RE: Tomcat WAR deployment with virtual host only shows blank page
Ok, it works that way. So, if I did want to create the WAR file, is my structure correct to work with a virtual host? Caldarale, Charles R wrote: From: tomcatastrophe [mailto:nab...@changethings.org] Subject: RE: Tomcat WAR deployment with virtual host only shows blank page So, I should package my WAR then? Not necessarily; you can deploy it expanded, but with the directory name ROOT, not ROOT.war. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Tomcat-WAR-deployment-with-virtual-host-only-shows-blank-page-tp24197704p24249236.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: REMOTE_USER with Apache 2.2.9 (Debian) + Tomcat 6.0.18 + mod_auth_kerb
Maciej Matecki wrote: On Mon, Jun 29, 2009 at 1:28 AM, André Warniera...@ice-sa.com wrote: Maciej Matecki wrote: Actually I've got much more bigger problem I can't get compiled module for kerberos with Apache on Windows :( Can I ask again : why do you need to authenticate /under Apache/ with Kerberos ? Is it just to pass the user-id to Tomcat ? Or do you also need it at the Apache level for something ? I just need to pass the user-id to Tomcat. Then why don't you do the Kerberos authentication directly in Tomcat, instead of trying to do it under Apache ? I googled a bit last night for tomcat +auth +kerberos, and although I personally don't understand most of it, it seems that there are already ready-made ways of doing this, around the JAAS realm concept. Once your app is authenticated under Tomcat, if you need to pick up the user-id from Tomcat to pass it in another way to other webapps/filters, you can just pick it up as request.getRemoteUser(). Also, once you have done the Kerberos authentication in Tomcat, and if you ever need, later, to bring this back to the Apache level, then the method I previously indicated would apply. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: splitting thread pool
You can create a filter or run on separate Tomcat instances. NB: You are not solving the cause, but the effect. You don't have enough threads or cpu-power to handle the total load. Ronald. Op maandag, 29 juni 2009 07:12 schreef prashant sharma : Hi, I have the following attributes in the server.xml file: Connector port=80 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / The web application that I am working on exposes many webservices, which are invoked from other applications. The problem I am facing is that when my application gets a lot of webservice requests, it reaches the limit of maxThreads. After this limit is reached I am not able to open the webpage for my web application. Is there any way to configure my web application such that I have a separate quota of threads for webpage access and a separate quota for other types of accesses like webservice requests? Thanks! Prashant
Re: splitting thread pool
Thanks for your response Ronald! Won't a filter be a part of the thread pool? I mean every incoming request would create a new thread and filter would be invoked on this new thread ...right? The solution that I am looking for is to partition the thread pool into 2 parts One that serves the webpage requests and the other that is allocated to the internal processing of the web application. Thanks! Prashant From: Ronald Klop ronald-mailingl...@base.nl To: Tomcat Users List users@tomcat.apache.org Cc: prashant sharma psharma_...@yahoo.com Sent: Monday, June 29, 2009 4:57:53 AM Subject: Re: splitting thread pool You can create a filter or run on separate Tomcat instances. NB: You are not solving the cause, but the effect. You don't have enough threads or cpu-power to handle the total load. Ronald. Op maandag, 29 juni 2009 07:12 schreef prashant sharma : Hi, I have the following attributes in the server.xml file: Connector port=80 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / The web application that I am working on exposes many webservices, which are invoked from other applications. The problem I am facing is that when my application gets a lot of webservice requests, it reaches the limit of maxThreads. After this limit is reached I am not able to open the webpage for my web application. Is there any way to configure my web application such that I have a separate quota of threads for webpage access and a separate quota for other types of accesses like webservice requests? Thanks! Prashant
RE: NoClassDefFoundError
From: chenjh [mailto:che...@thinker.com.cn] Subject: NoClassDefFoundError I had placed jfreechart.jar and jcommon.jar into [tomcat]/common/lib, but after running for some time, the producing image page fail with NoClassDefFoundError. Make sure you do not have other copies of jfreechart.jar or jcommon.jar (or any classes therein) in some other location visible to the webapp classloader - such as WEB-INF/lib or shared/lib. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Seeking authoritative answer re using Log4J with v6
From: Caldarale, Charles R Subject: RE: Seeking authoritative answer re using Log4J with v6 Are you sure you followed all of the steps on the logging page with a clean Tomcat install? I will try again from scratch, and report back. Did a clean install of Win 7, JDK 6u14, ant 1.7.1, and Tomcat 6.0.20, and downloaded the extras jars rather than building them. Configured as documented on the logging page - and it all worked as described there, with tomcat.1 and tomcat.log being generated (using DEBUG logging). Still trying to figure out the differences between that and what was done on the Vista system... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: splitting thread pool
If you have maxThreads=100 and you create a filter which blocks A if threadRunningA=10 and blocks B if threadsRunningB=90 than you can tune it the way you want it to be without seeing TooManyThreads errors from Tomcat. Or make it 9 vs. 89 to be safe. Still it doesn't solve you real problem about not being able to deliver enough performance to handle the total load. Which is probably solvable by profiling your application or running a cluster or splitting the services over more machines. Ronald. Op maandag, 29 juni 2009 15:44 schreef prashant sharma : Thanks for your response Ronald! Won't a filter be a part of the thread pool? I mean every incoming request would create a new thread and filter would be invoked on this new thread ...right? The solution that I am looking for is to partition the thread pool into 2 parts One that serves the webpage requests and the other that is allocated to the internal processing of the web application. Thanks! Prashant From: Ronald Klop ronald-mailingl...@base.nl To: Tomcat Users List users@tomcat.apache.org Cc: prashant sharma psharma_...@yahoo.com Sent: Monday, June 29, 2009 4:57:53 AM Subject: Re: splitting thread pool You can create a filter or run on separate Tomcat instances. NB: You are not solving the cause, but the effect. You don't have enough threads or cpu-power to handle the total load. Ronald. Op maandag, 29 juni 2009 07:12 schreef prashant sharma : Hi, I have the following attributes in the server.xml file: Connector port=80 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / The web application that I am working on exposes many webservices, which are invoked from other applications. The problem I am facing is that when my application gets a lot of webservice requests, it reaches the limit of maxThreads. After this limit is reached I am not able to open the webpage for my web application. Is there any way to configure my web application such that I have a separate quota of threads for webpage access and a separate quota for other types of accesses like webservice requests? Thanks! Prashant
Re: Tomcat and Salesforce Issue
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 6/28/2009 1:35 PM, Martin Gainty wrote: op mentioned the SF webservice becomes unavailable at 'weird' times (more than likely the SF webserver is going offline for backup) if you can post the SF log we'll take a look and try to figure out the error SF is an online service run by a company. I don't believe they are going to provide their log files to a customer. SF should be available all the time. If not, their API documentation should state regular downtimes (such as between 0100-0200 GMT). I suspect the problem is with the client, not SalesForce. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpI0R8ACgkQ9CaO5/Lv0PAAFQCfSW7vUkY3OK6xuPK6mSaDQNO8 PrQAnRjwYbwJ63TCheDE5OrEg5MlNiJL =Bfgt -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session timeout on shared session between two webapps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tamar, On 6/28/2009 11:10 AM, Tamar Furman (tfurman) wrote: The problem starts when the second webapp is opened as well. In this case, on timeout the session does get destroyed but the new session that is created on a new http request still holds the old user principal - meaning I cannot recognize it as a new session. What type of authentication are you using? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpI0okACgkQ9CaO5/Lv0PB1aACcDj71lZf0JsMUhUK4pnjFkY9/ vwIAoLVK2/cRgLw1uZwf6iclSd+Zi6JX =bAAp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: splitting thread pool
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Prashant, On 6/29/2009 1:12 AM, prashant sharma wrote: Is there any way to configure my web application such that I have a separate quota of threads for webpage access and a separate quota for other types of accesses like webservice requests? The only way I know of to do this is with separate connectors: you would configure them separately so that the webapp one (that is, the one that handles traditional human clients reading web pages) is separate from the web service one (that is, the one that services only web service clients). Two have two connectors, you either need a second port number to use (not terribly convenient, since ports other than 80 and 443 are often blocked by firewalls, etc.) or a second IP address to use (also not terribly convenient since your web service calls need to be coded to hit a different host). Another option is to use a front-controller like Apache httpd to direct traffic: 1. Install httpd and configure it to work with your existing webapp, configured to handle everything just as it works today. Use your choice of mod_jk or mod_proxy_http/ajp. Make sure you have httpd configured to accept enough requests for your expected (or observed) peak load. 2. Add a second Connector on a different port. Don't worry about firewall issues as this port doesn't need to be available to the outside world. 3. Change your httpd proxy configuration (ProxyPass or JkMount) so that the URIs for web services are directed to the /second/ connector you created in #2 above. This will allow httpd to act as a traffic cop to direct web service requests to that second connector, which can (of course!) be configured separately and/or differently than the one for web clients. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpI1GIACgkQ9CaO5/Lv0PBLXQCgroWHtSNDkvwhJP6WPbnCt3b7 BmEAoMJm80XQaCNgWMWDE29pFYAmbq8O =rhVV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: splitting thread pool
Thanks for a detailed response Chris! I am quite new to tomcat...It would be really helpful if you could give some reference links to the things you are talking about in 1 and 3 below? Thanks! Prashant From: Christopher Schultz ch...@christopherschultz.net To: Tomcat Users List users@tomcat.apache.org Sent: Monday, June 29, 2009 10:49:06 AM Subject: Re: splitting thread pool -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Prashant, On 6/29/2009 1:12 AM, prashant sharma wrote: Is there any way to configure my web application such that I have a separate quota of threads for webpage access and a separate quota for other types of accesses like webservice requests? The only way I know of to do this is with separate connectors: you would configure them separately so that the webapp one (that is, the one that handles traditional human clients reading web pages) is separate from the web service one (that is, the one that services only web service clients). Two have two connectors, you either need a second port number to use (not terribly convenient, since ports other than 80 and 443 are often blocked by firewalls, etc.) or a second IP address to use (also not terribly convenient since your web service calls need to be coded to hit a different host). Another option is to use a front-controller like Apache httpd to direct traffic: 1. Install httpd and configure it to work with your existing webapp, configured to handle everything just as it works today. Use your choice of mod_jk or mod_proxy_http/ajp. Make sure you have httpd configured to accept enough requests for your expected (or observed) peak load. 2. Add a second Connector on a different port. Don't worry about firewall issues as this port doesn't need to be available to the outside world. 3. Change your httpd proxy configuration (ProxyPass or JkMount) so that the URIs for web services are directed to the /second/ connector you created in #2 above. This will allow httpd to act as a traffic cop to direct web service requests to that second connector, which can (of course!) be configured separately and/or differently than the one for web clients. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpI1GIACgkQ9CaO5/Lv0PBLXQCgroWHtSNDkvwhJP6WPbnCt3b7 BmEAoMJm80XQaCNgWMWDE29pFYAmbq8O =rhVV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: splitting thread pool
From: Christopher Schultz [mailto:ch...@christopherschultz.net] Subject: Re: splitting thread pool The only way I know of to do this is with separate connectors: One thing that hasn't been discussed is whether HTTP keep-alives are involved. If so, then using the NIO connector would free up threads that are otherwise doing nothing but waiting for more requests on the same connection to show up. (Disabling keep-alives would also do this, with an associated performance cost.) An alternative to using a filter, multiple connectors, or impacting performance with a front-end traffic cop is to use a set of ServletRequestListener classes that would keep track of the number of concurrent requests for the webapps of interest, and throttle accordingly. Since that would run in-process, it should give better performance and be less overhead than any kind of front-end director. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
owned by root
Hi Any idea what makes web applications owned by root even though tomcat runs as a non-root user? (I have mod_jk installed and apache running as root) Thank you, - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Seeking authoritative answer re using Log4J with v6
This also worked correctly (as documented) for me with 6.0.20 - with the build of extras and log4j off the SVN trunk (patches for certain property handling due out in 1.2.16) -- Mike -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Friday, June 26, 2009 4:01 PM To: Tomcat Users List Subject: Re: Seeking authoritative answer re using Log4J with v6 Mark Thomas wrote: Caldarale, Charles R wrote: From: Jonathan Ross [mailto:jonr...@alum.mit.edu] Subject: Seeking authoritative answer re using Log4J with v6 if log4j.jar is placed in catalina.home/lib per instructions, it's not on the system classpath, which is used by bootstrap.jar. A recent posting by Mark T indicates the doc might be in error; someone writing a custom log handler had to place it on Tomcat's startup classpath, so the same might very well be true for log4j. Some experimentation is in order, and you may have just done that. I have checked recently (with 6.0.18) and it worked as expected and documented. I'll check 6.0.20 and post the results. 6.0.20 works for me as well. It looks very much like your build environment is broken. Rather than building the extras package yourself, just download it. This works for me with 6.0.18 and 6.0.20 as documented. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: owned by root
Melanie Pfefer wrote: Hi Any idea what makes web applications owned by root even though tomcat runs as a non-root user? (I have mod_jk installed and apache running as root) Thank you, I have two thoughts: 1. You installed the webapp as root which caused the OS to write the files owned by root 2. There's some kind of security cron job resetting file permissions in areas like /var --David - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: owned by root
On Mon, Jun 29, 2009 at 8:55 AM, Melanie Pfefermelanie_pfe...@yahoo.co.uk wrote: Any idea what makes web applications owned by root even though tomcat runs as a non-root user? Uh, they were installed by root? :-) -- Hassan Schroeder hassan.schroe...@gmail.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How do I support a login form embedded in templates
I suspect this question has been answered before - unfortunately, I cannot find the key words to find my answer(s) in archives, etc. I understand that Tomcat's FORM authorization setup expects me to secure URL's and then let Tomcat invoke the login form before proceeding to these URL's when requested. However, I have a site for which we are creating a new layout which includes a small login form in the left column. Throughout the site we use roles defined in the web.xml (checked using isUserInRole() ). I see many sites use this layout-embedded login form, so I expect there is some way to set this up in Tomcat. Can someone point me at some info? I am using Struts in case that matters. I see many sites use this concept of putting the login form in the template - does this setup require me to abandon Tomcat's authentication/authorization mechanisms? My site has many pages and features which all use the isUserInRole() - I dread having to recode the whole site just for a simple login form. TIA for answers or links-to-answers, Steve B. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat crashes
Hi, I am using tomcat 6 and the server crashes all of a sudden creating a core dump file. I have no clue why this is happening. Can you please suggest on what all details I need to provide so that some one can help resolve the issue. Thanks Kam
Changing url rewriting behaviour (';jsessionid')
Hi, everybody. First of all: I'm sorry for my poor English. Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 Thanks in advance ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: owned by root
Hassan Schroeder wrote: On Mon, Jun 29, 2009 at 8:55 AM, Melanie Pfefermelanie_pfe...@yahoo.co.uk wrote: Any idea what makes web applications owned by root even though tomcat runs as a non-root user? Uh, they were installed by root? :-) Uh, Uh. What do you mean by web applications owned by root anyway ? do you mean the files under (Tomcat_dir)/webapps/ ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat crashes
kam tak wrote: Hi, I am using tomcat 6 and the server crashes all of a sudden creating a core dump file. I have no clue why this is happening. Can you please suggest on what all details I need to provide so that some one can help resolve the issue. On which platform ? Which precise version of Tomcat ? Where did you get this Tomcat from ? Can you elaborate on all of a sudden ? Is it like 1 minute after it starts, or after a year of working fine ? Do you know where this Tomcat's logfiles are ? If yes, did you consult them to see if maybe there is an interesting message in them, right about when Tomcat crashes ? (shortly before, usually). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
You can use http://tuckey.org/urlrewrite/ to do your rewriting. Lots of people on the list recommend it. On Jun 29, 2009, at 3:16 PM, Daniel Henrique Alves Lima wrote: Hi, everybody. First of all: I'm sorry for my poor English. Is it possible to change url rewriting schema to use a different path separator (instead of ';') or even to use a request parameter (instead of a path append) ? The problem: - I'm using OpenOffice API to convert (on the fly) some html pages from our webapp; - I need to convert resources from protected paths; - OpenOffice don't support cookies so i must use url rewriting, BUT OpenOffice does not seem to like the appended path ';sessionid'. I cannot use a simple servlet filter because Tomcat is doing authentication/authorization (declarative security). Can i implement a Valve to change request path (from a request parameter to ;jsessionid) before authentication/authorization is performed ? Can this Valve change paths inside redirect headers and html bodies ? Is there any other way (simpler) of doing this communication between OpenOffice and Tomcat works ? The thread in ooffice forum: http://www.oooforum.org/forum/viewtopic.phtml?t=85789 Thanks in advance ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How do I support a login form embedded in templates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 6/29/2009 1:58 PM, Steve B. wrote: I understand that Tomcat's FORM authorization setup expects me to secure URL's and then let Tomcat invoke the login form before proceeding to these URL's when requested. However, I have a site for which we are creating a new layout which includes a small login form in the left column. Throughout the site we use roles defined in the web.xml (checked using isUserInRole() ). I see many sites use this layout-embedded login form, so I expect there is some way to set this up in Tomcat. Can someone point me at some info? I am using Struts in case that matters. So, you want to be able to invoke j_security_check without first having requested a protected resource, right? I call this a drive-by login, and, unfortunately, Tomcat does not support this directly. I switched to use securityfilter (http://securityfilter.sourceforge.net) primarily for this reason. Alternatives include using ACEGI (or Spring Security these days) (I think... Ihaven't used it so I don't know if drive-by logins are supported) or writing your own authentication and authorization mechanism. You could even patch Tomcat directly to allow this kind of login, but you run the risk of tying yourself to a particular version 9or even patch level) of Tomcat. That's why I recommend using something like securityfilter. I see many sites use this concept of putting the login form in the template - does this setup require me to abandon Tomcat's authentication/authorization mechanisms? My site has many pages and features which all use the isUserInRole() - I dread having to recode the whole site just for a simple login form. FWIW, I find using isUserInRole to be tedious and possibly insecure (that is, the page developer has to make these kinds of decisions, instead of an application designer at a higher-level). Do you really need to have role checking in your JSPs? Typically, by the time the view is being rendered, permissions are somewhat irrelevant. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpJGpIACgkQ9CaO5/Lv0PCv2QCgsFGy2sc7hIFK3R6dkub2MJIQ qeAAn1TScfQZGla8LkTGP5lzdqJqdcFM =GOhP -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Daniel,
On 6/29/2009 3:16 PM, Daniel Henrique Alves Lima wrote:
Hi, everybody. First of all: I'm sorry for my poor English.
Your English is quite good!
Is it possible to change url rewriting schema to use a different path
separator (instead of ';') or even to use a request parameter (instead
of a path append) ?
Are you trying to change the URLs that are emitted in the HTML your
application generates?
The problem:
- I'm using OpenOffice API to convert (on the fly) some html pages from
our webapp;
- I need to convert resources from protected paths;
- OpenOffice don't support cookies so i must use url rewriting, BUT
OpenOffice does not seem to like the appended path ';sessionid'.
So, you have written a simple client to:
1. Download a page
2. Convert that page
3. Follow links and go back to step #1
??
If yes, then you will have to capture the session id somehow, so you can
send it back to the server when you request additional pages. Without
cookies or the ;jsessionid parameter, how will you know what the session
id is?
I cannot use a simple servlet filter because Tomcat is doing
authentication/authorization (declarative security).
If you are just trying to remove the ;jsessionid=... from the URL,
then the use of authentication is not relevant /after/ the login page is
shown.
Can i implement a Valve to change request path (from a request
parameter to ;jsessionid) before authentication/authorization is
performed ?
I don't think you want to change the /incoming/ request, do you?
Can this Valve change paths inside redirect headers and html
bodies ? Is there any other way (simpler) of doing this communication
between OpenOffice and Tomcat works ?
Okay, so it sounds like you want to either remove or change the way that
the session id is encoded in URLs. This can be done by overriding the
response's encodeURL and encodeRedirectURL methods using a filter:
public class JSessionIdParameterMungingFilter
implements javas.servlet.Filter
{
public void doFilter(ServletRequest req,
ServletResponse rsp,
FilterChain chain)
{
if(shouldWrap(req)
rsp instanceof HttpServletResponse
((HttpServletRequest)req).isRequestedSessionIdFromCookie())
rsp = new ResponseWrapper((HttpServletRequest)req,
(HttpServletResponse)rsp);
chain.doFilter(req, rsp);
}
public boolean shouldWrap(ServletRequest req)
{
// Here is where you decide if you want to turn on this
// jsessionid munging. I have chosen to use a URL parameter
// munge_jsessionid as a trigger
return
true.equalsIgnoreCase(request.getParameter(munge_jsessionid));
}
static class ResponseWrapper
extends javax.servlet.http.HttpServletResponseWrapper
{
private HttpServletRequest _request;
public ResponseWrapper(HttpServletRequest req,
HttpServletResponse rsp)
{
super(rsp);
_request = req;
}
public String encodeURL(String url)
{
if(url.contains(?))
url += jsessionid= + _request.getSessionId();
else
url += ?jsessionid= + _request.getSessionId();
return url;
}
}
}
I haven't even checked to see if this filter compiles, but the concept
is pretty clear: you change the way the jsessionid parameter is encoded
from using a ; to using ? or .
The thread in ooffice forum:
http://www.oooforum.org/forum/viewtopic.phtml?t=85789
The user Villeroy on this thread is correct when he announces his own
ignorance: ';' is a perfectly acceptable parameter delimiter for a URL.
This is a bug in the URL-handling library for OOo. Can you use
HttpURLConnection directly? I do not believe it has this limitation.
Can you post the code you have written using the OOo API? Is there any
particular reason you are using OOo instead of plain-old Java?
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpJIM0ACgkQ9CaO5/Lv0PC+VACfXTVWWcuI+YQghiW2KAbGLxFS
awkAnA9UKdzMWxRLh4kDbIAxyvQvwLgX
=/oIx
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat crashes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Kam, On 6/29/2009 2:39 PM, kam tak wrote: I am using tomcat 6 and the server crashes all of a sudden creating a core dump file. Core dump == JVM crash. This is unlikely to be Tomcat's fault. When the JVM dumps core, it should leave-behind a crash file in plain text explaining what happened. Can you post that file? Have you looked at the core file (using gdb or some other tool) to determine the nature of the crash? I'll bet it's a SIGSEGV (segmentation violation, signal #11) and that you have bad memory, motherboard, or memory. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpJIWQACgkQ9CaO5/Lv0PDWKACfaur/jZMs6biRw1vDSyXP2a/5 yCsAnR0rNehUz0HsAo0TLz1GonZnP17T =6riU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Mon, 2009-06-29 at 16:15 -0400, Christopher Schultz wrote: Hi, Chris ! Are you trying to change the URLs that are emitted in the HTML your application generates? Yes and no. Declarative security will only work if tomcat recognizes jsession id (either coming encoded in requested URL or set in JSESSIONID cookie). Without cookie support, authentication mechanism will be called for every request (one for the html/jsp page and many others for the referenced resources like images, js scripts and etc). If i only change URLs generated by our webapp (for instance from '/index.jsp;jsessionid=ABC' to '/index.jspjsessionid='ABC'), i THINK that ooffice will successfully send requests to Tomcat, but the container will can't infer jsession id and it will redirect to login page. So, you have written a simple client to: 1. Download a page 2. Convert that page 3. Follow links and go back to step #1 OOffice do the work. I just need to call load document :-) ?? If yes, then you will have to capture the session id somehow, so you can send it back to the server when you request additional pages. Without cookies or the ;jsessionid parameter, how will you know what the session id is? It's a feature to convert html reports to pdf: 1. Authenticated user fill a form and click a button; 2. On the server side, we - Capture session id using HttpSession.getId(); - Execute load document (ooffice) using url with encoded jsessionid (for instance, http://localhost:8080/path/generate_report;jsessionid=ABC?a=12b=1 ) - Execute export document to pdf (ooffice); - Close document (oofice); - Change the response content type to pdf and copy bytes from local file to response file. There are some cache mechanisms of course ;-). If you are just trying to remove the ;jsessionid=... from the URL, then the use of authentication is not relevant /after/ the login page is shown. I cannot expect the login page or ooffice will render the login page instead of the report page. I don't think you want to change the /incoming/ request, do you? Yes, i want :-) Take a look at this access log from tomcat: [29/Jun/2009:17:49:02 -0300] /path/index.jsp 200 2E9DE25E06EFEF475619B60647249809 GET /path/index.jsp HTTP/1.0 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 200 - OPTIONS /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 [29/Jun/2009:17:50:31 -0300] /path/index.jsp%3Bjsessionid=ABC 404 - GET /path/index.jsp%3Bjsessionid=ABC HTTP/1.1 The first line is a successfully wget. The other two lines are unsuccessfully ooffice. It seems that ooffice is escaping the requested path :-( I was thinking in a Valve to receive a 'jsessionid=' and change to ';jsessionid=' before the processing of authentication/authorization mechanism. But i don't know if this is possible. I'll have to fix redirect response headers or... Okay, so it sounds like you want to either remove or change the way that the session id is encoded in URLs. This can be done by overriding the response's encodeURL and encodeRedirectURL methods using a filter: This is another part of the job: Generated URLs will use 'jsession' sintax instead of ';jsession' so they can make ooffice happy ;-) The user Villeroy on this thread is correct when he announces his own ignorance: ';' is a perfectly acceptable parameter delimiter for a URL. This is a bug in the URL-handling library for OOo. Can you use HttpURLConnection directly? I do not believe it has this limitation. I need ooffice to convert the reports. Thanks in advance ! -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. I was just wondering if was easier to modify/specialize tomcat behavior than my previous alternatives. On Mon, 2009-06-29 at 19:24 -0300, Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- If there must be trouble, let it be in my day, that my child may have peace. Thomas Paine - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: Yes ! Now imagine my frustration with ooffice escaping a ';' :-( Browser, wget and other applications seems to work ok with URL encoded jsessionid. On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: ... Hi. If I understand what you are trying to do : 1) a client enters your application, authenticates, navigates, and displays a result html page. 2) on this page, is a button that says get this page as PDF 3) the client clicks on that button, and is supposed to receive the same page, but this time as a PDF. 4) At the server side, you want to use OOo to create the PDF version from the html page 5) and OOo is capable, given a URL, to retrieve this page, and then given appropriate commands, to return a PDF version of the page. 6) But OOo has trouble with the jsessionid part of the URL, although it needs it in order to retrieve the page on behalf of the client. Right ? Ok then, let me suggest maybe another architecture, a bit different, but where you might not have that problem. I will just propose the general outline. 7) the PDF button on the page, points to the same URL as the one by which the page was retrieved, plus an additional query parameter. For example : http://the original page URL...?p1=v1p2=v2fmt=PDF. (You could even generate that on-the-fly using some javascript) 8) you create a servlet filter around your webapp. This servlet filter, on the way in, picks up the additional parameter. If it is not there, it does nothing and the request is processed as usual, giving a html result page. If the additional parameter is there, the filter sets a flag (for example, request.setAttribute(x)) 9) the request is processed as normally by your webapp, generating the html response 10) on the way out, the filter intercepts the response. If the flag is not set, it does nothing and lets the html response through. If the flag is set, it does something totally different. 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). This way, OOo never has to deal with a URL, and thus also not with the jsessionid. You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget to retrieve the original page and its embedded content, rewriting the embedded URLs appropriately (it can do that), and then call OOo on the html file. One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima wrote: I've some few alternatives: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 00:52 +0200, André Warnier wrote: Hi, Andre ! 11) the filter captures the html output, and writes it to a local temporary file. Then it calls OOo /on this file/, and asks for a PDF version. Then it picks up the PDF version, and returns this as a response, instead of the original. (and deletes the temporary files). I've used this approach once. But at that time, we only need the html source. Now i need the html source and all the referenced resources (images, csss, jss and another servlets/jsps). You may want to have a look at this : http://code.google.com/p/jodconverter/ (I use that one in another context - not Tomcat - and it works fine) I'll look. Thanks. You may also have a look at htmldoc, as an alternative to OOo to generate PDF from html. M. I'm thinking of a problem : if your pages contains links to embedded objects (like images etc..). Yes, that is the problem. In that case it may be better if your PDF button points to another webapp, passing the original URL as a parameter. This webapp would use wget I could use wget directly from a non protected servlet. But i'll prefer a java crawler (is there any port of wget to Java ?) because other developers use Microsoft Windows :-( One other issue bothers me a bit in all this : surely, you are not going to load OOo for each request, just to process one response page. So you will have to start OOo in server mode, and talk to it through it's UNO interface. But how does it handle multiple concurrent requests ? It doesn't. You have two alternatives: 1. Init just once oo server and serialize the access to it (throw a linked list of task or something like that); 2. Init a pool of oo servers (each one in a different port) and run each task in a different server. We already use oo in another part of our application and it works fine. The ideal, i think, is avoid to perform a lot of transformations online and cache generated files as much as possible. Thanks ! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
On Tue, 2009-06-30 at 01:02 +0200, André Warnier wrote: Daniel Henrique Alves Lima wrote: 1. Use a Java Web Proxy to convert requests and responses between ooffice and Tomcat; Or use a httpd front-end.. Yes. But i don't need this request-response magic all the time. I just need this to make oo happy :-) 2. Use a Java crawler (spider/mirror tool) to make the first request, generate local files and then call oo. This only works if the pages are not specific to the client user who logs in. It would not work if the page is Show my current bonus. But i'll invoke the crawler specifying ';jsessionid='. With this, it will execute as the source client. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
Daniel Henrique Alves Lima email_danie...@yahoo.com.br wrote in message
news:1246314288.10803.6.ca...@magnaopus.no-ip.biz...
Yes !
Now imagine my frustration with ooffice escaping a ';' :-(
Browser, wget and other applications seems to work ok with URL encoded
jsessionid.
The custom valve isn't that complicated (but of course, it ties you to
Tomcat, and may need to be updated when you change from major releases). It
would probably look something like:
public class MySessionValve extends ValveBase {
public void invoke(Request request, Response response)
throws IOException, ServletException {
String sessionID = getSessionId(request);
if(sessionID != null) {
request.setRequestedSessionId(sessionID);
}
getNext().invoke(request, response);
}
private String getSessionId(Request request) {
// Logic to extract the sessionID from the request here
}
}
On all supported versions of Tomcat, this will be invoked before
authentication (or at least if you don't make major changes to the
configuration).
If this was my project, I'd probably take the big one-time pain of creating
a Tag to decide how to encode links (based on user-agent or otherwise) and
change all my pages to use it. Otherwise, a Filter that wraps the response
and overrides getWriter is probably easier than trying to wrap the TC
internal Response.
On Tue, 2009-06-30 at 00:00 +0200, André Warnier wrote:
Daniel Henrique Alves Lima wrote:
...
Hi.
If I understand what you are trying to do :
1) a client enters your application, authenticates, navigates, and
displays a result html page.
2) on this page, is a button that says get this page as PDF
3) the client clicks on that button, and is supposed to receive the same
page, but this time as a PDF.
4) At the server side, you want to use OOo to create the PDF version
from the html page
5) and OOo is capable, given a URL, to retrieve this page, and then
given appropriate commands, to return a PDF version of the page.
6) But OOo has trouble with the jsessionid part of the URL, although
it needs it in order to retrieve the page on behalf of the client.
Right ?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
--
If there must be trouble, let it be in my day,
that my child may have peace.
Thomas Paine
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Changing url rewriting behaviour (';jsessionid')
First of all: Thanks (Christopher, Andre, Bill and everybody) !
The complete solution is compound of 3 parts:
1. The Valve to process jsessionid (just a piece of the source code)
if (!request.isRequestedSessionIdFromCookie()) {
String jsessionid = request.getParameter(jsessionid);
if (jsessionid != null
request.getRequestedSessionId() == null) {
request.setRequestedSessionId(jsessionid);
request.setRequestedSessionURL(true);
}
}
Valve nextValve = getNext();
if (nextValve != null) {
nextValve.invoke(request, response);
}
I've configured this Valve in Tomcat specific webapp deployment
descriptor (context.xml)
2. The Servlet Filter to overwrite URL encoding (just a piece)
HttpServletRequest request = (HttpServletRequest) aRequest;
String jsessionid = request.getParameter(jsessionid);
String sessionId = request.getRequestedSessionId();
if (request.isRequestedSessionIdFromURL() jsessionid != null
jsessionid.equals(sessionId)) {
aResponse = new HttpServletResponseWrapper((HttpServletResponse)
aResponse) {
@Override
public String encodeRedirectURL(String url) {
return this.encodeURLImpl(super.encodeRedirectURL(url));
}
private String encodeURLImpl(String url) {
StringBuilder newURL = new StringBuilder(url);
final String searchString = ;jsessionid=;
int i = newURL.indexOf(searchString);
if (i = 0) {
int j = newURL.indexOf(?, i);
newURL.replace(i, i + 1, ?);
if (j = 0) {
newURL.replace(j, j + 1, );
}
}
return newURL.toString();
}
3. Tag libraries to handle url encoding properly
This was the easy part. We're using the grandpa of all Java web MVC
frameworks: Struts 1.x :-)
So i've just used 'html:' tags and the magic is done !
Now OO is happy and i (really) need to sleep.
Thanks !
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
