Catalina.out
I am using tomcat 7.0.30(os: redhat linux) referring below link for implementing log4j at the container level http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j Using this link i am still not able to rotate the Catalina.out , is it feasible to do that,if yes then can someone please share the steps/guide me on this Thanks, Vicky
Re: Catalina.out
2013/3/4 vicky007aggar...@yahoo.co.in: I am using tomcat 7.0.30(os: redhat linux) referring below link for implementing log4j at the container level http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j Using this link i am still not able to rotate the Catalina.out , is it feasible to do that,if yes then can someone please share the steps/guide me on this http://wiki.apache.org/tomcat/FAQ/Logging#Q10 Thanks, Vicky - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Catalina.out
04.03.2013 12:33, vicky007aggar...@yahoo.co.in: I am using tomcat 7.0.30(os: redhat linux) referring below link for implementing log4j at the container level http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j Using this link i am still not able to rotate the Catalina.out , is it feasible to do that,if yes then can someone please share the steps/guide me on this http://wiki.apache.org/tomcat/FAQ/Logging#Q10 -- Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[OT] list server issues ?
Hi. I don't know if it is the case for everyone, but I seem to be receiving messages from the list in some random order, totally out of timely sequence. Anyone notice the same, or is it just me ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] list server issues ?
On 04/03/2013 13:31, André Warnier wrote: Hi. I don't know if it is the case for everyone, but I seem to be receiving messages from the list in some random order, totally out of timely sequence. Anyone notice the same, or is it just me ? My mail is fine but I have seen one other report on another list of a subscriber not receiving mails. I recommend checking tomcat.markmail.org as a way of checking your inbox against list traffic. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] list server issues ?
04.03.2013 14:31, André Warnier: I don't know if it is the case for everyone, but I seem to be receiving messages from the list in some random order, totally out of timely sequence. Anyone notice the same, or is it just me ? I didn't notice anything like that. You could take a look at the Received-header fields of a mail you consider out of timely sequence. You might get an idea where the delay (if any) has happened. -- Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Built-in WinAuth
On 04/03/2013 20:44, Chris Fors wrote: I've yet to see success with SPNEGO Windows Authentication. I've followed the documentation as close as possible, although it is incomplete. After creating the SpnegoAuthenticator valve in the conf context.xml, should that enable SPNEGO for all web sessions? If not what must be specified in the Web.xml to initiate the SPNEGO process and what is the syntax? A short example would be useful as the documentation is not clear in this area. (Given that there are correctly formed krb5.ini, jaas.conf, and tomcat.keytab files properly formed in the conf directory on the Windows box. Please do not hijack threads. If you want to start a new thread send a new message. Better still - in your case - continue the thread you have already started. For that thread to progress you'll need to respond to - rather than ignore - the point about security constraints. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Built-in WinAuth - NEW THREAD
-Original Message- From: Mark Thomas Sent: Monday, March 04, 2013 8:59 PM To: Tomcat Users List Subject: Re: Tomcat Built-in WinAuth On 04/03/2013 20:44, Chris Fors wrote: I've yet to see success with SPNEGO Windows Authentication. I've followed the documentation as close as possible, although it is incomplete. After creating the SpnegoAuthenticator valve in the conf context.xml, should that enable SPNEGO for all web sessions? If not what must be specified in the Web.xml to initiate the SPNEGO process and what is the syntax? A short example would be useful as the documentation is not clear in this area. (Given that there are correctly formed krb5.ini, jaas.conf, and tomcat.keytab files properly formed in the conf directory on the Windows box. Please do not hijack threads. If you want to start a new thread send a new message. Better still - in your case - continue the thread you have already started. For that thread to progress you'll need to respond to - rather than ignore - the point about security constraints. Mark I apologize for the thread hijcaking I did not observe/read thread IDs in the hidden message header. Could you please expand on what constraints you were referring to and how they are best implemented, where, and in what syntax e.g. if implemented in web.xml what are the correct tags. If implemented in web.xml what are the correct tags. I have not found this clarified anywhere, yet. Thanks, Chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Built-in WinAuth - NEW THREAD
On 04/03/2013 21:47, Chris Fors wrote: Could you please expand on what constraints you were referring to Security constraints in web.xml and how they are best implemented, where, and in what syntax e.g. if implemented in web.xml what are the correct tags. All defined in the Servlet spec. If implemented in web.xml what are the correct tags. I have not found this clarified anywhere, yet. Again, see the servlet spec. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Built-in WinAuth - NEW THREAD
Mark Thomas wrote: On 04/03/2013 21:47, Chris Fors wrote: Could you please expand on what constraints you were referring to Security constraints in web.xml and how they are best implemented, where, and in what syntax e.g. if implemented in web.xml what are the correct tags. All defined in the Servlet spec. If implemented in web.xml what are the correct tags. I have not found this clarified anywhere, yet. Again, see the servlet spec. You will find an example in the manager webapp that comes with Tomcat. Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts like this : security-constraint web-resource-collection web-resource-nameHTML Manager interface (for humans)/web-resource-name url-pattern/html/*/url-pattern /web-resource-collection auth-constraint role-namemanager-gui/role-name /auth-constraint /security-constraint In not-quite-technical terms : The above, present at the level of the webapp, specifies a role which the authenticated user must have, in order to be able to access this part of the webapp. To determine if the user has that role, Tomcat must first know the user. This is what triggers the authentication mechanism. If nothing forces Tomcat to authenticate the user of this webapp, the authentication method may well be specified, but it will not be invoked. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat Built-in WinAuth - NEW THREAD
Date: Mon, 4 Mar 2013 23:32:34 +0100 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: Tomcat Built-in WinAuth - NEW THREAD Mark Thomas wrote: On 04/03/2013 21:47, Chris Fors wrote: Could you please expand on what constraints you were referring to Security constraints in web.xml and how they are best implemented, where, and in what syntax e.g. if implemented in web.xml what are the correct tags. All defined in the Servlet spec. If implemented in web.xml what are the correct tags. I have not found this clarified anywhere, yet. Again, see the servlet spec. You will find an example in the manager webapp that comes with Tomcat. Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts like this : security-constraint web-resource-collection web-resource-nameHTML Manager interface (for humans)/web-resource-name url-pattern/html/*/url-pattern /web-resource-collection auth-constraint role-namemanager-gui/role-name /auth-constraint /security-constraint In not-quite-technical terms : The above, present at the level of the webapp, specifies a role which the authenticated user must have, in order to be able to access this part of the webapp. To determine if the user has that role, Tomcat must first know the user. This is what triggers the authentication mechanism. If nothing forces Tomcat to authenticate the user of this webapp, the authentication method may well be specified, but it will not be invoked. Was hoping to not have to hunt through the complete JSR 315 specification. I will give the constraint model above a shot tomorrow. Thanks, Chris
Re: Tomcat does not accept connections from Safari on iPad vs an SSL connector with JSSE ciphers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Tim, On 3/3/13 4:18 PM, Tim Whittington wrote: On Tue, Feb 19, 2013 at 10:59 AM, Giuseppe Sacco giuse...@eppesuigoccas.homedns.org wrote: [...] I listed all providers here: http://centrum.lixper.it/~giuseppe/ipad-tomcat-list-ciphers-no-bouncycastle.html as you may see, a few of them are TLS_RSA and TLS_DHE: * TLS_RSA_WITH_AES_128_CBC_SHA * TLS_RSA_WITH_AES_256_CBC_SHA * TLS_DHE_DSS_WITH_AES_128_CBC_SHA * TLS_DHE_DSS_WITH_AES_256_CBC_SHA * TLS_DHE_RSA_WITH_AES_128_CBC_SHA * TLS_DHE_RSA_WITH_AES_256_CBC_SHA They are also listed as default ciphers, so -- if I understood what default means -- they should not be enabled explicitly. They overlap with those client ciphers: TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA Is there any possibility that some of those server ciphers are disabled because of the algorithm used in the server certificate? Its signature algorithm is SHA1withDSA. I created it with this command line: keytool -genkeypair -alias tomcat -keystore ~tomcat6/.keystore Yes. If the server keys are DSA, then only cipher suites using DSS/*DSA will be negotiated. In this case, the only DSS cipher suite that your client appears to support is TLS_DHE_DSS_WITH_NULL_SHA, which isn't supported by Java 6 or 7. Good catch. I recently tried to get a DSA key to work *at all* with Apache httpd and I simply could not. I didn't try too hard, honestly, because I didn't really care. My recommendation would be to stick with an RSA key unless you have some specific reason not to use one (and I'd like to hear that reason). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlE1QFIACgkQ9CaO5/Lv0PCdOQCdFA1+Yp3tgWYuzZp39wndEwyF aUkAmgLH2S+B6sH/ilgAJkCSsSTI/2xm =JDLH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Built-in WinAuth - NEW THREAD
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Chris, On 3/4/13 4:54 PM, Chris Fors wrote: Date: Mon, 4 Mar 2013 23:32:34 +0100 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: Tomcat Built-in WinAuth - NEW THREAD Mark Thomas wrote: On 04/03/2013 21:47, Chris Fors wrote: Could you please expand on what constraints you were referring to Security constraints in web.xml and how they are best implemented, where, and in what syntax e.g. if implemented in web.xml what are the correct tags. All defined in the Servlet spec. If implemented in web.xml what are the correct tags. I have not found this clarified anywhere, yet. Again, see the servlet spec. You will find an example in the manager webapp that comes with Tomcat. Look at (tomcat)/webapps/manager/WEB-INF/web.xml, parts like this : security-constraint web-resource-collection web-resource-nameHTML Manager interface (for humans)/web-resource-name url-pattern/html/*/url-pattern /web-resource-collection auth-constraint role-namemanager-gui/role-name /auth-constraint /security-constraint In not-quite-technical terms : The above, present at the level of the webapp, specifies a role which the authenticated user must have, in order to be able to access this part of the webapp. To determine if the user has that role, Tomcat must first know the user. This is what triggers the authentication mechanism. If nothing forces Tomcat to authenticate the user of this webapp, the authentication method may well be specified, but it will not be invoked. Was hoping to not have to hunt through the complete JSR 315 specification. I will give the constraint model above a shot tomorrow. Thanks, Chris Honestly, it's like 3 pages of reading, most of which is tables and examples. Reading the servlet spec (it's not your average spec: mere mortals *can* read and understand it) should be required in order to develop web applications. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlE1QNgACgkQ9CaO5/Lv0PC80ACdF7zjHS4wi+fsY42e1bKsFPCJ kD4An3cF7A2CFc+1su5M/a9tejx6zlIC =QoqH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Context.xml ignored.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Mark, On 3/3/13 1:44 PM, Mark Thomas wrote: The decision was taken, therefore, to link the base file name and context name as previously described. This removed nearly all of the nasty edge cases, made for much simpler code and made the overall process a lot easier to understand. It also makes things IMHO easier for deployers: if you want to change the context path of a webapp, pretty much all you have to do is this: $ mv oldname.war newname.war No messing-around with path attributes, re-rolling WAR files, etc. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG/MacGPG2 v2.0.17 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEAREIAAYFAlE1U4YACgkQ9CaO5/Lv0PAnigCbBHwSK+wvi5ew5vLoI0Lq7jqI tToAnjUN+nrMDKvb5WIH6hhs4Yux1fYG =BFGU -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Catalina.out
Thank u guys On Mar 4, 2013, at 5:27 PM, Markus Schönhaber tomcat-us...@list-post.mks-mail.de wrote: 04.03.2013 12:33, vicky007aggar...@yahoo.co.in: I am using tomcat 7.0.30(os: redhat linux) referring below link for implementing log4j at the container level http://tomcat.apache.org/tomcat-6.0-doc/logging.html#Using_Log4j Using this link i am still not able to rotate the Catalina.out , is it feasible to do that,if yes then can someone please share the steps/guide me on this http://wiki.apache.org/tomcat/FAQ/Logging#Q10 -- Regards mks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
Hi, Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting [sslProtocol=TLSv1.1] in the Connector definition in server.xml but that did not stop TLS 1.0 connections from being accepted. I am not using OpenSSL and instead using JSSE as the TLS provider. Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be able to allow only TLS 1.1 connections with https? Please let me know how to do this. Thanks in advance, Brijesh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Integrating blog into a JSP website
Hi, Is it possible to integrate a blog into my JSP website? Currently I have manually created the directory structure within my war file. My Site : www.investorschoolindia.com Also as a subquestion, how can we deploy latest contents on tomcat within building the war file? Is there a way out? So that whenever I have a new article, I can simply deploy the new article without building the whole application. Tomcat version 6.0.14. Thanks, Sunil.
Re: Integrating blog into a JSP website
Sunil Shevante wrote: Hi, Is it possible to integrate a blog into my JSP website? Currently I have manually created the directory structure within my war file. My Site : www.investorschoolindia.com Also as a subquestion, how can we deploy latest contents on tomcat within building the war file? Is there a way out? So that whenever I have a new article, I can simply deploy the new article without building the whole application. Tomcat version 6.0.14. In very general terms, yes to all questions above. But maybe you want to search Google for examples about building websites with Java servlet containers, or Tomcat in particular. We cannot really help with that kind of questions here. This is a list for people asking technical questions about Tomcat-specific issues, not really about general JSP-based website design. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Integrating blog into a JSP website
Thanks for the quick reply Andre. --- On Tue, 3/5/13, André Warnier a...@ice-sa.com wrote: From: André Warnier a...@ice-sa.com Subject: Re: Integrating blog into a JSP website To: Tomcat Users List users@tomcat.apache.org Date: Tuesday, March 5, 2013, 12:46 PM Sunil Shevante wrote: Hi, Is it possible to integrate a blog into my JSP website? Currently I have manually created the directory structure within my war file. My Site : www.investorschoolindia.com Also as a subquestion, how can we deploy latest contents on tomcat within building the war file? Is there a way out? So that whenever I have a new article, I can simply deploy the new article without building the whole application. Tomcat version 6.0.14. In very general terms, yes to all questions above. But maybe you want to search Google for examples about building websites with Java servlet containers, or Tomcat in particular. We cannot really help with that kind of questions here. This is a list for people asking technical questions about Tomcat-specific issues, not really about general JSP-based website design. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
On 05/03/2013 5:10 PM, Brijesh Deo b...@sonicwall.com wrote: Hi, Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting [sslProtocol=TLSv1.1] in the Connector definition in server.xml but that did not stop TLS 1.0 connections from being accepted. I am not using OpenSSL and instead using JSSE as the TLS provider. Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be able to allow only TLS 1.1 connections with https? Please let me know how to do this. You need java7 for tls1.1 and 1.2 as far as i know.
RE: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ?
-Original Message- From: Igor Cicimov [mailto:icici...@gmail.com] Sent: 05 March 2013 13:22 To: Tomcat Users List Subject: Re: How to allow only TLS 1.1 connections to Tomcat (6.0) server with https ? On 05/03/2013 5:10 PM, Brijesh Deo b...@sonicwall.com wrote: Hi, Is there a way to make TLS 1.1 required for https connection with Tomcat server. I am currently on Tomcat 6.0.32 with JRE 1.7 on Windows 7. I tried setting [sslProtocol=TLSv1.1] in the Connector definition in server.xml but that did not stop TLS 1.0 connections from being accepted. I am not using OpenSSL and instead using JSSE as the TLS provider. Is it possible to do it this way? Or do I need to upgrade to Tomcat 7.0 to be able to allow only TLS 1.1 connections with https? Please let me know how to do this. You need java7 for tls1.1 and 1.2 as far as i know. Thanks for the reply Igor. I already have Java 7. -Brijesh - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org