Re: Writing a custom resource factory
Am 15.03.2012 21:54, schrieb Michael-O: Hi folks, I'd like to write a custom ldap resource factory as same as a data source factory. The getObjectInstance method shall return InitialDirContext object. I have written a mock factory and noticed that the output is cached by Tomcat. So the object is created only once (same id in Eclipse debugger). I think you can change that behavior, but it will not be necessary in your case. Now I need to verify that the InitialDirContext is still valid (conn timeout, etc.), same as testOnBorrow with DataSource. I won't have any reference to it after its creation. This means that I would need to wrap that object somehow and perform the operation myself? This is how Tomcat JDBC Pool does. Is my assumption correct? If yes, I would need to wrap every sing method defined in DirContext and InitialDirContext. If you look at the example, you gave. You will see, that the resource created a factory for you. That factory manages a pool and creates and validates connection objects for you. So, by using http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources you can easily define a resource, which creates a DirContext-factory/pool object. That factory can be the same for the whole application, if you make it thread safe. The factory-method can than manage the pool and validate each DirContext object, before it hands it out to you. Just remember to give it back to the pool/factory. Regards Felix Thanks, Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Writing a custom resource factory
Am 16.03.2012 08:24, schrieb Felix Schumacher: Am 15.03.2012 21:54, schrieb Michael-O: Hi folks, I'd like to write a custom ldap resource factory as same as a data source factory. The getObjectInstance method shall return InitialDirContext object. I have written a mock factory and noticed that the output is cached by Tomcat. So the object is created only once (same id in Eclipse debugger). I think you can change that behavior, but it will not be necessary in your case. I have found it. In http://tomcat.apache.org/tomcat-7.0-doc/config/context.html look for singleton. But I still believe, that you will not need it. Regards Felix Now I need to verify that the InitialDirContext is still valid (conn timeout, etc.), same as testOnBorrow with DataSource. I won't have any reference to it after its creation. This means that I would need to wrap that object somehow and perform the operation myself? This is how Tomcat JDBC Pool does. Is my assumption correct? If yes, I would need to wrap every sing method defined in DirContext and InitialDirContext. If you look at the example, you gave. You will see, that the resource created a factory for you. That factory manages a pool and creates and validates connection objects for you. So, by using http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Generic_JavaBean_Resources you can easily define a resource, which creates a DirContext-factory/pool object. That factory can be the same for the whole application, if you make it thread safe. The factory-method can than manage the pool and validate each DirContext object, before it hands it out to you. Just remember to give it back to the pool/factory. Regards Felix Thanks, Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Info on PermSize and MaxPermSize
Geet Chandra wrote: ... ... Here is code snippet for registering as Windows service %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program Files\ProductName\nonProduct\tomcat\b\bin\tomcat6.exe --Jvm=auto --StartMode=jvm --StopMode=jvm --StartClass=org.apache.catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.catalina.startup.Bootstrap --StopParams=stop The above code snippet is run as *.bat and being invoked from *.msi and command to start tomcat as cmd.exe /c net start tomcat . - As utility.vbs is being included in tomcat package(*.msi) , once tomcat is installed on system, this utility.vbs is placed in C:\Program Files\ProductName\nonProduct\tomcat\b\bin\ folder. Here is snippet for utility.vbs as - WSH_Shell.Run(cmd.exe /c net stop chr(34)Servicenamechr(34),0,True) So my question is there way to configure mentioned parameters before starting tomcat as Windows service. Ok. There are different Windows packages for tomcat, different ways to install Tomcat under Windows, and different ways to run it. And the answer to your original question is different in each case. Previously, it was not clear which way you were using. Now it is. First, you should consult the Tomcat FAQ, in which there is a whole section about running under Windows. More specifically this article : http://wiki.apache.org/tomcat/FAQ/Windows#Q11 In that page is a link to the procrun software documentation, which you should also read. This all explains what the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program . is, what it does, and how to set the appropriate parameters in the Windows Registry to achieve what you want to do. Key points : - the -XX command-line switches are command-line switches for the Java JVM which runs tomcat - the Windows Service runs the program tomcat(version).exe, which is a wrapper - the wrapper runs the JVM which runs tomcat - the wrapper reads its parameters from the Windows Registry, including the command-line switches that it should pass to the JVM when it starts it - these Registry parameters are set by the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program when you use it to install the service If this is still not clear, come back here and ask away. One more note : the JVM command-line switches can vary between different JVM versions. That's why it is also important to know which JVM version you are using. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: info regarding automatic restart of webapps when modifying $CATALINA_HOME/conf/web.xml
Mark DeSpain wrote: Greetings! Just trying to do some research regarding a behavior my team observed today. We're using some revision of Tomcat 7.0... I don't recall the specific version, but I can look it up if it is relevant. Apparently when someone modifies $CATALINA_HOME/conf/web.xml, Tomcat will reload all web applications in the container. Unfortunately for us, this wreaks havoc on our set of web applications since we've allowed them to express initialization dependencies between each other that are honored on startup (and other scenarios) but not this scenario. So, I'm looking for more information on how one might either disable this particular reload behavior or hook into that behavior so that we can ensure that dependencies are reinitialized accordingly. Can someone point me in the right direction? Either approach will work for us, but I'd be interested in knowing if there is indeed a hook we can tap into. Any input is greatly appreciated. Hi. I'm not a real specialist, but I'll try : 1) changing the behaviour regarding the default web.xml : I do not think that you can change this behaviour without triggering some other maybe undesirable side-effects (such as not reloading modified webapps automatically anymore) 2) hooks : you might want to look at this : http://tomcat.apache.org/tomcat-7.0-doc/config/listeners.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: info regarding automatic restart of webapps when modifying $CATALINA_HOME/conf/web.xml
Mark DeSpain mark.desp...@gmail.com wrote: We're using some revision of Tomcat 7.0... I don't recall the specific version, but I can look it up if it is relevant. Normally, the answer to that question would be yes. In this case, you are in luck. Apparently when someone modifies $CATALINA_HOME/conf/web.xml, Tomcat will reload all web applications in the container. Unfortunately for us, this wreaks havoc on our set of web applications since we've allowed them to express initialization dependencies between each other that are honored on startup (and other scenarios) but not this scenario. Opps. Web applications are meant to be independent. So, I'm looking for more information on how one might either disable this particular reload behavior or hook into that behavior so that we can ensure that dependencies are reinitialized accordingly. Can someone point me in the right direction? Either approach will work for us, but I'd be interested in knowing if there is indeed a hook we can tap into. Any input is greatly appreciated. Remove the WatchedResource... entry from $CATALINA_BASE/context.xml Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to leave this list?
Can anyone tell me how to leave this email list? I have tried sending an email to the unsubscribe address, but that has not worked. This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Writing a custom resource factory
Am 16.03.2012 08:24, schrieb Felix Schumacher: Am 15.03.2012 21:54, schrieb Michael-O: Hi folks, I'd like to write a custom ldap resource factory as same as a data source factory. The getObjectInstance method shall return InitialDirContext object. I have written a mock factory and noticed that the output is cached by Tomcat. So the object is created only once (same id in Eclipse debugger). I think you can change that behavior, but it will not be necessary in your case. I have found it. In http://tomcat.apache.org/tomcat-7.0-doc/config/context.html look for singleton. But I still believe, that you will not need it. Felix, I checked that already. I am on Tomcat 6.0.35, so this is not an option for me. Although the Tomcat Pool works great since the DataSource is created once. It would contradict if the DataSouce and its pool would exist several times. I'll will share my implementation idea shortly on the list as soon as it works. Mike -- NEU: FreePhone 3-fach-Flat mit kostenlosem Smartphone! Jetzt informieren: http://mobile.1und1.de/?ac=OM.PW.PW003K20328T7073a - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Info on PermSize and MaxPermSize
On Fri, Mar 16, 2012 at 1:24 PM, André Warnier a...@ice-sa.com wrote: Geet Chandra wrote: ... ... Here is code snippet for registering as Windows service %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program Files\ProductName\non**Product\tomcat\b\bin\tomcat6.**exe --Jvm=auto --StartMode=jvm --StopMode=jvm --StartClass=org.apache.**catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.**catalina.startup.Bootstrap --StopParams=stop The above code snippet is run as *.bat and being invoked from *.msi and command to start tomcat as cmd.exe /c net start tomcat . - As utility.vbs is being included in tomcat package(*.msi) , once tomcat is installed on system, this utility.vbs is placed in C:\Program Files\ProductName\non**Product\tomcat\b\bin\ folder. Here is snippet for utility.vbs as - WSH_Shell.Run(cmd.exe /c net stop chr(34)Servicenamechr(34),**0,True) So my question is there way to configure mentioned parameters before starting tomcat as Windows service. Ok. There are different Windows packages for tomcat, different ways to install Tomcat under Windows, and different ways to run it. And the answer to your original question is different in each case. Previously, it was not clear which way you were using. Now it is. First, you should consult the Tomcat FAQ, in which there is a whole section about running under Windows. More specifically this article : http://wiki.apache.org/tomcat/**FAQ/Windows#Q11http://wiki.apache.org/tomcat/FAQ/Windows#Q11 In that page is a link to the procrun software documentation, which you should also read. This all explains what the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program . is, what it does, and how to set the appropriate parameters in the Windows Registry to achieve what you want to do. Key points : - the -XX command-line switches are command-line switches for the Java JVM which runs tomcat - the Windows Service runs the program tomcat(version).exe, which is a wrapper - the wrapper runs the JVM which runs tomcat - the wrapper reads its parameters from the Windows Registry, including the command-line switches that it should pass to the JVM when it starts it - these Registry parameters are set by the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program when you use it to install the service If this is still not clear, come back here and ask away. - Thanks André for your valuable insights, One more question, I would like to ask, Like %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_BASE%\temp --JvmMs 256 --JvmMx 512 How can I set JAVA_OPTS=-Xms256m -Xmx512m using %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_BASE%\temp One more note : the JVM command-line switches can vary between different JVM versions. That's why it is also important to know which JVM version you are using. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geet
Re: Writing a custom resource factory
Am 16.03.2012 09:34, schrieb 1983-01...@gmx.net: Am 16.03.2012 08:24, schrieb Felix Schumacher: Am 15.03.2012 21:54, schrieb Michael-O: Hi folks, I'd like to write a custom ldap resource factory as same as a data source factory. The getObjectInstance method shall return InitialDirContext object. I have written a mock factory and noticed that the output is cached by Tomcat. So the object is created only once (same id in Eclipse debugger). I think you can change that behavior, but it will not be necessary in your case. I have found it. In http://tomcat.apache.org/tomcat-7.0-doc/config/context.html look for singleton. But I still believe, that you will not need it. Felix, I checked that already. I am on Tomcat 6.0.35, so this is not an option for me. Although the Tomcat Pool works great since the DataSource is created once. It would contradict if the DataSouce and its pool would exist several times. That is why the singleton property defaults to true. That resembles the behavior of older tomcats. And as I told you already, you want a singleton created by tomcat and given to your application. That singleton/factory can then be used to create DirContext objects. Look at the example for JavaBean resources in the documentation. Felix I'll will share my implementation idea shortly on the list as soon as it works. Mike - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat, JSP and LDAP
On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. However with this configuration my whole app become inaccessible, I imagine it's some form of protection or permissions thing, but in my floundering around trying things, this is the only thing that seems to have any effect on the whole app. You might want to re-read this section of the realm-howto: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm Can you run any queries against the LDAP server outside of Tomcat that give you results that you might expect? For instance, can you do a search of the LDAP tree for a particular user? What does that query look like? When you do that search, are you using anonymous bind or are you using user bind? If user, which user? Some administrative user or the user whose credentials should be checked? I can connect with a tool called JXplorer, but I have not had any luck from other applications, but that's due to inability to find any up to date documentation on the libraries I was using. login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/fail_login.jsp/form-error-page /form-login-config /login-config That looks just fine: configuring the credential-gathering system is usually trivial. It's configuring the authentication system that is usually the problem. Cool, at least some of this is working right, do you need to see those files btw? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9iM+sACgkQ9CaO5/Lv0PBhjQCePnWAoRuPgmLUnVt1p3sR/SBt 8vwAnib22g8tvT/PpyN2FfUE5Gs7+OVP =9g6k -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to leave this list?
2012/3/16 Purvis Robert (NHS CONNECTING FOR HEALTH) robert.pur...@nhs.net: Can anyone tell me how to leave this email list? I have tried sending an email to the unsubscribe address, but that has not worked. Was the mail lost, or there was some specific error message? There are more detailed instructions here: http://www.apache.org/foundation/mailinglists.html If that does not help you can send mail to list owner address and he will unsubscribe you manually. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom WebappLoader, Jasper and custom JSP tags
2012/3/16 Johannes Ernst jer...@netmesh.us: On Mar 15, 2012, at 17:38, Konstantin Kolinko wrote: Moreover Jasper has to pass a classpath to an external Java compiler (ecj or javac). The classpath is constructed and passed to Jasper as String. Could you point me to where in the code it does this? I was looking for invocations of something like WebappLoader.getRepositories() but came up empty. ... The method is WebappClassLoader#getURLs() that returns URL[] Is that array cached somewhere or called every time before Jasper / javac run again? Do I need to do something when it changes? This list is very helpful. In Tomcat 6.0.x the following places of interest call it: - in WebappLoader: WebappLoader#setClassPath() - in Jasper: JspRuntimeContext#initClassPath()\ JspRuntimeContext#initSecurity() TldLocationsCache#scanJars() Where is a good breakpoint or debug switch that I could set to see with which class path values Jasper and javac are being invoked? Why are you asking if the source code is available? If there are log.debug() calls in those places, then you can enable FINE logging and see what it logs. Otherwise just run it under debugger. See https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Info on PermSize and MaxPermSize
On Fri, Mar 16, 2012 at 1:24 PM, André Warnier a...@ice-sa.com wrote: Geet Chandra wrote: ... ... Here is code snippet for registering as Windows service %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program Files\ProductName\non**Product\tomcat\b\bin\tomcat6.**exe --Jvm=auto --StartMode=jvm --StopMode=jvm --StartClass=org.apache.**catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.**catalina.startup.Bootstrap --StopParams=stop The above code snippet is run as *.bat and being invoked from *.msi and command to start tomcat as cmd.exe /c net start tomcat . - As utility.vbs is being included in tomcat package(*.msi) , once tomcat is installed on system, this utility.vbs is placed in C:\Program Files\ProductName\non**Product\tomcat\b\bin\ folder. Here is snippet for utility.vbs as - WSH_Shell.Run(cmd.exe /c net stop chr(34)Servicenamechr(34),**0,True) So my question is there way to configure mentioned parameters before starting tomcat as Windows service. Ok. There are different Windows packages for tomcat, different ways to install Tomcat under Windows, and different ways to run it. And the answer to your original question is different in each case. Previously, it was not clear which way you were using. Now it is. First, you should consult the Tomcat FAQ, in which there is a whole section about running under Windows. More specifically this article : http://wiki.apache.org/tomcat/**FAQ/Windows#Q11http://wiki.apache.org/tomcat/FAQ/Windows#Q11 In that page is a link to the procrun software documentation, which you should also read. This all explains what the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program . is, what it does, and how to set the appropriate parameters in the Windows Registry to achieve what you want to do. Key points : - the -XX command-line switches are command-line switches for the Java JVM which runs tomcat - the Windows Service runs the program tomcat(version).exe, which is a wrapper - the wrapper runs the JVM which runs tomcat - the wrapper reads its parameters from the Windows Registry, including the command-line switches that it should pass to the JVM when it starts it - these Registry parameters are set by the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program when you use it to install the service If this is still not clear, come back here and ask away. Could you please tell me how to set -XX:MaxPermSize=96m and -XX:PermSize=72m in Window Registry, when I start tomcat as window service, it should pass these value to JVM. Can I execute the following command to register %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions -Djava.io.tmpdir=%CATALINA_BASE%\temp --JvmMs 256 --JvmMx 512 -XX:MaxPermSize 96m -XX:PermSize=72m One more note : the JVM command-line switches can vary between different JVM versions. That's why it is also important to know which JVM version you are using. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geet
RE: How to leave this list?
I got no error message. I tried about 5 times (just tried again), emailing to users-unsubscr...@tomcat.apache.org as it says in the footer to this list's emails. Rob -Original Message- From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: 16 March 2012 10:24 To: Tomcat Users List Subject: Re: How to leave this list? 2012/3/16 Purvis Robert (NHS CONNECTING FOR HEALTH) robert.pur...@nhs.net: Can anyone tell me how to leave this email list? I have tried sending an email to the unsubscribe address, but that has not worked. Was the mail lost, or there was some specific error message? There are more detailed instructions here: http://www.apache.org/foundation/mailinglists.html If that does not help you can send mail to list owner address and he will unsubscribe you manually. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org This message may contain confidential information. If you are not the intended recipient please inform the sender that you have received the message in error before deleting it. Please do not disclose, copy or distribute information in this e-mail or take any action in reliance on its contents: to do so is strictly prohibited and may be unlawful. Thank you for your co-operation. NHSmail is the secure email and directory service available for all NHS staff in England and Scotland NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and GSi recipients NHSmail provides an email address for your career in the NHS and can be accessed anywhere For more information and to find out how you can switch, visit www.connectingforhealth.nhs.uk/nhsmail - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to leave this list?
On 16/03/2012 10:49, Purvis Robert (NHS CONNECTING FOR HEALTH) wrote: I got no error message. I tried about 5 times (just tried again), emailing to users-unsubscr...@tomcat.apache.org as it says in the footer to this list's emails. Rob Are you sure that you are subscribed with the email that you are unsubscribing from? (Sometimes mailforwarding etc... can deceive you on this). The best approach would be to contact the list owner directly, I'm sure they're not intending to send you emails if they knew you didn't want them. -- Best Regards, Giles Coochey NetSecSpec Ltd UK Mobile: +44 7983 877 438 Business Email: giles.cooc...@netsecspec.co.uk Email/MSN/Live Messenger: gi...@coochey.net Skype: gilescoochey smime.p7s Description: S/MIME Cryptographic Signature
Re: How to leave this list?
2012/3/16 Purvis Robert (NHS CONNECTING FOR HEALTH) robert.pur...@nhs.net: I got no error message. I tried about 5 times (just tried again), emailing to users-unsubscr...@tomcat.apache.org as it says in the footer to this list's emails. Did your message have subject and some text in the body? Otherwise it could be rejected by spam filter. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Info on PermSize and MaxPermSize
Geet Chandra wrote: .. One more question, I would like to ask, Like %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_BASE%\temp --JvmMs 256 --JvmMx 512 How can I set JAVA_OPTS=-Xms256m -Xmx512m using %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_BASE%\temp I am not sure that I really understand your question. JAVA_OPTS is an environment variable, that can be used in *scripts*, such as for example when you start Tomcat in a command window by using a .bat script. But these environment variables are not used when Tomcat runs as a service, under control of the wrapper program. In that case, the wrapper picks values out of the Windows Registry, and uses them to (internally) set the command-line parameters for the JVM, when it starts the JVM. The install command above sets these Registry values, so that (later) the wrapper can pick them up, when it starts the JVM. The documentation of procrun is sometimes a bit obscure. As far as I can tell, in your case, there are 2 ways of specifying the -XMs and -Xmx switches for the JVM : you can use *either* of --JvmMs xxxM --JvmMx yyyM OR ++JvmOptions -Xms...M -Xmx ...M ..I think.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Info on PermSize and MaxPermSize
Geet Chandra wrote: On Fri, Mar 16, 2012 at 1:24 PM, André Warnier a...@ice-sa.com wrote: Geet Chandra wrote: ... ... Here is code snippet for registering as Windows service %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program Files\ProductName\non**Product\tomcat\b\bin\tomcat6.**exe --Jvm=auto --StartMode=jvm --StopMode=jvm --StartClass=org.apache.**catalina.startup.Bootstrap --StartParams=start --StopClass=org.apache.**catalina.startup.Bootstrap --StopParams=stop The above code snippet is run as *.bat and being invoked from *.msi and command to start tomcat as cmd.exe /c net start tomcat . - As utility.vbs is being included in tomcat package(*.msi) , once tomcat is installed on system, this utility.vbs is placed in C:\Program Files\ProductName\non**Product\tomcat\b\bin\ folder. Here is snippet for utility.vbs as - WSH_Shell.Run(cmd.exe /c net stop chr(34)Servicenamechr(34),**0,True) So my question is there way to configure mentioned parameters before starting tomcat as Windows service. Ok. There are different Windows packages for tomcat, different ways to install Tomcat under Windows, and different ways to run it. And the answer to your original question is different in each case. Previously, it was not clear which way you were using. Now it is. First, you should consult the Tomcat FAQ, in which there is a whole section about running under Windows. More specifically this article : http://wiki.apache.org/tomcat/**FAQ/Windows#Q11http://wiki.apache.org/tomcat/FAQ/Windows#Q11 In that page is a link to the procrun software documentation, which you should also read. This all explains what the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program . is, what it does, and how to set the appropriate parameters in the Windows Registry to achieve what you want to do. Key points : - the -XX command-line switches are command-line switches for the Java JVM which runs tomcat - the Windows Service runs the program tomcat(version).exe, which is a wrapper - the wrapper runs the JVM which runs tomcat - the wrapper reads its parameters from the Windows Registry, including the command-line switches that it should pass to the JVM when it starts it - these Registry parameters are set by the above command %EXECUTABLE% //IS//%SERVICE_NAME% --Install=C:\Program when you use it to install the service If this is still not clear, come back here and ask away. Could you please tell me how to set -XX:MaxPermSize=96m and -XX:PermSize=72m in Window Registry, when I start tomcat as window service, it should pass these value to JVM. Can I execute the following command to register %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions -Djava.io.tmpdir=%CATALINA_BASE%\temp --JvmMs 256 --JvmMx 512 -XX:MaxPermSize 96m -XX:PermSize=72m See previous answers. I think you should not use the --JvmMx and --JvmMs swicthes inside the ++JvmOptions. It is either one or the other. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat, JSP and LDAP
On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. However with this configuration my whole app become inaccessible, I imagine it's some form of protection or permissions thing, but in my floundering around trying things, this is the only thing that seems to have any effect on the whole app. You might want to re-read this section of the realm-howto: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm Can you run any queries against the LDAP server outside of Tomcat that give you results that you might expect? For instance, can you do a search of the LDAP tree for a particular user? What does that query look like? When you do that search, are you using anonymous bind or are you using user bind? If user, which user? Some administrative user or the user whose credentials should be checked? I can connect with a tool called JXplorer, but I have not had any luck from other applications, but that's due to inability to find any up to date documentation on the libraries I was using. login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/fail_login.jsp/form-error-page /form-login-config /login-config Side note: I usually recommend putting those files in WEB-INF, in their own directory, say: WEB-INF/login. p That looks just fine: configuring the credential-gathering system is usually trivial. It's configuring the authentication system that is usually the problem. Cool, at least some of this is working right, do you need to see those files btw? -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Custom WebappLoader, Jasper and custom JSP tags
On 15/03/2012 23:44, Johannes Ernst wrote: I've implemented my own org.apache.catalina.loader.WebappLoader. It consults a bunch of JARs held in the file system outside of the WAR. Would one of the shared/common classloaders in Tomcat not achieve the same thing - what is unique about the problem that requires a custom classloader? p One of those outside JARs contains a custom JSP tag. When attempting to compile the JSP, Jasper fails to find it. I'm getting this: javax.servlet.ServletException: org.apache.jasper.JasperException: Unable to compile class for JSP: An error occurred at line: 13 in the jsp file: /foobar.jsp com.example.MyCustomTag cannot be resolved to a type My guess is that I somehow need to tell Jasper that it should use my custom WebappLoader when looking for custom tags. How would I do that? A few hours worth of poking around in the source code hasn't helped … This is Tomcat 6.0.28 but any answer for any version is appreciated. Thanks, Johannes. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Tomcat, JSP and LDAP
I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. However with this configuration my whole app become inaccessible, I imagine it's some form of protection or permissions thing, but in my floundering around trying things, this is the only thing that seems to have any effect on the whole app. You might want to re-read this section of the realm-howto:
Re: Info on PermSize and MaxPermSize
Could you please tell me how to set -XX:MaxPermSize=96m and -XX:PermSize=72m in Window Registry, when I start tomcat as window service, it should pass these value to JVM. Can I execute the following command to register %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions -Djava.io.tmpdir=%CATALINA_BASE%\temp --JvmMs 256 --JvmMx 512 -XX:MaxPermSize 96m -XX:PermSize=72m On Fri, Mar 16, 2012 at 5:09 PM, André Warnier a...@ice-sa.com wrote: Geet Chandra wrote: .. One more question, I would like to ask, Like %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_**BASE%\temp --JvmMs 256 --JvmMx 512 How can I set JAVA_OPTS=-Xms256m -Xmx512m using %EXECUTABLE% //US//%SERVICE_NAME% ++JvmOptions Djava.io.tmpdir=%CATALINA_**BASE%\temp I am not sure that I really understand your question. JAVA_OPTS is an environment variable, that can be used in *scripts*, such as for example when you start Tomcat in a command window by using a .bat script. But these environment variables are not used when Tomcat runs as a service, under control of the wrapper program. In that case, the wrapper picks values out of the Windows Registry, and uses them to (internally) set the command-line parameters for the JVM, when it starts the JVM. The install command above sets these Registry values, so that (later) the wrapper can pick them up, when it starts the JVM. The documentation of procrun is sometimes a bit obscure. As far as I can tell, in your case, there are 2 ways of specifying the -XMs and -Xmx switches for the JVM : you can use *either* of --JvmMs xxxM --JvmMx yyyM OR ++JvmOptions -Xms...M -Xmx ...M ..I think.. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Thanks Regards Geet
Re: Tomcat, JSP and LDAP
On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select What are you expecting this select element to do? p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. However with this configuration my whole app become inaccessible, I imagine it's some form of protection or permissions thing, but in my floundering around trying things, this is the only thing that seems to have any effect on the whole app. You might want to re-read
Re: Tomcat, JSP and LDAP
On 16 March 2012 14:41, Pid p...@pidster.com wrote: On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select What are you expecting this select element to do? To do exactly what it does do, allow me to select from a list of users that's generated from the below jsp. It's about the only thing in my code that does work :S p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. However with this configuration my whole app become inaccessible, I imagine it's some form of
Re: Tomcat, JSP and LDAP
- Original Message - From: Neil Munro neilmu...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 16, 2012 10:56:56 AM Subject: Re: Tomcat, JSP and LDAP On 16 March 2012 14:41, Pid p...@pidster.com wrote: On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select If you're intending this to replace the standard login form's user name input text box then you'll need to set the name attribute of the select tag to 'j_username'. Like this... select name=j_username Dan What are you expecting this select element to do? To do exactly what it does do, allow me to select from a list of users that's generated from the below jsp. It's about the only thing in my code that does work :S p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company
Re: Tomcat, JSP and LDAP
Yeah, sorry, that's fixed too now. My first error is that I have my server.xml realm almost set up, it's just when I try to load any page it's protected and can't be loaded, including the login.jsp file. Didn't even get to the login stage. On 16 March 2012 15:07, Daniel Mikusa dmik...@vmware.com wrote: - Original Message - From: Neil Munro neilmu...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 16, 2012 10:56:56 AM Subject: Re: Tomcat, JSP and LDAP On 16 March 2012 14:41, Pid p...@pidster.com wrote: On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select If you're intending this to replace the standard login form's user name input text box then you'll need to set the name attribute of the select tag to 'j_username'. Like this... select name=j_username Dan What are you expecting this select element to do? To do exactly what it does do, allow me to select from a list of users that's generated from the below jsp. It's about the only thing in my code that does work :S p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm
IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33
Hi all, I have a system with Windows Server 2008 32 bit, IIS 7.0, Java 1.7.0_03, Tomcat 7.0.26 and the ISAPI redirector. Since I updated the ISAPI redirector from 1.2.32 to 1.2.33, it seems that each time when IIS tries to recycle its application pool, the IIS worker process (w3wp.exe) crashes in isapi_redirect.dll. In the event log, an Application Error of w3wp.exe is logged (here is an English translation): Faulty application w3wp.exe, Version 7.0.6002.18005, time stamp 0x49e023cf, faulty module isapi_redirect.dll, Version 1.2.33.0, time stamp 0x4f59be7d, exception code 0xc005, error offset 0x0002bb16, process ID 0x10f0, application start time 01cd0336e5b7824a. (The process ID does not match the one of w3wp.exe before the crash, nor the one after the crash, so it seems a bit like when the new w3wp.exe is launched after recycle, it crashes and immediately another w3wp.exe is started). In the ISAPI log, following lines appear when w3wp.exe crashes: [Fri Mar 16 06:37:38.402 2012] [4336:6828] [error] ajp_worker_factory::jk_ajp_common.c (3006): allocating ajp worker record from shared memory [Fri Mar 16 06:37:38.417 2012] [4336:6828] [error] wc_create_worker::jk_worker.c (150): factory for ajp13 failed for worker1 [Fri Mar 16 06:37:38.426 2012] [4336:6828] [error] build_worker_map::jk_worker.c (261): failed to create worker worker1 [Fri Mar 16 06:37:38.434 2012] [4336:6828] [error] extension_fix::jk_uri_worker_map.c (554): Could not find worker with name 'worker1' in uri map post processing. Any idea what these lines could mean / that caused them? Note that it seems that after the crash (when a new w3wp.exe is created), pages are served fine again (though I do not know what happens with request that are made exactly in the time when IIS resets the app pool). The crashes and these log lines didn't appear in ISAPI 1.2.32. I think I read somewhere in the thread Issues with the tomcat connector (On W2k8 + IIS7.5) about some change in the ISAPI connector which has to do with shared memory, but I'm not sure. Thanks! Regards, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33
Any idea what these lines could mean / that caused them? Note that it seems that after the crash (when a new w3wp.exe is created), pages are served fine again (though I do not know what happens with request that are made exactly in the time when IIS resets the app pool). The crashes and these log lines didn't appear in ISAPI 1.2.32. Sorry, forgot to post my configuration: uriworkersmap.properties: /*=worker1 workers.properties: # Define 1 real worker using ajp13 worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8019 Thanks, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom WebappLoader, Jasper and custom JSP tags
On Mar 16, 2012, at 3:30, Konstantin Kolinko wrote: Where is a good breakpoint or debug switch that I could set to see with which class path values Jasper and javac are being invoked? Why are you asking if the source code is available? Because I'm a little lost in the source code. E.g. I'm finding JDTCompiler.generateClass() which creates an instance of Compiler, which presumably compiles the generated Java (failing, because it can't find the custom tag classes), but I cannot find anything resembling a class path that's being passed into the call. Somewhere between my custom Class Loader's getURLs() -- which I fixed per your previous advice -- and the compiler invocation, my class path to the custom tags gets lost. If there are log.debug() calls in those places, then you can enable FINE logging and see what it logs. Otherwise just run it under debugger. I am … Hasn't helped too much yet. See https://wiki.apache.org/tomcat/FAQ/Developing#Debugging Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom WebappLoader, Jasper and custom JSP tags
On Mar 16, 2012, at 5:07, Pid wrote: On 15/03/2012 23:44, Johannes Ernst wrote: I've implemented my own org.apache.catalina.loader.WebappLoader. It consults a bunch of JARs held in the file system outside of the WAR. Would one of the shared/common classloaders in Tomcat not achieve the same thing - what is unique about the problem that requires a custom classloader? Good question, I guess I should have started with explaining it. I'm attempting to integrate with InfoGrid's module framework ( http://infogrid.org/trac/wiki/Docs/ModuleFramework ). InfoGrid is an open-source graph database ( http://infogrid.org/ ) and web framework. Its module framework breaks the InfoGrid code base into 100 modules with declared and managed dependencies. Developers using InfoGrid can pick and choose those modules that they actually need in their apps. Some also look up modules at run-time and dynamically add those modules at run-time to a running app. You can think of each module as a JAR, with associated metadata and a custom ClassLoader. A bit like OSGI but class-based rather than services-based. Traditionally, InfoGrid apps running in Tomcat have bundled all the modules/JARs of the app into the WAR. We'd like to go beyond that so: * multiple InfoGrid apps on the same Tomcat instance point to the same module/JAR version, thereby being guaranteed to be running the same version * (controlled) data sharing can occur between multiple InfoGrid apps on the same Tomcat instance, which is useful because of InfoGrid's in-memory caching * dynamic module lookup is available to InfoGrid apps running in Tomcat as well (which requires dynamic addition of code and thus messing with ClassLoaders) The basic design is to have a custom ClassLoader initiated through a custom Tomcat WebAppLoader, which has the usual parent (so, for example, JSPs and the generated code can be found) but also delegates to the ClassLoaders for the InfoGrid modules that the app depends on. This seems to work fine so far except that I'm stuck on support for custom tags, of which we have a bunch in InfoGrid to make JSP development easy on a graph foundation. I have managed to get the TLDs found, to have the JSP-Java codegen working, but the Java-class seems to be getting the wrong class path. And I'm a little lost where in Tomcat that info is being put together. Does this make sense? Cheers, Johannes. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Configure SSL under Tomcat 7
Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. PS : I want to use the APR implementation not the JSSE one, and BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! Thanks.
Re: Java 7 + Tomcat 6.0.35 + Win2k3 Problem
OK. 1. Can you set the address field manually, rather than letting the defaults run? I tried with either localhost, 127.0.0.1 still doesnt work. Also, can you please log InetAddress.toString() immediately before you do the above line? I suspect Inet4 v Inet6 is the culprit. Tried with both preferIpv4Stack=true and false. 2. Unless you subsequently modify the connector you are setting the default value for the socket traffic class for the NIO connector, from: Using default connector and from eclipse debugger it is soTrafficClass = 0x04 | 0x08 | 0x010; org.apache.tomcat.util.net.SocketProperties which is: protected int soTrafficClass = 0x04 | 0x08 | 0x010; The other thread reports a similar error, in: org.apache.catalina.tribes.transport.nio.NioReceiver where the default is from org.apache.catalina.tribes.transport.ReceiverBase and is also: private int soTrafficClass = 0x04 | 0x08 | 0x010; -- View this message in context: http://tomcat.10.n6.nabble.com/Java-7-Tomcat-6-0-35-Win2k3-Problem-tp4566739p4625582.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Java 7 + Tomcat 6.0.35 + Win2k3 Problem
I am doing this at the moment. diff /apache-tomcat-6.0.35-src/java/org/apache/tomcat/util/net/SocketProperties.java socket.setTrafficClass(soTrafficClass); --- try { socket.setTrafficClass(soTrafficClass); } catch (Throwable t) { //TODO: Log error. } -- View this message in context: http://tomcat.10.n6.nabble.com/Java-7-Tomcat-6-0-35-Win2k3-Problem-tp4566739p4625603.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33
-Original Message- From: Konstantin Preißer [mailto:verlag.preis...@t-online.de] Sent: Saturday, 17 March 2012 2:31 AM To: 'Tomcat Users List' Subject: RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33 Any idea what these lines could mean / that caused them? Note that it seems that after the crash (when a new w3wp.exe is created), pages are served fine again (though I do not know what happens with request that are made exactly in the time when IIS resets the app pool). The crashes and these log lines didn't appear in ISAPI 1.2.32. Hi 1.2.32 was doing that for me.. 1.2.33 was meant to fix it, but I can't get 1.2.33 to load. Do you use overlapping recycle and a web garden ? Alex Sorry, forgot to post my configuration: uriworkersmap.properties: /*=worker1 workers.properties: # Define 1 real worker using ajp13 worker.list=worker1 # Set properties for worker1 (ajp13) worker.worker1.type=ajp13 worker.worker1.host=localhost worker.worker1.port=8019 Thanks, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
set SSLEnabled=true in your Connector element, that turns on SSL. After that, if you don't have keystoreFile or keystorePass set, it will throw errors Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 9:58:49 AM Subject: Configure SSL under Tomcat 7 Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. PS : I want to use the APR implementation not the JSSE one, and BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! Thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33
Hi Alex, -Original Message- From: Alex Samad - Yieldbroker [mailto:alex.sa...@yieldbroker.com] Sent: Friday, March 16, 2012 5:23 PM To: Tomcat Users List Subject: RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33 Hi 1.2.32 was doing that for me.. 1.2.33 was meant to fix it, but I can't get 1.2.33 to load. Do you use overlapping recycle and a web garden ? Alex Thanks for your reply. I don't think I'm using a web garden - I just have one application pool for all virtual hosts which use the ISAPI redirector, and that application pool consists of a maximum of 1 worker process (the default IIS values). It is set to be recycled every 1740 minutes, and disallowOverlappingRotation for that pool is set to false - I guess that means I'm using overlapping recycle (a new w3wp.exe is started which takes new requests, and after all old requests are finished, the old w3wp.exe will be stopped). Thanks, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: IIS 7.0 Worker process crashes on App Pool recycling since ISAPI redirector 1.2.33
[snip] Hi 1.2.32 was doing that for me.. 1.2.33 was meant to fix it, but I can't get 1.2.33 to load. Do you use overlapping recycle and a web garden ? Alex Thanks for your reply. I don't think I'm using a web garden - I just have one application pool for all virtual hosts which use the ISAPI redirector, and that application pool consists of a maximum of 1 worker process (the default IIS values). It is set to be recycled every 1740 minutes, and disallowOverlappingRotation for that pool is set to false - I guess that means I'm using overlapping recycle (a new w3wp.exe is started which takes new requests, and after all old requests are finished, the old w3wp.exe will be stopped). The 1 processor thread is the key. The problem I summarised with 1.2.32 is that the shared memory is not protected by a OS semaphore, but an in process semaphore... 1.2.33 was mean to address this by changing from an inprocess semaphore to a OS semaphore. I am surprised you have 1.2.33 loading and working, every time I try to load it crashes out on me. Only quick solution I can think is that you move back to 1.2.32 :) You might want to trial the system under load. I found that if you had about 500 connections all try and reconnect at the same time with overlapping recycling it would corrupt the sharememory it was a bit of a silent killer for us. Thanks, Konstantin Preißer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Configure SSL under Tomcat 7
Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 -- Engine name=Catalina defaultHost=localhost !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- !-- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/ -- !-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -- Realm className=org.apache.catalina.realm.LockOutRealm !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ /Realm Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true !-- SingleSignOn valve,
RE: Configure SSL under Tomcat 7
Sorry :D i want say server.xml From: ayb-2...@hotmail.fr To: users@tomcat.apache.org Subject: RE: Configure SSL under Tomcat 7 Date: Fri, 16 Mar 2012 16:50:14 + Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 -- Engine name=Catalina defaultHost=localhost !--For clustering, please take a look at documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) -- !-- Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/ -- !-- Use the LockOutRealm to prevent attempts to guess user passwords via a brute-force attack -- Realm className=org.apache.catalina.realm.LockOutRealm !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key
Re: Configure SSL under Tomcat 7
ok, check your logs for errors. You must have APR libraries with OpenSSL installed, and you must specify the SSLCertificateFile SSLCertificateKeyFile attributes. All errors will be in the logs Filip - Original Message - From: ayouB __ ayb-2...@hotmail.fr To: users@tomcat.apache.org Sent: Friday, March 16, 2012 10:52:13 AM Subject: RE: Configure SSL under Tomcat 7 Sorry :D i want say server.xml From: ayb-2...@hotmail.fr To: users@tomcat.apache.org Subject: RE: Configure SSL under Tomcat 7 Date: Fri, 16 Mar 2012 16:50:14 + Here's My service.xml file : ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol connectionTimeout=2 redirectPort=8080 / -- !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : Engine name=Catalina defaultHost=localhost jvmRoute=jvm1 --
RE: Configure SSL under Tomcat 7
Here's all logs of my console : 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_31\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:/Program Files/Java/jdk1.6.0_31/jre/bin/client;C:/Program Files/Java/jdk1.6.0_31/jre/bin;C:/Program Files/Java/jdk1.6.0_31/jre/lib/i386;C:\Program Files\Java\jdk1.6.0_31\jre\bin;C:\Program Files\Java\jdk1.6.0_31\bin;c:\Orant9i\jdk\jre\bin\classic;c:\Orant9i\jdk\jre\bin;c:\Orant9i\bin;c:\Orant9i\jlib;C:\Program Files\Oracle\jre\1.1.8\bin;C:\Program Files\Oracle\jre\1.3.1\bin;C:\orant6i\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\orant6i\jdk\bin;C:\Program Files\Rational\common;C:\Program Files\Rational\ClearCase\bin;C:\Program Files\SecureCRT 3.0;C:\Program Files\Apache Software Foundation\apache-maven-3.0.4\bin;;. 16 mars 2012 17:05:48 org.apache.tomcat.util.digester.SetPropertiesRule begin ATTENTION: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:JSF_Test' did not find a matching property. 16 mars 2012 17:05:49 org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [http-bio-8080] 16 mars 2012 17:05:49 org.apache.coyote.AbstractProtocol init INFO: Initializing ProtocolHandler [ajp-bio-8009] 16 mars 2012 17:05:49 org.apache.catalina.startup.Catalina load INFO: Initialization processed in 635 ms 16 mars 2012 17:05:49 org.apache.catalina.core.StandardService startInternal INFO: Démarrage du service Catalina 16 mars 2012 17:05:49 org.apache.catalina.core.StandardEngine startInternal INFO: Starting Servlet Engine: Apache Tomcat/7.0.26 16 mars 2012 17:05:54 org.apache.myfaces.ee6.MyFacesContainerInitializer onStartup INFO: Added FacesServlet with mappings=[/faces/*, *.jsf, *.faces] 16 mars 2012 17:05:54 org.apache.myfaces.config.DefaultFacesConfigurationProvider getStandardFacesConfig INFO: Reading standard config META-INF/standard-faces-config.xml log4j:WARN No appenders could be found for logger (org.apache.commons.digester.Digester.sax). log4j:WARN Please initialize the log4j system properly. 16 mars 2012 17:05:55 org.apache.myfaces.config.DefaultFacesConfigurationProvider getWebAppFacesConfig INFO: Reading config /WEB-INF/faces-config.xml 16 mars 2012 17:05:55 org.apache.myfaces.config.annotation.DefaultAnnotationProvider webClasses ATTENTION: AnnotationConfigurator does not found classes for annotations in /WEB-INF/classes/org/hps/jsfDemo/domain/ . This could happen because maven jetty plugin is used (goal jetty:run). Try configure org.apache.myfaces.annotation.SCAN_PACKAGES init parameter or use jetty:run-exploded instead. 16 mars 2012 17:05:56 org.apache.myfaces.config.DefaultFacesConfigurationProvider getClassloaderFacesConfig INFO: Reading config : jar:file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/richfaces-components-ui-4.1.0.Final.jar!/META-INF/faces-config.xml 16 mars 2012 17:05:56 org.apache.myfaces.config.DefaultFacesConfigurationProvider getClassloaderFacesConfig INFO: Reading config : jar:file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/richfaces-core-impl-4.1.0.Final.jar!/META-INF/faces-config.xml 16 mars 2012 17:05:56 org.apache.myfaces.config.LogMetaInfUtils logArtifact INFO: Artifact 'myfaces-api' was found in version '2.1.5' from path 'file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/myfaces-api-2.1.5.jar' 16 mars 2012 17:05:56 org.apache.myfaces.config.LogMetaInfUtils logArtifact INFO: Artifact 'myfaces-impl' was found in version '2.1.5' from path 'file:/C:/Documents%20and%20Settings/Administrateur/Mes%20documents/workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp1/wtpwebapps/JSF_Test/WEB-INF/lib/myfaces-impl-2.1.5.jar' 16 mars 2012 17:05:56 org.apache.myfaces.util.ExternalSpecifications isBeanValidationAvailable INFO: MyFaces Bean Validation support disabled 16 mars 2012 17:05:57 org.apache.myfaces.application.ApplicationImpl getProjectStage INFO: Couldn't discover the current project stage, using Production 16 mars 2012 17:05:57 org.apache.myfaces.config.FacesConfigurator handleSerialFactory INFO: Serialization provider : class org.apache.myfaces.shared_impl.util.serial.DefaultSerialFactory 16 mars 2012 17:05:57 org.apache.myfaces.config.annotation.DefaultLifecycleProviderFactory getLifecycleProvider INFO: Using LifecycleProvider org.apache.myfaces.config.annotation.Tomcat7AnnotationLifecycleProvider 16 mars 2012 17:05:57
Re: Tomcat 5.5 IIS 7.5 2008 64bit
It is getting 404.0 error. I verified all steps. even added IIS_IUSR to the ISAPI folder. On Mon, Mar 12, 2012 at 3:07 PM, Mladen Turk mt...@apache.org wrote: On 03/12/2012 05:37 PM, Bradford Matthews wrote: Here is my steps that I used to install tomcat isapi connector. 5. EditTomcat-install-folder\conf\server.xml to allow localhost on port 8009 by adding address=127.0.0.1: !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 address=127.0.0.1 enableLookups=false redirectPort=8443 protocol=AJP/1.3 To test the connector: From a supported browser, enter the following URL: https://localhost/tomcat-docs The Apache Tomcat Documentation page is displayed. Requested URL https://localhost:443/docs/ Any suggestions? Seems you are requesting this over ssl so you will probably need to add scheme=https to the AJP/1.3 connector Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: info regarding automatic restart of webapps when modifying $CATALINA_HOME/conf/web.xml
Hi Mark T, Thanks for the information about removing the WatchedResource... entry from $CATALINA_BASE/context.xml. While that prevents a web applications from restarting when modifying the web.xml included with it, it does not prevent restarting of all web applications when modifying the web.xml in the server's conf folder. FYI, we currently appear to be using Tomcat 7.0.6, though I suspect we'll be upgrading to the latest sometime soon. ~Mark
Re: Info on PermSize and MaxPermSize
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/16/12 7:44 AM, André Warnier wrote: See previous answers. +1 The procrun page clearly describes how to pass any option directly to the JVM. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jiE0ACgkQ9CaO5/Lv0PByGACeNOjhfcUgANa3tPQ9z8QOsHgw YE4An0JQNPxutDcTK+thIfzu8zTx1GtS =ikHx -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat, JSP and LDAP
On 16/03/2012 14:56, Neil Munro wrote: On 16 March 2012 14:41, Pid p...@pidster.com wrote: On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select What are you expecting this select element to do? To do exactly what it does do, allow me to select from a list of users that's generated from the below jsp. It's about the only thing in my code that does work :S It allows to you select, but then doesn't do anything with it because it has no name parameter. p p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old example? Yeah I must have been, I have removed it. I think you may need roleBase, roleName, and roleSearch attributes to have a prayer of making this work. Also, with no userSearch parameter, you are instructing the realm to connect in bind mode where the user's credentials are used directly to bind to the LDAP server. Is this appropriate? Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and
Re: Tomcat, JSP and LDAP
On 16/03/2012 15:11, Neil Munro wrote: Yeah, sorry, that's fixed too now. My first error is that I have my server.xml realm almost set up, it's just when I try to load any page it's protected and can't be loaded, including the login.jsp file. Didn't even get to the login stage. Did you post the security-constraint definition from your web.xml? You should not be able to directly access the login form JSP. You access the protected path, then the container saves the request and forwards to the defined login form URL, (which as I previously recommended, should be somewhere in WEB-INF where it is not directly accessible). p PS Please stop top-posting. On 16 March 2012 15:07, Daniel Mikusa dmik...@vmware.com wrote: - Original Message - From: Neil Munro neilmu...@gmail.com To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 16, 2012 10:56:56 AM Subject: Re: Tomcat, JSP and LDAP On 16 March 2012 14:41, Pid p...@pidster.com wrote: On 16/03/2012 14:13, Neil Munro wrote: I have since made some minor progress with LDAP query's this login.jsp file as you can see query's for a list of valid users and creates a drop down list to choose from !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; %@page import=javax.naming.*,javax.naming.directory.*,java.util.ArrayList;% html head titleLogin/title /head body form method=POST action=j_security_check select If you're intending this to replace the standard login form's user name input text box then you'll need to set the name attribute of the select tag to 'j_username'. Like this... select name=j_username Dan What are you expecting this select element to do? To do exactly what it does do, allow me to select from a list of users that's generated from the below jsp. It's about the only thing in my code that does work :S p % DirContext ctx = new InitialDirContext(); NamingEnumeration answer = ctx.search(ldap://my.ldap.server.com:389/ou=my company users,dc=mycompany,dc=com,(uid=*), null); ArrayListString als = new ArrayList(); while(answer.hasMore()) { // Take line in as string String output = answer.next().toString(); String[] tokens = output.split(,); for (String t : tokens) { if( t.contains(uid=uid:)) { String[] ids = t.split( ); als.add(ids[2]); } } } for(String s: als) { out.println(option + s + /option); } // Close the context when we're done ctx.close(); % /select br input type=password name=j_password br input type=submit /form /body /html I am however still not able to get the server.xml file working with the realms, I did discover through some trial and error that my own ldap user had not been set up right and my system admin kindly fixed it for me, which could have lead to some working code not to work. This is how it currently works: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / On 16 March 2012 12:05, Pid p...@pidster.com wrote: On 16/03/2012 10:23, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz ch...@christopherschultz.net wrote: Neil, On 3/15/12 1:05 PM, Neil Munro wrote: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / The debug attribute does not exist any more. Were you following some kind of old
Re: Tomcat, JSP and LDAP
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Neil, On 3/16/12 6:23 AM, Neil Munro wrote: On 15 March 2012 18:24, Christopher Schultz Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server; alternateURL=ldap://my.ldap.server; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / I have added those changes, as for which connection mode I need, I think bind would be ok for now just to check to see if I can establish a connection, but looking at it I think if I will be querying ldap for a user name and password then comparison mode is what I need. That's kind of the first decision you have to make when using LDAP for authentication: what user makes the initial connection? From your later post, it's not clear how you are connecting to the LDAP server in order to fetch the valid user ids. Can you provide the setup information for your InitialDirContext (sanitized, of course)? However with this configuration my whole app become inaccessible, I imagine it's some form of protection or permissions thing, but in my floundering around trying things, this is the only thing that seems to have any effect on the whole app. I thought the whole app was supposed to be unavailable unless the user successfully logged-in. Do I have that wrong? A misconfigured JNDI realm *should* lock you out of the entire app because authentication always fails. Can you run any queries against the LDAP server outside of Tomcat that give you results that you might expect? For instance, can you do a search of the LDAP tree for a particular user? What does that query look like? When you do that search, are you using anonymous bind or are you using user bind? If user, which user? Some administrative user or the user whose credentials should be checked? I can connect with a tool called JXplorer, but I have not had any luck from other applications, but that's due to inability to find any up to date documentation on the libraries I was using. In JXplorer, are you able to run queries that look anything like those you are trying to use in your Realm configuration? Here is the most recent configuration you posted: Realm className=org.apache.catalina.realm.JNDIRealm connectionName=uid={0},ou=my company users,dc=mycompany,dc=com connectionPassword=userPassword connectionURL=ldap://my.ldap.server.com; alternateURL=ldap://my.ldap.server.com; roleBase=ou=my company users,dc=mycompany,dc=com roleName=cn roleSearch=(uniqueMember={0}) userPattern=uid={0},ou=my company users,dc=mycompany,dc=com / You said this currently works: did you mean that was your current (non-working) setup, or that this setup actually works? I don't believe connectionName can be parameterized. I think that's intended to be used when using a manager user to connect to the LDAP server in order to perform comparison-mode authentication. userPattern=uid={0},ou=my company users,dc=mycompany,dc=com Does this actually match the DN pattern of your users? (It might help if you were to post the full LDIF record for a sample user. Same with a group record.) roleSearch=(uniqueMember={0}) Using OpenLDAP's 'ldapsearch' command-line utility, I can search my own LDAP database for groups containing myself like this: $ ldapsearch -x 'uniqueMember:=uid=schultz,dc=mydomain,dc=mytld' cn Note that -x means simple bind -- that is, anonymous. Also note that I have to use uniqueMember:= instead of simply uniqueMember= because the uniqueMember value contains = signs. I'm not sure if that will have any effect because I don't have a Java-based JNDI probe available to me at the moment. At this point, you are basically bumbling around in the dark. I highly recommend enabling debug logging for the JNDIRealm component (really the container's logger) by adding this into your conf/logging.properties: org.apache.catalina.realm.level=FINE It's going to generate a ton of output. Try only authenticating a single time, then shut down Tomcat and read the log file (catalina.out should contain it). Make sure you follow what is going on, and you can probably see where things start to go wrong: either some search string will look wrong, or it will make a decision based upon your configuration that you didn't anticipate, etc. If you can't figure it out, post as much of the log to the list as you can and we'll take a look. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jktYACgkQ9CaO5/Lv0PBsiwCeJ0jsXUamQkD/M9gs+XBQg6Y1 9RMAnAgaK0bQ7my2JjbrSlBFvu8xHCu/ =vSDP -END PGP SIGNATURE-
Re: Configure SSL under Tomcat 7
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ayoub, On 3/16/12 12:50 PM, ayouB __ wrote: Server port=8005 shutdown=SHUTDOWN [snip] !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- Connector port=8080 protocol=org.apache.coyote.http11.Http11AprProtocol SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=optional sslProtocol=TLS/ It's unusual to use port 8080 for SSL traffic, though it really does not matter what port you use. The example in the SSL howto uses port 8443, for instance. !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ Are you using AJP at all? If not, you can remove/comment-out this connector. On 3/16/12 1:10 PM, ayouB __ wrote: 16 mars 2012 17:05:48 org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jdk1.6.0_31\bin;[...etc] So, if you intend to use APR, you'll have to fix this first. I can see from your java.library.path that you are on win32. Have you downloaded and installed tcnative, APR, and openssl? If not, go do that. If you have, please tell us how you have (incorrectly) installed them. Question : how to comme up with the SSLCertificateFile SSLCertificateKeyFile attributes. In case you hadn't noticed, server.xml uses neither an XML DTD nor an XML schema: that's why Eclipse can't tell you about what attributes are available. Tomcat doesn't use a DTD or Schema because some components (like Connector) need the freedom to be able to accept any attribute that will cause a setter method on the object to be called. Maintaining hundreds of possible attribute names in a DTD or Schema would be insane, so we don't do it. Trust me, the SSLCertificateFile and SSLCertificateKeyFile attributes are accepted -- and mandatory if you are going to use APR-based SSL. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9jlVEACgkQ9CaO5/Lv0PDMXwCgnIPI/aDmZKkBqhiexCqmrKMr NDYAn3FRV4tygg75B5+lPeB/rAWEoEXu =zanw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Perfoming webapp auth on resource
Hi folks, this resource [1] mentions that I can instruct my webapp to perform the authentication on the resource, e.g. user credential albeit this resource remains container-managed. How is that supposed to work? I was not able to find an example implementation for this. All I know is that the default behavior is auth=Container which is an obvious case since the container manages the resource. Thanks, Michael [1] http://tomcat.apache.org/tomcat-6.0-doc/config/context.html#Resource_Definitions - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Configure SSL under Tomcat 7
On 16/03/2012 15:58, ayouB __ wrote: Hi every one, I'm ayoub and i'm a new member of this mailing list :) Well, i want to configure SSL under Tomcat 7 so i have followed steps said in http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html, but when i deploy my project in tomcat server i don't get : https://loclhost:8080/ i still working with the native http !! what should i do, what configuration should i make on my server.xml file. Exactly which versions of OS, Java and Tomcat 7? Why don't you post the config for all of the Connectors you've got in server.xml, inline here, so we can see what you've done? PS : I want to use the APR implementation not the JSSE one, and Have you installed OpenSSL and APR? BTW the : SSLCertificateFile SSLCertificateKeyFile don't exist in the connector ... / element (usinf eclipse Ctrl+space auto-complish) !! I don't know what that means. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
Re: Info on PermSize and MaxPermSize
Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 3/16/12 7:44 AM, André Warnier wrote: See previous answers. +1 The procrun page clearly describes how to pass any option directly to the JVM. Yes, it's just a bit confusing because for -XMs and -XMx, there are two ways to pass these switches (also --Jvm options), but only in jvm mode and not in exe mode. Though I am bit perplexed at what the exe mode might be.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5 IIS 7.5 2008 64bit
On 03/16/2012 06:15 PM, Bradford Matthews wrote: It is getting 404.0 error. I verified all steps. even added IIS_IUSR to the ISAPI folder. well are you or are you not using http:// or https://? Requested URL https://localhost:443/docs/ Any suggestions? Seems you are requesting this over ssl so you will probably need to add scheme=https to the AJP/1.3connector Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5 IIS 7.5 2008 64bit
https. I went and used the 32 bit isapi, downgraded java to 1.5jdk and it now works On Fri, Mar 16, 2012 at 5:21 PM, Mladen Turk mt...@apache.org wrote: On 03/16/2012 06:15 PM, Bradford Matthews wrote: It is getting 404.0 error. I verified all steps. even added IIS_IUSR to the ISAPI folder. well are you or are you not using http:// or https://? Requested URL https://localhost:443/docs/ Any suggestions? Seems you are requesting this over ssl so you will probably need to add scheme=https to the AJP/1.3connector Regards -- ^TM - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
FW: question on clustering Tomcat 7.0
I have two tomcat instances on 1 machine, each with a different AJP connector port and manager application port. I have Apache webserver for load balancing. When I undeploy my web app from one of the tomcat instances, it does not fail over to the other tomcat in the cluster and I get a 404 error. I am using a Simple TCP cluster. I have attached my server.xml. Can someone please tell me what I am missing? Thanks Charlie ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8004 shutdown=SHUTDOWN !-- Security listener. Documentation at /docs/config/listeners.html Listener className=org.apache.catalina.security.SecurityListener / -- !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.core.ThreadLocalLeakPreventionListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- !-- Connector port=8081 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / -- !-- A Connector using the shared thread pool-- Connector executor=tomcatThreadPool port=8082 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 / !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- Connector port=8008 protocol=AJP/1.3 redirectPort=8443 / !-- An Engine represents the entry point (within Catalina) that processes every request. The Engine implementation for Tomcat stand alone analyzes the HTTP headers included with the request, and passes them on to the appropriate Host (virtual host). Documentation at /docs/config/engine.html -- !-- You should set jvmRoute to support load-balancing via AJP ie : -- Engine name=Catalina defaultHost=localhost jvmRoute=jvm1
RE: Configure SSL under Tomcat 7
The logs show that you don't have Tcnative installed - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org