Re: 100% usage and hanging on startup of Spring/Hibernate app in Tomcat 5.5 on Ubuntu 7
Hi, I have the same problem using tomcat 6 and jdk 6, do you find a workaround ? Regards! Mark Thomas wrote: Bradley Wagner wrote: Ok, I'll try that next. Two things: - Did some searching, but couldn't find how to determine the default GC method for my Java version http://blogs.sun.com/watt/resource/jvm-options-list.html is a useful reference - Would you recommend I move this problem elsewhere, given that this is likely not related to Tomcat at all. I don't want to spam this list. No need. GC freezes are close to the most common issue I see with unstable production Tomcat systems so I think it is very relevant. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/100--usage-and-hanging-on-startup-of-Spring-Hibernate-app-in-Tomcat--5.5-on-Ubuntu-7-tp25194606p25331069.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and jsessionid issue
Hi all, thanks for resoonses; - the problem occurs for the login page, but, Im not using a special authentication system anymore, only a web apps authentication. - Im using Jkmount /context/* , JKmount /context, in order to enable the tomcat welcome page. - I think the cause for the problem is the use for the expire module for images: ExpiresByType image/gif access plus 1 month ExpiresByType image/jpg access plus 1 month ExpiresByType image/png access plus 1 month Best regards! Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André and Adam, On 8/19/2009 3:53 PM, André Warnier wrote: I'll just venture another explanation : - considering that it seems that at least 50% of the posters here who use Apache httpd in front of Tomcat, end up proxying everything to Tomcat anyway.. This may or may not be true. I have seen a lot of configurations (mine included) where the pass-throughs look like this: JkMount /context/*.jsp worker JkMount /context/j_security_check worker Instead of: JkMount /context worker JkMount /context/* worker - considering this problem happens on the login page, which users get - presumably - when they are not logged in yet.. - isn't the problem then that the images in question are in a server area that (also) requires authentication, and since the user at that point is not (yet) authenticated, he doesn't get the images ? (probably getting instead other copies of the login pages for those links) Possibly. If the images are protected, you will certainly have this problem. The OP said that a RELOAD fixed the images, though, so I think the problem was that Apache httpd /was/ configured to serve images, and the ;jsessionid parameter was present because, at the login screen, the server doesn't yet know if the client will send cookies. - which would explain that when the user is authenticated and presses the reload key, then he gets the images. The OP didn't say anything about post authentication. My bet is on JkStripSession. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqMXi4ACgkQ9CaO5/Lv0PDsFwCcDnFIN+iCcC470CvH2a/cYtqU 9xgAn25FYoHdqyjq6OdEDCF63P6euPo4 =qDH7 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/mod_jk-and--jsessionid-issue-tp25006051p25149042.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: mod_jk and jsessionid issue
It works using JkStripSession directive. thanks a lot. -- View this message in context: http://www.nabble.com/mod_jk-and--jsessionid-issue-tp25006051p25149435.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk and jsessionid issue
Hi all, I have a 2 tomcat servers load balanced using apache mod_jk, I have a probleme with images on the login page, the image url generate is postfixed by jsessionid, so, the image is not rendered, the user have to use F5 button. how to work arround this issue? thanks! -- View this message in context: http://www.nabble.com/mod_jk-and--jsessionid-issue-tp25006051p25006051.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR Native library on tomcat 6
thanks a lot Brian; it works now, without using --prefix. Brian Millett wrote: On Fri, 2009-06-19 at 02:05 -0700, lmk wrote: --prefix=/usr/tomcat/apache-tomcat-6.0.18 I'd look where you told it to go. -- Brian Millett - [ Sinclair (re: The Line), The Gathering] The sky was full of stars and every star an exploding ship...one of ours. -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24144172.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
APR Native library on tomcat 6
Hi all, I have installed apr native library, open ssl; using :./configure: ./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.5.0_11 --with-ssl=/usr/local/ssl --prefix=/usr/tomcat/apache-tomcat-6.0.18 I added to catalina_opts java.library definition: export CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib And I still get the error: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: any idea about this issue? thanks. -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24107914.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: APR Native library on tomcat 6
here tomcat log: INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/jdk1.5.0_11/jre/lib/i386/server:/usr/java/jdk1.5.0_11/jre/lib/i386:/usr/java/jdk1.5.0_11/jre/../lib/i386:/usr/local/apr/lib: 19 juin 2009 11:48:55 org.apache.coyote.http11.Http11Protocol init I complied apr sources, I dont used binnaries. Caldarale, Charles R wrote: From: lmk [mailto:lotf...@yahoo.fr] Subject: APR Native library on tomcat 6 export CATALINA_OPTS=$CATALINA_OPTS - Djava.library.path=/usr/local/apr/lib Show us what's actually in /usr/local/apr/lib. And I still get the error: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: Show us the next line so we can see what the JVM thinks the value of java.library.path is. any idea about this issue? Are you mixing 32- and 64-bit modes? If you're running a 64-bit JVM, you'll need a 64-bit .so file (and vice versa). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24112085.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: APR Native library on tomcat 6
apr.exp libapr-1.a that's all: libapr-1.la libapr-1.so libapr-1.so.0 libapr-1.so.0.3.5 pkgconfig Caldarale, Charles R wrote: From: lmk [mailto:lotf...@yahoo.fr] Subject: RE: APR Native library on tomcat 6 INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/java/jdk1.5.0_11/jre/lib/i386/server:/usr/java/jdk1.5.0_11/jre/lib /i386:/usr/java/jdk1.5.0_11/jre/../lib/i386:/usr/local/apr/lib: Ok, that looks reasonable, but you still didn't show us what's actually in /usr/local/apr/lib. I complied apr sources, I dont used binnaries. Not really relevant. If you are running a 64-bit JVM, then you must compile APR for 64-bit mode; likewise, if you are running a 32-bit JVM, you must compile APR for 32-bit mode. Doing java -version (without the quotes) will show you the mode the JVM is running in. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24112425.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: APR Native library on tomcat 6
$ls /usr/local/apr/lib apr.exp libapr-1.a libapr-1.la libapr-1.so libapr-1.so.0 libapr-1.so.0.3.5 pkgconfig only pkgconfig is a directory hop its more clear.. Caldarale, Charles R wrote: From: lmk [mailto:lotf...@yahoo.fr] Subject: RE: APR Native library on tomcat 6 apr.exp libapr-1.a that's all: libapr-1.la libapr-1.so libapr-1.so.0 libapr-1.so.0.3.5 pkgconfig The above is rather cryptic; which of the above are regular files, which are directories? What is the indentation you're using supposed to represent? What does that's all mean? What is the full path to libapr-1.so? (I don't have a Linux system readily available at the moment to experiment with, so you're going to need to be precise.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24112938.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR Native library on tomcat 6
yes but nothing changes. Thomas Chabaud-3 wrote: lmk a écrit : Hi all, I have installed apr native library, open ssl; using :./configure: ./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.5.0_11 --with-ssl=/usr/local/ssl --prefix=/usr/tomcat/apache-tomcat-6.0.18 I added to catalina_opts java.library definition: export CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib And I still get the error: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: any idea about this issue? thanks. Have you tried an /sbin/ldconfig, then restart Tomcat ? Ce message est protégé par les règles relatives au secret des correspondances. Il est donc établi à destination exclusive de son destinataire. Celui-ci peut donc contenir des informations confidentielles. La divulgation de ces informations est à ce titre rigoureusement interdite. Si vous avez reçu ce message par erreur, merci de le renvoyer à l'expéditeur dont l'adresse e-mail figure ci-dessus et de détruire le message ainsi que toute pièce jointe. This message is protected by the secrecy of correspondence rules. Therefore, this message is intended solely for the attention of the addressee. This message may contain privileged or confidential information, as such the disclosure of these informations is strictly forbidden. If, by mistake, you have received this message, please return this message to the addressser whose e-mail address is written above and destroy this message and all files attached. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24113296.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: APR Native library on tomcat 6
nothing changes even using LD_LIBRARY_PATH mturk wrote: lmk wrote: Hi all, I have installed apr native library, open ssl; using :./configure: ./configure --with-apr=/usr/local/apr --with-java-home=/usr/java/jdk1.5.0_11 --with-ssl=/usr/local/ssl --prefix=/usr/tomcat/apache-tomcat-6.0.18 I added to catalina_opts java.library definition: export CATALINA_OPTS=$CATALINA_OPTS -Djava.library.path=/usr/local/apr/lib You are missing the openssl library path as well Adding to the java.library.path is not enough, try: export LD_LIBRARY_PATH=/usr/local/apr/lib:/usr/local/ssl/lib ./catalina.sh run Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/APR-Native-library-on-tomcat-6-tp24107914p24113862.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Apache And tomcat: wich is the best conenctor to use
Hi all, Im wondering if it's judicious to use apache with ajp connector, it seems that, APR or NIO connector are more performant than AJP and they not support AJP, so it's very useful to use Apache on front end of tomcat using using AJP and mod_jk? Best regards! -- View this message in context: http://www.nabble.com/Apache-And-tomcat%3A-wich-is-the--best-conenctor-to-use-tp24054482p24054482.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache And tomcat: wich is the best conenctor to use
I have no good reason except increase tomcat response, Im not using SSL for the moment. Im just testing mod_jk and load balancing in order to imporove performance. Caldarale, Charles R wrote: Subject: Apache And tomcat: wich is the best conenctor to use Im wondering if it's judicious to use apache with ajp connector If you have no other reason to use httpd, then don't - just let Tomcat serve the static content; this will reduce complexity and improve performance. If you're using SSL, you will probably want to use APR, since it's noticeably better at encryption than the pure Java implementation. Which of the standard, NIO, or APR connectors work best for non-SSL traffic depends on your webapps and user load; you'll need to measure your environment to find out which is best for you. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Apache-And-tomcat%3A-wich-is-the--best-conenctor-to-use-tp24054482p24054771.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Apache And tomcat: wich is the best conenctor to use
thanks a lot.. Caldarale, Charles R wrote: From: lmk [mailto:lotf...@yahoo.fr] Subject: RE: Apache And tomcat: wich is the best conenctor to use Im just testing mod_jk and load balancing in order to imporove performance. Then you do have a need for httpd (load balancing), so AJP is the most appropriate connector. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Apache-And-tomcat%3A-wich-is-the--best-conenctor-to-use-tp24054482p24055271.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 5.5 clustering with JAAS
I add anything to support clustering, dont know if there is a special configuration for JAAS, you mean jaas.conf? JaasConf { package.MyLoginModule required; }; thanks Gustavo Araujo wrote: Can you send us the logs and the conf. files? Thanks 2008/11/14 lmk [EMAIL PROTECTED] Hello, I use tomcat clustering with session replication, and JAAS module authentication; when tomcat instance loose session, the other cannot authenticate the user. how I keep the user authenticated on all the tomcat instance? thanks! -- View this message in context: http://www.nabble.com/tomcat-5.5-clustering-with-JAAS-tp20502551p20502551.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gustavo Campos Araujo -- View this message in context: http://www.nabble.com/tomcat-5.5-clustering-with-JAAS-tp20502551p20577077.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5 clustering with JAAS
no ideas..? lmk wrote: Hello, I use tomcat clustering with session replication, and JAAS module authentication; when tomcat instance loose session, the other cannot authenticate the user. how I keep the user authenticated on all the tomcat instance? thanks! -- View this message in context: http://www.nabble.com/tomcat-5.5-clustering-with-JAAS-tp20502551p20557469.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5.5 clustering with JAAS
Hello, I use tomcat clustering with session replication, and JAAS module authentication; when tomcat instance loose session, the other cannot authenticate the user. how I keep the user authenticated on all the tomcat instance? thanks! -- View this message in context: http://www.nabble.com/tomcat-5.5-clustering-with-JAAS-tp20502551p20502551.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check get password on the request
thanks Christopher, I found another solution, I use a custom class UserPricipal with userName and userId parameter, when the user is autheticated, I populate userId. on the servlet, I get the UserPrincipal object from the request. best regards! Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lmk, lmk wrote: Im using form based jaas authentication, I have to call a stored procedure with the user name and password to ininitialize some business objects! how can I get the password on the j_security_check request? can we use servlet filter to do this Unfortunately, Tomcat does not give your application code any opportunity to fetch the credentials or anything else from the request when using container-managed authentication. We had a similar problem in that we wanted to update the last login time of the user, and also lost user prefs from our database. We decided to write a filter that basically did this: Check session for a marker object with session key USER a. If marker exists, do nothing and chain to the next filter b. If marker does not exist, perform database UPDATE and SELECT, then insert USER marker into the session This has worked very well for us for quite a while. It also has the added benefit of separating the concerns of authentication and authorization with login logic. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAki+uo0ACgkQ9CaO5/Lv0PDoAQCeLHhb2AyyhAaOLzdMKArgdlKw o1MAmwYtyJfoHHkdwbJ327sEjt4cw9rN =2pwJ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19306306.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
j_security_check get password on the request
hi all, Im using form based jaas authentication, I have to call a stored procedure with the user name and password to ininitialize some business objects! how can I get the password on the j_security_check request? can we use servlet filter to do this thanks! -- View this message in context: http://www.nabble.com/j_security_check-get-password-on-the-request-tp19255065p19255065.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5 DataSourceRealm not taken in charge
yes I set all parameters on the realm defined on the server.xml, but, I forgot realm definition on the context.xml, so, tomcat use first realm on the context.xml. it works fine now.. thanks a lot.. Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To whom it may concern, lmk wrote: it seems that role is mandatory, so i add role name, now user authenticated successfully but it he cannot access to resources because of exception: exception retrieving roles for USERNAME You have not set any of the following attributes on the Realm: userRoleTable roleNameCol Please see http://tomcat.apache.org/tomcat-5.5-doc/config/realm.html for details. I defined the Roles table and role columns inside releam and the user USERNAME has an athorized role.. No, you didn't: Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/auth userTable=USERS userNameCol=login userCredCol=password / If you changed your Realm configuration, please post what you have, now. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkitmrIACgkQ9CaO5/Lv0PBNggCeL3pdmtguMcyEace9pRLQzQGp cy8An2/lzZ+tqgCQD8jo9tLvHmKjuWL6 =qXoP -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/tomcat-5.5-DataSourceRealm--not-taken-in-charge-tp19073540p19102853.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5 DataSourceRealm not taken in charge
thanks! it seems that role is mandatory, so i add role name, now user authenticated succefely but it he cannot access to ressources because of exception: exception retrieving roles for USERNAME I defined the Roles table and role columns inside releam and the user USERNAME has an athorized role.. Pid-2 wrote: lmk wrote: hello all, I try ti use tomcat security management with DataSourceRealm but I never get authentication console, log shows that user 'Successfully passed all security constraints' I declare Realm inside server.xml: Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/auth userTable=USERS userNameCol=login userCredCol=password / and security constraints on web.xml security-constraint display-nameTOMCAT SECURITY/display-name web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-namesomeusertype/role-name auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-namesomeusertype/role-name /security-role p did I forget anything..? thanks! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/tomcat-5.5-DataSourceRealm--not-taken-in-charge-tp19073540p19085907.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5.5 DataSourceRealm not taken in charge
hello all, I try ti use tomcat security management with DataSourceRealm but I never get authentication console, log shows that user 'Successfully passed all security constraints' I declare Realm inside server.xml: Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/auth userTable=USERS userNameCol=login userCredCol=password / and security constraints on web.xml security-constraint display-nameTOMCAT SECURITY/display-name web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection /security-constraint login-config auth-methodBASIC/auth-method /login-config did I forget anything..? thanks! -- View this message in context: http://www.nabble.com/tomcat-5.5-DataSourceRealm--not-taken-in-charge-tp19073540p19073540.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5.5.23 can't have context path different from war name.
hellooo, do you have any solution to set the context path didfferent from the application name, i set the context into the META-INF directory, tomcat copied this the contaxt into CATALINA_HOME/conf/Enginename/HostName/app_name.xml. but the /mycontextpath is not deployed..I still have the /app_name context.. context.xml ?xml version=1.0 encoding=UTF-8? Context path=/mypath privileged=true docBase=C:\apache-tomcat-5.5.23\webapps\my_webapp.war override=true /Context thanks.. -- View this message in context: http://www.nabble.com/tomcat-5.5.23-can%27t-have-context-path-different-from-war-name.-tf4230057.html#a12034069 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
ResolvedRe: tomcat 5.5.23 can't have context path different from war name.
thanks David.it's well deployed now.. you are the best !! David Smith-2 wrote: Store the webapp outside the webapps directory, rename CATALINA_HOME/conf/Enginename/HostName/app_name.xml to newAppName.xml and add a docBase attribute to it pointing the way to the webapp's new location. --David lmk wrote: hellooo, do you have any solution to set the context path didfferent from the application name, i set the context into the META-INF directory, tomcat copied this the contaxt into CATALINA_HOME/conf/Enginename/HostName/app_name.xml. but the /mycontextpath is not deployed..I still have the /app_name context.. context.xml ?xml version=1.0 encoding=UTF-8? Context path=/mypath privileged=true docBase=C:\apache-tomcat-5.5.23\webapps\my_webapp.war override=true /Context thanks.. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/tomcat-5.5.23-can%27t-have-context-path-different-from-war-name.-tf4230057.html#a12034821 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS logout
helloo, My quation is about how to remove jaas Principal from the Subject.??. I try to let user to sign out the application..I redirect to the jsp that includes: session.invalidate() but when a try to relogin a have an error (j_security_check not found), I still have access on application ressources.. thanks.. -- View this message in context: http://www.nabble.com/JAAS-logout-tf4142986.html#a11785246 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JAAS how to find user login name on the web app
Hii, I developed a JAAS module for authentication, and I deployed it on the tomcat server. I'd like to display the login name on the web app after authenticatiobn succeed.how to find it ..? can i finf it on the session?? or must use the Callbackhandler object..? regards!!! -- View this message in context: http://www.nabble.com/JAAS-how-to-find-user-login-name-on-the-web-app-tf4024730.html#a11431898 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS how to find user login name on the web app
Im using tomcat Realm.. I can even get the user password!! thanks.. rpr_listas wrote: Hi, lmk! Your JAAS module is a tomcat Realm? If you develop a tomcat realm you can access the user data via the standard servlet API. HttpServletRequest.getRemoteUser(); HttpServletRequest.getUserPrincipal(); regards. Ricardo. lmk escribió: Hii, I developed a JAAS module for authentication, and I deployed it on the tomcat server. I'd like to display the login name on the web app after authenticatiobn succeed.how to find it ..? can i finf it on the session?? or must use the Callbackhandler object..? regards!!! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-how-to-find-user-login-name-on-the-web-app-tf4024730.html#a11432932 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS how to find user login name on the web app
I dont found how to get the user password...j_password parameter is not in request nor session . lmk wrote: Im using tomcat Realm.. I can even get the user password!! thanks.. rpr_listas wrote: Hi, lmk! Your JAAS module is a tomcat Realm? If you develop a tomcat realm you can access the user data via the standard servlet API. HttpServletRequest.getRemoteUser(); HttpServletRequest.getUserPrincipal(); regards. Ricardo. lmk escribió: Hii, I developed a JAAS module for authentication, and I deployed it on the tomcat server. I'd like to display the login name on the web app after authenticatiobn succeed.how to find it ..? can i finf it on the session?? or must use the Callbackhandler object..? regards!!! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-how-to-find-user-login-name-on-the-web-app-tf4024730.html#a11433270 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS how to find user login name on the web app
yes I must send the user name and password to a web services to get other user informations.. David Smith-2 wrote: I don't think password is ever intended to be exposed to the webapp ... just the username. Is there a reason you need the password? --David lmk wrote: I dont found how to get the user password...j_password parameter is not in request nor session . lmk wrote: Im using tomcat Realm.. I can even get the user password!! thanks.. rpr_listas wrote: Hi, lmk! Your JAAS module is a tomcat Realm? If you develop a tomcat realm you can access the user data via the standard servlet API. HttpServletRequest.getRemoteUser(); HttpServletRequest.getUserPrincipal(); regards. Ricardo. lmk escribió: Hii, I developed a JAAS module for authentication, and I deployed it on the tomcat server. I'd like to display the login name on the web app after authenticatiobn succeed.how to find it ..? can i finf it on the session?? or must use the Callbackhandler object..? regards!!! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-how-to-find-user-login-name-on-the-web-app-tf4024730.html#a11434165 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAAS how to find user login name on the web app
It seems dificult to recover login password..I dont want to add a filter just for that.. do you have an other solution .? lmk wrote: I dont found how to get the user password...j_password parameter is not in request nor session . lmk wrote: Im using tomcat Realm.. I can even get the user password!! thanks.. rpr_listas wrote: Hi, lmk! Your JAAS module is a tomcat Realm? If you develop a tomcat realm you can access the user data via the standard servlet API. HttpServletRequest.getRemoteUser(); HttpServletRequest.getUserPrincipal(); regards. Ricardo. lmk escribió: Hii, I developed a JAAS module for authentication, and I deployed it on the tomcat server. I'd like to display the login name on the web app after authenticatiobn succeed.how to find it ..? can i finf it on the session?? or must use the Callbackhandler object..? regards!!! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/JAAS-how-to-find-user-login-name-on-the-web-app-tf4024730.html#a11433978 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException..probably a classpath pb
Im using tomcat 5.5. message sent to axis users.. http://www.nabble.com/ClassCastException..probably-a-classpath-pb-tf3906084.html here best regards! mgainty wrote: Please post this question to axis users group [EMAIL PROTECTED] Bon Chance/ Martin-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: lmk To: Sent: Monday, June 11, 2007 12:57 PM Subject: ClassCastException..probably a classpath pb Hi! Im trying to deploy a custom jass login module into tomcat server.this module need a web service request for authentication. the same code works fine where it's executed locally on Eclipse, but, when I deploy a jar on server/lib folder for tomcat. i have the exception : AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.lang.ClassCastException faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:java.lang.ClassCastException at org.apache.axis.deployment.wsdd.WSDDTargetedChain.makeNewInstance(WSDDTargetedChain.java:157) at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInstance(WSDDDeployableItem.java:274) at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance(WSDDDeployableItem.java:260) at org.apache.axis.deployment.wsdd.WSDDDeployment.getTransport(WSDDDeployment.java:410) at org.apache.axis.configuration.FileProvider.getTransport(FileProvider.java:257) at org.apache.axis.AxisEngine.getTransport(AxisEngine.java:332) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:163) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) -- have you any idea? thanks ! -- View this message in context: http://www.nabble.com/ClassCastException..probably-a-classpath-pb-tf3902685.html#a11064305 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/ClassCastException..probably-a-classpath-pb-tf3902685.html#a11074428 Sent from the Tomcat - User mailing list archive at Nabble.com.
ClassCastException..probably a classpath pb
Hi! Im trying to deploy a custom jass login module into tomcat server.this module need a web service request for authentication. the same code works fine where it's executed locally on Eclipse, but, when I deploy a jar on server/lib folder for tomcat. i have the exception : AxisFault faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException faultSubcode: faultString: java.lang.ClassCastException faultActor: faultNode: faultDetail: {http://xml.apache.org/axis/}stackTrace:java.lang.ClassCastException at org.apache.axis.deployment.wsdd.WSDDTargetedChain.makeNewInstance(WSDDTargetedChain.java:157) at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getNewInstance(WSDDDeployableItem.java:274) at org.apache.axis.deployment.wsdd.WSDDDeployableItem.getInstance(WSDDDeployableItem.java:260) at org.apache.axis.deployment.wsdd.WSDDDeployment.getTransport(WSDDDeployment.java:410) at org.apache.axis.configuration.FileProvider.getTransport(FileProvider.java:257) at org.apache.axis.AxisEngine.getTransport(AxisEngine.java:332) at org.apache.axis.client.AxisClient.invoke(AxisClient.java:163) at org.apache.axis.client.Call.invokeEngine(Call.java:2784) at org.apache.axis.client.Call.invoke(Call.java:2767) -- have you any idea? thanks ! -- View this message in context: http://www.nabble.com/ClassCastException..probably-a-classpath-pb-tf3902685.html#a11064305 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassCastException..probably a classpath pb
I put axis jar inside server/lib directory. I tried to set classpath on the manifest file but it seems impossible to set axis jars inside the login module jar. its the appropriate location? thanks Christopher Schultz-2 wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lmk, lmk wrote: I'm trying to deploy a custom JAAS login module into tomcat server. This module need a web service request for authentication. The same code works fine where it's executed locally on Eclipse, but, when I deploy a jar on server/lib folder for tomcat, i have the exception: If you are putting your authenticator into server/lib, where are you putting the AXIS libraries? What version of Tomcat are you using? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGbb2c9CaO5/Lv0PARAuZuAKCasFdqu3WknkNZ8YCFSC2cYe5vhQCgt03e SEjlRa0SsNPMMlp20Zq4fcQ= =w2BW -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/ClassCastException..probably-a-classpath-pb-tf3902685.html#a11069840 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat Data Base Realm
hii.. i do not understand how that works.!! how can I write my own programatic security in tomcat without any frameworj..just tomcat api? regards !! Johnny Kewl wrote: I dont think you can, easily, here are some idea's You could use something like embedded db Derby... and pre-configure that with the web service users... and then just use tomcats db realm. You could write your own programatic security in tomcat and call into the web service. You could try GangBang on http://coolese.100free.com/. It has a hook that allows you to supply your own password service... ie you can call the web service directly. Good Luck... - Original Message - From: lmk [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Monday, May 21, 2007 3:05 PM Subject: tomcat Data Base Realm hii, I'd like to use tomcat for authentification management, the server can not bind directly the data base server, i must get the user name and the password with a web service request. I can't set the DB properties into a tomcat configuration file. How can I use tomcat security management ? -- View this message in context: http://www.nabble.com/tomcat-Data-Base-Realm-tf3790135.html#a10718419 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/tomcat-Data-source-Realm-tf3790135.html#a10764311 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat Data Base Realm
hii, I'd like to use tomcat for authentification management, the server can not bind directly the data base server, i must get the user name and the password with a web service request. I can't set the DB properties into a tomcat configuration file. How can I use tomcat security management ? -- View this message in context: http://www.nabble.com/tomcat-Data-Base-Realm-tf3790135.html#a10718419 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: the best method to secure Apache/tomcat communication
I will propose this solution to the person in charge of servers security management. But, I don't really think so that it will be accepted. thanks. Filip Hanik - Dev Lists wrote: take a look at autoSSH http://www.harding.motd.ca/autossh/ Filip Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lmk, lmk wrote: I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require [encrypting] the traffic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? What about using an ssh tunnel? The only problem with that is you will need to monitor the ssh connection for disconnects and reconnect if necessary. Are all your servers in the same data center? Often, server farms will have a primary network interface used for communicating with the Internet, and then a secondary network interface to a private network that includes nothing but your own servers. Often, you can use a faster network than is available to the outside (perhaps gigabit ethernet if the rest of the center runs on 100baseT, or even better if your data center will provide it). Then, your servers can communicate on their own private network. As long as you trust that network, you can avoid encryption and enjoy better performance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFpPYU9CaO5/Lv0PARAuHTAKCOG98BuTnZNm8EUaxrX9lme51yowCfSxrj I7If0C50/V2oGz93LL79fa8= =gLAI -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/the-best-method-to-secure-Apache-tomcat-communication-tf2951906.html#a8273905 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
the best method to secure Apache/tomcat communication
Hello, I have a question concerning the use of Apache server in front of tomcat, at the present time, we use tomcat 4, AJP, apache 2.2 and mod_jk to manage load balancing. it work roughly fine; but new security rules require crypting the trafic between 2 web servers. we cant use solution like IPSEC or VPN tunnel. so, i think to replace mod_jk with mod_proxy ,but, how to replace mod_jk load balancer? best regards! -- View this message in context: http://www.nabble.com/the-best-method-to-secure-Apache-tomcat-communication-tf2951906.html#a8255815 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AJP13 and Mod jk security
Hi; how to secure communication between apache web server and servlet engine..?? thanks -- View this message in context: http://www.nabble.com/AJP13-and-Mod-jk-security-t1467202.html#a3965323 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]