AW: logging to syslog

[Schöke , Karsten]

Many thx for you hint.
Where is the right place for this configuration, to log all messages from 
catalina.out to syslog.
(I use Debian)

-Ursprüngliche Nachricht-
Von: Chandrashekar H.S [mailto:schan...@kodiakptt.com] 
Gesendet: Mittwoch, 15. Februar 2017 04:38
An: Tomcat Users List
Betreff: RE: logging to syslog

Yes,
Its possible, using the below log4j configuration.

 http://jakarta.apache.org/log4j/;>

 
 
 
  
  

  
   
 

 
  
  

  










--Chandra

-Original Message-
From: Schöke, Karsten [mailto:karsten.scho...@geobasis-bb.de]
Sent: Tuesday, February 14, 2017 7:21 PM
To: users@tomcat.apache.org
Subject: logging to syslog

Hello,

it' possible that all messages in catalina.out also log to syslog?
I use tomcat7 under Debian Jessie.

Thx
Karsten


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: logging to syslog

[Chandrashekar H . S]

Yes,
Its possible, using the below log4j configuration.


http://jakarta.apache.org/log4j/;>

 
 
 
  
  
 
  
   
 

 
  
  
 
  










--Chandra

-Original Message-
From: Schöke, Karsten [mailto:karsten.scho...@geobasis-bb.de] 
Sent: Tuesday, February 14, 2017 7:21 PM
To: users@tomcat.apache.org
Subject: logging to syslog

Hello,

it' possible that all messages in catalina.out also log to syslog?
I use tomcat7 under Debian Jessie.

Thx
Karsten


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: JIO Connector support in Tomcat 8.5

[Amit Pande]

Any suggestions on this?

Could the Tomcat NIO connector be modified to receive the file descriptor from 
the other process ( mentioned below)?

Thanks,

Amit

 Original Message 

Subject: Re: JIO Connector support in Tomcat 8.5

From: Amit Pande 

Date: Feb 13, 2017, 19:20

To: Tomcat Users List 

Thanks for a quick reply.

What does our custom connector do?

Well, we have a server program which is listening on a port which is mandatory 
to be open/accessible for the outside world. Outside world only talks to this 
component which in turn hands off (dup system call) the socket to the other 
processes. Tomcat being one such process.

Our custom connector accepts the handed-off socket and then resumes the normal 
processing done by Tomcat.

Now for NIO connector, seems we need to have a custom implementation of the 
SocketChannel but not sure how it might work.

Thanks,

Amit

 Original Message 

Subject: Re: JIO Connector support in Tomcat 8.5

From: Christopher Schultz 

Date: Feb 13, 2017, 18:58

To: Tomcat Users List 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Amit,

On 2/13/17 6:55 PM, Amit Pande wrote:
> As I understand, the JIO/BIO connector support has been dropped in
> Tomcat 8.5 +.

Correct.

> While I understand the need to push to the NIO based connectors,
> just wondering whether the JIO connector support could have been
> left as it in Tomcat 8.5 and beyond.

No.

> We had extended the BIO connector to have a custom implementation
> and that is broken now once we move to latest Tomcat versions.

You will have to figure something out.

Why did you need to create your own connector?

> We're evaluating refactoring our custom connector but would
> appreciate if there are any suggestions to get the BIO
> implementation going even in 8.5 and beyond so that our custom
> connector's functionality isn't regressed.

BIO is problematic because of many requirements for non-blocking
behavior. It's easy to emulate blocking behavior (e.g.
ServletRequest.getInputStream) based upon non-blocking building blocks
(e.g. NIO connector) but next to impossible to emulate non-blocking
behavior (websocket, comet, etc.) using blocking building blocks (BIO
connector).

Unfortunately, the reality is that a blocking I/O connector is no
longer feasible for Tomcat.

So... what does your custom connector do? Perhaps there's a better way
to achieve your goal, or perhaps Tomcat's connectors could be
re-factored to make it easier to customize something specific for you
without having to re-write the whole connector.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYolY6AAoJEBzwKT+lPKRYpCEQALefIMml43cS3r254mGE/pFS
+QWDnaPG2t96oXM8GExUWm6jGBCGarxt7FBxxku112DS8+5NzkmEmP8BdkAkOIeN
7p/1jiGhZ4Koz7ER4JUzAXbbSFmJBjOXWfxYPzecZHrBBdfndoBx2PWRe/Ew4LNY
ujJLSwZWuUSlZu1CBzPT/UU0klthqRRsfHH8JrHe64Jm+qZuPIITjr0G15IYSEU3
SihVCFMmA//yQfRb8rNN9UCM8lYYtu4oYwiythPNt30wz0e5XzOemyX+f/MMlFyD
yWrKlOI9x+g9OVoMNSYvsq+9EO/TTzTW6mWtW26rnHskEz0i/98QIVqg9XIRIvrM
3mPq6Ufuq6Aq75WIVtJcKUe4voDu9KSmOHb7AKsLPFrB6WbzDluSSWD3VpxM/q5R
gluvGG9CcCIRl1ie1ljg3qO90ZPno38RuQl+vxKSsGlY5t/mSce1M4ffBgJdg/T7
GpKZ/+GYTUuDg/jE+9pav/yO2mx8Hj/Oo6TvGCACT4o+sRXtceORcq93c8npCT0L
4+jvS2aJT0Gud3jn2gZ9qZnXGdFWdq59LTnZ1/s6p9gGHglCtWBx9j3fMkS53y1y
41giiY9GXKuEzyHUlSaTT3rLucJCzcJWvHi/k1muqclUn5/Ht2NVHXoLmxVPxgzL
K0bIRYJ9K2R/ou+6YPiV
=zu1M
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Mapping Multiple LDAP Groups to a J2EE Role

[John Trump]

Thank you. I was able to get it working.

On Tue, Feb 14, 2017 at 6:04 PM, Aurélien Terrestris 
wrote:

> hi
>
> The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1,
> Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a
> very same role. It's done with a security-role-ref tag, as explained by
> these JSR :
>
>
> **For example, to map the security role reference "FOO" to the security
> role with role-name "manager" the syntax would be
>
> 
> FOO
> manager
> 
>
> In this case, if a servlet called by a user belonging to the "manager"
> security role were to call isUserInRole("FOO") the result would be true**
>
> Of course you still need a Realm in the conf/server.xml, a security
> constraint and a login-config in the webapp's web.xml
>
> I didn't try myself, but you can ask if you're still in trouble.
>
> best regards
> A.T.
>
>
>
>
>
>
>
> 2017-01-26 23:01 GMT+01:00 John Trump :
>
> > Thi is what the product specifies:
> >
> >  In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz
> > Team Server environment. However, if your Jazz Team Server runs on Apache
> > Tomcat application server and Tomcat does not support mapping multiple
> LDAP
> > groups to a J2EE role, you cannot map multiple groups to one role.
> >
> > In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> > group2, group3) and I would need to map those LDAP groups to 1 single
> role,
> > o.e. jazzuser or jazzadmin.
> >
> > On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> > aterrest...@gmail.com>
> > wrote:
> >
> > > Hi John
> > >
> > > do you mean that a same user would be found in different groups ? Or do
> > you
> > > have different roles, with each role being in its own group ?
> > >
> > >
> > >
> > >
> > >
> > >
> > >
> > > 2017-01-26 18:39 GMT+01:00 John Trump :
> > >
> > > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to
> use
> > > LDAP
> > > > for authentication but need to confirm that tomcat supports mapping
> > > > multiple LDAP groups to a J2EE role.
> > > >
> > > > I have looked through the documentation but am still not sure if this
> > is
> > > > supported. Any help or insight would be greatly appreciated.
> > > >
> > >
> >
>

Re: Mapping Multiple LDAP Groups to a J2EE Role

[Aurélien Terrestris]

hi

The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1,
Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a
very same role. It's done with a security-role-ref tag, as explained by
these JSR :


**For example, to map the security role reference "FOO" to the security
role with role-name "manager" the syntax would be


FOO
manager


In this case, if a servlet called by a user belonging to the "manager"
security role were to call isUserInRole("FOO") the result would be true**

Of course you still need a Realm in the conf/server.xml, a security
constraint and a login-config in the webapp's web.xml

I didn't try myself, but you can ask if you're still in trouble.

best regards
A.T.







2017-01-26 23:01 GMT+01:00 John Trump :

> Thi is what the product specifies:
>
>  In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz
> Team Server environment. However, if your Jazz Team Server runs on Apache
> Tomcat application server and Tomcat does not support mapping multiple LDAP
> groups to a J2EE role, you cannot map multiple groups to one role.
>
> In this case, I am guessing it would mean I I have 3 LDAP groups (group1,
> group2, group3) and I would need to map those LDAP groups to 1 single role,
> o.e. jazzuser or jazzadmin.
>
> On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris <
> aterrest...@gmail.com>
> wrote:
>
> > Hi John
> >
> > do you mean that a same user would be found in different groups ? Or do
> you
> > have different roles, with each role being in its own group ?
> >
> >
> >
> >
> >
> >
> >
> > 2017-01-26 18:39 GMT+01:00 John Trump :
> >
> > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use
> > LDAP
> > > for authentication but need to confirm that tomcat supports mapping
> > > multiple LDAP groups to a J2EE role.
> > >
> > > I have looked through the documentation but am still not sure if this
> is
> > > supported. Any help or insight would be greatly appreciated.
> > >
> >
>

Re: Code signing WAR and verification

[Mark Thomas]

On 14 February 2017 13:55:33 GMT+00:00, ramnar  wrote:
>Is this feature implemented in tomcat 8 or still in pipeline


https://bz.apache.org/bugzilla/show_bug.cgi?id=52489

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: logging to syslog

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Karsten,

On 2/14/17 8:51 AM, Schöke, Karsten wrote:
> Hello,
> 
> it' possible that all messages in catalina.out also log to syslog? 
> I use tomcat7 under Debian Jessie.

I think your best bet is to use log4j as your server logger and use
their SyslogAppender.

But Tomcat doesn't directly-support logging to syslog.

- -chris
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJYox2tAAoJEBzwKT+lPKRY5boQAIDISEk5+V8gAqUU1cdbV/OY
UhwD/dSFd3Iofg6ynHBoMdh64NstbWWFytqqXLZ86bAcsITJ4DBo55oqpiS0n0ki
5aMaaCKKmGIfQFsGl+gk7YKdYWrq2wbv4MHkdcArQc14A/gxiy130S8y/FD8aqr/
CtXkLeMj+qXqwC8CBasqBMQ8laF/Thj1reWy/9x1/xQNzASchHA2KHaqWb1atUed
timQMga9t97W3FDxDv68tCcgftS1FEid1PvamjH8r2BPJbxxtTKvhnZl5rReSp6m
+ckzHfKpv4kt1tEK/ta0AaVeKKa3sc8UQDtXBifOMKYoiYTCjKHoEncFCvsVMXED
iGstDBYWDfa+caoW/cosq9ZkyRrP/Qkh1N50wmVz5W9OMTcSzr4qihTDsLz9aZkY
uGZpx8sc5konXPR+9apc3cRf5uOmwsG1AjqYUfuynYai1VWfdtBFW35AUZf0AhDO
Fex/fxQFWCdfZ1mhq4GmM5/y7F7JQc0pbjScXzXfPxrl6xTvml40TdwA5n74okfv
2GDiSVWoSIn9ps/e3lB4/r40JQ9oDzGuDOa/tjtgQ+d578pgf8qQjKkBfLqK/Oxd
z2T/OD8dN75zORi1uwKkYWr6K1R+ojuxzFuxh5VuLyBAvTTYFYlLzBECIF63vPuN
9vOhIybBnfzZGUzzVs66
=xd3v
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Code signing WAR and verification

[ramnar]

Is this feature implemented in tomcat 8 or still in pipeline



--
View this message in context: 
http://tomcat.10.x6.nabble.com/Code-signing-WAR-and-verification-tp5053711p5060436.html
Sent from the Tomcat - User mailing list archive at Nabble.com.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

logging to syslog

[Schöke , Karsten]

Hello,

it' possible that all messages in catalina.out also log to syslog?
I use tomcat7 under Debian Jessie.

Thx
Karsten

Re: RE : RE : Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8

[tomcat]

On 13.02.2017 22:11, Stéphane Laurencelle wrote:


De : Tiago Oliveira [tiago.olive...@behoh.com]
Envoyé : 13 février 2017 14:15
À : Tomcat Users List
Objet : Re: RE : Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8

I had a similar problem same problem, solved by adding creating a at inside
conf/Catalina/localhost/manager.xml

contents:



















2017-02-13 14:42 GMT-03:00 André Warnier (tomcat) :


Hi.

Maybe first : on this list, it is recommended to NOT "top-post", but
respond below the previous intervention.
See : http://tomcat.apache.org/lists.html#tomcat-users   #6

(It just makes it easier to follow the conversation, and to see previous
answers)
Scroll down..

On 13.02.2017 17:57, Stéphane Laurencelle wrote:




De : André Warnier (tomcat) [a...@ice-sa.com]
Envoyé : 13 février 2017 11:49
À : users@tomcat.apache.org
Objet : Re: Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8

On 13.02.2017 17:13, Stéphane Laurencelle wrote:


Hello,

have made a brand new Tomcat 8.5.11 install on oracle linux 6.8 and 7.3
ad i got the same problem on both i am not able to access the manager page
from my pc browser.

I read that by default this function is disable by default but i would
like what i need to do to be able form my pc to access it on my tomcat
server on linux.

i can access the tomcat server page  but when i click to access the
manager i got this error :

HTTP Status 404 - /manager/html

type Status report

message /manager/html

description The requested resource  is not available.

Hope you can help me



Hope so too :-)

First, since this is under Linux, and you may have installed tomcat via
the standard Linux
package manager (and not from the "official tomcat" installer found at
tomcat.apache.org),
verify if you have really installed *all* the tomcat packages.
The tomcat Manager app may be located in another package than "tomcat",
for example under
Linux Debian it would probably be in the "tomcat8-admin" package.
The fact that you are getting a 404 Not Found error would tend to
indicate something like
that.

Hello André,

i install from bin source package apache-tomcat-8.5.11.tar.gz
and did a make to create the install so no i did not install it from rpm
or yum on the linux platform so normally everything should have been in
that install.

stephane



Ok then, the next things to check :

1) under the "webapps" directory of tomcat, there should at least be a
"ROOT" sub-directory, and a "manager" sub-directory. Are they there ?

2) in the tomcat logs, after you start tomcat, there should be some clear
message about the deployment of the manager application.
Something like :
INFO: Deploying web application directory manager

Do you see that ?
Does it mention any problem ?



Hello Tiago and André,

Tiago I already have a manager.xml file under this directory.

and André, the directory are existing and in the tomcat logs i see that he is 
able to do the deployment of the manager and host-manager with no error.

One things maybe you forgot is that my tomcat is using an apache 2.4 server to 
give access to those webpage with proxy module.



Did I forget that, or did you forget to mention that initially ? I don't see anything 
above where that was ever mentioned before.


So anyway, then the next question is :
when you get this 404 error page, does it look like a tomcat error page, or like an Apache 
httpd error page ? (The look is quite distinct, with the tomcat page having a definite 
"java look" to it).


And some other questions :
- if you have an Apache httpd in front, with a proxy module forwarding some/all HTTP 
requests to the back-end tomcat, what proxy module is being used ?

There are 3 possibilities :
- mod_proxy + mod_proxy_http
- mod_proxy + mod_proxy_ajp
- mod_jk
And in any case above, there must be, in the Apache httpd configuration, some directives 
which indicate what kind of HTTP request should be forwarded to the back-end tomcat.
(They are somewhat different for each of the options above, which is why I am asking which 
one you are using).

If you know what there are, copy and paste them here, it will save time.

And yet another question :
In your tomcat's configuration file "server.xml", there are items defined with the 
 tag. Can you copy and paste here these Connector elements (the ones which are 
not commented-out) ?


(Note : I do say above "copy and paste", because this list strips most attachments; so do 
not just attach your server.xml or your Apache configuration files).


And, as ever : look in the logfiles. Both Apache httpd and tomcat produce detailed error 
logfiles (thanks to the efforts of their clever developers). A 404 response is an error, 
so it is mentioned in one of these logfiles.
If it is mentioned in the Apache httpd logfile, then it is at the Apache level that 
something is wrong. If it is not mentioned in the Apache httpd