Re: Can we use output/extras/tomcat-juli.jar by default?
ok, found the following: http://issues.apache.org/bugzilla/show_bug.cgi?id=26372 http://issues.apache.org/bugzilla/show_bug.cgi?id=27371 (depended-on) is that the one you mean? we use commons-logging so we've never encountered any of these issues, but now I know a good reason not to use log4j on tomcat, thanks! Mark Thomas wrote: Matthew Kerle wrote: let me know if I read that right... Bill Barker wrote: When you have the log4j jar in WEB-INF/lib, the it ends up being used by Tomcat for some of it's logging. As a result, it can cause memory leaks and other weird errors when a context is stopped and started. This isn't a problem with j.u.l since the classes are loaded by the system classloader. That is why Tomcat decided to use j.u.l for it's internal logging by default. does this mean that including log4j in my deployment WAR could potentially cause memory leaks and problems with tomcat? I've never heard of this, I thought that log4j played well with others, has anyone else experienced this / are there any links that describe this problem/ Yes. Have a look in Bugzilla for details. Most have been fixed but I think there are still a few scenarios that can cause trouble. FWIW, I use log4j in my own web apps at work and they stay up for months with a fair number of reloads and no obvious memory leaks. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
Hi chris Christopher Schultz wrote: IIRC, JBoss used to use Tomcat as its servlet container. Maybe that's no longer the case. it still is. after my post I had a read through the jboss docs, and apparently it uses embedded tomcat internally as a web container, then the jboss code does all the extra j2ee app server goodness. http://docs.jboss.org/jbossas/getting_started/v4/html/tour.html#d0e627 But I'm a big believer in FOSS the community, so I'd love the chance to contribute something to the tomcat docs, especially if it makes life easier for other hackers like me... JBoss counts as FOSS, right? yup! not criticising jboss at all, and disclaimerI haven't used it yet /disclaimer, but if it already uses tomcat internally and if you're just doing a simple java web app with no ejb etc, then *my opinion* is that tomcat is pretty much the go. Jetty or glassfish may sway me later, but not for a while... thanks! that's just the pointer I need. Question but, if the war is outside the auto-deploy'ing webapps dir, then how do you auto-deploy new wars? You can't. That's one of the prices you pay for playing outside the rules. I don't believe you can, for instance, use the manager app to deploy a WAR along with a separate context.xml file. hmm, ok let's agree to disagree on this point. You have to do it entirely yourself. You'll have to check, but it's possible that Tomcat won't even do auto-redeploy if you update the WAR. There's been a long thread about the (separate) context.xml file being deleted during auto-deploy of outside WAR files (if I understand the thread, which I'm not really following). You might want to read through that for more information. yes, we got bitten by this. we were pretty stumped until we realised that tomcat auto-deletes context.xml on undeploy. bit of a gotcha that one... have you ever used OC4J? Nope. I've been off Oracle since they stopped shipping the JDBC driver as a ZIP file ;) that's a bad thing? I was relieved when they changed to a .jar! (around 9ir2 i think they did that..?) - -chris ps - nice web site, bet you're glad the kitchens done! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat benchmark
I assume you've already Googled what you're looking for and not found anything? What are you after exactly, performance or feature comparison? please be more specific... I assume you're after more than this: http://en.wikipedia.org/wiki/Comparison_of_application_servers Andrew Hole wrote: Someone have a case study wich compare Tomcat with others application servers? Thanks a lot Andrew -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ClassCastException trying to cast MemoryUserDatabase to UserDatabase
(see below for message context) Ok, I've decided on using Http Basic authentication for my web service, and successfully configured tomcat to authenticate against the tomcat-users.xml file to the point where I can access a valid principal. But now I've got another problem.. :-) I tried accessing the userDatabase which represents the memoryrealm, and got the below exception. I don't understand this as according to the API doc MemoryUserDatabase is an implementation of UserDatabase, and this is confirmed by looking at the source code for MemoryUserDatabase, which *does* implement that interface! I'm stumped, does anyone know why this might be happening? Or am I doing something the wrong way... //code to get tomcat UserDatabase, copied from ManagerServlet.roles(PrintWriter) from tomcat manager application. Context ic = new InitialContext(); UserDatabase userdb = (UserDatabase )ic.lookup(java:comp/env/users); // - this line causes ClassCastException SEVERE: Fault occurred! java.lang.ClassCastException: org.apache.catalina.users.MemoryUserDatabase cannot be cast to org.apache.catalina.UserDatabase at myapp.service.webservice.ImageServiceImpl.EnumerateLOV(ImageServiceImpl.java:88) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) // stack trace elided... at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) // stack trace elided... at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286) at java.lang.Thread.run(Thread.java:619) //my context.xml Context path=/myapp !-- get access to the tomcat-users.xml database -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context Matthew Kerle wrote: Hi all I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 1.6.0_01, and we need to authenticate access by client applications coming in over SOAP. We're looking at using the tomcat-users.xml file to store user/pwd/role data until the customers Single Sign-On service is ready (which will be when pigs fly, if it keeps going as it has). The application will be deployed internally so we don't need any SSL or digest authentication, we're looking at simple HTTP BASIC or SOAP headers for the client to pass through their auth details. The complication is that we want to allow default access as well as authenticated access, and authenticate against the tomcat-users file. eg - un-authenticated clients can still access the web service url, but get a public role, and authenticated clients get a privileged role. I'm thinking we might be able to do part of that with the following tomcat-users.xml config by having an empty user declaration: tomcat-usersc role rolename=privileged/ user name= password= roles=PUBLIC / user name=priv_user1 password=tomcat roles=privileged / /tomcat-users The question is how to authenticate against the tomcat-user database? I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. Am I on the right track? Or is there a much easier way than what I'm trying to do... thanks! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
oops, also here is my resource definition from my web.xml: !-- Define reference to the user database for looking up roles -- resource-env-ref description Link to the UserDatabase instance from which we request lists of defined role names. Typically, this will be connected to the global user database with a ResourceLink element in server.xml or the context configuration file for the Manager web application. /description resource-env-ref-nameusers/resource-env-ref-name resource-env-ref-type org.apache.catalina.UserDatabase /resource-env-ref-type /resource-env-ref Matthew Kerle wrote: (see below for message context) Ok, I've decided on using Http Basic authentication for my web service, and successfully configured tomcat to authenticate against the tomcat-users.xml file to the point where I can access a valid principal. But now I've got another problem.. :-) I tried accessing the userDatabase which represents the memoryrealm, and got the below exception. I don't understand this as according to the API doc MemoryUserDatabase is an implementation of UserDatabase, and this is confirmed by looking at the source code for MemoryUserDatabase, which *does* implement that interface! I'm stumped, does anyone know why this might be happening? Or am I doing something the wrong way... //code to get tomcat UserDatabase, copied from ManagerServlet.roles(PrintWriter) from tomcat manager application. Context ic = new InitialContext(); UserDatabase userdb = (UserDatabase )ic.lookup(java:comp/env/users); // - this line causes ClassCastException SEVERE: Fault occurred! java.lang.ClassCastException: org.apache.catalina.users.MemoryUserDatabase cannot be cast to org.apache.catalina.UserDatabase at myapp.service.webservice.ImageServiceImpl.EnumerateLOV(ImageServiceImpl.java:88) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) // stack trace elided... at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) // stack trace elided... at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286) at java.lang.Thread.run(Thread.java:619) //my context.xml Context path=/myapp !-- get access to the tomcat-users.xml database -- ResourceLink name=users global=UserDatabase type=org.apache.catalina.UserDatabase/ /Context Matthew Kerle wrote: Hi all I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 1.6.0_01, and we need to authenticate access by client applications coming in over SOAP. We're looking at using the tomcat-users.xml file to store user/pwd/role data until the customers Single Sign-On service is ready (which will be when pigs fly, if it keeps going as it has). The application will be deployed internally so we don't need any SSL or digest authentication, we're looking at simple HTTP BASIC or SOAP headers for the client to pass through their auth details. The complication is that we want to allow default access as well as authenticated access, and authenticate against the tomcat-users file. eg - un-authenticated clients can still access the web service url, but get a public role, and authenticated clients get a privileged role. I'm thinking we might be able to do part of that with the following tomcat-users.xml config by having an empty user declaration: tomcat-usersc role rolename=privileged/ user name= password= roles=PUBLIC / user name=priv_user1 password=tomcat roles=privileged / /tomcat-users The question is how to authenticate against the tomcat-user database? I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. Am I on the right track? Or is there a much easier way than what I'm trying to do... thanks! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
//code Object o = ic.lookup(java:comp/env/users); System.out.println(o.getClass().getName()); // prints : org.apache.catalina.users.MemoryUserDatabase doing instanceof tests on the returned object for MemoryUserDatabase UserDatabase all fail, even though in debug that's clearly what it identifies as. could this be a security manager thing? I notice that in the tomcat manager deployment descriptor it has privileged=true in the Context tag. Are only privileged applications allowed access to the UserDatabase? (this would make sense as you could enumerate all users passwords...) Gregor Schneider wrote: InitialContext.lookup() gives you a simple object: so change your code to Context ic = new InitialContext(); Object o = ic.lookup(java:comp/env/users); set a breakpoint and see, what type of object you're getting back. hth gregor -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
this is weird, check this out: //code (tomcat 5.5.23) java.security.Principal p = request.getUserPrincipal(); System.out.println(p.getClass().getName().equals(MemoryUser.class.getName())); // prints true System.out.println(p.getClass().equals(MemoryUser.class)); //prints false So what this is saying is that the *names* of the classes are the same, but the actual classes are different. this is crazy... Good news is that p.toString() prints out that users details in the form user username=user1 password=pass roles=public/, so I can hack the role names out of that. but that's a very dirty hack and I'm amazed that this is so hard... Does anyone have any input on why this might be so, and/or a better solution to convert the request principal to something I can get rolenames out of? thanks! Matthew Kerle wrote: //code Object o = ic.lookup(java:comp/env/users); System.out.println(o.getClass().getName()); // prints : org.apache.catalina.users.MemoryUserDatabase doing instanceof tests on the returned object for MemoryUserDatabase UserDatabase all fail, even though in debug that's clearly what it identifies as. could this be a security manager thing? I notice that in the tomcat manager deployment descriptor it has privileged=true in the Context tag. Are only privileged applications allowed access to the UserDatabase? (this would make sense as you could enumerate all users passwords...) -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
*** end server.xml *** *** App web.xml except *** resource-ref description JNDI DataSource for [appname] database. (From Oreilly JavaServer Pages, Bergsten, 2nd Ed., page 485) /description res-ref-namejdbc/oponline/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref *** end web.xml *** Thanks Ian -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
Peter, you're exactly right. ***code*** Class c1 = request.getUserPrincipal().getClass(); //get the class of the Principal that tomcat created , which is a MemoryUser instance Class c2 = MemoryUser.class; // get the class loaded by the current loader System.out.println(c1.getClassLoader().getClass.getName()); //prints org.apache.catalina.loader.StandardClassLoader System.out.println(c2.getClassLoader().getClass.getName()); //prints org.apache.catalina.loader.WebappClassLoader Great, so now I've got two different classloaders. Do you know if there's any way I can cast the Principal to a Memoryuser object and use it? do I have to load the MemoryUser class in the current classloader? full kudos for figuring out the problem exactly, I never would have thought of that! ps - This would be entertaining, if only I was the one who got to watch someone else wade through this! Peter Crowther wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] So what this is saying is that the *names* of the classes are the same, but the actual classes are different. this is crazy... I suspect the two classes are being loaded by different classloaders - a common and entertaining* problem in Tomcat and other servlet containers. You can find out by asking each for its classloader and comparing. - Peter * Depending on whether you're watching someone else try to solve the problem, or having to wade through it yourself. Best of luck! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
you're exactly right again. I just checked my project settings, I had to add catalina.jar to the project libraries to get the class to compile, but I'd forgotten to prevent it from being deployed, so there was a copy of catalina.jar in my /WEB-INF/lib, doh! So I configured it to not be deployed, and deleted the existing jar, so now I get a new problem, a NoClassDefFoundError on the MemoryUser class, which is referenced by my code. So now my class doesn't even load!! I have a feeling someone's gone to a fair bit of trouble to make sure I can't load this class! the MemoryUser class is in catalina.jar, which is in the server/lib folder. would I be right in saying that web application code is barred from loading any classes from the server/lib directory? any ideas Peter? org.codehaus.xfire.XFireRuntimeException: Error invoking 'myapp.service.webservice.ImageService.enumerateLOV(java.lang.String)'. Nested exception is java.lang.reflect.InvocationTargetException: null java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.codehaus.xfire.service.invoker.AbstractInvoker.invoke(AbstractInvoker.java:59) ... elided at org.codehaus.xfire.transport.http.XFireServlet.doPost(XFireServlet.java:116) at javax.servlet.http.HttpServlet.service(HttpServlet.java:710) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) ... elided at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1286) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.NoClassDefFoundError: org/apache/catalina/users/MemoryUser at myapp.service.webservice.ImageServiceImpl.enumerateLOV(ImageServiceImpl.java:67) ... 31 more Peter Crowther wrote: Right. So request.getUserPrincipal() returns a class that's loaded by one of Tomcat's classloaders. You need to make sure that when you reference MemoryUser, it's loaded by the same classloader. Thinking aloud here, so apologies to the more experienced folks in the community who will have better ideas... Is MemoryUser.class in any of the jars in your webapp? I'm not entirely sure why there's a second copy of it, loaded by the webapp's classloader, in the system. I'd expect the webapp's classloader to be unable to find the class as your webapp loads and punt the request for the class up the classloader chain, returning the standard classloader's class. But I may be misunderstanding Tomcat's classloaders. - Peter -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
Hi Chris I naively tried relocating the catalina.jar to /common/lib, and got the below error. Peter has a good comment to this problem in his reply, so I'll continue the thread in response to his mail. many thanks! cmd /c C:\servers\apache-tomcat-5.5.23\bin\catalina.bat run Using CATALINA_BASE: C:\Documents and Settings\mkerle\.IntelliJIdea60\system\tomcat_Unnamed_cb722476 Using CATALINA_HOME: C:\servers\apache-tomcat-5.5.23 Using CATALINA_TMPDIR: C:\servers\apache-tomcat-5.5.23\temp Using JRE_HOME:C:\Program Files\Java\jdk1.6.0 Connected to the target VM, address: '127.0.0.1:4958', transport: 'socket' java.lang.NoClassDefFoundError: org/apache/tomcat/util/log/SystemLogHandler at java.lang.Class.getDeclaredConstructors0(Native Method) at java.lang.Class.privateGetDeclaredConstructors(Class.java:2389) at java.lang.Class.getConstructor0(Class.java:2699) at java.lang.Class.newInstance0(Class.java:326) at java.lang.Class.newInstance(Class.java:308) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:225) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:410) Disconnected from the target VM, address: '127.0.0.1:4958', transport: 'socket' Disconnected from server Christopher Schultz wrote: Matt, So, the class names are the same, but not the classes. This indicates that you have the same class loaded using two different ClassLoaders. Do you have a JAR file from the Tomcat distro sitting in your webapp's WEB-INF/lib directory? If so, you'll need to figure out how to deploy the JAR in one place but use it everywhere ($CATALINA_HOME/common/lib for TC 5.5 and, I think, just $CATALINA_HOME/lib for TC 6.0). - -chris -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
no, see my previous reply, tomcat fails to bootstrap if catalina.jar is not in server/lib... Christopher Schultz wrote: Peter, Shouldn't it be acceptable to simply move catalina.jar from server/lib to common/lib? Sure, you'll still have a non-standard install, but it's easier to script a setup like that than pulling specific classes out of the distro (which may change from version to version). -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
I agree, the Principal interface is verily hobbled and almost useless (Go Sun!). The catalina implementations are much more user-friendly, but unfortunately difficult to access. I can't really justify making the tomcat install non-standard (also probably not possible as it's owned by the client, not me) just to get access to this class. I'll go with another hack, in that although I can't refer directly to MemoryUser, I can still call it's toString() method, which prints out the user tag in it's entirety, which I can then munge for role names. I can't believe something this simple is so hard, far out. thanks so much for your help Peter, I would've been totally stuck without it! Peter Crowther wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] the MemoryUser class is in catalina.jar, which is in the server/lib folder. would I be right in saying that web application code is barred from loading any classes from the server/lib directory? (light bulb comes on) Ah yes, I remember this now from some ancient history on another project. It's a real pain, principally because the Principal interface is IMO too limited. We ended up with the horrible, horrible hack of pulling the class out of catalina.jar, putting it in its own jar, and deploying that in common/lib. This, of course, means you no longer have a default Tomcat install... but we couldn't find another way round the problem. - Peter -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
just downloaded security filter and had a look, it looks very cool. If I had more robust requirements for my authentication (and more time!) I would probably use it. At the moment though I've got a workable work-around in using the toString() method, so I'll just use that instead. thanks Chris! Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matthew, Why not just use the built-in authentication and authorization mechanism instead of trying to use Tomcat's built-in classes to roll your own? A more flexible option is to use securityfilter (http://securityfilter.sourceforge.net) to handle everything. securityfilter allows you to use Tomcat realms by dropping catalina.jar into your webapp's library directory. Since securityfilter runs entirely in your webapp, there are no classloading problems (even though Tomcat's internal classes are used, they are loaded by the webapp's ClassLoader, and are insulated from Tomcat, so they're safe). - -chris -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html this is why I can't reference any classes loaded from server/lib in my webapp, the server/lib classes are loaded by the web application classloader's uncle, so to speak, the sibling of it's parent. so it makes sense that no web application has access to the server/lib jars. doh...! Peter Crowther wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] the MemoryUser class is in catalina.jar, which is in the server/lib folder. would I be right in saying that web application code is barred from loading any classes from the server/lib directory? (light bulb comes on) Ah yes, I remember this now from some ancient history on another project. It's a real pain, principally because the Principal interface is IMO too limited. We ended up with the horrible, horrible hack of pulling the class out of catalina.jar, putting it in its own jar, and deploying that in common/lib. This, of course, means you no longer have a default Tomcat install... but we couldn't find another way round the problem. - Peter -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException trying to cast MemoryUserDatabase to UserDatabase
Mario, you are a hero. do women come and worship you in the street? they
should! Using reflection to break into an object of a foreign class is
just...genius! this is the sort of thing that Ruby programmers do all
the time, but is very hard to do in Java...
my final code (in the context of a ServiceImpl class for an xFire
webservice, exception-handling error-checking elided)
//get Role from security Principal, which we 'happen to know', is
// an instance of catalina MemoryUser.
HttpServletRequest request = XFireServletController.getRequest();
Principal principal = request.getUserPrincipal();
String rolename = null;
if(principal != null){
if(principal.getClass().getName().equalsIgnoreCase(org.apache.catalina.users.MemoryUser)){
Iterator it =(Iterator)
principal.getClass().getMethod(getRoles).invoke(principal);
Object role = it.next();
String role1 =
(String)role.getClass().getMethod(getRolename).invoke(role);
int i = 0;
}else{
String xml = principal.toString();
rolename = xml.split(\)[3]; // [1]=username,
[2]=pass, [3]=roles
}
}else{
rolename = public;
}
Mario Ivankovits wrote:
Hi!
A more flexible option is to use securityfilter
(http://securityfilter.sourceforge.net) to handle everything.
If you are already using spring have a look at ACEGI.
It is not really easy to install, but allows you to e.g. have different
login methods within the same webapp.
Regarding the principal. Remember, you can always use reflection to
break into an object (given you use no securitymanager or a liberal
configured one).
For example, I used for a while:
try
{
Method hasRoleMeth =
principal.getClass().getMethod(hasRole, String.class);
return (Boolean) hasRoleMeth.invoke(principal, role);
}
catch (NoSuchMethodException e)
{
log.error(e.getLocalizedMessage(), e);
}
catch (IllegalAccessException e)
{
log.error(e.getLocalizedMessage(), e);
}
catch (InvocationTargetException e)
{
log.error(e.getLocalizedMessage(), e);
}
Ciao,
Mario
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
Hi David David Smith wrote: My only editorial comment on the page is to NOT place your Resource.../ or Context .../ definition in server.xml as recommended on the page. Place it in context.xml or myapp.xml as I describe above. Just quickly, I was wondering why you recommend this? I know the tomcat docs have changed to reflect the deprecation of defining the Resource.../ or Context .../ definition in server.xml, but I never understood why, and personally doing things that way is a serious pain for me since it means I need to build a separate deployment descriptor for dev, test prod, which means I need to know the prod database details. which I don't want. Is there a better way that the sysadmin can setup a JNDI datasource so that deployed war's don't have to contain database-specific details? the only way I've seen so far is to configure that in the server.xml... cheers! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
looks like your xml doc has an un-closed tag or similar, hate to suggest this but maybe can you recheck your change to make sure this isn't the case? I'd suggest going with David's suggestion, and put your context .../ definition in a separate file called 'context.xml'. Explode your WAR, put this in /META-INF/ folder (create if doesn't exist), then re-deploy. your context.xml should look like this (tomcat 5.5+): **start context.xml** !-- Tomcat 5.5. -- Context path=/myapp !-- set the JNDI Datasource -- Resource name=jdbc/APP_USERDS auth=Container type=javax.sql.DataSource maxActive=0 maxIdle=10 maxWait=500 username=dbuser password=dbuserpass driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@server:1521:SID/ /Context ** end context.xml** [EMAIL PROTECTED] wrote: Thanks for your advice so far I've upgraded to the latest Oracle ojdbc14.jar and placed it the myapp\WEB-INF\lib folder, I also tried it the Tomcat\common\lib for for good measure but still got the same results. I'll continue to use ojdbc14.jar from now though. I've change the ResourceParams name to just Resource name but this causes Tomcat not to startup, the logs show the following trace... *** Excerpt Tomcat 5.5.12 logs *** 16-Aug-2007 16:08:32 org.apache.tomcat.util.digester.Digester endElement SEVERE: End event threw exception java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) *** end *** Does this mean it's now reading the context Resource element. ? Thanks Ian Quoting ashish shrivastava [EMAIL PROTECTED]: check this http://evolutionnext.com/blog/2005/10/13/1129259088959.html On 8/16/07, Matthew Kerle [EMAIL PROTECTED] wrote: hmm, you have an interesting problem! first thing I'd say is use this opportunity to upgrade to the ojdbc14.jar, which is the latest oracle jdbc driver and allows lots of nice enhancements. second, I'm assuming that since the error is a servlet exception, that there's some servlet code manually handling a database connection (no comment *cough* *cough*) that it gets from a JNDI lookup? third, try changing the ResourceParams tag to a plain Resource tag, this is the Resource tag that I use in my app (and it works). caveat: I declare this in /META-INF/context.xml inside the context tag. Resource name=jdbc/my_USERDS auth=Container type=javax.sql.DataSource maxActive=0 maxIdle=10 maxWait=500 username=db_user password=db_pass driverClassName=oracle.jdbc.OracleDriver url=jdbc:oracle:thin:@server:1521:ORA_SID/ can you try this and let us know how it goes? cheers! [EMAIL PROTECTED] wrote: I'm upgrading from tomcat 4.1.24 to tomcat 5.5.12 on WinXP. I have three applications that are deployed from this server, two of which work fine with tomcat 5.5.12, however the third which uses an oracle 9i database gives me the following error javax.servlet.ServletException: Cannot create JDBC driver of class '' for connect URL 'null' . Basically I've included the same details form the Tomcat4 server.xmlfile into the tomcat 5.5 server.xml, rediting where necessary. Things I have tried.. Placing the context into fragment files located either inside the applications META-INF folder or under tomcat\conf\Catalina\localhost. Neither of these seemd to work for me as Tomcat could not find the apps, so I've left the context back in server.xml. Rewriting the Resource params parameter as elements i.e.factory= com.ora.jsp.sql.DataSourceFactory Checked changed location of the JDBC jar file. classes12.jarcatalina_home\common\lib\ AND catalina_home\webapps\[appname]\WEB-INF\lib Checked changed the server.xml service-name and engine name to match previous TC4 server.xml version. Added a Resourcelink element to the context - this is not present on the TC4 version Checked Tomcat logs. I think that Tomcat is not able to read the ResourceParams element, which is why the URL and driverClass are NULL. Which When I checked the Tomcat log files shows ... 16-Aug-2007 09:25:46 org.apache.catalina.core.ApplicationContext log SEVERE: action: Cannot create JDBC driver of class '' for connect URL 'null' Background info Using Apache 2.0 with mod_JK to serve pages on port 80 Java version 1.5 server.xml !-- Tomcat 5.5 Example Server Configuration File -- Server port=8005 shutdown=SHUTDOWN debug=0 Listener className= org.apache.catalina.mbeans.ServerLifecycleListener debug=0
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
now that sounds good! the only thing is I don't see how that maps to a DataSource declaration, the Resource element in GlobalNamingResources doesn't seem to allow the full range of properties that you need to define a database connection, eg - username/password/driverClassName/url etc... Where would you define these? David Smith wrote: In my experience, a resource is usually only relevant to one webapp. There's no need to put it in server.xml as a GlobalNamingResource unless you want that resource available in all your webapps. Moving the resource to the Context block of a context.xml file also makes it so resources can come and go with deployment of an individual webapp without restarting tomcat and disrupting all the webapps. Developers could define their Resources in the GlobalNamingResources ... /GlobalNamingResources block of server.xml and then add a ResourceLink element to the context.xml file. That'll get you out of having database specific information in the Context / element. See this page for further details on that: http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html --David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
it's doable, some of my teammates use that method, but it's a pain in the butt because you basically have to create 3 WARs per release (one for each target). considering a struts/hibernate/spring/xFire application is about 30mb in 3rd party jars, that's a lot of space. ok HD space is cheap, but it's still no excuse for poor procedure. To do it you would basically create different build targets in your ant script, with each one using custom props from your build.props file, eg - so you would have targets dev/test/prod/all, running all would build wars for dev, test prod. you use a replace tag to replace a pre-formatted pattern like ##db_user##, ##db_pwd## etc in your deployment descriptor with the target details. it's a crappy hack for bad programmers. Len Popp wrote: How do you use a build.properties file to define a JNDI resource? Or do you create JDBC connections a different way? -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NoSuchMethod shutdown error
no worries. I hadn't seen how to remove that dependency before, which is why I didn't mention it in my reply. the APR just gives tomcat comparable file reading performance as httpd, but unless you're running slashdot or hea.net on your tomcat then not having it isn't a big issue and your distro will be more portable as a result. glad I could help! Dan Armbrust wrote: That was the next thing I looked into after I solved this bug. I fixed it by commenting out the Listener className=org.apache.catalina.core.AprLifecycleListener / line in the server.xml file. My take on the native APR stuff (which is likely completely wrong since it consists of what I learned in about a 2 minute skim of some documentation) was that it was really only going to help performance when interfacing with apache, or possibly, in the way it handles HTTP connections. My app doesn't interface with apache, and it doesn't get loaded by HTTP connections anyway - plus we distribute to customers using all sorts of different hardware and software combinations. So the whole native thing is really a non starter for my application. Thanks for the note, however. That was going to be my next question, had I not found out how to disable the warnings. Dan -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
Hi Chris
I apologise for coming across a bit harsh there, don't mean to offend!
I'll take it a bit easier...;-p
Either of the methods you recommended looks good, the only trouble is
that the doco is a bit... terse on the subject of setting up a JNDI
datasource outside the war file, and it's not as straightforward or easy
to find as compared to the method for placing the context.xml inside the
deployment war, which is well documented.
If I can make an observation, if people have been hitting the lists with
this issue since the release of 5.5, then maybe the doco needs updating?
a simple full code example on the JNDI resources howto page on both the
ways you listed would probably kill most of those questions, and make
life easier for the rest of us! How do you go about submitting an update
to the documentation? I assume there's a short list of committers...
To be honest I hadn't looked deeply into the jndi setup since 5.0, when
we moved to 5.5 I tried to get the external-context.xml working, but
everytime we deployed a war without a context .xml tomcat would delete
the existing one, or overwrite it. the project didn't have the scope to
get a good solution and I wasn't in charge of building deploys so it
never happened. I'll try and dig through the archives to find a good
example of that which works so we can update our procedure.
cheers!
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt,
Matthew Kerle wrote:
Most of the sysadmin's I've worked with really don't like the idea of
having to rip open a war and update some weird config file just to do a
deploy. the alternative is I know all the passwords and build a war for
each target, which is a crap solution.
They're all crap solutions when nobody wants to do their job. Either the
deployment folks have to do some work (horrors!) or the developers have
to (oh, no!). The solution you're looking for is simply not recommended
by this crowd.
You CAN do this:
1. Set up a GlobalNamingResource and ResourceParams in your server.xml
file.
http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html
2. Use a ResourceLink in your Context in your META-INF/context.xml
file.
http://tomcat.apache.org/tomcat-5.5-doc/config/context.html#Resource%20Links
Another option is to have a context.xml file /outside/ of the WAR file.
This requires alternate configuration -- details can be found in the
archives for just about every week since the release of TC 5.5 ('cause
someone always asks before searching).
We should just be able to configure a datasource for a particular
context in the target instance, and then forever after all deployments
are database transparent. Am i missing something?
The only thing you're missing is that this is no longer recommended
procedure, which is why everyone is telling you to do it differently.
Feel free to do it your own way, but don't complain when we tell you
it's not a recommended / supported configuration. Sure, Tomcat will do
it, but if you're having problems, your free tech-support provided by
this forum might just refuse to help.
I can't understand why it would be better to target a war file for a
database, than have the configuration live in the instance and the war
file is database-agnostic. makes change migration a *lot* easier.
See the option above about using an outside-the-WAR file context.xml
configuration file.
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFGxIYt9CaO5/Lv0PARArMNAKCZ/YLaoqADeT3OWZRkFdj0ycku0gCfc/bj
M8Tiwu8RsSsOK0b+i9PLjaE=
=x7NG
-END PGP SIGNATURE-
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
no I didn't...:-( I was going off the globalresources config reference page, wher it lists the attributes of a Resource element as being: **snip** The valid attriutes for a Resource element are as follows: Attribute Description auth Specify whether the web Application code signs on to the corresponding resource manager programatically, or whether the Container will sign on to the resource manager on behalf of the application. The value of this attribute must be Application or Container. This attribute is required if the web application will use a resource-ref element in the web application deployment descriptor, but is optional if the application uses a resource-env-ref instead. description Optional, human-readable description of this resource. name The name of the resource to be created, relative to the java:comp/env context. scope Specify whether connections obtained through this resource manager can be shared. The value of this attribute must be Shareable or Unshareable. By default, connections are assumed to be shareable. type The fully qualified Java class name expected by the web application when it performs a lookup for this resource. **snip** ...and I took this to mean that these were the only valid attributes, as the provided example only references these attributes. I guess then you can add the username/password/driverClass/url attributes and they'll be picked up fine? If that's they case then my mistake, but the doco isn't very clear on that... ps - apologies if the above table has disintegrated getting converted to plain-text... David Smith wrote: As far as I'm aware, there is no difference between a Resource / element in context.xml and a Resource / element in a GlobalNamingResources.../GlobalNamingResources block. Well... other than the need to use a ResourceLink .../ to make it available to an individual webapp. Did you try it and get a failure? --David Matthew Kerle wrote: now that sounds good! the only thing is I don't see how that maps to a DataSource declaration, the Resource element in GlobalNamingResources doesn't seem to allow the full range of properties that you need to define a database connection, eg - username/password/driverClassName/url etc... Where would you define these? David Smith wrote: In my experience, a resource is usually only relevant to one webapp. There's no need to put it in server.xml as a GlobalNamingResource unless you want that resource available in all your webapps. Moving the resource to the Context block of a context.xml file also makes it so resources can come and go with deployment of an individual webapp without restarting tomcat and disrupting all the webapps. Developers could define their Resources in the GlobalNamingResources ... /GlobalNamingResources block of server.xml and then add a ResourceLink element to the context.xml file. That'll get you out of having database specific information in the Context / element. See this page for further details on that: http://tomcat.apache.org/tomcat-5.5-doc/config/globalresources.html --David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
Hi Chris
It seems like you guys have a pretty good setup going, better than the
one at my (current) company anyway. I didn't realise that your
environment doesn't have dependencies on statically linked war files
like ours does. The developer makes a release and creates the three wars
for deployment at the same time, which then have to be kept in synch. I
have a lot of issues with this process as it's very error-prone, and I
think some of my attitude towards this process crept into my previous
emails, which wasn't appropriate. my bad.
Unfortunately not all of us are lucky enough for the prod server to have
access to the version control repository...;-p
Also, our situation is a bit different where we consult to the client,
our two networks are totally separated so there's no way that we can do
fresh builds from version control (Subversion rocks!) to deployement
targets directly. We need to build the wars in our office, then submit
them to the client for testing and promotion. We have very little
control over the promotion process, and more than once we've had serious
bugs resulting from the wrong war going into the wrong target due to a
mistake by the clients sysadmin. Thus my attitude towards configuration
being external to the app as much as possible, I like to build a
stand-alone war that gets as much of their info as possible from the
container/database.
responses inline.
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt,
I disagree with many of your assertions.
well put.
I'm guessing that you don't deploy all 3 WARs onto the same machine.
What's the difference between 3 different WARs and 1 WAR in 3 places?
Don't complain about disk space when the argument is 1) flawed (disk
space doesn't matter) and 2) moot (deployments to different servers).
fair point, HD space isn't an issue. it's the process used to deploy the
war to the server, and ensuring that the same release is delivered
consistently across all targets. so long as the code can be deployed
consistely transparent of the target that's the main thing as I see it.
I completely disagree. We have complex configurations that need to
change for each environment (many properties files, etc.). Trying to
create one properties file to rule them all is impossible, and shoving
all that configuration into a (static) deployment descriptor on the
target server is kludgy and error prone, since the developers don't have
control over the server configuration.
sorry, I should have been more specific, I was just referring to
database targeting, not the complete environment. there's a lot of
things that ant replace is excellent for.
We don't deliver a WAR file to our deployment team; we give them a cvs
tag to use as the new version. It's as simple as:
$ pushd
$ cd $APP
$ ant tomcat-stop
$ ant install-clean
$ popd
$ rm -rf $APP
$ cvs checkout -r ${RELEASE_TAG} ${APP}
$ cd ${APP}
$ ant install
$ ant tomcat-start
You may find that complicated, but it's all that's required for us to
deploy our applications into ANY environment.
nice. fresh checkout from cvs tag straight into deployment. is good!
Wanna upgrade Tomcat? No
problem:
# cd /where/you/want/tomcat/to/live
# tar xzf apache-tomcat-version.tar.gz
# (fix 'tomcat' symlink)
# (restart apps at your convenience)
No effing around with Tomcat server configuration. In fact, deploying
our production applications doesn't require root access, so out
deployment team can't really break anything.
nice.
- -chris
--
Matthew Kerle
IT Consultant
Canberra, Australia
Mobile: +61404 096 863
Email : [EMAIL PROTECTED]
Web : http://threebrightlights.blogspot.com/
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
much better, thank you! I think I'm gonna have to put aside some time to brush up on tomcat 5.5/6 jndi datasourcing as I'm obviously out of date. cheers! David Smith wrote: I see. Some of the tomcat docs are probably out of date, depending on someone pointing out the flaw or contributing updates. Tomcat uses reflection to configure the pool using bean setter methods. That makes the full set of attributes dependant on the implementation used -- in this case DBCP. If you'd like the full set of database pool parameters available in the default tomcat db pool, just take a look at: http://commons.apache.org/dbcp/api-1.2.2/org/apache/commons/dbcp/BasicDataSource.html --David -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC driver of class '' for connect URL 'null' in Tomcat 5.5.12
Hi Chris Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt, I agree the documentation is terse and/or missing. If you implement any of these strategies, consider submitting an update to the documentation to help others in the future. will do. I'm changing jobs soon and the new company uses JBoss (:-), so it may take a while to convince them how good tomcat is ;-p! But I'm a big believer in FOSS the community, so I'd love the chance to contribute something to the tomcat docs, especially if it makes life easier for other hackers like me... It's easy to deploy using a context.xml file that is /not/ inside a WAR file: Start with the context.xml file that you would have put into your WAR file. Add the docBase element to the Context element to configure the location of the WAR file. Put your WAR file somewhere outside of the auto-deploying webapps directory. Put the context.xml file into $CATALINA_HOME/conf/[enginename]/[hostname]/[appname].xml. thanks! that's just the pointer I need. Question but, if the war is outside the auto-deploy'ing webapps dir, then how do you auto-deploy new wars? do you have to use the manager app, or the command-line interface? that's ok, but it'd be a shame to lose the nicety of just dropping in a war and it auto-deploying... How do you go about submitting an update to the documentation? I assume there's a short list of committers... You can certainly post to this list. Several (of not all) Tomcat devs lurk on this list. Just mark your post clearly and see what happens. will do. every time we deployed a war without a context .xml tomcat would delete the existing one, or overwrite it. You mean the context.xml file, not the WAR, right? When you step outside of the standard (read: recommended) configurations, then you will have to fight Tomcat to get things working properly. That's just the price you pay: your deployment will be complicated if you want to do things differently. yes, the context.xml. it was very frustrating! Mainly because at the time we didn't have a very good idea of tomcat deployment details. the docbase method you mentioned sounds much better. have you ever used OC4J? Anything before 10g was hopeless, but I do like the way it handles defining data-sources, there's a dedicacted data-sources.xml file for the server where you configure jndi data-sources. very simple and user-friendly. thanks for your help Chris! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
how to submit updates to the tomcat documentation?
Hi all In a recent thread, the issue of current documentation of setting up jndi datasources in tomcat 5.5/6.0 came up, with the observation that the existing doco was a bit terse on the subject. Are there any people on this list who know how to submit updates to the tomcat documentation? I might be interested in submitting some updates for consideration that clarify the different ways to specify the Resource tag, namely specifying it outside the war so that deployment files are target-independent. cheers! -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat memory realms tomcat-users.xml
Hi all I'm developing a web service with xFire 1.2.3 / tomcat 5.5.23 / Java 1.6.0_01, and we need to authenticate access by client applications coming in over SOAP. We're looking at using the tomcat-users.xml file to store user/pwd/role data until the customers Single Sign-On service is ready (which will be when pigs fly, if it keeps going as it has). The application will be deployed internally so we don't need any SSL or digest authentication, we're looking at simple HTTP BASIC or SOAP headers for the client to pass through their auth details. The complication is that we want to allow default access as well as authenticated access, and authenticate against the tomcat-users file. eg - un-authenticated clients can still access the web service url, but get a public role, and authenticated clients get a privileged role. I'm thinking we might be able to do part of that with the following tomcat-users.xml config by having an empty user declaration: tomcat-usersc role rolename=privileged/ user name= password= roles=PUBLIC / user name=priv_user1 password=tomcat roles=privileged / /tomcat-users The question is how to authenticate against the tomcat-user database? I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. Am I on the right track? Or is there a much easier way than what I'm trying to do... thanks! -- * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Webalizer on tomcat
this may be a silly point, but check your PageType defs, they're
currently only mapping to html's or php's, (granted this is all that
flovv.com seems to contain), but if your actual pages are jsps and
you're rewriting urls somehow, try adding jsp to the PageType defs?
sorry, I've only used webalizer with apache php files, and it always
worked fine, so i'm no expert on webalizer+tomcat...
also, your config file is only looking at access.log, with no wildcard.
maybe try adding a wildcard in the filename to pick any other logs.
can you run webalizer manually and post the logfile it generates?
cheers.
* Matthew Kerle
* * IT Consultant *
* Canberra, Australia*
Mobile: +61404 096 863
Email: Matthew Kerle mailto:[EMAIL PROTECTED]
Web: Matthew Kerle http://threebrightlights.blogspot.com/
Kanchana Welagedara wrote:
Hi All
I'm struggling to configure the webalizer on tomcat.I followed one of the
archives written long time back by Dan patton at
http://www.mail-archive.com/[EMAIL PROTECTED]/msg69842.html
I followed exactly what he has pointed out .I can see files are generating
at [tomcathome/logs/access/access*.log].But usage folder in webapp is still
empty.so I can see usage.Any help would be appreciated
I' m on linux
I have installed webalizer and my web site is running on tomcat
following are my configuration for webalizer.conf
LogFiles where my tomcat logs files are
LogFile /logs/access/access.log (logs folder is inside the Tomcat
isntallation)
LogFile /logs/access/access.log
OutputDir /webapps/ROOT/usage
HistoryName/var/lib/webalizer/webalizer.hist
Incrementalyes
IncrementalName/var/lib/webalizer/webalizer.current
HostName flovv.com
# PageType lets you tell the Webalizer what types of URL's you
# consider a 'page'. Most people consider html and cgi documents
# as pages, while not images and audio files. If no types are
# specified, defaults will be used ('htm*', 'cgi' and HTMLExtension
# if different for web logs, 'txt' for ftp logs).
PageTypehtml
PageTypehtm*
PageTypecgi
PageTypephp
PageTypeshtml
#PageTypephtml
#PageTypephp3
#PageTypepl
# UseHTTPS should be used if the analysis is being run on a
# secure server, and links to urls should use 'https://' instead
# of the default 'http://'. If you need this, set it to 'yes'.
# Default is 'no'. This only changes the behaviour of the 'Top
# URL's' table.
#UseHTTPS no
# DNSCache specifies the DNS cache filename to use for reverse DNS lookups.
# This file must be specified if you wish to perform name lookups on any IP
# addresses found in the log file. If an absolute path is not given as
# part of the filename (ie: starts with a leading '/'), then the name is
# relative to the default output directory. See the DNS.README file for
# additional information.
DNSCache/var/lib/webalizer/dns_cache.db
# DNSChildren allows you to specify how many children processes are
# run to perform DNS lookups to create or update the DNS cache file.
# If a number is specified, the DNS cache file will be created/updated
# each time the Webalizer is run, immediately prior to normal processing,
# by running the specified number of children processes to perform
# DNS lookups. If used, the DNS cache filename MUST be specified as
# well. The default value is zero (0), which disables DNS cache file
# creation/updates at run time. The number of children processes to
# run may be anywhere from 1 to 100, however a large number may effect
# normal system operations. Reasonable values should be between 5 and
# 20. See the DNS.README file for additional information.
DNSChildren10
# HTMLPre defines HTML code to insert at the very beginning of the
# file. Default is the DOCTYPE line shown below. Max line length
# is 80 characters, so use multiple HTMLPre lines if you need more.
#HTMLPre !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN
# HTMLHead defines HTML code to insert within the HEAD/HEAD
# block, immediately after the TITLE line. Maximum line length
# is 80 characters, so use multiple lines if needed.
#HTMLHead META NAME=author CONTENT=The Webalizer
# HTMLBody defined the HTML code to be inserted, starting with the
# BODY tag. If not specified, the default is shown below. If
# used, you MUST include your own BODY tag as the first line.
# Maximum line length is 80 char, use multiple lines if needed.
#HTMLBody BODY BGCOLOR=#E8E8E8 TEXT=#00 LINK=#FF
VLINK=#FF
# HTMLPost defines the HTML code to insert immediately before the
# first HR on the document, which is just after the title and
# summary period-Generated on: lines. If anything, this should
# be used to clean up in case an image was inserted with HTMLBody.
# As with HTMLHead, you can define as many of these as you want and
# they will be inserted in the output stream in order of apperance.
# Max string size is 80 characters. Use multiple lines if you need to.
#HTMLPost BR CLEAR
Re: tomcat performance on static content over SSL/non-SSL
good security is hard. I've seen state governments using the reverse-proxy layered approach described below, and that worked extremely well. I've also seen a federal government with an open database port to the internet (won't say which! lets just say they're not known for prompt security fixes...), but who won't allow a proxied http tunnel inside for security reasons. just crazy, talk about take the log out of your own eye... The only *really* safe option (against internal compromise) I've seen is to replicate databases into the DMZ, and disallow all connections from the DMZ to internal. But then you have problems with replication, and if you database is compromised then you risk data exposure. Which means there is no final solution, but it helps to raise the difficulty for attackers and minimise your risk. then make sure your backups work!!! cheers. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Leon Rosenberg wrote: security by obscurity, that is. since the httpd just sends all requests further to the tomcat, if there is a security relevant bug in tomcat code, it would be accessed by the remote side either way. Further, are your machines, on which httpd is running, running under different OS than your tomcat machines? Cause if they are the same, the same security issue would be present on both, so the attacker could easily reach the tomcat machine from the httpd machine via the same hole once he's there. It sounds like a good idea to put a firewall between tomcat and a db. But your tomcat machine and your webapp will have to access the db somehow, so why shouldn't the attacker use the same method to access your db, once he's on the tomcat machine? Therefore, your security infrastructure sounds like a good idea, but in fact it doesn't add any security. Just put a decent firewall between the internet and your cluster and that is it. Once its passed your security infrastructure wouldn't prevent the attacker to go on further. just 2 cents. leon P.S. Btw, some (recently fixed) buffer overflows in mod_jk connector (and in httpd itself) will actually reduce your security, since httpd is far less secure than java. On 8/15/07, Lizak, Ed [EMAIL PROTECTED] wrote: We use httpd to sit in between firewalls and handle all incoming traffic. Static content is served from there and dynamic content is proxied through to the Tomcat server behind another firewall. SSL is only needed from the client to the httpd server. The Tomcat server then handles the database access which passes through another firewall to hit our internal network where the database lives. I'm not a security expert but it seems like a good idea having your database connections far removed from the Internet connection. At the very least it would seem you would have to have multiple layers of server compromised before any data is exposed. Is this not a good reason to use httpd in front of Tomcat? -EJL --- Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGww/r9CaO5/Lv0PARAihDAKCWoVVHxQF0hCTiIsgFLC0bjMrYyACaAvfr sn1AKYvbLyk3Bbap+tyIrsE= =Zlq+ -END PGP SIGNATURE- IMPORTANT CONFIDENTIALITY NOTICE:This document, and any documents accompanying this transmission, contains confidential, legally protected information and is intended only for the person or entity to which it is addressed. If you are not the intended recipient, any disclosure, copying, distribution or the taking of any action in reliance on the contents of this transmission is strictly prohibited. If you receive this transmission in error, please contact the sender and delete or destroy the material/information. Corporate Headquarters 10340 Evendale Dr. Cincinnati, OH 45241 513.563.1400 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED
Re: tomcat performance on static content over SSL/non-SSL
doh! load-balancing of course... I don't know, I'm a stickler for the old do one thing, do it well, tomcat rocks at serving dynamic java, apache rocks at being internet facing serving static CGI. the jk connector is good solid, so I'm happy to keep everything separate and only have tomcat serving dynamic pages. plus that way if you ever run into scalability problems you have the infrastructure to scale right there! * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Matt, Matthew Kerle wrote: Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? This might count as integrating into a larger site, but I use Apache httpd to front multiple instances of Tomcat through a single port number (by mapping webapps individually through mod_jk). This allows me to start and stop a single webapp, upgrade the JVM and/or Tomcat running it, and then bring it back up again without disturbing the other applications. - -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
no worries. I didn't know about jsvc or commons-daemon before (I do now!), so I learnt something too! best of luck with your app. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Stephen Caine wrote: Matthew, Thank you for your response. Apart from using iptables (which may or may not work in OS X), the Tomcat setup link, http://tomcat.apache.org/tomcat-6.0-doc/setup.html;, seems to be the best way to go. the only way to get rid of the port number is to have something listening on :443 (that's the way browsers are, sorry), and then hand requests over to tomcat, so to get what you want something will have to bind to :443 at some point, requiring root privs. What you want is something that will bind to the port as a privileged user and subsequently drop priv's to a limited user. the Apache web server is excellent for this kind of thing. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It doesn't really matter where the port forwarder sits, but usually you want to align with existing IT infrastructure and use an existing internal/internet web server to redirect requests to your app. If your company already has apache then this is a cinch, otherwise you'll have to figure out how to reverse-proxy with the web server du jour... Is this close to what you're after? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat memory realms tomcat-users.xml
Hi Charles, thanks for you help. what if the memory-realm was configured in the context.xml for the application? then it should only be available to that particular app...? I'm currently working on a mock to see if I can get this to work, if something as simple as defining the memoryrealm and the client adding http auth headers will be turned into a principal by tomcat available to my code, then it's all good. but things are never that simple... Does anyone know what circumstances have to be true for tomcat to run the request against the memoryrealm and create a Principle? The access control will all be happening inside my code (well, in database access code more precisely), my dilemma is how to turn HTTP or SOAP headers into role names and where to store all that... thanks for the security filter link, I'll check it out and see if it meets our needs. * Matthew Kerle * * IT Consultant * * Canberra, Australia* Mobile: +61404 096 863 Email: Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Caldarale, Charles R wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] Subject: tomcat memory realms tomcat-users.xml I've read the tomcat docs on memory realm: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#MemoryRealm, and I want to expose the org.apache.catalina.UserDatabase class to the web service context via a ResourceLink You probably don't want to do that (even if it's possible, which I doubt), since all code in the webapps would then have access to the credentials. I'd like to be able to authenticate users without having to add a security-constraint to my web.xml, so that unauthenticated clients can still connect. URL patterns in the security-constraint allow you to control which portions of the webapp are accessible to unauthenticated users. If you want something with finer granularity, a filter is probably appropriate. Take a look at: http://securityfilter.sourceforge.net/ for a popular one. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: catalina error log
you're missing the Apache Portable Runtime library from your PATH variable. this is not a serious problem, but if you don't want to get this error then download the version of the library for your OS and install it to a directory on your PATH (eg - %JAVA_HOME%/bin, or another dir and add it to your path) http://apr.apache.org/download.cgi the apr is a performance enhancer, it basically allows tomcat (or any application) to use the same fast file access (among other functions) as the HTTPD web server. If you don't have it you don't lose anything, but the error message is annoying. hope this helps. Hoa Doan wrote: I have tomcat 6 and it is getting the jvm.dll from my jre1.6.0_02/bin/client directory. Everytime I start it I get the message below. My server is able to parse file but the message scares me... So how do i fix the this message? Aug 16, 2007 12:32:22 AM org.apache.catalina.core.AprLifecycleListener init INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Tomcat6\bin;.;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\;D:\server\MySQL\MySQL Server 5.0\bin;C:\Program Files\ImageConverter Plus; Thank you, Hoa - Building a website is a piece of cake. Yahoo! Small Business gives you all the tools to get online. -- Matthew Kerle IT Consultant Canberra, Australia Mobile: +61404 096 863 Email : [EMAIL PROTECTED] Web : http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NoSuchMethod shutdown error
also, I noticed that you have some Failed Shutdown of Apache Portable Runtime errors, if you want to make that message go away grab the APR native library for your platform and drop it into %JAVA_HOME%/bin symptoms: on startup something like the following gets printed out: INFO: The Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path and on shutdown- INFO: Failed shutdown of Apache Portable Runtime Basically, tomcat looks for a native library that lets it do funky stuff related to performance. In development we don't usually care about performance, but if you want to get rid of those messages, then the easiest way is to drop the tomcat native dll onto the system path, the best place being %JAVA_HOME%/bin read about the APR: http://tomcat.apache.org/tomcat-5.5-doc/apr.html I downloaded it here: http://apr.apache.org/download.cgi -- * Matthew Kerle ** IT Consultant* ** * Canberra, Australia* Mobile: +61404 096 863 Email: mailto:[EMAIL PROTECTED] Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Dan Armbrust wrote: When I was upgrading tomcat, I had a jar file hang around in source control that shouldn't have been there. I had both commons-modeler.jar and commons-modeler-2.0.jar in my server lib folder. All better now, Thanks, Dan On 8/14/07, Martin Gainty [EMAIL PROTECTED] wrote: Dan- did you check your manifest.mf in your $CATALINA_HOME/commons/lib/commons-modeler.jar is at least version 1.1? e.g. Manifest-Version: 1.1 Ant-Version: Apache Ant 1.5.3 Created-By: 1.4.1_01-b01 (Sun Microsystems Inc.) Extension-Name: org.apache.commons.modeler Specification-Vendor: Apache Software Foundation Specification-Version: 1.1 Implementation-Vendor-Id: org.apache Implementation-Vendor: Apache Software Foundation Implementation-Version: 1.1.0 HTH/ M-- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
the only way to get rid of the port number is to have something listening on :443 (that's the way browsers are, sorry), and then hand requests over to tomcat, so to get what you want something will have to bind to :443 at some point, requiring root privs. What you want is something that will bind to the port as a privileged user and subsequently drop priv's to a limited user. the Apache web server is excellent for this kind of thing. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It doesn't really matter where the port forwarder sits, but usually you want to align with existing IT infrastructure and use an existing internal/internet web server to redirect requests to your app. If your company already has apache then this is a cinch, otherwise you'll have to figure out how to reverse-proxy with the web server du jour... Is this close to what you're after? -- * Matthew Kerle ** IT Consultant* ** * Canberra, Australia* Mobile: +61404 096 863 Email: mailto:[EMAIL PROTECTED] Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Stephen Caine wrote: Is there a way to remove the port number from a https request where the original url looks something like this: https://host_name:8443/ The approach to change the server.xml file (where the connector port is changed from 8443 to 443) is not practical for us. When this is done, Tomcat requires the root user to run. We consider this a security risk. We have considered a port forwarder, but we are unclear whether to install this on the Tomcat server or router. In any event, we are not at all sure this is the best approach. Any advice will be appreciated. Our operating system is Mac OS X. Thanks, Stephen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
oops, sorry I meant mod_proxy, not mod_rewrite... -- * Matthew Kerle ** IT Consultant* ** * Canberra, Australia* Mobile: +61404 096 863 Email: mailto:[EMAIL PROTECTED] Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Matthew Kerle wrote: the only way to get rid of the port number is to have something listening on :443 (that's the way browsers are, sorry), and then hand requests over to tomcat, so to get what you want something will have to bind to :443 at some point, requiring root privs. What you want is something that will bind to the port as a privileged user and subsequently drop priv's to a limited user. the Apache web server is excellent for this kind of thing. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 or forwarding requests with mod_rewrite. It doesn't really matter where the port forwarder sits, but usually you want to align with existing IT infrastructure and use an existing internal/internet web server to redirect requests to your app. If your company already has apache then this is a cinch, otherwise you'll have to figure out how to reverse-proxy with the web server du jour... Is this close to what you're after? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Removing the port identifier
well spotted, I apologise! the correct connector is mod_jk (1.2). As for running tomcat on low ports, it depends on deployment. if your app needs to sit within a larger site then it makes sense, but if it's standalone then using another method to run on a low port would be a better solution. If the application has a lot of static content then it makes good performance sense to put something in front of it, either apache or squid. but that's probably not an issue in this case...;-p ! -- * Matthew Kerle ** IT Consultant* ** * Canberra, Australia* Mobile: +61404 096 863 Email: mailto:[EMAIL PROTECTED] Matthew Kerle mailto:[EMAIL PROTECTED] Web: Matthew Kerle http://threebrightlights.blogspot.com/ Caldarale, Charles R wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] Subject: Re: Removing the port identifier the Apache web server is excellent for this kind of thing. There are much better ways to run Tomcat on low ports than adding the path length of another web server; several messages have already pointed this out. The easiest way to do this would be with apache sitting in front of tomcat with either mod_jk2 I hope you're not seriously recommending use of a package that's been deprecated for over two years... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat performance on static content over SSL/non-SSL
Caldarale, Charles R wrote: From: Matthew Kerle [mailto:[EMAIL PROTECTED] Subject: Re: Removing the port identifier Actually, that's not really true anymore. The current Tomcat without APR is almost as fast as httpd for delivering non-SSL static content, and with APR it's pretty much the same for both non-SSL and SSL traffic (since it's the same code). There are reasons to use httpd in front of Tomcat, but delivering static content isn't one of them. really? that's pretty cool, I didn't know that. do you have any metrics? Apart from integration into a larger site or static content, when would you put httpd in front of tomcat? matt. http://threebrightlights.blogspot.com/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
