EL and Autoboxing
Hi Everyone, I came across na interesting situation here. One of my classes contains a Boolean (wrapper) value as its return type. Something like this: ... public Boolean isServerOK() { return isOK; } ... Whenever I try to invoke this method using EL, I receive the following error: Property serverOK not found onm type package.path.MyClass. On the other hand, if I change this method return type to boolean (primitive), I can run it correctely. Looking in Expression Languange Specification published at https://jsp.dev.java.net/spec/jsp-2_1-fr-spec-el.pdf , I could find the following item: 1.18.5 Coerce A to Boolean ■ If A is null or , return false ■ Otherwise, if A is a Boolean, return A ■ Otherwise, if A is a String, and Boolean.valueOf(A) does not throw an exception, return it My question is: Should I be able to use Boolean (wrapper) as a boolean (primitive) yes or no? Thanks a lot! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Once again, clear text passwords in context.xml files
Hello everyove, We were asked to eliminate clear text passwords associated to database pooled connections in context.xml files... I know it has been discussed a lot, but I would like to ask once again whether someone has a simple, clean solution for that. We are using Windows server and MS SQL 2005. One of the options I came across is to use Windows Integratd authentication instead of database users. Is there any other ideas to overcome this situation? Thanks a lot, Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Once again, clear text passwords in context.xml files
Filip thanks for your reply, 1. make sure tomcat runs as an account that can't login Right, that is done 2. make any file that contains secure information readonly, and readable only by the tomcat user Done too if someone gets onto your machine as an super user, you have bigger problem than the password being in clear text That is the answer everyone gives in tomcat forums all over the internet, so it seems to me that no possible solution is available. On the other hand, is it right to stay behind a possible security fault (malicious super user performing login) in order to say I'll not correct known security issues in my application? The thing is I'm not responsible for the servers but the ones who are, keep arguing that this is a crictical security problem. Are they seeing a big problem in a small one? Thanks a lot! Marcus -Mensagem original- De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 12:37 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon startup. this wouldn't work very well in a 1000 tomcat instance server farm. any other effort simply masks the problem, letting you think it is secure, when it isn't. what you should do is this 1. make sure tomcat runs as an account that can't login 2. make any file that contains secure information readonly, and readable only by the tomcat user if someone gets onto your machine as an super user, you have bigger problem than the password being in clear text Filip Milanez, Marcus wrote: Hello everyove, We were asked to eliminate clear text passwords associated to database pooled connections in context.xml files... I know it has been discussed a lot, but I would like to ask once again whether someone has a simple, clean solution for that. We are using Windows server and MS SQL 2005. One of the options I came across is to use Windows Integratd authentication instead of database users. Is there any other ideas to overcome this situation? Thanks a lot, Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Once again, clear text passwords in context.xml files
Hi kevin, Thnaks a lot for your answer, but there is no user input. The password is for database access porpuses and is stored in context.xml file... It seems to me there is no solution at all for this issue, unless beleive server access are safe... Thank you! Marcus -Mensagem original- De: Kevin Williams [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 14:36 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files How about hashing the passwords with a known forumla and storing them in this intermediate format. App would need to hash the user input and compare. This might give ur security czars a warmer feeling and get them off ur back. -Kevin On 5/13/08, Milanez, Marcus [EMAIL PROTECTED] wrote: Filip thanks for your reply, 1. make sure tomcat runs as an account that can't login Right, that is done 2. make any file that contains secure information readonly, and readable only by the tomcat user Done too if someone gets onto your machine as an super user, you have bigger problem than the password being in clear text That is the answer everyone gives in tomcat forums all over the internet, so it seems to me that no possible solution is available. On the other hand, is it right to stay behind a possible security fault (malicious super user performing login) in order to say I'll not correct known security issues in my application? The thing is I'm not responsible for the servers but the ones who are, keep arguing that this is a crictical security problem. Are they seeing a big problem in a small one? Thanks a lot! Marcus -Mensagem original- De: Filip Hanik - Dev Lists [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 13 de maio de 2008 12:37 Para: Tomcat Users List Assunto: Re: Once again, clear text passwords in context.xml files it's a wasted effort, the one way it could be truly secure, was if tomcat asked you for a key upon startup. this wouldn't work very well in a 1000 tomcat instance server farm. any other effort simply masks the problem, letting you think it is secure, when it isn't. what you should do is this 1. make sure tomcat runs as an account that can't login 2. make any file that contains secure information readonly, and readable only by the tomcat user if someone gets onto your machine as an super user, you have bigger problem than the password being in clear text Filip Milanez, Marcus wrote: Hello everyove, We were asked to eliminate clear text passwords associated to database pooled connections in context.xml files... I know it has been discussed a lot, but I would like to ask once again whether someone has a simple, clean solution for that. We are using Windows server and MS SQL 2005. One of the options I came across is to use Windows Integratd authentication instead of database users. Is there any other ideas to overcome this situation? Thanks a lot, Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -Kevin - If you forward this e-mail to someone else, please remove my e-mail address to help me prevent spam. Thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Just for a matter of reference, I'm currently using Tomcat 6.0.14 under Windows 2003 server. Thanks again! -Mensagem original- De: Milanez, Marcus Enviada em: sexta-feira, 9 de maio de 2008 11:04 Para: 'Tomcat Users List' Assunto: trim-directive-whitespaces and .tag files Hi, I'm successfully using trim-directive-whitespaces in my web.xml file, clearing unecessary white spaces from my pages. The only problem is that .tag files content is not affected by this directive. Is there a way to make it work? I've searched a lot for it and couldn't find anything... I'm using the following directive at this moment: jsp-config jsp-property-group url-pattern*.jsp/url-pattern trim-directive-whitespacestrue/trim-directive-whitespaces /jsp-property-group /jsp-config Any suggestion? Thank you all! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Hi Hassan, No effect. I think that's because we never reference .tag files directly. My guess is that when tomcat engine compiles .tag files into .java files, it ignores my trim-directive. Do you know how this directive work? Does it remove white spaces in every request (like a filter) or during compiling time? Thank you! -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 11:17 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 7:04 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: I'm successfully using trim-directive-whitespaces in my web.xml file, clearing unecessary white spaces from my pages. The only problem is that .tag files content is not affected by this directive. What happened when you added this: jsp-config jsp-property-group url-pattern*.tag/url-pattern trim-directive-whitespacestrue/trim-directive-whitespaces /jsp-property-group /jsp-config Did it produce an error, or just no effect? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
I'll answer my own question here. I guess this directive takes effect during compile time 'cause when I try to pre-compile my jsps with the url-pattern*.tag/url-pattern in my web.xml file, I come accross with the following error: file: /appFolder/WEB-INF/tags/fields/data.tag(1,14) lt;%@ attribute directive can only be used in a tag file I think it won't be possible to trim white spaces from .tag files uwing this directive then... -Mensagem original- De: Milanez, Marcus Enviada em: sexta-feira, 9 de maio de 2008 11:21 Para: 'Tomcat Users List' Assunto: RES: trim-directive-whitespaces and .tag files Hi Hassan, No effect. I think that's because we never reference .tag files directly. My guess is that when tomcat engine compiles .tag files into .java files, it ignores my trim-directive. Do you know how this directive work? Does it remove white spaces in every request (like a filter) or during compiling time? Thank you! -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 11:17 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 7:04 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: I'm successfully using trim-directive-whitespaces in my web.xml file, clearing unecessary white spaces from my pages. The only problem is that .tag files content is not affected by this directive. What happened when you added this: jsp-config jsp-property-group url-pattern*.tag/url-pattern trim-directive-whitespacestrue/trim-directive-whitespaces /jsp-property-group /jsp-config Did it produce an error, or just no effect? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
OK Hassan, thanks a lot! If I could get this directive working with .tag files I would appreciate a lot more, but if I couldn't find a way, I'll try your suggestion! Just a final questions: should it be working or not? I mean, ths specification for trim-directive-whitespaces says that it could not work in these cases? Thanks a lot for your time! Marcus Milanez -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 11:38 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 7:28 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: I think it won't be possible to trim white spaces from .tag files uwing this directive then... If minimizing white space is critical for you, you might try something with the String taglib -- maybe wrap a string:squeeze around the whole tag body. Just a first-cup-of-coffee thought... :-) HTH, -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Hassan, I've reard about this issues, but our tests confirmed that all JSPs and scripts are working well. We've also downloaded a filter that does just the same, but we've experimented some javascript problems... Thanks! Marcus Milanez -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 12:10 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 7:45 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: Just a final questions: should it be working or not? I mean, ths specification for trim-directive-whitespaces says that it could not work in these cases? Actually, the 2.1 spec says: As of JSP 2.1, it is possible to have extraneous whitespaces removed from template text through element trim-directive-whitespaces of JSP Property Groups (See Section JSP.3.3.8, Removing whitespaces from template text), or the page and tag file directive attribute trimDirectiveWhitespaces (See Section JSP.1.10.1, The page Directive, Section JSP.8.5.1, The tag Directive). So looks like a little more experimentation is in order :-) -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Oh,I'm sorry, I thought you were refeering errouneous withe space trimming... trimDirectiveWhitespaces directive simply doesn't work at all in Tomcat 6.. I've posted this question here some months ago.. -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 14:09 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 9:55 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: I've reard about this issues, but our tests confirmed that all JSPs and scripts are working well. We've also downloaded a filter that does just the same, but we've experimented some javascript problems... Not sure what issues you're referring to :-) I was just highlighting this: tag file directive attribute trimDirectiveWhitespaces :: meaning, you can put that in each tag file directly to achieve your original goal. -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Hassan, Thanks a lot. It worked! I noticed we were using the following web-app in DTD: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; version=2.5 Then I just replaced by web-app xmlns=http://java.sun.com/xml/ns/javaee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd; metadata-complete=false version=2.5 Which is slightly different, but got the directive working... Thus, I believe this is the most appropriate web-app descriptor, right? Thanks a lot for all your support! Marcus Milanez -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 15:27 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 11:00 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: trimDirectiveWhitespaces directive simply doesn't work at all in Tomcat 6.. I've posted this question here some months ago.. Uh, I just tried it on both a JSP file (page directive) and tag file using the tag directive, and both worked fine. Are you sure you're using a 2.5 deployment descriptor? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: trim-directive-whitespaces and .tag files
Thabks a lot for your effort! -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 9 de maio de 2008 15:51 Para: Tomcat Users List Assunto: Re: trim-directive-whitespaces and .tag files On Fri, May 9, 2008 at 11:42 AM, Milanez, Marcus [EMAIL PROTECTED] wrote: Which is slightly different, but got the directive working... Thus, I believe this is the most appropriate web-app descriptor, right? sounds like :-) -- glad to hear it's working now! -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Runtime created files not accessible.SOLUTION FINALLY!!!
Here comes NetBeans to 'save' the day... I had a similar problem working on a Swing project... My non java files kept being excluded all the time... -Mensagem original- De: Andreas [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 25 de abril de 2008 07:42 Para: Tomcat Users List Assunto: Re: Runtime created files not accessible.SOLUTION FINALLY!!! ONCE AGAIN THNX TO ALL! It turned out that NetBeans deployment in Tomcat was destroying everything The solution was to clean and build the project with Netbeans, but manuall deploy the war file from the Tomcat Manager... Now everything works as it should... I just can't believe the frustration and waste of time NetBeans stupuid deploying mechanisms have caused me... So to anyone who might have the same situation, be careful... Take care all and keep up the good work and the healthy supporting IT community that saves people's lives :) Best Regards, Andreas, Greece. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Runtime created files not accessible.Please help.
Hi Andreas, We do pretty much the same here and it is working fine. Could you please post some parts of your code, so that we can see how you specify your physical folders? Can you see the folders/files created using a file viewer ? Yours, Marcus Milanez -Mensagem original- De: Andreas [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de abril de 2008 10:22 Para: users@tomcat.apache.org Assunto: Runtime created files not accessible.Please help. Hello everyone! I have developed a jsf(java server faces) web application running on tomcat 6.0 . Maybe my questions will be a bit naive, but i kindly ask for your help since i am not able to find solution myself. The problem is this: My web server needs to create new folders and write files in the folders so that the end user will b able to download later. The files I download or I create though, and save in my new folders created at runtime, are not available for tomcat... I get HTTP Status 404 , and I am unable to open them at runtime back from the local disk. So, what should I do to make the newly created folders and files instantly available in Tomcat without restarting??? And what is the proper place for someone to put his application folder?? Thank you very much for your help... Andreas, Greece. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Runtime created files not accessible.Please help.
I don't think so, never noticed it in our applications... -Mensagem original- De: Piller Sébastien [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de abril de 2008 11:22 Para: Tomcat Users List Assunto: Re: Runtime created files not accessible.Please help. Hello, personnally, I noticed that there is a delay between the creation of a folder/file and the moment where this folder/file is available in my webapp... I don't know why, but seems to be related to tomcat - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: custom timeout/expiry implementation
Hello, We've implemented a similar solution for that, which consists on opening a modal dialog in the browser asking for user password again, thus extending session duration if he correctly enters it, one minute before the user session expires. We've used regular javascript setInterval to accomplish it, so that it opens a dialog if a user is inactive for this period of time... It worked very well... Yours, Marcus Milanez -Mensagem original- De: mfs [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de abril de 2008 15:47 Para: users@tomcat.apache.org Assunto: Re: custom timeout/expiry implementation Actually, i need a mean by which i can extend the session (in some cases) if the session is about to expire. I know i can certainly do this with Session.setMaxTimeInternal() but thats only possible with some client event (i.e. when the servlet/filter is invoked), which doesn't satisfy my needs. Something like HttpSessionListener.preSessionDestroyed() is what i need..I wonder why cant they give such control.. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Farhan, mfs wrote: | Actually i need to provide my own session timeOut/expiry implementation and | i was wondering what would be the easiest way to achieve this, i am using | tomcat for development but oc4j for production, and i was wondering | if somehow i can hook in my implementation into various servlet containers.. You could use a Filter to check whatever condition should expire sessions. The Filter can certainly call HttpSession.invalidate() at any time. Filters are (usually) cross-container because they only have access to standard Servlet-API stuff. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkgOQ2gACgkQ9CaO5/Lv0PAAKACgwmdE9sTrDP/a1V4WdaYfVN8V N+cAnA+Q784oRGuFiBmHbfHNjLlt/GWS =bLPb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/custom-timeout-expiry-implementation-tp16825415p16 851515.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Runtime created files not accessible.Please help.
Hello, I meant any class that extends HttpServlet. Have you tried the code I sent you? Marcus Milanez -Mensagem original- De: Andreas [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de abril de 2008 17:06 Para: Tomcat Users List Assunto: Re: Runtime created files not accessible.Please help. Hello Marcus, Hello all. Thank you very for ur help,although i dont seem to get any solution and it's just completely frustrating... Marcus, when you say regular servlet you mean..?? simple JSP ? I am not sure I got it. Coz I also tested through a simple JSP and I got the same problems... Best Regards, Andreas. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: url redirection
Hi, I'm not completely sure about what you want, but you can redirect urls according to a given pattern between tomcat instances using jakarta connectors. Is that what you want? You can have further info here http://tomcat.apache.org/connectors-doc/ Yours, Marcus -Mensagem original- De: Melanie Pfefer [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 27 de março de 2008 07:32 Para: users@tomcat.apache.org Assunto: url redirection Hi, I have 2 web apps deployed on 2 tomcat servers. How to redirect urls that contains 'jar' string from one app to another? http://zeus:8085/web/sec:jar:001 to http://zeus:8086/src/web:sec:jar:001 thanks __ Sent from Yahoo! Mail. More Ways to Keep in Touch. http://uk.docs.yahoo.com/nowyoucan.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: Application context configuration datasources
I've never used a pool shared by more than one app, so I'm not the best person to offer other options. In this case, you have to stop your server whenever you deploy a new version of your app? -Mensagem original- De: Charl Gerber [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 27 de março de 2008 09:04 Para: Tomcat Users List Assunto: Re: RES: Application context configuration datasources You are not supposed to edit server.xml in order to make your pooled connections work. You do when its a connection pool shared by more than one application. How else do you create global resources? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Securing Tomcat
We are currently using the steps published by OWASP too, in terms of tomcat configuration (there are application related security issues that are not covered by the article). Is there something else we should be aware of, that is not described? I have no personal experience with this but it might be a useful resource: http://www.owasp.org/index.php/Securing_tomcat - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Java 1.4.2 to 1.5 upgrade tips
You could have both tomcats running in the same server, one for legacy apps and another for new stuff, using mod_jk. It works very well. -Mensagem original- De: Jonathan Mast [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 26 de março de 2008 13:14 Para: Tomcat Users List Assunto: Re: Java 1.4.2 to 1.5 upgrade tips What I'm worried about is the Servlet spec. We have some legacy stuff that only compiles correctly using the servlet.jar which includes JSP 1.1 I think. Anyways, my fear is that this might not be supported with Java 1.5, and that stuff will have to be recoded to make use of servlet-api.jar which would require a lot of work. Any ideas? On Tue, Mar 25, 2008 at 12:39 PM, David kerber [EMAIL PROTECTED] wrote: Jonathan Mast wrote: It looks like we might have to upgrade to Java 1.5 from 1.4.2 and I was wondering if someone could point me to a guide on the pitfalls to watch out for as per Tomcat 5.5. thanks, I don't have a specific reference, but IIRC, there was very little code that would work correctly in 1.4 and not 1.5. The biggest effort was finding stuff that could be much more efficiently rewritten in 1.5 to take advantage of new features. However, even if you don't change a single line, 1.5 will still likely give you better performance than 1.4.2. D - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6.0.16 and Listeneres
Hi, I've just updated my tomcat version to 6.0.16 (I was using 6.0.14 since then), and it keeps reporting me INFO: The listener myfullpackage.MyListener is already configured for this context. The duplicate definition has been ignored. everytime I deploy my application. I've inspected all files in my web application, and realized that there are no duplicate entries for this listener. Searching over the internet I came accross very few references reporting the same problem, and these referenced explained that this is nothing I should get worried about. Is this a fact? Have someone had the same message? Thank you!
RES: Tomcat 6.0.16 and Listeneres
Everything works really fine, but this message is somehow annoying ... -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 25 de março de 2008 18:20 Para: Tomcat Users List Assunto: RE: Tomcat 6.0.16 and Listeneres From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: Tomcat 6.0.16 and Listeneres I've just updated my tomcat version to 6.0.16 and it keeps reporting me INFO: The listener myfullpackage.MyListener is already configured for this context. The duplicate definition has been ignored. Have someone had the same message? I've got the same thing; haven't taken the time to track it down since it appears to be purely cosmetic in that everything seems to be working properly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Tomcat 6.0.16 and Listeneres
Thanks a lot Mark! As everything worked fine, I'm confident to use this version in production. After two weeks of test with our application, this is the only strange behaviour we've noticed. Once again, thanks a lot for your quick responses guys! -Mensagem original- De: Mark Thomas [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 25 de março de 2008 18:23 Para: Tomcat Users List Assunto: Re: Tomcat 6.0.16 and Listeneres Milanez, Marcus wrote: Searching over the internet I came accross very few references reporting the same problem, and these referenced explained that this is nothing I should get worried about. Is this a fact? Yes. Have someone had the same message? Yes. See https://issues.apache.org/bugzilla/show_bug.cgi?id=44423 http://svn.apache.org/viewvc?view=revrevision=620844 Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: about java.lang.outofmemory error
Hello, Just be aware that increasing memory isn't always the best option. In most cases you should decrease memory instead, giving GC a chance to run. If you increase memory, it may never run (realising unused resources) and your process may never be able to allocate the amount you specify... -Mensagem original- De: David Fisher [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 17 de março de 2008 10:43 Para: Tomcat Users List Assunto: Re: about java.lang.outofmemory error I don't know about BIRT (other than it is a project to generate Excel reports), but I do know that in Apache POI when you read and write an Excel spreadsheet everything is done in memory, and a large amount of memory needs to be available if your spreadsheet is large. I add the following to my catalina.sh to increase memory: -Xms384m -Xmx724m I hope this helps, there are limits. Regards, Dave On Mar 17, 2008, at 8:05 AM, hns wrote: hi i have developed one web application which contains eclipse birt 2.2 it runs sucessfuly from 2 months but now while data inceresse it cause problem of showing one report and gives error java.lang.outofmemory error i have used tomcat 5.5.25 and jdk 1.5 i feel this is the problem of tomcat 5.5 memory allocation could it solved any way please help me -- View this message in context: http://www.nabble.com/about- java.lang.outofmemory-error-tp16092575p16092575.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: about java.lang.outofmemory error
Chuck, Sorry if I haven't been clear enough, but we did have several situations in which such a thing happened in production. We'd specified too much memory to tomcat, and as our server shared its physical with other applications such as IIS, GC never (ever) ran and Tomcat proccess could never acquire the amout of memory we'd specified, causing java.lang.OutOfMemory error plenty of times. We could just solve it decreasing tomcat's proccess initial and maximum amount of memory, that's why I've warned about it. I really apologize if I'm wrong, but is there another explanation for it? Thank you! -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 17 de março de 2008 11:06 Para: Tomcat Users List Assunto: RE: about java.lang.outofmemory error From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: RES: about java.lang.outofmemory error Just be aware that increasing memory isn't always the best option. In most cases you should decrease memory instead, giving GC a chance to run. If you increase memory, it may never run (realising unused resources) and your process may never be able to allocate the amount you specify... The above is confused and erroneous. GC will run automatically before any OOME is thrown, freeing up as much memory as is possible, including soft references. If you are referring to balancing heap space against non-heap space within the total process address space, GC has no effect, since the maximum heap size is reserved (but not allocated) at JVM initialization. There's no such thing as giving GC a chance to run; it will run, whenever it needs to. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: about java.lang.outofmemory error
Gabe, Quite like that. In my case, we didn't exceed the amout of physical memory available, but as our server shared its resources with other applications, it happened lots of times... -Mensagem original- De: Gabe Wong [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 17 de março de 2008 11:41 Para: Tomcat Users List Assunto: Re: RES: about java.lang.outofmemory error Milanez, Marcus wrote: Chuck, Sorry if I haven't been clear enough, but we did have several situations in which such a thing happened in production. We'd specified too much memory to tomcat, and as our server shared its physical with other applications such as IIS, GC never (ever) ran and Tomcat proccess could never acquire the amout of memory we'd specified, causing java.lang.OutOfMemory error plenty of times. We could just solve it decreasing tomcat's proccess initial and maximum amount of memory, that's why I've warned about it. I really apologize if I'm wrong, but is there another explanation for it? It sounds like in your case, you were allocating more memory to the JVM that was available from the system. Thus quite naturally when you lowered the allocation you encountered less problems. However if your application had indeed required the larger allocation, you would have experienced OutOfMemory. Point is, larger memory allocation is a good thing, but it cannot exceed what is available on the system. -- Regards Gabe Wong NGASI AppServer Manager JAVA AUTOMATION and SaaS Enablement http://www.ngasi.com NEW! 8.0 - Centrally manage multiple physical servers - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: about java.lang.outofmemory error
Ok... I don't want this thread to be any longer, but the fact is that we haven't configured the heap for mor space them physical plus swap. Anyway, I got it solved when we decreased initial memory and maximum memory. -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 17 de março de 2008 12:16 Para: Tomcat Users List Assunto: RE: about java.lang.outofmemory error From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: RES: about java.lang.outofmemory error GC never (ever) ran and Tomcat proccess could never acquire the amout of memory we'd specified The fact that GC never ran is irrelevant. As someone else pointed out, you likely configured the heap for more space than the sum of real plus swap, thereby causing a failure when attempting to allocate pages for the process. Also be aware that the JVM wil throw an OOME for *any* resource failure, including such things as running out of file descriptors. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Simultate Tomcat JNDI
Hi everyone, I'm trying to simulate tomcat's jndi mechanism, in order to test my DAO objects with junit. Does anybody knows how to do that? It seems to me that I need to bind the name java:/comp/env to a Context object and then bind my jdbc name to this context. Is this the way tomcat put things together? A Context object inside another and then the jdbc itself inside this one? Thnaks in advance! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Simultate Tomcat JNDI
Martin, Thanks for you reply. In fact I need to simulate tomcat's jndi mechanism. My class will be invoked by jUnit and not by tomcat. I'm trying to bind a datasource to a jndi name outside tomcat, but with exactaly the same names... Thank you! -Mensagem original- De: Martin Gainty [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 7 de março de 2008 11:43 Para: Milanez, Marcus Cc: Tomcat Users List Assunto: Re: Simultate Tomcat JNDI Marcus-http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howt o.html//assume you have this Oracle Datasource definition in your web.xmlresource-ref descriptionOracle Datasource example/description res-ref-namejdbc/myoracle/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref//I can now access the predefined DataSource using jdbc/myoracle lookup mechanism e.g.Context initContext = new InitialContext(); Context envContext = (Context)initContext.lookup(java:/comp/env); DataSource ds = (DataSource)envContext.lookup(jdbc/myoracle); Connection conn = ds.getConnection();HTHMartin- - Original Message - From: Milanez, Marcus [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 07, 2008 9:08 AM Subject: Simultate Tomcat JNDI Hi everyone, I'm trying to simulate tomcat's jndi mechanism, in order to test my DAO objects with junit. Does anybody knows how to do that? It seems to me that I need to bind the name java:/comp/env to a Context object and then bind my jdbc name to this context. Is this the way tomcat put things together? A Context object inside another and then the jdbc itself inside this one? Thnaks in advance! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Simultate Tomcat JNDI
Hi everyone, I came accross a solution for that. I've created my own helper class that provides the same JNDI hierarchy tomcat does to my datasources. Now I can test my DAOs using jUnit outside tomcat! Thank you all! Marcus Milanez -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 7 de março de 2008 11:50 Para: Tomcat Users List Assunto: RES: Simultate Tomcat JNDI Martin, Thanks for you reply. In fact I need to simulate tomcat's jndi mechanism. My class will be invoked by jUnit and not by tomcat. I'm trying to bind a datasource to a jndi name outside tomcat, but with exactaly the same names... Thank you! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Servlet Filter Not Intercepting?
Hi Jay, Your configuration seems to be fine.. Is your Checkout servlet ever invoked, cause you haven't posted your servlet-mapping tags. Have you tried mapping your filter using url-patterns, instead of servlet-name ? And only one more question, what do you mean by 'turn off invonking the resource' ? Yours, Marcus Milanez -Mensagem original- De: Jay Liu [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 3 de janeiro de 2008 01:49 Para: 'Tomcat Users List' Assunto: RE: Servlet Filter Not Intercepting? Thanks Marcus. Here's my filter setup. I just created it fresh in netbeans so I'd be surprised if there is a problem. I woke up this morning, realizing I forgot to turn off invoking the resource. Would that matter? filter filter-nameUserFilter/filter-name filter-classstore.filters.UserFilter/filter-class /filter filter-mapping filter-nameUserFilter/filter-name servlet-nameCheckout/servlet-name /filter-mapping servlet servlet-nameCheckout/servlet-name servlet-classcom.inifim.commerce.store.servlets.transactions.Checkout/servlet-class /servlet I only have one filter right now. Thanks again, Jay -Original Message- From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Sent: Wednesday, January 02, 2008 5:21 AM To: Tomcat Users List; [EMAIL PROTECTED] Subject: RES: Servlet Filter Not Intercepting? Hi, Yes, filters atre supposed to intercept a requets just before it is accessed. Could you please post your filter config written in your web.xml file? Yours, Marcus Milanez http://sumatrablog.wordpress.com -Mensagem original- De: Jay Liu [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 1 de janeiro de 2008 18:36 Para: users@tomcat.apache.org Assunto: Servlet Filter Not Intercepting? Hi all, I'm having a problem with filters. I setup filter to block access to a resource unless the user is authenticated. I've noticed that the resource is accessed then the filter kicks in and then loads. I thought filters were supposed to intercept the request before the resource is accessed? Is there something wrong with my xml configuration? Thanks, Jay - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Servlet Filter Not Intercepting?
Hi, Yes, filters atre supposed to intercept a requets just before it is accessed. Could you please post your filter config written in your web.xml file? Yours, Marcus Milanez http://sumatrablog.wordpress.com -Mensagem original- De: Jay Liu [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 1 de janeiro de 2008 18:36 Para: users@tomcat.apache.org Assunto: Servlet Filter Not Intercepting? Hi all, I'm having a problem with filters. I setup filter to block access to a resource unless the user is authenticated. I've noticed that the resource is accessed then the filter kicks in and then loads. I thought filters were supposed to intercept the request before the resource is accessed? Is there something wrong with my xml configuration? Thanks, Jay - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Creating files dynamically and antiJarLocking
Kolinko, Thanks for your reply. I really need this feature to work correctely 'cause doing that we could increase performance significantly in some of our requests. I'm currently using Tomcat 6.0.10. I can't tell you whether this works in previous or further versions 'cause we have only tested in this one. And as you mentioned, I guess this behaviuor is not part of any java ee paper or standard.. Thanks for your help, Marcus Milanez -Mensagem original- De: Konstantin Kolinko [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 29 de outubro de 2007 15:52 Para: Tomcat Users List Assunto: Re: Creating files dynamically and antiJarLocking This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. Jsps are recompiled when modified, and are compiled on the first access. Thus I do not see why they cannot appear randomly. I do not remember whether it is a part of the standard, but it is a feature, and it supposedly can be turned off by some options. What Tomcat version is Marcus using? As for the path to the temp folder: what is the result of calling ServletContext.getRealPath(...)? 2007/10/29, Christopher Schultz [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: In this case, my files are created correctely, but I just can't reach them using their URLs. This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. I believe similar questions have been raised in the past, the the answer has been don't do that. I'm not sure if there's a good way to achieve what you're trying to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJfGH9CaO5/Lv0PARAuPxAJ0RUBs4e8Z7F921c8xCq2NTNCMsLQCgnp13 m3QuNzpZ8L7+wiU0p3bkebA= =SkSm -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Creating files dynamically and antiJarLocking
Hassan, Are you using antiJARLocking=true and antiResourcesLocking=true in your context.xml file? Whenever I drop new JSP files *without* these options set to false, they work fine, but if I do that when these options are set to true, they simply can't be found... Thanks, -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 29 de outubro de 2007 16:02 Para: Tomcat Users List Assunto: Re: Creating files dynamically and antiJarLocking On 10/29/07, Konstantin Kolinko [EMAIL PROTECTED] wrote: Jsps are recompiled when modified, and are compiled on the first access. Thus I do not see why they cannot appear randomly. Absolutely. In my dev environment I'm constantly dropping new JSPs in, and they show up fine. If that weren't true, I'd never get /anything/ done :-) I do not remember whether it is a part of the standard, but it is a feature, and it supposedly can be turned off by some options. But the default certainly allows it, or more people would be having this same problem, I suspect... Perhaps the OP can test with a simple JSP using a fresh install? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Creating files dynamically and antiJarLocking
Hassan, Are you using antiJARLocking=true and antiResourcesLocking=true in your context.xml file? Whenever I drop new JSP files *with* these options set to false, they work fine, but if I do that when these options are set to true, they simply can't be found... Thanks, -Mensagem original- De: Hassan Schroeder [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 29 de outubro de 2007 16:02 Para: Tomcat Users List Assunto: Re: Creating files dynamically and antiJarLocking On 10/29/07, Konstantin Kolinko [EMAIL PROTECTED] wrote: Jsps are recompiled when modified, and are compiled on the first access. Thus I do not see why they cannot appear randomly. Absolutely. In my dev environment I'm constantly dropping new JSPs in, and they show up fine. If that weren't true, I'd never get /anything/ done :-) I do not remember whether it is a part of the standard, but it is a feature, and it supposedly can be turned off by some options. But the default certainly allows it, or more people would be having this same problem, I suspect... Perhaps the OP can test with a simple JSP using a fresh install? -- Hassan Schroeder [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Creating files dynamically and antiJarLocking
Sorry, I've mispelled the Tomcat version. We are currently using 6.0.14 here. Thanks, Marcus -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 30 de outubro de 2007 10:12 Para: Tomcat Users List Assunto: RES: Creating files dynamically and antiJarLocking Kolinko, Thanks for your reply. I really need this feature to work correctely 'cause doing that we could increase performance significantly in some of our requests. I'm currently using Tomcat 6.0.10. I can't tell you whether this works in previous or further versions 'cause we have only tested in this one. And as you mentioned, I guess this behaviuor is not part of any java ee paper or standard.. Thanks for your help, Marcus Milanez -Mensagem original- De: Konstantin Kolinko [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 29 de outubro de 2007 15:52 Para: Tomcat Users List Assunto: Re: Creating files dynamically and antiJarLocking This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. Jsps are recompiled when modified, and are compiled on the first access. Thus I do not see why they cannot appear randomly. I do not remember whether it is a part of the standard, but it is a feature, and it supposedly can be turned off by some options. What Tomcat version is Marcus using? As for the path to the temp folder: what is the result of calling ServletContext.getRealPath(...)? 2007/10/29, Christopher Schultz [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: In this case, my files are created correctely, but I just can't reach them using their URLs. This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. I believe similar questions have been raised in the past, the the answer has been don't do that. I'm not sure if there's a good way to achieve what you're trying to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJfGH9CaO5/Lv0PARAuPxAJ0RUBs4e8Z7F921c8xCq2NTNCMsLQCgnp13 m3QuNzpZ8L7+wiU0p3bkebA= =SkSm -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Creating files dynamically and antiJarLocking
Konstantin, After a few tries I could identify we were using System.getProperty(catalina.home) instead of ServletContext.getRealPath(\). That solved my problem and my application is working fine now, even with antiJarLocking. Thank you all for your attention, Marcus Milanez -Mensagem original- De: Konstantin Kolinko [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 29 de outubro de 2007 15:52 Para: Tomcat Users List Assunto: Re: Creating files dynamically and antiJarLocking This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. Jsps are recompiled when modified, and are compiled on the first access. Thus I do not see why they cannot appear randomly. I do not remember whether it is a part of the standard, but it is a feature, and it supposedly can be turned off by some options. What Tomcat version is Marcus using? As for the path to the temp folder: what is the result of calling ServletContext.getRealPath(...)? 2007/10/29, Christopher Schultz [EMAIL PROTECTED]: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: In this case, my files are created correctely, but I just can't reach them using their URLs. This is likely because Tomcat expects all the resources for a web app to be available at deployment time, rather than randomly appearing during the life of the deployed webapp. I believe similar questions have been raised in the past, the the answer has been don't do that. I'm not sure if there's a good way to achieve what you're trying to do. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHJfGH9CaO5/Lv0PARAuPxAJ0RUBs4e8Z7F921c8xCq2NTNCMsLQCgnp13 m3QuNzpZ8L7+wiU0p3bkebA= =SkSm -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Creating files dynamically and antiJarLocking
Hi all, In my web project, I dynamically create JSP files in some ocasions. These files are placed under my web application folder and only works well if I don't use antiJarLocking='true' and antiResourcesLocking='true'. In this case, my files are created correctely, but I just can't reach them using their URLs. Tomcat returns me a 404 error, just like if my pages weren't placed there. I know that when we use antiJarLocking and antiResourcesLocking, all my war files are unpacked under temp folder, and I suppose I should place my dynamically created files there too right? Am I right? The only problem is, Tomcat seems to create temp directories using a sequential number preceding the folder name... Do I have acces to the most recent created tempo directory? thanks in advance, Marcus Milanez
RES: Help with Tomcat IIS
Demetris, Have you taken all the required steps to integrate IIS and Tomcat? If so, IIS under Windows 2003 requires an extra one which consists on adding a Web Service Extension. Note that now there is an item named Web Service Extensions, under Web Sites folder. Just right click on it and then select 'Add new Web Service Extension' . Name it jakarta and point it to your isapi_redirect.dll location. If you had taken all the usually required steps, that would make your integration work just fine. Please let me know if you could do it or if you need further help... Marcus Milanez -Mensagem original- De: Demetris Zavorotnichenko [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 25 de outubro de 2007 04:20 Para: 'Tomcat Users List'; [EMAIL PROTECTED] Assunto: RE: Help with Tomcat IIS All this info is great but you guys haven't answered my question yet. Please help me out here. -Original Message- From: Roger Parkinson [mailto:[EMAIL PROTECTED] Sent: Thursday, October 25, 2007 2:14 AM To: Tomcat Users List Subject: Re: Help with Tomcat IIS We do it because the IIS is already active on the existing server and it is running a bunch of other stuff we don't want to stop (eg MS Exchange). So we cannot have tomcat take over handling port 80 requests. It works fine, though. Roger Jacob Rhoden wrote: Propes, Barry L wrote: there's lots of people who combine the two -- I currently am, because our UNIX support group has not made the environment compatible for or with Tomcat! Sounds like you and I have the same employer (: But seriously, I am trying to work out the pro's and cons of standalone mode. I am wondering why you put IIS in front of tomcat? Does IIS provide other services apart from tomcat, or is there a specific reason? Best Regards, Jacob - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Help with Tomcat IIS
Just to make things clear, the Web Services Extension item is located above Web Sites item and not under, as I've mentioned... Sorry! -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 25 de outubro de 2007 09:28 Para: Tomcat Users List; [EMAIL PROTECTED] Assunto: RES: Help with Tomcat IIS Demetris, Have you taken all the required steps to integrate IIS and Tomcat? If so, IIS under Windows 2003 requires an extra one which consists on adding a Web Service Extension. Note that now there is an item named Web Service Extensions, under Web Sites folder. Just right click on it and then select 'Add new Web Service Extension' . Name it jakarta and point it to your isapi_redirect.dll location. If you had taken all the usually required steps, that would make your integration work just fine. Please let me know if you could do it or if you need further help... Marcus Milanez -Mensagem original- De: Demetris Zavorotnichenko [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 25 de outubro de 2007 04:20 Para: 'Tomcat Users List'; [EMAIL PROTECTED] Assunto: RE: Help with Tomcat IIS All this info is great but you guys haven't answered my question yet. Please help me out here. -Original Message- From: Roger Parkinson [mailto:[EMAIL PROTECTED] Sent: Thursday, October 25, 2007 2:14 AM To: Tomcat Users List Subject: Re: Help with Tomcat IIS We do it because the IIS is already active on the existing server and it is running a bunch of other stuff we don't want to stop (eg MS Exchange). So we cannot have tomcat take over handling port 80 requests. It works fine, though. Roger Jacob Rhoden wrote: Propes, Barry L wrote: there's lots of people who combine the two -- I currently am, because our UNIX support group has not made the environment compatible for or with Tomcat! Sounds like you and I have the same employer (: But seriously, I am trying to work out the pro's and cons of standalone mode. I am wondering why you put IIS in front of tomcat? Does IIS provide other services apart from tomcat, or is there a specific reason? Best Regards, Jacob - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: RES: How can I ensure that client access servlets via HTTPS?
Thanks for your reply chris! By the way, I'm not the who needs help. The author of this post is Ala Winter -- Forwarded message -- From: alla winter [EMAIL PROTECTED] Date: Oct 22, 2007 2:48 PM Subject: How can I ensure that client access servlets via HTTPS? To: users@tomcat.apache.org --- -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 24 de outubro de 2007 12:03 Para: Tomcat Users List Assunto: Re: RES: RES: How can I ensure that client access servlets via HTTPS? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: I know that, but the code posted in the question had a CONFIDENTIAL value set for transport-guarantee and the author still seemed to have lacks regarding it... But just for a matter of curiosity, why should I use another port for SSL, instead of 443 ? I'm not suggesting that you should use something other than 443 for HTTPS. Another poster suggested that you could simply check the port number. What I was saying was that running on port 443 does not guarantee a secure connection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHH1Cg9CaO5/Lv0PARAqmsAJ0Xg8zq+YIa+LP1IRyI4G2yuyLCqgCfQYny BKDQrxOOpIkRTxFHx64cDyo= =vVLQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: How can I ensure that client access servlets via HTTPS?
Hi Chris, I know that, but the code posted in the question had a CONFIDENTIAL value set for transport-guarantee and the author still seemed to have lacks regarding it... But just for a matter of curiosity, why should I use another port for SSL, instead of 443 ? -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 23 de outubro de 2007 17:23 Para: Tomcat Users List Assunto: Re: RES: How can I ensure that client access servlets via HTTPS? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: I think you could configure your server so that the 80 port is not available, only the 443 one. Programaticaly, you can invoke the request.isSecure() method to check whether your request uses https. Or, better yet, you can use transport-guarantee in your web.xml file: no need to change your code to check for SSL and no need to bet on port 443 always being HTTPS. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHHkod9CaO5/Lv0PARAjy7AJ49bKnjJMhn1HRDNYaKkycMdESMbgCgwML9 yp4LD9VBs50ij5zd57ZKF4s= =b3Qt -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: How can I ensure that client access servlets via HTTPS?
I think you could configure your server so that the 80 port is not available, only the 443 one. Programaticaly, you can invoke the request.isSecure() method to check whether your request uses https. -Mensagem original- De: alla winter [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 23 de outubro de 2007 17:02 Para: users@tomcat.apache.org Assunto: Fwd: How can I ensure that client access servlets via HTTPS? I would appreciate if you answer the question bellow thanks -- Forwarded message -- From: alla winter [EMAIL PROTECTED] Date: Oct 22, 2007 2:48 PM Subject: How can I ensure that client access servlets via HTTPS? To: users@tomcat.apache.org I would appreciate if you give me a suggestion how to enforce clients to access servlet through SSL for TOMCAT 5.2.25 and JDK 1.5.0_12. ( The TOMCAT is set up for SSL with APR 1.9 and I can access it via HTTPS) I was thinking that I can accomplish that with the following: security-constraint web-resource-collection web-resource-nameview dept data/web-resource-name url-pattern/cobra_source/servlet/servlet/com.cobrasource.servlets.InitiatorServlet/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint However, it doesn't make any difference and I can access this servlet via HTTP . Could that be that I do not have user role? But I have a different method for authentication that is conducted outside of TOMCAT. Am I missing something or there is something else that I can do ? Thanks for your help - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: How to? debug large session size? drill down and tools / over 400K is too be for replication
We use Lambda Probe http://www.lambdaprobe.org here -Mensagem original- De: hanasaki jiji [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 16 de outubro de 2007 15:53 Para: users@tomcat.apache.org Assunto: How to? debug large session size? drill down and tools / over 400K is too be for replication users@tomcat.apache.org We have an application that has a pretty large session size ( 400K). This is causing issues for scalability and makes session replication for fail over quite impractical. What can be used to drill down live and generate a runtime report (perhaps a graph too) showing what http session attributes are the memory hog? We are looking to see not just the attribute that is the issue but perhaps the aggregate (or aggregate of aggregate) of the session attributes and their size in memory. Thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
TagLib body code
Hi there, Is it possible to somehow, obtain the non-evaluated code contained inside a taglib body ? thanks!
RES: Rookie Question Please help
Hi! We have used the JTDS driver for Sql 2005 and we didn't have a single problem... Give it a try, it's the best SQL 2K/2005 driver ever... http://jtds.sourceforge.net/faq.html Yours, Marcus Milanez -Mensagem original- De: Charlie Wingate [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 14 de setembro de 2007 10:59 Para: users@tomcat.apache.org Assunto: Rookie Question Please help Hi, Thanks in advance for an insight you can give me. I am trying to convert my web app to use SQL05 from SQL2K. I have almost got it, I have one error left! I keep getting the error no suitable driver found even though I have verified multiple times that I have sqljdbc.jar in WEB-INF\lib of the web app. I could not find a META-INF file that points to this or the older SQL2k driver(s) either. (I have pasted the tomcat window below) Anyone have a clue? SEVERE: A FATAL ERROR has occurred which should not have happened under any circ umstance. Please notify the Torque developers [EMAIL PROTECTED] e.org and give as many details as possible (including the error stack trace). java.lang.Error: Error in BasePeer.initTableSchema(TURBINE_USER): No suitable dr iver found for jbc:sqlserver://172.17.20.81:1433;DatabaseName=DGDJSEC_TEST at org.apache.torque.util.BasePeer.initTableSchema(BasePeer.java:274) at org.apache.torque.util.BasePeer.initTableSchema(BasePeer.java:249) at org.apache.jetspeed.om.security.turbine.TurbineUserPeer.clinit(Unkn own Source) at org.apache.jetspeed.om.security.turbine.BaseTurbineUser.clinit(Unkn own Source) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Unknown Source) at org.apache.jetspeed.om.security.turbine.BaseTurbineUserPeer.initClass (Unknown Source) at org.apache.jetspeed.om.security.turbine.BaseTurbineUserPeer.clinit( Unknown Source) at org.apache.jetspeed.services.security.turbine.TurbineUserManagement.g etUser(Unknown Source) at org.apache.jetspeed.services.JetspeedUserManagement.getUser(Unknown S ource) at org.apache.jetspeed.services.security.turbine.TurbineAuthentication.g etAnonymousUser(Unknown Source) at org.apache.jetspeed.services.JetspeedAuthentication.getAnonymousUser( Unknown Source) at org.apache.jetspeed.services.JetspeedSecurity.getAnonymousUser(Unknow n Source) at org.apache.jetspeed.modules.actions.TemplateSessionValidator.doPerfor m(Unknown Source) at org.apache.jetspeed.modules.actions.JetspeedSessionValidator.doPerfor m(Unknown Source) at org.apache.turbine.modules.Action.perform(Action.java:87) at org.apache.turbine.modules.ActionLoader.exec(ActionLoader.java:122) at org.apache.turbine.Turbine.doGet(Turbine.java:521) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:173) at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDisp atcher.java:672) at org.apache.catalina.core.ApplicationDispatcher.processRequest(Applica tionDispatcher.java:463) at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationD ispatcher.java:398) at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDis patcher.java:301) at org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.j ava:688) at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.jav a:658) at org.apache.jsp.index_jsp._jspService(index_jsp.java:45) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper .java:334) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:3 14) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:107) at
RES: tc xmlhttprequest
Hi, These questions sound really strange to me. Are you using an AJAX framework like DWR ? If not, I guess you should give it a try: http://getahead.org/dwr . You can easily find installing and deployment instructions there. Yours, Marcus -Mensagem original- De: Chris Pat [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 10 de setembro de 2007 19:23 Para: Tomcat Assunto: tc xmlhttprequest Hello Any tips on serving a ajax page with tomcat? I am now calling the page with a jsp:forward outside of the web-inf. Do I also have to fully unc path to the *.js files, like src=localhost:8080/context/intPages/myScripts.js ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: tc xmlhttprequest
Hi, Ok, let me try to help you anyway. Inside the web-inf directory, you usualy store classes and classloader related stuff, like .jar or .properties files. Storing *.js files inside this direcory could possibly mean two things: 1) Your are not really accessing .js files directly. Instead, you are accessing a servlet that maps these url patterns to its instance. In these cases, you *must* know the full servlet class name, including of course its package name, in order to correctly map it in your web.xml application file. 2) Someone has stored these kind of files in that directory by mistake. In these case, just move all the files you need somewhere outside. When you say TC technology, you mean the mobile thing? Have they provided you a .jar file to accomplish AJAX, or you are trying to create your own AJAX engine that uses its resources? Yours, Marcus -Mensagem original- De: Chris Pat [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 10 de setembro de 2007 19:39 Para: Tomcat Users List Assunto: Re: RES: tc xmlhttprequest Hi Marcus Sorry. I have an ajax page. It works. I need to add other technologies to it, the easiest way is with TC. I want to graft on ajax to TC technology, and got the error about directly accessing security violations. But the javascript code is not executing, so I was hoping someone had some tips on how to configure to access the script files. Thank you for the references, I will look into to those, now I just need to get this done, grin. Milanez, Marcus [EMAIL PROTECTED] wrote: Hi, These questions sound really strange to me. Are you using an AJAX framework like DWR ? If not, I guess you should give it a try: http://getahead.org/dwr . You can easily find installing and deployment instructions there. Yours, Marcus -Mensagem original- De: Chris Pat [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 10 de setembro de 2007 19:23 Para: Tomcat Assunto: tc xmlhttprequest Hello Any tips on serving a ajax page with tomcat? I am now calling the page with a jsp:forward outside of the web-inf. Do I also have to fully unc path to the *.js files, like src=localhost:8080/context/intPages/myScripts.js ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: 20 Tips for Using Tomcat in Production
If you are running tomcat under windows services, you can select which JVM you want to use through bin/tomcatXw.exe. -Mensagem original- De: Karel V Sedlacek [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 22 de agosto de 2007 08:19 Para: Tomcat Users List Assunto: Re: 20 Tips for Using Tomcat in Production Thanks for this info,... How do I implement this tip? #18. Use the -server JVM option. This enables the server JVM, which JIT compiles bytecode much earlier, and with stronger optimizations. Startup and first calls will be slower due to JIT compilation taking more time, but subsequent ones will be faster. Karel In putting #1 into the JAVA_OPTS (which it appears that is the CATALINA_OPTS for our implementation), it doesn't appear to work, as Tomcat doesn't restart. It could be our version -- which is currently 5.0.30. please let me know if there are other steps we need to take here as well. thanks, Kim :-) On 8/21/07, Shane Witbeck [EMAIL PROTECTED] wrote: I thought my latest blog post would be of interest to the people on this list: http://www.digitalsanctum.com/2007/08/18/20-tips-for-using-tomcat-in- production/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: 20 Tips for Using Tomcat in Production
Hi Karel, Take a look at http://tomcat.apache.org/tomcat-5.5-doc/apr.html, which describes native libraries. We started using it sometime ago and we noticed better response times in or application. -Mensagem original- De: Karel Sedlacek [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 22 de agosto de 2007 11:32 Para: Tomcat Users List Assunto: Re: RES: 20 Tips for Using Tomcat in Production Marcus, I'm not sure I understand... Karel At 10:21 AM 8/22/2007, you wrote: Another tip that could be considered is the use of Tomcat Native Libraries (http://tomcat.heanet.ie/native/) , what do you think? -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 22 de agosto de 2007 10:56 Para: Tomcat Users List Assunto: RE: 20 Tips for Using Tomcat in Production From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Subject: Re: 20 Tips for Using Tomcat in Production as far as i know this option is outdated, hence the vm automatically goes into server mode if it detects a server class machine (=2GB RAM, 2 processors (which also includes ht or dualcore) The automatic mode switch based on platform configuration occurs only when using the standard java launcher. If running as a Windows service, the selection of the server or client .dll must be done explicitly in the service properties. - Chuck - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Karel Sedlacek [EMAIL PROTECTED] CIT Data Administration Phn 607-255-7742 Cornell University Fax 607-255-1297 Ithaca, NY 14853 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: 20 Tips for Using Tomcat in Production
What's wrong? Problems with native libraries? -Mensagem original- De: Leon Rosenberg [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 22 de agosto de 2007 12:23 Para: Tomcat Users List Assunto: Re: 20 Tips for Using Tomcat in Production On 8/22/07, Milanez, Marcus [EMAIL PROTECTED] wrote: Another tip that could be considered is the use of Tomcat Native Libraries (http://tomcat.heanet.ie/native/) , what do you think? PLEASE DONT! Leon -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 22 de agosto de 2007 10:56 Para: Tomcat Users List Assunto: RE: 20 Tips for Using Tomcat in Production From: Leon Rosenberg [mailto:[EMAIL PROTECTED] Subject: Re: 20 Tips for Using Tomcat in Production as far as i know this option is outdated, hence the vm automatically goes into server mode if it detects a server class machine (=2GB RAM, 2 processors (which also includes ht or dualcore) The automatic mode switch based on platform configuration occurs only when using the standard java launcher. If running as a Windows service, the selection of the server or client .dll must be done explicitly in the service properties. - Chuck - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: 20 Tips for Using Tomcat in Production
Thank you very much! -Mensagem original- De: Shane Witbeck [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 21 de agosto de 2007 09:10 Para: users@tomcat.apache.org Assunto: 20 Tips for Using Tomcat in Production I thought my latest blog post would be of interest to the people on this list: http://www.digitalsanctum.com/2007/08/18/20-tips-for-using-tomcat-in-production/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Re: Memory problems
Have you considered using Lambda Probe for tracking tomcat memory use details? Give it a try, maybe you'll be able to find alive object references that could be garbage collected. http://www.lambdaprobe.org/ -Mensagem original- De: news [mailto:[EMAIL PROTECTED] Em nome de Morten Enviada em: terça-feira, 21 de agosto de 2007 09:11 Para: users@tomcat.apache.org Assunto: Re: Memory problems Are there any way to stop Tomcat from cached these large byte[] internally? The ByteChunks are referenced from IntermediateOutputstream, C2BConverter and OutputBuffer. Hmm. Those are all Tomcat util classes, so they're almost certainly held by something else. Can you find out what's holding on to those instances, and make sure the chain of references goes entirely through Tomcat rather than via JBoss, your webapp or something you've cached in your session? The graph looks like this: The byte[] is referenced from: - ByteChunk (A) - ByteChunk (B) ByteChunk (A) is referenced by: - org.apache.tomcat.util.buf.C2BConverter (AA) - org.apache.tomcat.util.buf.IntermediateOutputStream (AB) - org.apache.catalina.connector.OutputBuffer (AC) ByteChunk (B) is referenced by: - org.apache.catalina.connector.OutputBuffer (AC) C2BConverter (AA) is referenced by: - HashMap$Entry (AAA) - org.apache.catalina.connector.OutputBuffer (AC) IntermediateOutputStream (AB) is referenced by: - org.apache.tomcat.util.buf.C2BConverter (AA) - org.apache.tomcat.util.buf.WriteConvertor (ABA) - sun.nio.cs.StreamEnocder (ABB) OutputBuffer (AC) is referenced by: - org.apache.catalina.conncetor.CoyoteOutputStream (ACA) - org.apache.catalina.connector.CoyoteWriter (ACB) - org.apache.catalina.connector.Response (ACC) HashMap$Entry (AAA) is referenced by: - class[] org.apache.catalina.conncetor.CoyoteOutputStream (ACA) is referenced by: - org.apache.catalina.connector.Response (ACC) org.apache.catalina.connector.CoyoteWriter (ACB) is referenced by: - org.apache.catalina.connector.Response (ACC) org.apache.catalina.connector.Response (ACC) is referenced by: - org.apache.catalina.connector.ResponseFacade (ACCA) - class[] (ACCB) - org.apache.catalina.connector.Request (ACCC) I cannot find any trace of any JBoss or any webapp class. Best regards, Morten - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: 20 Tips for Using Tomcat in Production
We should create a wiki to accomplish all theses tips Why not? -Mensagem original- De: Ben Souther [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 21 de agosto de 2007 14:46 Para: Tomcat Users List Assunto: Re: 20 Tips for Using Tomcat in Production Tip #8: You tell the users about the tomcat-users.xml file for adding the role info but never tell them where to enter the RemoteAddrValve in order to restrict IPs. On Tue, 2007-08-21 at 10:57, Shane Witbeck wrote: David, Thanks for your comments. I've added them to the blog post for everyone's benefit. Shane On 8/21/07, David Delbecq [EMAIL PROTECTED] wrote: Very nice. May i suggest 2 comments perhaps?: 6... If you're loading several applications with several of the same library dependencies, consider moving them from the applications' |WEB-INF/lib| directory to Tomcat's shared library |{catalina.home}/shared/lib|. This will reduce the memory used by |each application and result in smaller WAR files. You should make a remark that this change the behaviour of webapp: a) Shared classloader is searched in last ressort when looking for classes, according to http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html. b) Because the classes are shared, they share config singletons and if they store objects statically they will prevent webapp unloading 7...Consider JDK 1.5 or even better JDK 1.6 to take advantage of performance improvements. Note that you can gain even more performance if you recompile your string concatenation hungry (d=+b+ccc) support libaries for jdk 5+ on a multi CPU system. This is because jdk5 uses the non-synchronized stringbuilder instead of the jdk 4- synchronized StringBuffer. And synchronization over multiple cpu takes a few more cycles than on single CPU machines. En l'instant précis du 21/08/07 14:10, Shane Witbeck s'exprimait en ces termes: I thought my latest blog post would be of interest to the people on this list: http://www.digitalsanctum.com/2007/08/18/20-tips-for-using-tomcat- in-production/ -- --- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- http://www.noooxml.org/ - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Resource Security
Mark, First of all, let me thank you for your detailed response. This list contains lots of qualified people, and I'm really glad I'm part of it because I'm learning more and more everyday. All the reasons you mentioned are reasonable, but there are some pointes that makes me think a lot (and I must assume I don't have the right answers). Here they are: 1) Can I assume things in terms of security? For a matter of an example, should I always assume that the resources that my application access (like a database for example) doesn't need additional security, because it is hosted in a server, and if this so called server was attacked them worse things could actually happen? In this case, should I assume as a developer (not as a system admin), that my network is safe, that my web server is safe? 2) Whenever I think of security, I'm not only considering a hacker attack. In terms of security, is it right to delegate a web system administrator the right to know my application's database user and password? I know that security recommendations in database side tells us that an application users should only have access to what they need, in terms of commands, tables and so on, but again, should I always assume that as a developer? In my point of view, I think my application server should take care of all these issues for me... How? I don't know. In fact my only suggestion is: My app. Server should ask for a 'key' (besides the manager password) whenever I install a new application. This key could be used to encrypt all my application files, preventing anyone to open them. I know there are issues like 'Where should this key be stored?', 'Who should type this key ?' and I know that, but I can't find a good answer... I'm just exposing some ideas. Thank you all for your attention once more. This community is really great.. Yours, Marcus Milanez -Mensagem original- De: Mark Thomas [mailto:[EMAIL PROTECTED] Enviada em: sábado, 18 de agosto de 2007 00:31 Para: Tomcat Users List Assunto: Re: Resource Security Christopher Schultz wrote: Andrew, Andrew Hole wrote: Is it possible encrypt password on Resource setup? No (still). And for good reason. First off all, why does the resource password need to be encrypted? The threat is that an attacker gains unauthorised access to the box locally or remotely and reads the file. If they can gain this much access to the box it is already badly compromised. An attacker that could do this can almost certainly add a malicious web application, add a filter that sniffs user passwords, read the private SSL key etc. There are very few circumstances where an attacker that has compromised the Tomcat server (and can hence add code etc) can do more damage with the resource password that they couldn't do by writing a malicious web application and deploying it. All that being said, lets assume that the resource password needs to be protected after the box has been compromised. How to protect it? If the resource password is encrypted Tomcat has to be able to decrypt it in order to use it. Where does Tomcat get the decryption key from? The options are: 1. a file on disk 2. entry by system admin on startup 3. some hardware device 1. is pointless. If the attacker can read the file with the encrypted password, they can read the file with the decryption key. 2. This is better but has a number of issues. If the service fails, an admin has to be present to restart it. You have just swapped a confidentiality issue for an availability one. 24x7 operation will require 5 admins that know this password. The password will probably be written down somewhere in plain text and is likely to be less well protected than if it was just left on the file system in the first place. This of course doesn't take account of the time taken for an admin to notice the service is down, go to the box and restart it. Further, the password will almost certainly still be cached for later reuse, eg when creating a new connection for a database connection pool. If our attacker has already compromised the box, a malicious web app and careful use of reflection will yield the password. At the cost of some resources and some custom code, you could avoid most caching issues but closed source code (database drivers etc) will still be a risk. 3. Essentially the same set of problems as 2 but with added complexity. It all comes down to a proper threat assessment. Given what an attacker who has access to the box is able to do, there are extremely few cases where protecting the password after the box is compromised is worth the effort and not enough to make this even appear on anyone's to-do list. If someone can come up with a reasonable scenario that makes encrypting the resource password necessary then I am happy to add an implementation of password on startup to my list of things to do. Mark
RES: Resource Security
For all those interested in tightening tomcat security, there are some interesting advices from OWASP here http://www.owasp.org/index.php/Securing_tomcat Yours, Marcus Milanez -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 20 de agosto de 2007 09:21 Para: Tomcat Users List Assunto: RES: Resource Security Mark, First of all, let me thank you for your detailed response. This list contains lots of qualified people, and I'm really glad I'm part of it because I'm learning more and more everyday. All the reasons you mentioned are reasonable, but there are some pointes that makes me think a lot (and I must assume I don't have the right answers). Here they are: 1) Can I assume things in terms of security? For a matter of an example, should I always assume that the resources that my application access (like a database for example) doesn't need additional security, because it is hosted in a server, and if this so called server was attacked them worse things could actually happen? In this case, should I assume as a developer (not as a system admin), that my network is safe, that my web server is safe? 2) Whenever I think of security, I'm not only considering a hacker attack. In terms of security, is it right to delegate a web system administrator the right to know my application's database user and password? I know that security recommendations in database side tells us that an application users should only have access to what they need, in terms of commands, tables and so on, but again, should I always assume that as a developer? In my point of view, I think my application server should take care of all these issues for me... How? I don't know. In fact my only suggestion is: My app. Server should ask for a 'key' (besides the manager password) whenever I install a new application. This key could be used to encrypt all my application files, preventing anyone to open them. I know there are issues like 'Where should this key be stored?', 'Who should type this key ?' and I know that, but I can't find a good answer... I'm just exposing some ideas. Thank you all for your attention once more. This community is really great.. Yours, Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Context.xml file
Hello everyone! Is there a way to make the context.xml file more secure? I mean, inside this file we have database users and passwords in plain form, and this seems to be a severe security issue... How do you guys usually protect these informations (using context.xml file) in your projects? Thank you! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Resource Security
I read this just after I sent the same question... Take alook at the following article: http://wldj.sys-con.com/read/393364.htm -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 11:46 Para: Tomcat Users List Assunto: Re: Resource Security -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Andrew, Andrew Hole wrote: Is it possible encrypt password on Resource setup? No (still). - -chris PS Yes, you can write your own data source manager that decrypts the credentials or whatever, but then you have to store /that/ password somewhere. You just can't win. It's not worth it. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxbSd9CaO5/Lv0PARAqpGAKCtF/DLUaEYdEM0JYr9pOZu94zo3gCeJ4cb pWt1fKBL21NW8BggZnJpRzM= =2W2i -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Context.xml file
Regarding that, I came across an implementation suggestion which seems to be valid, but still seems to have security issues. What do you think? Take a look at http://wldj.sys-con.com/read/393364.htm -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 14:18 Para: Tomcat Users List Assunto: Context.xml file Hello everyone! Is there a way to make the context.xml file more secure? I mean, inside this file we have database users and passwords in plain form, and this seems to be a severe security issue... How do you guys usually protect these informations (using context.xml file) in your projects? Thank you! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: Context.xml file
I know.. This is quite difficult to address... Have your company adhered to SOX already? -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 15:17 Para: Tomcat Users List Assunto: Re: RES: Context.xml file -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: Context.xml file
Chris, Microsoft seems to have a good solution for that. The 'keys' are associated with na specific domain account... What do you think: http://msdn2.microsoft.com/en-us/library/ms995355.aspx Thank you! -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 15:17 Para: Tomcat Users List Assunto: Re: RES: Context.xml file -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: Regarding that, I came across an implementation suggestion which seems to be valid, but still seems to have security issues. What do you think? Take a look at http://wldj.sys-con.com/read/393364.htm Wow, what a miserably useless article. Tomcat as a reference implementation is not meant to be used in production? Sounds like BEA FUD or something like that. You have identified the source of the problem: the application server actually needs access to production database. You simply can't get around this. If a hacker compromises your application server, they will have access to your database. The only way to prevent that from happening is to have Tomcat ask you to enter the database credentials at container startup (or app deployment) from the console. No reasonable system administrator is going to stand for that crap, because it means that if your container needs to be restarted (or the server reboots) or you need to re-deploy the application, your app is totally down until someone types-in the magic incantation to get your application attached to the database. If you encrypt the credentials in the server.xml file, you have to store the encryption key somewhere the code can access it. You have simply moved the problem. You can move it many, many times, but you won't get any more secure. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGxeYC9CaO5/Lv0PARAhMlAJ4kzva8Cs2qAnvjVXTHEZ9NkIY57gCfTlFI qcfAKCw5Zv8l8Ou4EKGqA4U= =/2Wu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: RES: RES: Context.xml file
The this is that there are serious security concerns regarding SOX audits... Are there preventative measures about cleartext pass? No, but SOX auditors could easily point out all these stuff as 'unsafe environments'... Anyway, I'm just trying to enforce security as much as I can in my environment. I just can't assume anything... Thank you! -Mensagem original- De: Christopher Schultz [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 17 de agosto de 2007 16:43 Para: Tomcat Users List Assunto: Re: RES: RES: Context.xml file -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Marcus, Milanez, Marcus wrote: I know.. This is quite difficult to address... Have your company adhered to SOX already? Erm... correct me if I'm wrong, but SOX is all about public disclosure of bad things happening. There are no preventative measures or anything like that. It's not like SOX says you can't have cleartext passwords on computers directly connected to the Internet. Of course, if it did, you could always put your app server on a private subnet and then use a web server in your DMZ. This is my preferred deployment strategy, anyway. - -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Define tomcat ports
Thanks Gregor! -Mensagem original- De: Gregor Schneider [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 10 de agosto de 2007 11:49 Para: Tomcat Users List Assunto: Re: Define tomcat ports afaik port 1 - 1024 are so-called privileged ports (at least in unix / linux) which require superuser-right (root). since it's not the best idea running tomcat as root, you'll be fine choosing any port above 1024. also, you should make sure not to choose a port that's already been taken. in linux, a netstat -lnp will tell your which ports are no more available. cheers gregor -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Define tomcat ports
Thank you Markus! I'll take a careful look at server.xml file! -Mensagem original- De: Markus Schönhaber [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 10 de agosto de 2007 11:55 Para: users@tomcat.apache.org Assunto: Re: Define tomcat ports Milanez, Marcus schrieb: We need have two tomcat instances (different versions, 5.0.xx and 6.0.xx) running in the same server. We need it because we have some web applications deployed in Tomcat 5 which don't start in Tomcat 6. We won't have enough time to migrate all the applications to adhere some Tomcat 6 issues, so we need this scenario for a while. I would like to know whether there are port numbers restrictions, or I'm free to configure any number I like... The actual values of the port numbers Tomcat is told to bind to don't matter. Nevertheless the natural restrictions apply. For example, no two applications can bind to the same port, on unix-like systems you'll need root privileges to bind to ports 1024. Especially: if you want to run two Tomcat instances, you'll have to make sure that all ports one instance listens to are different from all ports the other (or any other application on the machine) listens to. This applies to all configured Connectors and the shutdown ports (unless you use jsvc). Regards mks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Define tomcat ports
Hi, We need have two tomcat instances (different versions, 5.0.xx and 6.0.xx) running in the same server. We need it because we have some web applications deployed in Tomcat 5 which don't start in Tomcat 6. We won't have enough time to migrate all the applications to adhere some Tomcat 6 issues, so we need this scenario for a while. I would like to know whether there are port numbers restrictions, or I'm free to configure any number I like... Thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Possible Bug Regarding Tag Files
Hi everyone, As I'm not a native english speaker, I might possibly commit mistakes during this report, so I ask your apologize in advance. I've researched at google and at tomcat's web site but couldn't find any satisfatory answer regarding the following behaviour: whenever I use Expression Language inside .tag files, I can't invoke getXXX() methods that are not declared inside that class instance, but in its superclass instead. For a matter of example, imagine that I have the following two (stupid) classes: public class AbstractFruit() { ... public String getName() { } } public class Apple extends AbstractFruit() { ... public String getColor() { } } Inside my servlet I create the following request attribute: AbstractFruit apple = new Apple(); request.setAttribute(myFruit, apple); request.getRequestDispatcher(/myTest.jsp).forward(request, response); And then I forward to my JSP that makes use of a tag file, just like the following examples: myTest.jsp %@ taglib prefix=fruitsUtils tagdir=/WEB-INF/tags/ % fruitsUtils:mix fruit='${requestScope[myFruit]}'/ /WEB-INF/tags/mix.tag %@ taglib uri=http://java.sun.com/jsp/jstl/core; prefix=c % %@ attribute name=fruit required=true % c:out value='${fruit.name}' / -- At this very moment, I get a runtime exception because I'm trying to invoke a superclass method This situation seems somehow strange because if I use the same syntax in a common JSP file I get it done perfectly, as usual. I believe that somehow the implementation of tag files compilation use different approaches for Expression Language reflections... Or I might be doing something extremely wrong without knowledge.. Has someone seen that before? I used Tomcat 6.0.10 during this test. Thank you! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Perm Size
Hi, Thanks for your response Martin, and no, JAVA_OPTS has no effect when I use tomcat6w to register options. To monitor tgese parameters I'm using Lambda Probe. Chuck, I swear I've tried almost everything to get done, but using Lambda Probe I can see that I must have missed something. Following your suggestion, I've put all the parameters in separated lines as you can see above. In fact, this is my full Java Options: content in tomcat6w.exe -Dcatalina.base=c:\jakarta-tomcat-6 -Dcatalina.home=c:\jakarta-tomcat-6 -Djava.endorsed.dirs=c:\jakarta-tomcat-6\endorsed -Djava.io.tmpdir=c:\jakarta-tomcat-6\temp -Dcom.sun.management.jmxremote -D-XX:-UseSerialGC -D-XX:MaxPermSize=256m -D-XX:PermSize=128m Through eclipse interface using Sysdeo plugin I could do that easily... I guess my problem is tomcat6w. Note that if I remove the -D characters, my service doesn't even start, thats why I'm still using it. Can you show me how is your Java Options: set, so that I could compare it? Thanks for all your support. Marcus Milanez -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 5 de junho de 2007 18:42 Para: Tomcat Users List Assunto: RE: Perm Size From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: Perm Size I'm trying to use the following parameters in my Tomcat 6 server through tomcat6w.exe, but they don't seem to take any effect: -Dserver There's no such option as -Dserver. If you're trying to run Tomcat as a service using the server JVM, you have to clear the Use Default checkbox on the Java tab, and specify the location of the server version of the jvm.dll file. Alternatively, you can edit %JRE_HOME%\lib\i386\jvm.cfg to put the -server line first in the list. -XX:-UseSerialGC -XX:MaxPermSize=256m -XX:PermSize=128m Are you trying to put all these on one line? They must each be on a separate line in the Java Options space of the Java tab. All are effective when I try it, as shown by Lambda Probe. Note to Mark T: The service.bat script for 6.0.13 still references http://jakarta.apache.org/tomcat. Note to Martin G: The JAVA_OPTS environment variable has no effect when running Tomcat as a Windows service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Perm Size
Hi, I could get it done! I just cleared the Initial Memory Pool and Maximum Memory Pool values and entered the following parameters whithout -D just like this: -Dcatalina.base=c:\jakarta-tomcat-6 -Dcatalina.home=c:\jakarta-tomcat-6 -Djava.endorsed.dirs=c:\jakarta-tomcat-6\endorsed -Djava.io.tmpdir=c:\jakarta-tomcat-6\temp -Dcom.sun.management.jmxremote -Xmx512m -Xms1024m -XX:PermSize=128m -XX:MaxPermSize=256m Thank you all! Marcus -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 6 de junho de 2007 08:56 Para: Tomcat Users List Assunto: RES: Perm Size Hi, Thanks for your response Martin, and no, JAVA_OPTS has no effect when I use tomcat6w to register options. To monitor tgese parameters I'm using Lambda Probe. Chuck, I swear I've tried almost everything to get done, but using Lambda Probe I can see that I must have missed something. Following your suggestion, I've put all the parameters in separated lines as you can see above. In fact, this is my full Java Options: content in tomcat6w.exe -Dcatalina.base=c:\jakarta-tomcat-6 -Dcatalina.home=c:\jakarta-tomcat-6 -Djava.endorsed.dirs=c:\jakarta-tomcat-6\endorsed -Djava.io.tmpdir=c:\jakarta-tomcat-6\temp -Dcom.sun.management.jmxremote -D-XX:-UseSerialGC -D-XX:MaxPermSize=256m -D-XX:PermSize=128m Through eclipse interface using Sysdeo plugin I could do that easily... I guess my problem is tomcat6w. Note that if I remove the -D characters, my service doesn't even start, thats why I'm still using it. Can you show me how is your Java Options: set, so that I could compare it? Thanks for all your support. Marcus Milanez -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 5 de junho de 2007 18:42 Para: Tomcat Users List Assunto: RE: Perm Size From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: Perm Size I'm trying to use the following parameters in my Tomcat 6 server through tomcat6w.exe, but they don't seem to take any effect: -Dserver There's no such option as -Dserver. If you're trying to run Tomcat as a service using the server JVM, you have to clear the Use Default checkbox on the Java tab, and specify the location of the server version of the jvm.dll file. Alternatively, you can edit %JRE_HOME%\lib\i386\jvm.cfg to put the -server line first in the list. -XX:-UseSerialGC -XX:MaxPermSize=256m -XX:PermSize=128m Are you trying to put all these on one line? They must each be on a separate line in the Java Options space of the Java tab. All are effective when I try it, as shown by Lambda Probe. Note to Mark T: The service.bat script for 6.0.13 still references http://jakarta.apache.org/tomcat. Note to Martin G: The JAVA_OPTS environment variable has no effect when running Tomcat as a Windows service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Perm Size
Just to keep you guys informed, the parameters above prevented my service from start under Windows 2003 using Tomcat 6.0.10. I had to remove the -Xmx512m and -Xms1024m parameters to get it done... I simply put them (the same valus) in Initial Memory Pool and Maximum Memory Pool fields and it started working once again. Previously I had tested those values under Windows XP without problems... -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 6 de junho de 2007 09:12 Para: Tomcat Users List Assunto: RES: Perm Size Hi, I could get it done! I just cleared the Initial Memory Pool and Maximum Memory Pool values and entered the following parameters whithout -D just like this: -Dcatalina.base=c:\jakarta-tomcat-6 -Dcatalina.home=c:\jakarta-tomcat-6 -Djava.endorsed.dirs=c:\jakarta-tomcat-6\endorsed -Djava.io.tmpdir=c:\jakarta-tomcat-6\temp -Dcom.sun.management.jmxremote -Xmx512m -Xms1024m -XX:PermSize=128m -XX:MaxPermSize=256m Thank you all! Marcus -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quarta-feira, 6 de junho de 2007 08:56 Para: Tomcat Users List Assunto: RES: Perm Size Hi, Thanks for your response Martin, and no, JAVA_OPTS has no effect when I use tomcat6w to register options. To monitor tgese parameters I'm using Lambda Probe. Chuck, I swear I've tried almost everything to get done, but using Lambda Probe I can see that I must have missed something. Following your suggestion, I've put all the parameters in separated lines as you can see above. In fact, this is my full Java Options: content in tomcat6w.exe -Dcatalina.base=c:\jakarta-tomcat-6 -Dcatalina.home=c:\jakarta-tomcat-6 -Djava.endorsed.dirs=c:\jakarta-tomcat-6\endorsed -Djava.io.tmpdir=c:\jakarta-tomcat-6\temp -Dcom.sun.management.jmxremote -D-XX:-UseSerialGC -D-XX:MaxPermSize=256m -D-XX:PermSize=128m Through eclipse interface using Sysdeo plugin I could do that easily... I guess my problem is tomcat6w. Note that if I remove the -D characters, my service doesn't even start, thats why I'm still using it. Can you show me how is your Java Options: set, so that I could compare it? Thanks for all your support. Marcus Milanez -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: terça-feira, 5 de junho de 2007 18:42 Para: Tomcat Users List Assunto: RE: Perm Size From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: Perm Size I'm trying to use the following parameters in my Tomcat 6 server through tomcat6w.exe, but they don't seem to take any effect: -Dserver There's no such option as -Dserver. If you're trying to run Tomcat as a service using the server JVM, you have to clear the Use Default checkbox on the Java tab, and specify the location of the server version of the jvm.dll file. Alternatively, you can edit %JRE_HOME%\lib\i386\jvm.cfg to put the -server line first in the list. -XX:-UseSerialGC -XX:MaxPermSize=256m -XX:PermSize=128m Are you trying to put all these on one line? They must each be on a separate line in the Java Options space of the Java tab. All are effective when I try it, as shown by Lambda Probe. Note to Mark T: The service.bat script for 6.0.13 still references http://jakarta.apache.org/tomcat. Note to Martin G: The JAVA_OPTS environment variable has no effect when running Tomcat as a Windows service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: pre-compile
I know how to do it using ANT. Would you like it? -Mensagem original- De: Rogerio Baldini das Neves [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:30 Para: users@tomcat.apache.org Assunto: pre-compile Hi Guys, I'd like to pre-compile my jsps for Tomcat 6 using maven. Anybody knows how it is possible ? I've tried to compile using jspc-maven-plugin 1.4.6 and 1.4.7-SNAPSHOT. But in both I've received the message: org.apache.taglibs.standard.tag.rt.core.ForTokensTag.setItems(Ljava/lang /Str ing;)V when accessing some pages. Thanks, Rogerio Baldini - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: pre-compile
Maybe... But I'm pretty used to ANT, so I care very much... :D -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de ben short Enviada em: quinta-feira, 24 de maio de 2007 17:18 Para: Tomcat Users List Assunto: Re: pre-compile The maven config is easier on the eye ;) On 5/24/07, Milanez, Marcus [EMAIL PROTECTED] wrote: See if it helps you then... target name=generate_jsp_java echoGenerating .java files from .jsp files/echo taskdef classname=org.apache.jasper.JspC name=jasper2 classpath id=jspc.classpath pathelement location=${java.home}/lib/tools.jar/ fileset dir=${tomcat.home}/bin include name=*.jar/ /fileset fileset dir=${tomcat.home}/lib include name=*.jar/ /fileset fileset dir=${appFolder}/WEB-INF/lib include name=*.jar/ /fileset /classpath /taskdef jasper2 validateXml=false uriroot=${appFolder} webXmlFragment=${appFolder}/WEB-INF/generated_web.xml outputDir=${appFolder}/WEB-INF/src / !-- There must be a commented section !-- [INSERT FRAGMENT HERE] -- in your original web.xml file, just after your last servlet-class tag -- loadfile property=webXmlFragment srcFile=${appFolder}/WEB-INF/generated_web.xml/ replace file=${appFolder}/WEB-INF/web.xml token=lt;!-- [INSERT FRAGMENT HERE] --gt; value=${webXmlFragment}/ delete file=${appFolder}/WEB-INF/generated_web.xml / /target target name=compile_jsps echoCompiling JSPs/echo mkdir dir=${appFolder}/WEB-INF/classes/ mkdir dir=${appFolder}/WEB-INF/lib/ javac destdir=${appFolder}/WEB-INF/classes optimize=on debug=on failonerror=false srcdir=${appFolder}/WEB-INF/src excludes=**/*.smap classpath pathelement location=${appFolder}/WEB-INF/classes/ fileset dir=${appFolder}/WEB-INF/lib include name=*.jar/ /fileset fileset dir=${appFolder}/ include name=**/*.jsp/ /fileset fileset dir=${tomcat.home}/bin include name=*.jar/ /fileset fileset dir=${tomcat.home}/lib include name=*.jar/ /fileset /classpath include name=** / exclude name=tags/** / /javac /target -Mensagem original- De: Rogerio Baldini das Neves [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:43 Para: 'Tomcat Users List' Assunto: RES: pre-compile I need to do it in maven. But send me your solution, if I don't be able to solve my problem with maven, I will use yours. Thank you. -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:34 Para: Tomcat Users List Assunto: RES: pre-compile I know how to do it using ANT. Would you like it? -Mensagem original- De: Rogerio Baldini das Neves [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:30 Para: users@tomcat.apache.org Assunto: pre-compile Hi Guys, I'd like to pre-compile my jsps for Tomcat 6 using maven. Anybody knows how it is possible ? I've tried to compile using jspc-maven-plugin 1.4.6 and 1.4.7-SNAPSHOT. But in both I've received the message: org.apache.taglibs.standard.tag.rt.core.ForTokensTag.setItems(Ljava/la ng /Str ing;)V when accessing some pages. Thanks, Rogerio Baldini - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.7.6/815 - Release Date: 22/5/2007 15:49 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users
RES: pre-compile
Maybe... But I'm pretty used to ANT, so I *don't* care very much... :D -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 17:21 Para: Tomcat Users List Assunto: RES: pre-compile Maybe... But I'm pretty used to ANT, so I care very much... :D -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de ben short Enviada em: quinta-feira, 24 de maio de 2007 17:18 Para: Tomcat Users List Assunto: Re: pre-compile The maven config is easier on the eye ;) On 5/24/07, Milanez, Marcus [EMAIL PROTECTED] wrote: See if it helps you then... target name=generate_jsp_java echoGenerating .java files from .jsp files/echo taskdef classname=org.apache.jasper.JspC name=jasper2 classpath id=jspc.classpath pathelement location=${java.home}/lib/tools.jar/ fileset dir=${tomcat.home}/bin include name=*.jar/ /fileset fileset dir=${tomcat.home}/lib include name=*.jar/ /fileset fileset dir=${appFolder}/WEB-INF/lib include name=*.jar/ /fileset /classpath /taskdef jasper2 validateXml=false uriroot=${appFolder} webXmlFragment=${appFolder}/WEB-INF/generated_web.xml outputDir=${appFolder}/WEB-INF/src / !-- There must be a commented section !-- [INSERT FRAGMENT HERE] -- in your original web.xml file, just after your last servlet-class tag -- loadfile property=webXmlFragment srcFile=${appFolder}/WEB-INF/generated_web.xml/ replace file=${appFolder}/WEB-INF/web.xml token=lt;!-- [INSERT FRAGMENT HERE] --gt; value=${webXmlFragment}/ delete file=${appFolder}/WEB-INF/generated_web.xml / /target target name=compile_jsps echoCompiling JSPs/echo mkdir dir=${appFolder}/WEB-INF/classes/ mkdir dir=${appFolder}/WEB-INF/lib/ javac destdir=${appFolder}/WEB-INF/classes optimize=on debug=on failonerror=false srcdir=${appFolder}/WEB-INF/src excludes=**/*.smap classpath pathelement location=${appFolder}/WEB-INF/classes/ fileset dir=${appFolder}/WEB-INF/lib include name=*.jar/ /fileset fileset dir=${appFolder}/ include name=**/*.jsp/ /fileset fileset dir=${tomcat.home}/bin include name=*.jar/ /fileset fileset dir=${tomcat.home}/lib include name=*.jar/ /fileset /classpath include name=** / exclude name=tags/** / /javac /target -Mensagem original- De: Rogerio Baldini das Neves [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:43 Para: 'Tomcat Users List' Assunto: RES: pre-compile I need to do it in maven. But send me your solution, if I don't be able to solve my problem with maven, I will use yours. Thank you. -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:34 Para: Tomcat Users List Assunto: RES: pre-compile I know how to do it using ANT. Would you like it? -Mensagem original- De: Rogerio Baldini das Neves [mailto:[EMAIL PROTECTED] Enviada em: quinta-feira, 24 de maio de 2007 15:30 Para: users@tomcat.apache.org Assunto: pre-compile Hi Guys, I'd like to pre-compile my jsps for Tomcat 6 using maven. Anybody knows how it is possible ? I've tried to compile using jspc-maven-plugin 1.4.6 and 1.4.7-SNAPSHOT. But in both I've received the message: org.apache.taglibs.standard.tag.rt.core.ForTokensTag.setItems(Ljava/la ng /Str ing;)V when accessing some pages. Thanks, Rogerio Baldini - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.5.467 / Virus Database: 269.7.6/815 - Release Date: 22/5/2007 15:49 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start
RES: Prevent unwanted requests
Thanks everybody for your ideas and responses. Just to make things clear to everyone, I'm *NOT* storing .java files inside my web folder. What happens is DWR servlet accepts requests for addresses that ends with .java extensions, giving the impression that these files exists. Worst still, automated security test tools warns me about that all the time, so I had to find a solution to block this behaviour. Just like many of you suggested, I 've implemented a filter to get that job done. Thank you! -Mensagem original- De: Rashmi Rubdi [mailto:[EMAIL PROTECTED] Enviada em: sábado, 19 de maio de 2007 12:31 Para: Tomcat Users List; [EMAIL PROTECTED] Assunto: Re: Prevent unwanted requests I agree, there's no need to place .java files, the .class files under /WEB-INF/ are sufficient. Unless you're writing an Applet, which has to exist outside /WEB-INF/ , all other classes are protected from browser/ client access when they're under /WEB-INF/ -Rashmi On 5/19/07, Pid [EMAIL PROTECTED] wrote: This is less programmatical than pragmatical but you could try not putting your .java files on the web server... :oP - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Prevent unwanted requests
Is it possible to prevent the request os unwatned extensions, like *.bak, *.java and so on, through web.xml file? My solution was creating a servlet that gets mapped to this extensions, but I could realize that it doesn't work along with DWR for example... The problem is that when I invoke something like myapp/dwr/file.java, this URL is mapped to dwr servlet instead of ForbiddenFilesController. Does anybody know how to solve that? My web.xml contains the following lines: ... servlet-mapping servlet-nameForbiddenFilesController/servlet-name url-pattern*.java/url-pattern /servlet-mapping servlet-mapping servlet-namedwr-invoker/servlet-name url-pattern/dwr/*/url-pattern /servlet-mapping ... And my controller has the following lines of code: @Override protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //proibido resp.setStatus(HttpServletResponse.SC_FORBIDDEN); //resp.getWriter().close(); return; } @Override protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { //proibido resp.setStatus(HttpServletResponse.SC_FORBIDDEN); //resp.getWriter().close(); super.doPost(req, resp); } - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Prevent unwanted requests
Hi Chuck, In fact I don't have this files in my server. The thing is, whenever I invke URLs that matches /dwr/anyFile.java, I get a positive DWR answer, as if I had such files in my server. Whenever I run automated security test tools like Paros Proxy, many issues regarding these problems are pointed out... I just want to be sure that these kind of requests are rejected. Thanks! -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 18 de maio de 2007 16:59 Para: Tomcat Users List Assunto: RE: Prevent unwanted requests From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: Prevent unwanted requests Is it possible to prevent the request os unwatned extensions, like *.bak, *.java and so on, through web.xml file? The real question is: Why do have .java, etc., files in accessible locations? If you keep such files under WEB-INF, they're guaranteed to be inaccessible. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Preventing unwanted requests
Well, I can't answer that.. I guess it is my fault. Bu anyway, it is not *my* DWR (http://getahead.ltd.uk/dwr/) application... I wish it was! :D -Mensagem original- De: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 18 de maio de 2007 17:11 Para: Tomcat Users List Assunto: RE: Prevent unwanted requests From: Milanez, Marcus [mailto:[EMAIL PROTECTED] Subject: RES: Prevent unwanted requests In fact I don't have this files in my server. The thing is, whenever I invke URLs that matches /dwr/anyFile.java, I get a positive DWR answer, as if I had such files in my server. Don't confuse URL paths with file locations. This sounds like there's a bug in your dwr application, in that it's ignoring invalid path information. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Tomcat 6 trimDirectiveWhitespaces
Thanks for your attention! I'll try RegEX! -Mensagem original- De: Rashmi Rubdi [mailto:[EMAIL PROTECTED] Enviada em: sábado, 12 de maio de 2007 00:04 Para: Tomcat Users List Assunto: Re: Tomcat 6 trimDirectiveWhitespaces On 5/11/07, Milanez, Marcus [EMAIL PROTECTED] wrote: Hi, Do I need something else besides declaring %@ page trimDirectiveWhitespaces=false % to have my page's white spaces trimmed? This directive doesn't seem to work at all... You are right it doesn't seem to work on Tomcat 6.0.10, well I think you don't need anything else , just setting trimDirectiveWhitespaces=true is supposed to work but it didn't either. Well the trimDirectiveWhitespaces doesn't remove all white spaces in a HTML page, it is only supposed to remove the blank lines left behind by JSP directives (as described here http://java.sun.com/developer/technicalArticles/J2EE/jsp_21/ ) when the HTML is rendered. If you want to trim all white spaces one option is Ant RegEx (see bottom: http://ant.apache.org/manual/OptionalTasks/replaceregexp.html) Thanks in advance, Marcus Regards Rashmi - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning
I must tell you guys, that the only way I can get Tomcat running along with IIS is doing an extra step that is not documented anywhere, which consists on creating a Virtual Directory on IIS for my application and pointing it to my tomcat app folder. I do all those known steps (registry import, create an ISAPI filter, etc...) but I also create a Virtual directory with the same name in IIS. For example, if I have an application located in c:\tomcat\webapps\foo , I also create a new virtual direcory in IIS names foo and point it to c:\tomcat\webapps\foo folder.. Thats the only way I can get tomcat working with IIS. Have you tried it? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 11 de maio de 2007 19:26 Para: Tomcat Users List Assunto: Re: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning I set up and allowed the extension. I even set IIS to allow all ISAPI extensions. I've even set the CATALINA_HOME tree to Everyone - Full Control and still no ISAPI log and no errors in any of the other logs or system event logs. If I can at least get the log to work, I'll have something to work on. I've found quite a few similar problems in the archives and other sites, but no working solution. Thank you for the suggestion, got any others? Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] [EMAIL PROTECTED] net To 05/11/2007 02:08 users@tomcat.apache.org PM cc Subject Please respond to Re: Tomcat 6.0 on Windows Server Tomcat Users 2003 IIS 6.0 connector not List functioning [EMAIL PROTECTED] che.org Have you configured the Web Service Extension? I can't access Tomcat content through IIS. The troubleshooting steps on the IIS How-to were insufficient to identify my problem. What am I missing? A few bits of relevant information: The isapi log file does not get created. I've verified that the registry settings are correct for the redirector. I also tried using isapi_redirect.properties, with no success. The ISAPI filter on the default web site shows loaded (green arrow), high priority. The urimappings reference the worker in the workers.properties file. The port for the work matches in the workers file and the server.xml file. Directory browsing is enabled for both the website and the jakarta directory. The Catalina log shows it is listening on the right port, but Jk running ID=0 Thanks! Various relevant files and log entries: Problem: http://localhost:8080/examples works http://localhost/examples doesn't work Info: ISAPI information: isapi_redirect.dll v1.2.22.0 Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector] [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Jakarta Isapi Redirector\1.0] extension_uri=/jakarta/isapi_redirect.dll log_file=C:\\Program Files\\Apache Software Foundation\\Tomcat 6.0 \\logs\\isapi.log log_level=debug worker_file=C:\\Program Files\\Apache Software Foundation\\Tomcat 6.0 \\conf\\workers.properties worker_mount_file=C:\\Program Files\\Apache Software Foundation\\Tomcat 6.0\\conf\\uriworkermap.properties workers.properties: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 uriworkermap.properties: /servlets-examples*=ajp13w #tried leaving off trailing slash as suggested in archives /examples/*=ajp13w !/servlets-examples/*.jpeg=ajp13w server.xml ... Service name=Catalina Connector port=8080 protocol=HTTP/1.1 maxThreads=150 connectionTimeout=2 redirectPort=8443 / Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true clientAuth=false sslProtocol=TLS / Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / ... On IIS: Default Web Site and Jakarta Virtual Directory: Directory browsing enabled Anonymous access enabled Jakarta virtual directory allows scripts and executables IIS Log: #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2007-05-09 22:23:17 W3SVC1 127.0.0.1 GET /examples/ - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 2 Catalina log: May 9, 2007 3:23:09 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 May 9, 2007 3:23:09 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/94 config=null Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] NOTICE: This email message is for the sole use of the intended
RES: RES: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning
Hi Sean, Take a look at my uriworkermap.properites file and see if it helps you. My web sites are working just fine on Windows 2003 and IIS 6. # *** Begin uriworkermap.properties *** # # Simple worker configuration file # /servlet/*=ajp13 # Mount the IC context to the ajp13 worker /ic/servlet/*=ajp13 /ic/*.jsp=ajp13 /ic/=ajp13 # Mount all jsp pages to the ajp13 worker /*.jsp=ajp13 /*.jws=ajp13 -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 14 de maio de 2007 13:40 Para: Tomcat Users List Assunto: Re: RES: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning Thanks for the suggestion! With directory browsing enabled, after creating an Examples virtual directory, I can now get to those pages, but I'm still getting Page Not Found Errors when executing servlets. My IIS log shows that the ISAPI filter is not picking up the requests. I've tried 1.2.22 and 1.2.21. I get the green arrow showing its loaded on both versions, but neither is actually doing any redirecting. I'll try explicitly listing a servlet in the urimap file and see if that helps. Thanks for the tip, Marcus, it's got me a step closer. IIS Log: 2007-05-14 16:27:41 W3SVC1 127.0.0.1 GET /examples/servlets/index.html - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 200 0 0 2007-05-14 16:27:41 W3SVC1 127.0.0.1 GET /examples/servlets/images/code.gif - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 200 0 0 2007-05-14 16:27:53 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/HelloWorldExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2007-05-14 16:31:41 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2007-05-14 16:31:41 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/HelloWorldExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 2007-05-14 16:31:45 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/RequestParamExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] Milanez, Marcus [EMAIL PROTECTED] iebold.com To Tomcat Users List 05/14/2007 04:16 users@tomcat.apache.org AM cc Subject Please respond to RES: Tomcat 6.0 on Windows Server Tomcat Users 2003 IIS 6.0 connector not List functioning [EMAIL PROTECTED] che.org I must tell you guys, that the only way I can get Tomcat running along with IIS is doing an extra step that is not documented anywhere, which consists on creating a Virtual Directory on IIS for my application and pointing it to my tomcat app folder. I do all those known steps (registry import, create an ISAPI filter, etc...) but I also create a Virtual directory with the same name in IIS. For example, if I have an application located in c:\tomcat\webapps\foo , I also create a new virtual direcory in IIS names foo and point it to c:\tomcat\webapps\foo folder.. Thats the only way I can get tomcat working with IIS. Have you tried it? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 11 de maio de 2007 19:26 Para: Tomcat Users List Assunto: Re: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning I set up and allowed the extension. I even set IIS to allow all ISAPI extensions. I've even set the CATALINA_HOME tree to Everyone - Full Control and still no ISAPI log and no errors in any of the other logs or system event logs. If I can at least get the log to work, I'll have something to work on. I've found quite a few similar problems in the archives and other sites, but no working solution. Thank you for the suggestion, got any others? Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] [EMAIL PROTECTED] net To 05/11/2007 02:08 users@tomcat.apache.org PM cc Subject Please respond to Re: Tomcat 6.0 on Windows Server Tomcat Users 2003 IIS 6.0 connector not List functioning [EMAIL PROTECTED] che.org Have you configured the Web Service Extension? I can't access Tomcat content through IIS. The troubleshooting steps on the IIS How-to were
RES: RES: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning
Sean, I just forgot to mention that everytime (at least in my case) you change the uriworkermap.properties file you must perform an iisreset command to take effect... Have you done it? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: segunda-feira, 14 de maio de 2007 13:40 Para: Tomcat Users List Assunto: Re: RES: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning Thanks for the suggestion! With directory browsing enabled, after creating an Examples virtual directory, I can now get to those pages, but I'm still getting Page Not Found Errors when executing servlets. My IIS log shows that the ISAPI filter is not picking up the requests. I've tried 1.2.22 and 1.2.21. I get the green arrow showing its loaded on both versions, but neither is actually doing any redirecting. I'll try explicitly listing a servlet in the urimap file and see if that helps. Thanks for the tip, Marcus, it's got me a step closer. IIS Log: 2007-05-14 16:27:41 W3SVC1 127.0.0.1 GET /examples/servlets/index.html - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 200 0 0 2007-05-14 16:27:41 W3SVC1 127.0.0.1 GET /examples/servlets/images/code.gif - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 200 0 0 2007-05-14 16:27:53 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/HelloWorldExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 #Software: Microsoft Internet Information Services 6.0 #Version: 1.0 #Date: 2007-05-14 16:31:41 #Fields: date time s-sitename s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) sc-status sc-substatus sc-win32-status 2007-05-14 16:31:41 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/HelloWorldExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 2007-05-14 16:31:45 W3SVC1 127.0.0.1 GET /examples/servlets/servlet/RequestParamExample - 80 - 127.0.0.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.2;+SV1;+.NET+CLR+1.1.432 2) 404 0 3 Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] Milanez, Marcus [EMAIL PROTECTED] iebold.com To Tomcat Users List 05/14/2007 04:16 users@tomcat.apache.org AM cc Subject Please respond to RES: Tomcat 6.0 on Windows Server Tomcat Users 2003 IIS 6.0 connector not List functioning [EMAIL PROTECTED] che.org I must tell you guys, that the only way I can get Tomcat running along with IIS is doing an extra step that is not documented anywhere, which consists on creating a Virtual Directory on IIS for my application and pointing it to my tomcat app folder. I do all those known steps (registry import, create an ISAPI filter, etc...) but I also create a Virtual directory with the same name in IIS. For example, if I have an application located in c:\tomcat\webapps\foo , I also create a new virtual direcory in IIS names foo and point it to c:\tomcat\webapps\foo folder.. Thats the only way I can get tomcat working with IIS. Have you tried it? -Mensagem original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 11 de maio de 2007 19:26 Para: Tomcat Users List Assunto: Re: Tomcat 6.0 on Windows Server 2003 IIS 6.0 connector not functioning I set up and allowed the extension. I even set IIS to allow all ISAPI extensions. I've even set the CATALINA_HOME tree to Everyone - Full Control and still no ISAPI log and no errors in any of the other logs or system event logs. If I can at least get the log to work, I'll have something to work on. I've found quite a few similar problems in the archives and other sites, but no working solution. Thank you for the suggestion, got any others? Sean McKellips Systems Administrator Associated Grocers 206-767-8725 phone 206-764-7879 fax [EMAIL PROTECTED] [EMAIL PROTECTED] net To 05/11/2007 02:08 users@tomcat.apache.org PM cc Subject Please respond to Re: Tomcat 6.0 on Windows Server Tomcat Users 2003 IIS 6.0 connector not List functioning [EMAIL PROTECTED] che.org Have you configured the Web Service Extension? I can't access Tomcat content through IIS. The troubleshooting steps on the IIS How-to were insufficient to identify my problem. What am I missing? A few bits of relevant information: The isapi log file does not get created. I've verified that the registry settings are correct for the redirector. I also tried using
Tomcat 6 trimDirectiveWhitespaces
Hi, Do I need something else besides declaring %@ page trimDirectiveWhitespaces=false % to have my page's white spaces trimmed? This directive doesn't seem to work at all... Thanks in advance, Marcus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Tomcat 6 trimDirectiveWhitespaces
I mean %@ page trimDirectiveWhitespaces=true % ... Using false it shouldn't work anyway! -Mensagem original- De: Milanez, Marcus Enviada em: sexta-feira, 11 de maio de 2007 15:55 Para: 'Tomcat Users List' Assunto: Tomcat 6 trimDirectiveWhitespaces Hi, Do I need something else besides declaring %@ page trimDirectiveWhitespaces=false % to have my page's white spaces trimmed? This directive doesn't seem to work at all... Thanks in advance, Marcus - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: JK connector issue - Can't get JKStatus working with IIS 6.0
Hi Jean, I could succesfully integrate IIS 6 with Tomcat (also 6), and you really need an extra step to het it done: Note that in IIS 6, there is a new item named 'Web Service Extension'. Right click on it and then 'Add new Web Service Extension' . Name it jakarta and point it to your isapi_redirect.dll location. Doing that should solve your problem... Just let us know if it worked! Yours, Marcus -Mensagem original- De: Jean-Francois Beaulac [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 11 de maio de 2007 14:49 Para: users@tomcat.apache.org Assunto: JK connector issue - Can't get JKStatus working with IIS 6.0 Hi, I'm currently trying to get the JKStatus to work with the apache JK connector and IIS6.0. Is there some special configuration I have to do in IIS to get it working? The ajp13 connector works fine but I can't get the JKStatus page. It returns me a Tomcat 404 Http error, which is weird since from my understanding Tomcat should not be involved at all with the JKStatus. Here are my workers.properties uriworkermap.properties files: This is my workers.properties file # workers.properties # # This file provides minimal jk configuration properties needed to # connect to Tomcat. # # The workers that jk should create and work with # worker.list=wlb,jkstatus # # Defining a worker named ajp13w and of type ajp13 # Note that the name and the type do not have to match. # worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8023 # # Defining a load balancer # worker.wlb.type=lb worker.wlb.balance_workers=ajp13w # # Define status worker # worker.jkstatus.type=status worket.jkstatus.mount=/jkmanager This is my uriworkermap.properties # uriworkermap.properties - IIS # # This file provides sample mappings for example wlb # worker defined in workermap.properties.minimal # The general syntax for this file is: # [URL]=[Worker name] /*=wlb # # Mount jkstatus to /jkmanager # For production servers you will need to # secure the access to the /jkmanager url # /jkmanager=jkstatus Thank you Jean-Francois Beaulac [EMAIL PROTECTED] Jean-Francois Beaulac - VP Technologies mailto:[EMAIL PROTECTED] [EMAIL PROTECTED] +1 514.598 0406 Beetext - http://www.beetext.com/ www.beetext.com Project Efficiency Solutions Check out our newsletter, The Hive - http://www.beetext.com/newsletter/apr07/index.html http://www.beetext.com/newsletter/apr07/index.html Lisez notre communiqué mensuel, La ruche - http://www.beetext.com/newsletter/apr07/index_fr.html http://www.beetext.com/newsletter/apr07/index_fr.html - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]