Re: Tomcat user roles
Bill Wang bw57...@gmail.com wrote: Hi Tomcat guru, I have questions for the tomcat user roles setup. On-call team (24*7 support) need permission to restart one tomcat services, if they get call. I think it is maybe possible to let them restart tomcat throught Tomcat Web Application Manager (the admin url http://server:port/manager) My request is, I can't give the admin username and password directly to on-call team, admin account can not only restart the application, it can deploy and undeploy applications, that's too dangerous. So how can I setup the tomcat-users.xml or other config file to let on-call team has only permission to restart that particular application, not else. Regards, Bill You can create a new role in web.xml called restart and limit it to the list, start and stop commands since each command is part of the URL. Then you assign that role to a new user in your Realm. I'm on my phone so can't give an exact example. If that isn't enough info, I'm sure someone else can fill in the gaps for you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to get the tomcat internal log out?
2011/11/23 Kurt fxbird1...@163.com: I tried to invoke Bootstrap,but got an error saying Can't load server.xml from I:\workspace\mye10\TOMCAT_5_5_30\conf\server.xml,server.xml does exist At least that is some logging. Maybe that problem can be solved? The more usual configuration you are using, the more people would be able to help. Is there any material to guide a newbie on how to compile,run tomcat 5 of your compiled version, config logging thing etc? There are BUILDING.txt, RUNNING.txt as well as pages in the webapps/(tomcat-)docs. Even if they lack somewhere, there would not be much effort in improving 5.5 documentation, because Tomcat 5.5 is near its end of life. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Spring MVC 3 application gives Could not open JPA EntityManager only on server
24 nov 2011 kl. 08.20 Will Glass-Husain suggested: I'd guess a firewall is blocking the database requests when you use the full domain name. That's quite likely. I used IPtable to reroute port 80 to another port that I run Tomcat standalone on and probably I blocked everything else and forgot about it. I guess the 2 IPs I peruse only have a function for outside connections anyway, so it's good to avoid this plus that I gain a similar setup for the development machine which makes it easier to test stuff. Now it sounds like you have incorrect query syntax. Well, I was querying a nonexistent hibernate_sequences table. Duh! Fixed now. /MiB - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
FarmWarDeployer doesn't deploy updated war
Hi all I've configured the FarmWarDeployer for a test cluster into my company infrastructure (all nodes are windows server 2003), the FarmWarDeployer seems to properly deploy new wars and it able to undeploy removed wars, but doesn't seems to properly update war files on replace. Is this a normal behaviour? Thank You K. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 not working with javax.net.ssl.keyStorePassword property
On Thu, Nov 24, 2011 at 3:07 AM, Mark Thomas ma...@apache.org wrote: On 22/11/2011 20:42, Satish Mittal wrote: Hi All, I have observed a regression between tomcat 5 and tomcat 7. That is https://issues.apache.org/bugzilla/show_bug.cgi?id=38774 that was fixed only in the 5.5.x branch. I'm not a huge fan of using system properties for configuration so I prefer the Tomcat 6+ approach that requires explicit configuration (even though some system properties are still used as fall back). Hi Mark, Thanks for the link. I was searching for a related post in apache but couldn't find it. May I request you to merge this fix to tomcat 7 branch as well? Since it was working in tomcat .5.33, it would be a regression for my application once it moves to latest tomcat 7 version. Thanks, Satish Mark In my tomcat webapp, before I spawn another tomcat webapp process, I pass on the keystore password by setting the system property javax.net.ssl.keyStorePassword to keystore password, instead of writing the keystore password in plain-text as an attribute in server.xml. This used to work in tomcat 5. However in tomcat 7, the same webapp/keystore throws the following error: Nov 22, 2011 8:04:45 PM org.apache.coyote.AbstractProtocol init SEVERE: Failed to initialize end point associated with ProtocolHandler [http-bio-8096] java.io.IOException: Keystore was tampered with, or password was incorrect at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771) at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38) at java.security.KeyStore.load(KeyStore.java:1185) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:407) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:306) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:565) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:505) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:449) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:158) at org.apache.tomcat.util.net.JIoEndpoint.bind(JIoEndpoint.java:373) at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:498) at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:369) at org.apache.coyote.http11.AbstractHttp11JsseProtocol.init(AbstractHttp11JsseProtocol.java:119) at org.apache.catalina.connector.Connector.initInternal(Connector.java:909) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:573) at org.apache.catalina.startup.Catalina.load(Catalina.java:596) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:449) at java.lang.Thread.run(Thread.java:619) Caused by: java.security.UnrecoverableKeyException: Password verification failed at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769) ... 28 more Nov 22, 2011 8:04:47 PM org.apache.catalina.core.StandardService initInternal SEVERE: Failed to initialize connector [Connector[HTTP/1.1-8096]] org.apache.catalina.LifecycleException: Failed to initialize component [Connector[HTTP/1.1-8096]] at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:106) at org.apache.catalina.core.StandardService.initInternal(StandardService.java:559) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:781) at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:102) at org.apache.catalina.startup.Catalina.load(Catalina.java:573) at org.apache.catalina.startup.Catalina.load(Catalina.java:596) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:281) at
Re: Babysitting ThreadLocals
On 23 nov. 2011, at 16:48, Christopher Schultz wrote: Our servlet defines the ThreadLocal to be protected (because this is a base class for several servlets that all do similar things) and transient (because we just don't need it to be serialized) and override the initialValue method, like this: protected transient ThreadLocalSimpleDateFormat dayFormat = new ThreadLocalSimpleDateFormat() { public SimpleDateFormat initialValue() { return new SimpleDateFormat(-MM-dd); } }; In the servlet's destroy method, we dutifully call dayFormat.remove(). Tomcat complains that we are leaving sloppy ThreadLocals around on shutdown. Duh: Servlet.destroy is called by a single thread and won't actually remove the ThreadLocal in any meaningful way. So, my question is whether or not there is a good way to clean-out the ThreadLocals from our webapp? Given the declaration above, we are creating a new class which will be loaded by our webapp's ClassLoader and therefore pinning that ClassLoader in memory definitely causing a memory leak across reploy cycles. I don't think this ThreadLocal creates a real leak of classloader. It would if dayFormat was static. But you may still see warnings issued by tomcat when the application is stopped because of this problem http://wiki.apache.org/tomcat/MemoryLeakProtection#threadLocalPseudoLeak After some time and if all the threads of the server are sollicited sufficiently, the classloader will be eventually collected. With tomcat 7, there's no leak since threads are renewed, but you might still see the warnings. IMHO, you'd rather either stop worrying and recreate a new SimpleDateFormat, unless actual tests show a real bottleneck. In that case, go with another implementation like FastDateFormat. It will be much cleaner than playing with ThreadLocals... Sylvain - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re:Re: How to get the tomcat internal log out?
Hello : Why tomcat 7? Are there some features which can make classes updated without restart tomcat? Thanks . At 2011-11-24 00:04:06,Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Konstantin, On 11/21/11 7:00 AM, Konstantin Kolinko wrote: 2011/11/21 Kurt fxbird1...@163.com: Hello all: I compile tomcat 5.5.30 and import it to eclipse as a project, to research how the tomcat load class , I need to view the running log ,after reading through this post(http://tomcat.apache.org/tomcat-5.5-doc/logging.html) and adding below log4j.properties to the direcotry 'common/classes' and log4j-1.26.jar to common/lib, logs turned out not to be generated when I debug the tomcat starting from class Catalina. No idea about it, I've tried many times. log4j.rootLogger=DEBUG,R log4j.appender.R=org.apache.log4j.RollingFileAppender log4j.appender.R.File=k:\\logs\\tomcat.log log4j.appender.R.MaxFileSize=10MB log4j.appender.R.MaxBackupIndex=10 log4j.appender.R.layout=org.apache.log4j.PatternLayout log4j.appender.R.layout.ConversionPattern=%p%t%c-%m%n log4j.logger.org.apache.catalina.core.ContainerBase.[Catalina].[localhost]=DEBUG, R log4j.logger.org.apache.catalina.core=DEBUG, R log4j.logger.org.apache.catalina.session=DEBUG, R And the program parameter I use is 'start', vm parameter is '-Dcatalina.home=I:\My Documents\program\java\projects\eclipse\mye9.0\TOMCAT_5_5_30\mybuild-5.5.30' Any ideas? Thanks 0. Is there a reason why the OP is trying to use Tomcat 5.5 instead of Tomcat 7? 1. Is there a reason why you are trying to use log4j? That is not default configuration for Tomcat logging. The default one is JULI. (Though you have to remove log4.jar from Tomcat if you want JULI to work). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk7NGXYACgkQ9CaO5/Lv0PCN/ACgucGIyR8+8qLjAcejpyuDzxN6 r+cAoJCeXdgeK5cEhUFyCfAybjll4XUy =734m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Re:Re: How to get the tomcat internal log out?
From: 飞翔鸟 [mailto:fxbird1...@163.com] Subject: Re:Re: How to get the tomcat internal log out? Why tomcat 7? Because 5.5 is near end-of-life, 6.0 gets only critical fixes, and 7.0 is the one under active development. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Tomcat user roles
Hi Mark, Thanks, with your help, I find out this link: http://onjava.com/onjava/2001/07/24/tomcat.html, seems you need me setup MemoryRealm, then setup security constraint in webapps/manager/WEB-INF/web.xml There is an exist role manager , I try to understand it and add a new role restart in this web.xml, always get permission deny. So could you please give some instruction on how to setup below URL to that role restart only? http://hostname:8181/manager/html/stop?path=/APPNAME http://hostname:8181/manager/html/start?path=/APPNAME Regards, Bill On Thu, Nov 24, 2011 at 7:06 PM, ma...@apache.org wrote: Bill Wang bw57...@gmail.com wrote: Hi Tomcat guru, I have questions for the tomcat user roles setup. On-call team (24*7 support) need permission to restart one tomcat services, if they get call. I think it is maybe possible to let them restart tomcat throught Tomcat Web Application Manager (the admin url http://server:port/manager) My request is, I can't give the admin username and password directly to on-call team, admin account can not only restart the application, it can deploy and undeploy applications, that's too dangerous. So how can I setup the tomcat-users.xml or other config file to let on-call team has only permission to restart that particular application, not else. Regards, Bill You can create a new role in web.xml called restart and limit it to the list, start and stop commands since each command is part of the URL. Then you assign that role to a new user in your Realm. I'm on my phone so can't give an exact example. If that isn't enough info, I'm sure someone else can fill in the gaps for you. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org