Re: Tomcat question
On 4/23/2018 11:46 AM, zahi.f...@gmail.com wrote: I used the “manager” role for basic auth. While testing the web service with postman, I entered my user name and password. Yet, I got unauthorized message (401).. I couldn’t find any explanation for this issue.. What do the log files say? -Terence On 23 Apr 2018, at 19:41, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zahi, On 4/23/18 10:13 AM, zahi.f...@gmail.com wrote: I just copied my users section in the tomcat-users. There is more code - Tomcat users tag.. that shouldn’t be the problem cause I can enter to the tomcat manager page Well, if it shouldn't be a problem then why are you having a problem? - -chris On 23 Apr 2018, at 16:45, Christopher Schultz wrote: Zahi, On 4/23/18 9:38 AM, Zahi Fail wrote: I'm working with Tomcat 9.0.6 version as my servlet, Throughout my jax-rs project i have tried to create basic authentication. While i'm trying to access a post method without the basic auth. it all working well (I got the 200 message from the HTTP server). But, after adding the basic auth. my user name and password doesn't work from some reason.. This is the following code from my web.xml file: http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" version="3.0"> User Management Jersey RESTful Application org.glassfish.jersey.servlet.ServletContainer et- class> jersey.config.server.provider.packages com.journaldev.jaxws.beans Jersey RESTful Application /rest/* simple web resource /rest/Traffic/* POST manager NONE BASIC *and in the tomcat-user.xml i have updated the code as below: * Your tomcat-user.xml file is not a valid XML document. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlreDLYACgkQHPApP6U8 pFhQJg/+MP//p9106wLrS3EG5aqkt6NpG4iZyL7btCRIb1iMQuhF0HGG/mSgtvWe 3/kyfAe81aiBxC6nfhEx9DepSAQ24/6nYLE5vEtInnKZelY7ehaH4/nDb6DVJMer 8C/onpnz7NValh+pecEj4mfhMoWc40poH+L4Ry1u8oiWzjjFW6g8QB37Ac759x7L 9GCHYK88z4fGFdDFSxVGsNMyy+FHgy3Dz+gJplAFXtIctTD7QC1Rk1Js+ioivj7F 6/fC9v0OoApqFAAKKDP/gsYhRP2KAFqgasFnLRU90ic8YLGtJ7GDayhi3EIEgNLz GZIR1VwN0IqYDZ935Bxw1p/gRu6tgSgZS8MOF4jV64RST04p1LymEdmvcR7+N8HX BYRJLYOChI2PjAfh7WmCHXSP8KK8hHA4bWKtuWB0XhLIvurHWE88x2ZwuqnabCAF 9Zh8XLpU7NLjTZGBVXYQPe0/xGVvElWSkVaX8TrIyVNY7qf9Nri+pgOLBdIz3AGy COsoP3o9pMn8CkQPpA0Fq503sUU7GuMZByuGpyWayDxen1P4Gpv5o/YdDivUnJJ2 56NBksROXNVYHDT+mJox/6v7UNya5ssrEIquUtnEzr+3ZdChWtRXzglMPPUWVcdm Ms5XDhKOUUKlHNynT7i+a3eeIOpn4UJZqJiBtp19IFPfN4XcSh4= =ch87 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat question
Zahi, On 23.4.2018. 16:38, Zahi Fail wrote: > This is the following code from my web.xml file: ... > *and in the tomcat-user.xml i have updated the code as below: * ... You need to configure appropriate realm. Did you do that? You can do it in your webapp's context.xml, or in server.xml file, but the former method is recommended, because of easier deployment. Take a look at: https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html If you want to keep usernames and passwords in XML file (like tomcat-users.xml), you should use UserDatabaseRealm, but you also have other options for storing credentials -- e.g. SQL database or LDAP directory. -Ognjen - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat question
I used the “manager” role for basic auth. While testing the web service with postman, I entered my user name and password. Yet, I got unauthorized message (401).. I couldn’t find any explanation for this issue.. > On 23 Apr 2018, at 19:41, Christopher Schultz > wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Zahi, > >> On 4/23/18 10:13 AM, zahi.f...@gmail.com wrote: >> I just copied my users section in the tomcat-users. There is more >> code - Tomcat users tag.. that shouldn’t be the problem cause I can >> enter to the tomcat manager page > > Well, if it shouldn't be a problem then why are you having a problem? > > - -chris > >>> On 23 Apr 2018, at 16:45, Christopher Schultz >>> wrote: >>> >> Zahi, >> > On 4/23/18 9:38 AM, Zahi Fail wrote: I'm working with Tomcat > 9.0.6 version as my servlet, Throughout my jax-rs project i > have tried to create basic authentication. > > While i'm trying to access a post method without the basic > auth. it all working well (I got the 200 message from the > HTTP server). But, after adding the basic auth. my user name > and password doesn't work from some reason.. > > > This is the following code from my web.xml file: > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns="http://java.sun.com/xml/ns/javaee"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; > id="WebApp_ID" version="3.0"> User > Management Jersey > RESTful Application > org.glassfish.jersey.servlet.ServletContainer et- >> > > class> > > >> > jersey.config.server.provider.packages > com.journaldev.jaxws.beans > > Jersey RESTful Application > /rest/* > > simple web resource > /rest/Traffic/* > POST > manager > > NONE > > BASIC > > > > *and in the tomcat-user.xml i have updated the code as below: > * > > rolename="manager-status"/> > password="s3cret" roles="manager-gui"/> username="admin" password="falcon" roles="manager"/> >> >> Your tomcat-user.xml file is not a valid XML document. >> >> -chris >>> >>> - >>> >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> - >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlreDLYACgkQHPApP6U8 > pFhQJg/+MP//p9106wLrS3EG5aqkt6NpG4iZyL7btCRIb1iMQuhF0HGG/mSgtvWe > 3/kyfAe81aiBxC6nfhEx9DepSAQ24/6nYLE5vEtInnKZelY7ehaH4/nDb6DVJMer > 8C/onpnz7NValh+pecEj4mfhMoWc40poH+L4Ry1u8oiWzjjFW6g8QB37Ac759x7L > 9GCHYK88z4fGFdDFSxVGsNMyy+FHgy3Dz+gJplAFXtIctTD7QC1Rk1Js+ioivj7F > 6/fC9v0OoApqFAAKKDP/gsYhRP2KAFqgasFnLRU90ic8YLGtJ7GDayhi3EIEgNLz > GZIR1VwN0IqYDZ935Bxw1p/gRu6tgSgZS8MOF4jV64RST04p1LymEdmvcR7+N8HX > BYRJLYOChI2PjAfh7WmCHXSP8KK8hHA4bWKtuWB0XhLIvurHWE88x2ZwuqnabCAF > 9Zh8XLpU7NLjTZGBVXYQPe0/xGVvElWSkVaX8TrIyVNY7qf9Nri+pgOLBdIz3AGy > COsoP3o9pMn8CkQPpA0Fq503sUU7GuMZByuGpyWayDxen1P4Gpv5o/YdDivUnJJ2 > 56NBksROXNVYHDT+mJox/6v7UNya5ssrEIquUtnEzr+3ZdChWtRXzglMPPUWVcdm > Ms5XDhKOUUKlHNynT7i+a3eeIOpn4UJZqJiBtp19IFPfN4XcSh4= > =ch87 > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org >
Re: Tomcat question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zahi, On 4/23/18 10:13 AM, zahi.f...@gmail.com wrote: > I just copied my users section in the tomcat-users. There is more > code - Tomcat users tag.. that shouldn’t be the problem cause I can > enter to the tomcat manager page Well, if it shouldn't be a problem then why are you having a problem? - -chris >> On 23 Apr 2018, at 16:45, Christopher Schultz >> wrote: >> > Zahi, > On 4/23/18 9:38 AM, Zahi Fail wrote: I'm working with Tomcat 9.0.6 version as my servlet, Throughout my jax-rs project i have tried to create basic authentication. While i'm trying to access a post method without the basic auth. it all working well (I got the 200 message from the HTTP server). But, after adding the basic auth. my user name and password doesn't work from some reason.. This is the following code from my web.xml file: >>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" version="3.0"> User Management Jersey RESTful Application org.glassfish.jersey.servlet.ServletContainer class> > jersey.config.server.provider.packages com.journaldev.jaxws.beans Jersey RESTful Application /rest/* simple web resource /rest/Traffic/* POST manager NONE BASIC *and in the tomcat-user.xml i have updated the code as below: * >>> rolename="manager-status"/> >>> password="s3cret" roles="manager-gui"/> >>> username="admin" password="falcon" roles="manager"/> > > Your tomcat-user.xml file is not a valid XML document. > > -chris >> >> - >> >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlreDLYACgkQHPApP6U8 pFhQJg/+MP//p9106wLrS3EG5aqkt6NpG4iZyL7btCRIb1iMQuhF0HGG/mSgtvWe 3/kyfAe81aiBxC6nfhEx9DepSAQ24/6nYLE5vEtInnKZelY7ehaH4/nDb6DVJMer 8C/onpnz7NValh+pecEj4mfhMoWc40poH+L4Ry1u8oiWzjjFW6g8QB37Ac759x7L 9GCHYK88z4fGFdDFSxVGsNMyy+FHgy3Dz+gJplAFXtIctTD7QC1Rk1Js+ioivj7F 6/fC9v0OoApqFAAKKDP/gsYhRP2KAFqgasFnLRU90ic8YLGtJ7GDayhi3EIEgNLz GZIR1VwN0IqYDZ935Bxw1p/gRu6tgSgZS8MOF4jV64RST04p1LymEdmvcR7+N8HX BYRJLYOChI2PjAfh7WmCHXSP8KK8hHA4bWKtuWB0XhLIvurHWE88x2ZwuqnabCAF 9Zh8XLpU7NLjTZGBVXYQPe0/xGVvElWSkVaX8TrIyVNY7qf9Nri+pgOLBdIz3AGy COsoP3o9pMn8CkQPpA0Fq503sUU7GuMZByuGpyWayDxen1P4Gpv5o/YdDivUnJJ2 56NBksROXNVYHDT+mJox/6v7UNya5ssrEIquUtnEzr+3ZdChWtRXzglMPPUWVcdm Ms5XDhKOUUKlHNynT7i+a3eeIOpn4UJZqJiBtp19IFPfN4XcSh4= =ch87 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat question
I just copied my users section in the tomcat-users. There is more code - Tomcat users tag.. that shouldn’t be the problem cause I can enter to the tomcat manager page > On 23 Apr 2018, at 16:45, Christopher Schultz > wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Zahi, > >> On 4/23/18 9:38 AM, Zahi Fail wrote: >> I'm working with Tomcat 9.0.6 version as my servlet, Throughout my >> jax-rs project i have tried to create basic authentication. >> >> While i'm trying to access a post method without the basic auth. it >> all working well (I got the 200 message from the HTTP server). But, >> after adding the basic auth. my user name and password doesn't work >> from some reason.. >> >> >> This is the following code from my web.xml file: >> >> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; >> xmlns="http://java.sun.com/xml/ns/javaee"; >> xsi:schemaLocation="http://java.sun.com/xml/ns/javaee >> http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" >> version="3.0"> User Management >> Jersey RESTful Application >> org.glassfish.jersey.servlet.ServletContainer class> >> >> > >> jersey.config.server.provider.packages >> com.journaldev.jaxws.beans >>Jersey >> RESTful Application >> /rest/* >> >> simple web resource >> /rest/Traffic/* >> POST >> manager >> >> NONE >> >> BASIC >> >> >> >> *and in the tomcat-user.xml i have updated the code as below: * >> >> >> > username="tomcat" password="s3cret" roles="manager-gui"/> > username="admin" password="falcon" roles="manager"/> > > Your tomcat-user.xml file is not a valid XML document. > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrd42sACgkQHPApP6U8 > pFgd5g//RbtTrIYovq1dF9AfNcDJWD7uT7d3v3PVidCRY+Z+QRUdrRnAXjBwWy/0 > jtUcyDmOcTqSbptA9QXWn84XZFv+AlFpBDIgDHFLKZn1HOJASK3o/QHtLZJ8VOg0 > 13WQGgQJwAsMQHfpq4FW2EaPSK0YT/kUvCZq4093DxuGeCWnxc6NsBFgfSt9bOCk > gGPfcrRAosr+8QJvTZ1Q07OoBThto2gk2TolY7JUG6tnwKkJwu1djB82O6WHqfNK > TWmzaRGus6CvqXKdY90mAZQg0cV48Q/sbBZPAmR3IQaYVww0m2uRyHnuPda2f3Y4 > mzwSyrv+dDMtsFX1gzNCfIS4VdRpbLTQjagB2vhTm2Ce4e+ktDP7oOqlXK+ZY/Wv > ZiFYCYBrsFPMzS2x31giE+T5ZuXY+PQ8OdPUsyFXLcdi2BNJ82FmuYsyNqCyFQ5L > CyW5aI5heOcCME/mJ0FJzHlGbudHre8jrWgZ+/cUmQy/w9zEq9eW63oT/Vsb5ZEi > 1OTvSFZAwDbbDbQmshDQKUKTK3EtKpoN6o7NsjvPbzfSfy+j1+OUJ34zoSZ/hf20 > yF+ysF1wEeCkTMTn+4vhHmLyfQmM19VQiTXrLPdLwS/DT/Ytnoja2Uu4YXGHqQkr > mLxvHS5UNnCb3QXRZJksE8wCy1z6Nl7d4zKSPDyZI2jtL/21YOc= > =nLjE > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Zahi, On 4/23/18 9:38 AM, Zahi Fail wrote: > I'm working with Tomcat 9.0.6 version as my servlet, Throughout my > jax-rs project i have tried to create basic authentication. > > While i'm trying to access a post method without the basic auth. it > all working well (I got the 200 message from the HTTP server). But, > after adding the basic auth. my user name and password doesn't work > from some reason.. > > > This is the following code from my web.xml file: > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > xmlns="http://java.sun.com/xml/ns/javaee"; > xsi:schemaLocation="http://java.sun.com/xml/ns/javaee > http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" > version="3.0"> User Management > Jersey RESTful Application > org.glassfish.jersey.servlet.ServletContainer > > > jersey.config.server.provider.packages > com.journaldev.jaxws.beans >Jersey > RESTful Application > /rest/* > > simple web resource > /rest/Traffic/* > POST > manager > > NONE > > BASIC > > > > *and in the tomcat-user.xml i have updated the code as below: * > > >username="tomcat" password="s3cret" roles="manager-gui"/> username="admin" password="falcon" roles="manager"/> Your tomcat-user.xml file is not a valid XML document. - -chris -BEGIN PGP SIGNATURE- Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlrd42sACgkQHPApP6U8 pFgd5g//RbtTrIYovq1dF9AfNcDJWD7uT7d3v3PVidCRY+Z+QRUdrRnAXjBwWy/0 jtUcyDmOcTqSbptA9QXWn84XZFv+AlFpBDIgDHFLKZn1HOJASK3o/QHtLZJ8VOg0 13WQGgQJwAsMQHfpq4FW2EaPSK0YT/kUvCZq4093DxuGeCWnxc6NsBFgfSt9bOCk gGPfcrRAosr+8QJvTZ1Q07OoBThto2gk2TolY7JUG6tnwKkJwu1djB82O6WHqfNK TWmzaRGus6CvqXKdY90mAZQg0cV48Q/sbBZPAmR3IQaYVww0m2uRyHnuPda2f3Y4 mzwSyrv+dDMtsFX1gzNCfIS4VdRpbLTQjagB2vhTm2Ce4e+ktDP7oOqlXK+ZY/Wv ZiFYCYBrsFPMzS2x31giE+T5ZuXY+PQ8OdPUsyFXLcdi2BNJ82FmuYsyNqCyFQ5L CyW5aI5heOcCME/mJ0FJzHlGbudHre8jrWgZ+/cUmQy/w9zEq9eW63oT/Vsb5ZEi 1OTvSFZAwDbbDbQmshDQKUKTK3EtKpoN6o7NsjvPbzfSfy+j1+OUJ34zoSZ/hf20 yF+ysF1wEeCkTMTn+4vhHmLyfQmM19VQiTXrLPdLwS/DT/Ytnoja2Uu4YXGHqQkr mLxvHS5UNnCb3QXRZJksE8wCy1z6Nl7d4zKSPDyZI2jtL/21YOc= =nLjE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat question
Hello, I'm working with Tomcat 9.0.6 version as my servlet, Throughout my jax-rs project i have tried to create basic authentication. While i'm trying to access a post method without the basic auth. it all working well (I got the 200 message from the HTTP server). But, after adding the basic auth. my user name and password doesn't work from some reason.. This is the following code from my web.xml file: http://www.w3.org/2001/XMLSchema-instance"; xmlns="http://java.sun.com/xml/ns/javaee"; xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"; id="WebApp_ID" version="3.0"> User Management Jersey RESTful Application org.glassfish.jersey.servlet.ServletContainer jersey.config.server.provider.packages com.journaldev.jaxws.beans Jersey RESTful Application /rest/* simple web resource /rest/Traffic/* POST manager NONE BASIC *and in the tomcat-user.xml i have updated the code as below: * On Mon, Apr 23, 2018 at 4:34 PM, Olaf Kock wrote: > > > On 23.04.2018 14:49, Zahi Fail wrote: > >> This is the following code from my web.xml file: >> >> >> >> >> > Images are the least popular medium to communicate code. And on this list, > this is actually enforced: Images are stripped. Please post the actual text > - that should be even easier than creating screenshots. > > Olaf > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat question
Hello Zahi, As it is said in http://tomcat.apache.org/lists.html "Please format your messages as plain text, not HTML. Do not send attachments, as they are likely to be removed and ignored by the mailing list server." Just copy and paste the content of your xml files should be enough :) Cheers, Luis 2018-04-23 14:49 GMT+02:00 Zahi Fail : > Hello, > > I'm working with Tomcat 9.0.6 version as my servlet, > Throughout my jax-rs project i have tried to create basic authentication. > > While i'm trying to access a post method without the basic auth. it all > working well (I got the 200 message from the HTTP server). But, after > adding the basic auth. my user name and password doesn't work from some > reason.. > > > This is the following code from my web.xml file: > > > > and in the tomcat-user.xml i have updated the code as below: > > > > thanks, > Tzahi File > -- "Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." - Samuel Beckett
Re: Tomcat question
On 23.04.2018 14:49, Zahi Fail wrote: This is the following code from my web.xml file: Images are the least popular medium to communicate code. And on this list, this is actually enforced: Images are stripped. Please post the actual text - that should be even easier than creating screenshots. Olaf - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 10/22/12 2:47 PM, Adamus, Steven J. wrote: > You need to push back and tell your Security Auditors that the Java > and Jasper compilers are required for Tomcat. Provide any > documentation they require. Thank you for ending the madness. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlCFsdcACgkQ9CaO5/Lv0PClnQCfTCaUv8PqfjiauS8QDBMwtgR1 30cAoK7Bs7YSsfHrlmrNAFsp2itAJ9vG =WWPs -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Steve, Thank you...!! I have been but I needed another voicethank you .. thank you and Thanks You Enjoy the day! -Original Message- From: Adamus, Steven J. [mailto:steven.j.ada...@saic.com] Sent: Monday, October 22, 2012 2:47 PM To: Tomcat Users List; users-subscr...@tomcat.apache.org Subject: RE: tomcat question Maxie, You're probably referring to a DoD or similar security requirement. In the Web Server STIG, Rule ID SV-2236r8 says, "Installation of compilers on production web server is prohibited." The explanation provided is, "The presence of a compiler on a production server facilitates the malicious user's task of creating custom versions of programs and installing Trojan Horses or viruses. For example, the attacker's code can be uploaded and compiled on the server under attack." There are exceptions to this rule, The same STIG says, "This check does not prohibit the use of the .Net Framework or the Java compiler for Oracle", and "An exception is the Java Development Kit installed in conjunction with a WebSphere service or Java Server Page (JSP)". You need to push back and tell your Security Auditors that the Java and Jasper compilers are required for Tomcat. Provide any documentation they require. Steve -Original Message- From: users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Wiley, Maxie Sent: Monday, October 22, 2012 6:18 AM To: users-subscr...@tomcat.apache.org; users@tomcat.apache.org Subject: tomcat question ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Thanks for your time and support! Maxie Wiley III - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Maxie, You're probably referring to a DoD or similar security requirement. In the Web Server STIG, Rule ID SV-2236r8 says, "Installation of compilers on production web server is prohibited." The explanation provided is, "The presence of a compiler on a production server facilitates the malicious user's task of creating custom versions of programs and installing Trojan Horses or viruses. For example, the attacker's code can be uploaded and compiled on the server under attack." There are exceptions to this rule, The same STIG says, "This check does not prohibit the use of the .Net Framework or the Java compiler for Oracle", and "An exception is the Java Development Kit installed in conjunction with a WebSphere service or Java Server Page (JSP)". You need to push back and tell your Security Auditors that the Java and Jasper compilers are required for Tomcat. Provide any documentation they require. Steve -Original Message- From: users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org [mailto:users-return-237320-STEVEN.J.ADAMUS=saic@tomcat.apache.org] On Behalf Of Wiley, Maxie Sent: Monday, October 22, 2012 6:18 AM To: users-subscr...@tomcat.apache.org; users@tomcat.apache.org Subject: tomcat question ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Thanks for your time and support! Maxie Wiley III - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat question
On 22/10/2012 14:18, Wiley, Maxie wrote: > ALL, > > Is it possible to remove an installation of a compiler on a production web > server(tomcat)? If there is a way to remove the compiler or is it required in > order for the system to function properly. Could you please send me a > precise summary of why and any steps that can be taken to mitigate any > potential risk associated with the compiler remaining in place.This is for s > security issue on my production system. Why does this enhance security? If someone has sufficient access to the machine to use the compiler shipped with Tomcat, you are already in a lot more trouble than they will be able to inflict just by having access to Tomcat's JDT compiler. p -- [key:62590808] signature.asc Description: OpenPGP digital signature
RE: tomcat question
> -Original Message- > From: Wiley, Maxie [mailto:maxie.wi...@serco-na.com] > Sent: Monday, October 22, 2012 8:18 AM > To: users-subscr...@tomcat.apache.org; users@tomcat.apache.org > Subject: tomcat question > > ALL, > > Is it possible to remove an installation of a compiler on a production > web server(tomcat)? If there is a way to remove the compiler or is it > required in order for the system to function properly. Could you > please send me a precise summary of why and any steps that can be > taken to mitigate any potential risk associated with the compiler > remaining in place.This is for s security issue on my production > system. > > > Thanks for your time and support! > Maxie Wiley III > Try it on a test system and see what happens. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Remove the tomcat compilter? -Original Message- From: Jose María Zaragoza [mailto:demablo...@gmail.com] Sent: Monday, October 22, 2012 9:25 AM To: Tomcat Users List Subject: Re: tomcat question 2012/10/22 André Warnier : > Wiley, Maxie wrote: >> >> >> Is it possible to remove an installation of a compiler on a >> production web server(tomcat)? Jasper? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat question
Hello Andre, Is it possible to remove an installation of a compiler on a production web server(tomcat?). How can/where can I find out more information on this issue? Thanks -Original Message- From: André Warnier [mailto:a...@ice-sa.com] Sent: Monday, October 22, 2012 9:22 AM To: Tomcat Users List Subject: Re: tomcat question Wiley, Maxie wrote: > ALL, > > Is it possible to remove an installation of a compiler on a production web > server(tomcat)? If there is a way to remove the compiler or is it required in > order for the system to function properly. Could you please send me a > precise summary of why and any steps that can be taken to mitigate any > potential risk associated with the compiler remaining in place.This is for s > security issue on my production system. > Certainly. As soon as you tell us how much you are willing to pay for such a comprehensive analysis and report. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat question
2012/10/22 André Warnier : > Wiley, Maxie wrote: >> >> >> Is it possible to remove an installation of a compiler on a production web >> server(tomcat)? Jasper? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat question
Wiley, Maxie wrote: ALL, Is it possible to remove an installation of a compiler on a production web server(tomcat)? If there is a way to remove the compiler or is it required in order for the system to function properly. Could you please send me a precise summary of why and any steps that can be taken to mitigate any potential risk associated with the compiler remaining in place.This is for s security issue on my production system. Certainly. As soon as you tell us how much you are willing to pay for such a comprehensive analysis and report. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: TomCat question
> From: David Smith [mailto:[EMAIL PROTECTED] > Subject: Re: TomCat question > > That depends on the all important version of tomcat you are using. > Versions 5.5.x and 6.0.x at least should run on a j2se no problem. I think you're confusing the OP's question with the more typical one about JRE vs JDK. Tomcat versions prior to 5.5 required a JDK due to the dependence on javac from the JDK's tools.jar; newer Tomcat levels include a compiler. > > We are porting Sun J2SE to our platform and would like to > > know if TomCat can run on J2SE. It's Tomcat, not TomCat, and yes, it runs happily on our ported J2SE environment. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TomCat question
> From: Peter Crowther [mailto:[EMAIL PROTECTED] > Subject: RE: TomCat question > > > From: Ghanta, Bose [mailto:[EMAIL PROTECTED] > > "Will Tomcat run with J2SE or does it require J2EE?" > > The ones I have here run just fine on J2SE. Tomcat must be run on J2SE, not J2EE. The J2EE download includes jars that conflict with ones provided by Tomcat itself. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TomCat question
Dear Peter Crowther and David Smith, Thank you very much for your prompt response and I very much appreciate it. You both assured me that TomCat would run fine on J2SE. Have a nice weekend! Thank you, Bose -Original Message- From: Peter Crowther [mailto:[EMAIL PROTECTED] Sent: Friday, October 24, 2008 10:30 AM To: 'Tomcat Users List' Subject: RE: TomCat question > From: Ghanta, Bose [mailto:[EMAIL PROTECTED] > "Will Tomcat run with J2SE or does it require J2EE?" The ones I have here run just fine on J2SE. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: TomCat question
> From: Ghanta, Bose [mailto:[EMAIL PROTECTED] > "Will Tomcat run with J2SE or does it require J2EE?" The ones I have here run just fine on J2SE. - Peter - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: TomCat question
That depends on the all important version of tomcat you are using. Versions 5.5.x and 6.0.x at least should run on a j2se no problem. --David Ghanta, Bose wrote: Dear TomCat community, I need to your advice and I appreciate it very much. We are porting Sun J2SE to our platform and would like to know if TomCat can run on J2SE. "Will Tomcat run with J2SE or does it require J2EE?" I appreciate your input here. Thank you, Bose - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-Question: Inefficient searching for jsp-files?
Thomas-- I see this thread from http://forum.java.sun.com/thread.jspa?threadID=571322&messageID=2827943 here's what sonny says to do...keep in mind this is a TOMCAT group and not IIS group You could use the free installer, it seems to work for some people. heres the link... http://www.shiftomat.com/opensource/ - OR -- If you choose not to use the installer... Assuming IIS and tomcat is up and running. 1. download the connector: (Zip file) http://apache.roweboat.net/jakarta/tomcat-connectors/jk2/binaries/win32/ 2. Unzip the folder: you will see three folders: bin, conf, and doc 3. Move the two files in the bin directory ( install4iis.js and isapi_redirector2.dll ) TO the bin folder of the tomcat installation. 4. You may need to download this : http://www.microsoft.com/downloads/details.aspx?FamilyID=c717d943-7e4b-4622-86e b-95a22b832caa&displaylang=en from microsoft, or you may not have to. try typing cscript in you command line, and see if it recognizes it. ( if the link doesn't work for some reason: search google for scripten.exe ) 5. you can modify the workers file thats in the conf folder or use the one I have. These uri mapping are telling IIS to send these to tomcat. ( you will have to modify the uri to match your applications, and tomcat installation location). Save it as workers.properties in the conf directory of the tomcat installation. [shm] info=Scoreboard. Requried for reconfiguration and status with multiprocess servers. file=C:\Tomcat\logs\jk2.shm size=1048576 # Defines a load balancer named lb. Use even if you only have one machine. [lb:lb] # Example socket channel, override port and host. [channel.socket:localhost:8009] port=8009 host=127.0.0.1 # define the worker [ajp13:localhost:8009] channel=channel.socket:localhost:8009 group=lb [uri:/jsp-examples/*] info=JSP examples, map requests for all JSP pages to Tomcat. #context=/jsp-examples [uri:/servlets-examples/*] info=Servlet examples, map requests for all servlets to Tomcat. #context=/servlets-examples [uri:/MySite/*] info=Test Site [status:] info=Status worker, displays runtime information [uri:/jkstatus/*] info=The Tomcat /jkstatus handler group=status: 6. Open command prompt and go to the bin directory (cd to it) of the tomcat installation (where you put the two files). Your command prompt should look something like.. C:\Tomcat\bin> 7. Type cscript install4iis.js This Installs the vitural directory and adds registery enteries. You can look at the vitural directory it added by opening your iis admin tool. 8. Thas all. You will have to restart IIS and tomcat. Sometimes its a good idea to know how things are actually done, because when you need to change something you know exactly where to go and how to do. ;) Thanks Sonny! HTH Martin-- This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. This email message and any files transmitted with it contain confidential information intended only for the person(s) to whom this email message is addressed. If you have received this email message in error, please notify the sender immediately by telephone or email and destroy the original message without making a copy. Thank you. - Original Message - From: "Thomas Hoffmann (Speed4Trade)" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" Sent: Monday, May 21, 2007 3:07 PM Subject: AW: Tomcat-Question: Inefficient searching for jsp-files? Hi, Tomcat is running with iis, thats right. Tomcat is installed on c:\Programme\ websites are under d:\inetpub thats why i cant use relative paths. -Ursprüngliche Nachricht- Von: Propes, Barry L [mailto:[EMAIL PROTECTED] Gesendet: Montag, 21. Mai 2007 20:56 An: Tomcat Users List Betreff: RE: Tomcat-Question: Inefficient searching for jsp-files? your docBase shouldn't include the absolute path should it? Just the relative path? Besides, that looks totally configured for running files on IIS' server, not (thru) Tomcat's servlet engine. -Original Message- From: Thomas Hoffmann (Speed4Trade) [mailto:[EMAIL PROTECTED] Sent: Monday, May 21, 2007 1:09 PM To: 'Tomcat Users List' Cc: [EMAIL PROTECTED] Subject: AW: Tomcat-Question: Inefficient searching for jsp-files? Hi, my contect-configuratation looks like: when i request e.g. test.jsp from browser my file-monitor show the following harddisc-accesses: d:\ d:\inetpub d:\inetpub\wwwroot d:\inetpub\wwwroot\tyres4trade d:\inetpub\wwwroot\tyres4trade\test.jsp d:\inetpub\wwwroot\tyres4trade\localhost\test.jsp (not found) \tomcat 5.5\work\org\apache\jsp\test_jsp.class i ask myself why does
RE: Tomcat-Question: Inefficient searching for jsp-files?
your docBase shouldn't include the absolute path should it? Just the relative path? Besides, that looks totally configured for running files on IIS' server, not (thru) Tomcat's servlet engine. -Original Message- From: Thomas Hoffmann (Speed4Trade) [mailto:[EMAIL PROTECTED] Sent: Monday, May 21, 2007 1:09 PM To: 'Tomcat Users List' Cc: [EMAIL PROTECTED] Subject: AW: Tomcat-Question: Inefficient searching for jsp-files? Hi, my contect-configuratation looks like: when i request e.g. test.jsp from browser my file-monitor show the following harddisc-accesses: d:\ d:\inetpub d:\inetpub\wwwroot d:\inetpub\wwwroot\tyres4trade d:\inetpub\wwwroot\tyres4trade\test.jsp d:\inetpub\wwwroot\tyres4trade\localhost\test.jsp (not found) \tomcat 5.5\work\org\apache\jsp\test_jsp.class i ask myself why does tomcat start to search from d:\ instead of docBase? -Ursprüngliche Nachricht- Von: Rashmi Rubdi [mailto:[EMAIL PROTECTED] Gesendet: Montag, 21. Mai 2007 19:56 An: Tomcat Users List Betreff: Re: Tomcat-Question: Inefficient searching for jsp-files? On 5/21/07, Thomas Hoffmann (Speed4Trade) <[EMAIL PROTECTED]> wrote: > Hello, > i am using Tomcat 5.5.23. When i request a simple jsp-file > my file-monitor shows me, that tomcat is searching from root. This is > a problem for website with a lot of traffic. A screenshot is attached > to this mail. All attachments are filtered out automatically. Please post the URL of the screen shot and/or other relevant information such as log file contents etc. > The Context-Entry looks like > privileged="true" workdir="" reloadable="fals" /> > > Thanks for suggestions, > Thomas -Regards Rashmi - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat-Question: Inefficient searching for jsp-files?
On 5/21/07, Thomas Hoffmann (Speed4Trade) <[EMAIL PROTECTED]> wrote: Hello, i am using Tomcat 5.5.23. When i request a simple jsp-file my file-monitor shows me, that tomcat is searching from root. This is a problem for website with a lot of traffic. A screenshot is attached to this mail. All attachments are filtered out automatically. Please post the URL of the screen shot and/or other relevant information such as log file contents etc. The Context-Entry looks like Thanks for suggestions, Thomas -Regards Rashmi - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]