Re: conf/Catalina/localhost/myWebApp.xml context file disappears
On 21/04/2013 13:57, Jakub 1983 wrote: Mark, sorry I didn't reply so long, but my previous tomcat was messed with tests and many attempts, now I did everything from start with clean tomcat installation and confirm context xml disappears. steps to reproduce 1) make dir C:\tomcat_test 2) download apache-tomcat-7.0.39.zip and unpack it in C:\tomcat_test The list strips attachments but there is enough information for me to reproduce the behaviour with a simple webapp. (The moral here is that you should aim to reproduce any problem you report with as simple a webapp as possible. A 5 line JSP and a 3 line context.xml file is all that is needed for this issue.) 3) in C:\tomcat_test unpack attached jdbc.7z 4) start tomcat with startup.bat 4) in c:\tomcat_test\jdbc call ant deploy-war OK. That copies the WAR file to the appBase of a running Tomcat instance so with the default config it will be unpacked and deployed. 5) open http://localhost:8080/jdbc/select.jsp result is: org.apache.jasper.JasperException: An exception occurred processing JSP page /select.jsp at line 22 . root cause javax.servlet.ServletException: javax.naming.NameNotFoundException: Name [jdbc/Test] is not bound in this Context. Unable to find [jdbc]. 6) into C:\tomcat_test\apache-tomcat-7.0.39\conf\Catalina\localhost insert attached jdbc.xml OK. That will have no effect as although Tomcat sees the new file it does not redploy the webapp (arguably it should at this point - I'll look into that). 7) close tomcat console 8) start tomcat with startup.bat That causes Tomcat to deploy the webapp using the context.xml file. 9) again open result is OK, config works fine, error is caused by lack of h2 jar (org.apache.jasper.JasperException: javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'org.h2.Driver') 10) now in notepad++ open C:\tomcat_test\jdbc\src\main\webapp\select.jsp, change title to titleSimple jsp page 2/t 11) as in 4) in c:\tomcat_test\jdbc call ant deploy-war jdbc.xml disappeared from This is the interesting bit. I do see the context.xml file being deleted. I'm not sure if this is the correct behaviour or not. There are a lot of variables when looking at auto-deployment. I have been meaning to sit down and document all the possible combinations. This might be the time to do that. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: conf/Catalina/localhost/myWebApp.xml context file disappears
Mark, thx for investigation, apart from users@tomcat.apache.org I have also sent previous post with attachments to ma...@apache.org regards Jakub On Tue, Apr 23, 2013 at 1:04 PM, Mark Thomas ma...@apache.org wrote: On 21/04/2013 13:57, Jakub 1983 wrote: Mark, sorry I didn't reply so long, but my previous tomcat was messed with tests and many attempts, now I did everything from start with clean tomcat installation and confirm context xml disappears. steps to reproduce 1) make dir C:\tomcat_test 2) download apache-tomcat-7.0.39.zip and unpack it in C:\tomcat_test The list strips attachments but there is enough information for me to reproduce the behaviour with a simple webapp. (The moral here is that you should aim to reproduce any problem you report with as simple a webapp as possible. A 5 line JSP and a 3 line context.xml file is all that is needed for this issue.) 3) in C:\tomcat_test unpack attached jdbc.7z 4) start tomcat with startup.bat 4) in c:\tomcat_test\jdbc call ant deploy-war OK. That copies the WAR file to the appBase of a running Tomcat instance so with the default config it will be unpacked and deployed. 5) open http://localhost:8080/jdbc/select.jsp result is: org.apache.jasper.JasperException: An exception occurred processing JSP page /select.jsp at line 22 . root cause javax.servlet.ServletException: javax.naming.NameNotFoundException: Name [jdbc/Test] is not bound in this Context. Unable to find [jdbc]. 6) into C:\tomcat_test\apache-tomcat-7.0.39\conf\Catalina\localhost insert attached jdbc.xml OK. That will have no effect as although Tomcat sees the new file it does not redploy the webapp (arguably it should at this point - I'll look into that). 7) close tomcat console 8) start tomcat with startup.bat That causes Tomcat to deploy the webapp using the context.xml file. 9) again open result is OK, config works fine, error is caused by lack of h2 jar (org.apache.jasper.JasperException: javax.servlet.ServletException: org.apache.tomcat.dbcp.dbcp.SQLNestedException: Cannot load JDBC driver class 'org.h2.Driver') 10) now in notepad++ open C:\tomcat_test\jdbc\src\main\webapp\select.jsp, change title to titleSimple jsp page 2/t 11) as in 4) in c:\tomcat_test\jdbc call ant deploy-war jdbc.xml disappeared from This is the interesting bit. I do see the context.xml file being deleted. I'm not sure if this is the correct behaviour or not. There are a lot of variables when looking at auto-deployment. I have been meaning to sit down and document all the possible combinations. This might be the time to do that. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Setting Nio connector in embedded tomcat7
Hi all, I am trying to set Nio connector in tomcat7 so I can use WebSocket support. I did the following (as simple as it can get) but it doesn't seem to work. When I do this I can't connect to the server. For example I have a GET REST request that should work but I get connection refused. Same with WebSocket request. Connector nioConnector = new Connector(); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProtocol(Http11NioProtocol.class.getName()); tomcat.setConnector(nioConnector); If I comment out above lines and use default Http connector, REST requests work fine but WebSockets are not supported with default http connector. So I am wondering if anyone has enabled bio connector in embedded tomcat before. I am using embedded tomcat 7.0.34. Thanks in advance. Praveen
Re: Setting Nio connector in embedded tomcat7
On 23/04/2013 15:11, Praveen Peddi wrote: Hi all, I am trying to set Nio connector in tomcat7 so I can use WebSocket support. I did the following (as simple as it can get) but it doesn't seem to work. When I do this I can't connect to the server. For example I have a GET REST request that should work but I get connection refused. Same with WebSocket request. Connector nioConnector = new Connector(); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProtocol(Http11NioProtocol.class.getName()); tomcat.setConnector(nioConnector); If I comment out above lines and use default Http connector, REST requests work fine but WebSockets are not supported with default http connector. Yes they are. So I am wondering if anyone has enabled bio connector in embedded tomcat before. I am using embedded tomcat 7.0.34. You mean NIO right? Look at the source code for the unit tests and/or the source code for Connector. You aren't changing what you think you are changing. (Too many attributes call Protocol or something similar). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting Nio connector in embedded tomcat7
Just like this issue: http://atmosphere-framework.2306103.n4.nabble.com/WebSocket-not-working-on-Tomcat-7-With-NIO-connector-was-WebSocket-not-working-on-Tomcat-7-td4652351.html On Tue, Apr 23, 2013 at 10:16 PM, Mark Thomas ma...@apache.org wrote: On 23/04/2013 15:11, Praveen Peddi wrote: Hi all, I am trying to set Nio connector in tomcat7 so I can use WebSocket support. I did the following (as simple as it can get) but it doesn't seem to work. When I do this I can't connect to the server. For example I have a GET REST request that should work but I get connection refused. Same with WebSocket request. Connector nioConnector = new Connector(); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProtocol(Http11NioProtocol.class.getName()); tomcat.setConnector(nioConnector); If I comment out above lines and use default Http connector, REST requests work fine but WebSockets are not supported with default http connector. Yes they are. So I am wondering if anyone has enabled bio connector in embedded tomcat before. I am using embedded tomcat 7.0.34. You mean NIO right? Look at the source code for the unit tests and/or the source code for Connector. You aren't changing what you think you are changing. (Too many attributes call Protocol or something similar). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Contribute to Enterprise Integration
RE: two responses from one request - how is it possible ?
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, April 22, 2013 4:31 PM To: Tomcat Users List Subject: Re: two responses from one request - how is it possible ? -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jeffrey, On 4/22/13 4:18 PM, Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:aw@ice- sa.com] Sent: Sunday, April 21, 2013 7:03 PM To: Tomcat Users List Subject: Re: two responses from one request - how is it possible ? Jakub 1983 wrote: http://www.mulesoft.com/tomcat-connector states: Using the current arrangement, both Connectors will pass all requests to the same Engine, which will in turn pass all these requests to both of its contained web applications. This means that each request will potentially generate two responses, one from each application. Server Service Connector port=8443/ Connector port=8444/ Engine Host name=yourhostname Context path=/webapp1/ Context path=/webapp2/ /Host /Engine /Service /Server Is it really true what they write ? (For anyone else reading this, I did look at the indicated webpage, and it is really what they say there) To me, it sounds like utter nonsense. Or else, I need to revise my whole understamding of HTTP and Tomcat. It even looks like nonsense squared, since : - each request is sent by one client on one connection to one port (meaning one Tomcat Connector), and the (single) response to that request will also come back on that same connection - each request should have a target URL (like /webapp1 OR /webapp2, but not both), and will be processed (once) by the application (context) corresponding to that URL, and will generate only one response Maybe we should ask the author of that page for more details. He may have invented the amplifier version of Tomcat. Additionally, it is really bad practice to put Context elements in the server.xml file. From the article: Using the current arrangement, both Connectors will pass all requests to the same Engine, which will in turn pass all these requests to both of its contained web applications. This means that each request will potentially generate two responses, one from each application. Well, after noting some of the bad grammar in the opening few paragraphs (listen to vs. listen on), I was going to give the author a pass on the use of both in the first sentence, instead of either or one of. But then he goes onto the second sentence and proves that he meant both. In actuality, he should have stopped the first sentence at Engine, and then continued with a new sentence (keeping in mind the simplified structure): The Engine will then see if the first string after the hostname portion of the request URL matches any of the defined contexts. If a match is found, then the request is passed to that context and the response is sent back via the original connector. If a match is not found, then an error is returned. Of course, after reading the original, I now understand why I was never tempted to even try this company's version of Tomcat, despite the number of times they've promoted themselves on the list. Jason Brittain used to work at MuleSoft: they /are/ legit, though this particular post seems to require some serious editing, or even deletion. - -chris OH, I was never worried about /legit/ status, but this page and others probably made me skeptical on the quality issue. You know, first impressions and all. Wouldn't mind hearing from some who found reason to use their product over standard release. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: two responses from one request - how is it possible ?
-Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, April 22, 2013 4:40 PM To: Tomcat Users List Subject: Re: two responses from one request - how is it possible ? Jeffrey Janner wrote: ... In actuality, he should have stopped the first sentence at Engine, and then continued with a new sentence (keeping in mind the simplified structure): The Engine will then see if the first string after the hostname portion of the request URL matches any of the defined contexts. If a match is found, then the request is passed to that context and the response is sent back via the original connector. If a match is not found, then an error is returned. That is a big improvement over the original (which in my view is quite beyond redemption), but I believe that a better way would be to point the interested reader to chapter 12 of the Java Servlet Specification 3.0 (Mapping Requests to Servlets), which says it all (granted, in many more words). What is for example missing above are the concepts of, and mapping to, the default context, servlets within a context, and default servlet. Well, I was going to actually go into that depth, but decided to limit myself to their specific example. I had thought of explaining how the engine picks the host, and the host picks the context, and the context picks the servlet, then thought I'd limit myself as they had limited themselves. They only specified a single Host element with all default values, so I stuck to that example. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: resource-ref in web.xml
-Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Thursday, April 18, 2013 5:01 PM To: Tomcat Users List Subject: Re: resource-ref in web.xml -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Jakub, On 4/17/13 9:22 PM, Jakub 1983 wrote: can I define database connection only in web.xml, without using context.xml files ? can I pass database url, login and password into resource-ref ? when I define database conn in context.xml, resource-ref is not needed at all, so what is it actually for ? If you define your database configuration in server.xml, you'll have to map from global to local scope. You don't need to do this with context.xml because the scope is -- by definition -- already local. - -chris Chris - Am I reading that correctly? If in my context.xml file, I define a DB resource as: Resource name=jdbc/oracleUCPPool type=oracle.ucp.jdbc.PoolDataSource factory=oracle.ucp.jdbc.PoolDataSourceImpl auth=Container connectionFactoryClassName=oracle.jdbc.pool.OracleDataSource ... obviously redacted stuff ... / I DO NOT need to add these lines to my web.xml? resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref That also brings up another, related, question. In my old web.xml, I had this entry: context-param param-nameLOG4J_PROPS/param-name param-value/WEB-INF/Log4j.properties/param-value /context-param Which I removed and replaced with an entry in the context.xml file: Parameter name=LOG4J_PROPS value=/WEB-INF/Log4j.properties override=false / However, that didn't work. I had to provide the full path to the file in the value parameter. Is there a particular reason why? Or would it be something inside our code? We are set up multi-tenant and trying to minimize the changes needed per tenant. I'm using Tomcat 6.0.36 with Sun JDK 1.6.0_43. Jeff - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: two responses from one request - how is it possible ?
Jeffrey Janner wrote: -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, April 22, 2013 4:40 PM To: Tomcat Users List Subject: Re: two responses from one request - how is it possible ? Jeffrey Janner wrote: ... In actuality, he should have stopped the first sentence at Engine, and then continued with a new sentence (keeping in mind the simplified structure): The Engine will then see if the first string after the hostname portion of the request URL matches any of the defined contexts. If a match is found, then the request is passed to that context and the response is sent back via the original connector. If a match is not found, then an error is returned. That is a big improvement over the original (which in my view is quite beyond redemption), but I believe that a better way would be to point the interested reader to chapter 12 of the Java Servlet Specification 3.0 (Mapping Requests to Servlets), which says it all (granted, in many more words). What is for example missing above are the concepts of, and mapping to, the default context, servlets within a context, and default servlet. Well, I was going to actually go into that depth, but decided to limit myself to their specific example. I had thought of explaining how the engine picks the host, and the host picks the context, and the context picks the servlet, then thought I'd limit myself as they had limited themselves. They only specified a single Host element with all default values, so I stuck to that example. Well, I did not want Jakub to remain influenced by that very bad page, so I started along the same path as you did, and after writing half a page and getting into the details of how Tomcat matched the second and next components of the URL path to the url-mapping elements of the selected context's web.xml, possibly ending up defaulting to the default servlet, which itself is defined in the default web.xml.. I decided that it was easier - and less prone to get a rebuff myself from Pid or so - to point to the servlet spec. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting Nio connector in embedded tomcat7
I am not sure if this is the same issue I am having but apparently I am also using atmosphere for web sockets and make it work in embedded tomcat. I looked at the tomcat unit tests for bio connector and the tests are not doing anything special. They set the address to localhost. I tried the below code similar to the unit tests but I still can't connect to tomcat when I use this connector. Connector nioConnector = new Connector(Http11NioProtocol.class.getName()); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProperty(address, InetAddress.getByName(localhost).getHostAddress()); tomcat.setConnector(nioConnector); Unit test I saw is here: http://svn.apache.org/repos/asf/tomcat/trunk/test/org/apache/catalina/nonbl ocking/TestNonBlockingAPI.java And http://svn.apache.org/repos/asf/tomcat/trunk/test/org/apache/catalina/start up/TomcatBaseTest.java Thanks Praveen On 4/23/13 Apr 23, 10:40 AM, Tribon Cheng tribon1...@gmail.com wrote: Just like this issue: http://atmosphere-framework.2306103.n4.nabble.com/WebSocket-not-working-on -Tomcat-7-With-NIO-connector-was-WebSocket-not-working-on-Tomcat-7-td46523 51.html On Tue, Apr 23, 2013 at 10:16 PM, Mark Thomas ma...@apache.org wrote: On 23/04/2013 15:11, Praveen Peddi wrote: Hi all, I am trying to set Nio connector in tomcat7 so I can use WebSocket support. I did the following (as simple as it can get) but it doesn't seem to work. When I do this I can't connect to the server. For example I have a GET REST request that should work but I get connection refused. Same with WebSocket request. Connector nioConnector = new Connector(); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProtocol(Http11NioProtocol.class.getName()); tomcat.setConnector(nioConnector); If I comment out above lines and use default Http connector, REST requests work fine but WebSockets are not supported with default http connector. Yes they are. So I am wondering if anyone has enabled bio connector in embedded tomcat before. I am using embedded tomcat 7.0.34. You mean NIO right? Look at the source code for the unit tests and/or the source code for Connector. You aren't changing what you think you are changing. (Too many attributes call Protocol or something similar). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Contribute to Enterprise Integration - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting Nio connector in embedded tomcat7
Sorry I meant nio connector not bio connector. Outlook auto-correct is not smart enough :) On 4/23/13 Apr 23, 12:08 PM, Praveen Peddi ppe...@kivasystems.com wrote: I am not sure if this is the same issue I am having but apparently I am also using atmosphere for web sockets and make it work in embedded tomcat. I looked at the tomcat unit tests for bio connector and the tests are not doing anything special. They set the address to localhost. I tried the below code similar to the unit tests but I still can't connect to tomcat when I use this connector. Connector nioConnector = new Connector(Http11NioProtocol.class.getName()); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProperty(address, InetAddress.getByName(localhost).getHostAddress()); tomcat.setConnector(nioConnector); Unit test I saw is here: http://svn.apache.org/repos/asf/tomcat/trunk/test/org/apache/catalina/nonb l ocking/TestNonBlockingAPI.java And http://svn.apache.org/repos/asf/tomcat/trunk/test/org/apache/catalina/star t up/TomcatBaseTest.java Thanks Praveen On 4/23/13 Apr 23, 10:40 AM, Tribon Cheng tribon1...@gmail.com wrote: Just like this issue: http://atmosphere-framework.2306103.n4.nabble.com/WebSocket-not-working-o n -Tomcat-7-With-NIO-connector-was-WebSocket-not-working-on-Tomcat-7-td4652 3 51.html On Tue, Apr 23, 2013 at 10:16 PM, Mark Thomas ma...@apache.org wrote: On 23/04/2013 15:11, Praveen Peddi wrote: Hi all, I am trying to set Nio connector in tomcat7 so I can use WebSocket support. I did the following (as simple as it can get) but it doesn't seem to work. When I do this I can't connect to the server. For example I have a GET REST request that should work but I get connection refused. Same with WebSocket request. Connector nioConnector = new Connector(); nioConnector.setPort(TOMCAT_PORT); nioConnector.setProtocol(Http11NioProtocol.class.getName()); tomcat.setConnector(nioConnector); If I comment out above lines and use default Http connector, REST requests work fine but WebSockets are not supported with default http connector. Yes they are. So I am wondering if anyone has enabled bio connector in embedded tomcat before. I am using embedded tomcat 7.0.34. You mean NIO right? Look at the source code for the unit tests and/or the source code for Connector. You aren't changing what you think you are changing. (Too many attributes call Protocol or something similar). Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Contribute to Enterprise Integration - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7.0.33 manager - 403 Access Denied
All, I am wondering what I'm doing wrong - the Manager application is denying me access. Here are the details: Tomcat version: 7.0.33 JDK version: java version 1.7.0_09 Java(TM) SE Runtime Environment (build 1.7.0_09-b05) Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode) Operating System: RedHat Linus - 2.6.18-348.4.1.el5 Steps I took to permit manager: (1) $CATALINA_HOME/conf/Catalina/localhost/manager.xml--: Context path=/manager privileged=true antiResourceLocking=false docBase=${catalina.home}/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127\.0\.0\.1/ /Context (2) --$CATALINA_HOME/conf/tomcat-users.xml:-- user username=jmxparty password=r5678dcdddxx roles=standard,manager-jmx / --- (3) $CATALINA_HOME/conf/server.xml:--Added digest=SHA:- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase digest=SHA/ --- (4) Added heapused.jsp as follows: $ cd $CATALINA_HOME/webapps/manager $ more heapused.jsp jsp:forward page=/jmxproxy/ jsp:param name=get value=java.lang:type=Memory / jsp:param name=att value=HeapMemoryUsage / jsp:param name=key value=used / /jsp:forward (5) Restarted Tomcat (6) I get a 403 Access Denied upon: curl http://localhost:8080/manager/heapused.jsp I can't tell what I'm missing. Also, steps #2 and #3 are not even required if I am using the RemoteAddrValve, correct? Thanks. -Shanti
RE: Tomcat 7.0.33 manager - 403 Access Denied
-Original Message- From: Shanti Suresh [mailto:sha...@umich.edu] Subject: Tomcat 7.0.33 manager - 403 Access Denied All, I am wondering what I'm doing wrong - the Manager application is denying me access. Here are the details: Tomcat version: 7.0.33 JDK version: java version 1.7.0_09 Java(TM) SE Runtime Environment (build 1.7.0_09-b05) Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode) Operating System: RedHat Linus - 2.6.18-348.4.1.el5 Steps I took to permit manager: (1) $CATALINA_HOME/conf/Catalina/localhost/manager.xml--: Context path=/manager privileged=true antiResourceLocking=false docBase=${catalina.home}/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127\.0\.0\.1/ /Context (2) --$CATALINA_HOME/conf/tomcat-users.xml:-- user username=jmxparty password=r5678dcdddxx roles=standard,manager-jmx / Is that password really the SHA value of something? If your password was: password1, then you would store the SHA value of password1 in your tomcat-users.xml --- (3) $CATALINA_HOME/conf/server.xml:--Added digest=SHA:- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase digest=SHA/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.33 manager - 403 Access Denied
Hi Leo, On Tue, Apr 23, 2013 at 1:56 PM, Leo Donahue - RDSA IT leodona...@mail.maricopa.gov wrote: Is that password really the SHA value of something? If your password was: password1, then you would store the SHA value of password1 in your tomcat-users.xml Not the entry I posted. I munged it. But yes, I use the SHA digests of passwords in tomcat-users.xml. Thanks for checking. -Shanti
Re: two responses from one request - how is it possible ?
André Please kindly share the half-page that you have written up so far. Actually, would you please finish it up and then post? Thanks :-) -Shanti On Tue, Apr 23, 2013 at 11:53 AM, André Warnier a...@ice-sa.com wrote: Well, I did not want Jakub to remain influenced by that very bad page, so I started along the same path as you did, and after writing half a page and getting into the details of how Tomcat matched the second and next components of the URL path to the url-mapping elements of the selected context's web.xml, possibly ending up defaulting to the default servlet, which itself is defined in the default web.xml.. I decided that it was easier - and less prone to get a rebuff myself from Pid or so - to point to the servlet spec. --**--**- To unsubscribe, e-mail: users-unsubscribe@tomcat.**apache.orgusers-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.33 manager - 403 Access Denied
try to comment out RemoteAddrValve, and check if the error still exists have you added role rolename=manager-jmx/ into users.xml ? add role rolename=manager-gui/ and try with web page, what is the error ? have you tried with bare Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ - without sha ? for me, starting with pure downloaded latest tomcat 7, following configuration enables html manager: role rolename=tomcat/ role rolename=manager-gui/ role rolename=admin/ user username=tomcat password=tomcat roles=tomcat,manager-gui,admin/ download new tomcat, check if above conf works for you, than add manager-jmx, check with jmx and than add RemoteAddrValve, check, and than add sha. regards Jakub On Tue, Apr 23, 2013 at 8:20 PM, Shanti Suresh sha...@umich.edu wrote: Hi Leo, On Tue, Apr 23, 2013 at 1:56 PM, Leo Donahue - RDSA IT leodona...@mail.maricopa.gov wrote: Is that password really the SHA value of something? If your password was: password1, then you would store the SHA value of password1 in your tomcat-users.xml Not the entry I posted. I munged it. But yes, I use the SHA digests of passwords in tomcat-users.xml. Thanks for checking. -Shanti
Re: Tomcat 7.0.33 manager - 403 Access Denied
Hi Jakub, Thank you for the suggestions. Appreciate the thoughts. On Tue, Apr 23, 2013 at 3:33 PM, Jakub 1983 jjaku...@gmail.com wrote: try to comment out RemoteAddrValve, and check if the error still exists Yes, I had tried that. It didn't work. have you added role rolename=manager-jmx/ into users.xml ? add role rolename=manager-gui/ and try with web page, what is the error ? Good idea. Adding a manager-jmx role entry didn't make a difference. And, yes, I am able to access /manager/html/. I logged in at the prompt. have you tried with bare Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ - without sha ? Passwords work fine. So SHA is not the issue. for me, starting with pure downloaded latest tomcat 7, following configuration enables html manager: role rolename=tomcat/ role rolename=manager-gui/ role rolename=admin/ user username=tomcat password=tomcat roles=tomcat,manager-gui,admin/ HTML manager works for me too. download new tomcat, Yes, I may have to do that. check if above conf works for you, than add manager-jmx, check with jmx and than add RemoteAddrValve, check, and than add sha. The funny thing is that I gather the JMX metrics in an identical manner on Tomcat 7.0.23 and JDK 1.6 on several other RedHat Linux servers. Thanks for letting me brainstorm. -Shanti
RE: Tomcat 7.0.33 manager - 403 Access Denied
I'm not sure if it's applicable here, but I'll let you know my prior experience with this kind of thing on Tomcat 6.0.xx. I've had to stop the manager app, clear out the work folder and I think maybe even delete the manager.xml file out of the conf\Catalina\localhost dir because it wasn't getting overwritten. Not sure if this is happening to you or not. -Original Message- From: Shanti Suresh [mailto:sha...@umich.edu] Sent: Tuesday, April 23, 2013 3:20 PM To: Tomcat Users List Subject: Re: Tomcat 7.0.33 manager - 403 Access Denied Hi Jakub, Thank you for the suggestions. Appreciate the thoughts. On Tue, Apr 23, 2013 at 3:33 PM, Jakub 1983 jjaku...@gmail.com wrote: try to comment out RemoteAddrValve, and check if the error still exists Yes, I had tried that. It didn't work. have you added role rolename=manager-jmx/ into users.xml ? add role rolename=manager-gui/ and try with web page, what is the error ? Good idea. Adding a manager-jmx role entry didn't make a difference. And, yes, I am able to access /manager/html/. I logged in at the prompt. have you tried with bare Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ - without sha ? Passwords work fine. So SHA is not the issue. for me, starting with pure downloaded latest tomcat 7, following configuration enables html manager: role rolename=tomcat/ role rolename=manager-gui/ role rolename=admin/ user username=tomcat password=tomcat roles=tomcat,manager-gui,admin/ HTML manager works for me too. download new tomcat, Yes, I may have to do that. check if above conf works for you, than add manager-jmx, check with jmx and than add RemoteAddrValve, check, and than add sha. The funny thing is that I gather the JMX metrics in an identical manner on Tomcat 7.0.23 and JDK 1.6 on several other RedHat Linux servers. Thanks for letting me brainstorm. -Shanti - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing
RE: Question on servlet determination
-Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. Jeff From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Question on servlet determination
Is that right? I didn't realize that. I was about to ask if you had any reference / before any of the welcome files. Although I'm not sure the XML file would even allow that would it? I don't think I've tried it. Maybe it would. -Original Message- From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 4:46 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, April 23, 2013 4:34 PM To: 'Tomcat Users List' Subject: RE: Question on servlet determination I'm tempted to say no. Because you might be adding a / in front of your servlet mapping. In other words, changing the path of the folder slightly, with a different relative path. I went back and read the servlet spec for 2.5, and according to it, Tomcat should be redirecting the URI ending /Servlet2 to /Servlet2/ and then applying welcome files (I do have some defined, just didn't include it below). Amazingly, this appears to be what happens. However, if the ending / already exists, it doesn't just go looking for welcome files. Jeff From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Sent: Tuesday, April 23, 2013 2:29 PM To: 'Tomcat Users List' Subject: Question on servlet determination Running Tomcat 6.0.36, JDK 1.6.0_43 I've an application defined with the following web.xml: web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint resource-ref descriptionOracle Universal Connection Pool/description res-ref-namejdbc/oracleUCPPool/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref servlet servlet-nameServlet1/servlet-name display-nameServlet1/display-name descriptionControlling servlet for Servlet1/description servlet-classcom.polydyne.servlet1/servlet-class load-on-startup1/load-on-startup /servlet servlet servlet-nameServlet2/servlet-name display-nameServlet2/display-name descriptionControlling servlet for Servlet2/description servlet-classcom.polydyne.servlet2/servlet-class load-on-startup1/load-on-startup /servlet servlet-mapping servlet-nameServlet1/servlet-name url-pattern/Servlet1/url-pattern /servlet-mapping servlet-mapping servlet-nameServlet2/servlet-name url-pattern/Servlet2/url-pattern /servlet-mapping error-page error-code404/error-code location/Unavailable.jsp/location /error-page /webapp The issue: If I connect with the URL: http://myhost/Servlet1 (or Servlet2), I get what I expect. However, if I connect http://myhost/Servlet1/ then I get a 404. Actually, I get my 404 page but not all the graphics come over. Shouldn't the final / be stripped and I get the same behavior either way? Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https. Jeffrey Janner Sr. Network Administrator jeffrey.jan...@polydyne.commailto:first.l...@polydyne.com PolyDyne Software Inc. Main: 512.343.9100 Direct: 512.583.8930 [cid:image002.png@01CC0FB7.4FF43CE0] Speed, Intelligence Savings in Sourcing - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Question on servlet determination
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] web-app security-constraint web-resource-collection web-resource-nameEverything/web-resource-name url-pattern*.jsp/url-pattern url-pattern*.html/url-pattern url-pattern*.js/url-pattern url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern /web-resource-collection Jeffrey, why don't you just use catch all url pattern? Is there anything that you don't want to be part of the same security constraint? In this case security constraint just enforces SSL, but could do other things, check roles, etc. In that case you might want to split secure and non-secure resources ... (e.g. login page should not be secure and login action should be secure, etc...) What are you trying to achieve? Cheers! Neven Also willing to entertain critiques on my security-constraint section, but not that we don't use Tomcat authentication, so I want any requests for top-level files in the Web directory to also force https.
Re: Tomcat 7.0.33 manager - 403 Access Denied
2013/4/23 Shanti Suresh sha...@umich.edu: All, I am wondering what I'm doing wrong - the Manager application is denying me access. Here are the details: Tomcat version: 7.0.33 JDK version: java version 1.7.0_09 Java(TM) SE Runtime Environment (build 1.7.0_09-b05) Java HotSpot(TM) 64-Bit Server VM (build 23.5-b02, mixed mode) Operating System: RedHat Linus - 2.6.18-348.4.1.el5 Steps I took to permit manager: (1) $CATALINA_HOME/conf/Catalina/localhost/manager.xml--: Context path=/manager privileged=true antiResourceLocking=false docBase=${catalina.home}/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127\.0\.0\.1/ /Context (2) --$CATALINA_HOME/conf/tomcat-users.xml:-- user username=jmxparty password=r5678dcdddxx roles=standard,manager-jmx / --- (3) $CATALINA_HOME/conf/server.xml:--Added digest=SHA:- Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase digest=SHA/ --- (4) Added heapused.jsp as follows: $ cd $CATALINA_HOME/webapps/manager $ more heapused.jsp jsp:forward page=/jmxproxy/ jsp:param name=get value=java.lang:type=Memory / jsp:param name=att value=HeapMemoryUsage / jsp:param name=key value=used / /jsp:forward (5) Restarted Tomcat (6) I get a 403 Access Denied upon: curl http://localhost:8080/manager/heapused.jsp I can't tell what I'm missing. Also, steps #2 and #3 are not even required if I am using the RemoteAddrValve, correct? No. They are not related to RemoteAddrValve. I would say that you should be stopped by CsrfPreventionFilter, because your heapused.jsp is not in the list of configured entry points. Shanti wrote: The funny thing is that I gather the JMX metrics in an identical manner on Tomcat 7.0.23 and JDK 1.6 on several other RedHat Linux servers. CVE-2012-4431 Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat reload problem
Hi All, When I reload one application in tomcat html manager console in tomcat 1.6.0_33,there is a SERVE error occur , SEVERE: The web application [/service-internal] appears to have started a thread named [MaintThread] but has failed to stop it. This is very likely to create a memory leak. Is this an issue and is there any way to solve this ? Best Regards, Guoan Hu
RE: Question on servlet determination
From: Jeffrey Janner [mailto:jeffrey.jan...@polydyne.com] Subject: Question on servlet determination url-pattern/Servlet1/url-pattern url-pattern/Servlet2/url-pattern What happens if you try this instead: url-pattern/Servlet1/*/url-pattern url-pattern/Servlet2/*/url-pattern - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat reload problem
From: naouguh_tomcat [mailto:908245...@qq.com] Subject: tomcat reload problem When I reload one application in tomcat html manager console in tomcat 1.6.0_33 No such Tomcat version exists; it appears you're referring to the JVM level. SEVERE: The web application [/service-internal] appears to have started a thread named [MaintThread] but has failed to stop it. This is very likely to create a memory leak. That means your webapp (service-internal) create a thread for some purpose, but did not terminate the thread when the application was stopped. This is an error in the webapp implementation. Is this an issue Yes. and is there any way to solve this ? Fix your webapp so it manages threads in a responsible manner. The typical way is to use a ContextListener() to clean everything up when the webapp is stopping. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Configuring IIS to use the JK ISAPI redirector plugin when URL paths are different
We have installed the IIS-Tomcat redirector (isapi_redirect.dll) on an IIS 6 server so that http://iis.company.com/website/myfile.jsp will correctly redirect according to our 'isapi_redirect.properties', 'workers.properties', and 'uriworkermap.properties ' and serve the JSP page from http://tomcat.company.com/website/myfile.jsp . That appears to be working just fine. But we actually need to have a different IIS URL. What we are trying to figure out is if we can configure it so that http://iis.company.com/apps/cepv/website/myfile.jsp will redirect and serve the JSP content at http://tomcat.company.com/website/myfile.jsp. The path on the IIS server is has two extra levels (/apps/cepv) in the URL path and does not match the path on the tomcat server where the JSP content is. We have to have those two extra levels in the IIS URL path for other technical reasons and we cannot match or include those two extra levels on the tomcat side. We have tried the following but cannot get it to work. website.worker=website_ajp13 /apps/cepv/website/*.jsp=$(website.worker) Is there anything we can do to map this correctly? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Question regarding tomcat upgrade from 7.0.23. to 7.0.37
Hi We have recently upgraded tomcat fom 7.0.23 to 7.037 and also Java from 1.6.0_21 to 1.7.0_15. When we run the load runner testcases we get the following error “content was blocked because it was not signed by a valid certificate” But other normal browser testing goes through. Do we need to install new certificates? There has been no change in the code of our application. With tomcat 7.0.23 we do not get this error. Appreciate your inputs regarding why we are getting this error. Thanks in advance regards, Madhu M