ubuntu 10.04.2 LTS with JVM 1.7.0_01-b08 There were severe issues with 1.7.0, such as Loop unroll optimization causes incorrect result. I do not know whether all of them are fixed in 7u1. http://tomcat.markmail.org/thread/oghpdg2whkrpnk7w Anyway, maybe you can try running with Java 6? // // I restart Tomcat, and see the following in the catalina.out file: // SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1080) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) What INFO messages are before this one? Maybe you can post your entire server.xml (without comments and passwords)? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Grabbing the user's info
I use OpenAM. It is free and source is free. A tomcat server does all of the authentication and authorization. But what is nice is that there is an apache module so you can do all of the enforcement at your web server. Then all other tomcat servers being proxied by that same web server can be sent custom headers for things like user name, user id, groups, etc. On Nov 16, 2011 1:09 PM, chris derham ch...@derham.me.uk wrote: But for _transparent_ authentication IIS is required as Christopher mentioned. That is not true. You can use SPNEGO to setup transparent authentication directly to tomcat. You do not need IIS. This means that a browser accesses a protected url on the server, and the server and browser discuss who the user is, and then the application is presented with that information. This discussion is transparent and involves no user interaction. This can be done by default in IE and I believe chrome, but firefox is more secure so needs to have explicitly have this authentication security enabled - by default it is turned off to stop hackers falsely requesting the details from a malicious server HTH Chris
Re: APR SSL error: Socket bind failed: [98] Address already in use
Changing from jdk1.7.0_01 to 1.6.0_20 still results in the same error. I use the following commands to stop and start Tomcat: sudo /etc/init.d/tomcat6 stop sudo /etc/init.d/tomcat6 start I have verified that the Tomcat process DOES shut down when initiating a stop command via ps -ef | grep java only showing the current grep command. Ubuntu's apt-get put me at this current level (of Tomcat 6.0.24 and APR from 1.1.19-1) which I assumed would be fine. I'll see about trying to upgrade to Tomcat 6.0.33 and possibly APR 1.1.20-1. Any other ideas would still be appreciated. Thanks On Sun, Nov 20, 2011 at 5:09 AM, Pid * p...@pidster.com wrote: On 19 Nov 2011, at 18:44, Eric Kemp cruisingat90...@gmail.com wrote: Summary: I'm looking for ideas on how to resolve this Address already in use error when configuring SSL in Tomcat APR. Environment: Running Apache Tomcat/6.0.24 on OS is Ubuntu 10.04.2 LTS with JVM 1.7.0_01-b08 // // Prior to configuring SSL, and after starting Tomcat I run netstat -tulpn and see that port 8443 is not used: // Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 29002/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2136/sshd tcp6 0 0 127.0.0.1:8005 :::* LISTEN 12796/java tcp6 0 0 :::8080 :::* LISTEN 12796/java tcp6 0 0 :::22 :::* LISTEN 2136/sshd udp 0 0 0.0.0.0:68 0.0.0.0:* 2087/dhclient3 // // I stop Tomcat, and add the following to my server.xml file: // Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true SSLCertificateKeyFile=/etc/apache2/ssl/myUniqueDomain.com.key SSLCACertificateFile=/etc/apache2/ssl/myUniqueDomain.com.ca.crt / // // I restart Tomcat, and see the following in the catalina.out file: How are you start/stop/restarting Tomcat - bin/script or service? After calling stop, are you sure Tomcat has actually stopped? p // SEVERE: Error starting endpoint java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:646) at org.apache.tomcat.util.net.AprEndpoint.start(AprEndpoint.java:753) at org.apache.coyote.http11.Http11AprProtocol.start(Http11AprProtocol.java:137) at org.apache.catalina.connector.Connector.start(Connector.java:1080) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) Nov 19, 2011 11:35:19 AM org.apache.catalina.startup.Catalina start SEVERE: Catalina.start: LifecycleException: service.getName(): Catalina; Protocol handler start failed: java.lang.Exception: Socket bind failed: [98] Address already in use at org.apache.catalina.connector.Connector.start(Connector.java:1087) at org.apache.catalina.core.StandardService.start(StandardService.java:531) at org.apache.catalina.core.StandardServer.start(StandardServer.java:710) at org.apache.catalina.startup.Catalina.start(Catalina.java:593) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414) // // Running netstat -tulpn I see that port 8443 is now being used: // Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 29002/mysqld tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2136/sshd tcp6 0 0
RE: APR SSL error: Socket bind failed: [98] Address already in use
From: Eric Kemp [mailto:cruisingat90...@gmail.com] Subject: Re: APR SSL error: Socket bind failed: [98] Address already in use Any other ideas would still be appreciated. As others have noted, the conflict is likely on some port other than 8443. Post your entire server.xml, preferably with comments removed, so we can see all of the ports declared there. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR SSL error: Socket bind failed: [98] Address already in use
Below is my entire server.xml (minus commented lines) ?xml version='1.0' encoding='utf-8'? Server port=8005 shutdown=SecretCommand Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / Listener className=org.apache.catalina.core.JasperListener / Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 URIEncoding=UTF-8 redirectPort=8443 / !-- Adding the connector below causes the Socket bind failed: [98] Address already in use error to appear in catalina.out... and https does not work. -- Connector port=8443 protocol=org.apache.coyote.http11.Http11AprProtocol maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS SSLEnabled=true SSLCertificateKeyFile=/etc/apache2/ssl/myDomain.com.key SSLCACertificateFile=/etc/apache2/ssl/myDomain.com.ca.crt / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service /Server Thanks On Sun, Nov 20, 2011 at 4:18 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Eric Kemp [mailto:cruisingat90...@gmail.com] Subject: Re: APR SSL error: Socket bind failed: [98] Address already in use Any other ideas would still be appreciated. As others have noted, the conflict is likely on some port other than 8443. Post your entire server.xml, preferably with comments removed, so we can see all of the ports declared there. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
where to put static files?
I have a spring project (web app), in my project where should I be putting my static files like images/css/javascript? In my WEB-INF like: /WEB-INF/Assets {images/css/js} I know when I go in production I will have nginx map to this folder to serve the static files, but I just want to know where I can put them for development/testing.