Re: Restrict access to manager app by IP
Thanks a lot for your replies. For now, I removed the "path" attribute from the Context elements but left the xml file in Catalina/[hostname]. When I have some more time, I will move to within my application (META-INF/context.xml) since that seems to be the consensus here. Thank you. On Wed, Sep 7, 2016 at 8:45 PM, Mark Thomas wrote: > On 07/09/2016 18:43, Jeffrey Janner wrote: > > > > > >> -Original Message- > >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] > >> Sent: Tuesday, September 06, 2016 12:30 PM > >> To: Tomcat Users List > >> Subject: Re: Restrict access to manager app by IP > >> > > Yuval, > > > > On 9/2/16 9:29 AM, Yuval Schwartz wrote: > Thanks. I'll give it a shot and let you guys know how it goes. Any > input on whether I should put this in my applications context.xml > or in my [host] directory? > > > > I would do it in the application. Unless you have a particular reason > > to manually-place the application's context.xml file into > > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. > > > > -chris > > > >> Chris - > > > >> Isn't the Tomcat "/manager" an app separate from the user's webapp? > Thus the need for the manager.xml in conf/[engine]/[host] directory? > > It is an application like any other so you can use: > > $CATALINA_BASE/webapps/manager/META-INF/context.xml > > Mark > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Tomcat as Windows Service
Hello experts, We have configured the Tomcat to run as a Windows Service. And Windows SCM has a default time of 30 seconds, but the Tomcat process does not start/stop within this time. So, if we restart the service via SCM, we receive the Address in Use exceptions (as previous Tomcat process hasn't been stopped yet). We're using our own custom mechanism to hook the Tomcat process with the Windows SCM and haven't gone the below mentioned way. https://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html Any pointers on how to solve this issue ? 1. Increasing Windows SCM timeout for this process might work but doesn't sound really clean solution. 2. Issue a Catalina stop, and if it does not stop in some time , do a task kill or something similar of the corresponding java.exe ? Appreciate your help here. Thanks, Amit
Re: Restrict access to manager app by IP
On 07/09/2016 18:43, Jeffrey Janner wrote: > > >> -Original Message- >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Sent: Tuesday, September 06, 2016 12:30 PM >> To: Tomcat Users List >> Subject: Re: Restrict access to manager app by IP >> > Yuval, > > On 9/2/16 9:29 AM, Yuval Schwartz wrote: Thanks. I'll give it a shot and let you guys know how it goes. Any input on whether I should put this in my applications context.xml or in my [host] directory? > > I would do it in the application. Unless you have a particular reason > to manually-place the application's context.xml file into > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. > > -chris > >> Chris - > >> Isn't the Tomcat "/manager" an app separate from the user's webapp? Thus >> the need for the manager.xml in conf/[engine]/[host] directory? It is an application like any other so you can use: $CATALINA_BASE/webapps/manager/META-INF/context.xml Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Using server Web.xml Mime Types Data
On 07/09/2016 00:58, George Sexton wrote: > Is there any easy way that I can use the mime types in the Tomcat server > level web.xml file? > > I know I can parse the XML myself, I was just wondering if there's a way > to get the data already defined. ServletContext.getMimeType(String filename) ? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Restrict access to manager app by IP
> -Original Message- > From: Christopher Schultz [mailto:ch...@christopherschultz.net] > Sent: Tuesday, September 06, 2016 12:30 PM > To: Tomcat Users List > Subject: Re: Restrict access to manager app by IP > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Yuval, > > On 9/2/16 9:29 AM, Yuval Schwartz wrote: > > Thanks. I'll give it a shot and let you guys know how it goes. Any > > input on whether I should put this in my applications context.xml > > or in my [host] directory? > > I would do it in the application. Unless you have a particular reason > to manually-place the application's context.xml file into > conf/[engine]/[host]/[app].xml, allow Tomcat to do that for you. > > - -chris Chris - Isn't the Tomcat "/manager" an app separate from the user's webapp? Thus the need for the manager.xml in conf/[engine]/[host] directory? Yuval: what you were proposing is the way I have done it. Just make sure you specify the regular expression correctly. Jeff > > > On Fri, Sep 2, 2016 at 4:24 PM, Kreuser, Peter > > wrote: > > > >> Hi Yuval, > >> > >> > >>> -Ursprüngliche Nachricht- Von: Yuval Schwartz > >>> [mailto:yuval.schwa...@gmail.com] Gesendet: Freitag, 2. > >>> September 2016 13:28 An: Tomcat Users List Betreff: Restrict > >>> access to manager app by IP > >>> > >>> Tomcat: 8.0.22 JDK: 1.8.0_05 > >>> > >>> Hello, > >>> > >>> I am currently running a web application. > >>> > >>> I would like to restrict access to the manager app (it is > >>> currently > >> being hit by spammers every so often who are unable to connect > >> (get a message "...an attempt was made to authenticate the locked > >> user")). > >>> > >>> I was thinking of adding a "manager.xml" file to > >>> $CATALINA_BASE/conf/[enginename]/[hostname]/ > >> that will contain the following context container: > >>> > >>> >> className="org.apache.catalina.valves.RemoteAddrValve" > >>> allow="[my_ip]"/> > >>> > >>> Is this the correct way to achieve my goal of limiting access > >>> to the > >> manager app to only my IP. > >>> > >>> Of course, I do not want the rest of my webapp's access limited > >>> (which > >> is on the ROOT path). I only want access to the manager app > >> limited. > >>> > >>> (I know I can also place the context container in my webapp's > >> META-INF/context.xml file, is there any preference to doing this > >> over what I suggested above?) > >>> > >>> Thank you _ > >>> > >> > >> That's the proposed solution for it. I don't think that you need > >> the docbase - unless you don't use the default location. > >> > >> I think you will have to quote the . in the ip with backslash, > >> like >> className="org.apache.catalina.valves.RemoteAddrValve" > >> allow="10\.100\.17\.33|10\.100\.88\.92" /> > >> > >> Best regards > >> > >> Peter > >> > > > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBCAAGBQJXzv0QAAoJEBzwKT+lPKRYzmAP/j8dKzBSD6tVZ/BgIy+zMugt > sSKse+GWF52mPs3bhTx6Mghil0pLxCL8kROHUVVPrq8DknGf81qaSsxCqEgi7r6r > ZnK8YYG0GAVFbUjDHcBGDtD4jGV+S7Vwfp7CxJqdpuM2XAzU/EX+A2vwsDxm96Hg > bNhZ0Dv1xeErKzH+X6zcEeqSGXS411dxfH86zpoQrispygSEzFQ4eZ+qXcg/39rO > ukN2L6gkeN0wo4rqLTTIEOz/qoIqWjB7Oi+DQFEZWxSQuFeM2XHZ6XcVR7W6D+zN > AmiKuFQp6jrsmnpIaWWdLk5BGAogb0aGTE6sgBhYuutLvB9JA4XqCq57fzlR8y58 > eR2hoTlEdqs8hSvllOBpyYoZdoOlpdCEHoTc/6LEMP+JIFL7QAy+/wQNXJv8XeQ7 > BKFlkSceNvRWLdYFi4q2aVIgr1ZtgzP5VwZjMNVyeO5/oYzKp0PS7+3s52rBs3At > Jj7WuqUDob6ZMp5Q4DgM2SCK1xe0Q1bgooJMC8zaxyyzfPcY1i3DiIls/RTXPd47 > fGnHEIHSrkDbsMq3Jxr+3pCWukZqRsnWcMIzORRHWEGlDF2NidnC5h1M7y0p7yhO > erjwuLmDwwNZzpWMhjjMPB6avoiy46wa+lhIjbCyuCLiJGp1gIkFfcIUsvXxkKFq > BYUo344Ks4Vjvk40V1Nz > =gIMk > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Using server Web.xml Mime Types Data
George, As I recall, anything in the server's web.xml is merged with the application's web.xml unless overridden by the applications own settings, i.e. if not defined in the app web.xml file. Was there something specific you were asking that didn't come across in your question? Jeff > -Original Message- > From: George Sexton [mailto:geor...@mhsoftware.com] > Sent: Tuesday, September 06, 2016 6:59 PM > To: Tomcat Users List > Subject: Using server Web.xml Mime Types Data > > Is there any easy way that I can use the mime types in the Tomcat server > level web.xml file? > > I know I can parse the XML myself, I was just wondering if there's a way > to get the data already defined. > > > -- > George Sexton > *MH Software, Inc.* > Voice: 303 438 9585 > http://www.connectdaily.com
Re: Tomcat 8.5 Regarding PostResources for Web-Inf\lib and Web-Inf\classes
Thank you for updating the documentation. This helps a lot with clarifying how Resources work -- View this message in context: http://tomcat.10.x6.nabble.com/Tomcat-8-5-Regarding-PostResources-for-Web-Inf-lib-and-Web-Inf-classes-tp5053929p5054838.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 8.5 Regarding PostResources for Web-Inf\lib and Web-Inf\classes
On 05/09/2016 20:14, Mark Thomas wrote: > On 03/09/2016 14:07, vimil wrote: >> I looked at tomcat 8 source code to determine how the class loader resolves >> libraries and class folders specified in post resources. >> >> if the order of post resources is as follows >> >> > className="org.apache.catalina.webresources.DirResourceSet" >> webAppMount="/WEB-INF/classes"/> >> >> > className="org.apache.catalina.webresources.FileResourceSet" >> webAppMount="/WEB-INF/lib/library1.jar"/> >> >> then the class loader looks for classes in library1.jar before it looks for >> classes in D:\Projects\external\classes >> >> which seems counterintuitive. > > Yes, it is. > > Under the covers, the contents of JARs are mapped to /WEB-INF/classes > much like you have done in your work-around. The difference is that the > set of resources they are added to is higher in the search priority than > the PostResources. > > I'm not sure if there is an easy way to fix this. I need to look at the > code some more. If there isn't an easy fix, your work-around is the way > to go. It is fixable but as I thought about it some more I reached the conclusion that fixing this was the wrong thing to do. By leaving the behaviour as it is - and documenting it more clearly - users retain the option to select the behaviour that best suits there needs. I have, therefore, updated the docs for 9.0.0.M11, 8.5.6 and 8.0.38 to explain the differences in behaviour. Mark > > Mark > > >> >> I worked around this issue by specifying PostResources as follows. >> >> > className="org.apache.catalina.webresources.DirResourceSet" >> webAppMount="/WEB-INF/classes"/> >> >> > className="org.apache.catalina.webresources.JarResourceSet" >> webAppMount="/WEB-INF/classes"/> >> >> Do you think my issue is valid, or I just have to configure resources the >> way I showed above to get correct ordering when resolving classes? >> >> >> >> >> -- >> View this message in context: >> http://tomcat.10.x6.nabble.com/Tomcat-8-5-Regarding-PostResources-for-Web-Inf-lib-and-Web-Inf-classes-tp5053929p5054690.html >> Sent from the Tomcat - User mailing list archive at Nabble.com. >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat8 unable to load the Resource/property file from jar
Hi, Recently we have upgraded the one of application from tomcat6.x to tomcat8.0.36 version. In tomcat6, i was able to read the property/resource file from the jar file but certain reasons after upgrading to the tomca8.0.36 its failing to load. My jar: auth.jar com/trianz/auth/*.java com/trianz/auth/auth.properties //failing code, here url always getting null value. URL url = Auth.class.getClassLoader().getResource("com/trianz/auth/auth.properties"); I am sure by looking at the tomcat catalina.startup logs the auth.jar is loading properly Is there any way to confirm the file in classpath "com/trianz/auth/auth.properties"? How do I fix this? Many Thanks in advance.
Restricted Access to Tomcat Manager Caused Database Issues
Hello, Tomcat: 8.0.22 Java: jdk1.8.0_05 I recently restricted access to my Tomcat Manager App by: 1) Changing the name of the manager app. 2) Block access to the manager app by IP address. I did the following: A) Stopped Tomcat B) Simply renamed the manager app in $CATALINA_BASE/webapps by executing the linux command "mv manager somename". C) Adding a file to the path $CATALINA_BASE/conf/Catalina/[hostname] named "somename.xml" which contained the following context element to restrict access to the manager app: D) Start Tomcat This caused my web application to loose access to the database (as if the web applications Context element located in /webapps/myapp/META-INF/context.xml was overridden or something). Does anyone have any suggestions on what's going on? My host is called localhost. Thanks. adding a file to the path $CATALINA_BASE/conf/Catalina/[hostname] named