TOmcat 4.x version
Hello , Can you please help me check the version of tomcat installed in Linux. I know that tomcat 5 has version.sh. But tomcat 4 doesnt have such file. Is there a way to find out the version of tomcat 4. Also the home index page is removed in the server. so there is no way to check using : /localhost:8080/ is there any other alternatives to find the version number. Try the new Yahoo! India Homepage. Click here. http://in.yahoo.com/trynew
tomcat5.5 shutdown fails!
Hello all, When i try to shut down tomcat5.5, it shows as : [r...@qserver bin]# ./shutdown.shUsing CATALINA_BASE: /root/multimedia/apache-tomcat-5.5.27Using CATALINA_HOME: /root/multimedia/apache-tomcat-5.5.27Using CATALINA_TMPDIR: /root/multimedia/apache-tomcat-5.5.27/tempUsing JRE_HOME: /usr/java/jdk1.6.0_10 but when i try to access tomcat page it is still working. Then i checked the log file catalina.out It shows as: Oct 16, 2009 10:46:10 PM org.apache.catalina.core.ApplicationContext logINFO: ContextListener: contextDestroyed()Oct 16, 2009 10:46:10 PM org.apache.coyote.http11.Http11BaseProtocol destroyINFO: Stopping Coyote HTTP/1.1 on http-8080Oct 16, 2009 10:46:10 PM org.apache.catalina.core.AprLifecycleListener lifecycleEventINFO: Failed shutdown of Apache Portable Runtime Please help me find out this problem.I need to shutdown tomcat for some configuration changes. Now, send attachments up to 25MB with Yahoo! India Mail. Learn how. http://in.overview.mail.yahoo.com/photos
Re: avoiding ssl vulnerabilities in tomcat
Hello all, As per the suggestion from tomcat forum users,I went ahead and installed tomcat4.1.40 Then i copied the original webapps file from the back up tomcat (old version). I tried to start the server. It shows this error Sep 7, 2009 10:13:11 PM org.apache.coyote.http11.Http11BaseProtocol initINFO: Initializing Coyote HTTP/1.1 on http-8080Sep 7, 2009 10:13:12 PM org.apache.coyote.http11.Http11BaseProtocol initINFO: Initializing Coyote HTTP/1.1 on http-8443Starting service Tomcat-StandaloneApache Tomcat/4.1.40Catalina.start: LifecycleException: Context startup failed due to previous errorsStopping service Tomcat-StandaloneCatalina.stop: LifecycleException: Coyote connector has not been startedLifecycleException: Coyote connector has not been started Please help me regardsSunil C --- On Fri, 14/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Friday, 14 August, 2009, 7:55 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/13/2009 1:11 AM, sunil chandran wrote: Now installing tomcat 4.1.40 what all changes will be required in my sevice.. no change in application? You are very unlikely to require any webapp changes. maybe installation and configuration changes will be needed? You are very unlikely to require any configuration changes. That's what moving from patch level (4.1.x to 4.1.y) means: very little should be required of you. That being said, it is up to you to read the change log to find out of any breaking changes have been introduced. This often happens when a security bug is fixed which requires, say, URLs to be interpreted differently. If your webapp relies on that old behavior, you'll need to make arrangements for that (often using a configuration parameter). The ChangeLog for Tomcat 4.1 can be found here: http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.40/RELEASE-NOTES-4.1.txt It's not in the most easily-read format (changes are described by component, then by version, rather than the other way around, which is how I would have done it), but you still have to read it: look for every change between 4.1.24 (that's your current version, right?) and 4.1.40. You may have to read relevant bug reports, too. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqFc9oACgkQ9CaO5/Lv0PAYhQCeJkuKdCkwd/UcQHxUh7/Zii8l KnIAoIClIURe/eRpAavc/HO2KtnkWhPc =KB5m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org See the Web's breaking stories, chosen by people like you. Check out Yahoo! Buzz. http://in.buzz.yahoo.com/ Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
Re: avoiding ssl vulnerabilities in tomcat
Hello all, As per the suggestion from tomcat forum users,I went ahead and installed tomcat4.1.40 Then i copied the original webapps file from the back up tomcat (old version). I tried to start the server. It shows this error Sep 7, 2009 10:13:11 PM org.apache.coyote.http11.Http11BaseProtocol initINFO: Initializing Coyote HTTP/1.1 on http-8080Sep 7, 2009 10:13:12 PM org.apache.coyote.http11.Http11BaseProtocol initINFO: Initializing Coyote HTTP/1.1 on http-8443Starting service Tomcat-StandaloneApache Tomcat/4.1.40Catalina.start: LifecycleException: Context startup failed due to previous errorsStopping service Tomcat-StandaloneCatalina.stop: LifecycleException: Coyote connector has not been startedLifecycleException: Coyote connector has not been started Please help me regardsSunil C --- On Fri, 14/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Friday, 14 August, 2009, 7:55 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/13/2009 1:11 AM, sunil chandran wrote: Now installing tomcat 4.1.40 what all changes will be required in my sevice.. no change in application? You are very unlikely to require any webapp changes. maybe installation and configuration changes will be needed? You are very unlikely to require any configuration changes. That's what moving from patch level (4.1.x to 4.1.y) means: very little should be required of you. That being said, it is up to you to read the change log to find out of any breaking changes have been introduced. This often happens when a security bug is fixed which requires, say, URLs to be interpreted differently. If your webapp relies on that old behavior, you'll need to make arrangements for that (often using a configuration parameter). The ChangeLog for Tomcat 4.1 can be found here: http://archive.apache.org/dist/tomcat/tomcat-4/v4.1.40/RELEASE-NOTES-4.1.txt It's not in the most easily-read format (changes are described by component, then by version, rather than the other way around, which is how I would have done it), but you still have to read it: look for every change between 4.1.24 (that's your current version, right?) and 4.1.40. You may have to read relevant bug reports, too. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqFc9oACgkQ9CaO5/Lv0PAYhQCeJkuKdCkwd/UcQHxUh7/Zii8l KnIAoIClIURe/eRpAavc/HO2KtnkWhPc =KB5m -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org See the Web#39;s breaking stories, chosen by people like you. Check out Yahoo! Buzz. http://in.buzz.yahoo.com/
Re: Tomcat 4 start up as (/sbin/service)
Hello ,Thank you for the response. Now can i stop tomcat service and take a backup of tomcat 4 directory. Then install the new tomcat4.1.40 in the same location. That way i need not change the directory location in any files too. right? so once i install tomcat4.1.40 in the same location (where previous tomcat4 was running) the script/etc/init.d/tomcat4 will run the new tomcat4.1.40? regardsSunil C --- On Mon, 24/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Tomcat 4 start up as (/sbin/service) To: Tomcat Users List users@tomcat.apache.org Date: Monday, 24 August, 2009, 7:50 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/24/2009 12:52 AM, sunil chandran wrote: I see that old version was started as /sbin/service tomcat4 stop /sbin/service tomcat4 start Now i have installed tomcat 4.1.40 in same machine (after removing tomcat 4..1.24) 1. How can i set it the same as above? Does /etc/init.d/tomcat4 still exist? If so, it will probably still run properly, as nothing structural should have changed between your patch versions. 2. If i install this tomcat 4.1.40 in a new machine, how can i set it as above? Er... copy the startup scripts? Tomcat does not maintain startup scripts for any version of any OS IIRC. These are the responsibility of the system administrators who maintain the servers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSob8ACgkQ9CaO5/Lv0PAdsACfTWY85d10S2ZLjQazV06aZ9V3 LNwAoKdZtnCisQ5ukHXDDCwZo3qWhNFs =ii8f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
Re: Tomcat 4 start up as (/sbin/service)
I see that old version was started as /sbin/service tomcat4 stop /sbin/service tomcat4 start Now i have installed tomcat 4.1.40 in same machine (after removing tomcat 4..1.24) 1. How can i set it the same as above ? 2. If i installl this tomcat 4.1..40 in a new machine, how can i set it as above? --- On Fri, 21/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Tomcat 4 start up as (/sbin/service) To: Tomcat Users List users@tomcat.apache.org Date: Friday, 21 August, 2009, 11:32 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/20/2009 5:15 AM, sunil chandran wrote: As per everyone suggestion, I went ahead and installed tomcat 4.1.40It is successful Now i want to set as /sbin/service. How was the old version of Tomcat 4.1.x being started? Or, is this something new you want to do? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqO4TsACgkQ9CaO5/Lv0PDQ5QCfaaTtm/NvDloUN5OjfwWYLEl3 LEIAoJ08qrv5JWWuTZqkSEfwCL4A659c =4poc -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Regarding BUsy Thread in TOmcat 4
Hello all, I am getting an error daily in tomcat 4.1.24 version. SEVERE: All threads are busy, waiting. Please increase maxthreads or check the servlet status 75 75.Stopping service tomcat-standalone Please help me out why this erro is happeningMy tomcat service stops every night because of this error. Should i increase the maxprocessors value in server.xml? regardsSunil C Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
Re: avoiding ssl vulnerabilities in tomcat
Hello Sir, I wish to confirm one more thing. The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment. my quesiton is: Is this vulernability solved in tomcat 5 version?Do i need to perform some additional stuff to avoid this vulnerability?Any modification to be done in server.xml file to avoid the SSL vulnerability regardsSunil C --- On Tue, 11/8/09, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, 11 August, 2009, 4:55 PM sunil chandran wrote: Hello all, OK i will upgrade. But what all changes required to update to tomcat 5. what all changes reuired to upgrade to tomcat 4.1.40 You may as well do the job properly and upgrade to 6.0.20. For you app? No changes should be required. For your Tomcat configuration? Start with the clean configuration provided with 6.0.20 and add any modifications you need. Be aware that the config has changed in particular: - the Logger element is no longer used - Resource configuration has changed See the docs for the details. Mark --- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Monday, 10 August, 2009, 7:10 PM From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] Subject: Re: avoiding ssl vulnerabilities in tomcat Is there any patch provided so that i can still use the same version 4.1.24 itself. No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Re: avoiding ssl vulnerabilities in tomcat
Hello all, A slight change. After discussions , the production team in SIngapore wants us to go for upgrade to 4.1.40 Comments from tomcat forum responses: 1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will provide the least headache because you will be staying on your current Tomcat version, just improving your patch level. Plan to upgrade to a newer release of Tomcat in the future. Now i feel the vulnerability is fixed in this version. Now installing tomcat 4.1.40 what all changes will be required in my sevice.. no change in application? maybe installation and configuration changes will be needed? change needed in logging? should i stop the tomcat 4 service running and then install this new tomcat 4.1.40? Please help --- On Wed, 12/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, 12 August, 2009, 8:15 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/12/2009 3:12 AM, sunil chandran wrote: The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment. With all due respect to your team, I think they are making a mistake. Either of these are better choices in my opinion: 1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will provide the least headache because you will be staying on your current Tomcat version, just improving your patch level. Plan to upgrade to a newer release of Tomcat in the future. 2. Upgrade directly to Tomcat 6 without making a stop at Tomcat 5.5. If you are going to upgrade major versions, there is absolutely no reason for you to go to Tomcat 5.5, which will eventually have support dropped just like Tomcat 4.1 did. my quesiton is: Is this vulernability solved in tomcat 5 version? Sheesh. Did you read the CVE description? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1858 It clearly says that Tomcat 5.5 is vulnerable through 5.5.17 (which is inaccurate: the fix for this is documented to be in 5.5.17). Make sure you are using a version later than that if you must use 5.5. Now, before you ask about what version of Tomcat 6 you need in order to avoid this vulnerability, let me help you: 1. Go to Tomcat's web site (http://tomcat.apache.org/) 2. Follow the link that says Security 3. Pick your major Tomcat version 4. Read the fixes. Each one mentions the CVE identifier, a description of the problem, the versions of Tomcat affected, and the version in which a fix appears. All this information is easy to find on the Tomcat web site. Please read the documentation before continuing to ask questions such as these. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqC1ZUACgkQ9CaO5/Lv0PCU0ACfRTpiCEBpHAPCHyU0zB9nEX7s ZSEAoJb6rG+4aQCzX2iyP9B3VqLODGFX =z6Bp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org See the Web#39;s breaking stories, chosen by people like you. Check out Yahoo! Buzz. http://in.buzz.yahoo.com/
Re: avoiding ssl vulnerabilities in tomcat
Hello all, As per Christopher response. 1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will provide the least headache because you will be staying on your current Tomcat version, just improving your patch level. Plan to upgrade to a newer release of Tomcat in the future. Can you please tell me what you mean by improving patch level. How should i install tomcat 4.1.40 on tomcat 4.1.24? is it sperate installation or patch? Please help me --- On Wed, 12/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Wednesday, 12 August, 2009, 8:15 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/12/2009 3:12 AM, sunil chandran wrote: The issue is SSL vulnerability. from the responses, i understood that i need to upgrade to tomcat latest version. As per the team, it is recommended to go for Tomcat 5 in our environment. With all due respect to your team, I think they are making a mistake. Either of these are better choices in my opinion: 1. Upgrade to the latest version of 4.1.x, which is 4.1.40. This will provide the least headache because you will be staying on your current Tomcat version, just improving your patch level. Plan to upgrade to a newer release of Tomcat in the future. 2. Upgrade directly to Tomcat 6 without making a stop at Tomcat 5.5. If you are going to upgrade major versions, there is absolutely no reason for you to go to Tomcat 5.5, which will eventually have support dropped just like Tomcat 4.1 did. my quesiton is: Is this vulernability solved in tomcat 5 version? Sheesh. Did you read the CVE description? http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-1858 It clearly says that Tomcat 5.5 is vulnerable through 5.5.17 (which is inaccurate: the fix for this is documented to be in 5.5.17). Make sure you are using a version later than that if you must use 5.5. Now, before you ask about what version of Tomcat 6 you need in order to avoid this vulnerability, let me help you: 1. Go to Tomcat's web site (http://tomcat.apache.org/) 2. Follow the link that says Security 3. Pick your major Tomcat version 4. Read the fixes. Each one mentions the CVE identifier, a description of the problem, the versions of Tomcat affected, and the version in which a fix appears. All this information is easy to find on the Tomcat web site. Please read the documentation before continuing to ask questions such as these. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqC1ZUACgkQ9CaO5/Lv0PCU0ACfRTpiCEBpHAPCHyU0zB9nEX7s ZSEAoJb6rG+4aQCzX2iyP9B3VqLODGFX =z6Bp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Looking for local information? Find it on Yahoo! Local http://in.local.yahoo.com/
RE: avoiding ssl vulnerabilities in tomcat
Hello all, OK i will upgrade. But what all changes required to update to tomcat 5. what all changes reuired to upgrade to tomcat 4.1.40 --- On Mon, 10/8/09, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Caldarale, Charles R chuck.caldar...@unisys.com Subject: RE: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Monday, 10 August, 2009, 7:10 PM From: sunil chandran [mailto:sunilonweb2...@yahoo.co.in] Subject: Re: avoiding ssl vulnerabilities in tomcat Is there any patch provided so that i can still use the same version 4.1.24 itself. No, you *must* upgrade. Your reluctance to do so borders on the ridiculous. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php
Re: issue : tomcat4 shutdown
Hello all, Do you get this exception from the shutdown process, or from the runningTomcat? It looks like the running Tomcat. Does Tomcat still shut down, or do you have to kill -9 it? I am using tomcat 4.1I get this error when tomcat is shutdown. when i give shutdown, it shows this message waiting for process to stopwaiting for process to stopwaiting for process to stop-- then i kill -9 the process and remove the lock in /var/locl/subsys folder. Then start tomcat Only shutdown is causing this issue. Please help me --- On Fri, 7/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: issue : tomcat4 shutdown To: Tomcat Users List users@tomcat.apache.org Date: Friday, 7 August, 2009, 12:50 AM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/6/2009 3:16 AM, sunil chandran wrote: I am using tomcat 4. When i shutdown tomcat i get this error. Which specific version? Are you running the latest-available 4.1.x version? If not, you should upgrade to the latest 4.1 Tomcat which is 4.1.40. Aug 6, 2009 3:45:13 PM org.apache.tomcat.util.net.PoolTcpEndpoint closeServerSocket SEVERE: Caught exception trying to unlock accept. java.net.ConnectException: Connection refused Do you get this exception from the shutdown process, or from the running Tomcat? It looks like the running Tomcat. Does Tomcat still shut down, or do you have to kill -9 it? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkp7LPkACgkQ9CaO5/Lv0PCZdQCfcpt8M7JrXe/pbWxOiHDjIudI vwkAoIdiRiDCRQI/SEa+FfbIg+sSmk6f =tGHq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Re: avoiding ssl vulnerabilities in tomcat
Hello all, I found this issue form support team: THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client usually authenticates the server using an algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without authentication. Most common Web browsers like Microsoft Internet Explorer, Netscape and Mozilla do not use anonymous authentication ciphers by default. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm. SSL client-server communication may use several different types of authentication: RSA, Diffie-Hellman, DSS or none. When 'none' is used, the communications are vulnerable to a man-in-the-middle attack. IMPACT: An attacker can exploit this vulnerability to impersonate your server to clients. SOLUTION: Disable support for anonymous authentication Please tell me what exactly i must do in tomcat 4 to avoid this ssl vulnerabilties. Please help. regardsSunil C --- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, 4 August, 2009, 9:39 PM sunil chandran wrote: Hello sir, I am sorry. I am using tomcat 4 Tomcat 4 is no longer supported. You *really* need to upgrade. !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4..CoyoteConnector port=8443 minProcessors=5 maxProcessors=150 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Again, read the docs. If you must use Tomcat 4 (and that is a bad idea) you should not be using the Factory element. Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=.keystore keystorePass=mypass clientAuth=false protocol=TLS / /Connector this is the portion of server.xml. I have anabled ssl. still there is some vulnerabilities as informed by supprot team. They say that tomcat is configured to access without authentication. 1. is it true? Maybe. 2. How can we confirm if the tomcat SSL is configure using any algorithm to authenticate or “none”. With clientAuth=false authentication will be controlled by your app's web.xml. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php
Re: avoiding ssl vulnerabilities in tomcat
Hello, I read the link. I found that my tomcat is 4.1.24 version. So i read that the issue is fixed in 4.1.32. Is there any patch provided so that i can still use the same version 4.1.24 itself. Is it must to upgrade? is there any patch to fix this? --- On Mon, 10/8/09, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Monday, 10 August, 2009, 3:37 PM sunil chandran wrote: Hello all, I found this issue form support team: THREAT: The Secure Socket Layer (SSL) protocol allows for secure communication between a client and a server. The client usually authenticates the server using an algorithm like RSA or DSS. Some SSL ciphers allow SSL communication without authentication. Most common Web browsers like Microsoft Internet Explorer, Netscape and Mozilla do not use anonymous authentication ciphers by default. A vulnerability exists in SSL communications when clients are allowed to connect using no authentication algorithm. SSL client-server communication may use several different types of authentication: RSA, Diffie-Hellman, DSS or none. When 'none' is used, the communications are vulnerable to a man-in-the-middle attack. IMPACT: An attacker can exploit this vulnerability to impersonate your server to clients. It would have saved a lot of time of you had quoted the CVE reference for this issue. It is CVE-2007-1858. SOLUTION: Disable support for anonymous authentication Please tell me what exactly i must do in tomcat 4 to avoid this ssl vulnerabilties. Please help. Again, *Tomcat 4 is no longer supported - you REALLY need to upgrade*. If you insist on continuing to use Tomcat 4 then as per http://tomcat.apache.org/security-4.html you need to upgrade to 4.1.32 or later to avoid this issue. Given that there are other, arguably more serious vulnerabilities, still present in 4.1.32 if you must stay on 4.1.x then you should upgrade to 4.1.40. Mark regardsSunil C --- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, 4 August, 2009, 9:39 PM sunil chandran wrote: Hello sir, I am sorry. I am using tomcat 4 Tomcat 4 is no longer supported. You *really* need to upgrade. !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4..CoyoteConnector port=8443 minProcessors=5 maxProcessors=150 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Again, read the docs. If you must use Tomcat 4 (and that is a bad idea) you should not be using the Factory element. Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=.keystore keystorePass=mypass clientAuth=false protocol=TLS / /Connector this is the portion of server.xml. I have anabled ssl. still there is some vulnerabilities as informed by supprot team. They say that tomcat is configured to access without authentication. 1. is it true? Maybe. 2. How can we confirm if the tomcat SSL is configure using any algorithm to authenticate or “none”. With clientAuth=false authentication will be controlled by your app's web.xml. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Send free SMS to your Friends on Mobile from your Yahoo! Messenger. Download Now! http://messenger.yahoo.com/download.php - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
issue : tomcat4 shutdown
Hello Sir, I am using tomcat 4. When i shutdown tomcat i get this error. Aug 6, 2009 3:45:13 PM org.apache.tomcat.util.net.PoolTcpEndpoint closeServerSocket SEVERE: Caught exception trying to unlock accept. java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl..java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:452) at java.net.Socket.connect(Socket.java:402) at java.net.Socket.init(Socket.java:309) at java.net.Socket.init(Socket.java:124) at org.apache.tomcat.util.net.PoolTcpEndpoint.closeServerSocket(PoolTcpEndpoint.java:326) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:397) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:529) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:534) Aug 6, 2009 3:45:13 PM org.apache.tomcat.util.net.PoolTcpEndpoint closeServerSocket SEVERE: Caught exception trying to close socket. java.lang.NullPointerException at org.apache.tomcat.util.net.PoolTcpEndpoint.closeServerSocket(PoolTcpEndpoint.java:338) at org.apache.tomcat.util.net.PoolTcpEndpoint.acceptSocket(PoolTcpEndpoint.java:397) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:529) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:534) Aug 6, 2009 3:45:13 PM org.apache.tomcat.util.net.PoolTcpEndpoint acceptSocket WARNING: Reinitializing ServerSocket When started the server runs normally. This error only happens when I shut the server down. Any ideas? Please help regards Sunil C Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Re: issue : tomcat4 shutdown
Hello, I understand the current situation. But i have to content with tomcat 4. Please help me solve this issue. --- On Thu, 6/8/09, André Warnier a...@ice-sa.com wrote: From: André Warnier a...@ice-sa.com Subject: Re: issue : tomcat4 shutdown To: Tomcat Users List users@tomcat.apache.org Date: Thursday, 6 August, 2009, 12:53 PM sunil chandran wrote: Hello Sir, I am using tomcat 4. When i shutdown tomcat i get this error. Sunil, as someone on this list may already have told you, Tomcat 4 is a *very old* version of Tomcat (5 years or more). It is no longer being developed or supported. The current version of Tomcat is 6.0.20. Between Tomcat 4.1 and 6.0.20, there have been major versions 5.0 and 5.5. You need to upgrade, because you will not find many people anywhere still willing to spend time helping debug a problem with Tomcat 4.1. Upgrading from Tomcat 4.1 to Tomcat 5.5 for example, is very little problem.. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
avoiding ssl vulnerabilities in tomcat
Hello all, there are some vulnerability existing on my server: SSL Server Allows Cleartext Communication Vulnerability soultion provided by the team was: SOLUTION: Disable support for anonymous authentication. SOLUTION: Disable ciphers which support cleartext communication. These vulnerabilities still exist on my server as the modifications done on the configuration file ssl.conf was meant for httpd service which is not being used in my server. Ports 443 8443 where the vulnerabilities were detected are used by the Tomcat service running on my server. Can someone help me identify the place in server.xml file to avoid these vulnerabilties. regards Sunil C See the Web#39;s breaking stories, chosen by people like you. Check out Yahoo! Buzz. http://in.buzz.yahoo.com/
Re: avoiding ssl vulnerabilities in tomcat
Hello sir, I am sorry. I am using tomcat 4 !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8443 minProcessors=5 maxProcessors=150 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=.keystore keystorePass=mypass clientAuth=false protocol=TLS / /Connector this is the portion of server.xml. I have anabled ssl. still there is some vulnerabilities as informed by supprot team. They say that tomcat is configured to access without authentication. 1. is it true? 2. How can we confirm if the tomcat SSL is configure using any algorithm to authenticate or “none”. please help me. regards Sunil C --- On Tue, 4/8/09, Mark Thomas ma...@apache.org wrote: From: Mark Thomas ma...@apache.org Subject: Re: avoiding ssl vulnerabilities in tomcat To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, 4 August, 2009, 2:42 PM sunil chandran wrote: there are some vulnerability existing on my server: SSL Server Allows Cleartext Communication Vulnerability snip/ Can someone help me identify the place in server.xml file to avoid these vulnerabilties. You didn't say which Tomcat version so I am going to assume 6.0.20. Neither did you say which connector you are using. I am going to assume the default Java blocking IO connector. The info you require is in the docs. Take a look at the SSL section of this page: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Yahoo! recommends that you upgrade to the new and safer Internet Explorer 8. http://downloads.yahoo.com/in/internetexplorer/
Re: Setting up multiple instances of Tomcat on one machine
Hello Sangeetha, I have also done the same thing. probably i will be able to help you. i have also created a document on how to do it. maybe if you want i will send it to ur ID. because it is only a test document prepared by me.Hope it helps you. On Oct 31, 2007 3:01 AM, Gabe Wong [EMAIL PROTECTED] wrote: Feel free to try my company's product, NGASI AppServer Manager (www.ngasi.com), which enables you to do just that. Verma, Sangeeta wrote: Hello, Is there a way to setup single installation of Tomcat to deploy multiple applications running on different ports like app1 on 8080, app2 on 8090 etc. This topology has been proposed for having a dev/test environment on a single machine. I want to know if it's feasible and how it can be achieved. Your feedback is highly appreciated. Thanks, Sangeeta - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Regards Gabe Wong NGASI AppServer Manager Application server installation and configuration AUTOMATION for Tomcat, JBoss, and Jetty. http://www.ngasi.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem installing tomcat 6
Hi , I went for jdk5.0 . but still when i type : java -version it shows that java version 1.4.2_12 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03) Java HotSpot(TM) Client VM (build 1.4.2_12-b03, mixed mode) why is it so. i went for jdk1.5.0_13-linux-i586.rpm please help me. On Oct 29, 2007 10:14 PM, Mark Thomas [EMAIL PROTECTED] wrote: sunil chandran wrote: Hi all, I have installed Tomcat 6 . but when i start the tomcat it gives the following error: Exception in thread main java.lang.UnsupportedClassVersionError: org/apache/catalina/startup/Bootstrap (Unsupported major.minor version 49.0) Install JDK 5.0+ Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem installing tomcat 6
Hi , I tried your command First which directory was jdk1.5.0_13 installed under? Assuming /usr/java/jdk1.5.0_13, execute the following command export PATH=/usr/java/jdk1.5.0_13:$PATH it is still showing that the java version is 1.4. i think it is something to do with the rpm that i installed . I went for *JDK 5.0 Update 13 The Java SE Development Kit (JDK) includes: * the Java Runtime Environment (JRE) * command-line development tools, such as compilers and debuggers, that are necessary or useful for developing applets and applications* So is it because of this that am having some problem. I read some where that we need to install complete JDK 1.5 . Please help me forward. On Oct 31, 2007 7:21 PM, Gabe Wong [EMAIL PROTECTED] wrote: sunil chandran wrote: Hi , I went for jdk5.0 . but still when i type : java -version it shows that java version 1.4.2_12 Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_12-b03) Java HotSpot(TM) Client VM (build 1.4.2_12-b03, mixed mode) why is it so. i went for jdk1.5.0_13-linux-i586.rpm please help me. First which directory was jdk1.5.0_13 installed under? Assuming /usr/java/jdk1.5.0_13, execute the following command export PATH=/usr/java/jdk1.5.0_13:$PATH However I am assuming you are trying to get /usr/java/jdk1.5.0_13 for Tomcat to run under. So in the Tomcat startup.sh or catalina.sh script add the following (towards the top part of the script) export JAVA_HOME=/usr/java/jdk1.5.0_13 -- Regards Gabe Wong NGASI AppServer Manager Application server installation and configuration AUTOMATION for Tomcat, JBoss, and Jetty. http://www.ngasi.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
Re: Problem installing tomcat 6
Hi, Thank you it is working properly. On Oct 31, 2007 7:57 PM, Gabe Wong [EMAIL PROTECTED] wrote: sunil chandran wrote: Hi , I tried your command First which directory was jdk1.5.0_13 installed under? Assuming /usr/java/jdk1.5.0_13, execute the following command export PATH=/usr/java/jdk1.5.0_13:$PATH Have you verified the jdk1.5.0_13 directory by doing a ls? Also have you added the JAVA_HOME environment code to the tomcat startup.sh script as recommended in my previous message. With regards to the path setting, a corrected update should look like: export PATH=/usr/java/jdk1.5.0_13/bin:$PATH -- Regards Gabe Wong NGASI AppServer Manager Application server installation and configuration AUTOMATION for Tomcat, JBoss, and Jetty. http://www.ngasi.com - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
Problem installing tomcat 6
Hi all, I have installed Tomcat 6 . but when i start the tomcat it gives the following error: Exception in thread main java.lang.UnsupportedClassVersionError: org/apache/catalina/startup/Bootstrap (Unsupported major.minor version 49.0) at java.lang.ClassLoader.defineClass0(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:539) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java :123) at java.net.URLClassLoader.defineClass(URLClassLoader.java:251) at java.net.URLClassLoader.access$100(URLClassLoader.java:55) at java.net.URLClassLoader$1.run(URLClassLoader.java:194) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:187) at java.lang.ClassLoader.loadClass(ClassLoader.java:289) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:274) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) Please help me forward to solve it -- Sunil
Re: setting up two tomcat instance on a single machine
hello all, i do understand that i will face lot of problems..but its just a test PC . i just want to set up a test environment to see the working of Apache and tomcat using a connector. that i why am stiil asking help to implement clustering of tomcat to get two instance of tomcat working. On 10/23/07, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, sunil chandran wrote: Actually my version is Jakarata-tomcat-5.0.28 i am using mod_jk2 ..i know its deprecated but my production environment still has it..so i need to go forward with it. Upgrading from mod_jk2 to mod_jk is really the way to go. Testing shouldn't take too long: mod_jk is fairly easy to configure. There are many cases where mod_jk2 simply does not work. You really need to upgrade. anyway after hearing lot of warning from you friends in this forum , i have requested it to the top division team. Fortunately, it doesn't change anything about your application. It's just glue. You can also run mod_jk and mod_jk2 at the same time if it's absolutely necessary (for another project, for instance, that refuses to upgrade). but please help me forward with it now.. Nobody will help you with mod_jk2. That's what it means to be unsupported. Note that support for Tomcat 5.0 was just dropped, too. Sounds like a bad day for you :( - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFHHiYM9CaO5/Lv0PARAsWrAJ9SgDWyLWjuXjVUqorm3Ap/5jVW1gCgqU8D 0ZhLgLJg4S1RZgl1SqgeknA= =ts0m -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
setting up two tomcat instance on a single machine
Hello, Please help me to set up two tomcat on single machine. i mean tomcat 51 and tomcat 52. i have created two directories of tomcat 51 and 52. now in server.xml of both the tomcat i have done some changes on server port and on JK2 Connector side. is it enough..please help me know more about the cluster part in server.xml part of tomcat. -- Sunil
Re: setting up two tomcat instance on a single machine
i have version 5.1 of tomcat . i wanted clustering ... can u tell me clustering of tomcat without creating more than one tomcat directory. i have seen somewhere that there exists two server.xml files for each instance in one single directory of tomcat 5. how can i implement it here . also tell me what to do when it comes to load balancing . i have set up one tomcat5 and its working fine. i want to know how can i create two instance . my ultimate aim is load balancing . but it will be fine if i know both the methods individually. please help me forward. On 10/23/07, Nuno Manuel Martins [EMAIL PROTECTED] wrote: Hi, Do you want to implement clustering or just load balancing? Is 5.1 and 5.2 the versions of Tomcat? If so, why are you using different versions to set up clustering? -Original Message- From: sunil chandran [mailto:[EMAIL PROTECTED] Sent: terça-feira, 23 de Outubro de 2007 12:23 To: Tomcat Users List Subject: setting up two tomcat instance on a single machine Hello, Please help me to set up two tomcat on single machine. i mean tomcat 51 and tomcat 52. i have created two directories of tomcat 51 and 52. now in server.xml of both the tomcat i have done some changes on server port and on JK2 Connector side. is it enough..please help me know more about the cluster part in server.xml part of tomcat. -- Sunil - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
error logs in Apache:
hello, I have installed Apache 2 and mod_jk2 connector. but when i start apache my logs shows the following error. Please help me understand it. Apache/2.2.4 (Unix) mod_jk2/2.0.4 configured -- resuming normal operations [Thu Oct 18 16:16:15 2007] [error] channelApr.open() attempt to connect to 127.0.0.1:8009 (localhost) failed 111 [Thu Oct 18 16:16:15 2007] [error] ajp13.connect() failed ajp13:localhost:8009 [Thu Oct 18 16:16:15 2007] [error] ajp13.service() failed to connect endpoint errno=9 Bad file descriptor [Thu Oct 18 16:16:15 2007] [error] ajp13.service() Error forwarding ajp13:localhost:8009 1 1 [Thu Oct 18 16:16:15 2007] [error] lb.service() worker failed 12 for ajp13:localhost:8009 [Thu Oct 18 16:16:15 2007] [error] lb_worker.service() all workers in error or disabled state [Thu Oct 18 16:16:15 2007] [error] mod_jk2.handler() Error connecting to tomcat 12, status 503 i hope its a problem of workers2.properties file. please help me forward to solve it. -- Sunil
Re: error logs in Apache:
so that means i will not be able to work on it again but interestingly i was able to work on it successfully on another system 4 months back... please help me know what the logs means... is it a problem with workers2.properties file? On 10/18/07, Mark Thomas [EMAIL PROTECTED] wrote: sunil chandran wrote: hello, I have installed Apache 2 and mod_jk2 connector. but when i start apache my logs shows the following error. The mod_jk2 connector has been deprecated for some time. I would start again with mod_jk. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
Re: problem in handlins request for JK2
hello Johnny, I am sorry to confuse you... see my problem is that i used mod_auth_kerb for implementing single sing-on in a Japan server.i finsihed the project..then we found the problem ... that module works only in Apache and not in tomcat.so we needed something to connect Apache and tomcat to request the servlet inside webapps of Tomcat. first i wrote a Perl script which will redirect the request to the servlet. that gave temporary relief. it was working fine. so a client request for a servlet (http://ipaddress/cert) will run perfectly from a Japan machine. but running it from my system will say authentication required thats how it should run... *i should not be able to run that servlet in JP server from my machine.. thats where authentication prompt comes.. instead if i remote login to a JP machine and run the url ..it works perfectly..* thats how my project should work. i hope till here you are clear ! now i went for JK2 connector. now after configuring the appropriate files .. i checked the URL from JP machine. it works perfectly ( now no need of the perl script !) but when i run from my machine also i am able to get the result...( which is not what i should get ) that means now i am not getting that authentication message ..but am able to run the url and get the result from my machine also. thats what i mentioned about a security issue...no security for the URL.. so i should change some thing inside httpd.conf file... thats what my doubt is. hope you understood the scenario... this is the data i have given for Kerberos authentication inside my httpd.conf.. Directory / AuthType Kerberos AuthName Kerberos Login KrbAuthRealms JP.SONY.COM KrbServiceName HTTP/[EMAIL PROTECTED] Krb5Keytab /usr/local/apache/conf/jptkysip99.keytab KrbMethodNegotiate on KrbMethodK5Passwd off Require valid-user /Directory On 4/5/07, Johnny Kewl [EMAIL PROTECTED] wrote: Hello Sunil, I'm not sure if I understand what you trying to do... If you want Apache to authenticate there should be something like this in httpd.conf Location /secure AuthType basic AuthName japan area AuthBasicProvider dbm AuthDBMType SDBM AuthDBMUserFile /www/etc/dbmpasswd Require valid-user /Location If you want Tomcat to do the authentication then login-config auth-methodBASIC/auth-method realm-nameHARBOR Security/realm-name /login-config security-constraint !--this section dictates which URLS will invoke security-- web-resource-collection web-resource-nameTest/web-resource-name url-pattern/service/admin/url-pattern /web-resource-collection !--only users in these roles will get access to the above uri-- !--users are set in the conf/tomcat-users.xml file-- auth-constraint role-namejapan_admin/role-name /auth-constraint /security-constraint I tried to find a good example for you, but I couldnt find anything for mod_jk2 maybe someone else can comment on this but I think mod_jk2 has been deprecated (its old)... yes the numbering doesnt make sense. Anyway I think if you use mod_jk in future, you will find many more people can help. If you want SSL as well then have a look at the apache help file ie http://apacheserver/manual I dont know mod_jk2 but I think that any Cert or Ssl stuff in worker files must be for SSL between Apache and Tomcat... and its not often needed or wanted. Anyway... if you want little login box's to prompt the user must do something like the above. If you do it in Apache then local users can still get into Tomcat through a connector, if you do it in Tomcat then all users via Apache or direct to tomcat will have to login. It depends on what your system looks like... I think it will probably be easier to do it on Tomcat and then deliver the WAR package to Japan. That way Apache admin person just needs a simple connector setup. Here is some sample stuff for mod_jk that will help you get going http://tomcat.apache.org/tomcat-3.3-doc/mod_jk-howto.html and some more for SSL https://spaces.internet2.edu/display/SHIB/JKIdPInstall Main point is if you start using MOD_JK then just googling for Tomcat Mod_jk will give you losts of info Your english is much better than my japanese, but for prompting user login the word to search for is AUTHENTICATION... searching for security will probably give you SSL. Hope that helps - Original Message - *From:* sunil chandran [EMAIL PROTECTED] *To:* Tomcat Users List users@tomcat.apache.org *Cc:* JOHN [EMAIL PROTECTED] *Sent:* Wednesday, April 04, 2007 10:58 AM *Subject:* Re: problem in handlins request for JK2 Hi , this is the modifictaion i made in workers2.properties file: [channel.socket:localhost:8009] info=Ajp13 forwarding over socket debug=0 tomcatId=localhost:8009
problem in handlins request for JK2
Hello all, I am Sunil C. i have used JK2 connector to connect Apache and Tomcat I am having a servlet (Certserv) folder in webapps folder in Tomcat. i gave uri to that cert program in my workers2.properties file. everything is working fine. but i face a secuirty issue. this machine is in other domain. i mean Japan. i did a remote login and checked the uri . its working fine. the real problem lies ...when i type the uri from my machine. it should show authentication required because that folder is authentication restricted. but now ..i am able to run the uri from machine also. please tell me how can i restrict it. i tried giving : Location /cert JkUriSet worker ajp13:localhost:8009 /Location but it doesnt seem to work. is there something i have to include in my httpd.conf file of Apache? please help me forward thanks in advance. -- Sunil
Re: problem in handlins request for JK2
Hi , this is the modifictaion i made in workers2.properties file: [channel.socket:localhost:8009] info=Ajp13 forwarding over socket debug=0 tomcatId=localhost:8009 # define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 group=lb [uri:/cert] info=Colavo Authentication. debug=0 [uri:/] info=Colavo Authentication. debug=0 [uri:/event] info=Colavo Authentication. debug=0 [uri:/status] [uri:/status02] info=Colavo Authentication. debug=0 --- then i added LoadModule jk2_module modules/mod_jk2.so inside httpd.conf file in apache. now i can succesfully run http://serverIP/status http://serverIP/cert?username=password=... this is working fine. but i need to restrict from opening this URL from my systtem that url should ask for authorization required (401 error) but the problem is i am able to run this url of server located in Japan from my system also. which i should restrict. i need to do some changes in httpd.conf file itself.. please help me forward On 4/4/07, JOHN [EMAIL PROTECTED] wrote: Please show us the setup files... - Original Message - From: sunil chandran [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Wednesday, April 04, 2007 9:02 AM Subject: problem in handlins request for JK2 Hello all, I am Sunil C. i have used JK2 connector to connect Apache and Tomcat I am having a servlet (Certserv) folder in webapps folder in Tomcat. i gave uri to that cert program in my workers2.properties file. everything is working fine. but i face a secuirty issue. this machine is in other domain. i mean Japan. i did a remote login and checked the uri . its working fine. the real problem lies ...when i type the uri from my machine. it should show authentication required because that folder is authentication restricted. but now ..i am able to run the uri from machine also. please tell me how can i restrict it. i tried giving : Location /cert JkUriSet worker ajp13:localhost:8009 /Location but it doesnt seem to work. is there something i have to include in my httpd.conf file of Apache? please help me forward thanks in advance. -- Sunil - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Sunil
