AW: logging to syslog
Many thx for you hint. Where is the right place for this configuration, to log all messages from catalina.out to syslog. (I use Debian) -Ursprüngliche Nachricht- Von: Chandrashekar H.S [mailto:schan...@kodiakptt.com] Gesendet: Mittwoch, 15. Februar 2017 04:38 An: Tomcat Users List Betreff: RE: logging to syslog Yes, Its possible, using the below log4j configuration. http://jakarta.apache.org/log4j/;> --Chandra -Original Message- From: Schöke, Karsten [mailto:karsten.scho...@geobasis-bb.de] Sent: Tuesday, February 14, 2017 7:21 PM To: users@tomcat.apache.org Subject: logging to syslog Hello, it' possible that all messages in catalina.out also log to syslog? I use tomcat7 under Debian Jessie. Thx Karsten - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: logging to syslog
Yes, Its possible, using the below log4j configuration. http://jakarta.apache.org/log4j/;> --Chandra -Original Message- From: Schöke, Karsten [mailto:karsten.scho...@geobasis-bb.de] Sent: Tuesday, February 14, 2017 7:21 PM To: users@tomcat.apache.org Subject: logging to syslog Hello, it' possible that all messages in catalina.out also log to syslog? I use tomcat7 under Debian Jessie. Thx Karsten - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JIO Connector support in Tomcat 8.5
Any suggestions on this? Could the Tomcat NIO connector be modified to receive the file descriptor from the other process ( mentioned below)? Thanks, Amit Original Message Subject: Re: JIO Connector support in Tomcat 8.5 From: Amit PandeDate: Feb 13, 2017, 19:20 To: Tomcat Users List Thanks for a quick reply. What does our custom connector do? Well, we have a server program which is listening on a port which is mandatory to be open/accessible for the outside world. Outside world only talks to this component which in turn hands off (dup system call) the socket to the other processes. Tomcat being one such process. Our custom connector accepts the handed-off socket and then resumes the normal processing done by Tomcat. Now for NIO connector, seems we need to have a custom implementation of the SocketChannel but not sure how it might work. Thanks, Amit Original Message Subject: Re: JIO Connector support in Tomcat 8.5 From: Christopher Schultz Date: Feb 13, 2017, 18:58 To: Tomcat Users List -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Amit, On 2/13/17 6:55 PM, Amit Pande wrote: > As I understand, the JIO/BIO connector support has been dropped in > Tomcat 8.5 +. Correct. > While I understand the need to push to the NIO based connectors, > just wondering whether the JIO connector support could have been > left as it in Tomcat 8.5 and beyond. No. > We had extended the BIO connector to have a custom implementation > and that is broken now once we move to latest Tomcat versions. You will have to figure something out. Why did you need to create your own connector? > We're evaluating refactoring our custom connector but would > appreciate if there are any suggestions to get the BIO > implementation going even in 8.5 and beyond so that our custom > connector's functionality isn't regressed. BIO is problematic because of many requirements for non-blocking behavior. It's easy to emulate blocking behavior (e.g. ServletRequest.getInputStream) based upon non-blocking building blocks (e.g. NIO connector) but next to impossible to emulate non-blocking behavior (websocket, comet, etc.) using blocking building blocks (BIO connector). Unfortunately, the reality is that a blocking I/O connector is no longer feasible for Tomcat. So... what does your custom connector do? Perhaps there's a better way to achieve your goal, or perhaps Tomcat's connectors could be re-factored to make it easier to customize something specific for you without having to re-write the whole connector. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYolY6AAoJEBzwKT+lPKRYpCEQALefIMml43cS3r254mGE/pFS +QWDnaPG2t96oXM8GExUWm6jGBCGarxt7FBxxku112DS8+5NzkmEmP8BdkAkOIeN 7p/1jiGhZ4Koz7ER4JUzAXbbSFmJBjOXWfxYPzecZHrBBdfndoBx2PWRe/Ew4LNY ujJLSwZWuUSlZu1CBzPT/UU0klthqRRsfHH8JrHe64Jm+qZuPIITjr0G15IYSEU3 SihVCFMmA//yQfRb8rNN9UCM8lYYtu4oYwiythPNt30wz0e5XzOemyX+f/MMlFyD yWrKlOI9x+g9OVoMNSYvsq+9EO/TTzTW6mWtW26rnHskEz0i/98QIVqg9XIRIvrM 3mPq6Ufuq6Aq75WIVtJcKUe4voDu9KSmOHb7AKsLPFrB6WbzDluSSWD3VpxM/q5R gluvGG9CcCIRl1ie1ljg3qO90ZPno38RuQl+vxKSsGlY5t/mSce1M4ffBgJdg/T7 GpKZ/+GYTUuDg/jE+9pav/yO2mx8Hj/Oo6TvGCACT4o+sRXtceORcq93c8npCT0L 4+jvS2aJT0Gud3jn2gZ9qZnXGdFWdq59LTnZ1/s6p9gGHglCtWBx9j3fMkS53y1y 41giiY9GXKuEzyHUlSaTT3rLucJCzcJWvHi/k1muqclUn5/Ht2NVHXoLmxVPxgzL K0bIRYJ9K2R/ou+6YPiV =zu1M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mapping Multiple LDAP Groups to a J2EE Role
Thank you. I was able to get it working. On Tue, Feb 14, 2017 at 6:04 PM, Aurélien Terrestriswrote: > hi > > The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1, > Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a > very same role. It's done with a security-role-ref tag, as explained by > these JSR : > > > **For example, to map the security role reference "FOO" to the security > role with role-name "manager" the syntax would be > > > FOO > manager > > > In this case, if a servlet called by a user belonging to the "manager" > security role were to call isUserInRole("FOO") the result would be true** > > Of course you still need a Realm in the conf/server.xml, a security > constraint and a login-config in the webapp's web.xml > > I didn't try myself, but you can ask if you're still in trouble. > > best regards > A.T. > > > > > > > > 2017-01-26 23:01 GMT+01:00 John Trump : > > > Thi is what the product specifies: > > > > In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz > > Team Server environment. However, if your Jazz Team Server runs on Apache > > Tomcat application server and Tomcat does not support mapping multiple > LDAP > > groups to a J2EE role, you cannot map multiple groups to one role. > > > > In this case, I am guessing it would mean I I have 3 LDAP groups (group1, > > group2, group3) and I would need to map those LDAP groups to 1 single > role, > > o.e. jazzuser or jazzadmin. > > > > On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris < > > aterrest...@gmail.com> > > wrote: > > > > > Hi John > > > > > > do you mean that a same user would be found in different groups ? Or do > > you > > > have different roles, with each role being in its own group ? > > > > > > > > > > > > > > > > > > > > > > > > 2017-01-26 18:39 GMT+01:00 John Trump : > > > > > > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to > use > > > LDAP > > > > for authentication but need to confirm that tomcat supports mapping > > > > multiple LDAP groups to a J2EE role. > > > > > > > > I have looked through the documentation but am still not sure if this > > is > > > > supported. Any help or insight would be greatly appreciated. > > > > > > > > > >
Re: Mapping Multiple LDAP Groups to a J2EE Role
hi The JSR 315 ( = Servlet 3.0 , Tomcat 7 ) and JSR 340 ( = Servlet 3.1, Tomcat 8.0 / 8.5 ) are saying the same thing about multiple names for a very same role. It's done with a security-role-ref tag, as explained by these JSR : **For example, to map the security role reference "FOO" to the security role with role-name "manager" the syntax would be FOO manager In this case, if a servlet called by a user belonging to the "manager" security role were to call isUserInRole("FOO") the result would be true** Of course you still need a Realm in the conf/server.xml, a security constraint and a login-config in the webapp's web.xml I didn't try myself, but you can ask if you're still in trouble. best regards A.T. 2017-01-26 23:01 GMT+01:00 John Trump: > Thi is what the product specifies: > > In many cases, you can map multiple LDAP groups to a Jazz role in a Jazz > Team Server environment. However, if your Jazz Team Server runs on Apache > Tomcat application server and Tomcat does not support mapping multiple LDAP > groups to a J2EE role, you cannot map multiple groups to one role. > > In this case, I am guessing it would mean I I have 3 LDAP groups (group1, > group2, group3) and I would need to map those LDAP groups to 1 single role, > o.e. jazzuser or jazzadmin. > > On Thu, Jan 26, 2017 at 4:18 PM, Aurélien Terrestris < > aterrest...@gmail.com> > wrote: > > > Hi John > > > > do you mean that a same user would be found in different groups ? Or do > you > > have different roles, with each role being in its own group ? > > > > > > > > > > > > > > > > 2017-01-26 18:39 GMT+01:00 John Trump : > > > > > I am installing IBM's DOORS NG with Tomcat 8.0.41. I would like to use > > LDAP > > > for authentication but need to confirm that tomcat supports mapping > > > multiple LDAP groups to a J2EE role. > > > > > > I have looked through the documentation but am still not sure if this > is > > > supported. Any help or insight would be greatly appreciated. > > > > > >
Re: Code signing WAR and verification
On 14 February 2017 13:55:33 GMT+00:00, ramnarwrote: >Is this feature implemented in tomcat 8 or still in pipeline https://bz.apache.org/bugzilla/show_bug.cgi?id=52489 Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: logging to syslog
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Karsten, On 2/14/17 8:51 AM, Schöke, Karsten wrote: > Hello, > > it' possible that all messages in catalina.out also log to syslog? > I use tomcat7 under Debian Jessie. I think your best bet is to use log4j as your server logger and use their SyslogAppender. But Tomcat doesn't directly-support logging to syslog. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJYox2tAAoJEBzwKT+lPKRY5boQAIDISEk5+V8gAqUU1cdbV/OY UhwD/dSFd3Iofg6ynHBoMdh64NstbWWFytqqXLZ86bAcsITJ4DBo55oqpiS0n0ki 5aMaaCKKmGIfQFsGl+gk7YKdYWrq2wbv4MHkdcArQc14A/gxiy130S8y/FD8aqr/ CtXkLeMj+qXqwC8CBasqBMQ8laF/Thj1reWy/9x1/xQNzASchHA2KHaqWb1atUed timQMga9t97W3FDxDv68tCcgftS1FEid1PvamjH8r2BPJbxxtTKvhnZl5rReSp6m +ckzHfKpv4kt1tEK/ta0AaVeKKa3sc8UQDtXBifOMKYoiYTCjKHoEncFCvsVMXED iGstDBYWDfa+caoW/cosq9ZkyRrP/Qkh1N50wmVz5W9OMTcSzr4qihTDsLz9aZkY uGZpx8sc5konXPR+9apc3cRf5uOmwsG1AjqYUfuynYai1VWfdtBFW35AUZf0AhDO Fex/fxQFWCdfZ1mhq4GmM5/y7F7JQc0pbjScXzXfPxrl6xTvml40TdwA5n74okfv 2GDiSVWoSIn9ps/e3lB4/r40JQ9oDzGuDOa/tjtgQ+d578pgf8qQjKkBfLqK/Oxd z2T/OD8dN75zORi1uwKkYWr6K1R+ojuxzFuxh5VuLyBAvTTYFYlLzBECIF63vPuN 9vOhIybBnfzZGUzzVs66 =xd3v -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Code signing WAR and verification
Is this feature implemented in tomcat 8 or still in pipeline -- View this message in context: http://tomcat.10.x6.nabble.com/Code-signing-WAR-and-verification-tp5053711p5060436.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
logging to syslog
Hello, it' possible that all messages in catalina.out also log to syslog? I use tomcat7 under Debian Jessie. Thx Karsten
Re: RE : RE : Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8
On 13.02.2017 22:11, Stéphane Laurencelle wrote: De : Tiago Oliveira [tiago.olive...@behoh.com] Envoyé : 13 février 2017 14:15 À : Tomcat Users List Objet : Re: RE : Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8 I had a similar problem same problem, solved by adding creating a at inside conf/Catalina/localhost/manager.xml contents: 2017-02-13 14:42 GMT-03:00 André Warnier (tomcat): Hi. Maybe first : on this list, it is recommended to NOT "top-post", but respond below the previous intervention. See : http://tomcat.apache.org/lists.html#tomcat-users #6 (It just makes it easier to follow the conversation, and to see previous answers) Scroll down.. On 13.02.2017 17:57, Stéphane Laurencelle wrote: De : André Warnier (tomcat) [a...@ice-sa.com] Envoyé : 13 février 2017 11:49 À : users@tomcat.apache.org Objet : Re: Problem accessing manager on tomcat 8.5.11 on oracle linux 6.8 On 13.02.2017 17:13, Stéphane Laurencelle wrote: Hello, have made a brand new Tomcat 8.5.11 install on oracle linux 6.8 and 7.3 ad i got the same problem on both i am not able to access the manager page from my pc browser. I read that by default this function is disable by default but i would like what i need to do to be able form my pc to access it on my tomcat server on linux. i can access the tomcat server page but when i click to access the manager i got this error : HTTP Status 404 - /manager/html type Status report message /manager/html description The requested resource is not available. Hope you can help me Hope so too :-) First, since this is under Linux, and you may have installed tomcat via the standard Linux package manager (and not from the "official tomcat" installer found at tomcat.apache.org), verify if you have really installed *all* the tomcat packages. The tomcat Manager app may be located in another package than "tomcat", for example under Linux Debian it would probably be in the "tomcat8-admin" package. The fact that you are getting a 404 Not Found error would tend to indicate something like that. Hello André, i install from bin source package apache-tomcat-8.5.11.tar.gz and did a make to create the install so no i did not install it from rpm or yum on the linux platform so normally everything should have been in that install. stephane Ok then, the next things to check : 1) under the "webapps" directory of tomcat, there should at least be a "ROOT" sub-directory, and a "manager" sub-directory. Are they there ? 2) in the tomcat logs, after you start tomcat, there should be some clear message about the deployment of the manager application. Something like : INFO: Deploying web application directory manager Do you see that ? Does it mention any problem ? Hello Tiago and André, Tiago I already have a manager.xml file under this directory. and André, the directory are existing and in the tomcat logs i see that he is able to do the deployment of the manager and host-manager with no error. One things maybe you forgot is that my tomcat is using an apache 2.4 server to give access to those webpage with proxy module. Did I forget that, or did you forget to mention that initially ? I don't see anything above where that was ever mentioned before. So anyway, then the next question is : when you get this 404 error page, does it look like a tomcat error page, or like an Apache httpd error page ? (The look is quite distinct, with the tomcat page having a definite "java look" to it). And some other questions : - if you have an Apache httpd in front, with a proxy module forwarding some/all HTTP requests to the back-end tomcat, what proxy module is being used ? There are 3 possibilities : - mod_proxy + mod_proxy_http - mod_proxy + mod_proxy_ajp - mod_jk And in any case above, there must be, in the Apache httpd configuration, some directives which indicate what kind of HTTP request should be forwarded to the back-end tomcat. (They are somewhat different for each of the options above, which is why I am asking which one you are using). If you know what there are, copy and paste them here, it will save time. And yet another question : In your tomcat's configuration file "server.xml", there are items defined with the tag. Can you copy and paste here these Connector elements (the ones which are not commented-out) ? (Note : I do say above "copy and paste", because this list strips most attachments; so do not just attach your server.xml or your Apache configuration files). And, as ever : look in the logfiles. Both Apache httpd and tomcat produce detailed error logfiles (thanks to the efforts of their clever developers). A 404 response is an error, so it is mentioned in one of these logfiles. If it is mentioned in the Apache httpd logfile, then it is at the Apache level that something is wrong. If it is not mentioned in the Apache httpd