Re: Tomcat Manager 403's with LDAP Realm

[Mark Thomas]

On 17/02/2024 21:42, Dan McLaughlin wrote:

We've had the same LDAP realm configured for probably 10 years, and the
same roles in our LDAP for probably the same.  We have 4 roles configured
in LDAP manager-gui, manager-jmx, manager-script, and manager-status.  My
user only has the manager-gui role.  Everything has worked fine up until
about the time we moved to Tomcat 10.1.   Now, I can log in just fine, but
if I try to click stop, start, reload, or undeploy, I always get a 403.  I
don't see any errors in the logs telling me why.  Does anyone have pointers
on debugging this?  My user only has the manager-gui role; the only users
with the JMX or script roles are the users I use for Nagios monitoring of
JMX parameters.

FYI... I can't reproduce it using Tomcat 10.1 running in docker using the
same LDAP realm configuration, so that tells me it has nothing to do with
the roles not being correct...and they should be correct since they haven't
changed since I set things up probably 10 years ago.   The only change has
been the upgrade of Tomcat.  Could CSRF somehow be involved?  It might be
about when CSRF was introduced that I started having issues. I haven't
tried removing the filter yet, only because it really doesn't seem related
based on my understanding of how the filter works.

If someone knows the specific packages, I might want to bump up the logging
on; that would probably be most helpful at this point.


Try:

org.apache.catalina.filters.CsrfPreventionFilter.level=ALL

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager App and Federation

[Mark Thomas]

On 14/04/2023 16:45, Robert Hicks wrote:

Does the manager app support something like Apache CXF to authenticate
people to the manager application or is the manager application only
accessible through username/password?


The Manager web application will work with any configured Authenticator 
and Realm, including those provided by CXF.


Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager

[Mark Thomas]

On 24/02/2021 20:18, Robert Hicks wrote:
> Is there a way (my google-fu is failing) to use the command line version of
> the manager but not have the front end UI available at all?

Remove the HTMLManager servlet entries from WEB-INF/web.xml

You may also wish to remove the Status servlet and the JMXProxy servlet
as well.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager

[Robert Wigfall]

I have been looking into something similar...I have not tested anything
yet. Hopefully it helps you and informs me of any flaws.

How about restricting access to tomcat manager via remote ip
restriction
https://tomcat.apache.org/tomcat-9.0-doc/manager-howto.html#Configuring_Manager_Application_Access


and 

using your choice of command-line tool to interact. I planned to
use/test tomcat-manager: 
https://tomcatmanager.readthedocs.io/en/stable/install.html


Best Regards,


Robert

On Wed, 2021-02-24 at 15:18 -0500, Robert Hicks wrote:
> [EXTERNAL EMAIL ALERT]: Verify sender before opening links or
> attachments.
> 
> Is there a way (my google-fu is failing) to use the command line
> version of
> the manager but not have the front end UI available at all?
> 
> Thanks,
> 
> Bob



signature.asc
Description: This is a digitally signed message part

Re: Tomcat manager keystore reload

[logo]

Chris,

Now this is taking a weird direction…


> Am 30.07.2019 um 16:57 schrieb Christopher Schultz 
> mailto:ch...@christopherschultz.net>>:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> Peter,
> 
> On 7/30/19 05:19, logo wrote:
>> Hi Chris,
>> 
>> I am also trying to figure this out and get to the same error.
>> 
>>> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch
>>> mailto:kingcanut...@gmail.com>>:
>>> 
>>> Hello,
>>> 
>>> I have a CRL configured in my tomcat server configuration. If I
>>> update it and want to have Tomcat refresh it, I can login into 
>>> https://127.0.0.1/manager/html  and click 
>>> the "Re-read" button
>>> under "Configuration->Re-read TLS configuration files" and this
>>> causes my CRL to be reread. It works great.
>>> 
>>> However,I have read here, " 
>>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr 
>>> 





>> If I query with the jmxproxy-Servlet I get to 
>> Catalina:type=ProtocolHandler,port=8443, but I cannot figure out
>> the necessary address. How can I find it? Once I add an address
>> (127.0.0.1, localhost or DNSs...) , I get exactly "OK - Number of
>> results: 0". That may be the cause of the above
>> java.lang.NullPointerException.
>> 
>> If I omit the address it I get a detailed stacktrace, with all
>> sorts of IO exceptions/Illegal argument exceptions that relate to
>> the actual code of AbstractJsseEndpoint/AbstractEndpoint and
>> reloadSslHostConfigs.
>> 
>> Could you please help us here? If I only want to reload one
>> specific HostConfig, how do I set the hostname parameter?
>> 
>> I looked at your letsencrypt script 
>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/lets-encrypt- 
>> 
> renew.sh,
>> 
>> 
> but that requires the address already as a parameter...
> 
> The best thing to do is connect with a JMX client such as VisualVM or
> perhaps one that your IDE provides. If you connect, you can see what
> JMX paths are actually available instead of just guessing at them.
> 
> Use the screenshots in the Let's Encrypt presentation (and possibly
> the related screenshots in the "Monitoring Apache Tomcat with JMX"
> presentation as well) to help you find the correct protocol handler path
> .
> 

I used jconsole to get to the ProtocolHandler. There is an error opening the 
panel
"Error setting Operation panel :org.apache.tomcat.util.net.SSLHostConfig“

And if I reload the SSLHostConfigs with the panel button I get the 
IllegalStateException - again.

Now before you ask, there is my config:


  
  

  
  

  
  

  
  

  
  

  


Any idea why?

Thanks

Peter

> - -chris
> -BEGIN PGP SIGNATURE-
> Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ 
> 
> 
> iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1AWt4ACgkQHPApP6U8
> pFhqvxAAoRDPDxU1poECO+s/q/kcWXaoLKE0WrE4rmlasViRuuMdn7QtLJJZ7s0Q
> MaKk0LeJ+p/fT9fAuQ0Ysm75MhLy88Xj6SvR60mroPQZM1ONkgQ9EzLyYWiMPgt0
> alPu0z5Nqk5CW4fl4El4tLFysdniRr7WfYUdt/inwhuJSGWylVMyzqAEIVpmMsHk
> hpAoB+TWSPL8DLJMauLP64AF+gIO/RTfyM4dtC8yZJqXiSpntF8Eq5JtR2Q4y5UZ
> ijzA/rMmpQB0I1yTpExicaveMfIWYZg/2rfGh1hh3dP4dyQ4dYR2ZalmRoEW6rhZ
> zf+1nhmrByIuEoboozxgkDcLOfpXMCnG0yHtz8rAewcUci4UHabddcpLVlV+0Ilg
> yOADCYwnU8gmnD6vb1fI0B0O8OMr/VyCbhsWklOUyFBmZD64XYC4rkmGQAVhRR97
> qWrV1/Rs09Oq1zY0zpzJnRD5xmumsi/uuJ6T7kEhaK1KdT6wkDImParq2n5dnhm/
> 3smAZDpS3Nh246oyldpVuxOJpQxEWfHX+GZyAZfAJ0t/OgNV/Xq61Cz0Mr4z5iML
> fGKKpPxDB0DEWAm8RT11tyzAqk/Mwlx/KE+pxqIM+OCDY1rpkpMEYAIgFA8S1Hd5
> Y7cFNQC207nA6TuUOgnZeHzLVw2iqQIbSPqKTuwiT4j3fCbbCXQ=
> =K62u
> -END PGP SIGNATURE-
> 
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org 
> 
> For additional commands, e-mail: users-h...@tomcat.apache.org 
> 

smime.p7s
Description: S/MIME cryptographic signature

Re: Tomcat manager keystore reload

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joseph,

On 7/29/19 13:55, Joseph Dornisch wrote:
>> Joseph,
>> 
>> On 7/25/19 11:53, Joseph Dornisch wrote:
>>> Hello,
>>> 
>>> I have a CRL configured in my tomcat server configuration. If
>>> I update it and want to have Tomcat refresh it, I can login
>>> into https://127.0.0.1/manager/html and click the "Re-read"
>>> button under "Configuration->Re-read TLS configuration files"
>>> and this causes my CRL to be reread. It works great.
>>> 
>>> However,I have read here, " 
>>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Enc
ry
>>
>>> 
pt%20Apache%20Tomcat.pdf"
>>> 
>>> 
>> on page 34 you can do basically the same thing with a command
>> something
>>> like: 
>>> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocol
Ha
>>
>>> 
ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>>> 
>>> When I do this, I get back:
>>> 
>>> Error - java.lang.NullPointerException 
>>> java.lang.NullPointerException at 
>>> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(
JM
>>
>>> 
XProxyServlet.java:264)
>> 
>> What
>>> 
>> is the port number and bind-address of your protocol handler?
> 
> Is this different than the web server. I directed it to use 443, as
> I am running tomcat https out of 443. I also just specified the
> local machine name. I think I tried a few things here. Is there a
> good way to look up what these should be if they are different than
> how you access tomcat in genera.?
> 
>> 
>>> Is this command supposed to work in Tomcat 8.5.43? Is there a 
>>> different command. Short of this, the only way to force reload 
>>> without manual intervention seems to be to login to the
>>> manager from code, and then execute 
>>> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters
.C
>>
>>> 
SRF_NONCE=
>>> 
>>> 
>> 
>> 
>> The URL you have above (if correct) is using the manager to do
>> the same thing using the JMX proxy that you are doing with the
>> manager GUI.
> 
> It's only incorrect in that I changed the 'NONCE' to text for the
> purpose of hopefully making it more readable here. It does work to
> reload the configuration (and specifically reread my CRL files).
> 
>> 
>>> I've seen that I might also write some code that Tomcat itself 
>>> would run periodically to refresh the SSL configuration. Could 
>>> anyone provide any ideas here?
>> 
>> You can do it, but IMO it's better to trigger it externally,
>> assuming that you are already deploying the manager app and the
>> JMX proxy servlet
> 
> Apparently we might have security issues if we run the manager
> application in production so right now I am planning on extending
> the Http11NioProtocol class to periodically refresh as is done in: 
> https://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-cer
tificate-without-being-restarted

I
> 
would reconsider using manager+JMX. You can lock it down a bit so
that it will e.g. only accept connections from localhost and you can
put a password on it. Your scripts will have to contain that password
but you can make sure those scripts are only readable by e.g. the
Tomcat user and you should be okay.

> Thank you for responding Chris, if you have any additional advice,
> I'd be very happy to read it. (or if anyone else wants to add
> advice, I'd be happy to read that as well).


Please see my reply under the original thread. I think it will help.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl1AXyQACgkQHPApP6U8
pFgZUQ//Xc4znBTXwGE0SkHbHPm2D86Q+0vudwwx1osM8x2F2KA2kiIhKYTCJZQh
ApBixExuLpjWWQ02oCrrl0NzdmUbxC8e2WvQRnF6XWB9/f1gLbMIgOVQDjYa4FWB
IiHljPO5AABiYeIUjDWE6a7Stffh3BYAJ04D1f3xMLh9uciuXPvKbnny7zWNbC/j
xzTNRndNtTmYippzIhRjPFjjaBfz3KLVST9WnU1bgXDFbgbMRCL5tSs27dvT8nOX
SNI8RoZGFMc+V1A1RnviuKZJ2DxnELcusKW0P4Zqc8Rrrpc6cspm6x+fC2AtOK6I
WaIeRj4w5f04VkaUH87CDfXYCyGEcGc6wkxZMK6y5QrZleBpvL8j9aujmqVX1yJE
4Q9y5RN4vKoq+S9RUEHSlXrjIkWoNoCRIOD7zofdUrswdJ+Ovf0Av6OjUaTN4XNX
GflZ7HqPmQ4rQV3fVE8yDm/wyvyLWxEn7COg38976/ZrPUs6gf2WuegP/SMgDp+n
IoyuJJ85jvlcr9AyE0GhjNCkb3TC/GKNKM1rGxB/sBagWTtCH3HDfJX5DMWlfFXp
LCbRjJ1wEX3XJqspKAhUcJiuFNZIN0zWGQkULOwJm+d9JmmPGriOP3r1kJ6h3V5F
FjUwp1ndKgh6p0CWbdrsHnatwzqAlfiNxyLzCyPmpe91urriy3I=
=RI2q
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager keystore reload

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Peter,

On 7/30/19 05:19, logo wrote:
> Hi Chris,
> 
> I am also trying to figure this out and get to the same error.
> 
>> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch
>> :
>> 
>> Hello,
>> 
>> I have a CRL configured in my tomcat server configuration. If I
>> update it and want to have Tomcat refresh it, I can login into 
>> https://127.0.0.1/manager/html and click the "Re-read" button
>> under "Configuration->Re-read TLS configuration files" and this
>> causes my CRL to be reread. It works great.
>> 
>> However,I have read here, " 
>> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encr
ypt%20Apache%20Tomcat.pdf"
>>
>> 
on page 34 you can do basically the same thing with a command something
>> like: 
>> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolH
andler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>>
>>
>> 
When I do this, I get back:
>> 
>> Error - java.lang.NullPointerException 
>> java.lang.NullPointerException at
>> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(J
MXProxyServlet.java:264)
>>
>> 
at
org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServ
let.java:207)
>> at
>> org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.jav
a:116)
>>
>> 
at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) 
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:231)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52
)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRed
irectFilter.java:250)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilt
er.java:356)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetChar
acterEncodingFilter.java:128)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:193)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt
erChain.java:166)
>> at
>> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCh
aracterEncodingFilter.java:109)
>>
>> 
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica
tionFilterChain.java:193)
>> at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:166)
>>
>> 
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv
e.java:199)
>> at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:96)
>>
>> 
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticator
Base.java:610)
>> at
>> org.apache.catalina.valves.RequestFilterValve.process(RequestFilterVa
lve.java:348)
>>
>> 
at
org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:5
2)
>> at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:137)
>>
>> 
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java
:81)
>> at
>> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAcce
ssLogValve.java:660)
>>
>> 
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.
java:87)
>> at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:343)
>>
>> 
at
org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:79
8)
>> at
>> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLig
ht.java:66)
>>
>> 
at
org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractPro
tocol.java:808)
>> at
>> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpo
int.java:1498)
>>
>> 
at
org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.j
ava:49)
>> at
>> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.
java:1149)
>>
>> 
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.ja
va:624)
>> at
>> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskTh
read.java:61)
>>
>> 
at java.lang.Thread.run(Thread.java:748)
>> 
>> Is this command supposed to work in Tomcat 8.5.43? Is there a
>> 

Re: Tomcat manager keystore reload

[logo]

Hi Chris, 

I am also trying to figure this out and get to the same error. 

> Am 25.07.2019 um 17:53 schrieb Joseph Dornisch : 
> 
> Hello,
> 
> I have a CRL configured in my tomcat server configuration. If I update it
> and want to have Tomcat refresh it, I can login into
> https://127.0.0.1/manager/html and click the "Re-read" button under
> "Configuration->Re-read TLS configuration files" and this causes my CRL to
> be reread. It works great.
> 
> However,I have read here, "
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encrypt%20Apache%20Tomcat.pdf"
> on page 34 you can do basically the same thing with a command something
> like:
> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHandler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
> 
> When I do this, I get back:
> 
> Error - java.lang.NullPointerException
> java.lang.NullPointerException
> at 
> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JMXProxyServlet.java:264)
> at 
> org.apache.catalina.manager.JMXProxyServlet.invokeOperation(JMXProxyServlet.java:207)
> at org.apache.catalina.manager.JMXProxyServlet.doGet(JMXProxyServlet.java:116)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.AbstractRedirectFilter.doFilter(AbstractRedirectFilter.java:250)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:356)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> com.arl.servlet.core.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:128)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:109)
> at 
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
> at 
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
> at 
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:199)
> at 
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
> at 
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:610)
> at 
> org.apache.catalina.valves.RequestFilterValve.process(RequestFilterValve.java:348)
> at org.apache.catalina.valves.RemoteAddrValve.invoke(RemoteAddrValve.java:52)
> at 
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
> at 
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81)
> at 
> org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:660)
> at 
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
> at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:798)
> at 
> org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
> at 
> org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:808)
> at 
> org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1498)
> at 
> org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
> at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
> at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
> at 
> org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
> at java.lang.Thread.run(Thread.java:748)
> 
> Is this command supposed to work in Tomcat 8.5.43? Is there a different
> command. Short of this, the only way to force reload without manual
> intervention seems to be to login to the manager from code, and then execute
> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.CSRF_NONCE=
> 
> 
> 

Re: Tomcat manager keystore reload

[Joseph Dornisch]

> Joseph,
>
> On 7/25/19 11:53, Joseph Dornisch wrote:
> > Hello,
> >
> > I have a CRL configured in my tomcat server configuration. If I
> > update it and want to have Tomcat refresh it, I can login into
> > https://127.0.0.1/manager/html and click the "Re-read" button
> > under "Configuration->Re-read TLS configuration files" and this
> > causes my CRL to be reread. It works great.
> >
> > However,I have read here, "
> > https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encry
> pt%20Apache%20Tomcat.pdf"
> >
> >
> on page 34 you can do basically the same thing with a command something
> > like:
> > https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHa
> ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
> >
> >  When I do this, I get back:
> >
> > Error - java.lang.NullPointerException
> > java.lang.NullPointerException at
> > org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JM
> XProxyServlet.java:264)
>
> What
> >
> is the port number and bind-address of your protocol handler?

Is this different than the web server. I directed it to use 443, as I am
running tomcat https out of 443. I also just specified the local machine
name. I think I tried a few things here. Is there a good way to look up
what these should be if they are different than how you access tomcat in
genera.?

>
> > Is this command supposed to work in Tomcat 8.5.43? Is there a
> > different command. Short of this, the only way to force reload
> > without manual intervention seems to be to login to the manager
> > from code, and then execute
> > https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.C
> SRF_NONCE=
> >
> >
> 
>
> The URL you have above (if correct) is using the manager to do the
> same thing using the JMX proxy that you are doing with the manager GUI.

It's only incorrect in that I changed the 'NONCE' to text for the purpose
of hopefully making it more readable here. It does work to reload the
configuration (and specifically reread my CRL files).

>
> > I've seen that I might also write some code that Tomcat itself
> > would run periodically to refresh the SSL configuration. Could
> > anyone provide any ideas here?
>
> You can do it, but IMO it's better to trigger it externally, assuming
> that you are already deploying the manager app and the JMX proxy servlet

Apparently we might have security issues if we run the manager application
in production so right now I am planning on extending the Http11NioProtocol
class to periodically refresh as is done in:
https://serverfault.com/questions/328533/can-tomcat-reload-its-ssl-certificate-without-being-restarted

Thank you for responding Chris, if you have any additional advice, I'd be
very happy to read it. (or if anyone else wants to add advice, I'd be happy
to read that as well).
> .
>
> - -chris

Re: Tomcat manager keystore reload

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Joseph,

On 7/25/19 11:53, Joseph Dornisch wrote:
> Hello,
> 
> I have a CRL configured in my tomcat server configuration. If I
> update it and want to have Tomcat refresh it, I can login into 
> https://127.0.0.1/manager/html and click the "Re-read" button
> under "Configuration->Re-read TLS configuration files" and this
> causes my CRL to be reread. It works great.
> 
> However,I have read here, " 
> https://people.apache.org/~schultz/ApacheCon%20NA%202018/Let's%20Encry
pt%20Apache%20Tomcat.pdf"
>
> 
on page 34 you can do basically the same thing with a command something
> like: 
> https://localhost/manager/jmxproxy?invoke=Catalina%3Atype%3DProtocolHa
ndler%2Cport%3D8443%2Caddress%3D%22127.0.0.1%22=reloadSslHostConfigs
>
>  When I do this, I get back:
> 
> Error - java.lang.NullPointerException 
> java.lang.NullPointerException at
> org.apache.catalina.manager.JMXProxyServlet.invokeOperationInternal(JM
XProxyServlet.java:264)

What
> 
is the port number and bind-address of your protocol handler?

> Is this command supposed to work in Tomcat 8.5.43? Is there a
> different command. Short of this, the only way to force reload
> without manual intervention seems to be to login to the manager
> from code, and then execute 
> https://127.0.0.1/manager/html/sslReload?org.apache.catalina.filters.C
SRF_NONCE=
>
> 


The URL you have above (if correct) is using the manager to do the
same thing using the JMX proxy that you are doing with the manager GUI.

> I've seen that I might also write some code that Tomcat itself
> would run periodically to refresh the SSL configuration. Could
> anyone provide any ideas here?

You can do it, but IMO it's better to trigger it externally, assuming
that you are already deploying the manager app and the JMX proxy servlet
.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl09JyoACgkQHPApP6U8
pFi15RAAxWEnktvq6OHH6VHj5zDfmsLXgxZubc0RpbrMmdGF09xbIrdBoqGd1OKI
t20fkIK8dBkz28Vb3MkXDBS9cYT8Z7qkMcf6R6fjsvwNfWw2P2rf+CNdz5kWz5jv
fnglCaGuoJMKTCZkfIrVt7I/1zfvXDrZWxZz109EzVmX4ouzHBby5icof7P7VM7n
8Wr21117VLRFq9CIPKaPNDROOkLX8kLUmpHqsBsK7srF7EJehd7FVlgidIHDxsq/
t5R8tAzCSBWBkOdCa86JcR+2cRxaqUHpEZqWyDEm1LwbJ+fa9AB1maU47bGUfZX5
Xkc1ow9OZ+DMPEj/6zhwOwG6mpMXOTpAm3GHcrH6kbMQLfzjRio/b0f0KxEq/BfB
LsJb8qyhSs16Jf0k9vLgsQBaX2LBZCaGY1ywMXItPTUnpgJ5eN9M8G931TFWPlBU
M5AFlmgOic5qwXijPKNd3T7RWPKIjdn0EzExCOwK4jYkP57vMyPhfFqn+SL+4rku
2frYBKZYbwLHci1dUNzGb0m8JGVaJCg96CSxu6pYc7dzkP2YdxYgQLMw8D/U9j+m
i26wEiedmJvFIsg7wlMoa4VudLqsEDL3HyeisHwTu4mRa7ONjU4XUOIDmNaJFBvG
skQTLqEkfEAL/dMEN8STsXU38r2MWjHnCqllryUokIfPAG40SPA=
=sTqX
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Fw: Re: Tomcat Manager keeps asking for Authentication

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Karen,

On 12/23/18 01:04, Karen Goh wrote:
> 
> 
> --- On Sun, 12/23/18, Karen Goh  wrote:
> 
>> From: Karen Goh  Subject: Re: Tomcat
>> Manager keeps asking for Authentication To: "Tomcat Users List"
>>  Date: Sunday, December 23, 2018, 1:40
>> PM
>> 
>>  On Sat, 12/22/18,
>> Mark Thomas  wrote:
>> 
>> Subject: Re: Tomcat Manager keeps asking for Authentication To:
>> users@tomcat.apache.org Date: Saturday, December 22, 2018, 7:56
>> PM
>> 
>> On 22/12/2018 09:12, Karen Goh wrote:
>>> 
>>> I am
>> running Netbean 8.2 and am trying to study a web project from
>> github.
>>> 
>>> It
>> was stated that certain pages are constrained by the Tomcat Role,
>> in order to view the Admin panel.
>>> 
>> 
>>> So, what I did was to alter the
>> Tomcat C:\Program Files\Apache Software Foundation\Apache Tomcat 
>> 8.0.27\conf\tomcat-user.xml
>> 
>> Note: 8.0.x has reached end of life and is no longer supported.
>> 
>>> 
>>> And here's what I added:
>>> 
>>> 
>> 
>>> > rolename="tomcat"/>
>>> 
>> 
>>> > rolename="manager-gui"/>
>>> 
>> > username="tomcat"/>
>>> 
>> 
>>> 
>> 
>>> 
>> > username="me"/>
>>> 
>> 
>> 
>> Are you sure the above is not commented out?
>> 
>> Mark
>> 
>> Hello Mark,
>> 
>> Thanks for your reply and thanks for your last reply about the
>> changing the xml file in which I havn't thank you cos I was
>> grappling with so many things...
>> 
>> I just found out that this guy he is using some kind of 'embedded
>> Tomcat' to do the work I am not very sure though.
>> 
>> And so I was trying to edit an external Tomcat server thus it
>> never works.
>> 
>> I am quite new to the way it was done cos eventually I found it
>> inside apache-tomcat inside the AppData !
>> 
>> C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\t
omcat-user.xml
>>
>>
>> 
Can I know what is this method about?
>> 
> In addition, I'd like to know how to clean Tomcat directory in this
> case?
> 
> Cos now after examining the server log, I saw an error : The
> reference to entity "ampUseLegacyDatetimeCode" must end with the
> ';' delimiter.)
> 
> So, I edited the persistence.xml to ;
> 
> jdbc:mysql://localhost:3306/music_store?autoReconnect=true;UseLegacyDa
tetimeCode=false;serverTimezone=UTC;seSSL=False"/>

You
> 
want to use  between the parameters. You removed the & which
are important, but since they are in an XML file, they need to be
converted into 

> But, it still gives me the old error.

At this point, I'm not sure what and how many questions you are
asking. Can you post a new thread with your complete question in it?

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwo0v4ACgkQHPApP6U8
pFgs4hAAmj/ubFir9RzQ/WfkncOqCzVrIb7R2YNmtIWIxMH8io30/hSH79qhmdsF
Ei6I21qLJWzdsWVuGCmkL2SqD17B/sZy8qXsLFKDo0CbYscf0IdSVQJMpdaWU6Do
gpYzWjWWedwNQrjNaTTxFRQYmsh4gUQKRl2XSqF4Og48dN7oE1ilCkNexy9UBAc7
APWWbZeqwTFMYClHkQXBTAz5UYzUOYe2HJned004rLDE2LSx/LQv1pDNdagG+27v
1FArLzAXV71ENRTltLHmVkw5+SD7DiO4DoFERsJvCUGUUIsC5stbLFaW+R//FW/F
dLCA0D+fWG9oP6hdJUR+aSPtXHSnh+hOwVbKsSlNPmtN6Gf0ArObnbTN1eCzUPVK
q5xN2P/hITblLwyXJypZn4Qm3a50aOxSYcEsRNxl8sUAkKnvWDUc4HNEijNnSW4v
l5l3ol2vyedUeHBIR3JRnWaIIL9ykQsWS+yHCvJ2pEzQ1Eq/Ofm++TUN2gx97cZe
mzXtnfI6D0OOjCgOSANCZsuy4JjdllBWfbQHYPGCk9Tk6Ttp0jtfLRLVKLgMPGLe
71YXkhHvwKy1VL/Lnd5UiT50fz5OH7E4KfwiBnBZWwbUewCQY+clr//Ke8SWkUBr
e+qb/y0OnNKgn6OzwzNn66tAzDk+utoxUrQcM3g3r99Kpn3sEXY=
=U7hg
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Fw: Re: Tomcat Manager keeps asking for Authentication

[Karen Goh]

--- On Sun, 12/23/18, Karen Goh  wrote:

> From: Karen Goh 
> Subject: Re: Tomcat Manager keeps asking for Authentication
> To: "Tomcat Users List" 
> Date: Sunday, December 23, 2018, 1:40 PM
> 
> 
> On Sat, 12/22/18, Mark Thomas 
> wrote:
> 
>  Subject: Re: Tomcat Manager keeps
> asking for Authentication
>  To: users@tomcat.apache.org
>  Date: Saturday, December 22, 2018,
> 7:56 PM
>  
>  On 22/12/2018 09:12, Karen Goh
>  wrote:
>  > 
>  > I am
>  running Netbean 8.2 and am trying to
> study a web project
>  from github.
>  > 
>  > It
>  was stated that certain pages are
> constrained by the Tomcat
>  Role, in order to view the Admin
> panel.
>  >
>  
>  > So, what I did was to alter the
> Tomcat
>  C:\Program Files\Apache Software
> Foundation\Apache Tomcat
>  8.0.27\conf\tomcat-user.xml
>  
>  Note: 8.0.x has reached end of life
> and is no
>  longer supported.
>  
>  > 
>  > And here's what I added:
>  > 
>  >
>  
>  >        rolename="tomcat"/>
>  >   
>    
>  >        rolename="manager-gui"/>
>  > 
>        roles="tomcat,manager-gui"
>  username="tomcat"/>
>  >   
>      roles="tomcat,role1"
>  username="both"/>
>  >     
>   roles="role1"
>  username="role1"/>
>  >     
>roles="manager-script, administrator"
>  username="me"/>
>  >
>  
>  
>  Are
>  you sure the above is not commented
> out?
>  
>  Mark
> 
> Hello Mark,
> 
> Thanks for your reply and thanks for
> your last reply about the changing the xml file in which I
> havn't thank you cos I was grappling with so many things...
> 
> I just found out that this guy he is
> using some kind of 'embedded Tomcat' to do the work I am not
> very sure though.
> 
> And so I was trying to edit an external
> Tomcat server thus it never works.
> 
> I am quite new to the way it was done
> cos eventually I found it inside apache-tomcat inside the
> AppData !
> 
> C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\tomcat-user.xml
> 
> Can I know what is this method about?
> 
In addition, I'd like to know how to clean Tomcat directory in this case?

Cos now after examining the server log, I saw an error :
The reference to entity "ampUseLegacyDatetimeCode" must end with the ';' 
delimiter.)

So, I edited the persistence.xml to ;

jdbc:mysql://localhost:3306/music_store?autoReconnect=true;UseLegacyDatetimeCode=false;serverTimezone=UTC;seSSL=False"/>

But, it still gives me the old error.


> 
>  
> 
> -
>  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
>  For additional commands, e-mail: users-h...@tomcat.apache.org
>  
>  

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager keeps asking for Authentication

[Karen Goh]

On Sat, 12/22/18, Mark Thomas  wrote:

 Subject: Re: Tomcat Manager keeps asking for Authentication
 To: users@tomcat.apache.org
 Date: Saturday, December 22, 2018, 7:56 PM
 
 On 22/12/2018 09:12, Karen Goh
 wrote:
 > 
 > I am
 running Netbean 8.2 and am trying to study a web project
 from github.
 > 
 > It
 was stated that certain pages are constrained by the Tomcat
 Role, in order to view the Admin panel.
 >
 
 > So, what I did was to alter the Tomcat
 C:\Program Files\Apache Software Foundation\Apache Tomcat
 8.0.27\conf\tomcat-user.xml
 
 Note: 8.0.x has reached end of life and is no
 longer supported.
 
 > 
 > And here's what I added:
 > 
 >
 
 >      
 >   
   
 >      
 > 
     
 >   
   
 >     
 
 >     
 
 >
 
 
 Are
 you sure the above is not commented out?
 
 Mark

Hello Mark,

Thanks for your reply and thanks for your last reply about the changing the xml 
file in which I havn't thank you cos I was grappling with so many things...

I just found out that this guy he is using some kind of 'embedded Tomcat' to do 
the work I am not very sure though.

And so I was trying to edit an external Tomcat server thus it never works.

I am quite new to the way it was done cos eventually I found it inside 
apache-tomcat inside the AppData !

C:\Users\xxx\\Roaming\NetBeans\8.2\apache-tomcat-8.0.27.0_base\conf\tomcat-user.xml

Can I know what is this method about?


 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager keeps asking for Authentication

[Mark Thomas]

On 22/12/2018 09:12, Karen Goh wrote:


I am running Netbean 8.2 and am trying to study a web project from github.

It was stated that certain pages are constrained by the Tomcat Role, in order 
to view the Admin panel.

So, what I did was to alter the Tomcat C:\Program Files\Apache Software 
Foundation\Apache Tomcat 8.0.27\conf\tomcat-user.xml


Note: 8.0.x has reached end of life and is no longer supported.



And here's what I added:


 
 
 
 
 
 
 



Are you sure the above is not commented out?

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager Server Status Errors After 8.5.35

[Mark Thomas]

On 14/11/2018 17:20, Habib Zurrububabel wrote:
> Tomcat Manager Server Status Errors After updating from 8.5.34 to 8.5.35.
> OS is Red Hat Enterprise Linux Server release 6.8 (Santiago).  Manager log
> shows: javax.management.AttributeNotFoundException:  Cannot find attribute
> maxThreads for org.apache.tomcat.util.net.SocketProperties@207af361
> 

Not sure why this isn't working but it sounds like a bug and I see that
you have opened one. Thanks. This should get addressed for the next
round of releases.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hans,

On 10/15/18 03:17, Hans Schou wrote:
> On Fri, 12 Oct 2018 at 14:12, Mark Thomas 
> wrote:
> 
>> 
>> For the HTTP connector processing proxied traffic originally
>> received over HTTPS you want: SSLEnabled="false" scheme="https" 
>> secure="true"
>> 
> 
> Thanks, this one is working exactly as expected:
> 
>  connectionTimeout="2" SSLEnabled="false" scheme="https" 
> secure="true" />
> 
> A bonus is that I now got forced use of SSL.

Note that port 8080 being TLS might be "surprising" to some clients.

- -chris
-BEGIN PGP SIGNATURE-
Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/

iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlvInk4ACgkQHPApP6U8
pFjJhQ/9Em7SIjQY1EYUHdQQJHJlDKpF6leMw9eRgTZBsQm6KpjN7mHPxWSjnM6/
mlagtyAkKbC43k+a5oqn/NIPsCSGoLCT3aHR/ZkAktxc8D4Fckl9nzBvjAyKq3+E
w2bfE6DrNeLefRNEyAYLoEXq4A/GlAP9MudZELtW9M+U1dzN9BdKfMVmE7qznESG
kxg3cvoMb/cmn4jRjHvPfd9wN6bDT02JUOrQzxqMyqQXvdDbrn7iWVYE9R5Q6Tc4
21ZtqIglwO8p1GUll2hz1amnMLSl1nWdwQ0Li1Iy5q3nSZ4at+Q5EYHlSagAtd0h
Vj4dAIDZZeONrHi3368cI2BFYtlo4SReczpAtubZ1CJaucHQ/evJ5AT1XPvXymav
KaoFSzl8k5a8b+rYjRC0YOgcZRWCm89aqPGeps6fABHfe+86CNGIXH4l4whSyOJm
+ObdbSiYDKmGeokuJYnh4RRrThZf7EbQTJya6dJE7za4JRZ6Qh7Ayah7X1MZzcZC
x/wxKkORjhBYxIJUIjX0DBv/MsSzzkS1OH76mZXSu91hVKnpr5QDBxMvEFuJ7Tv5
oJGk/Y1JWsLaQTQN9Jj6alQTTqxnusHoguVMcm1NqAwC3D+bO1XXBq+CURcbKx6x
Sfu/KOzHMedQiZOVBSDVNF1k0k5UsyVfM5+T9rZCR0lsHcRqCz4=
=8bbY
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

[Hans Schou]

On Fri, 12 Oct 2018 at 14:12, Mark Thomas  wrote:

>
> For the HTTP connector processing proxied traffic originally received
> over HTTPS you want:
> SSLEnabled="false"
> scheme="https"
> secure="true"
>

Thanks, this one is working exactly as expected:

   

A bonus is that I now got forced use of SSL.

-- 
Venlig hilsen - best regards

Hans Schou

Re: Tomcat/manager/ disable redirect from HTTPS to HTTP

[Mark Thomas]

On 12/10/18 12:18, Hans Schou wrote:
> Hi
> 
> I have a Tomcat 8.5 with Java 1.8 on Windows with Nginx reverse proxy.
> 
> When I access https://joe:p4zzw...@example.org/manager/ the request goes to
> Nginx, which proxy_pass it to http://srv321.local:8080/
> 
> Authentication appears right away but the first response from Tomcat is
>   Location: http://example.org/manager/html?NONCE...
> note the SSL has been cut off.

Since Nginx is switching from HTTPS->HTTP on the way in, my initial
expectation would be that Nginx should switch from HTTP->HTTPS on the
way back out.

Note that it isn't quite as simple as 'just' switching the protocol.
Nginx also needs to take account of things like setting the secure
attribute on any cookies.

You can configure your way around this on Tomcat. To ensure a secure
configuration, you need to ensure that any traffic proxied via Nginx
received over HTTPS and any traffic proxied via Nginx received over HTTP
(if any) go to separate HTTP connectors on Tomcat.

For the HTTP connector processing proxied traffic originally received
over HTTPS you want:
SSLEnabled="false"
scheme="https"
secure="true"

For the HTTP connector processing proxied traffic originally received
over HTTP you want:
SSLEnabled="false"
scheme="http"
secure="false"

Mark

> 
> I can then manually go to the URL and change 'http' to 'https' and then it
> works fine with SSL all the way around.
> 
> The location redirect has been seen on the network with "tcpdump -X", to
> make sure it was not Nginx which was redirecting something.
> 
> In webapps/WEB-INF/web.xml I have tried add:
> 
> 
> HTTPSOnly
> /*
> 
> 
> CONFIDENTIAL
> 
> 
> but that did not work either.
> 
> Is there a way to avoid being redirected from HTTPS to HTTP?
> 
> Thanks.
> 
> --
> 
> Venlig hilsen - best regards
> 
> Hans Schou
> 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager gui hangs on web-app reload for one web-app not others

[Mitch Claborn]

PS - my Thunderbird has a "Reply List" button for this mailing list.


Mitch

On 09/20/2018 09:41 AM, Shawn Heisey wrote:

On 9/20/2018 8:30 AM, Bill Harrelson wrote:
Looking back through my sent folder I realize that I have been 
replying directly to people that posted directly to me instead of the 
list.


I see from message headers that you're using Thunderbird.

In Options/Advanced, open the config editor and change the setting for 
"mail.override_list_reply_to" to false.  You can do this by 
double-clicking on the setting.  That will fix this so that when you 
reply to an Apache mailing list, your reply will go to the list.  Apache 
lists use the Reply-To header to indicate where replies should go.


See this bug for a heated discussion about the problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1392371

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager gui hangs on web-app reload for one web-app not others

[Shawn Heisey]

On 9/20/2018 8:30 AM, Bill Harrelson wrote:
Looking back through my sent folder I realize that I have been 
replying directly to people that posted directly to me instead of the 
list.


I see from message headers that you're using Thunderbird.

In Options/Advanced, open the config editor and change the setting for 
"mail.override_list_reply_to" to false.  You can do this by 
double-clicking on the setting.  That will fix this so that when you 
reply to an Apache mailing list, your reply will go to the list.  Apache 
lists use the Reply-To header to indicate where replies should go.


See this bug for a heated discussion about the problem:

https://bugzilla.mozilla.org/show_bug.cgi?id=1392371

Thanks,
Shawn


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager gui hangs on web-app reload for one web-app not others

[Bill Harrelson]

Looking back through my sent folder I realize that I have been replying 
directly to people that posted directly to me instead of the list.


Update:  after trying several suggestions sent to me, which did not 
work, for some reason I decided to switch browsers.
Normally I run the manager-gui in Internet Explorer (it's pretty much 
the only thing I use Explorer for).  But I decided to try Chrome, and, 
lo and behold, it worked!


Now I'll run some other tests to see if I can figure out why Explorer 
isn't working.


Thanks,

Bill


On 9/13/2018 4:14 PM, Bill Harrelson wrote:
Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and 
searched the archives and can't figure this out. We've been running 
tomcat, various versions for about 15 years, always using the 
manager-gui to control hosts. We have one tomcat instance running 8 
hosts, where the manager-gui works fine for all but one of them. I've 
compared /conf/Catalina/WEBAPPname/manager.xml with others that are 
working and they are identical. I've compared the directory name with 
the name in server.xml and it's identical. Behavior - when I start the 
manager-gui for that web-app, it logs in and starts fine. I can see 
sessions, I can see Server Status, etc.  all seems to work, except: - 
if I click on Reload or Stop, it just sits and spins and eventually 
times out. Every other host manager gui gets an immediate tab name 
update, then completes, changing the url. This one web-app does none 
of that. When this happens there are no entries in the catalina log, 
the tomcat stderror log, or the web-app access log I can't figure out 
where to look next. Any help would be appreciated. Thanks. It's a test 
server and having to restart all of tomcat to change the test 
configuration is slowing work way down. Bill

RE: tomcat manager gui hangs on web-app reload for one web-app not others

[Jäkel , Guido]

Dear Bill,

usually the Tomcat is configured in such a way that it watches the file  
.../WEB-INF/web.xml  of your application an reload the application then. If you 
use autodeploy of a WAR, it's the same with the archive file.

Said that, may you please try to reload your application by just touching a 
watched file? If you use this second way to command a reload, the issue should 
be narrowed in that way that the Tomcat itself works well and enter the 
shutdown lifecycle of the servlet container. And then it's caused by the 
application don't to react on this.

Guido

>-Original Message-
>From: Bill Harrelson [mailto:bill.harrel...@accordare.com]
>Sent: Thursday, September 13, 2018 10:14 PM
>To: users@tomcat.apache.org
>Subject: tomcat manager gui hangs on web-app reload for one web-app not others
>
>Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
>searched the archives and can't figure this out. We've been running
>tomcat, various versions for about 15 years, always using the
>manager-gui to control hosts. We have one tomcat instance running 8
>hosts, where the manager-gui works fine for all but one of them. I've
>compared /conf/Catalina/WEBAPPname/manager.xml with others that are
>working and they are identical. I've compared the directory name with
>the name in server.xml and it's identical. Behavior - when I start the
>manager-gui for that web-app, it logs in and starts fine. I can see
>sessions, I can see Server Status, etc.  all seems to work, except: -
>if I click on Reload or Stop, it just sits and spins and eventually
>times out. Every other host manager gui gets an immediate tab name
>update, then completes, changing the url. This one web-app does none of
>that. When this happens there are no entries in the catalina log, the
>tomcat stderror log, or the web-app access log I can't figure out where
>to look next. Any help would be appreciated. Thanks. It's a test server
>and having to restart all of tomcat to change the test configuration is
>slowing work way down. Bill

Re: tomcat manager gui hangs on web-app reload for one web-app not others

[Louis Zipes]

Also any Microsoft patch differences between the working and non working 
environments and beware of the issue with a patch that was released recently 
and how it affects ports.

> On Sep 13, 2018, at 6:36 PM, Mark Thomas  wrote:
>
> - - - external message, proceed with caution - - -
>
>
>> On 13/09/18 21:14, Bill Harrelson wrote:
>> Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
>> searched the archives and can't figure this out. We've been running
>> tomcat, various versions for about 15 years, always using the
>> manager-gui to control hosts. We have one tomcat instance running 8
>> hosts, where the manager-gui works fine for all but one of them. I've
>> compared /conf/Catalina/WEBAPPname/manager.xml with others that are
>> working and they are identical. I've compared the directory name with
>> the name in server.xml and it's identical. Behavior - when I start the
>> manager-gui for that web-app, it logs in and starts fine. I can see
>> sessions, I can see Server Status, etc.  all seems to work, except: -
>> if I click on Reload or Stop, it just sits and spins and eventually
>> times out. Every other host manager gui gets an immediate tab name
>> update, then completes, changing the url. This one web-app does none of
>> that. When this happens there are no entries in the catalina log, the
>> tomcat stderror log, or the web-app access log I can't figure out where
>> to look next. Any help would be appreciated. Thanks. It's a test server
>> and having to restart all of tomcat to change the test configuration is
>> slowing work way down. Bill
>
> Take 3 thread dumps ~5 seconds apart. Take a look for threads that pass
> through org.apache.catalina.manager.*
>
> Mark
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

Re: tomcat manager gui hangs on web-app reload for one web-app not others

[Mark Thomas]

On 13/09/18 21:14, Bill Harrelson wrote:
> Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
> searched the archives and can't figure this out. We've been running
> tomcat, various versions for about 15 years, always using the
> manager-gui to control hosts. We have one tomcat instance running 8
> hosts, where the manager-gui works fine for all but one of them. I've
> compared /conf/Catalina/WEBAPPname/manager.xml with others that are
> working and they are identical. I've compared the directory name with
> the name in server.xml and it's identical. Behavior - when I start the
> manager-gui for that web-app, it logs in and starts fine. I can see
> sessions, I can see Server Status, etc.  all seems to work, except: -
> if I click on Reload or Stop, it just sits and spins and eventually
> times out. Every other host manager gui gets an immediate tab name
> update, then completes, changing the url. This one web-app does none of
> that. When this happens there are no entries in the catalina log, the
> tomcat stderror log, or the web-app access log I can't figure out where
> to look next. Any help would be appreciated. Thanks. It's a test server
> and having to restart all of tomcat to change the test configuration is
> slowing work way down. Bill

Take 3 thread dumps ~5 seconds apart. Take a look for threads that pass
through org.apache.catalina.manager.*

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat manager gui hangs on web-app reload for one web-app not others

[Louis Zipes]

What Operating System is Tomcat running on?

-Original Message-
From: Bill Harrelson [mailto:bill.harrel...@accordare.com]
Sent: Thursday, September 13, 2018 4:14 PM
To: users@tomcat.apache.org
Subject: tomcat manager gui hangs on web-app reload for one web-app not others

- - - external message, proceed with caution - - -


Tomcat 8.0.14, Java 1.8.0_91. I've looked through StackOverflow and
searched the archives and can't figure this out. We've been running
tomcat, various versions for about 15 years, always using the
manager-gui to control hosts. We have one tomcat instance running 8
hosts, where the manager-gui works fine for all but one of them. I've
compared /conf/Catalina/WEBAPPname/manager.xml with others that are
working and they are identical. I've compared the directory name with
the name in server.xml and it's identical. Behavior - when I start the
manager-gui for that web-app, it logs in and starts fine. I can see
sessions, I can see Server Status, etc.  all seems to work, except: -
if I click on Reload or Stop, it just sits and spins and eventually
times out. Every other host manager gui gets an immediate tab name
update, then completes, changing the url. This one web-app does none of
that. When this happens there are no entries in the catalina log, the
tomcat stderror log, or the web-app access log I can't figure out where
to look next. Any help would be appreciated. Thanks. It's a test server
and having to restart all of tomcat to change the test configuration is
slowing work way down. Bill

---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager weirdness on a Google Compute instance

[James H. H. Lampert]

I discovered that somehow, the "max-file-size" and
"max-request-size" in manager/WEB-INF/web.xml had reverted from
our standard setting of 500M, to the factory setting of 50M.


On 9/6/18, 10:42 AM, Louis Zipes wrote:

Does the file show a modified date/time that could point to at least
a timing for the action?


When I got the question, I'd already changed two of the prototype 
instances, but there was one left.


That was the newest of the prototype instances, created August 16th. And 
the date stamp on the manager/WEB-INF/web.xml is August 24th.


Which is odd, given that this prototype instance was created by cloning 
another prototype instance, and loading it with different webapp contexts.


--
JHHL


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Manager weirdness on a Google Compute instance

[Louis Zipes]

I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.

Does the file show a modified date/time that could point to at least a timing 
for the action?

-Original Message-
From: Mark Thomas [mailto:ma...@apache.org]
Sent: Thursday, September 06, 2018 1:41 PM
To: Tomcat Users List
Subject: Re: Tomcat Manager weirdness on a Google Compute instance

- - - external message, proceed with caution - - -


On 06/09/18 18:32, James H. H. Lampert wrote:
> (cross-posted to the gce-discussion Google group)
>
> Ladies and Gentlemen:
>
> I just experienced something very odd.
>
> It seems that this morning, when I tried to upload a WAR file to the
> prototype instance for one of my instance groups, I kept repeatedly
> hitting a brick wall: as soon as the upload passed the 2% mark, it would
> abort, and I'd get a "Connection reset" error page.
>
> After some troubleshooting, following the Sherlock Holmes axiom (once
> you eliminate the impossible, whatever remains, however unlikely, must
> be true), I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.
>
> And I found that the same had happened with the prototype instance for
> another instance group.
>
> Can anybody shed any light on this? Some sort of automatic update?

Definitely not from any sort of automatic update on the Tomcat side.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

---
CONFIDENTIALITY NOTICE: This message is for intended addressee(s) only and may 
contain information that is confidential, proprietary or exempt from 
disclosure. If you are not the intended recipient, please contact the sender 
immediately. Unauthorized use or distribution is prohibited and may be unlawful.

Re: Tomcat Manager weirdness on a Google Compute instance

[Mark Thomas]

On 06/09/18 18:32, James H. H. Lampert wrote:
> (cross-posted to the gce-discussion Google group)
> 
> Ladies and Gentlemen:
> 
> I just experienced something very odd.
> 
> It seems that this morning, when I tried to upload a WAR file to the
> prototype instance for one of my instance groups, I kept repeatedly
> hitting a brick wall: as soon as the upload passed the 2% mark, it would
> abort, and I'd get a "Connection reset" error page.
> 
> After some troubleshooting, following the Sherlock Holmes axiom (once
> you eliminate the impossible, whatever remains, however unlikely, must
> be true), I discovered that somehow, the "max-file-size" and
> "max-request-size" in manager/WEB-INF/web.xml had reverted from our
> standard setting of 500M, to the factory setting of 50M.
> 
> And I found that the same had happened with the prototype instance for
> another instance group.
> 
> Can anybody shed any light on this? Some sort of automatic update?

Definitely not from any sort of automatic update on the Tomcat side.

Mark

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager application not using custom ErrorReportingValve !

[Mark Thomas]

On 30/07/2015 07:18, Utkarsh Dave wrote:
 Hi All,
 
 My application has a custom reporting valve in server.xml
 
   Host appBase=webapps autoDeploy=true deployOnStartup=false
 errorReportValveClass=com.path.valves.CustomErrorReportValve
 name=localhost unpackWARs=true
 
 But when I try to access https://server/manager
 I get normal error window page of (the tomcat error page is at
 /tomcat/webapps/manager/WEB-INF/jsp/403.jsp
 
 403 Unauthorized
 
 You are not authorized to view this page. If you have not changed any
 configuration files, please examine the file conf/tomcat-users.xml in your
 installation. That file must contain the credentials to let you use this
 webapp.
 ..
 
 How to have the manager application use the custom error valve ?

Application configured error pages take precedence over any error
reporting valve.

 Do i need to configure manager application separately?

You could remove the error page settings from the Manager app's web.xml.

Mark


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager application not using custom ErrorReportingValve !

[Utkarsh Dave]

Thanks a lot Mark.

On Thu, Jul 30, 2015 at 11:50 AM, Mark Thomas ma...@apache.org wrote:

 On 30/07/2015 07:18, Utkarsh Dave wrote:
  Hi All,
 
  My application has a custom reporting valve in server.xml
 
Host appBase=webapps autoDeploy=true deployOnStartup=false
  errorReportValveClass=com.path.valves.CustomErrorReportValve
  name=localhost unpackWARs=true
 
  But when I try to access https://server/manager
  I get normal error window page of (the tomcat error page is at
  /tomcat/webapps/manager/WEB-INF/jsp/403.jsp
  
  403 Unauthorized
 
  You are not authorized to view this page. If you have not changed any
  configuration files, please examine the file conf/tomcat-users.xml in
 your
  installation. That file must contain the credentials to let you use this
  webapp.
  ..
 
  How to have the manager application use the custom error valve ?

 Application configured error pages take precedence over any error
 reporting valve.

  Do i need to configure manager application separately?

 You could remove the error page settings from the Manager app's web.xml.

 Mark


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager command issue

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Vicky,

On 8/20/13 10:07 AM, vicky wrote:
 I need to deploy the applications in TOmcat via command line
 
 For this I am using the following manager commands for deploying my
 application.
 
 http://peadj2001301vfe:1581/manager/text/deploy?path=/probewar=file:/local/apps/probe.war

  The problem is this command works fine when i execute this URL in
 browser but the deployment fails when i run the same command via
 wget on my linux machine
 
 wget -O deploy
 http://peadj2001301vfe:1581/manager/text/deploy?path=/probewar=file:/tmp/probe.war

Have
 
you tried putting the URL for wget in 'single quotes'? Your shell
may be splitting your command into two commands: one 'wget' command
and the other 'war=file:/...'.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSE4OVAAoJEBzwKT+lPKRY45oP/0Gnel3AnyKtdPVUmSrirVHr
tfcCT1HfLC+aD+iNmbLnq6jP2hQ28+WoX3ufP0k9NC8RvbXHGZoz8kM54Wk7cgxs
26KC2zbUWclSzURu90M9PuPzwfiqdVewBFjoICX6f6jiy3thcoCCIdTCek2+p4th
KAKunQlUJVvTeb9EykiavwfmHYeJywJJTDfNpP5NGnh9A3F4bWPqUod14AXMUpqf
jfdhO37MM95zCiBGp2owECQDiMl2OtH7g35AtvblfLYM7BzHPWCbbe00OslluhY3
Gbc6SXfcJn7iPZporZd1TmsclgZJBzXwc++Oj82U7BTJJ+A2NS93unpfYAb/zpNC
7fNDW7z/2er3qAMWRT2NaJfHDzT5Rd/WLA79E4nox91qkUMAMot0f2tYgorhZ1ei
xya0D5pe9Oohh1uLtSENh2194/tKPWW2LCclwl6kaX1phtRyqXWOyF2b3ZqqOuMx
+TwJbVPmkiN7rwG/Cdh9wrugV19N7raJA9H2UvvAhjOnI0VIbzJE7+SNesX+pzsS
HyHKLXxgA00fS7WeIp16216+u1P4KnaCPtYAihvHiWoP2S/yaf6uRXI8GiOKllFr
WbBu9s+9onXSDzecHzlN6avD9EoquqXl/OokR4nxd5LaeefsODFRMOGHP8FsJX//
kx3mxO2hEycV5lvB7s/m
=9fTj
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager command issue

[vicky]

Thanks chris enclosing in single quotes worked, it resolved my issue.

 
 


 From: Christopher Schultz ch...@christopherschultz.net
To: Tomcat Users List users@tomcat.apache.org 
Sent: Tuesday, 20 August 2013 8:26 PM
Subject: Re: Tomcat manager command issue
  

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Vicky,

On 8/20/13 10:07 AM, vicky wrote:
 I need to deploy the applications in TOmcat via command line
 
 For this I am using the following manager commands for deploying my
 application.
 
 http://peadj2001301vfe:1581/manager/text/deploy?path=/probewar=file:/local/apps/probe.war

  The problem is this command works fine when i execute this URL in
 browser but the deployment fails when i run the same command via
 wget on my linux machine
 
 wget -O deploy
 http://peadj2001301vfe:1581/manager/text/deploy?path=/probewar=file:/tmp/probe.war

Have
 
you tried putting the URL for wget in 'single quotes'? Your shell
may be splitting your command into two commands: one 'wget' command
and the other 'war=file:/...'.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.14 (Darwin)
Comment: GPGTools - http://gpgtools.org/
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJSE4OVAAoJEBzwKT+lPKRY45oP/0Gnel3AnyKtdPVUmSrirVHr
tfcCT1HfLC+aD+iNmbLnq6jP2hQ28+WoX3ufP0k9NC8RvbXHGZoz8kM54Wk7cgxs
26KC2zbUWclSzURu90M9PuPzwfiqdVewBFjoICX6f6jiy3thcoCCIdTCek2+p4th
KAKunQlUJVvTeb9EykiavwfmHYeJywJJTDfNpP5NGnh9A3F4bWPqUod14AXMUpqf
jfdhO37MM95zCiBGp2owECQDiMl2OtH7g35AtvblfLYM7BzHPWCbbe00OslluhY3
Gbc6SXfcJn7iPZporZd1TmsclgZJBzXwc++Oj82U7BTJJ+A2NS93unpfYAb/zpNC
7fNDW7z/2er3qAMWRT2NaJfHDzT5Rd/WLA79E4nox91qkUMAMot0f2tYgorhZ1ei
xya0D5pe9Oohh1uLtSENh2194/tKPWW2LCclwl6kaX1phtRyqXWOyF2b3ZqqOuMx
+TwJbVPmkiN7rwG/Cdh9wrugV19N7raJA9H2UvvAhjOnI0VIbzJE7+SNesX+pzsS
HyHKLXxgA00fS7WeIp16216+u1P4KnaCPtYAihvHiWoP2S/yaf6uRXI8GiOKllFr
WbBu9s+9onXSDzecHzlN6avD9EoquqXl/OokR4nxd5LaeefsODFRMOGHP8FsJX//
kx3mxO2hEycV5lvB7s/m
=9fTj
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager login

[Mohsen Jamali]

forgot to uncomment usernames and roles!
excuse and thanks :)

On Sat, Sep 22, 2012 at 3:31 PM, Tim Watts t...@cliftonfarm.org wrote:

 On Sat, 2012-09-22 at 14:31 +0330, Mohsen Jamali wrote:
  Hi guys,
  After searching the web about how to deploy a war file on Tomcat.

 The simplest way is to just copy the war file to webapps/ under your
 Tomcat base.  By default Tomcat will automatically deploy it from there.

  i came to
  the conclusion that i should change the /etc/tomcat6/tomcat-users.xml
 file
  and add sth like this :
 
 
 1. role rolename=manager-gui/
 2.   user username=admin password=admin roles=
 standard, manager-gui/
 
 Did you restart Tomcat?

  but after after adding this two lines ang going to
  localhost:8080/manager/html and entering admin as user and pass it
 doesn't
  accept it.

 That's pretty vague.  What DOES it do?

  what's wrong me.
  thanks

Re: tomcat manager login

[Tim Watts]

On Sat, 2012-09-22 at 14:31 +0330, Mohsen Jamali wrote:
 Hi guys,
 After searching the web about how to deploy a war file on Tomcat. 

The simplest way is to just copy the war file to webapps/ under your
Tomcat base.  By default Tomcat will automatically deploy it from there.

 i came to
 the conclusion that i should change the /etc/tomcat6/tomcat-users.xml file
 and add sth like this :
 
 
1. role rolename=manager-gui/
2.   user username=admin password=admin roles=
standard, manager-gui/
 
Did you restart Tomcat?

 but after after adding this two lines ang going to
 localhost:8080/manager/html and entering admin as user and pass it doesn't
 accept it.

That's pretty vague.  What DOES it do?

 what's wrong me.
 thanks



signature.asc
Description: This is a digitally signed message part

Re: tomcat manager with weak password compromised. Any idea about the payload?

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Tom,

On 4/11/12 10:40 PM, Tom H wrote:
 An instance running tomcat 6.0.24 as root

Obviously, you won't make that mistake again.

Was the manager app available to non-localhost clients?

 in our developer network was compromised today by a scanning bot 
 which deployed a war file and then deleted the on disk file,
 before scanning for new hosts until the IDS detected it.

:(

 Obviously this is not a flaw in tomcat, but I was hoping someone
 could give me some pointers to where I might read a write-up of the
 payload, as I would be interested to know to what extent the bot
 took advantage of its root power.

Are you looking for a copy of the uploaded WAR file? If it was
deleted, then your only option is to track-down the deleted inode and
snoop the bits on the disk. I don't believe the manager performs any
auditing of the uploaded WAR files.

 The proc with all the connections was actually perl, and runnings 
 strings on a core  dump of that process reveals many perl stuff.
 (and also the very weak password list)
 
 However googling these facts does not seem to be helping that much,
 any suggestions?

So you have the Perl script itself? Or, it's still running but not
available on the disk? Perl compiles scripts as it runs them, so you
may not be able to get the full-text of the script without some kind
of Perl-oriented forensic decompilation tool.

Sorry you got pwned. If you discover anything about the bot, let us
know. Maybe there's something we can do to help thwart future attacks
(though not running as root and not allowing non-localhost connections
are certainly reasonable things that can already be done).

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEUEARECAAYFAk+HAnkACgkQ9CaO5/Lv0PABfwCY4Uy7uvQn/oxV6VUAxaUmZS7a
DwCgjJg5Q/UbEqbRD9+V3GcwNQu6znc=
=183q
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager WebApp authentication

[Mark Montague]

On November 21, 2011 14:49 , Mark Montague m...@catseye.org wrote:
I need Tomcat 6 to use the authentication performed by the front-end 
webserver without breaking the roles required by the Tomcat Manager 
webapp.


I'm replying to myself to document what I did in case it helps other 
people.  Feedback and criticism are welcome, since I'm new to both 
Tomcat and Java.  André's suggestion, to move authorization into Apache 
HTTPD along with authentication and then delete the servlet's security 
constraints, is much simpler and more practical than the method I 
describe here.


In a default installation of Tomcat 6, the Tomcat Manager web 
application is configured to use the UserDatabaseRealm for 
authentication and authorization.  When authentication is moved to the 
front-end web server by setting the tomcatAuthentication=false 
attribute for the connector, authorization breaks because the servlet 
request object now contains principals of class CoyotePrincipal, which 
do not contain role information, instead of principals of class 
GenericPrincipal, which do contain role information.


My solution (which appears to work, although it is inefficient) is to 
create a new realm named CoyoteUserDatabaseRealm that extends 
UserDatabaseRealm.  CoyoteUserDatabaseRealm overrides the hasrole() 
method in order to convert the principal of class CoyotePrincipal into a 
principal of class GenericPrincipal and then invoking the hasRole() 
method of UserDatabaseRealm.


Instructions for a Unix-based system:

# Download, unpack, and build the Tomcat source code into the directory
# apache-tomcat-6.0.33-src

# Copy and save CoyoteUserDatabaseRealm.java from this email (below).
mkdir -p org/apache/catalina/realm/
# Copy and save org/apache/catalina/realm/mbeans-descriptors.xml from 
this email (below).


# Compile the class and move it into place.
javac -sourcepath ./apache-tomcat-6.0.33-src/java 
CoyoteUserDatabaseRealm.java

mv CoyoteUserDatabaseRealm.class org/apache/catalina/realm/

# Create a .jar file:
jar cf coyote-realm.jar org/

# Install the jar file:
cp coyote-realm.jar $CATALINA_HOME/lib
chcon system_u:object_r:usr_t:s0 $CATALINA_HOME/lib/coyote-realm.jar  # 
for SELinux users only


# Edit $CATALINA_HOME/conf/server.xml
# Change the lines
Realm className=org.apache.catalina.realm.UserDatabaseRealm
 resourceName=UserDatabase/
# to
Realm className=org.apache.catalina.realm.CoyoteUserDatabaseRealm
 resourceName=UserDatabase/

# restart Tomcat so the changes take effect:
service tomcat6 restart


I hope this helps.

--
  Mark Montague
  m...@catseye.org


 start file CoyoteUserDatabaeRealm.java --

package org.apache.catalina.realm;


import java.security.Principal;

import org.apache.catalina.Role;
import org.apache.catalina.User;
import org.apache.catalina.UserDatabase;
import org.apache.catalina.Realm;
import org.apache.catalina.realm.UserDatabaseRealm;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.realm.RealmBase;
import org.apache.catalina.util.StringManager;
import org.apache.catalina.connector.CoyotePrincipal;


public class CoyoteUserDatabaseRealm
extends UserDatabaseRealm
implements Realm
{

protected final String info =
org.apache.catalina.realm.CoyoteUserDatabaseRealm/1.0;

protected static final String name = CoyoteUserDatabaseRealm;

private static StringManager sm =
StringManager.getManager(Constants.Package);


public String getInfo() {
return info;
}


protected String getName() {
return name;
}


public boolean hasRole(Principal principal, String role) {

if (principal instanceof CoyotePrincipal) {
// Look up this user in the UserDatabaseRealm.  The new
// principal will contain UserDatabaseRealm role info.
Principal p = super.getPrincipal(principal.getName());
if (p != null) {
principal = p;
}
}
return super.hasRole(principal, role);

}

}


 end file CoyoteUserDatabaeRealm.java 


 start file org/apache/catalina/realm/mbeans-descriptors.xml -

?xml version=1.0?
mbeans-descriptors
  mbean name=CoyoteUserDatabaseRealm
  description=Realm using CoyotePrincipal connected to a UserDatabase as a 
global JNDI resource
   domain=Catalina
group=Realm
 type=org.apache.catalina.realm.CoyoteUserDatabaseRealm
attribute   name=className
  description=Fully qualified class name of the managed object
 type=java.lang.String
writeable=false/
attribute   name=resourceName
  description=The global JNDI name of the UserDatabase resource to use
 type=java.lang.String/
  /mbean
/mbeans-descriptors

 end file org/apache/catalina/realm/mbeans-descriptors.xml ---

Re: Tomcat Manager WebApp authentication

[Mark Montague]

On November 18, 2011 16:17 , Leo Donahue - PLANDEVX 
leodona...@mail.maricopa.gov wrote:
Is is possible to ... or some other independent source for role 
information?

  A sample using JNDI and active directory in the archives.

  http://www.mail-archive.com/users@tomcat.apache.org/msg74641.html

And a SQL server DataSource Realm example also:

http://www.mail-archive.com/users@tomcat.apache.org/msg75265.html  Last post.


The solutions at those links perform both authentication and role-based 
authorization.  I need just the ability to perform role-based 
authorization when tomcatAuthentication=false for a connector.  Am I 
missing something described in one of the messages linked above?


I turned on all logging for catalina realms and authenticators and found 
that when tomcatAuthentication=true then in 
org.apache.catalina.realm.RealmBase hasResourcePermission(), 
request.getPrincipal() returns an object of class GenericPrincipal, but 
when tomcatAuthentication=false it returns an object of class 
CoyotePrincipal.  And the CoyotePrincipal class does not support roles.


Any advice on how to solve this problem?  I need Tomcat 6 to use the 
authentication performed by the front-end webserver without breaking the 
roles required by the Tomcat Manager webapp.


Here is what happens when tomcatAuthentication=true and the Tomcat 
Manager webapp works:


Nov 21, 2011 1:35:08 PM 
org.apache.catalina.authenticator.AuthenticatorBase invoke

FINE:  Calling authenticate()
Nov 21, 2011 1:35:08 PM 
org.apache.catalina.authenticator.AuthenticatorBase register

FINE: Authenticated 'markmont' with type 'BASIC'
Nov 21, 2011 1:35:08 PM 
org.apache.catalina.authenticator.AuthenticatorBase invoke

FINE:  Calling accessControl()
Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase 
hasResourcePermission

FINE:   Checking roles GenericPrincipal[markmont(admin,manager,)]
Nov 21, 2011 1:35:08 PM org.apache.catalina.realm.RealmBase 
hasResourcePermission

FINE: Role found:  manager


And here is what happens when tomcatAuthentication=false and the 
Tomcat Manager webapp breaks:


Nov 21, 2011 1:27:49 PM 
org.apache.catalina.authenticator.AuthenticatorBase invoke

FINE:  Calling authenticate()
Nov 21, 2011 1:27:49 PM 
org.apache.catalina.authenticator.BasicAuthenticator authenticate

FINE: Already authenticated 'markmont'
Nov 21, 2011 1:27:49 PM 
org.apache.catalina.authenticator.AuthenticatorBase invoke

FINE:  Calling accessControl()
Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase 
hasResourcePermission

FINE:   Checking roles CoyotePrincipal[markmont]
Nov 21, 2011 1:27:49 PM org.apache.catalina.realm.RealmBase 
hasResourcePermission

FINE: No role found:  manager
Nov 21, 2011 1:27:49 PM 
org.apache.catalina.authenticator.AuthenticatorBase invoke

FINE:  Failed accessControl() test

--
  Mark Montague
  m...@catseye.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager WebApp authentication

[André Warnier]

Mark Montague wrote:
...



Any advice on how to solve this problem?  I need Tomcat 6 to use the 
authentication performed by the front-end webserver without breaking the 
roles required by the Tomcat Manager webapp.



I know that it does not answer your question, but may I ask why ?
If you already do the user authentication in the front-end Apache httpd, can you not do a 
role-equivalent check there too, before you proxy the call to Tomcat ?

Like
Location /manager
  Require group manager
  ProxyPass ajp://tomcat:8009
/Location
(and remove the Tomcat auth constraints)

(Not sure it's so easy, but may be worth a try)


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager WebApp authentication

[Mark Montague]

On November 21, 2011 17:35 , André Warnier a...@ice-sa.com wrote:

Mark Montague wrote:
Any advice on how to solve this problem?  I need Tomcat 6 to use the 
authentication performed by the front-end webserver without breaking 
the roles required by the Tomcat Manager webapp.



I know that it does not answer your question, but may I ask why ?
If you already do the user authentication in the front-end Apache 
httpd, can you not do a role-equivalent check there too, before you 
proxy the call to Tomcat ?

Like
Location /manager
  Require group manager
  ProxyPass ajp://tomcat:8009
/Location
(and remove the Tomcat auth constraints)


I have not tried your suggestion, but I think it will work.  The reason 
why I have not done that is because I was looking at the general case of 
other applications that may have auth constraints, not just Tomcat 
Manager.  Especially if the auth constraints are more complex than the 
ones Tomcat Manager has.  Plus, by understanding what is happening and 
why, I learn more about Tomcat.


Right now, I am experimenting with implementing my own realm; I think it 
may be possible to get the desired functionality under Tomcat that way.  
If this does not work or if it is too hard for me, I will use your 
suggestion.  But I am new to both Java and Tomcat, and so I wonder if 
there is yet another way of which I am ignorant.


Thank you for your help!

--
  Mark Montague
  m...@catseye.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager/status question

[Justin Larose]

Dan,

Thanks for the help.
I opened the server.xml.orig file (from the Tomcat installation) and 
copied the GlobalNamingResources and Engine and restarted Tomcat.
Afterwards I was able to login using the username and password located in 
the tomcat-users.xml file.


Thanks,
Justin LaRose
Database  Web Services Administrator
NEXCOM
(757) 631-3443
justin.lar...@nexweb.org



From:   Daniel Mikusa dmik...@vmware.com
To: Tomcat Users List users@tomcat.apache.org
Date:   11/16/2011 02:21 PM
Subject:Re: tomcat manager/status question


Justin,

Assuming that is the entire file, it looks like you do not have a
UserDatabase or a Realm defined.  You need to define a UserDatabase
Resource tag and a Realm for the security configuration.  This is
required by the manager application perform authentication and
authorization.

This configuration will look something like the following (non-essential
elements removed for brevity)...

Server..
GlobalNamingResources
Resource name=UserDatabase auth=Container
type=org.apache.catalina.UserDatabase
description=User database that can be updated and saved
factory=org.apache.catalina.users.MemoryUserDatabaseFactory
pathname=conf/tomcat-users.xml /
/GlobalNamingResources

Service...
Engine...
Realm className=org.apache.catalina.realm.UserDatabaseRealm
resourceName=UserDatabase/
/Engine
/Service
/Server

For a complete example, grab a fresh copy of Tomcat and take a look at
the server.xml file that is packaged with it.  It has both of these
elements defined and some comments which explain how it works.

Dan



On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote:
 I have copied my server.xml file below.
 __

 Server port=8405 shutdown=Shutdown.SerenaCommonTomcat
 !-- Listener
 className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on
 / --
 Listener className=org.apache.catalina.core.JasperListener/
 Listener
 className=org.apache.catalina.mbeans.ServerLifecycleListener/
 Listener
 
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/

 Service name=Catalina

 Connector connectionTimeout=2 port=18080
 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web 
Server/1.0/

 !-- Define a SSL HTTP/1.1 Connector on port 8443, using only
 128-bit+ encryption (remove ciphers attribute if not needed). --
 !-- Connector port=8443 protocol=HTTP/1.1 
SSLEnabled=true
 maxThreads=150 scheme=https secure=true clientAuth=false
 sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
 SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
 TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA
 server=Unknown Web Server/1.0/ --

 Connector SSLEnabled=true acceptCount=100 
clientAuth=false
 disableUploadTimeout=true enableLookups=false keyAlias=tomcat
 keystoreFile=conf/sample-ssl.jks keystorePass=*
 maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150
 minSpareThreads=25 port=8443 scheme=https secure=true
 sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks
 truststorePass=*/

 Connector SSLEnabled=true acceptCount=100 clientAuth=true
 disableUploadTimeout=true enableLookups=false keyAlias=tomcat
 keystoreFile=conf/sample-ssl.jks keystorePass=*
 maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150
 minSpareThreads=25 port=8543 scheme=https secure=true
 sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert
 truststoreFile=conf/sample-ssl.jks truststorePass=*/

 !-- Define an AJP 1.3 Connector on port 8409. --
 Connector port=8409 protocol=AJP/1.3 redirectPort=8443
 server=Unknown Web Server/1.0/

 Engine defaultHost=localhost name=Catalina
 Host appBase=webapps autoDeploy=true name=localhost
 unpackWARs=true xmlNamespaceAware=false xmlValidation=false/
 /Engine

 /Service
 /Server


 ___

 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org



 From:   Daniel Mikusa dmik...@vmware.com
 To: Tomcat Users List users@tomcat.apache.org
 Date:   11/14/2011 04:26 PM
 Subject:Re: tomcat manager/status question


 Justin,

 Your conf/tomcat-users.xml looks fine to me.  I copied and pasted it
 into a stock Tocmat 6.0.33 server on my machine and it worked fine.

 At this point, you might want to also post your conf/server.xml file.

 Dan



 On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote:
  Yes I have restarted tomcat after editing this file:
 
  ?xml version='1.0' encoding='cp1252'?
  tomcat-users
  role rolename=manager-gui/
  user username=admin password= roles=manager-gui
 /
  /tomcat-users
 
 
 
  Thanks,
  Justin LaRose
  Database  Web Services Administrator
  NEXCOM
  (757) 631-3443
  justin.lar...@nexweb.org
 
 
 
  From:   Daniel Mikusa dmik...@vmware.com
  To: Tomcat Users List users@tomcat.apache.org
  Date:   11/14/2011 02:32 PM
  Subject:Re: tomcat manager/status

RE: Tomcat Manager WebApp authentication

[Leo Donahue - PLANDEVX]

-Original Message-
From: Mark Montague [mailto:m...@catseye.org]
Subject: Tomcat Manager WebApp authentication


Is is possible to ... or some other independent source for role information?  
I've read the
documentation on realms and security constraints, and googled, but the
solution is not obvious to me.

Thanks.


--
   Mark Montague
   m...@catseye.org

A sample using JNDI and active directory in the archives.

http://www.mail-archive.com/users@tomcat.apache.org/msg74641.html

Leo

RE: Tomcat Manager WebApp authentication

[Leo Donahue - PLANDEVX]

-Original Message-
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov]
Subject: RE: Tomcat Manager WebApp authentication

-Original Message-
From: Mark Montague [mailto:m...@catseye.org]
Subject: Tomcat Manager WebApp authentication


Is is possible to ... or some other independent source for role
information?  I've read the documentation on realms and security
constraints, and googled, but the solution is not obvious to me.

Thanks.


--
   Mark Montague
   m...@catseye.org

A sample using JNDI and active directory in the archives.

http://www.mail-archive.com/users@tomcat.apache.org/msg74641.html

Leo

And a SQL server DataSource Realm example also:

http://www.mail-archive.com/users@tomcat.apache.org/msg75265.html  Last post.

Re: tomcat manager/status question

[Justin Larose]

I have copied my server.xml file below. 
__

Server port=8405 shutdown=Shutdown.SerenaCommonTomcat
!-- Listener 
className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on 
/ --
Listener className=org.apache.catalina.core.JasperListener/
Listener 
className=org.apache.catalina.mbeans.ServerLifecycleListener/
Listener 
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/

Service name=Catalina

Connector connectionTimeout=2 port=18080 
protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/

!-- Define a SSL HTTP/1.1 Connector on port 8443, using only 
128-bit+ encryption (remove ciphers attribute if not needed). --
!-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true 
maxThreads=150 scheme=https secure=true clientAuth=false 
sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA 
server=Unknown Web Server/1.0/ --

Connector SSLEnabled=true acceptCount=100 clientAuth=false 
disableUploadTimeout=true enableLookups=false keyAlias=tomcat 
keystoreFile=conf/sample-ssl.jks keystorePass=* 
maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 
minSpareThreads=25 port=8443 scheme=https secure=true 
sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks 
truststorePass=*/

Connector SSLEnabled=true acceptCount=100 clientAuth=true 
disableUploadTimeout=true enableLookups=false keyAlias=tomcat 
keystoreFile=conf/sample-ssl.jks keystorePass=* 
maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 
minSpareThreads=25 port=8543 scheme=https secure=true 
sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert 
truststoreFile=conf/sample-ssl.jks truststorePass=*/

!-- Define an AJP 1.3 Connector on port 8409. --
Connector port=8409 protocol=AJP/1.3 redirectPort=8443 
server=Unknown Web Server/1.0/

Engine defaultHost=localhost name=Catalina
Host appBase=webapps autoDeploy=true name=localhost 
unpackWARs=true xmlNamespaceAware=false xmlValidation=false/
/Engine

/Service
/Server


___

Thanks,
Justin LaRose
Database  Web Services Administrator
NEXCOM
(757) 631-3443
justin.lar...@nexweb.org



From:   Daniel Mikusa dmik...@vmware.com
To: Tomcat Users List users@tomcat.apache.org
Date:   11/14/2011 04:26 PM
Subject:Re: tomcat manager/status question


Justin,

Your conf/tomcat-users.xml looks fine to me.  I copied and pasted it
into a stock Tocmat 6.0.33 server on my machine and it worked fine.

At this point, you might want to also post your conf/server.xml file.

Dan



On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote:
 Yes I have restarted tomcat after editing this file:

 ?xml version='1.0' encoding='cp1252'?
 tomcat-users
 role rolename=manager-gui/
 user username=admin password= roles=manager-gui 
/
 /tomcat-users



 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org



 From:   Daniel Mikusa dmik...@vmware.com
 To: Tomcat Users List users@tomcat.apache.org
 Date:   11/14/2011 02:32 PM
 Subject:Re: tomcat manager/status question


 Justin,

 What exactly do you have in your conf/tomcat-users.xml file?  If you
 could include the contents of the file inline here, that would be
 helpful.

 Don't forget to redact passwords and other sensitive info.

 Dan


 On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
  Question:  I upgraded my Tomcat version to 6.0 using the
  apache-tomcat-6.0.33.exe file and I am trying to access the manager
  and the status pages here:  localhost:port\index.jsp
  I get to the default Tomcat page and select status and I get a login
  prompt. After entering the username and password that I have
  configured in the \conf\tomcat-users.xml
  file it just asks for the password again and again. After the 3rd
  attempt it will default to the 401 page that talks about configuring
  the tomcat-users.xml file. I also get the same error after selecting
  the manager link as well.
 
  Do I need to install another portion of Tomcat to get this feature to
  work?
 
 
 
  Thanks,
  Justin LaRose
  Database  Web Services Administrator
  NEXCOM
  (757) 631-3443
  justin.lar...@nexweb.org
 
 
 
**
  This email and any files transmitted with it are intended solely for
  the use of the individual or agency to whom they are addressed.
  If you have received this email in error please notify the Navy
  Exchange Service Command e-mail administrator. This footnote
  also confirms that this email message has been scanned for the
  presence of computer viruses.
 
  Thank You!
 
 
**
 

Re: tomcat manager/status question

[Daniel Mikusa]

Justin,

Assuming that is the entire file, it looks like you do not have a
UserDatabase or a Realm defined.  You need to define a UserDatabase
Resource tag and a Realm for the security configuration.  This is
required by the manager application perform authentication and
authorization.

This configuration will look something like the following (non-essential
elements removed for brevity)...

Server..
  GlobalNamingResources
Resource name=UserDatabase auth=Container
   type=org.apache.catalina.UserDatabase
   description=User database that can be updated and saved
   factory=org.apache.catalina.users.MemoryUserDatabaseFactory
   pathname=conf/tomcat-users.xml /
  /GlobalNamingResources

  Service...
Engine...
  Realm className=org.apache.catalina.realm.UserDatabaseRealm
 resourceName=UserDatabase/
/Engine
  /Service
/Server

For a complete example, grab a fresh copy of Tomcat and take a look at
the server.xml file that is packaged with it.  It has both of these
elements defined and some comments which explain how it works.

Dan



On Wed, 2011-11-16 at 11:04 -0800, Justin Larose wrote:
 I have copied my server.xml file below. 
 __
 
 Server port=8405 shutdown=Shutdown.SerenaCommonTomcat
 !-- Listener 
 className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on 
 / --
 Listener className=org.apache.catalina.core.JasperListener/
 Listener 
 className=org.apache.catalina.mbeans.ServerLifecycleListener/
 Listener 
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/
 
 Service name=Catalina
 
 Connector connectionTimeout=2 port=18080 
 protocol=HTTP/1.1 redirectPort=8443 server=Unknown Web Server/1.0/
 
 !-- Define a SSL HTTP/1.1 Connector on port 8443, using only 
 128-bit+ encryption (remove ciphers attribute if not needed). --
 !-- Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true 
 maxThreads=150 scheme=https secure=true clientAuth=false 
 sslProtocol=TLS ciphers=TLS_DHE_RSA_WITH_AES_128_CBC_SHA, 
 SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, 
 TLS_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA 
 server=Unknown Web Server/1.0/ --
 
 Connector SSLEnabled=true acceptCount=100 clientAuth=false 
 disableUploadTimeout=true enableLookups=false keyAlias=tomcat 
 keystoreFile=conf/sample-ssl.jks keystorePass=* 
 maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 
 minSpareThreads=25 port=8443 scheme=https secure=true 
 sslProtocol=TLS strategy=ms truststoreFile=conf/sample-ssl.jks 
 truststorePass=*/
 
 Connector SSLEnabled=true acceptCount=100 clientAuth=true 
 disableUploadTimeout=true enableLookups=false keyAlias=tomcat 
 keystoreFile=conf/sample-ssl.jks keystorePass=* 
 maxHttpHeaderSize=8192 maxSpareThreads=75 maxThreads=150 
 minSpareThreads=25 port=8543 scheme=https secure=true 
 sslProtocol=TLS strategy=ms truststoreAlgorithm=AnyCert 
 truststoreFile=conf/sample-ssl.jks truststorePass=*/
 
 !-- Define an AJP 1.3 Connector on port 8409. --
 Connector port=8409 protocol=AJP/1.3 redirectPort=8443 
 server=Unknown Web Server/1.0/
 
 Engine defaultHost=localhost name=Catalina
 Host appBase=webapps autoDeploy=true name=localhost 
 unpackWARs=true xmlNamespaceAware=false xmlValidation=false/
 /Engine
 
 /Service
 /Server
 
 
 ___
 
 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org
 
 
 
 From:   Daniel Mikusa dmik...@vmware.com
 To: Tomcat Users List users@tomcat.apache.org
 Date:   11/14/2011 04:26 PM
 Subject:Re: tomcat manager/status question
 
 
 Justin,
 
 Your conf/tomcat-users.xml looks fine to me.  I copied and pasted it
 into a stock Tocmat 6.0.33 server on my machine and it worked fine.
 
 At this point, you might want to also post your conf/server.xml file.
 
 Dan
 
 
 
 On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote:
  Yes I have restarted tomcat after editing this file:
 
  ?xml version='1.0' encoding='cp1252'?
  tomcat-users
  role rolename=manager-gui/
  user username=admin password= roles=manager-gui 
 /
  /tomcat-users
 
 
 
  Thanks,
  Justin LaRose
  Database  Web Services Administrator
  NEXCOM
  (757) 631-3443
  justin.lar...@nexweb.org
 
 
 
  From:   Daniel Mikusa dmik...@vmware.com
  To: Tomcat Users List users@tomcat.apache.org
  Date:   11/14/2011 02:32 PM
  Subject:Re: tomcat manager/status question
 
 
  Justin,
 
  What exactly do you have in your conf/tomcat-users.xml file?  If you
  could include the contents of the file inline here, that would be
  helpful.
 
  Don't forget to redact passwords and other sensitive info.
 
  Dan
 
 
  On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
   Question:  I upgraded my Tomcat version to 6.0 using the
   apache-tomcat-6.0.33.exe file and I am trying to access

Re: tomcat manager/status question

[Thad Humphries]

Did you restart Tomcat after changing/adding the tomcat-users.xml file?

On Mon, Nov 14, 2011 at 2:18 PM, Justin Larose justin.lar...@nexweb.orgwrote:

 Question:  I upgraded my Tomcat version to 6.0 using the
 apache-tomcat-6.0.33.exe file and I am trying to access the manager and the
 status pages here:  localhost:port\index.jsp
 I get to the default Tomcat page and select status and I get a login
 prompt. After entering the username and password that I have configured in
 the \conf\tomcat-users.xml
 file it just asks for the password again and again. After the 3rd attempt
 it will default to the 401 page that talks about configuring the
 tomcat-users.xml file. I also get the same error after selecting the
 manager link as well.

 Do I need to install another portion of Tomcat to get this feature to work?



 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org


 **
 This email and any files transmitted with it are intended solely for
 the use of the individual or agency to whom they are addressed.
 If you have received this email in error please notify the Navy
 Exchange Service Command e-mail administrator. This footnote
 also confirms that this email message has been scanned for the
 presence of computer viruses.

 Thank You!
 *
 **
 *




-- 
Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be --Christopher
Marlowe, *Doctor Faustus* (v, 121-24)

Re: tomcat manager/status question

[Daniel Mikusa]

Justin,

What exactly do you have in your conf/tomcat-users.xml file?  If you
could include the contents of the file inline here, that would be
helpful.  

Don't forget to redact passwords and other sensitive info.

Dan


On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
 Question:  I upgraded my Tomcat version to 6.0 using the
 apache-tomcat-6.0.33.exe file and I am trying to access the manager
 and the status pages here:  localhost:port\index.jsp 
 I get to the default Tomcat page and select status and I get a login
 prompt. After entering the username and password that I have
 configured in the \conf\tomcat-users.xml 
 file it just asks for the password again and again. After the 3rd
 attempt it will default to the 401 page that talks about configuring
 the tomcat-users.xml file. I also get the same error after selecting
 the manager link as well. 
 
 Do I need to install another portion of Tomcat to get this feature to
 work? 
 
 
 
 Thanks, 
 Justin LaRose
 Database  Web Services Administrator 
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org
 
 **
 This email and any files transmitted with it are intended solely for 
 the use of the individual or agency to whom they are addressed. 
 If you have received this email in error please notify the Navy 
 Exchange Service Command e-mail administrator. This footnote 
 also confirms that this email message has been scanned for the
 presence of computer viruses.
 
 Thank You!
 **
 

Re: tomcat manager/status question

[Justin Larose]

Yes I have restarted tomcat after editing this file:

?xml version='1.0' encoding='cp1252'?
tomcat-users
role rolename=manager-gui/
user username=admin password= roles=manager-gui /
/tomcat-users



Thanks,
Justin LaRose
Database  Web Services Administrator
NEXCOM
(757) 631-3443
justin.lar...@nexweb.org



From:   Daniel Mikusa dmik...@vmware.com
To: Tomcat Users List users@tomcat.apache.org
Date:   11/14/2011 02:32 PM
Subject:Re: tomcat manager/status question


Justin,

What exactly do you have in your conf/tomcat-users.xml file?  If you
could include the contents of the file inline here, that would be
helpful.

Don't forget to redact passwords and other sensitive info.

Dan


On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
 Question:  I upgraded my Tomcat version to 6.0 using the
 apache-tomcat-6.0.33.exe file and I am trying to access the manager
 and the status pages here:  localhost:port\index.jsp
 I get to the default Tomcat page and select status and I get a login
 prompt. After entering the username and password that I have
 configured in the \conf\tomcat-users.xml
 file it just asks for the password again and again. After the 3rd
 attempt it will default to the 401 page that talks about configuring
 the tomcat-users.xml file. I also get the same error after selecting
 the manager link as well.

 Do I need to install another portion of Tomcat to get this feature to
 work?



 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org

 
**
 This email and any files transmitted with it are intended solely for
 the use of the individual or agency to whom they are addressed.
 If you have received this email in error please notify the Navy
 Exchange Service Command e-mail administrator. This footnote
 also confirms that this email message has been scanned for the
 presence of computer viruses.

 Thank You!
 
**

Re: tomcat manager/status question

[Daniel Mikusa]

Justin,

Your conf/tomcat-users.xml looks fine to me.  I copied and pasted it
into a stock Tocmat 6.0.33 server on my machine and it worked fine.

At this point, you might want to also post your conf/server.xml file.

Dan



On Mon, 2011-11-14 at 13:00 -0800, Justin Larose wrote:
 Yes I have restarted tomcat after editing this file:
 
 ?xml version='1.0' encoding='cp1252'?
 tomcat-users
 role rolename=manager-gui/
 user username=admin password= roles=manager-gui /
 /tomcat-users
 
 
 
 Thanks,
 Justin LaRose
 Database  Web Services Administrator
 NEXCOM
 (757) 631-3443
 justin.lar...@nexweb.org
 
 
 
 From:   Daniel Mikusa dmik...@vmware.com
 To: Tomcat Users List users@tomcat.apache.org
 Date:   11/14/2011 02:32 PM
 Subject:Re: tomcat manager/status question
 
 
 Justin,
 
 What exactly do you have in your conf/tomcat-users.xml file?  If you
 could include the contents of the file inline here, that would be
 helpful.
 
 Don't forget to redact passwords and other sensitive info.
 
 Dan
 
 
 On Mon, 2011-11-14 at 11:18 -0800, Justin Larose wrote:
  Question:  I upgraded my Tomcat version to 6.0 using the
  apache-tomcat-6.0.33.exe file and I am trying to access the manager
  and the status pages here:  localhost:port\index.jsp
  I get to the default Tomcat page and select status and I get a login
  prompt. After entering the username and password that I have
  configured in the \conf\tomcat-users.xml
  file it just asks for the password again and again. After the 3rd
  attempt it will default to the 401 page that talks about configuring
  the tomcat-users.xml file. I also get the same error after selecting
  the manager link as well.
 
  Do I need to install another portion of Tomcat to get this feature to
  work?
 
 
 
  Thanks,
  Justin LaRose
  Database  Web Services Administrator
  NEXCOM
  (757) 631-3443
  justin.lar...@nexweb.org
 
  
 **
  This email and any files transmitted with it are intended solely for
  the use of the individual or agency to whom they are addressed.
  If you have received this email in error please notify the Navy
  Exchange Service Command e-mail administrator. This footnote
  also confirms that this email message has been scanned for the
  presence of computer viruses.
 
  Thank You!
  
 **
 
 

Re: Tomcat Manager

[Tim Watts]

On Mon, 2011-10-17 at 08:08 -0700, ettoregia wrote:
 Hi everybody,
 
 I'm using Tomcat 6.0.33 and at localhost:8080 it shows correctly.

Does localhost:8080 it shows correctly mean you can see a process
listening on it?

 When I try to access the tomcat manager link I get an 404 page error.
 

What URL are you using? Did you enable access (i.e. are you really
getting a 404 and not a 403)?

http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring_Manager_Application_Access


 It says the resource is unavailable, the only row in the
 conf/Catalina/localhost/manager.xml  host-manager.xml is 
 
 ?xml version=1.0 encoding=UTF-8?
 Context antiResourceLocking=false privileged=true useHttpOnly=true
 /
 
 Any ideas on what could be the problem?



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager

[ettoregia]

Tim Watts-3 wrote:
 
 On Mon, 2011-10-17 at 08:08 -0700, ettoregia wrote:
 Hi everybody,
 
 I'm using Tomcat 6.0.33 and at localhost:8080 it shows correctly.
 
 Does localhost:8080 it shows correctly mean you can see a process
 listening on it?
 
 Yes it does.
 
 When I try to access the tomcat manager link I get an 404 page error.
 
 
 What URL are you using? Did you enable access (i.e. are you really
 getting a 404 and not a 403)?
 
 Yes is a 404, before there was an error saying that I didn't configure the
 role admin..
 Then It started working fine. After few days I had to delete those files
 under conf/Catalina/localhost.
 Now they're there again.
 
 
 http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring_Manager_Application_Access
 
 
 It says the resource is unavailable, the only row in the
 conf/Catalina/localhost/manager.xml  host-manager.xml is 
 
 ?xml version=1.0 encoding=UTF-8?
 Context antiResourceLocking=false privileged=true useHttpOnly=true
 /
 
 Any ideas on what could be the problem?
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 

-- 
View this message in context: 
http://old.nabble.com/Tomcat-Manager-tp32667906p32668409.html
Sent from the Tomcat - User mailing list archive at Nabble.com.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager

[Tim Watts]

On Mon, 2011-10-17 at 09:07 -0700, ettoregia wrote:
 
 
 Tim Watts-3 wrote:
  
  On Mon, 2011-10-17 at 08:08 -0700, ettoregia wrote:
  
  When I try to access the tomcat manager link I get an 404 page error.
  
  
  What URL are you using? Did you enable access (i.e. are you really
  getting a 404 and not a 403)?
  
  Yes is a 404, before there was an error saying that I didn't configure the
  role admin..
  Then It started working fine. After few days I had to delete those files
  under conf/Catalina/localhost.
  Now they're there again.
  

So when you mouse-over the link, it shows
http://localhost:8080/manager/html;, right?

It sounds like somehow the manager app got undeployed.
Do /webapps/manager  /webapps/host-manager exist? Are they non-empty?

Is autoDeploy still enabled? What does your Host tag for localhost
look like? Is there any other non-default configuration that could be
tripping you up?


  
  http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html#Configuring_Manager_Application_Access
  
  
  It says the resource is unavailable, the only row in the
  conf/Catalina/localhost/manager.xml  host-manager.xml is 
  
  ?xml version=1.0 encoding=UTF-8?
  Context antiResourceLocking=false privileged=true useHttpOnly=true
  /
  
  Any ideas on what could be the problem?
  
  
  
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
  
  
  
 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[André Warnier]

I don't want to confuse things even more, but the OP in his configuration has :

Engine name=Catalina defaultHost=localhost

and

  Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false

  /Host

and

  Host name=www.maxyexpress.co.uk appBase=webapps
 Context path= docBase=d:\wwwroot\maxyexpress.co.uk\wwwroot /
 Aliasmaxyexpress.co.uk/Alias
/Host

so that makes 2 Virtual Hosts with the same appBase, and a non-recommended Context in 
the server.xml file.



Mark Eggers wrote:

- Original Message -


From: Caldarale, Charles R chuck.caldar...@unisys.com
To: Tomcat Users List users@tomcat.apache.org
Cc: 
Sent: Thursday, September 8, 2011 8:15 PM

Subject: RE: tomcat manager not working

 From: Mark Eggers [mailto:its_toas...@yahoo.com] 
 Subject: Re: tomcat manager not working

 You have the following virtual host:
 Host name=www.maxyexpress.co.uk 

appBase=webapps
Context path= 

docBase=d:\wwwroot\maxyexpress.co.uk\wwwroot /

Aliasmaxyexpress.co.uk/Alias
 /Host
 This means that the actual docBase may end up to be:


%CATALINA_HOME%\webapps\d:\wwwroot\maxyexpress.co.uk\wwwroot

Don't think so.  On Windows, a leading forward or backward slash after the 
drive prefix (d:, in this case) indicates an absolute path.  The JVM will figure 
that out properly.
 


OK. I should have booted into Windows and checked this out. So while not along 
the lines of current Tomcat good practices, the above will actually work?

It just looks a bit unpleasant.

 I suggest following the Wiki entry above and setting your 
 virtual host up as follows:

 Host name=www.maxyexpress.co.uk
  appBase=D:/wwwroot/maxyexpress.co.uk/wwwroot
  unpackWARs=true autoDeploy=true
  xmlValidation=false 

xmlNamespaceAware=false

Aliasmaxyexpress.co.uk/Alias
 /Host
The above appBase setting should probably be 
D:/wwwroot/maxyexpress.co.uk, coupled with naming the default 
webapp's .war file or directory ROOT (case sensitive) rather than wwwroot, 
located under the appBase directory.  Much more along the lines of current 
Tomcat good practice.




Agreed. I was just trying to create minimal amount of change.


 the slashes are / not \ (even on Windows).
That part shouldn't matter, but forward slashes certainly avoid confusion 
with regular expression escapes that might appear elsewhere in .xml files.
 


Again, I should have booted into Windows and played a bit. Thanks for the 
clarification.

So if the above virtual host is legal (if not clean), and the rest of his 
server.xml file looks OK, what in the world is going on?


. . . . somewhat confused
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

thanks for the replies guys.

just to clarify I do not have any issues with virtual hosts they work
fine, my only problem is getting the Tomcat Admin running on
localhost:, this is the only thing not working right now.

As I mentioned before
under webapps I have 4 folders
docs
host-manager
manager
root

and I have compared the contents of these folders to other working
installs and they are the same.

C:\Railo\tomcat\conf\Catalina\localhost
also exists and also contains the same files as other working installs
and as per mark's email

so just to confirm
localhost:/index.jsp works
I get the tomcat homepage
but the manager and status pages give a 404

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[André Warnier]

Russ Michaels wrote:

thanks for the replies guys.

just to clarify I do not have any issues with virtual hosts they work
fine, my only problem is getting the Tomcat Admin running on
localhost:, this is the only thing not working right now.

As I mentioned before
under webapps I have 4 folders
docs
host-manager
manager
root

and I have compared the contents of these folders to other working
installs and they are the same.

C:\Railo\tomcat\conf\Catalina\localhost
also exists and also contains the same files as other working installs
and as per mark's email

so just to confirm
localhost:/index.jsp works
I get the tomcat homepage
but the manager and status pages give a 404



Allright, but what I meant was this :
In your original configuration, you have 2 Host tags, thus 2 VirtualHosts, both sharing 
the same (tomcat_dir)/webapps application directory.
If the configuration of these 2 Host tags were identical, both with the autoDeploy 
attribute true, then when starting, Tomcat would deploy each application under 
(tomcat_dir)/webapps twice (once for each Host).
But, in your original configuration, it seems that the second Host does not have this 
attribute set (nor unpackWars). Thus for this Host, the applications under webapps 
(including the manager) may not be auto-deployed, and not be available.


In any case, you are trying to debug an issue, and for that a usual strategy is to try to 
simplify the configuration, to make it easier to find the real issue and not being 
sidetracked.


So what I would do in this case, unless you have a real use for a separate localhost 
Host, is this :

- comment out the second virtual Host.
- optionally(*), in the first localhost virtual Host, add 2 Alias tags :
 Aliaswww.maxyexpress.co.uk/Alias
 Aliasmaxyexpress.co.uk/Alias
So now the same Host will be used, no matter if you access the server via http://localhost 
or http://(one of the above), and the applications will be started (or not) only once.


then restart Tomcat and let's see what happens.

Then if that works, you can try to re-introduce the second Host and its manager app 
step-by-step and see at what point it stops working.



(*) optionally in this case, because the Host localhost is the default one anyway, and 
will server all requests if there are no other Host.

The Alias-es here just make things clearer documentation-wise.

The point is : the standard Apache Tomcat, downloaded and installed from the standard 
Apache Tomcat website, works, including the manager application.
Now you have a configuration created by railo (which I do not know), and in that version 
something is not working.

So railo does something to the configuration, that makes it not work.
So this is basically a railo problem, not a Tomcat problem.
And we can't possibly look onto your system, to find out what else railo may be doing that 
makes it not work.
People on this list are nevertheless willing to help find out, but let's start from as 
close as possible to a standard Tomcat config, so that we could gain a clue.

Yes ?

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

ok I have completely deleted the maxyexpress vhost as it is not needed anyway.
restarted Apache
still the same issue i'm afraid.

I think all the vhosts need webapps as the appbase for Railo, as this
is how it is on all my other installs as well.


here is the exact error if it helps.

HTTP Status 404 - /manager/html



type Status report

message /manager/html

description The requested resource (/manager/html) is not available.




Apache Tomcat/6.0.32



On Fri, Sep 9, 2011 at 12:32 PM, André Warnier a...@ice-sa.com wrote:
 Russ Michaels wrote:

 thanks for the replies guys.

 just to clarify I do not have any issues with virtual hosts they work
 fine, my only problem is getting the Tomcat Admin running on
 localhost:, this is the only thing not working right now.

 As I mentioned before
 under webapps I have 4 folders
 docs
 host-manager
 manager
 root

 and I have compared the contents of these folders to other working
 installs and they are the same.

 C:\Railo\tomcat\conf\Catalina\localhost
 also exists and also contains the same files as other working installs
 and as per mark's email

 so just to confirm
 localhost:/index.jsp works
 I get the tomcat homepage
 but the manager and status pages give a 404


 Allright, but what I meant was this :
 In your original configuration, you have 2 Host tags, thus 2 VirtualHosts,
 both sharing the same (tomcat_dir)/webapps application directory.
 If the configuration of these 2 Host tags were identical, both with the
 autoDeploy attribute true, then when starting, Tomcat would deploy each
 application under (tomcat_dir)/webapps twice (once for each Host).
 But, in your original configuration, it seems that the second Host does not
 have this attribute set (nor unpackWars). Thus for this Host, the
 applications under webapps (including the manager) may not be auto-deployed,
 and not be available.

 In any case, you are trying to debug an issue, and for that a usual strategy
 is to try to simplify the configuration, to make it easier to find the real
 issue and not being sidetracked.

 So what I would do in this case, unless you have a real use for a separate
 localhost Host, is this :
 - comment out the second virtual Host.
 - optionally(*), in the first localhost virtual Host, add 2 Alias tags :
  Aliaswww.maxyexpress.co.uk/Alias
  Aliasmaxyexpress.co.uk/Alias
 So now the same Host will be used, no matter if you access the server via
 http://localhost or http://(one of the above), and the applications will be
 started (or not) only once.

 then restart Tomcat and let's see what happens.

 Then if that works, you can try to re-introduce the second Host and its
 manager app step-by-step and see at what point it stops working.


 (*) optionally in this case, because the Host localhost is the default one
 anyway, and will server all requests if there are no other Host.
 The Alias-es here just make things clearer documentation-wise.

 The point is : the standard Apache Tomcat, downloaded and installed from the
 standard Apache Tomcat website, works, including the manager application.
 Now you have a configuration created by railo (which I do not know), and
 in that version something is not working.
 So railo does something to the configuration, that makes it not work.
 So this is basically a railo problem, not a Tomcat problem.
 And we can't possibly look onto your system, to find out what else railo may
 be doing that makes it not work.
 People on this list are nevertheless willing to help find out, but let's
 start from as close as possible to a standard Tomcat config, so that we
 could gain a clue.
 Yes ?

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

For some reason some of the folks on the Railo list seem to have got
quite aggressive toward me due to my wording in my original post where
I said.

I have already tried the Railo forums and been told to come here as
it is a problem with Tomcat and not Railo. 

Jordan seems to think this was directed at him, which it is not as no
name was mentioned, and certain others seem to think this
misrepresents the Railo list.

So I would like to  clarify this to avoid any overspill of the abuse
on to  this list, which no-one wants.
All I meant by this is that I was referred to the Tomcat list to try
and resolve a Tomcat problem, which seems perfectly normal and
acceptable to me and I have no issues with it.
In fact I am not even saying that it was anyone on the Railo list that
referred me, simply that I was referred by someone, I was posting my
issue on skype and twitter as well as the Railo list, so it could have
come from any of those sources.
Now while I can see that the statement could easily be misinterpreted
that i', saying that it was the Railo list who told me to come here,
regardless of where it came from, I have no issue issue with it at all
as I do not think there is anything wrong with referring someone to a
more appropriate list, and I am quite dumbfounded as to why anyone
else would have an issue with this, but there you go.

I hope that is now cleared up.

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[André Warnier]

Russ Michaels wrote:

For some reason some of the folks on the Railo list seem to have got
quite aggressive toward me due to my wording in my original post where
I said.

...

I suppose that above, you mean the Tomcat list.
And I regret if I in particular may have sounded aggressive, that was not the purpose of 
my sermon.


I was only trying to explain that, this being a Tomcat list, most of the people may not 
know anything about Railo (I certainly don't), and not have any idea about what it does to 
Tomcat or its configuration files, and hence not have any initial idea what the real 
source of the problem could be.
We also have no direct access to your Tomcat host, so we cannot just browse around and try 
to figure out what's wrong by ourselves.


In other words, we are really trying to help, but from a difficult starting 
point.
We are blind and paralytic, and you are our eyes and hands. If you want us to be able to 
help, you have to do precisely what we tell you to do, and tell us precisely what you see. 
 Otherwise there is no way we can figure it out, and we will have to send you back to the 
Railo list. (Not because we are mean or unhelpful, but because we have no clue).


What we should normally tell you to do, is to install another Tomcat from the Tomcat 
website, try it and see if the manager app works.  Then if it does, let you compare 
/these/ two configurations and figure out the differences by yourself.

But we are not going to do that quite yet because we like challenges, so

We would like you to start from a point which we may know about a bit better (a more 
standard Tomcat configuration), without asking you to undo everything and start clean. 
Then we will see if with such a configuration the manager works (like it does in the real 
standard configuration which the normal Tomcat installer sets up). And then, gradually, 
get back to your current configuration where it /seems/ not to work.
We are hoping to be able to spot what change makes it suddenly not work as expected, or 
even if with this more basic configuration it does not work.


Right now :
- we don't know which version of Tomcat you are running
- we don't know if the Railo installer installs a full Tomcat, including a manager app or 
not, and we don't know what configuration changes it makes compared to a standard Tomcat.
- we are supposing that when you issue your URL calls, it is from a browser running on the 
same host as the one where you have Tomcat and Railo installed
- we are supposing that on your host, the name localhost is really equivalent to the IP 
address 127.0.0.1
- after your 10th post or so, we have learned that you had 2 Host tags in the 
server.xml, sharing apparently the same webapps dir. We don't really know where that 
comes from (the standard Tomcat install configures just one Host), not if it matters here.
- we also know that after you ran the Railo installer, you also ran something else which 
we do not know either, and then you made some more changes back and forth manually to the 
configuration.  That does not clarify the situation for us.
- we do not know the top path of your Tomcat installation (thus we do not know really 
where the webapps dir is located)


But

- We know that you are getting an HTTP error 404 when you try to access 
http://localhost:/manager/html;. So we know that a Tomcat is running, but it is not 
finding that page where it expects to find it.


At some point you have told us that, under your webapps directory, you have the 
following sub-directories :

docs
host-manager
manager
root

The sub-directory root above should be ROOT uppercase.  It matters greatly, even under 
Windows.
Because if it is really root like you wrote, then in principle the URL which you say is 
working (http://localhost:/index.jsp), should not be working.
And if it is really root, then it means that either the Railo installer is broken, or 
you have somehow renamed that directory, or copied it from somewhere else without paying 
attention to case.


So please :
1) tell us the full path of the top Tomcat installation directory, amd its version if you 
know it

2) stop Tomcat (telling us how you do that)
3) rename the above webapps/root directory to webapps/ROOT if necessary
4) in your (tomcat_dir)/conf/server.xml, delete or comment out the second Host.../Host 
section, leaving only the Host named localhost

5) restart Tomcat (telling us how you do that) and wait 10 sec.
6) from a browser on the same host, access http://localhost:;, and then redo the same 
again while pressing shift and the reload icon.
If what you see is a page with a Tomcat logo and a menu on the left, then it's fine. 
Otherwise, tell us what page you do see.
7) if the page above worked fine, then click on the Tomcat Manager link in that menu and 
tell us what happens. (You should normally get an authentication dialog).




-
To unsubscribe, e-mail: 

Re: tomcat manager not working

[Russ Michaels]

no Andre, I did mean the Railo list, that was not directed at you or
anyone else here, you have been perfectly helpful so far.



On Fri, Sep 9, 2011 at 10:57 PM, André Warnier a...@ice-sa.com wrote:
 Russ Michaels wrote:

 For some reason some of the folks on the Railo list seem to have got
 quite aggressive toward me due to my wording in my original post where
 I said.

 ...

 I suppose that above, you mean the Tomcat list.
 And I regret if I in particular may have sounded aggressive, that was not
 the purpose of my sermon.

 I was only trying to explain that, this being a Tomcat list, most of the
 people may not know anything about Railo (I certainly don't), and not have
 any idea about what it does to Tomcat or its configuration files, and hence
 not have any initial idea what the real source of the problem could be.
 We also have no direct access to your Tomcat host, so we cannot just browse
 around and try to figure out what's wrong by ourselves.

 In other words, we are really trying to help, but from a difficult starting
 point.
 We are blind and paralytic, and you are our eyes and hands. If you want us
 to be able to help, you have to do precisely what we tell you to do, and
 tell us precisely what you see.  Otherwise there is no way we can figure it
 out, and we will have to send you back to the Railo list. (Not because we
 are mean or unhelpful, but because we have no clue).

 What we should normally tell you to do, is to install another Tomcat from
 the Tomcat website, try it and see if the manager app works.  Then if it
 does, let you compare /these/ two configurations and figure out the
 differences by yourself.
 But we are not going to do that quite yet because we like challenges, so

 We would like you to start from a point which we may know about a bit better
 (a more standard Tomcat configuration), without asking you to undo
 everything and start clean. Then we will see if with such a configuration
 the manager works (like it does in the real standard configuration which
 the normal Tomcat installer sets up). And then, gradually, get back to your
 current configuration where it /seems/ not to work.
 We are hoping to be able to spot what change makes it suddenly not work as
 expected, or even if with this more basic configuration it does not work.

 Right now :
 - we don't know which version of Tomcat you are running
 - we don't know if the Railo installer installs a full Tomcat, including a
 manager app or not, and we don't know what configuration changes it makes
 compared to a standard Tomcat.
 - we are supposing that when you issue your URL calls, it is from a browser
 running on the same host as the one where you have Tomcat and Railo
 installed
 - we are supposing that on your host, the name localhost is really
 equivalent to the IP address 127.0.0.1
 - after your 10th post or so, we have learned that you had 2 Host tags in
 the server.xml, sharing apparently the same webapps dir. We don't really
 know where that comes from (the standard Tomcat install configures just one
 Host), not if it matters here.
 - we also know that after you ran the Railo installer, you also ran
 something else which we do not know either, and then you made some more
 changes back and forth manually to the configuration.  That does not clarify
 the situation for us.
 - we do not know the top path of your Tomcat installation (thus we do not
 know really where the webapps dir is located)

 But

 - We know that you are getting an HTTP error 404 when you try to access
 http://localhost:/manager/html;. So we know that a Tomcat is running,
 but it is not finding that page where it expects to find it.

 At some point you have told us that, under your webapps directory, you
 have the following sub-directories :
 docs
 host-manager
 manager
 root

 The sub-directory root above should be ROOT uppercase.  It matters
 greatly, even under Windows.
 Because if it is really root like you wrote, then in principle the URL
 which you say is working (http://localhost:/index.jsp), should not be
 working.
 And if it is really root, then it means that either the Railo installer is
 broken, or you have somehow renamed that directory, or copied it from
 somewhere else without paying attention to case.

 So please :
 1) tell us the full path of the top Tomcat installation directory, amd its
 version if you know it
 2) stop Tomcat (telling us how you do that)
 3) rename the above webapps/root directory to webapps/ROOT if necessary
 4) in your (tomcat_dir)/conf/server.xml, delete or comment out the second
 Host.../Host section, leaving only the Host named localhost
 5) restart Tomcat (telling us how you do that) and wait 10 sec.
 6) from a browser on the same host, access http://localhost:;, and then
 redo the same again while pressing shift and the reload icon.
 If what you see is a page with a Tomcat logo and a menu on the left, then
 it's fine. Otherwise, tell us what page you do see.
 7) if the page above worked fine, 

Re: tomcat manager not working

[Russ Michaels]

thanks for your advice so far, I will be giving your suggestion a try
as soon as I have a spare, the issue is not urgent right now, so i;m
in no hurry.


On Fri, Sep 9, 2011 at 11:35 PM, Russ Michaels r...@michaels.me.uk wrote:
 no Andre, I did mean the Railo list, that was not directed at you or
 anyone else here, you have been perfectly helpful so far.



 On Fri, Sep 9, 2011 at 10:57 PM, André Warnier a...@ice-sa.com wrote:
 Russ Michaels wrote:

 For some reason some of the folks on the Railo list seem to have got
 quite aggressive toward me due to my wording in my original post where
 I said.

 ...

 I suppose that above, you mean the Tomcat list.
 And I regret if I in particular may have sounded aggressive, that was not
 the purpose of my sermon.

 I was only trying to explain that, this being a Tomcat list, most of the
 people may not know anything about Railo (I certainly don't), and not have
 any idea about what it does to Tomcat or its configuration files, and hence
 not have any initial idea what the real source of the problem could be.
 We also have no direct access to your Tomcat host, so we cannot just browse
 around and try to figure out what's wrong by ourselves.

 In other words, we are really trying to help, but from a difficult starting
 point.
 We are blind and paralytic, and you are our eyes and hands. If you want us
 to be able to help, you have to do precisely what we tell you to do, and
 tell us precisely what you see.  Otherwise there is no way we can figure it
 out, and we will have to send you back to the Railo list. (Not because we
 are mean or unhelpful, but because we have no clue).

 What we should normally tell you to do, is to install another Tomcat from
 the Tomcat website, try it and see if the manager app works.  Then if it
 does, let you compare /these/ two configurations and figure out the
 differences by yourself.
 But we are not going to do that quite yet because we like challenges, so

 We would like you to start from a point which we may know about a bit better
 (a more standard Tomcat configuration), without asking you to undo
 everything and start clean. Then we will see if with such a configuration
 the manager works (like it does in the real standard configuration which
 the normal Tomcat installer sets up). And then, gradually, get back to your
 current configuration where it /seems/ not to work.
 We are hoping to be able to spot what change makes it suddenly not work as
 expected, or even if with this more basic configuration it does not work.

 Right now :
 - we don't know which version of Tomcat you are running
 - we don't know if the Railo installer installs a full Tomcat, including a
 manager app or not, and we don't know what configuration changes it makes
 compared to a standard Tomcat.
 - we are supposing that when you issue your URL calls, it is from a browser
 running on the same host as the one where you have Tomcat and Railo
 installed
 - we are supposing that on your host, the name localhost is really
 equivalent to the IP address 127.0.0.1
 - after your 10th post or so, we have learned that you had 2 Host tags in
 the server.xml, sharing apparently the same webapps dir. We don't really
 know where that comes from (the standard Tomcat install configures just one
 Host), not if it matters here.
 - we also know that after you ran the Railo installer, you also ran
 something else which we do not know either, and then you made some more
 changes back and forth manually to the configuration.  That does not clarify
 the situation for us.
 - we do not know the top path of your Tomcat installation (thus we do not
 know really where the webapps dir is located)

 But

 - We know that you are getting an HTTP error 404 when you try to access
 http://localhost:/manager/html;. So we know that a Tomcat is running,
 but it is not finding that page where it expects to find it.

 At some point you have told us that, under your webapps directory, you
 have the following sub-directories :
 docs
 host-manager
 manager
 root

 The sub-directory root above should be ROOT uppercase.  It matters
 greatly, even under Windows.
 Because if it is really root like you wrote, then in principle the URL
 which you say is working (http://localhost:/index.jsp), should not be
 working.
 And if it is really root, then it means that either the Railo installer is
 broken, or you have somehow renamed that directory, or copied it from
 somewhere else without paying attention to case.

 So please :
 1) tell us the full path of the top Tomcat installation directory, amd its
 version if you know it
 2) stop Tomcat (telling us how you do that)
 3) rename the above webapps/root directory to webapps/ROOT if necessary
 4) in your (tomcat_dir)/conf/server.xml, delete or comment out the second
 Host.../Host section, leaving only the Host named localhost
 5) restart Tomcat (telling us how you do that) and wait 10 sec.
 6) from a browser on the same host, access http://localhost:;, and 

Re: tomcat manager not working

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Russ,

On 9/8/2011 11:44 AM, Russ Michaels wrote:
 ok I have an Apache Tomcat installed via  the Railo installer from 
 www.getrailo.org

Why not download directly from apache.org?

 sometimes when I install it  the Tomcat admin pages (status,
 tomcat manager) do not work, only the main page is working.

Have those webapps been installed?

Have you properly configured Tomcat to allow the manager app to work
with proper user permissions?

What happens when you try to access, say, the manager webapp? 404?
403? Server crash? Power outage?

 I have compared it to working installs and everything seems the
 same.

Specifically, what have you checked?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5pBKsACgkQ9CaO5/Lv0PDyqwCfYg1V7CLKFnJcIckq7h1C0cUE
aKQAoKD9ibJV75grPXzMK4L8/rfCsVCi
=/qOk
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:
  ok I have an Apache Tomcat installed via  the Railo installer from
  www.getrailo.org

 Why not download directly from apache.org?

I use the railo installer so we have a standard configuration and setup
across all server that is officially supported. I also don;t have any
previous experience with tomcat so this is also easier.


  sometimes when I install it  the Tomcat admin pages (status,
  tomcat manager) do not work, only the main page is working.

 Have those webapps been installed?

I presume so, under tomcat/webapps I have
root
docs
host-manager
manager



 Have you properly configured Tomcat to allow the manager app to work
 with proper user permissions?

I have not had to do anything special on other servers, it just worked out
of the box.


 What happens when you try to access, say, the manager webapp? 404?
 403? Server crash? Power outage?I get a 404.on those pages.


404


  I have compared it to working installs and everything seems the
  same.

 Specifically, what have you checked?

on the servers I compared I have checked the config files are the same, the
same files and folders exist on both servers, the handle rmappings are there
etc.
Railo app works, so tomcat itself is working.


 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk5pBKsACgkQ9CaO5/Lv0PDyqwCfYg1V7CLKFnJcIckq7h1C0cUE
 aKQAoKD9ibJV75grPXzMK4L8/rfCsVCi
 =/qOk
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



Russ

Re: tomcat manager not working

[markt]

Russ Michaels r...@michaels.me.uk wrote:

On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:
  ok I have an Apache Tomcat installed via  the Railo installer from
  www.getrailo.org

 Why not download directly from apache.org?

I use the railo installer so we have a standard configuration and setup
across all server that is officially supported.

Time to make use of that official support then as we have no idea what changes 
Railo may have made to the standard Tomcat distribution from the ASF.

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.
I think the only difference is the install path, it is put in
c:\railo\tomcat rather than c:\tomcat, so lets just work on that
assumption, i'm sure i'll find out pretty quick if that is not the
case.

On Thu, Sep 8, 2011 at 8:31 PM,  ma...@apache.org wrote:
 Russ Michaels r...@michaels.me.uk wrote:

On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:
  ok I have an Apache Tomcat installed via  the Railo installer from
  www.getrailo.org

 Why not download directly from apache.org?

I use the railo installer so we have a standard configuration and setup
across all server that is officially supported.

 Time to make use of that official support then as we have no idea what 
 changes Railo may have made to the standard Tomcat distribution from the ASF.

 Mark




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.

What? Link it, or it didn't happen.

Check your localhost mapping in the Tomcat server.xml file. Make sure 
it's pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo 
builds update the default to point to the IIS root. The idea was to not 
confuse the IIS folks because their IIS webroot didn't match their 
Tomcat webroot, but that practice ended up causing just as much 
confusion as it solved - like in your case.


Make sure the localhost server.xml mapping points to the tomcat 
webapps/ROOT/ directory and you should be set to use the Tomcat webapps.


Warm regards,
Jordan Michaels

On 09/08/2011 12:57 PM, Russ Michaels wrote:

I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.
I think the only difference is the install path, it is put in
c:\railo\tomcat rather than c:\tomcat, so lets just work on that
assumption, i'm sure i'll find out pretty quick if that is not the
case.

On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.org  wrote:

Russ Michaelsr...@michaels.me.uk  wrote:


On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
ch...@christopherschultz.net  wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Russ,

On 9/8/2011 11:44 AM, Russ Michaels wrote:

ok I have an Apache Tomcat installed via  the Railo installer from
www.getrailo.org


Why not download directly from apache.org?


I use the railo installer so we have a standard configuration and setup
across all server that is officially supported.


Time to make use of that official support then as we have no idea what changes 
Railo may have made to the standard Tomcat distribution from the ASF.

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Pid]

On 08/09/2011 21:06, Jordan Michaels wrote:
 
 Make sure the localhost server.xml mapping points to the tomcat
 webapps/ROOT/ directory and you should be set to use the Tomcat webapps.

What does that mean in terms of the XML elements  attributes in server.xml?


p



signature.asc
Description: OpenPGP digital signature

Re: tomcat manager not working

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Russ,

On 9/8/2011 3:57 PM, Russ Michaels wrote:
 I have already tried the Railo forums and been told to come here as
 it is a problem with Tomcat and not Railo.

So, their out-of-the-box configuration doesn't work and it's a Tomcat
problem? :(

 I think the only difference is the install path, it is put in 
 c:\railo\tomcat rather than c:\tomcat, so lets just work on that 
 assumption, i'm sure i'll find out pretty quick if that is not the 
 case.

Are you using any kind of proxy out front, or straight-to-Tomcat?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5pJgsACgkQ9CaO5/Lv0PBbPQCeK7uzkAY09nrYhrG5IY9d9WTP
IUgAoK3UblzxuzdeafKZLvOT4eUp8JpT
=k+0K
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

tried that didn.t work.

On a working server, my localhost entry is

Context docBase=%SystemDrive%/inetpub/wwwroot
WatchedResourceWEB-INF/web.xml/WatchedResource
/Context

and lochost: gets me into the tomcat admin and it all works

the non working server had the exact same entry, and I tried changing
it to point to the c:\railo\tomcat\webapps\root



On Thu, Sep 8, 2011 at 9:06 PM, Jordan Michaels jor...@viviotech.net wrote:
 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.

 What? Link it, or it didn't happen.

 Check your localhost mapping in the Tomcat server.xml file. Make sure it's
 pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo builds
 update the default to point to the IIS root. The idea was to not confuse the
 IIS folks because their IIS webroot didn't match their Tomcat webroot, but
 that practice ended up causing just as much confusion as it solved - like in
 your case.

 Make sure the localhost server.xml mapping points to the tomcat
 webapps/ROOT/ directory and you should be set to use the Tomcat webapps.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 12:57 PM, Russ Michaels wrote:

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.
 I think the only difference is the install path, it is put in
 c:\railo\tomcat rather than c:\tomcat, so lets just work on that
 assumption, i'm sure i'll find out pretty quick if that is not the
 case.

 On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.org  wrote:

 Russ Michaelsr...@michaels.me.uk  wrote:

 On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
 ch...@christopherschultz.net  wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:

 ok I have an Apache Tomcat installed via  the Railo installer from
 www.getrailo.org

 Why not download directly from apache.org?

 I use the railo installer so we have a standard configuration and setup
 across all server that is officially supported.

 Time to make use of that official support then as we have no idea what
 changes Railo may have made to the standard Tomcat distribution from the
 ASF.

 Mark




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

Don't use context at all in there. Your localhost entry should be:

  Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
  /Host

.. and that's it. Unless you deliberately want your default site to be 
the same as your IIS default site.


Restart the tomcat service after you update the server.xml with the 
default loclahost entry, then hit your server at 
localhost:/index.jsp to get the default tomcat home page. You will 
be able to reach the rest of the tomcat apps from there.


Warm regards,
Jordan Michaels

On 09/08/2011 01:40 PM, Russ Michaels wrote:

tried that didn.t work.

On a working server, my localhost entry is

Context docBase=%SystemDrive%/inetpub/wwwroot
 WatchedResourceWEB-INF/web.xml/WatchedResource
/Context

and lochost: gets me into the tomcat admin and it all works

the non working server had the exact same entry, and I tried changing
it to point to the c:\railo\tomcat\webapps\root



On Thu, Sep 8, 2011 at 9:06 PM, Jordan Michaelsjor...@viviotech.net  wrote:

I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.


What? Link it, or it didn't happen.

Check your localhost mapping in the Tomcat server.xml file. Make sure it's
pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo builds
update the default to point to the IIS root. The idea was to not confuse the
IIS folks because their IIS webroot didn't match their Tomcat webroot, but
that practice ended up causing just as much confusion as it solved - like in
your case.

Make sure the localhost server.xml mapping points to the tomcat
webapps/ROOT/ directory and you should be set to use the Tomcat webapps.

Warm regards,
Jordan Michaels

On 09/08/2011 12:57 PM, Russ Michaels wrote:


I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.
I think the only difference is the install path, it is put in
c:\railo\tomcat rather than c:\tomcat, so lets just work on that
assumption, i'm sure i'll find out pretty quick if that is not the
case.

On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.orgwrote:


Russ Michaelsr...@michaels.me.ukwrote:


On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
ch...@christopherschultz.netwrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Russ,

On 9/8/2011 11:44 AM, Russ Michaels wrote:


ok I have an Apache Tomcat installed via  the Railo installer from
www.getrailo.org


Why not download directly from apache.org?


I use the railo installer so we have a standard configuration and setup
across all server that is officially supported.


Time to make use of that official support then as we have no idea what
changes Railo may have made to the standard Tomcat distribution from the
ASF.

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

that's how it was originally, I have changed it back to that and still
the same problem.
index.jsp works, but nothing else does, tomcat 404 error



On Thu, Sep 8, 2011 at 9:49 PM, Jordan Michaels jor...@viviotech.net wrote:
 Don't use context at all in there. Your localhost entry should be:

      Host name=localhost  appBase=webapps
            unpackWARs=true autoDeploy=true
            xmlValidation=false xmlNamespaceAware=false
      /Host

 .. and that's it. Unless you deliberately want your default site to be the
 same as your IIS default site.

 Restart the tomcat service after you update the server.xml with the default
 loclahost entry, then hit your server at localhost:/index.jsp to get the
 default tomcat home page. You will be able to reach the rest of the tomcat
 apps from there.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 01:40 PM, Russ Michaels wrote:

 tried that didn.t work.

 On a working server, my localhost entry is

 Context docBase=%SystemDrive%/inetpub/wwwroot
     WatchedResourceWEB-INF/web.xml/WatchedResource
 /Context

 and lochost: gets me into the tomcat admin and it all works

 the non working server had the exact same entry, and I tried changing
 it to point to the c:\railo\tomcat\webapps\root



 On Thu, Sep 8, 2011 at 9:06 PM, Jordan Michaelsjor...@viviotech.net
  wrote:

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.

 What? Link it, or it didn't happen.

 Check your localhost mapping in the Tomcat server.xml file. Make sure
 it's
 pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo builds
 update the default to point to the IIS root. The idea was to not confuse
 the
 IIS folks because their IIS webroot didn't match their Tomcat webroot,
 but
 that practice ended up causing just as much confusion as it solved - like
 in
 your case.

 Make sure the localhost server.xml mapping points to the tomcat
 webapps/ROOT/ directory and you should be set to use the Tomcat webapps.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 12:57 PM, Russ Michaels wrote:

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.
 I think the only difference is the install path, it is put in
 c:\railo\tomcat rather than c:\tomcat, so lets just work on that
 assumption, i'm sure i'll find out pretty quick if that is not the
 case.

 On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.org    wrote:

 Russ Michaelsr...@michaels.me.uk    wrote:

 On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
 ch...@christopherschultz.net    wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:

 ok I have an Apache Tomcat installed via  the Railo installer from
 www.getrailo.org

 Why not download directly from apache.org?

 I use the railo installer so we have a standard configuration and
 setup
 across all server that is officially supported.

 Time to make use of that official support then as we have no idea what
 changes Railo may have made to the standard Tomcat distribution from
 the
 ASF.

 Mark




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

Restart the service? Clear browser cache? What URL are you using?

More information would be extremely helpful here.

Warm regards,
Jordan Michaels

On 09/08/2011 01:54 PM, Russ Michaels wrote:

that's how it was originally, I have changed it back to that and still
the same problem.
index.jsp works, but nothing else does, tomcat 404 error



On Thu, Sep 8, 2011 at 9:49 PM, Jordan Michaelsjor...@viviotech.net  wrote:

Don't use context at all in there. Your localhost entry should be:

  Host name=localhost  appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
  /Host

.. and that's it. Unless you deliberately want your default site to be the
same as your IIS default site.

Restart the tomcat service after you update the server.xml with the default
loclahost entry, then hit your server at localhost:/index.jsp to get the
default tomcat home page. You will be able to reach the rest of the tomcat
apps from there.

Warm regards,
Jordan Michaels

On 09/08/2011 01:40 PM, Russ Michaels wrote:


tried that didn.t work.

On a working server, my localhost entry is

Context docBase=%SystemDrive%/inetpub/wwwroot
 WatchedResourceWEB-INF/web.xml/WatchedResource
/Context

and lochost: gets me into the tomcat admin and it all works

the non working server had the exact same entry, and I tried changing
it to point to the c:\railo\tomcat\webapps\root



On Thu, Sep 8, 2011 at 9:06 PM, Jordan Michaelsjor...@viviotech.net
  wrote:


I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.


What? Link it, or it didn't happen.

Check your localhost mapping in the Tomcat server.xml file. Make sure
it's
pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo builds
update the default to point to the IIS root. The idea was to not confuse
the
IIS folks because their IIS webroot didn't match their Tomcat webroot,
but
that practice ended up causing just as much confusion as it solved - like
in
your case.

Make sure the localhost server.xml mapping points to the tomcat
webapps/ROOT/ directory and you should be set to use the Tomcat webapps.

Warm regards,
Jordan Michaels

On 09/08/2011 12:57 PM, Russ Michaels wrote:


I have already tried the Railo forums and been told to come here as it
is a problem with Tomcat and not Railo.
I think the only difference is the install path, it is put in
c:\railo\tomcat rather than c:\tomcat, so lets just work on that
assumption, i'm sure i'll find out pretty quick if that is not the
case.

On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.org  wrote:


Russ Michaelsr...@michaels.me.uk  wrote:


On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
ch...@christopherschultz.net  wrote:


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Russ,

On 9/8/2011 11:44 AM, Russ Michaels wrote:


ok I have an Apache Tomcat installed via  the Railo installer from
www.getrailo.org


Why not download directly from apache.org?


I use the railo installer so we have a standard configuration and
setup
across all server that is officially supported.


Time to make use of that official support then as we have no idea what
changes Railo may have made to the standard Tomcat distribution from
the
ASF.

Mark




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

service has been restart
cache has been cleared
the pages giving 404 are

http://localhost:/manager/html
http://localhost:/manager/status


On Thu, Sep 8, 2011 at 9:56 PM, Jordan Michaels jor...@viviotech.net wrote:
 Restart the service? Clear browser cache? What URL are you using?

 More information would be extremely helpful here.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 01:54 PM, Russ Michaels wrote:

 that's how it was originally, I have changed it back to that and still
 the same problem.
 index.jsp works, but nothing else does, tomcat 404 error



 On Thu, Sep 8, 2011 at 9:49 PM, Jordan Michaelsjor...@viviotech.net
  wrote:

 Don't use context at all in there. Your localhost entry should be:

      Host name=localhost  appBase=webapps
            unpackWARs=true autoDeploy=true
            xmlValidation=false xmlNamespaceAware=false
      /Host

 .. and that's it. Unless you deliberately want your default site to be
 the
 same as your IIS default site.

 Restart the tomcat service after you update the server.xml with the
 default
 loclahost entry, then hit your server at localhost:/index.jsp to get
 the
 default tomcat home page. You will be able to reach the rest of the
 tomcat
 apps from there.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 01:40 PM, Russ Michaels wrote:

 tried that didn.t work.

 On a working server, my localhost entry is

 Context docBase=%SystemDrive%/inetpub/wwwroot
     WatchedResourceWEB-INF/web.xml/WatchedResource
 /Context

 and lochost: gets me into the tomcat admin and it all works

 the non working server had the exact same entry, and I tried changing
 it to point to the c:\railo\tomcat\webapps\root



 On Thu, Sep 8, 2011 at 9:06 PM, Jordan Michaelsjor...@viviotech.net
  wrote:

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.

 What? Link it, or it didn't happen.

 Check your localhost mapping in the Tomcat server.xml file. Make sure
 it's
 pointing to the Tomcat webapps/ROOT/ folder. Some earlier Railo builds
 update the default to point to the IIS root. The idea was to not
 confuse
 the
 IIS folks because their IIS webroot didn't match their Tomcat webroot,
 but
 that practice ended up causing just as much confusion as it solved -
 like
 in
 your case.

 Make sure the localhost server.xml mapping points to the tomcat
 webapps/ROOT/ directory and you should be set to use the Tomcat
 webapps.

 Warm regards,
 Jordan Michaels

 On 09/08/2011 12:57 PM, Russ Michaels wrote:

 I have already tried the Railo forums and been told to come here as it
 is a problem with Tomcat and not Railo.
 I think the only difference is the install path, it is put in
 c:\railo\tomcat rather than c:\tomcat, so lets just work on that
 assumption, i'm sure i'll find out pretty quick if that is not the
 case.

 On Thu, Sep 8, 2011 at 8:31 PM,ma...@apache.org      wrote:

 Russ Michaelsr...@michaels.me.uk      wrote:

 On Thu, Sep 8, 2011 at 7:08 PM, Christopher Schultz
 ch...@christopherschultz.net      wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Russ,

 On 9/8/2011 11:44 AM, Russ Michaels wrote:

 ok I have an Apache Tomcat installed via  the Railo installer from
 www.getrailo.org

 Why not download directly from apache.org?

 I use the railo installer so we have a standard configuration and
 setup
 across all server that is officially supported.

 Time to make use of that official support then as we have no idea
 what
 changes Railo may have made to the standard Tomcat distribution from
 the
 ASF.

 Mark




 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

what version of the installer are you using?

Warm regards,
Jordan Michaels

On 09/08/2011 01:59 PM, Russ Michaels wrote:

service has been restart
cache has been cleared
the pages giving 404 are

http://localhost:/manager/html
http://localhost:/manager/status


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

railo-3.2.3.000-pl0-windows-installer.exe



On Thu, Sep 8, 2011 at 10:03 PM, Jordan Michaels jor...@viviotech.net wrote:
 what version of the installer are you using?

 Warm regards,
 Jordan Michaels

 On 09/08/2011 01:59 PM, Russ Michaels wrote:

 service has been restart
 cache has been cleared
 the pages giving 404 are

 http://localhost:/manager/html
 http://localhost:/manager/status

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

Are you certain?

That version of the installer doesn't update the Tomcat localhost entry. 
If your localhost entry was modified, that's not the version you used.


Further, that version works for me using the URL's you specified.

Which OS (be specific) are you having the trouble on?

Warm regards,
Jordan Michaels

On 09/08/2011 02:05 PM, Russ Michaels wrote:

railo-3.2.3.000-pl0-windows-installer.exe



On Thu, Sep 8, 2011 at 10:03 PM, Jordan Michaelsjor...@viviotech.net  wrote:

what version of the installer are you using?

Warm regards,
Jordan Michaels

On 09/08/2011 01:59 PM, Russ Michaels wrote:


service has been restart
cache has been cleared
the pages giving 404 are

http://localhost:/manager/html
http://localhost:/manager/status


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org








-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

yes 100%, no other version of the installer has ever been downloaded
in this server.
The localhost entry was changed the vhost copier plugin, but it
already didn't work before I installed this.

the server we have been discussing is windows 2003 IIS6.

On Thu, Sep 8, 2011 at 10:20 PM, Jordan Michaels jor...@viviotech.net wrote:
 Are you certain?

 That version of the installer doesn't update the Tomcat localhost entry. If
 your localhost entry was modified, that's not the version you used.

 Further, that version works for me using the URL's you specified.

 Which OS (be specific) are you having the trouble on?

 Warm regards,
 Jordan Michaels

 On 09/08/2011 02:05 PM, Russ Michaels wrote:

 railo-3.2.3.000-pl0-windows-installer.exe



 On Thu, Sep 8, 2011 at 10:03 PM, Jordan Michaelsjor...@viviotech.net
  wrote:

 what version of the installer are you using?

 Warm regards,
 Jordan Michaels

 On 09/08/2011 01:59 PM, Russ Michaels wrote:

 service has been restart
 cache has been cleared
 the pages giving 404 are

 http://localhost:/manager/html
 http://localhost:/manager/status

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org






 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org





-- 
--

Russ Michaels

www.bluethunderinternet.com  : Business hosting services  solutions
www.cfmldeveloper.com    : ColdFusion developer community
www.michaels.me.uk   : my blog
www.cfsearch.com : ColdFusion search engine

skype me                     : russmichaels

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Jordan Michaels]

IIS version doesn't matter as you're working directly with Tomcat's web 
server.


Tested on w2k3 and it works for me.

Try it without the VHost Copier and see if you get better results.

-JM

On 09/08/2011 02:58 PM, Russ Michaels wrote:

yes 100%, no other version of the installer has ever been downloaded
in this server.
The localhost entry was changed the vhost copier plugin, but it
already didn't work before I installed this.

the server we have been discussing is windows 2003 IIS6.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Russ Michaels]

it was broke before using the vhost copier, and I have already undone
all the changes it made to the server.xml and put it back to how it
was oriignally.

here is now it looks now

?xml version='1.0' encoding='utf-8'?
!--
  Licensed to the Apache Software Foundation (ASF) under one or more
  contributor license agreements.  See the NOTICE file distributed with
  this work for additional information regarding copyright ownership.
  The ASF licenses this file to You under the Apache License, Version 2.0
  (the License); you may not use this file except in compliance with
  the License.  You may obtain a copy of the License at

  http://www.apache.org/licenses/LICENSE-2.0

  Unless required by applicable law or agreed to in writing, software
  distributed under the License is distributed on an AS IS BASIS,
  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  See the License for the specific language governing permissions and
  limitations under the License.
--
!-- Note:  A Server is not itself a Container, so you may not
 define subcomponents such as Valves at this level.
 Documentation at /docs/config/server.html
 --
Server port=8005 shutdown=SHUTDOWN

  !--APR library loader. Documentation at /docs/apr.html --
  Listener className=org.apache.catalina.core.AprLifecycleListener
SSLEngine=on /
  !--Initialize Jasper prior to webapps are loaded. Documentation at
/docs/jasper-howto.html --
  Listener className=org.apache.catalina.core.JasperListener /
  !-- JMX Support for the Tomcat server. Documentation at
/docs/non-existent.html --
  Listener className=org.apache.catalina.mbeans.ServerLifecycleListener /
  Listener 
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
/

  !-- Global JNDI resources
   Documentation at /docs/jndi-resources-howto.html
  --
  GlobalNamingResources
!-- Editable user database that can also be used by
 UserDatabaseRealm to authenticate users
--
Resource name=UserDatabase auth=Container
  type=org.apache.catalina.UserDatabase
  description=User database that can be updated and saved
  factory=org.apache.catalina.users.MemoryUserDatabaseFactory
  pathname=conf/tomcat-users.xml /
  /GlobalNamingResources

  !-- A Service is a collection of one or more Connectors that share
   a single Container Note:  A Service is not itself a Container,
   so you may not define subcomponents such as Valves at this level.
   Documentation at /docs/config/service.html
   --
  Service name=Catalina

!--The connectors can use a shared executor, you can define one
or more named thread pools--
!--
Executor name=tomcatThreadPool namePrefix=catalina-exec-
maxThreads=150 minSpareThreads=4/
--


!-- A Connector represents an endpoint by which requests are received
 and responses are returned. Documentation at :
 Java HTTP Connector: /docs/config/http.html (blocking  non-blocking)
 Java AJP  Connector: /docs/config/ajp.html
 APR (HTTP/AJP) Connector: /docs/apr.html
 Define a non-SSL HTTP/1.1 Connector on port 8080
--
Connector port= protocol=HTTP/1.1
   connectionTimeout=2
   redirectPort=8443 /
!-- A Connector using the shared thread pool--
!--
Connector executor=tomcatThreadPool
   port=8080 protocol=HTTP/1.1
   connectionTimeout=2
   redirectPort=8443 /
--
!-- Define a SSL HTTP/1.1 Connector on port 8443
 This connector uses the JSSE configuration, when using APR, the
 connector should be using the OpenSSL style configuration
 described in the APR documentation --
!--
Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
   maxThreads=150 scheme=https secure=true
   clientAuth=false sslProtocol=TLS /
--

!-- Define an AJP 1.3 Connector on port 8009 --
Connector port=8009 protocol=AJP/1.3 redirectPort=8443 /


!-- An Engine represents the entry point (within Catalina) that processes
 every request.  The Engine implementation for Tomcat stand alone
 analyzes the HTTP headers included with the request, and passes them
 on to the appropriate Host (virtual host).
 Documentation at /docs/config/engine.html --

!-- You should set jvmRoute to support load-balancing via AJP ie :
Engine name=Standalone defaultHost=localhost jvmRoute=jvm1
--
Engine name=Catalina defaultHost=localhost

  !--For clustering, please take a look at documentation at:
  /docs/cluster-howto.html  (simple how to)
  /docs/config/cluster.html (reference documentation) --
  !--
  Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster/
  --

  !-- The request dumper valve dumps useful debugging information about
   the request and response data received and sent by Tomcat.

Re: tomcat manager not working

[Mark Eggers]

- Original Message -

 From: Russ Michaels r...@michaels.me.uk
 To: Tomcat Users List users@tomcat.apache.org
 Cc: 
 Sent: Thursday, September 8, 2011 4:11 PM
 Subject: Re: tomcat manager not working
 
 it was broke before using the vhost copier, and I have already undone
 all the changes it made to the server.xml and put it back to how it
 was oriignally.
 
 here is now it looks now
 
 ?xml version='1.0' encoding='utf-8'?
 !--
   Licensed to the Apache Software Foundation (ASF) under one or more
   contributor license agreements.  See the NOTICE file distributed with
   this work for additional information regarding copyright ownership.
   The ASF licenses this file to You under the Apache License, Version 2.0
   (the License); you may not use this file except in compliance with
   the License.  You may obtain a copy of the License at
 
       http://www.apache.org/licenses/LICENSE-2.0
 
   Unless required by applicable law or agreed to in writing, software
   distributed under the License is distributed on an AS IS BASIS,
   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   See the License for the specific language governing permissions and
   limitations under the License.
 --
 !-- Note:  A Server is not itself a Container, so 
 you may not
      define subcomponents such as Valves at this level.
      Documentation at /docs/config/server.html
 --
 Server port=8005 shutdown=SHUTDOWN
 
   !--APR library loader. Documentation at /docs/apr.html --
   Listener 
 className=org.apache.catalina.core.AprLifecycleListener
 SSLEngine=on /
   !--Initialize Jasper prior to webapps are loaded. Documentation at
 /docs/jasper-howto.html --
   Listener className=org.apache.catalina.core.JasperListener 
 /
   !-- JMX Support for the Tomcat server. Documentation at
 /docs/non-existent.html --
   Listener 
 className=org.apache.catalina.mbeans.ServerLifecycleListener /
   Listener 
 className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
 /
 
   !-- Global JNDI resources
        Documentation at /docs/jndi-resources-howto.html
   --
   GlobalNamingResources
     !-- Editable user database that can also be used by
          UserDatabaseRealm to authenticate users
     --
     Resource name=UserDatabase auth=Container
               type=org.apache.catalina.UserDatabase
               description=User database that can be updated and 
 saved
               
 factory=org.apache.catalina.users.MemoryUserDatabaseFactory
               pathname=conf/tomcat-users.xml /
   /GlobalNamingResources
 
   !-- A Service is a collection of one or more 
 Connectors that share
        a single Container Note:  A Service is not itself 
 a Container,
        so you may not define subcomponents such as Valves at this 
 level.
        Documentation at /docs/config/service.html
    --
   Service name=Catalina
 
     !--The connectors can use a shared executor, you can define one
 or more named thread pools--
     !--
     Executor name=tomcatThreadPool 
 namePrefix=catalina-exec-
         maxThreads=150 minSpareThreads=4/
     --
 
 
     !-- A Connector represents an endpoint by which requests are 
 received
          and responses are returned. Documentation at :
          Java HTTP Connector: /docs/config/http.html (blocking  
 non-blocking)
          Java AJP  Connector: /docs/config/ajp.html
          APR (HTTP/AJP) Connector: /docs/apr.html
          Define a non-SSL HTTP/1.1 Connector on port 8080
     --
     Connector port= protocol=HTTP/1.1
                connectionTimeout=2
                redirectPort=8443 /
     !-- A Connector using the shared thread pool--
     !--
     Connector executor=tomcatThreadPool
                port=8080 protocol=HTTP/1.1
                connectionTimeout=2
                redirectPort=8443 /
     --
     !-- Define a SSL HTTP/1.1 Connector on port 8443
          This connector uses the JSSE configuration, when using APR, the
          connector should be using the OpenSSL style configuration
          described in the APR documentation --
     !--
     Connector port=8443 protocol=HTTP/1.1 
 SSLEnabled=true
                maxThreads=150 scheme=https 
 secure=true
                clientAuth=false sslProtocol=TLS /
     --
 
     !-- Define an AJP 1.3 Connector on port 8009 --
     Connector port=8009 protocol=AJP/1.3 
 redirectPort=8443 /
 
 
     !-- An Engine represents the entry point (within Catalina) that 
 processes
          every request.  The Engine implementation for Tomcat stand alone
          analyzes the HTTP headers included with the request, and passes them
          on to the appropriate Host (virtual host).
          Documentation at /docs/config/engine.html --
 
     !-- You should set jvmRoute to support load-balancing via AJP ie :
     Engine name=Standalone defaultHost=localhost 
 jvmRoute=jvm1
     --
     Engine name=Catalina defaultHost=localhost
 
       !--For clustering, please take a look at documentation

RE: tomcat manager not working

[Caldarale, Charles R]

 From: Mark Eggers [mailto:its_toas...@yahoo.com] 
 Subject: Re: tomcat manager not working

 You have the following virtual host:
 Host name=www.maxyexpress.co.uk appBase=webapps
    Context path= docBase=d:\wwwroot\maxyexpress.co.uk\wwwroot /
    Aliasmaxyexpress.co.uk/Alias
 /Host

 This means that the actual docBase may end up to be:
 %CATALINA_HOME%\webapps\d:\wwwroot\maxyexpress.co.uk\wwwroot

Don't think so.  On Windows, a leading forward or backward slash after the 
drive prefix (d:, in this case) indicates an absolute path.  The JVM will 
figure that out properly.

 I suggest following the Wiki entry above and setting your 
 virtual host up as follows:
 Host name=www.maxyexpress.co.uk
      appBase=D:/wwwroot/maxyexpress.co.uk/wwwroot
      unpackWARs=true autoDeploy=true
      xmlValidation=false xmlNamespaceAware=false
    Aliasmaxyexpress.co.uk/Alias
 /Host

The above appBase setting should probably be D:/wwwroot/maxyexpress.co.uk, 
coupled with naming the default webapp's .war file or directory ROOT (case 
sensitive) rather than wwwroot, located under the appBase directory.  Much more 
along the lines of current Tomcat good practice.

 the slashes are / not \ (even on Windows).

That part shouldn't matter, but forward slashes certainly avoid confusion with 
regular expression escapes that might appear elsewhere in .xml files.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: tomcat manager not working

[Mark Eggers]

- Original Message -

 From: Caldarale, Charles R chuck.caldar...@unisys.com
 To: Tomcat Users List users@tomcat.apache.org
 Cc: 
 Sent: Thursday, September 8, 2011 8:15 PM
 Subject: RE: tomcat manager not working
 
  From: Mark Eggers [mailto:its_toas...@yahoo.com] 
  Subject: Re: tomcat manager not working
 
  You have the following virtual host:
  Host name=www.maxyexpress.co.uk 
 appBase=webapps
     Context path= 
 docBase=d:\wwwroot\maxyexpress.co.uk\wwwroot /
     Aliasmaxyexpress.co.uk/Alias
  /Host
 
  This means that the actual docBase may end up to be:
 
 %CATALINA_HOME%\webapps\d:\wwwroot\maxyexpress.co.uk\wwwroot
 
 Don't think so.  On Windows, a leading forward or backward slash after the 
 drive prefix (d:, in this case) indicates an absolute path.  The JVM will 
 figure 
 that out properly.
 

OK. I should have booted into Windows and checked this out. So while not along 
the lines of current Tomcat good practices, the above will actually work?

It just looks a bit unpleasant.

  I suggest following the Wiki entry above and setting your 
  virtual host up as follows:
  Host name=www.maxyexpress.co.uk
       appBase=D:/wwwroot/maxyexpress.co.uk/wwwroot
       unpackWARs=true autoDeploy=true
       xmlValidation=false 
 xmlNamespaceAware=false
     Aliasmaxyexpress.co.uk/Alias
  /Host
 
 The above appBase setting should probably be 
 D:/wwwroot/maxyexpress.co.uk, coupled with naming the default 
 webapp's .war file or directory ROOT (case sensitive) rather than wwwroot, 
 located under the appBase directory.  Much more along the lines of current 
 Tomcat good practice.


Agreed. I was just trying to create minimal amount of change.

  the slashes are / not \ (even on Windows).
 
 That part shouldn't matter, but forward slashes certainly avoid confusion 
 with regular expression escapes that might appear elsewhere in .xml files.
 

Again, I should have booted into Windows and played a bit. Thanks for the 
clarification.

So if the above virtual host is legal (if not clean), and the rest of his 
server.xml file looks OK, what in the world is going on?


. . . . somewhat confused
/mde/

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager Application

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Martin,

On 8/25/2011 11:44 AM, Martin Dubuc wrote:
 I am trying to run the Tomcat Manager application in Tomcat 7 
 (7.0.18). I can't get this to work. If I go to /manager/index.jsp
 on my web server, the web server redirects me to /manager/html

That is correct behavior.

 and returns a 404 error.

That is not correct behavior.

 Looking inside the manager directory under webapps, there is no
 html directory. Is the manager application broken?

Look at the servlet mappings.

Are you fronting Tomcat with httpd? If so, you'll have to make sure you
map more than just *.jsp.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk5WbssACgkQ9CaO5/Lv0PDPbQCeLkwg+TOJoNJpe+QEFPeN4JwD
oQAAn2UstXeLqrLPaaU/9UATQ5h2djIU
=vfl5
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat Manager Application

[Martin Dubuc]

Thanks Christopher. The web.xml file was not present in the manager/WEB-INF
directory. This is why I couldn't get the manager app to work.

Martin

On Thu, Aug 25, 2011 at 11:48 AM, Christopher Schultz 
ch...@christopherschultz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1

 Martin,

 On 8/25/2011 11:44 AM, Martin Dubuc wrote:
  I am trying to run the Tomcat Manager application in Tomcat 7
  (7.0.18). I can't get this to work. If I go to /manager/index.jsp
  on my web server, the web server redirects me to /manager/html

 That is correct behavior.

  and returns a 404 error.

 That is not correct behavior.

  Looking inside the manager directory under webapps, there is no
  html directory. Is the manager application broken?

 Look at the servlet mappings.

 Are you fronting Tomcat with httpd? If so, you'll have to make sure you
 map more than just *.jsp.

 - -chris
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.4.10 (MingW32)
 Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

 iEYEARECAAYFAk5WbssACgkQ9CaO5/Lv0PDPbQCeLkwg+TOJoNJpe+QEFPeN4JwD
 oQAAn2UstXeLqrLPaaU/9UATQ5h2djIU
 =vfl5
 -END PGP SIGNATURE-

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[Yucca Nel]

I do.. :) It confuses the heck out of me.

Seems to fail because I change to alphanumeric password that is longer than 
4 chars long. I also make sure to close all browser tabs so that I start a 
new session. Are there any illegal chars when using the xml?


-Original Message- 
From: André Warnier

Sent: Tuesday, April 12, 2011 4:57 PM
To: Tomcat Users List
Subject: Re: Fw: Tomcat manager fails and can't tell why.

Yucca Nel wrote:


From: yucca...@hotmail.com Sent: Tuesday, April 12, 2011 4:45 PM
To: Tomcat Users List Subject: Tomcat manager fails and can't tell why.

Hello Tomcat is playing games and I donno why. I copy my tomcat-users.xml 
to production and use credentials(tomcat username and password tomcat) As 
expected I am able to log in, but the moment I change these to more secure 
credentials in the xml, authentication fails. I know the xml is not meant 
for production authentication, but this is just to test the manager 
application is working before I continue with setting up rest of the 
server?




Stupid question : do you restart Tomcat after you have changed the contents 
of

tomcat-users.xml ?


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[David kerber]

On 4/12/2011 11:04 AM, Yucca Nel wrote:

I do.. :) It confuses the heck out of me.

Seems to fail because I change to alphanumeric password that is longer
than 4 chars long. I also make sure to close all browser tabs so that I


Do you close the entire browser?  I don't think just closing tabs will 
clear the session.


D

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[Yucca Nel]

Indeed :D,

Seems to be an issue when I add an ampersand to the password!

-Original Message- 
From: David kerber 
Sent: Tuesday, April 12, 2011 5:07 PM 
To: Tomcat Users List 
Subject: Re: Tomcat manager fails and can't tell why. 


On 4/12/2011 11:04 AM, Yucca Nel wrote:

I do.. :) It confuses the heck out of me.

Seems to fail because I change to alphanumeric password that is longer
than 4 chars long. I also make sure to close all browser tabs so that I


Do you close the entire browser?  I don't think just closing tabs will 
clear the session.


D

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager fails and can't tell why.

[Caldarale, Charles R]

 From: Yucca Nel [mailto:yucca...@live.co.za] 
 Subject: Re: Tomcat manager fails and can't tell why.

 Seems to be an issue when I add an ampersand to the password!

Which is not an alphanumeric character, contrary to your earlier postings.

Probably some escaping required when using non-alphanumeric, but I don't know 
the details.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[David kerber]

On 4/12/2011 11:17 AM, Yucca Nel wrote:

Indeed :D,

Seems to be an issue when I add an ampersand to the password!


That doesn't surprise me a bit.  I don't think I've run into any 
password system that will accept that character, though I guess there 
must be some since you're using it.


D




-Original Message- From: David kerber Sent: Tuesday, April 12,
2011 5:07 PM To: Tomcat Users List Subject: Re: Tomcat manager fails and
can't tell why.
On 4/12/2011 11:04 AM, Yucca Nel wrote:

I do.. :) It confuses the heck out of me.

Seems to fail because I change to alphanumeric password that is longer
than 4 chars long. I also make sure to close all browser tabs so that I


Do you close the entire browser? I don't think just closing tabs will
clear the session.

D

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org





-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[Yucca Nel]

Apologies, I seem to confuse myself, but am happy enough with that 
explanation :D I am ill with a brain tumour and trying to get back in swing 
of things after surgery.


Prayers are welcome:D

Yucca

-Original Message- 
From: Caldarale, Charles R

Sent: Tuesday, April 12, 2011 5:23 PM
To: Tomcat Users List
Subject: RE: Tomcat manager fails and can't tell why.


From: Yucca Nel [mailto:yucca...@live.co.za]
Subject: Re: Tomcat manager fails and can't tell why.



Seems to be an issue when I add an ampersand to the password!


Which is not an alphanumeric character, contrary to your earlier postings.

Probably some escaping required when using non-alphanumeric, but I don't 
know the details.


- Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[David Smith]

On 4/12/2011 11:28 AM, David kerber wrote:
 On 4/12/2011 11:17 AM, Yucca Nel wrote:
 Indeed :D,

 Seems to be an issue when I add an ampersand to the password!
 That doesn't surprise me a bit.  I don't think I've run into any 
 password system that will accept that character, though I guess there 
 must be some since you're using it.

 D


I suspect tomcat would be fine with ,  and  as long as you properly
encode them in your tomcat-users.xml file.  It is an xml file and
requires proper encoding:

 = amp;
 = lt;
 = gt;

--David
 -Original Message- From: David kerber Sent: Tuesday, April 12,
 2011 5:07 PM To: Tomcat Users List Subject: Re: Tomcat manager fails and
 can't tell why.
 On 4/12/2011 11:04 AM, Yucca Nel wrote:
 I do.. :) It confuses the heck out of me.

 Seems to fail because I change to alphanumeric password that is longer
 than 4 chars long. I also make sure to close all browser tabs so that I
 Do you close the entire browser? I don't think just closing tabs will
 clear the session.

 D

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

On 4/12/2011 11:28 AM, David kerber wrote:
 On 4/12/2011 11:17 AM, Yucca Nel wrote:
 Indeed :D,

 Seems to be an issue when I add an ampersand to the password!
 
 That doesn't surprise me a bit.  I don't think I've run into any
 password system that will accept that character, though I guess there
 must be some since you're using it.

Our password system takes that character. Anything you can fit into a
UTF-8 code point, we'll take. Actually, we don't even care about the
encoding. We'll take up to 4096 characters of whatever you want to send
to us and use it. None of this 8 character maximum bullshit.

Why would you think that  would be some kind of verboten character
for a password?

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2kdTAACgkQ9CaO5/Lv0PCHDACgraBwFnV2ky8GwquYaPXlCI9e
YJEAnjXFAaT8aIBCbZKLnyonw5Ybe8Bv
=iLuI
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[David kerber]

On 4/12/2011 11:52 AM, Christopher Schultz wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

On 4/12/2011 11:28 AM, David kerber wrote:

On 4/12/2011 11:17 AM, Yucca Nel wrote:

Indeed :D,

Seems to be an issue when I add an ampersand to the password!


That doesn't surprise me a bit.  I don't think I've run into any
password system that will accept that character, though I guess there
must be some since you're using it.


Our password system takes that character. Anything you can fit into a
UTF-8 code point, we'll take. Actually, we don't even care about the
encoding. We'll take up to 4096 characters of whatever you want to send
to us and use it. None of this 8 character maximum bullshit.

Why would you think that  would be some kind of verboten character
for a password?


Because of its uses in windows as a special character (triggering the 
underline), and in browsers for marking request parameters.  I would be 
glad to be wrong, though...



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager fails and can't tell why.

[Propes, Barry L]

Most don't, and XML is typically very picky about all that. I learned that 
lesson several years ago trying to pass along characters in some XSL documents 
and files, and it balks at many special characters. I wouldn't even think of 
attempting that for a password embedded in XML, but that's me.

-Original Message-
From: David kerber [mailto:dcker...@verizon.net]
Sent: Tuesday, April 12, 2011 10:29 AM
To: Tomcat Users List
Subject: Re: Tomcat manager fails and can't tell why.

On 4/12/2011 11:17 AM, Yucca Nel wrote:
 Indeed :D,

 Seems to be an issue when I add an ampersand to the password!

That doesn't surprise me a bit.  I don't think I've run into any password 
system that will accept that character, though I guess there must be some since 
you're using it.

D



 -Original Message- From: David kerber Sent: Tuesday, April 12,
 2011 5:07 PM To: Tomcat Users List Subject: Re: Tomcat manager fails and
 can't tell why.
 On 4/12/2011 11:04 AM, Yucca Nel wrote:
 I do.. :) It confuses the heck out of me.

 Seems to fail because I change to alphanumeric password that is longer
 than 4 chars long. I also make sure to close all browser tabs so that I

 Do you close the entire browser? I don't think just closing tabs will
 clear the session.

 D

 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Tomcat manager fails and can't tell why.

[Christopher Schultz]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

David,

On 4/12/2011 12:02 PM, David kerber wrote:
 On 4/12/2011 11:52 AM, Christopher Schultz wrote:

 Why would you think that  would be some kind of verboten character
 for a password?
 
 Because of its uses in windows as a special character (triggering the
 underline), and in browsers for marking request parameters.  I would be
 glad to be wrong, though...

Windows filename restrictions have nothing to do with request parameters.

Query string parameters have a very specific way to encode characters
that would otherwise interfere with the query string. Otherwise, it
would not be possible to pass  and ? and = as any request parameter.

The fact that the form input is a password makes no difference in
how parameters are passed from the client to the server.

In any event, the OP was talking about the manager app which is
configured by default to use HTTP BASIC authentication, which doesn't
use request parameters at all: it uses request headers, and a specific
way of safely passing both the username and the password to the server
which avoids any problems with the content of those values.

- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk2kickACgkQ9CaO5/Lv0PB/wwCguT0y32fk63+IfR1dPczKHt4z
nFEAoJa8LjFBYJQxQi4XHg90GKyiIaPy
=9NmY
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager

[Caldarale, Charles R]

 From: Propes, Barry L [mailto:barry.l.pro...@citi.com] 
 Subject: Tomcat manager

 In trying to overwrite the current setting to allow for 
 the filter, do I need to delete the manager.xml file in 
 Tomcat\conf\Catalina\localhost ?

Yes.

 Doing so doesn't allow the manager.xml file to be recreated,
 upon starting and stopping the Tomcat service, unlike other
 webapp context.xml files.

I don't remember the rules for when the Context element is copied, but as 
long as either conf/Catalina/[host]/manager.xml doesn't exist or is an exact 
copy of webapps/manager/META-INF/context.xml, it will be fine.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager

[Propes, Barry L]

Ok, so it ( webapps/manager/META-INF/context.xml) doesn't necessarily get 
copied out to the Catalina folder then? Is that correct?

I mean, upon stopping the Tomcat service, and restarting it? Am I understanding 
that correctly?

I hope I'm understanding you correctly.

Thanks, Chuck.

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, October 26, 2010 1:18 PM
To: Tomcat Users List
Subject: RE: Tomcat manager

 From: Propes, Barry L [mailto:barry.l.pro...@citi.com]
 Subject: Tomcat manager

 In trying to overwrite the current setting to allow for the filter, do
 I need to delete the manager.xml file in
 Tomcat\conf\Catalina\localhost ?

Yes.

 Doing so doesn't allow the manager.xml file to be recreated, upon
 starting and stopping the Tomcat service, unlike other webapp
 context.xml files.

I don't remember the rules for when the Context element is copied, but as 
long as either conf/Catalina/[host]/manager.xml doesn't exist or is an exact 
copy of webapps/manager/META-INF/context.xml, it will be fine.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager

[Caldarale, Charles R]

 From: Propes, Barry L [mailto:barry.l.pro...@citi.com] 
 Subject: RE: Tomcat manager

 Ok, so it ( webapps/manager/META-INF/context.xml) doesn't 
 necessarily get copied out to the Catalina folder then?

Correct.  The rules for when Tomcat chooses to copy the Context element have 
changed over time; the current 6.0 doc says If the web application is packaged 
as a WAR then /META-INF/context.xml will be copied to 
$CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to match the 
application's context path.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat manager

[Propes, Barry L]

Ok, thanks, Chuck!

-Original Message-
From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
Sent: Tuesday, October 26, 2010 1:42 PM
To: Tomcat Users List
Subject: RE: Tomcat manager

 From: Propes, Barry L [mailto:barry.l.pro...@citi.com]
 Subject: RE: Tomcat manager

 Ok, so it ( webapps/manager/META-INF/context.xml) doesn't necessarily
 get copied out to the Catalina folder then?

Correct.  The rules for when Tomcat chooses to copy the Context element have 
changed over time; the current 6.0 doc says If the web application is packaged 
as a WAR then /META-INF/context.xml will be copied to 
$CATALINA_BASE/conf/[enginename]/[hostname]/ and renamed to match the 
application's context path.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Manager undeploy link inactive

[Caldarale, Charles R]

 From: alain.lheur...@uquebec.ca [mailto:alain.lheur...@uquebec.ca] 
 Subject: TR: Tomcat Manager undeploy link inactive

 my tomcat manager app does not provide the option 
 to undeploy webapps.

So I'll guess you're using Tomcat 4.1.2?  Or maybe you could actually tell us 
the exact version, so we don't have to guess.

 Please see the attached image for an example.

Most attachments are stripped by the mailing list, including images.

Have you looked in the Tomcat logs?  Have you configured appropriate role 
names?  What URL are you using to access the manager?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Manager undeploy link inactive

[alain.lheureux]

Yeah I totally forgot about my Tomcat version, sorry about that.
So, I am using Tomcat 5.5.28. 

For the image, I guess it is not really needed anyway, the fact is the 
undeploy link is no more a link but just text.

The user I am connecting with as the admin and manager roles.
And I am using the following URL: http://myserver:port/manager/html
The logs are clean.

Alain 

-Message d'origine-
De : Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] 
Envoyé : 10 septembre 2010 15:33
À : Tomcat Users List
Objet : RE: Tomcat Manager undeploy link inactive

 From: alain.lheur...@uquebec.ca [mailto:alain.lheur...@uquebec.ca] 
 Subject: TR: Tomcat Manager undeploy link inactive

 my tomcat manager app does not provide the option 
 to undeploy webapps.

So I'll guess you're using Tomcat 4.1.2?  Or maybe you could actually tell us 
the exact version, so we don't have to guess.

 Please see the attached image for an example.

Most attachments are stripped by the mailing list, including images.

Have you looked in the Tomcat logs?  Have you configured appropriate role 
names?  What URL are you using to access the manager?

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat Manager undeploy link inactive

[Caldarale, Charles R]

 From: alain.lheur...@uquebec.ca [mailto:alain.lheur...@uquebec.ca] 
 Subject: RE: Tomcat Manager undeploy link inactive

 So, I am using Tomcat 5.5.28. 

I had to go to the archives to download and install that.

 the fact is the undeploy link is no more a link but just text.

I don't see that when I run a vanilla 5.5.28 on JDK 6u21 under Win7, using 
Firefox 3.6.9 and IE8.  Everything under the commands column is underlined 
except for all of the Start entries, and the row for the manager itself.

 And I am using the following URL: 
 http://myserver:port/manager/html

What browser?  What JDK?  What platform?  Do you have a security manger 
enabled?  (Shouldn't make a difference, but...)

Have you looked at the HTML coming back to the browser?  The Commands row for a 
running webapp should look like this:

small
  nbsp;Startnbsp;
  nbsp;a href=/manager/html/stop?path=/servlets-examples 
onclick=return(confirm('Are you sure?'))Stop/anbsp;
  nbsp;a href=/manager/html/reload?path=/servlets-examples 
onclick=return(confirm('Are you sure?'))Reload/anbsp;
  nbsp;a href=/manager/html/undeploy?path=/servlets-examples 
onclick=return(confirm('Are you sure?'))Undeploy/anbsp;
  /small

If the a.../a fields are there, then it's your browser failing to underline 
links.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org