Class-Path-Manifest Entry

2004-01-26 Thread Reinhard Moosauer
Hello List,

I wonder, if the "Class-Path"-Entry of the Manifest in a 
web-application-ressource is interpreted by Tomcat.

I saw this functionality in BEA WebLogic. I tried in tomcat, but it did not 
work.

Is it implemented at all, or is it planned?
(Using 4.1.29)

Plug-and-play-installation of Webapps could be done with much smaller WARs.
So I would consider it as a nice feature.

Kind regards,

Reinhard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Errorpage for Servlets

2003-12-17 Thread Reinhard Moosauer
Hi,

Jean-Pierre Pelletier submitted this bug (already closed):

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25547
(default errorpage is displayed instead of the one forwarded to)

I am also using the technique he describes. (In Tomcat 4.1)
Seems like this will work no more in Tomcat 5

My question: Is there a portable way to use the same errorpage for servlets 
and JSPs? 

I can think of these solutions:

1. use another attribute instead of "javax.servlet.jsp.jspException" and get 
it back in the errorpage

2. Simply use "exception" as the attribute name.

thanks in advance for some tips,


Reinhard

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Suggestion: Many virtual hosts in Tomcat -> hosts-directory

2003-06-25 Thread Reinhard Moosauer
Hi,

thanks for the quick answer. Please see comments inline

Am Montag, 23. Juni 2003 13:03 schrieb Remy Maucherat:
> Reinhard Moosauer wrote:
> > Hello List,
> >
> > Tomcat has a very nice feature, which allows dropping .xml in the
> > wepapp-directory and automatic deployment of contexts defined therein.
> >
> > I would suggest the same approach for  definitions.
> > For a lot of installations it would _completely_ eliminate the need for
> > changes in server.xml.
> > I don't know, if such a mechanism is planned for tc5.
> > In this case: could we consider a backport of this feature?
> >
> > I would volunteer for an extension to 4.1. But I would like to hear the
> > opinion of the developers.
> >
> > Here is the to-do-list:
> > - add a parameter to the -Tag: virtualHostDir=""
> >   (default: "hosts" for example)
> > - (Alternative: the plugin-way: define a , which does this)
> > - deploy all defined "hostxxx.xml" in the given dir on startup.
> > - optional: add an "auto-deploy" feature like in webapps
> >
> > I don't know yet, how invasive the change would be. I am very grateful
> > for any hints.
> >
> > I would like to contribute the extension, if it is well-integrated and
> > riskless enough for the stable tree. Otherwise: maybe it works at least
> > for me...
> >
> > Please do not hesitate to give any kind of comments!
>
> I'd considered it a lot lately, but decided against it, as it's not as
> hassle free as you make it sound: the biggest problem is configuring the
> DNS, so I don't see what the feature would add.
>

I caught a bit of your consideration, I think, but I missed the conclusion.
Please give me a hint: what do you mean with "configuring the DNS"? 
I know that I need valid DNS-Entries for each virtual hosts, which can't 
obviously be done with Tomcat.
Is there another thing with DNS in Tomcat I do not see?

> With TC 5, you can dynamically add hosts with:
> - JMX (using some agent)
> - the admin webapp, like in TC 4.1.x
>
> I think that's good enough, and the extra complexity doesn't seem to add
> something of real value.
>

Imaginably I can do the setup of a new virtual host on a server with a quite 
simple shellscript. I want to add the possibilty to configure the tomcat 
hosts also in turn.
Patching it in server.xml is not nice. Not only because of the need to restart 
tomcat afterwards. Both are risky tasks when I want to do it unattended.

> I'd vote -0 or -1 on the issue.

If you don't mind I would like to clarify it a litte bit more.
Again, thanks a lot for your comments

Reinhard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Suggestion: Many virtual hosts in Tomcat -> hosts-directory

2003-06-23 Thread Reinhard Moosauer
Hello List,

Tomcat has a very nice feature, which allows dropping .xml in the 
wepapp-directory and automatic deployment of contexts defined therein.

I would suggest the same approach for  definitions.
For a lot of installations it would _completely_ eliminate the need for 
changes in server.xml.
I don't know, if such a mechanism is planned for tc5. 
In this case: could we consider a backport of this feature?

I would volunteer for an extension to 4.1. But I would like to hear the 
opinion of the developers.

Here is the to-do-list:
- add a parameter to the -Tag: virtualHostDir=""
  (default: "hosts" for example)
- (Alternative: the plugin-way: define a , which does this)
- deploy all defined "hostxxx.xml" in the given dir on startup.
- optional: add an "auto-deploy" feature like in webapps

I don't know yet, how invasive the change would be. I am very grateful for any 
hints.

I would like to contribute the extension, if it is well-integrated and 
riskless enough for the stable tree. Otherwise: maybe it works at least for 
me...

Please do not hesitate to give any kind of comments!

regards,

Reinhard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat SSL mutual authentication: Nobody's got a clue?

2003-03-28 Thread Reinhard Moosauer
Hi,

when Internet Explorer prompts you with the list of certificates to send to 
the server, it checks KeyUsage of the certs in you keystore.
If the list is empty, it means you have no usable cert.

How do you generate your certs? If you use openssl, please consult
openssl.txt in the docs. KeyUsage is explained there.
The behavior is dependent of version of ie and windows. 

Certs from a trustcenter are very restricted in respect of usage. A email cert 
may be usable only for email, and nothing more. Same for file encryption 
(EFS), code signature and authentication, ...
Non-Repudiation could be the KeyUsage you need. But don't know
Take care: the KeyUsage of the CA-cert is sometimes also checked. Not talking 
about CRLs.

With a Win2000 CA you have to chose the right profile when requesting the 
cert.

This is definitely the wrong list to get deeper insight with certificates. But 
I am also not sure what the right place would be... 
openssl could be a good idea.

With this program you can generate test certs for any usage:
http://sourceforge.net/projects/myca
(Usable with Linux and cygwin. It's based on openssl)

Sometimes it is useful to test it with another browser. 

hope that helps,

Reinhard

Am Dienstag, 25. März 2003 23:53 schrieb [EMAIL PROTECTED]:
> Thanks, but I have read that documentation many times.
>
> That documentations tells us how to run Tomcat in SSL mode.  And as I
> mentioned in the previous message, I know how to do that.
>
> What I want is mutual authentication, that is,
>
> 1. The Web server authenticates itself by sending its certificate to the
> client.  (This is what the doc talks about)
>
> 2. The client authenticates itself by sending its certificate to the Web
> server.  (This is not mentioned in that documentation, and is what I want
> to do)
>
> "Bill Barker" <[EMAIL PROTECTED]> wrote:
> >http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html
> >
> >- Original Message -
>
> From: <[EMAIL PROTECTED]>
>
> >To: ""Tomcat Developers List"" <[EMAIL PROTECTED]>
> >Sent: Tuesday, March 25, 2003 1:44 PM
> >Subject: Tomcat SSL mutual authentication: Nobody's got a clue?
> >
> >> I want configure Tomcat SSL for mutual authentication.  And I've been
> >
> >exploring this for a while.
> >
> >> If tomcat-users don't know this, tomcat-developers also get no clue?
> >>
> >> __
> >> Try AOL and get 1045 hours FREE for 45 days!
> >> http://free.aol.com/tryaolfree/index.adp?375380
> >>
> >> Get AOL Instant Messenger 5.1 for FREE! Download Now!
> >> http://aim.aol.com/aimnew/Aim/register.adp?promos=380455
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >-
> >To unsubscribe, e-mail: [EMAIL PROTECTED]
> >For additional commands, e-mail: [EMAIL PROTECTED]
>
> __
> Try AOL and get 1045 hours FREE for 45 days!
> http://free.aol.com/tryaolfree/index.adp?375380
>
> Get AOL Instant Messenger 5.1 for FREE! Download Now!
> http://aim.aol.com/aimnew/Aim/register.adp?promos=380455
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: JK2 not working with virtual hosts

2003-03-12 Thread Reinhard Moosauer
Hi,

yes. But where to get a binary for 2.0.2 and apache13? 
(I should have asked earlier this time)

Reinhard


Am Mittwoch, 12. März 2003 20:58 schrieb Mladen Turk:
> > -Original Message-
> > From: Reinhard Moosauer [mailto:[EMAIL PROTECTED]
> >
> > Additional information:
> > Without virtual host I got the request mapped. But no answer
> > but a "segmentation fault .. child .. " in apache's error_log
> >
> > > I tried the binary "mod_jk2-1.3-eapi.so" from
> > >http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk
>
> 2/release/
>
> >v2.0
> >.0/ with apache 1.3 and virtual hosts.
>
> Could you try with 2.0.2. The 2.0.0 and (partially) 2.0.1 versions has
> some problems with the Virtual host,
> so you should use the 2.0.2.
>
> MT.
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: JK2 not working with virtual hosts

2003-03-12 Thread Reinhard Moosauer
Hello,

Am Mittwoch, 12. März 2003 19:56 schrieb Costin Manolache:
> Reinhard Moosauer wrote:
> > Additional information:
> > Without virtual host I got the request mapped. But no answer but
> > a "segmentation fault .. child .. " in apache's error_log
>
> Can you send a stack trace ?
>

see below a ltrace on the apache thread. Don't know how to get a stack trace.

> I'm checking the hosts problem.
>

Now I am using the 2.0.1-binary from jakarta's server. The logs say that 
virtual hosts are decoded now properly.
2.0.0 seems completely broken with virtual hosts.

How to go on?

many, many thanks for your help.

regards,

Reinhard
> Costin
>
> > thanks,
> >
> > Am Mittwoch, 12. März 2003 16:43 schrieb Reinhard Moosauer:
> >> Hello List,
> >>
> >> I tried the binary "mod_jk2-1.3-eapi.so" from
>
> http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0
>
> >>.0/ with apache 1.3 and virtual hosts.
> >>
> >> In short: absolutely no luck.
> >> I read all available docs (which seen quite current) and enabled
> >> debugging in workers2.properties, but I diddn't get the uri-maps right.
> >> He didn't decode the host-part of the uri:-entries.
> >>
> >> Example:
> >> [uri:www.myhost.com/servlet/*]
> >> was decoded to:
> >> uri=/servlet/*
> >> host=www.myhost.com/servlet/*
> >>
> >> Weird! Even when I omit the host-part it doesn't find the map when I
> >> start a request.
> >> I tried several combinations:
> >> [uri:www.myhost.com]
> >> [uri:www.myhost.com:80/servlet/*]
> >> [uri:www.myhost.com:/servlet/*]
> >> [uri:/servlet/*]
> >>
> >> I read the source (from tomcat-4.1.18), and I found that the version
> >> must be different (wrong source line numbers)
> >> But the source seems to be ok. Did I use a broken version?
> >> Where can I find more current binary versions?
> >> Building it seems painful, when I look to the configure script.
> >>
> >> Any hint is greatly appreciated.
> >>
> >> regards,
> >>
> >> Reinhard
> >>
> >> -
> >> To unsubscribe, e-mail: [EMAIL PROTECTED]
> >> For additional commands, e-mail: [EMAIL PROTECTED]
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

# ltrace -f -p 23462
...
...
strlen("GET /jkstatus HTTP/1.1")  = 22
memcpy(0x080f6ea8, "GET /jkstatus HTTP/1.1", 23)  = 0x080f6ea8
strlen("/jkstatus")   = 9
memcpy(0x080f6ed8, "/jkstatus", 10)   = 0x080f6ed8
memcpy(0x080f6ee8, "/jkstatus", 9)= 0x080f6ee8
strlen("HTTP/1.1")= 8
memcpy(0x080f6ef8, "HTTP/1.1", 9) = 0x080f6ef8
sscanf(0x080f6ef8, 0x0807da24, 0xbfffd068, 0xbfffd064, 0xbfffd060) = 2
memset(0x080f6f20, '\000', 400)   = 0x080f6f20
memcpy(0x080f70b0, "Connection: Keep-Alive", 23)  = 0x080f70b0
strchr("Connection: Keep-Alive", ':') = ": Keep-Alive"
memcpy(0x080f70c8, "User-Agent: Mozilla/5.0 (compati"..., 59) = 0x080f70c8
strchr("User-Agent: Mozilla/5.0 (compati"..., ':') = ": Mozilla/5.0 
(compatible; Konqu"...
memcpy(0x080f7108, "Pragma: no-cache", 17)= 0x080f7108
strchr("Pragma: no-cache", ':')   = ": no-cache"
memcpy(0x080f7120, "Cache-control: no-cache", 24) = 0x080f7120
strchr("Cache-control: no-cache", ':')= ": no-cache"
memcpy(0x080f7138, "Accept: text/*, image/jpeg, imag"..., 52) = 0x080f7138
strchr("Accept: text/*, image/jpeg, imag"..., ':') = ": text/*, image/jpeg, 
image/png,"...
memcpy(0x080f7170, "Accept-Encoding: x-gzip, x-defla"..., 60) = 0x080f7170
strchr("Accept-Encoding: x-gzip, x-defla"..., ':') = ": x-gzip, x-deflate, 
gzip, defla"...
memcpy(0x080f71b0, "Accept-Charset: iso-8859-15, utf"..., 50) = 0x080f71b0
strchr("Accept-Charset: iso-8859-15, utf"..., ':') = ": iso-8859-15, 
utf-8;q=0.5, *;q="...
memcpy(0x080f71e8, "Accept-Language: de, en", 24) = 0x080f71e8
strchr("Accept-Language: de, en", ':')= ": de, en"
memcpy(0x080f7200, "Host: m1

Re: JK2 not working with virtual hosts

2003-03-12 Thread Reinhard Moosauer

Additional information:
Without virtual host I got the request mapped. But no answer but
a "segmentation fault .. child .. " in apache's error_log



thanks,


Am Mittwoch, 12. März 2003 16:43 schrieb Reinhard Moosauer:
> Hello List,
>
> I tried the binary "mod_jk2-1.3-eapi.so" from
> http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0
>.0/ with apache 1.3 and virtual hosts.
>
> In short: absolutely no luck.
> I read all available docs (which seen quite current) and enabled debugging
> in workers2.properties, but I diddn't get the uri-maps right.
> He didn't decode the host-part of the uri:-entries.
>
> Example:
> [uri:www.myhost.com/servlet/*]
> was decoded to:
> uri=/servlet/*
> host=www.myhost.com/servlet/*
>
> Weird! Even when I omit the host-part it doesn't find the map when I start
> a request.
> I tried several combinations:
> [uri:www.myhost.com]
> [uri:www.myhost.com:80/servlet/*]
> [uri:www.myhost.com:/servlet/*]
> [uri:/servlet/*]
>
> I read the source (from tomcat-4.1.18), and I found that the version must
> be different (wrong source line numbers)
> But the source seems to be ok. Did I use a broken version?
> Where can I find more current binary versions?
> Building it seems painful, when I look to the configure script.
>
> Any hint is greatly appreciated.
>
> regards,
>
> Reinhard
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



JK2 not working with virtual hosts

2003-03-12 Thread Reinhard Moosauer
Hello List,

I tried the binary "mod_jk2-1.3-eapi.so" from 
http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/release/v2.0.0/
with apache 1.3 and virtual hosts.

In short: absolutely no luck. 
I read all available docs (which seen quite current) and enabled debugging in 
workers2.properties, but I diddn't get the uri-maps right.
He didn't decode the host-part of the uri:-entries.

Example:
[uri:www.myhost.com/servlet/*]
was decoded to:
uri=/servlet/*
host=www.myhost.com/servlet/*

Weird! Even when I omit the host-part it doesn't find the map when I start a 
request.
I tried several combinations:
[uri:www.myhost.com]
[uri:www.myhost.com:80/servlet/*]
[uri:www.myhost.com:/servlet/*]
[uri:/servlet/*]

I read the source (from tomcat-4.1.18), and I found that the version must be 
different (wrong source line numbers)
But the source seems to be ok. Did I use a broken version?
Where can I find more current binary versions?
Building it seems painful, when I look to the configure script.

Any hint is greatly appreciated.

regards,

Reinhard

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Request to Fix Tomcat Standalone 302 redirect Issue

2003-02-16 Thread Reinhard Moosauer
Hi,

at Jan 03, 2003 Matt Parker published a patch in this list:
"[PATCH] forward instead of redirect for welcome files"
which was discussed thourougly with Costin, Remy and others.

I'm not sure about the conclusion of this. But it seemed that 5.0 should 
reintroduce this behavior by option.
Please read that thread. Maybe there are some hints to get further.

(I am also very interested in this changing this, but as long as apache ist an 
option, the priority stays medium...)

Kind regards,

Reinhard

Am Sonntag, 16. Februar 2003 00:41 schrieb neal:
> Has anyone considered fixing the following Tomcat standalone issue:
>
> if a request is made to "www.xyz.com", tomcat auto redirects (per the
> welcome files list) to "www.xyz.com/index.html".  That's a 302 http
> redirect.  Aside from this being a very non-standard approach th handling
> default files within a directory, it is extremely problematic when dealing
> with Search Engines.
>
> Search engines hate 302s and penalize most sites that utilize them,
> particularly as their default page.  Further in the case of Google, a page
> rank is assigned to a url based upon inboind links. If the inboind links
> are all to "www.xyz.com" and that url is just a redirect, you will never
> benefit from the inbound links to your default url and never achieve a nigh
> ranking.
>
> For these reasons this "feature" of tomcat renders the standalone http
> server virtually commercially non-viable.  This is a major concern for any
> commercial site that reaps traffic from search engines, or from inbound
> links.
>
> I setup my site using tomcat standalone because I saw no reason to set it
> up with Apache initially.  But this one single reason is making me
> seriously second guess that choice.  Is this not somehting that can be
> easily fixed in a future version?  And if it can be fixed   I would
> like to beg ... grovel ... anything ... to have this changed.  Otherwise,
> re-setting up with apache is going to cost me a fair amount of $$$ and time
> at this point. :-\
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]