Deliver Mail (bratislava@ups.sk)
An e-mail was sent to you with an attachment. It contains a virus. It was saved on your mail server. Sender was: [EMAIL PROTECTED] Recipient was: [EMAIL PROTECTED] TOIS - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: restarting tomcat
Yes, you need to reload the webapp for changes to be recognised, although for caching reasons, some browsers may not recognise the change to a JSP straightaway. JSP's are compiled on-the-fly and compiled in the work directory as you mentioned. I use the ant build tool for this, I'm not sure what other alternatives are available. This is my understanding from looking at the log files. This is a typical entry when I reload a webapp: 2004-03-30 13:29:08 StandardContext[/gfapp]: Reloading this Context has started 2004-03-30 13:29:08 WebappLoader[/gfapp]: Deploying class repositories to work directory /usr/local/tomcat/work/Standalone/www.thegoldenfreeway.com/gfapp 2004-03-30 13:29:08 WebappLoader[/gfapp]: Deploy class files /WEB-INF/classes to /home/webapps/gfapp/WEB-INF/classes 2004-03-30 13:29:08 WebappLoader[/gfapp]: Reloading checks are enabled for this Context 2004-03-30 13:29:08 StandardWrapper[/gfapp:default]: Loading container servlet default 2004-03-30 13:29:08 StandardWrapper[/gfapp:invoker]: Loading container servlet invoker 2004-03-30 13:29:08 StandardManager[/gfapp]: Seeding random number generator class java.security.SecureRandom 2004-03-30 13:29:08 StandardManager[/gfapp]: Seeding of random number generator has been completed 2004-03-30 13:29:08 StandardContext[/gfapp]: Reloading this Context is completed 2004-03-30 13:30:08 StandardContext[/gfapp]: Reloading this Context has started 2004-03-30 13:30:08 StandardWrapper[/gfapp:jsp]: Waiting for 1 instance(s) to be deallocated 2004-03-30 13:30:09 StandardManager[/gfapp]: Seeding random number generator class java.security.SecureRandom 2004-03-30 13:30:09 StandardManager[/gfapp]: Seeding of random number generator has been completed 2004-03-30 13:30:09 ApplicationDispatcher[/gfapp] Allocate exception for servlet jsp On Wed, 2004-03-31 at 07:06, Rob Ross wrote: I'm not talking about *restarting* Tomcat, I'm talking about *reloading* a web app. You're right, you don't have to shut down the Tomcat server to restart a webapp, you can just reload it, either manually by using the http manager interface, or automatically by setting the reloadable attribute in the config file to true. But for Tomcat to pick up changes to any files in WEB-INF/lib or WEB-INF/classes, the web app to which they belong MUST be reloaded, whether or you do so explicitly or have it done for you automatically. My question was, what about JSP files? and the original poster asked what about servlets? Since servlets must live in WEB-INF, I'm *guessing* you must also reload the web app if you want to pick up those changes to the servlet. But I still don't know what is supposed to happen for JSP files. They must be compiled to a servlet, but they get saved in the work directory, so they could be handled differently, but I'm guessing, unless I hear something definitive, that they too require the web app to be reloaded. Rob -Original Message- From: Duncan Krebs [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:06 PM To: Tomcat Users List Subject: Re: restarting tomcat Rob, I know with using ECLIPSE and Tomcat4x you can run 'catalina jpda start' from a command prompt and be able to walk through your servlet code and make changes, recompile and run the updated .java file without having to restart Tomcat. This is very useful in a development environment. I don't see why this would not carry over to Tomcat5. - Duncan - Original Message - From: Rob Ross [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:55 PM Subject: RE: restarting tomcat -Original Message- From: Duncan Krebs [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 8:51 PM To: Tomcat Users List Subject: Re: restarting tomcat I also know that there are different types of debugging modes that you can run Tomcat it that do not require a restart for a .class file change. - Duncan Actually, according the Servlet 2.4 spec which I am just starting to read, this should not be true. SRV.3.7 Reloading Considerations (page 33) states ... ...any such implementation must ensure that all servlets, and classes that they may use, are loaded in the scope of a single class loader. This requirement is needed to guarantee that the application will behave as expected by the Developer. My understanding of this requirement is that there would be no way to reload a single servlet separately from the other servlets in the same context - a new Classloader would be created to load the new servlet, and all other servlets/classes in that context. But since I just started reading this, maybe I'm not understanding all the subtleties. Rob - To unsubscribe, e-mail:
Réf. : Re: Unable to read Certificate with TOMCAT and APACHE
The Tomcat version is an 5.0.19. We are using then mod_jk module with apache(not mod_jk2), but we defined a JK2 connector under Tomcat like this one. !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Charles Henri CUNIN Bill Barker [EMAIL PROTECTED]Pour : [EMAIL PROTECTED] hire.comcc : Envoyé par : Objet : Re: Unable to read Certificate with TOMCAT and APACHE news [EMAIL PROTECTED] ne.org 31/03/04 09:20 Veuillez répondre à Tomcat Users List This is one of those times that specifying your Tomcat version helps :). There was a problem in earlier versions of TC 5 where the AJP Connector wasn't able to read the cert correctly. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] . Hello, I'm experiencing problems when we try to retrieve our CN in the client certificate. We retrieve the cipher suite and ssl_session with the javax.servlet.request method, and it produces result. But when we retrieve the certificate with javax.servlet.request.X509Certificate, the error message ([ERROR] JkCoyoteHandler - -Certificate convertion failed java.security.cert.CertificateParsingException) appears. Il seems to be in relation with the intruction ExportCertData in ssl.conf of apache. With Apache, we have no problem. It succed in reading the CN for example into the client certificate. Has anyone some ideas about it. Thanks by advance Best regards, Charles Henri CUNIN Charles CUNIN ASSU2000 Company Découvrez notre site sur le http://www.assu2000.fr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Découvrez notre site sur le http://www.assu2000.fr - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat sends every email 3 times
Hi you are right. i configured web.xml to call a servelet or a perl cgi script to send email whenever 404 is encountered. the problem is that i always get three emails for one error any idea? --- Chong Yu Meng [EMAIL PROTECTED] wrote: Hi Cheng, How are you testing this? Do you have a servlet that sends emails whenever you get a 404 ? Or when you get a 404, Tomcat directs the request to a JSP or servlet that sends an email ? I'm pretty sure Tomcat does not have a built-in facility that sends email. Regards. zhicheng wang wrote: Hi if i config tomcat (both 4 AND 5) to send email for error code 404, it always send THREE emails. this is true regardless if i use a servlet of perl cgi any ideas? please let me know if i call the servlet or cgi directly, things are fine. thanks cheng = Best wishes Z C Wang -- There is nothing so absurd but some philosopher has said it. -- Marcus Tullius Cicero ++ | Pascal Chong | | email: [EMAIL PROTECTED] | | | | Please visit my site at : http://cymulacrum.net | | If you're using my documentation, please read the Terms and| | and Conditions at http://cymulacrum.net/terms.html | ++ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Best wishes Z C Wang ___ WIN FREE WORLDWIDE FLIGHTS - nominate a cafe in the Yahoo! Mail Internet Cafe Awards www.yahoo.co.uk/internetcafes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: What is the use of this connector
Correct, and it is commented out in the sample you posted already so is not actually being used. Ta Matt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 07:15 To: Tomcat Users List Subject: Re: What is the use of this connector Bill, So, if the Tomcat doesn't talk to Apache/IIS/etc.. there is no need of this connector? Thank you, Best Regards, Uma Bill Barker [EMAIL PROTECTED] .com To Sent by: news [EMAIL PROTECTED] [EMAIL PROTECTED] rgcc 03/31/2004 12:52 PM Subject Please respond to Re: What is the use of this Tomcat Users connector List [EMAIL PROTECTED] rta.apache.org [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, May I know the exact use of this connector. What happens if I remove this? You'll no longer be able to talk to Apache/IIS/SunOne using mod_jk :). !-- Define a Coyote/JK2 AJP 1.3 Connector on port 8009 -- Connector port=8009 enableLookups=false redirectPort=443 debug=0 protocol=AJP/1.3 / Thank you, Best Regards, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: I can´t compile the jk connector source for apache 2.0.40 in Redhat 9.0
Is there any reason that you are not using the JK2 connector, as it was written for apache 2? -Original Message- From: Salvador Santander Gutierrez [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 08:49 To: Tomcat List Subject: I can´t compile the jk connector source for apache 2.0.40 in Redhat 9.0 I'm trying to compile the source of jk connector 1.2.5 in a RedHat 9.0 with apache 2.0.40 and tomcat 4.1.24. I've installed all required (httpd-devel and all the developing tools) and I do: ./builconf.sh ./configure --with-apxs=/usr/sbin/apxs ./make all goes well but then make gives some errors : '../commons/any_name.lo' no such file What happens? Any idea? Any help will be thankfull. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any opinions expressed in this E-mail may be those of the individual and not necessarily the company. This E-mail and any files transmitted with it are confidential and solely for the use of the intended recipient. If you are not the intended recipient or the person responsible for delivering to the intended recipient, be advised that you have received this E-mail in error and that any use or copying is strictly prohibited. If you have received this E-mail in error please notify the beCogent postmaster at [EMAIL PROTECTED] Unless expressly stated, opinions in this email are those of the individual sender and not beCogent Ltd. You must take full responsibility for virus checking this email and any attachments. Please note that the content of this email or any of its attachments may contain data that falls within the scope of the Data Protection Acts and that you must ensure that any handling or processing of such data by you is fully compliant with the terms and provisions of the Data Protection Act 1984 and 1998. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
an question about jk2 lbfactor
hi all, what's the jk2's properties value lbfactor really mean? I have set up a cluster by apache + jk2 + tomcat5, it has 2 node, I want tomcat1 to process all request and tomcat2 just as an backup. so I set tomcat1's lbfactor=100 and tomcat2's lbfactor=0, but almost all request go to tomcat2. Had I set lb_factor wrong? Thanks for any help. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What's happening to my beans?
Just don't forged to synchronize the access to the singleton mehtods... in standalone application synchronization is not needed, but in server side code it is vital. Singleton is a class that may have zero or one instance only. It is achived with private constructor. Charles Daniel wrote: Thanks, I'll try google first to see what it's all about. Thanks Again, Charles - Original Message - From: Shapira, Yoavmailto:[EMAIL PROTECTED] To: Tomcat Users Listmailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 12:56 PM Subject: RE: What's happening to my beans? Hi, You can google for the exact definition of the singleton design pattern. In this case, you would write a singleton to hold all the beans, one per user, instead of putting them in the session object. Because there will be only one instance of this singleton in the JVM, it will be shared by the non-SSL and SSL hosts. Your JSP pages and servlets would get the user bean from this singleton instead of from the session. If you need specific code we'll be glad to help. Yoav Shapira Millennium Research Informatics -Original Message- From: Charles Daniel [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 1:53 PM To: Tomcat Users List Subject: Re: What's happening to my beans? Thanks Yoav, I've figured as much. From my old C programming days I am well aware of scoping rules. Yet I am still at a loss of how to solve this particular problem. I'm not certain how to using a database would solve the problem and I'm not familiar with singleton. What is it and how can I use it. Thanks Charles - Original Message - From: Shapira, Yoavmailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED] To: Tomcat Users Listmailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 12:41 PM Subject: RE: What's happening to my beans? Hi, I think you can't have the same session for both SSL and non-SSL activity. You get different sessions, each with its own bean, hence the behavior you describe. Can you use a database? A share singleton? Yoav Shapira Millennium Research Informatics -Original Message- From: Charles Daniel [mailto:[EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 1:37 PM To: [EMAIL PROTECTED]mailto:tomcatmailto:[EMAIL PROTECTED]mailto:tomcat- [EMAIL PROTECTED] Subject: What's happening to my beans? My installation is Apache2+Tomcat4+mod_ssl. I am running a http main server along with a https virtual host on an aliased ip address. To track users I created a session bean which holds user info ( e-mail, login status ). Naturally this bean holds vital information as it allows links to the users transactions such as shopping cart transactions. The bean is accessible by both servers (same machine and application directory tree). The SSL enabled virtual host now serves my Login, Registration and Shopping Cart JSP's while the main server serves the non- secure pages. Before I implemented SSL the strategy of using a bean to track users was sound, but now it seems that the bean is not persistant between the main server and virtual host. My guess is that main server and the virtual host have their own version of the bean. Therefore, the bean in my virtual host is out of scope once I navigate back to page controlled by the main server. The result is that the main server is left unaware if the user has logged in or whether or not the user has a shopping cart containing items. Is there a better strategy for communicating information like this between the main server and the virtual host. I am reluctant to try using cookies. I've tried the java.sun.com JSP forum with no success. Maybe you guys can help even if this post is a little off subject for this forum. This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: tomcat-user- [EMAIL PROTECTED]mailto:tomcat-usermailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: tomcat-user- [EMAIL PROTECTED]mailto:[EMAIL PROTECTED]mailto:[EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied,
Of .war and .jar files - and .jsp class files
I am changing from Jrun to Tomcat and I have just one problem remaining. Jrun gave an additional security possibility that I am unable to extend to Tomcat. In Jrun you do not need to place your .jsp files, nor the automatically generated .java files on your production server. I could simply .jar up the automatically generated .class files and place the .jar file in the /WEB-INF/jsp folder on the production server. That way I had 3 big advantages: 1) Nobody could look into my .jsp files. 2) Nobody could look into my .java files for my .jsps 3) Compilation on the production server of the .jsps was already done. - Everything was ready in the single .jar file. Now perhaps I am missing something, so please put me right. And I'm just starting now to use ant and I've never bothered with .war files because I don't distribute my programmes, they're just used on our production server. If I create a .war file for the production server then the .war file contains no compiled .jsps, just the original .jsp files - is that right? There seem to me to be obvious advantages to what I was able to do in Jrun - can I do something similar in Tomcat? In general I get many more security features with Tomcat 4.1, than I did with Jrun 3.1, but this particular possibility seems to me to be a good one. I have tried creating .jar files of the Tomcat's /work directory but without any success. Can anybody enlighten me? Thanks for any help. Regards, Malcolm Warren - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: an question about jk2 lbfactor
Yes. Lower LB factor means more requests go to that server. Greg -Original Message- From: moch [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 10:31 To: tomcat-user Subject: an question about jk2 lbfactor hi all, what's the jk2's properties value lbfactor really mean? I have set up a cluster by apache + jk2 + tomcat5, it has 2 node, I want tomcat1 to process all request and tomcat2 just as an backup. so I set tomcat1's lbfactor=100 and tomcat2's lbfactor=0, but almost all request go to tomcat2. Had I set lb_factor wrong? Thanks for any help. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew CharSet) - encodin g problem
This is my problem also, and sadly it's so since long time I use Tomcat. I've attach a simple little test case .war file to reproduce the problem. There are four HTML forms there, two of them submits to JSP page (GET and POST methods), others go to servlet (same methods). On top of it is a select field allowing to define an encoding for future submits. It acts as following: after choosing it and submitting that select the JSP page is reloaded with that encoding, setting its response.setContentType() and setting session attribute named tHAVW07QUf (for uniqueness, see below). Now, one can submit any form presented below. I've deployed a filter.SetCharacterEncodingFilter (taken from standard Tomcat distribution), with one modification: during every request it reads session attribute tHAVW07QUf and sets requests' encoding accordingly. If that attribute is absent, it reads its init parameter given in web.xml as usually. So, instead of hard-coding character incoding in web.xml, I can set it online. According to filters.RequestDumperFilter (also Tomcat's standard filter) it works. So, let's see what we have here. The result on my machine is that any GET methods produces broken output of the parameter passed as URL-encoded %XX%XX%XX string, actual encoding of which is set by select box on the first page. Any combinations of encoding, submit methods and target actions (JSP or Servlet) give me broken output, except two of them -- utf-8 POST to JSP and utf-8 POST to Servlet. I looked at Tomcat's some source files, namely org.apache.catalina.util.RequestUtil.URLDecode(byte[], String) and org.apache.catalina.util.RequestUtil.parseParameters(java.util.Map, byte[], String), and see how url-encoded request parameters are parsed, but I don't know if it's the right place to see. Ah, and one note. I tried to run Tomcat with -Dfile.encoding=koi8-r option to set default byte[]-String conversion mapping to koi8-r (for example), and even this does not help me much, though it sets the new default. This behaviour was there on 4.x and 5.x versions, seems like nothing is changing. I don't state that I've done all tests correctly, so in any error please fix my mind. The only question is: how one can universally and correctly handle non-ASCII request parameters and get rightly decoded output? [EMAIL PROTECTED] wrote: Hi all , i have a problem with encoding and decoding, from a servlet , running on Tomcat , to Oracle DB. I hope it is the right forum for that , and i appologize if ti is not .. The problem: I am using Oracle 8.1.7 DB , in a Charest ISU 8859-9-8 ( Hebrew ), I use a thin client as the JDBC driver . I have a servlet that all it does is getting and updating one of the table The character set in the servlet is too , ISO 8859-8 . This is done this way: public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding(ISO-8859-8); response.setContentType(Text/html; ISO-8859-8); . } I use the doGet method of a servlet to get parameters to retrieve from Oracle. this is done through the URL, for example : I send the parameters like this : http://localhost:8080/myapp/myapp?name=yair http://localhost:8080/myapp/myapp?name=yairfamily=fine family=fine for name= yair, family = fine There is no problem in getting and inserting English characters. There is a problem when i try to get or to insert Hebrew characters. i get in DB , for both if i write yair in the url in Hebrew , or i write yair in %E9%E9%E9%F8 which is the decimal representation For example , if i insert a string in Hebrew , it looks like this ? ( in SQL +) this is how i get the requests from the url Enumeration paramEnum = request.getParameterNames(); // get request parameters from the url , in param/value pairs String myParam = (String) paramEnum.nextElement(); //get parameter String myValue = request.getParameter(myParam); //get value String myStatment = insert into mytable values('19', '+myValue+') insert to table 19 , myvalue ResultSet rs = stmt.executeQuery(myStatment); does any one have a solution for that ? charset.renametowar.gz Description: GNU Zip compressed data - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Multiple certificates for multiple virtual hosts (1:1)
Hi, I want to have different certificates for different virtual hosts on my tomcat setup (embedded in JBoss). I only have 1 IP address. I want to use the default ports (80 443) for each virtual server. A certificate doesn't say anything about the IP address - only the common name (ie the FQDN). It is perfectly possible to change the IP address of the machine on which the cert is installed, and not have to update the certificate. Just let DNS update round the world. The key thing is to keep the private key that is paired with the public key embedded in the cert (that's been signed by the CA) secured on the same machine. Tomcat: The Definitive Guide, has this to say about multiple server certificates: Suppose you are an ISP with clients, several of whom want to have their own certificate. Typically this would involve using Virtual Hosts (as covered in Chapter 7). Simply add an SSL Factory element to the appropriate client's Connector, giving the keystore file for that specific client. I don't see how virtual hosts are associated directly with certificates. From my reading, certificates are associated with keystore, which are associated with connectors, which are globally shared by one engine. In other words it seems you can have different certs for different *ports*, and you can use any of the virtual host names with any of the ports declared, but you can't have the appropriate cert selected based on the host name. This is a shame, because *that* is what has been certified! So, suppose I have 2 pairs of HTTP connectors each with an SSL factory: Http 80 with SSL 443 (cert common name www.company1.com) Http 8080 with SSL 8443 (cert common name www.company2.com) And I have virtual hosts www.company1.com and www.company2.com It seems to me the certificate I will get presented would depend on the port number entered, and not the virtual host name. Thus there exists potential for a name mismatch between the requested url, and the common name in the certificate - which is a bad thing. https://www.company1.com works and gets the right cert https://www.company1.com:8443 works, but gets a warning because of the mismatched cert Tomcat 5 SSL howto states: In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. Ignoring my assertions about the irrelevance of IP address above, I don't understand how a specific IP address is associated with a specific certificate in server.xml Can someone put me right on this? Or provide a example server.xml of what I want to achieve? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Of .war and .jar files - and .jsp class files
Stick the class files in WEB-INF/classes in the appropriate package hierarchy. Eg. Com.mycompany.myclass in WEB-INF/classes/com/mycompany/myclass.class -Original Message- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 11:03 To: [EMAIL PROTECTED] Subject: Of .war and .jar files - and .jsp class files I am changing from Jrun to Tomcat and I have just one problem remaining. Jrun gave an additional security possibility that I am unable to extend to Tomcat. In Jrun you do not need to place your .jsp files, nor the automatically generated .java files on your production server. I could simply .jar up the automatically generated .class files and place the .jar file in the /WEB-INF/jsp folder on the production server. That way I had 3 big advantages: 1) Nobody could look into my .jsp files. 2) Nobody could look into my .java files for my .jsps 3) Compilation on the production server of the .jsps was already done. - Everything was ready in the single .jar file. Now perhaps I am missing something, so please put me right. And I'm just starting now to use ant and I've never bothered with .war files because I don't distribute my programmes, they're just used on our production server. If I create a .war file for the production server then the .war file contains no compiled .jsps, just the original .jsp files - is that right? There seem to me to be obvious advantages to what I was able to do in Jrun - can I do something similar in Tomcat? In general I get many more security features with Tomcat 4.1, than I did with Jrun 3.1, but this particular possibility seems to me to be a good one. I have tried creating .jar files of the Tomcat's /work directory but without any success. Can anybody enlighten me? Thanks for any help. Regards, Malcolm Warren - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSP problems
Hi, I'm still having the problem I already wrote about, as a result of upgrading a tomcat 4.0.1 installation to 4.1.30. I get a ClassNotFoundException for the generated JSP class. The generated classes are written to the context work directory with the same nameing and structure as the JSPs in the webapp. But the classes are declared in the package org.apache.jsp. Any ideas, how I can make tomcat (jasper?) load the classes that it just generated and then compiled? Thanks, -dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Of .war and .jar files - and .jsp class files
On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote: : Jrun gave an additional security possibility that I am unable to extend to : Tomcat. In Jrun you do not need to place your .jsp files, nor the : automatically generated .java files on your production server. I could : simply .jar up the automatically generated .class files and place the .jar : file in the /WEB-INF/jsp folder on the production server. Tomcat does something similar: - As one poster already mentioned, keep all of your jar files in WEB-INF/lib. - make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml. (I'm out on a limb here, but it sounds as if Jrun automagically loads your JSP jar file and creates the mappings for you.) If the latter sounds like a pain in the rear, there are Ant tasks to do the precompilation for you and generate the web.xml snippet. : If I create a .war file for the production server then the .war file : contains no compiled .jsps, just the original .jsp files - is that right? Not true. The war file contains whatever you put in it. JSPs, images, jars, whatever. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JkMount command for the setup having apache tomcat/5.0.19 not working with jk connector dll
Hi All, I am receiving HTTP Status 404 - /logion.jsp error while trying to send request to apache using jk connector. Jk connector version: 1.2 apache: 1.3.29 tomcat : 5.0.19 I am trying to access a site http://localhost/shoestore/login.jsp kept under the location of webapps folder in tomcat. I have following configuration in httpd.conf file Alias /examples C:\user\3rdparty\jakarta-tomcat-5.0.19\examples JkMount /programload/* testWorker JkMount /examples/servlet/* testWorker JkMount /examples/* testWorker JkMount /shoestore/* testWorker What I suspect is the command JkMount. It seems to work with tomcat 4.1.18 but not 5.0.19. Is there any other command for the above combination I am using. I have confirmed that apache and tomcat are running all fine. thanks and regards barkha - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP problems
On Wed, Mar 31, 2004 at 01:59:56PM +0200, Dennis Thrys?e wrote: : I'm still having the problem I already wrote about, as a result of : upgrading a tomcat 4.0.1 installation to 4.1.30. I missed your first message. If what I say here doesn't help, please refresh me on the problem. : [snip] the classes are declared in the package org.apache.jsp. : : Any ideas, how I can make tomcat (jasper?) load the classes that it just : generated and then compiled? So then, you're precompiling the JSPs? I recall from my 4.x days that precomiling directly into the /work dir had some issues with package naming. I don't have any URLs -- do a web search -- but there are examples for building the JSPs into WEB-INF/classes and having Ant create the servlet mappings (for web.xml) for you. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP problems
QM wrote: : [snip] the classes are declared in the package org.apache.jsp. : : Any ideas, how I can make tomcat (jasper?) load the classes that it just : generated and then compiled? So then, you're precompiling the JSPs? Nope. Just plain old JSP's in a webapp. Jasper generates servlets and compiles them just fine. But it cannot load them. I get java.lang.ClassNotFoundException: org.apache.jsp.index_jsp at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:209) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:131) at org.apache.jasper.JspCompilationContext.load(JspCompilationContext.java:497) at org.apache.jasper.servlet.JspServletWrapper.getServlet(JspServletWrapper.java:150) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:195) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) I don't have any URLs -- do a web search -- but there are examples for building the JSPs into WEB-INF/classes and having Ant create the servlet mappings (for web.xml) for you. I wish that was the problem :) -dennis - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Fwd: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew CharSet) - encodin g problem]
Some fixes to WAR file posted recently. Now POST methods all work fine, but none of GET. Original Message Subject: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew CharSet) - encodin g problem Date: Wed, 31 Mar 2004 14:34:27 +0400 From: Veniamin Fichin [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] References: [EMAIL PROTECTED] This is my problem also, and sadly it's so since long time I use Tomcat. I've attach a simple little test case .war file to reproduce the problem. There are four HTML forms there, two of them submits to JSP page (GET and POST methods), others go to servlet (same methods). On top of it is a select field allowing to define an encoding for future submits. It acts as following: after choosing it and submitting that select the JSP page is reloaded with that encoding, setting its response.setContentType() and setting session attribute named tHAVW07QUf (for uniqueness, see below). Now, one can submit any form presented below. I've deployed a filter.SetCharacterEncodingFilter (taken from standard Tomcat distribution), with one modification: during every request it reads session attribute tHAVW07QUf and sets requests' encoding accordingly. If that attribute is absent, it reads its init parameter given in web.xml as usually. So, instead of hard-coding character incoding in web.xml, I can set it online. According to filters.RequestDumperFilter (also Tomcat's standard filter) it works. So, let's see what we have here. The result on my machine is that any GET methods produces broken output of the parameter passed as URL-encoded %XX%XX%XX string, actual encoding of which is set by select box on the first page. Any combinations of encoding, submit methods and target actions (JSP or Servlet) give me broken output, except two of them -- utf-8 POST to JSP and utf-8 POST to Servlet. I looked at Tomcat's some source files, namely org.apache.catalina.util.RequestUtil.URLDecode(byte[], String) and org.apache.catalina.util.RequestUtil.parseParameters(java.util.Map, byte[], String), and see how url-encoded request parameters are parsed, but I don't know if it's the right place to see. Ah, and one note. I tried to run Tomcat with -Dfile.encoding=koi8-r option to set default byte[]-String conversion mapping to koi8-r (for example), and even this does not help me much, though it sets the new default. This behaviour was there on 4.x and 5.x versions, seems like nothing is changing. I don't state that I've done all tests correctly, so in any error please fix my mind. The only question is: how one can universally and correctly handle non-ASCII request parameters and get rightly decoded output? [EMAIL PROTECTED] wrote: Hi all , i have a problem with encoding and decoding, from a servlet , running on Tomcat , to Oracle DB. I hope it is the right forum for that , and i appologize if ti is not .. The problem: I am using Oracle 8.1.7 DB , in a Charest ISU 8859-9-8 ( Hebrew ), I use a thin client as the JDBC driver . I have a servlet that all it does is getting and updating one of the table The character set in the servlet is too , ISO 8859-8 . This is done this way: public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding(ISO-8859-8); response.setContentType(Text/html; ISO-8859-8); . } I use the doGet method of a servlet to get parameters to retrieve from Oracle. this is done through the URL, for example : I send the parameters like this : http://localhost:8080/myapp/myapp?name=yair http://localhost:8080/myapp/myapp?name=yairfamily=fine family=fine for name= yair, family = fine There is no problem in getting and inserting English characters. There is a problem when i try to get or to insert Hebrew characters. i get in DB , for both if i write yair in the url in Hebrew , or i write yair in %E9%E9%E9%F8 which is the decimal representation For example , if i insert a string in Hebrew , it looks like this ? ( in SQL +) this is how i get the requests from the url Enumeration paramEnum = request.getParameterNames(); // get request parameters from the url , in param/value pairs String myParam = (String) paramEnum.nextElement(); //get parameter String myValue = request.getParameter(myParam); //get value String myStatment = insert into mytable values('19', '+myValue+') insert to table 19 , myvalue ResultSet rs = stmt.executeQuery(myStatment); does any one have a solution for that ? charset.renametowar.gz Description: GNU Zip compressed data - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
symbolic link with a jar file
I want to authorize Tomcat to use symbolic link with a jar file. I'm trying to use this following instruction in the server.xml file : Context path=/voicexmlpageserver docBase=voicexmlpageserver debug=0 Resources className=org.apache.naming.resources.FileDirContext allowLinking=true caseSensitive=true / /Context But in fact it doesn't work. When I look the log files I don't see any error but. I use Tomcat4.1.30, JSDK1.4.2 and Solaris Have you already used this instruction ? Can you help me or give some informations. Thanks. Christophe. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Of .war and .jar files - and .jsp class files
hi to all it mignt help you out a bit for the nobody could look! look at your %Tomcat_home%/conf/web.xml read the instruction you can disable listing there [EMAIL PROTECTED] administrateur http://entre-nous.qc.tc From: Martin Alley [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Subject: RE: Of .war and .jar files - and .jsp class files Date: Wed, 31 Mar 2004 12:44:14 +0100 Stick the class files in WEB-INF/classes in the appropriate package hierarchy. Eg. Com.mycompany.myclass in WEB-INF/classes/com/mycompany/myclass.class -Original Message- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 11:03 To: [EMAIL PROTECTED] Subject: Of .war and .jar files - and .jsp class files I am changing from Jrun to Tomcat and I have just one problem remaining. Jrun gave an additional security possibility that I am unable to extend to Tomcat. In Jrun you do not need to place your .jsp files, nor the automatically generated .java files on your production server. I could simply .jar up the automatically generated .class files and place the .jar file in the /WEB-INF/jsp folder on the production server. That way I had 3 big advantages: 1) Nobody could look into my .jsp files. 2) Nobody could look into my .java files for my .jsps 3) Compilation on the production server of the .jsps was already done. - Everything was ready in the single .jar file. Now perhaps I am missing something, so please put me right. And I'm just starting now to use ant and I've never bothered with .war files because I don't distribute my programmes, they're just used on our production server. If I create a .war file for the production server then the .war file contains no compiled .jsps, just the original .jsp files - is that right? There seem to me to be obvious advantages to what I was able to do in Jrun - can I do something similar in Tomcat? In general I get many more security features with Tomcat 4.1, than I did with Jrun 3.1, but this particular possibility seems to me to be a good one. I have tried creating .jar files of the Tomcat's /work directory but without any success. Can anybody enlighten me? Thanks for any help. Regards, Malcolm Warren - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] _ MSN Messenger : discutez en direct avec vos amis ! http://messenger.fr.msn.ca/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [Fwd: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew Char Set)- encodin g problem]
Thanks Veniamin Fichin, Can you copy paste your code that solves the problem? Regards Yair Fine -Original Message- From: Veniamin Fichin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 2:20 PM To: [EMAIL PROTECTED] Subject: [Fwd: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew CharSet)- encodin g problem] Some fixes to WAR file posted recently. Now POST methods all work fine, but none of GET. Original Message Subject: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew CharSet) - encodin g problem Date: Wed, 31 Mar 2004 14:34:27 +0400 From: Veniamin Fichin [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] References: [EMAIL PROTECTED] This is my problem also, and sadly it's so since long time I use Tomcat. I've attach a simple little test case .war file to reproduce the problem. There are four HTML forms there, two of them submits to JSP page (GET and POST methods), others go to servlet (same methods). On top of it is a select field allowing to define an encoding for future submits. It acts as following: after choosing it and submitting that select the JSP page is reloaded with that encoding, setting its response.setContentType() and setting session attribute named tHAVW07QUf (for uniqueness, see below). Now, one can submit any form presented below. I've deployed a filter.SetCharacterEncodingFilter (taken from standard Tomcat distribution), with one modification: during every request it reads session attribute tHAVW07QUf and sets requests' encoding accordingly. If that attribute is absent, it reads its init parameter given in web.xml as usually. So, instead of hard-coding character incoding in web.xml, I can set it online. According to filters.RequestDumperFilter (also Tomcat's standard filter) it works. So, let's see what we have here. The result on my machine is that any GET methods produces broken output of the parameter passed as URL-encoded %XX%XX%XX string, actual encoding of which is set by select box on the first page. Any combinations of encoding, submit methods and target actions (JSP or Servlet) give me broken output, except two of them -- utf-8 POST to JSP and utf-8 POST to Servlet. I looked at Tomcat's some source files, namely org.apache.catalina.util.RequestUtil.URLDecode(byte[], String) and org.apache.catalina.util.RequestUtil.parseParameters(java.util.Map, byte[], String), and see how url-encoded request parameters are parsed, but I don't know if it's the right place to see. Ah, and one note. I tried to run Tomcat with -Dfile.encoding=koi8-r option to set default byte[]-String conversion mapping to koi8-r (for example), and even this does not help me much, though it sets the new default. This behaviour was there on 4.x and 5.x versions, seems like nothing is changing. I don't state that I've done all tests correctly, so in any error please fix my mind. The only question is: how one can universally and correctly handle non-ASCII request parameters and get rightly decoded output? [EMAIL PROTECTED] wrote: Hi all , i have a problem with encoding and decoding, from a servlet , running on Tomcat , to Oracle DB. I hope it is the right forum for that , and i appologize if ti is not .. The problem: I am using Oracle 8.1.7 DB , in a Charest ISU 8859-9-8 ( Hebrew ), I use a thin client as the JDBC driver . I have a servlet that all it does is getting and updating one of the table The character set in the servlet is too , ISO 8859-8 . This is done this way: public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { request.setCharacterEncoding(ISO-8859-8); response.setContentType(Text/html; ISO-8859-8); . } I use the doGet method of a servlet to get parameters to retrieve from Oracle. this is done through the URL, for example : I send the parameters like this : http://localhost:8080/myapp/myapp?name=yair http://localhost:8080/myapp/myapp?name=yairfamily=fine family=fine for name= yair, family = fine There is no problem in getting and inserting English characters. There is a problem when i try to get or to insert Hebrew characters. i get in DB , for both if i write yair in the url in Hebrew , or i write yair in %E9%E9%E9%F8 which is the decimal representation For example , if i insert a string in Hebrew , it looks like this ? ( in SQL +) this is how i get the requests from the url Enumeration paramEnum = request.getParameterNames(); // get request parameters from the url , in param/value pairs String myParam = (String) paramEnum.nextElement(); //get parameter String myValue = request.getParameter(myParam); //get value String myStatment = insert into mytable values('19', '+myValue+') insert to table 19 , myvalue ResultSet rs = stmt.executeQuery(myStatment); does any one have a solution for that ?
Re: restarting tomcat
Changed items can be re-loaded on the fly because of dynamic classloading. Every JSP instance lives in its own classloader. When a jsp source file is changed, the JSP servlet recognizes the change and recompiles the JSP. Once the JSP is translated to a new .java (and .class file) - the class file is read in as a new class under a new classloader and the old classloader is discarded. Because the of the creation and destruction(well ... the absence of referenceing) of classloaders - you can reload the same class (jsp class name) mulitple times in the life of a single JVM instance. When it comes to servlets - they aren't loaded by an extra classloader. In that case - you need to reload the *entire* webapp which does the above but for all classes/jars in the WEB-INF directory. The dynamic classloading abilities are (one of)the primary reasons why tomcat ignores the CLASSPATH variable on startup. Because once the system classloader loads a class - its there forever - no dynamic reloading allowed! For information on classloaders in tomcat: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/class-loader-howto.html -Tim naryam naryam wrote: Hi, Is it true that each time a java servlet changes the tomcat servlet engine must be restarted. Does it mean that each time we need to recompile, we need also to restart the engine? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the programme finds the session is invalid and sends him to (HTTP Login page) http://172.27.2.44 /IBS/Login.jsp. Now the user still can access my IBS context files using http protocol and 80 port. Now see this IP configuration (172.27.2.44) on port 80 has got a context reference of IBS1 and it still supports IBS context that is on port 443. It seems to me that Tomcat 5 is still internally checking for the contexts somewhere else other than the server.xml file. If we can disable that then it should work fine. Can I know from where the Tomcat is reading the default context? So that I can disable them? or if there is any better solution to this please help me out. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/30/2004 06:58 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, This has moved beyond my experiance. Other than experimenting or diving into the source what I suggest now is to reply to this post and edit the subject line to read: Two service on one Tomcat instance.[Was Re: Configuring Tomcat on different IP's] In the hope that someone with more information will respond. You may try google with a search based on tomcat and two or multiple service. Sorry I ran out of ideas. Doug - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Monday, March 29, 2004 11:50 PM Subject: Re: Configuring Tomcat on different IP's Doug, I fogot to tell you that the first context has only one .jsp file. Here is the content of that index.jsp file % response.sendRedirect(https://172.27.2.246/IBS/Login.jsp;); % Thanks Uma
Re: Of .war and .jar files - and .jsp class files
Thank you very much for your answers, but they haven't quite hit the mark yet. Every .jsp page in Tomcat, as we all know, is compiled in /work/Standalone/localhost/ in an appropriate application folder e.g. _ is the folder in the case of the ROOT application. It's fine by me if this is done when I first access the page in a browser in my test environment. Now when I transfer everything to my production server I would like to eliminate all of the .jsp pages from the application, and all of the .java files, and just send a .jar file containing the .class files in /work/Standalone/localhost/$applicationDir. That way the compilation is already done, and nobody can study my .jsp files. In theory I could just create a directory tree somewhere of org/apache/jsp/ copy all the automatically generated .class files into this directory tree and .jar it all up, and Tomcat should find them either in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it doesn't. Of course I could be missing the point entirely here, and I shouldn't even by thinking about doing these things, but as I say, in Jrun I could send the automatically generated .jsp .class files to the production environment in a nice .jar file and I had more security because noone could read the original .jsp files, although to be honest there aren't any people in my company who would be interested in reading them, but I feel more secure that way. Any more enlightenment on this would be very helpful. On Wed, 31 Mar 2004 06:00:22 -0600, QM [EMAIL PROTECTED] wrote: On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote: : Jrun gave an additional security possibility that I am unable to extend to : Tomcat. In Jrun you do not need to place your .jsp files, nor the : automatically generated .java files on your production server. I could : simply .jar up the automatically generated .class files and place the .jar : file in the /WEB-INF/jsp folder on the production server. Tomcat does something similar: - As one poster already mentioned, keep all of your jar files in WEB-INF/lib. - make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml. (I'm out on a limb here, but it sounds as if Jrun automagically loads your JSP jar file and creates the mappings for you.) If the latter sounds like a pain in the rear, there are Ant tasks to do the precompilation for you and generate the web.xml snippet. : If I create a .war file for the production server then the .war file : contains no compiled .jsps, just the original .jsp files - is that right? Not true. The war file contains whatever you put in it. JSPs, images, jars, whatever. -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Fwd: Re: Servlet on Tomcat + Oracle +ISU 8859-8 (Hebrew Char Set)- encodin g problem]
[EMAIL PROTECTED] wrote: Thanks Veniamin Fichin, Can you copy paste your code that solves the problem? The output encoding of view.jsp page was hard-coded utf-8 value. I changed it to be more flexible by lookling into session attribute which was set previously. Code snipped follows. --- view.jsp: --- % String encoding=(String)session.getAttribute(tHAVW07QUf); if (session!=null) { response.setContentType(text/html; charset=+encoding); } % %@ page pageEncoding=utf-8 info=Test: localized parameters% !-- ... JSP body ... -- --- / view.jsp: --- Session attribute setting you can see in source code. But bear in mind that this fix works with POST method only (at least for me). Regards Yair Fine 2all: have anybody interested in this topic tried that .war? What's the results? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? or the web.xml file present in the conf directory? Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the
What is the the maximum characters that Tomcat can handle in a Se rvlet URL (doGet request) ?
Hi, What is Tomcat's limitation in getting requests through the URL - to use the doGet method I.e if i run a Servlet, and i want to receive the request in the url ,what is the the maximum characters i can get ? Regards Yair Fine
Re: Configuring Tomcat on different IP's
Uma, Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? Yes or the web.xml file present in the conf directory? No. Note that adding anything here will affect all apps on the server. Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? Both will be fine. This technically should not be needed, but to help security I would do it. Note add these after you get the addition to web.xml done and working. Then when you add these to the context, do them one at a time instead of all three at once. Just in case it breaks something. I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Sorry if my writing is confusing sometimes. Feel free to ask for clarification any time. Thank You Doug Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with http://localhost, seems to be a problem with my DNS. 2)It works with http://172.27.2.44 This address (172.27.2.44) is defined in the first service and the host tag has a context as Context path= docBase=/IBS1 debug=0 /Context Look its IBS1. This context has an index.jsp file which just fwd the request to https://172.27.2.246/IBS/Login.jsp This address (172.27.2.246) is defined in the second service and the host tag has a context as Context path= docBase=/IBS debug=0 /Context Look its IBS now. This context has all the files that needs to run under https. 3)Now when the user logs in using https://172.27.2.246/IBS/Login.jsp he goes to https://172.27.2.246/IBS/d1.jsp 4)When the user changes the port to HTTP (in the address bar of the browser) and doesnt change the IP address as http://172.27.2.246 /IBS/d1.jsp, then the user gets cannot find server. This is perfect. 5)When the user changes the port to HTTP and change the IP address (in the address bar of the browser) as http://172.27.2.44/IBS/d1.jsp, as I am internally checking for the session, the programme finds the session is invalid and sends him to (HTTP Login page) http://172.27.2.44 /IBS/Login.jsp. Now the user still can access my IBS context files using http protocol and 80 port. Now see this IP configuration (172.27.2.44) on port 80 has got a context reference of IBS1 and it still supports IBS context that is on port 443. It seems to me that Tomcat 5 is still internally checking for the contexts somewhere else other than the server.xml file. If we can
Re: What is the the maximum characters that Tomcat can handle in a Se rvlet URL (doGet request) ?
As far as I remember 1024 is the limit of URL by RFC. Niki [EMAIL PROTECTED] wrote: Hi, What is Tomcat's limitation in getting requests through the URL - to use the doGet method I.e if i run a Servlet, and i want to receive the request in the url ,what is the the maximum characters i can get ? Regards Yair Fine - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Tomcat on different IP's
Doug, Thanks for the info. I will try these settings and get back to you. Thank you, Best Regards, Uma Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:58 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Doug, Thanks for reply. I am not clear with this line Add this to the web.xml of the app on the https side. Do you mean to add those lines in the web.xml of IBS context(which contain HTTPS files)? Yes or the web.xml file present in the conf directory? No. Note that adding anything here will affect all apps on the server. Add the following elements to your context as well: crossContext=false override=true privileged=false' Should I add them to the IBS context or IBS1 context? Both will be fine. This technically should not be needed, but to help security I would do it. Note add these after you get the addition to web.xml done and working. Then when you add these to the context, do them one at a time instead of all three at once. Just in case it breaks something. I will definitely post all of my configuration files to the mail-list. So that it could be of some help to other developers. Sorry if my writing is confusing sometimes. Feel free to ask for clarification any time. Thank You Doug Parsons Technical Services To parsonstechnical @earthlink.net Tomcat Users List [EMAIL PROTECTED] 03/31/2004 06:24 cc PM Please respond to Tomcat Users List Subject [EMAIL PROTECTED] Re: Configuring Tomcat on different rta.apache.org IP's Uma, Do a ping localhost from the command line. It will only resolve to one name. So don't get concerned that it doesn't work. As long as the IPs work you are fine. Now for the access issue. Did you set up a security constraint in your web.xml file? Add this to the web.xml of the app on the https side. security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you require authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint This is from the link I sent you earlier: http://marc.theaimsgroup.com/?l=tomcat-userm=104951559722619w=2 This will prevent access to the webapp through http and force the client to https. If I understand your problem, it is that the client can get to the webapp from the http IP. Add the following elements to your context as well: crossContext=false override=true privileged=false' As for the connector, I think Bill correct, so yes you can remove it. Let us know how it goes. Doug PS When you get it working, add the word SOLVED to the end of your subject line and post all your config files. Just one way to give back to the list. Thanks - Original Message - From: [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, March 30, 2004 10:52 PM Subject: Re: Configuring Tomcat on different IP's Doug, I am finally getting something to work after doing lot of experiments. Now the issue is 1)It does not work with
Re: What is the the maximum characters that Tomcat can handle in a Se rvlet URL (doGet request) ?
I think that limitation is by HTTP protocol and not directly specified. Practically I seen the GET limit sending about 3000-3500 characters Evgeny Gesin Javadesk --- [EMAIL PROTECTED] wrote: Hi, What is Tomcat's limitation in getting requests through the URL - to use the doGet method I.e if i run a Servlet, and i want to receive the request in the url ,what is the the maximum characters i can get ? Regards Yair Fine __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Multiple certificates for multiple virtual hosts (1:1)
Okay, I see that the address attribute of the connector element can be used to retrict IP/port combinations. As I've only got 1 IP this doesn't really affect me. Either I've misunderstood something fundamental, or the configuration capabilities are not optimal. Any one? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 12:10 To: Tomcat Users List Subject: Multiple certificates for multiple virtual hosts (1:1) Hi, I want to have different certificates for different virtual hosts on my tomcat setup (embedded in JBoss). I only have 1 IP address. I want to use the default ports (80 443) for each virtual server. A certificate doesn't say anything about the IP address - only the common name (ie the FQDN). It is perfectly possible to change the IP address of the machine on which the cert is installed, and not have to update the certificate. Just let DNS update round the world. The key thing is to keep the private key that is paired with the public key embedded in the cert (that's been signed by the CA) secured on the same machine. Tomcat: The Definitive Guide, has this to say about multiple server certificates: Suppose you are an ISP with clients, several of whom want to have their own certificate. Typically this would involve using Virtual Hosts (as covered in Chapter 7). Simply add an SSL Factory element to the appropriate client's Connector, giving the keystore file for that specific client. I don't see how virtual hosts are associated directly with certificates. From my reading, certificates are associated with keystore, which are associated with connectors, which are globally shared by one engine. In other words it seems you can have different certs for different *ports*, and you can use any of the virtual host names with any of the ports declared, but you can't have the appropriate cert selected based on the host name. This is a shame, because *that* is what has been certified! So, suppose I have 2 pairs of HTTP connectors each with an SSL factory: Http 80 with SSL 443 (cert common name www.company1.com) Http 8080 with SSL 8443 (cert common name www.company2.com) And I have virtual hosts www.company1.com and www.company2.com It seems to me the certificate I will get presented would depend on the port number entered, and not the virtual host name. Thus there exists potential for a name mismatch between the requested url, and the common name in the certificate - which is a bad thing. https://www.company1.com works and gets the right cert https://www.company1.com:8443 works, but gets a warning because of the mismatched cert Tomcat 5 SSL howto states: In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. Ignoring my assertions about the irrelevance of IP address above, I don't understand how a specific IP address is associated with a specific certificate in server.xml Can someone put me right on this? Or provide a example server.xml of what I want to achieve? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [OT] is Host part of Request URL?
Hi, Oh my, so many typo/mistakes in my original post, sorry. That's OK. I figured you were confusing request URL and URI anyways. The JavaDoc for HttpServletRequest has decent definitions/examples. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple certificates for multiple virtual hosts (1:1)
Martin, You missed something fundamental. See the following document for a brief description of the problem. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html For a more detailed description see: http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html Short answer you can't. I have an idea about a work around using non-standard ports: Short version- No connectors on 443. Redirect or link from http page to https nonstandard port. Has anyone tried this or have it working Doug www.parsonstechnical.com - Original Message - From: Martin Alley [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:39 AM Subject: RE: Multiple certificates for multiple virtual hosts (1:1) Okay, I see that the address attribute of the connector element can be used to retrict IP/port combinations. As I've only got 1 IP this doesn't really affect me. Either I've misunderstood something fundamental, or the configuration capabilities are not optimal. Any one? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 12:10 To: Tomcat Users List Subject: Multiple certificates for multiple virtual hosts (1:1) Hi, I want to have different certificates for different virtual hosts on my tomcat setup (embedded in JBoss). I only have 1 IP address. I want to use the default ports (80 443) for each virtual server. A certificate doesn't say anything about the IP address - only the common name (ie the FQDN). It is perfectly possible to change the IP address of the machine on which the cert is installed, and not have to update the certificate. Just let DNS update round the world. The key thing is to keep the private key that is paired with the public key embedded in the cert (that's been signed by the CA) secured on the same machine. Tomcat: The Definitive Guide, has this to say about multiple server certificates: Suppose you are an ISP with clients, several of whom want to have their own certificate. Typically this would involve using Virtual Hosts (as covered in Chapter 7). Simply add an SSL Factory element to the appropriate client's Connector, giving the keystore file for that specific client. I don't see how virtual hosts are associated directly with certificates. From my reading, certificates are associated with keystore, which are associated with connectors, which are globally shared by one engine. In other words it seems you can have different certs for different *ports*, and you can use any of the virtual host names with any of the ports declared, but you can't have the appropriate cert selected based on the host name. This is a shame, because *that* is what has been certified! So, suppose I have 2 pairs of HTTP connectors each with an SSL factory: Http 80 with SSL 443 (cert common name www.company1.com) Http 8080 with SSL 8443 (cert common name www.company2.com) And I have virtual hosts www.company1.com and www.company2.com It seems to me the certificate I will get presented would depend on the port number entered, and not the virtual host name. Thus there exists potential for a name mismatch between the requested url, and the common name in the certificate - which is a bad thing. https://www.company1.com works and gets the right cert https://www.company1.com:8443 works, but gets a warning because of the mismatched cert Tomcat 5 SSL howto states: In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. Ignoring my assertions about the irrelevance of IP address above, I don't understand how a specific IP address is associated with a specific certificate in server.xml Can someone put me right on this? Or provide a example server.xml of what I want to achieve? Thanks Martin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Change default Context
Hi, The default context is just the one whose path is (the empty string). It's not the one whose path is /IBS1 or anything except . What you're asking for is not to change the default context, but to do a redirect from the context whose path is to the one whose path is /IBS1. This distinction is important. You can accomplish this behavior in several ways, including: - A simple index.html file in the ROOT context that does a meta-refresh to /IBS1 - A filter in the ROOT context that does a response.sendRedirect to /IBS1. Yoav Shapira Millennium Research Informatics -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:12 AM To: [EMAIL PROTECTED] Subject: Change default Context Hi, I need to change the default context that is used by Tomcat 5 from ROOT to IBS1. i.e when I type http://localhost it should go to http://localhost/IBS1. Any ideas where to modify this? Thank you, Best Regards, Uma - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: context mapping problem after upgrade from 4.1.29 to 4.1.30
Hi, 2004-03-30 11:52:59 StandardHost[localhost]: Mapping request URI '/fileupload/fileUpload.html' 2004-03-30 11:52:59 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 11:52:59 StandardHost[localhost]: Mapped to context '/fileupload' OK. 2004-03-30 13:41:22 StandardHost[localhost]: Mapping request URI '' 2004-03-30 13:41:22 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 13:41:22 StandardHost[localhost]: Mapped to context '' OK. Both of these are correct. If you have a log that shows a request for '/fileupload/fileUpload.html' mapped to context '' then post it ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Of .war and .jar files - and .jsp class files
Hi, You can precompile your JSPs and include the class files in the WAR. In addition, no one can see the compiled .java files for your JSPs anyways because they're in tomcat's work directory, not in a web-accessible location. Yoav Shapira Millennium Research Informatics -Original Message- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 7:55 AM To: Tomcat Users List Subject: Re: Of .war and .jar files - and .jsp class files Thank you very much for your answers, but they haven't quite hit the mark yet. Every .jsp page in Tomcat, as we all know, is compiled in /work/Standalone/localhost/ in an appropriate application folder e.g. _ is the folder in the case of the ROOT application. It's fine by me if this is done when I first access the page in a browser in my test environment. Now when I transfer everything to my production server I would like to eliminate all of the .jsp pages from the application, and all of the .java files, and just send a .jar file containing the .class files in /work/Standalone/localhost/$applicationDir. That way the compilation is already done, and nobody can study my .jsp files. In theory I could just create a directory tree somewhere of org/apache/jsp/ copy all the automatically generated .class files into this directory tree and .jar it all up, and Tomcat should find them either in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it doesn't. Of course I could be missing the point entirely here, and I shouldn't even by thinking about doing these things, but as I say, in Jrun I could send the automatically generated .jsp .class files to the production environment in a nice .jar file and I had more security because noone could read the original .jsp files, although to be honest there aren't any people in my company who would be interested in reading them, but I feel more secure that way. Any more enlightenment on this would be very helpful. On Wed, 31 Mar 2004 06:00:22 -0600, QM [EMAIL PROTECTED] wrote: On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote: : Jrun gave an additional security possibility that I am unable to extend to : Tomcat. In Jrun you do not need to place your .jsp files, nor the : automatically generated .java files on your production server. I could : simply .jar up the automatically generated .class files and place the .jar : file in the /WEB-INF/jsp folder on the production server. Tomcat does something similar: - As one poster already mentioned, keep all of your jar files in WEB-INF/lib. - make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml. (I'm out on a limb here, but it sounds as if Jrun automagically loads your JSP jar file and creates the mappings for you.) If the latter sounds like a pain in the rear, there are Ant tasks to do the precompilation for you and generate the web.xml snippet. : If I create a .war file for the production server then the .war file : contains no compiled .jsps, just the original .jsp files - is that right? Not true. The war file contains whatever you put in it. JSPs, images, jars, whatever. -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat sends every email 3 times
Hi, you are right. i configured web.xml to call a servelet or a perl cgi script to send email whenever 404 is encountered. the problem is that i always get three emails for one error any idea? Check your servlet and your script obviously ;) No one can help with the little information you've provided above... Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Of .war and .jar files - and .jsp class files
I think, he means that he can redistribute his application wihtout giving the person who will install the application on it's server the access to jps code. Obviously no one can access jsp code via web server. Niki Shapira, Yoav wrote: Hi, You can precompile your JSPs and include the class files in the WAR. In addition, no one can see the compiled .java files for your JSPs anyways because they're in tomcat's work directory, not in a web-accessible location. Yoav Shapira Millennium Research Informatics -Original Message- From: Malcolm Warren [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 7:55 AM To: Tomcat Users List Subject: Re: Of .war and .jar files - and .jsp class files Thank you very much for your answers, but they haven't quite hit the mark yet. Every .jsp page in Tomcat, as we all know, is compiled in /work/Standalone/localhost/ in an appropriate application folder e.g. _ is the folder in the case of the ROOT application. It's fine by me if this is done when I first access the page in a browser in my test environment. Now when I transfer everything to my production server I would like to eliminate all of the .jsp pages from the application, and all of the .java files, and just send a .jar file containing the .class files in /work/Standalone/localhost/$applicationDir. That way the compilation is already done, and nobody can study my .jsp files. In theory I could just create a directory tree somewhere of org/apache/jsp/ copy all the automatically generated .class files into this directory tree and .jar it all up, and Tomcat should find them either in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it doesn't. Of course I could be missing the point entirely here, and I shouldn't even by thinking about doing these things, but as I say, in Jrun I could send the automatically generated .jsp .class files to the production environment in a nice .jar file and I had more security because noone could read the original .jsp files, although to be honest there aren't any people in my company who would be interested in reading them, but I feel more secure that way. Any more enlightenment on this would be very helpful. On Wed, 31 Mar 2004 06:00:22 -0600, QM [EMAIL PROTECTED] wrote: On Wed, Mar 31, 2004 at 12:02:40PM +0200, Malcolm Warren wrote: : Jrun gave an additional security possibility that I am unable to extend to : Tomcat. In Jrun you do not need to place your .jsp files, nor the : automatically generated .java files on your production server. I could : simply .jar up the automatically generated .class files and place the .jar : file in the /WEB-INF/jsp folder on the production server. Tomcat does something similar: - As one poster already mentioned, keep all of your jar files in WEB-INF/lib. - make sure the JSPs are mapped to servlet paths in WEB-INF/web.xml. (I'm out on a limb here, but it sounds as if Jrun automagically loads your JSP jar file and creates the mappings for you.) If the latter sounds like a pain in the rear, there are Ant tasks to do the precompilation for you and generate the web.xml snippet. : If I create a .war file for the production server then the .war file : contains no compiled .jsps, just the original .jsp files - is that right? Not true. The war file contains whatever you put in it. JSPs, images, jars, whatever. -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Multiple certificates for multiple virtual hosts (1:1)
Hi Doug, I guess my point is that given there may be multiple certificates installed on a web server, and given that certificates authenticate Distinguished Name there should be an effective way to make sure the correct certificate is sent to the user. The certificate isn't just for viewing on the client when there is a name mismatch, or out of date of whatever - it can be used by SSL 3 supported RSA key exchange. Why should the user get the wrong certificate when the correct one is available??? I understand about SSL fitting between TCP/IP and HTTP in the protocol stack. I would expect the host name to transition as part of the SSL session initiation - given that the certificate authenticates the *name* and not the IP address!! It looks like this has already been considered by the gurus (not surprisingly :-) http://ietf.org/internet-drafts/draft-ietf-tls-emailaddr-00.txt I shall do a bit more research... Cheers Martin -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 14:55 To: Tomcat Users List Subject: Re: Multiple certificates for multiple virtual hosts (1:1) Martin, You missed something fundamental. See the following document for a brief description of the problem. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html For a more detailed description see: http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html Short answer you can't. I have an idea about a work around using non-standard ports: Short version- No connectors on 443. Redirect or link from http page to https nonstandard port. Has anyone tried this or have it working Doug www.parsonstechnical.com - Original Message - From: Martin Alley [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:39 AM Subject: RE: Multiple certificates for multiple virtual hosts (1:1) Okay, I see that the address attribute of the connector element can be used to retrict IP/port combinations. As I've only got 1 IP this doesn't really affect me. Either I've misunderstood something fundamental, or the configuration capabilities are not optimal. Any one? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 12:10 To: Tomcat Users List Subject: Multiple certificates for multiple virtual hosts (1:1) Hi, I want to have different certificates for different virtual hosts on my tomcat setup (embedded in JBoss). I only have 1 IP address. I want to use the default ports (80 443) for each virtual server. A certificate doesn't say anything about the IP address - only the common name (ie the FQDN). It is perfectly possible to change the IP address of the machine on which the cert is installed, and not have to update the certificate. Just let DNS update round the world. The key thing is to keep the private key that is paired with the public key embedded in the cert (that's been signed by the CA) secured on the same machine. Tomcat: The Definitive Guide, has this to say about multiple server certificates: Suppose you are an ISP with clients, several of whom want to have their own certificate. Typically this would involve using Virtual Hosts (as covered in Chapter 7). Simply add an SSL Factory element to the appropriate client's Connector, giving the keystore file for that specific client. I don't see how virtual hosts are associated directly with certificates. From my reading, certificates are associated with keystore, which are associated with connectors, which are globally shared by one engine. In other words it seems you can have different certs for different *ports*, and you can use any of the virtual host names with any of the ports declared, but you can't have the appropriate cert selected based on the host name. This is a shame, because *that* is what has been certified! So, suppose I have 2 pairs of HTTP connectors each with an SSL factory: Http 80 with SSL 443 (cert common name www.company1.com) Http 8080 with SSL 8443 (cert common name www.company2.com) And I have virtual hosts www.company1.com and www.company2.com It seems to me the certificate I will get presented would depend on the port number entered, and not the virtual host name. Thus there exists potential for a name mismatch between the requested url, and the common name in the certificate - which is a bad thing. https://www.company1.com works and gets the right cert https://www.company1.com:8443 works, but gets a warning because of the mismatched cert Tomcat 5 SSL howto states: In order to implement SSL, a web server must have an associated Certificate for each external interface (IP address) that accepts secure connections. Ignoring my assertions about the irrelevance of IP address above, I don't understand how a specific IP address is associated with a specific certificate in server.xml Can someone put me right on this? Or provide a example
Tomcat Upgrade
I am looking to upgrade from Tomcat 4.0.3 to Tomcat version 4.1.30. Is there any easy way to upgrade or do I have to install the software and reconfigure the server.xml, web.xml,ssl and copy things from the old version to new. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Cross context
i believe crossContext marks that specific web application as being able to initiate a cross-context request, not as the recipient of a cross-context request. so try marking the other web-application that you are calling out from as crossContext=true -a [EMAIL PROTECTED] wrote: Hey gang, I'm trying to access one web appl from another. I added crosscontext in the server.xml file Host Context docBase=/servlets-examples path=/servlets-examples crossContext=true reloadable=true/Context /Host And in java, ServletContext sc = filterConfig.getServletContext().getContext (/servlets-examples); System.out.println(sc.getServletContextName()); This is giving null pointer exception. I'm held up on this for few hours. I would appreciate if anyone could solve this. Thanks, Madhan Lakshmanan(Maddy) Park Seed Inc 864-941-4232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: an question about jk2 lbfactor
Hi, I don't think that is correct. From the mod_jk documentation : Using the worker's load-balancing factor, perform weighed-round-robin load balancing where high lbfactor means stronger machine (that is going to handle more requests) I would assume that mod_jk2 retains the same semantics as mod_jk. If all the requests are going to a single machine, i would check to make sure that your tomcatId in your workers2.properties matches the jvmRoute of the engine that you're trying to connect to. hth, -a [EMAIL PROTECTED] wrote: Yes. Lower LB factor means more requests go to that server. Greg -Original Message- From: moch [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 10:31 To: tomcat-user Subject: an question about jk2 lbfactor hi all, what's the jk2's properties value lbfactor really mean? I have set up a cluster by apache + jk2 + tomcat5, it has 2 node, I want tomcat1 to process all request and tomcat2 just as an backup. so I set tomcat1's lbfactor=100 and tomcat2's lbfactor=0, but almost all request go to tomcat2. Had I set lb_factor wrong? Thanks for any help. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Upgrade
Hi, I am looking to upgrade from Tomcat 4.0.3 to Tomcat version 4.1.30. Is there any easy way to upgrade or do I have to install the software and reconfigure the server.xml, web.xml,ssl and copy things from the old version to new. There's no easy way. You have to do a new install, setup server.xml as you like, and deploy your application again. I put easy way in quotation marks because if your webapp is strictly designed according to the servlet specification, any migration is easy. The more you rely on server-specific configuration and features, the harder you make your own work. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JK2 and iPlanet/Netscape/SunONE?
We're using the jk1.2 redirector for the Netscape Enterprise Servers, and would like to upgrade to jk2. Is anyone using jk2 with an NSAPI interface? It doesn't look supported in either the jk2 docs or The source, but I want to make sure I'm not missing something. Benjamin J. Armintor Systems Analyst ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with Cross context
Hi, Someone else already corrected your understanding of the crossContext attribute, so I won't repeat that. I just wanted to point out that I doubt you mean what you say here: Context docBase=/servlets-examples path=/servlets-examples Is your docBase really /servlets-examples (the absolute path), or is it servlets-examples (relative to the host's appBase directory, webapps by default)? If you're not sure, you probably want the latter. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: an question about jk2 lbfactor
Sorry You are quite right, more eloquently explained here: http://marc.theaimsgroup.com/?l=tomcat-userm=106862366704663w=2 Greg -Original Message- From: Aadi Deshpande [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 15:54 To: Tomcat Users List Subject: Re: an question about jk2 lbfactor Hi, I don't think that is correct. From the mod_jk documentation : Using the worker's load-balancing factor, perform weighed-round-robin load balancing where high lbfactor means stronger machine (that is going to handle more requests) I would assume that mod_jk2 retains the same semantics as mod_jk. If all the requests are going to a single machine, i would check to make sure that your tomcatId in your workers2.properties matches the jvmRoute of the engine that you're trying to connect to. hth, -a [EMAIL PROTECTED] wrote: Yes. Lower LB factor means more requests go to that server. Greg -Original Message- From: moch [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 10:31 To: tomcat-user Subject: an question about jk2 lbfactor hi all, what's the jk2's properties value lbfactor really mean? I have set up a cluster by apache + jk2 + tomcat5, it has 2 node, I want tomcat1 to process all request and tomcat2 just as an backup. so I set tomcat1's lbfactor=100 and tomcat2's lbfactor=0, but almost all request go to tomcat2. Had I set lb_factor wrong? Thanks for any help. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Of .war and .jar files - and .jsp class files
On Wed, Mar 31, 2004 at 02:55:16PM +0200, Malcolm Warren wrote: : Now when I transfer everything to my production server I would like to : eliminate all of the .jsp pages from the application, and all of the .java : files, and just send a .jar file containing the .class files in : /work/Standalone/localhost/$applicationDir. You can do this. Sort of. That's what precompilation is all about. Please bear with me: - JSPs get compiled down to servlets, either by you (precompiling) or by the container (at runtime). - when the container compiles a JSP for you, it takes care of mapping the servlet to the context-relative URI that matches the JSP. So /x/y.jsp is mapped, behind the scenes, to some.package.x.y_jsp.class. To precompile the JSPs means you must tell Tomcat yourself which classes map to given URIs. Hence the autogenerated file full of servlet and servlet-mapping entries I described in my last message. - When you precompile, you have can even put the classes into a jar file, but that jar file must be in {dist}/WEB-INF/lib. That's the only way Tomcat's classloader will find the jar. - With the JSPs compiled down to code, and properly mapped in web.xml, you can remove the JSPs from your app. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/printer/jasper-howto.html#Web%20Application%20Compilation for more details on the precompilation process (assuming TC5). It mentions the generated web.xml fragment of which I spoke. : That way the compilation is already done, and nobody can study my .jsp : files. In theory I could just create a directory tree somewhere of : org/apache/jsp/ copy all the automatically generated .class files into : this directory tree and .jar it all up, and Tomcat should find them either : in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it : doesn't. Close, except that the jar of JSPs must exist in {dist}/WEB-INF/lib. Tomcat won't load a jar from the context dir itself, aka .//localhost/$applicationDir. Just not how Tomcat works. ;) -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Cross context
I have the same problem. I have both of the contexts marked as crossContext. I get a non-null context object, but a forward never finds the destination page. Tomcat 4.1.18 on W2KPro --- Aadi Deshpande [EMAIL PROTECTED] wrote: i believe crossContext marks that specific web application as being able to initiate a cross-context request, not as the recipient of a cross-context request. so try marking the other web-application that you are calling out from as crossContext=true -a [EMAIL PROTECTED] wrote: Hey gang, I'm trying to access one web appl from another. I added crosscontext in the server.xml file Host Context docBase=/servlets-examples path=/servlets-examples crossContext=true reloadable=true/Context /Host And in java, ServletContext sc = filterConfig.getServletContext().getContext (/servlets-examples); System.out.println(sc.getServletContextName()); This is giving null pointer exception. I'm held up on this for few hours. I would appreciate if anyone could solve this. Thanks, Madhan Lakshmanan(Maddy) Park Seed Inc 864-941-4232 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Norris Shelton Software Engineer Sun Certified Java 1.1 Programmer Appriss, Inc. ICQ# 26487421 AIM NorrisEShelton YIM norrisshelton __ Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. http://taxes.yahoo.com/filing.html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Of .war and .jar files - and .jsp class files
Ok, thanks. That looks like what I'm looking for. Sorry I didn't catch on after your first missive. On Wed, 31 Mar 2004 09:50:41 -0600, QM [EMAIL PROTECTED] wrote: On Wed, Mar 31, 2004 at 02:55:16PM +0200, Malcolm Warren wrote: : Now when I transfer everything to my production server I would like to : eliminate all of the .jsp pages from the application, and all of the .java : files, and just send a .jar file containing the .class files in : /work/Standalone/localhost/$applicationDir. You can do this. Sort of. That's what precompilation is all about. Please bear with me: - JSPs get compiled down to servlets, either by you (precompiling) or by the container (at runtime). - when the container compiles a JSP for you, it takes care of mapping the servlet to the context-relative URI that matches the JSP. So /x/y.jsp is mapped, behind the scenes, to some.package.x.y_jsp.class. To precompile the JSPs means you must tell Tomcat yourself which classes map to given URIs. Hence the autogenerated file full of servlet and servlet-mapping entries I described in my last message. - When you precompile, you have can even put the classes into a jar file, but that jar file must be in {dist}/WEB-INF/lib. That's the only way Tomcat's classloader will find the jar. - With the JSPs compiled down to code, and properly mapped in web.xml, you can remove the JSPs from your app. See http://jakarta.apache.org/tomcat/tomcat-5.0-doc/printer/jasper-howto.html#Web%20Application%20Compilation for more details on the precompilation process (assuming TC5). It mentions the generated web.xml fragment of which I spoke. : That way the compilation is already done, and nobody can study my .jsp : files. In theory I could just create a directory tree somewhere of : org/apache/jsp/ copy all the automatically generated .class files into : this directory tree and .jar it all up, and Tomcat should find them either : in /WEB-INF/lib or in /work/Standalone/localhost/$applicationDir, but it : doesn't. Close, except that the jar of JSPs must exist in {dist}/WEB-INF/lib. Tomcat won't load a jar from the context dir itself, aka .//localhost/$applicationDir. Just not how Tomcat works. ;) -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Compile jk2 2.0.4 connector on Tru64
You are right, it worked... almost :-) I get this error : libtool: install: warning: remember to run `libtool --finish /usr/local/apache2/modules' /sbin/cp ../../../build/jk2/apache2//usr/local/apache2/modules/mod_jk2.so ../../../build/jk2/apache2/mod_jk2.so cp: ../../../build/jk2/apache2//usr/local/apache2/modules/mod_jk2.so: No such file or directory make[1]: *** [../../../build/jk2/apache2/mod_jk2.so] Error 1 make[1]: Leaving directory `/usr/local/src/jakarta-tomcat-connectors-jk2-2.0.4-src/jk/native2/server/apache2' make: *** [jk2-build] Error 1 # find ../.. -name *.so -print ../../jk/build/jk2/apache2/usr/local/apache2/modules/libmod_jk2.so ../../jk/build/jk2/apache2/.libs/libmod_jk2.so Anyway, I used the resulting libmod_jk2.so with my Apache server and it worked without problems Best regards, E. Robles Nikola Milutinovic wrote: Eulogio Robles wrote: I'm trying to compile a JK2 connector on Tru64 : Hello, blood brother :-) I compiled it on Tru64 UNIX 4.0D You're not missing anything. The JK2 code is making an assumption of what va* (variable argument list) implementation looks like. It could be that on most other systems (or should I say, C compiler environments) it is a pointer. On DEC CC it is not - it is a structure. The correction I have found to work or, at least, looks good - havent tested mod_jk2, yet - is: if (!file || !(args._a0)) Everything else should slide smoothly. If you have any more problems, call. Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: tomcat sends every email 3 times
Hi, Are you testing with IE? I recently heard of a problem with IE requesting the same document multiple times in background. This has something to do with determining the content-type of a document. If IE is not sure about the content-type (perhaps the http header is not present?) and no file extension is found (as it is with servlets), then IE tries to identify the content by inspection of the first bytes of the response. I also heard of this problem together with plug-ins (like Acrobat Reader). Conclusion: 1. check your access log files: how many requests are made to the servlet? 2. get a package sniffer and check, how many request the browser sends to the server. 3. if there are multiple requests (some of them might be aborded after some bytes transfered), check the http headers of the first response. 'Content-Type: ...' present? Everything else ok? by Ste Hi you are right. i configured web.xml to call a servelet or a perl cgi script to send email whenever 404 is encountered. the problem is that i always get three emails for one error any idea? --- Chong Yu Meng [EMAIL PROTECTED] wrote: Hi Cheng, How are you testing this? Do you have a servlet that sends emails whenever you get a 404 ? Or when you get a 404, Tomcat directs the request to a JSP or servlet that sends an email ? I'm pretty sure Tomcat does not have a built-in facility that sends email. Regards. zhicheng wang wrote: Hi if i config tomcat (both 4 AND 5) to send email for error code 404, it always send THREE emails. this is true regardless if i use a servlet of perl cgi any ideas? please let me know if i call the servlet or cgi directly, things are fine. thanks cheng = Best wishes Z C Wang -- There is nothing so absurd but some philosopher has said it. -- Marcus Tullius Cicero ++ | Pascal Chong | | email: [EMAIL PROTECTED] | | | | Please visit my site at : http://cymulacrum.net | | If you're using my documentation, please read the Terms and| | and Conditions at http://cymulacrum.net/terms.html | ++ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] = Best wishes Z C Wang ___ WIN FREE WORLDWIDE FLIGHTS - nominate a cafe in the Yahoo! Mail Internet Cafe Awards www.yahoo.co.uk/internetcafes - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Heap size
Could someone tell me if this is correct for setting the heap size. rem Execute Java with the applicable properties if not %JPDA% == goto doJpda if not %SECURITY_POLICY_FILE% == goto doSecurity %_EXECJAVA% -Xms128m -Xmx256m %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end :doSecurity %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Djava.security.manager -Djava.security.policy==%SECURITY_POLICY_FILE% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end :doJpda if not %SECURITY_POLICY_FILE% == goto doSecurityJpda %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% -Xdebug -Xrunjdwp:transport=dt_shmem,address=%JPDA_ADDRESS%,server=y,suspend=n %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
scalability
Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett
RE: Heap size
Hi, It's valid. Whether it's correct or not, only you can tell, and only after extensive stress testing. Yoav Shapira Millennium Research Informatics -Original Message- From: Reis, Tom [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:31 AM To: Tomcat Users List (E-mail) Subject: Heap size Could someone tell me if this is correct for setting the heap size. rem Execute Java with the applicable properties if not %JPDA% == goto doJpda if not %SECURITY_POLICY_FILE% == goto doSecurity %_EXECJAVA% -Xms128m -Xmx256m %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end :doSecurity %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Djava.security.manager -Djava.security.policy==%SECURITY_POLICY_FILE% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end :doJpda if not %SECURITY_POLICY_FILE% == goto doSecurityJpda %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% -Xdebug -Xrunjdwp:transport=dt_shmem,address=%JPDA_ADDRESS%,server=y,suspend=n %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_HOME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% goto end - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: scalability
Check out the app server matrix over at http://www.theserverside.com/reviews/matrix.tss http://www.theserverside.com/reviews/matrix.tss They also review of tomcat: http://www.theserverside.com/reviews/thread.tss?thread_id=18243 http://www.theserverside.com/reviews/thread.tss?thread_id=18243 Daniel J. Roehl, SCJP Programmer/Analyst Austin Energy Office: (512)322-6341 Mobile: (512)576-6810 Fax: (512)322-6025 -Original Message- From: MacManus, Brett C [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 10:38 AM To: [EMAIL PROTECTED] Subject: scalability Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett
Turning off cookies from a .war file?
I have an application that does not use cookies and indeed for this application it is an undesirable overhead to do cookies at all. I know that I can turn off cookies using the admin application, but I would like to automate that from within the .war file somehow (I deploy using a script using the manager application). Is there a call I could use from within my servlet or some special xml to include in the .war file to achieve this? -- Jens-Uwe Mager pgp-mailto:F476EBC2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
form base auth with custom messages
I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks
RE: form base auth with custom messages
You should be able to control this from your form-error-page. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: form base auth with custom messages I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: scalability
Hi, Check out the app server matrix over at http://www.theserverside.com/reviews/matrix.tss http://www.theserverside.com/reviews/matrix.tss Please note this matrix is woefully out of date, not just wrt tomcat but in general. I've alerted the TSS folks to this a couple of times especially since tomcat 5 stable first came out. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Turning off cookies from a .war file?
Hi, I have an application that does not use cookies and indeed for this application it is an undesirable overhead to do cookies at all. I know that I can turn off cookies using the admin application, but I would like to automate that from within the .war file somehow (I deploy using a script using the manager application). Is there a call I could use from within my servlet or some special xml to include in the .war file to achieve this? No to both of your questions. Cookies present minimal overhead anyways: if they even show up on your profiler CPU time display, then you've done an unbelievable tuning job. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: form base auth with custom messages
I would like to but there are two problems: 1. On the error page I don't know who tried to login, so I can not do any checks with the db. 2. I will have to a custom Realm to check for my date and not auth the user. How can you get info from the FormAuthenticator? It seems to be a sendRedirect so all request parameters are gone. -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:53 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages You should be able to control this from your form-error-page. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: form base auth with custom messages I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Turning off cookies from a .war file?
On Wed, Mar 31, 2004 at 11:55 -0500, Shapira, Yoav wrote: No to both of your questions. Cookies present minimal overhead anyways: if they even show up on your profiler CPU time display, then you've done an unbelievable tuning job. I am not tuning CPU overhead, I am tuning number of bytes transmitted for every request. And for network bandwidth with many very small requests this makes a difference. -- Jens-Uwe Mager pgp-mailto:F476EBC2 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Turning off cookies from a .war file?
Hi, No to both of your questions. Cookies present minimal overhead anyways: if they even show up on your profiler CPU time display, then you've done an unbelievable tuning job. I am not tuning CPU overhead, I am tuning number of bytes transmitted for every request. And for network bandwidth with many very small requests this makes a difference. I accept the network bandwidth point. If you're using a context XML file packaged with your WAR (only available in tomcat 5 and later), then you can include cookies=false in your context definition. This is documented in http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html. However, the server will then use URL rewriting, which results in longer URLs, and moreover this doesn't disable cookies altogether, just authentication cookies. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AccessControlException
Hi all When we try to start up tomcat on our linux box, we get the following scroll in our catalina.out file: register('-//Apache Software Foundation//DTD Struts Configuration 1.0//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apache/st ruts/resources/struts-config_1_0.dtd' register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apache/st ruts/resources/web-app_2_2.dtd' register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apache/st ruts/resources/web-app_2_3.dtd' Digester.getParser: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext.java :269) at java.security.AccessController.checkPermission(AccessController.java:401) at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at java.lang.ClassLoader.getParent(ClassLoader.java:1034) at org.apache.catalina.loader.WebappClassLoader.toString(WebappClassLoader.java :888) at java.lang.String.valueOf(String.java:2131) at java.lang.StringBuffer.append(StringBuffer.java:370) at javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.java:34 2) at javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:226) at javax.xml.parsers.SAXParserFactory.newInstance(SAXParserFactory.java:134) at org.apache.struts.digester.Digester.getParser(Digester.java:275) at org.apache.struts.digester.Digester.parse(Digester.java:755) at org.apache.struts.action.ActionServlet.initMapping(ActionServlet.java:1332) at org.apache.struts.action.ActionServlet.init(ActionServlet.java:466) at javax.servlet.GenericServlet.init(GenericServlet.java:258) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:91 8) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:810) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java: 3279) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3421) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:478) at org.apache.catalina.core.StandardHost.install(StandardHost.java:738) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:300) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:389) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:232) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:155) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131) at org.apache.catalina.core.StandardHost.start(StandardHost.java:638) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) Can anyone tell us how to solve this problem? bort - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OSX Server and Tomcat/Apache integration
I am hoping that someone out there will be able to help. I have spent about 20+ hours on this and am getting nowhere fast. I have OSX Server (v 10.3, Panther) installed and am trying to get Tomcat and Apache to connect. I have read the documentation but with little luck. I have it all working on the plain client version of Panther without a problem BUT with the Server version of Panther the configuration is very different and it's not just a matter of copying across the config files or using the same concepts. Thank you. I v a n ... -- Ivan Markovic SculptLight http://www.sculptlight.com Mobile: (+353) 87 2939256 Office: (+353) 1 2982205 Fax: (+353) 1 2966848 2 Airfield Drive, Churchtown, Dublin 14, Ireland. VAT: IE 9072482G - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
context mapping problem after upgrade from 4.1.29 to 4.1.30
Anyone have any ideas/pointers on this? Thanks, -Jim Greetings- I've just upgraded my development environment from Tomcat 4.1.29 to 4.1.30 (Win XP, jdk 1.4.2). It appears that my URI's are not mapped to the same context under 4.1.30 as they were under 4.1.29. I've made no changes to any of my config files; I simply upgraded Tomcat. Here's a snippet of my process log from 4.1.29, which works as I expect it to: 2004-03-30 11:52:59 StandardHost[localhost]: Mapping request URI '/fileupload/fileUpload.html' 2004-03-30 11:52:59 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 11:52:59 StandardHost[localhost]: Mapped to context '/fileupload' 2004-03-30 11:52:59 default: DefaultServlet.serveResource: Serving resource '/fileUpload.html' headers and data 2004-03-30 11:52:59 default: DefaultServlet.serveFile: lastModified='2004-03-30 11:48:46.455' 2004-03-30 11:52:59 default: DefaultServlet.serveFile: contentType='text/html' 2004-03-30 11:52:59 default: DefaultServlet.serveFile: contentLength=1830 Here's the same request under 4.1.30, not working as I expected it to: 2004-03-30 13:41:22 StandardHost[localhost]: Mapping request URI '' 2004-03-30 13:41:22 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 13:41:22 StandardHost[localhost]: Mapped to context '' Here's the Host section of the server.xml: Host name=localhost appBase=c:/tomcat/webapps workDir=c:/cvs-work/dvlp/temp/tomcat-ui/ui/localhost autoDeploy=false liveDeploy=false debug=10 deployXML=false Context path=/manager privileged=true docBase=c:/tomcat/server/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context Context path= docBase=c:/cvs-work/dvlp/bin/ui reloadable=true Manager className=org.apache.catalina.session.PersistentManager checkInterval=60 maxInactiveInterval=120 saveOnRestart=false/ Parameter name=version value=dev/ Resource name=nyw/directory auth=Container type=nyw.dir.Directory/ ResourceParams name=nyw/directory parameter namefactory/name valuenyw.dir.DirectoryObjectFactory/value /parameter parameter nameurl/name valuehttp://localhost:13001/property/value /parameter /ResourceParams Resource name=nyw/xmltranslator auth=Container type=nyw.ui.XMLTranslator/ ResourceParams name=nyw/xmltranslator parameter namefactory/name valuenyw.ui.XMLTranslatorObjectFactory/value /parameter parameter namecache/name valuefalse/value /parameter parameter namexsltRoot/name valuejndi:/localhost//value /parameter parameter namefopUserConfig/name valuec:/cvs-work/dvlp/conf/tomcat-ui/conf/fopUserConfig.xml/value /parameter /ResourceParams Resource name=nyw/aodfactory auth=Container type=nyw.aod.comm.AODFactory/ ResourceParams name=nyw/aodfactory parameter namefactory/name valuenyw.aod.comm.AODFactoryObjectFactory/value /parameter /ResourceParams Resource name=nyw/performancemonitor auth=Container type=nyw.util.PerformanceMonitor/ ResourceParams name=nyw/performancemonitor parameter namefactory/name valuenyw.util.PerformanceMonitorObjectFactory/value /parameter /ResourceParams Resource name=mail/session auth=Container type=javax.mail.Session/ ResourceParams name=mail/session parameter namemail.smtp.host/name valuep1.netyourwork.com/value /parameter /ResourceParams /Context Context path=/fileupload docBase=c:/cvs-work/dvlp/bin/fileupload reloadable=true Resource name=nyw/directory auth=Container type=nyw.dir.Directory/ ResourceParams name=nyw/directory parameter namefactory/name valuenyw.dir.DirectoryObjectFactory/value /parameter parameter nameurl/name valuehttp://localhost:13001/property/value /parameter /ResourceParams Resource name=nyw/aodfactory auth=Container type=nyw.aod.comm.AODFactory/ ResourceParams name=nyw/aodfactory parameter namefactory/name valuenyw.aod.comm.AODFactoryObjectFactory/value /parameter /ResourceParams
RE: OSX Server and Tomcat/Apache integration
Hi, What errors are you getting? Yoav Shapira Millennium Research Informatics -Original Message- From: Ivan E. Markovic [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:09 PM To: [EMAIL PROTECTED] Subject: OSX Server and Tomcat/Apache integration I am hoping that someone out there will be able to help. I have spent about 20+ hours on this and am getting nowhere fast. I have OSX Server (v 10.3, Panther) installed and am trying to get Tomcat and Apache to connect. I have read the documentation but with little luck. I have it all working on the plain client version of Panther without a problem BUT with the Server version of Panther the configuration is very different and it's not just a matter of copying across the config files or using the same concepts. Thank you. I v a n ... -- Ivan Markovic SculptLight http://www.sculptlight.com Mobile: (+353) 87 2939256 Office: (+353) 1 2982205 Fax: (+353) 1 2966848 2 Airfield Drive, Churchtown, Dublin 14, Ireland. VAT: IE 9072482G - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: context mapping problem after upgrade from 4.1.29 to 4.1.30
Hi, I already replied... Did my reply not get through? Yoav Shapira Millennium Research Informatics -Original Message- From: Jim Hopp [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:26 PM To: Tomcat Users List Subject: context mapping problem after upgrade from 4.1.29 to 4.1.30 Anyone have any ideas/pointers on this? Thanks, -Jim Greetings- I've just upgraded my development environment from Tomcat 4.1.29 to 4.1.30 (Win XP, jdk 1.4.2). It appears that my URI's are not mapped to the same context under 4.1.30 as they were under 4.1.29. I've made no changes to any of my config files; I simply upgraded Tomcat. Here's a snippet of my process log from 4.1.29, which works as I expect it to: 2004-03-30 11:52:59 StandardHost[localhost]: Mapping request URI '/fileupload/fileUpload.html' 2004-03-30 11:52:59 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 11:52:59 StandardHost[localhost]: Mapped to context '/fileupload' 2004-03-30 11:52:59 default: DefaultServlet.serveResource: Serving resource '/fileUpload.html' headers and data 2004-03-30 11:52:59 default: DefaultServlet.serveFile: lastModified='2004-03-30 11:48:46.455' 2004-03-30 11:52:59 default: DefaultServlet.serveFile: contentType='text/html' 2004-03-30 11:52:59 default: DefaultServlet.serveFile: contentLength=1830 Here's the same request under 4.1.30, not working as I expected it to: 2004-03-30 13:41:22 StandardHost[localhost]: Mapping request URI '' 2004-03-30 13:41:22 StandardHost[localhost]: Trying the longest context path prefix 2004-03-30 13:41:22 StandardHost[localhost]: Mapped to context '' Here's the Host section of the server.xml: Host name=localhost appBase=c:/tomcat/webapps workDir=c:/cvs-work/dvlp/temp/tomcat-ui/ui/localhost autoDeploy=false liveDeploy=false debug=10 deployXML=false Context path=/manager privileged=true docBase=c:/tomcat/server/webapps/manager Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1/ /Context Context path= docBase=c:/cvs-work/dvlp/bin/ui reloadable=true Manager className=org.apache.catalina.session.PersistentManager checkInterval=60 maxInactiveInterval=120 saveOnRestart=false/ Parameter name=version value=dev/ Resource name=nyw/directory auth=Container type=nyw.dir.Directory/ ResourceParams name=nyw/directory parameter namefactory/name valuenyw.dir.DirectoryObjectFactory/value /parameter parameter nameurl/name valuehttp://localhost:13001/property/value /parameter /ResourceParams Resource name=nyw/xmltranslator auth=Container type=nyw.ui.XMLTranslator/ ResourceParams name=nyw/xmltranslator parameter namefactory/name valuenyw.ui.XMLTranslatorObjectFactory/value /parameter parameter namecache/name valuefalse/value /parameter parameter namexsltRoot/name valuejndi:/localhost//value /parameter parameter namefopUserConfig/name valuec:/cvs-work/dvlp/conf/tomcat-ui/conf/fopUserConfig.xml/value /parameter /ResourceParams Resource name=nyw/aodfactory auth=Container type=nyw.aod.comm.AODFactory/ ResourceParams name=nyw/aodfactory parameter namefactory/name valuenyw.aod.comm.AODFactoryObjectFactory/value /parameter /ResourceParams Resource name=nyw/performancemonitor auth=Container type=nyw.util.PerformanceMonitor/ ResourceParams name=nyw/performancemonitor parameter namefactory/name valuenyw.util.PerformanceMonitorObjectFactory/value /parameter /ResourceParams Resource name=mail/session auth=Container type=javax.mail.Session/ ResourceParams name=mail/session parameter namemail.smtp.host/name valuep1.netyourwork.com/value /parameter /ResourceParams /Context Context path=/fileupload docBase=c:/cvs-work/dvlp/bin/fileupload reloadable=true Resource name=nyw/directory auth=Container type=nyw.dir.Directory/ ResourceParams name=nyw/directory parameter namefactory/name valuenyw.dir.DirectoryObjectFactory/value /parameter parameter nameurl/name valuehttp://localhost:13001/property/value /parameter
Re: scalability
You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C [EMAIL PROTECTED] wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
RE: scalability
Sorry Peter You are correct. I need in terms of clustering, and concurrent connections. Thank You Brett MacManus You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C [EMAIL PROTECTED] wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: form base auth with custom messages
Ah, I misunderstood the problem. Your best bet is to write a custom form authentication. It's more work, but you'll have access to everything you need because you are in control. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:57 AM To: Tomcat Users List Subject: RE: form base auth with custom messages I would like to but there are two problems: 1. On the error page I don't know who tried to login, so I can not do any checks with the db. 2. I will have to a custom Realm to check for my date and not auth the user. How can you get info from the FormAuthenticator? It seems to be a sendRedirect so all request parameters are gone. -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:53 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages You should be able to control this from your form-error-page. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: form base auth with custom messages I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: form base auth with custom messages
Is it possible to specify which form authenticator to use per web app or is it a one shot deal? Where does tomcat decide that j_security_check is FormAuthenticator? Can I change that? -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 9:48 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages Ah, I misunderstood the problem. Your best bet is to write a custom form authentication. It's more work, but you'll have access to everything you need because you are in control. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:57 AM To: Tomcat Users List Subject: RE: form base auth with custom messages I would like to but there are two problems: 1. On the error page I don't know who tried to login, so I can not do any checks with the db. 2. I will have to a custom Realm to check for my date and not auth the user. How can you get info from the FormAuthenticator? It seems to be a sendRedirect so all request parameters are gone. -Original Message- From: Koes, Derrick [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:53 AM To: 'Tomcat Users List' Subject: RE: form base auth with custom messages You should be able to control this from your form-error-page. -Original Message- From: Summers, Bert W. [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 11:48 AM To: [EMAIL PROTECTED] Subject: form base auth with custom messages I am using form base authentication with web.xml security constraints. It works fine in that if you enter the correct username and password you get in. What I want to do is provide feedback to the user for certain conditions, such as password is expired and they can not login or about to expire and take them to the change password page. The password expire feature is done by tracking how long it has been since they changed it. Is there an easy way to make some extra checks and then control which page is shown after authentication or failed authentication? I am starting down the path of rewriting FormAuthenticator. The problem with this is that all my web apps must conform to this same approach. Prior to using the web.xml to enforce security my login servlet would make these checks and then redirect to the correct page. Thanks This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This electronic transmission is strictly confidential to Smith Nephew and intended solely for the addressee. It may contain information which is covered by legal, professional or other privilege. If you are not the intended addressee, or someone authorized by the intended addressee to receive transmissions on behalf of the addressee, you must not retain, disclose in any form, copy or take any action in reliance on this transmission. If you have received this transmission in error, please notify the sender as soon as possible and destroy this message. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache 1.3 tomcat 5.0.19
Ive being researching about mod_jk and as far as I can see, the mod_jk was made to work with apache 2 (even that it says that it works with 1.3). Do I have to build mod_jk again if I use jk2 I have read that jk1.3 would be better suited to apache 1.3... What's the best connector to use with apache 1.3 and tomcat 5?? thanks Randy Harrison wrote: Galem, Mod_jk and mod_jk2 are connectors between tomcat and a standard webserver(apache, etc.). If you are going to use tomcat as a stanalone sever you don't need to connect to apache. Short answer = no. Randy Harrison Developer, eWatch Services PR Newswire 612 243-0601 x1120 [EMAIL PROTECTED] Galam [EMAIL PROTECTED]To: Tomcat Users List [EMAIL PROTECTED] cc: Subject: RE: apache 1.3 tomcat 5.0.19 03/17/2004 04:59 PM Please respond to Tomcat Users List Shapira, I have a question! If I use Tomcat5 standalone in production, do I still need to configure the mod_jk ? The mod_jk has been giving me too much troubles, and it would be really great if it is not needed in standalone enviroment. Thanks! Galam. Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Tomcat 5 can be used standalone to serve static content including images, yes. The same is true for tomcat 3 and 4 as well. People are using tomcat in production without a front-end server to handle static content, yes. Is there a drop in performance? Probably yes, but it depends on the static content, the traffic your site gets, the hardware and software configuration, and a host of other variables: frequently the drop in performance is better than the additional maintenance and setup costs of a separate front-end. Yoav Shapira Millennium Research Informatics -Original Message- From: Emerson Cargnin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 17, 2004 2:16 PM To: Tomcat Users List Subject: Re: apache 1.3 tomcat 5.0.19 I have a complementary question, taht I know that i have being asked before, but didn't find any answer, it's related to my previous question: - Tomcat 5 can be used directly (in production) without apache??? For serving static pages and images??? I mean, there are anybody using it direct in production, without any drop in performance? Emerson Cargnin wrote: Hi all I'm migrating a tomcat 3.2.3 isntallation to version 5. When using 3.2.3, I used to use automatic mod_jk.conf-auto generation for use by apache. Does version 5 has the same feature? Or do I have to configure it by hand?? any how-to?? It's not mentioned in tomcat 5 docs.. I used mod_jk, is jk2 prefered There's no linux release for it and when trying to build as the readme says, the buildI doesn't work at all... I'm using suse 9 / apache 1.3 and tomcat 5. -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer
RE: scalability
In terms of concurrent requests here's my own experience. Handing 50-150 concurrent requests using either apache AB or JMeter to simulate load doesn't pose any problems that I can see for static or simple dynamic pages. when I say dynamic pages, I mean simple queries which select from one view or simple sql join. the real bottle neck is the database. Depending on the OS you're on, the practical limit of the database in terms of concurrent queries varies quite a bit. If you're using windows and Sql Server, the practical limit for concurrent queries is 2x # of CPU. for example, say you have sql server on a 4 CPU system. the practical limit is 8 concurrent queries. Anything above 8 will get queued up. which means throwing more concurrent requests will just swamp the database. You'll have to test the database you're using to figure out the practical limit for concurrent queries. since you're already using weblogic, I'm going to guess there's an EJB somewhere providing data. If that is the case, follow the normal EJB best practices like using local interfaces to EJB's. In terms of clustering, if you're talking about session replication, I have no experience with clustering TC5. If you're talking about load balancing, there shouldn't be any performance issues. If you're planning on havng lots of servers, I would recommend using hardware load balancing. hope that helps. peter lin MacManus, Brett C [EMAIL PROTECTED] wrote: Sorry Peter You are correct. I need in terms of clustering, and concurrent connections. Thank You Brett MacManus You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
RE: scalability
Thanks Peter... We will be interacting with Oracle, Informix, and DB2. The proposed Tomcat application servers will be used with the Business Objects and Crystal BI application. Thank You Brett MacManus -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:22 PM To: Tomcat Users List Subject: RE: scalability In terms of concurrent requests here's my own experience. Handing 50-150 concurrent requests using either apache AB or JMeter to simulate load doesn't pose any problems that I can see for static or simple dynamic pages. when I say dynamic pages, I mean simple queries which select from one view or simple sql join. the real bottle neck is the database. Depending on the OS you're on, the practical limit of the database in terms of concurrent queries varies quite a bit. If you're using windows and Sql Server, the practical limit for concurrent queries is 2x # of CPU. for example, say you have sql server on a 4 CPU system. the practical limit is 8 concurrent queries. Anything above 8 will get queued up. which means throwing more concurrent requests will just swamp the database. You'll have to test the database you're using to figure out the practical limit for concurrent queries. since you're already using weblogic, I'm going to guess there's an EJB somewhere providing data. If that is the case, follow the normal EJB best practices like using local interfaces to EJB's. In terms of clustering, if you're talking about session replication, I have no experience with clustering TC5. If you're talking about load balancing, there shouldn't be any performance issues. If you're planning on havng lots of servers, I would recommend using hardware load balancing. hope that helps. peter lin MacManus, Brett C [EMAIL PROTECTED] wrote: Sorry Peter You are correct. I need in terms of clustering, and concurrent connections. Thank You Brett MacManus You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Ant problem: cannot make war file
I am having a problem when trying to make a WAR file for my webapp. I am trying to run a build.xml script and I get this error: BUILD FAILED: java.lang.NoSuchMethodError: org.apache.tools.zip.ZipOutputStream.init(Ljava/io/File;)V The classes compiled fine, but it cannot build the war file for some reason. It looks like it cannot instantiate an object of class ZipOutputStream but it can't. I looked and saw that the ZipOutputStream class is in the ant.jat file in the $ANT_HOME/lib folder. I am using SuSE 9.0, Ant 1.6.0 and Eclipse 2.1. Chris Alvarez Novell, Inc., the leading provider of information solutions. http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: scalability
I think I'm getting a better picture. You're exploring the option of having weblogic handle just the business objects and Crystal BI stuff. Tomcat then serves up view of the data produced by weblogic and the database. Having worked on a platform with a setup similar to that for wireless applications, the tricky part is tuning your application server (read EJB container) performance. I'm assuming you've already done that since it sounds like a production setup. In general, most of the time Tomcat will be waiting for data. As long as Tomcat gets the data As Fast As Possible, it shouldn't be the bottleneck. In that type of configuration, it's desirable to have a dedicated ethernet port that connects to a dedicated router to the App Server(if you don't already have it setup that way). Realistic numbers on 3 tiered setups are hard to find, but you should be able to find some synthetic numbers. good luck. peter lin MacManus, Brett C [EMAIL PROTECTED] wrote: Thanks Peter... We will be interacting with Oracle, Informix, and DB2. The proposed Tomcat application servers will be used with the Business Objects and Crystal BI application. Thank You Brett MacManus -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:22 PM To: Tomcat Users List Subject: RE: scalability In terms of concurrent requests here's my own experience. Handing 50-150 concurrent requests using either apache AB or JMeter to simulate load doesn't pose any problems that I can see for static or simple dynamic pages. when I say dynamic pages, I mean simple queries which select from one view or simple sql join. the real bottle neck is the database. Depending on the OS you're on, the practical limit of the database in terms of concurrent queries varies quite a bit. If you're using windows and Sql Server, the practical limit for concurrent queries is 2x # of CPU. for example, say you have sql server on a 4 CPU system. the practical limit is 8 concurrent queries. Anything above 8 will get queued up. which means throwing more concurrent requests will just swamp the database. You'll have to test the database you're using to figure out the practical limit for concurrent queries. since you're already using weblogic, I'm going to guess there's an EJB somewhere providing data. If that is the case, follow the normal EJB best practices like using local interfaces to EJB's. In terms of clustering, if you're talking about session replication, I have no experience with clustering TC5. If you're talking about load balancing, there shouldn't be any performance issues. If you're planning on havng lots of servers, I would recommend using hardware load balancing. hope that helps. peter lin MacManus, Brett C wrote: Sorry Peter You are correct. I need in terms of clustering, and concurrent connections. Thank You Brett MacManus You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
Migration
I'm a newbie in tomcat. How can I get documents or information about how to migrate Tomcat 4 to Tomcat 5. Thanks a lot!! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Ant problem: cannot make war file
Hi, First, please add [OFF-TOPIC] to your subject line as this is not a tomcat issue. Second: you have a different ant.jar at compile time than you do at runtime, or alternatively multiple different ant.jars on the classpath at runtime, the first of which is missing this method. The method is a ZipOutputStream constructor that takes a file argument. It's been present only in the past three revisions of the class, i.e. the few latest ant versions, probably 1.6 only but I don't feel like tracking their CVS. Yoav Shapira Millennium Research Informatics -Original Message- From: Chris Alvarez [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 1:26 PM To: [EMAIL PROTECTED] Subject: Ant problem: cannot make war file I am having a problem when trying to make a WAR file for my webapp. I am trying to run a build.xml script and I get this error: BUILD FAILED: java.lang.NoSuchMethodError: org.apache.tools.zip.ZipOutputStream.init(Ljava/io/File;)V The classes compiled fine, but it cannot build the war file for some reason. It looks like it cannot instantiate an object of class ZipOutputStream but it can't. I looked and saw that the ZipOutputStream class is in the ant.jat file in the $ANT_HOME/lib folder. I am using SuSE 9.0, Ant 1.6.0 and Eclipse 2.1. Chris Alvarez Novell, Inc., the leading provider of information solutions. http://www.novell.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
DataSourceRealm authentication and role zones
Hello. I'm working in a web application with tomcat and struts. Now I'm implementing session tracking and authentication and I don't know how to do it. I'm using DataSourceRealm with mysql and I have a user role and a admin role. I've read about DataSourceRealm in jakarta web, but I didn't understand so well. I've tried it but nothing did happen. 1º) How must I configure the application (web.xml and server.xml). 2º) I want to assing each part of the application to a role. How can I do that? Thanks for all. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Two JSTL Questions
1) I am trying to get jakartas taglib to work. Is there a standard way to locate the *.tld files and jar files on tomcat. For example, would this be a correct structure assuming I am using it for a single package and not for every app under the webapps directory? myWebApp/WEB-INF/lib-- my jar files go here? myWebApp/WEB-INF/tld-- my taglibs go here? Map the taglib in my web.xml file 2) What is the difference between the JSTL I download from apache and the JSTL package used in SUNs jsdk download (which includes their server). I noted that SUNs jstl page is named appserv-jstl.jar OR is it the same? TIA Tom K. --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.557 / Virus Database: 349 - Release Date: 12/30/2003
TomCat 4.1.30 on Aix - Error accessing http://server:8080/admin
I just installed the binary version of TomCat 4.1.30 on Aix 5.1. I can access the default TomCat page but get the following error accessing the admin link. Anyone know how to get around this? Thanks, Jack HTTP Status 500 - type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception org.apache.jasper.JasperException: Cannot find message resources under key org.apache.struts.action.MESSAGE at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 54) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja va:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase .java:551) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2422) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve. java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:163 ) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java :174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:199) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:828) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:700) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:584) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:683) at java.lang.Thread.run(Thread.java:512) root cause javax.servlet.ServletException: Cannot find message resources under key org.apache.struts.action.MESSAGE at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImp l.java:533) at org.apache.jsp.login_jsp._jspService(login_jsp.java:192) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:137) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2 10) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:241) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application FilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh ain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja va:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok eNext(StandardPipeline.java:643)
Re: Does my webapp directory have to live under the webapps folder?
Andrew Hamilton and David Liles, thank you very much for answering my question. It's exactly what I needed to know! LILES, DAVID (CONTRACTOR) wrote In your server.xml file you can define where your baseDoc location is I'm using Tomcat 5 in IIS and am doing just that I even put together a document outlining the steps I took to configure the two www.dynamichostings.com/TomCat5IIS5.do Hope it helps. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: AccessControlException
Does one of your apps have the Digester classes in its web app classpath? Did you make any changes to the policy file? What's appears to be happening is that the version of the Digester loaded doesn't have the appropriate runtime permissions to get another class's classloader. This kind of thing comes up if you have local versions of Apache commons jars deployed with a web app sometimes: The web app classloader gives priority to the classes in the web apps classpath instead of immediately delegating up the classloader tree, which in turn means that their codebases have limited permissions. You have several options: 1) Root out the copied jars, if you're not intentionally overriding them 2) Use a custom security manager to log missing permissions and their codebases. I wrote my own, because I couldn't get jchains to work (you can try, though: http://jchains.org). Writing your own is not that hard. Then modify the policy file appropriately. 2) Turn off the security manager. This is tragically the most common choice. Benjamin J. Armintor Systems Analyst ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of bort Sent: Wednesday, March 31, 2004 11:25 AM To: [EMAIL PROTECTED] Subject: AccessControlException Hi all When we try to start up tomcat on our linux box, we get the following scroll in our catalina.out file: register('-//Apache Software Foundation//DTD Struts Configuration 1.0//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apach e/st ruts/resources/struts-config_1_0.dtd' register('-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apach e/st ruts/resources/web-app_2_2.dtd' register('-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN', 'jar:file:/var/lib/tomcat4/webapps/RFP/WEB-INF/lib/struts.jar!/org/apach e/st ruts/resources/web-app_2_3.dtd' Digester.getParser: java.security.AccessControlException: access denied (java.lang.RuntimePermission getClassLoader) at java.security.AccessControlContext.checkPermission(AccessControlContext. java :269) at java.security.AccessController.checkPermission(AccessController.java:401 ) at java.lang.SecurityManager.checkPermission(SecurityManager.java:524) at java.lang.ClassLoader.getParent(ClassLoader.java:1034) at org.apache.catalina.loader.WebappClassLoader.toString(WebappClassLoader. java :888) at java.lang.String.valueOf(String.java:2131) at java.lang.StringBuffer.append(StringBuffer.java:370) at javax.xml.parsers.FactoryFinder.findJarServiceProvider(FactoryFinder.jav a:34 2) at javax.xml.parsers.FactoryFinder.find(FactoryFinder.java:226) at javax.xml.parsers.SAXParserFactory.newInstance(SAXParserFactory.java:134 ) at org.apache.struts.digester.Digester.getParser(Digester.java:275) at org.apache.struts.digester.Digester.parse(Digester.java:755) at org.apache.struts.action.ActionServlet.initMapping(ActionServlet.java:13 32) at org.apache.struts.action.ActionServlet.init(ActionServlet.java:466) at javax.servlet.GenericServlet.init(GenericServlet.java:258) at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.jav a:91 8) at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:810) at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.j ava: 3279) at org.apache.catalina.core.StandardContext.start(StandardContext.java:3421 ) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:785) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:478) at org.apache.catalina.core.StandardHost.install(StandardHost.java:738) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:300) at org.apache.catalina.startup.HostConfig.start(HostConfig.java:389) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:23 2) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSu ppor t.java:155) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1131) at org.apache.catalina.core.StandardHost.start(StandardHost.java:638) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) at org.apache.catalina.core.StandardService.start(StandardService.java:388) at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) at org.apache.catalina.startup.Catalina.start(Catalina.java:781) at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) at org.apache.catalina.startup.Catalina.process(Catalina.java:179) at
RE: scalability
Thanks again for the info. We are hoping to take weblogic out of the picture all together and go with an Apache http server and Tomcat app server. Currently we have our BI infrastructure on AIX and we are pushing for our next release to deploy on Linux. Therefore we were trying to ditch Weblogic as well and go with open source. We are just trying to get our ducks in a row so that we can answer all questions intelligently as to why we want to go away from the current set up and what the possible pit falls are going to be. We know that we are not going to have any issues with the Apache HTTP server, but I am unfamiliar with Tomcat and decided to go on this fact finding mission. Thanks in advance for all of your help Thank You Brett MacManus -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:34 PM To: Tomcat Users List Subject: RE: scalability I think I'm getting a better picture. You're exploring the option of having weblogic handle just the business objects and Crystal BI stuff. Tomcat then serves up view of the data produced by weblogic and the database. Having worked on a platform with a setup similar to that for wireless applications, the tricky part is tuning your application server (read EJB container) performance. I'm assuming you've already done that since it sounds like a production setup. In general, most of the time Tomcat will be waiting for data. As long as Tomcat gets the data As Fast As Possible, it shouldn't be the bottleneck. In that type of configuration, it's desirable to have a dedicated ethernet port that connects to a dedicated router to the App Server(if you don't already have it setup that way). Realistic numbers on 3 tiered setups are hard to find, but you should be able to find some synthetic numbers. good luck. peter lin MacManus, Brett C [EMAIL PROTECTED] wrote: Thanks Peter... We will be interacting with Oracle, Informix, and DB2. The proposed Tomcat application servers will be used with the Business Objects and Crystal BI application. Thank You Brett MacManus -Original Message- From: Peter Lin [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 12:22 PM To: Tomcat Users List Subject: RE: scalability In terms of concurrent requests here's my own experience. Handing 50-150 concurrent requests using either apache AB or JMeter to simulate load doesn't pose any problems that I can see for static or simple dynamic pages. when I say dynamic pages, I mean simple queries which select from one view or simple sql join. the real bottle neck is the database. Depending on the OS you're on, the practical limit of the database in terms of concurrent queries varies quite a bit. If you're using windows and Sql Server, the practical limit for concurrent queries is 2x # of CPU. for example, say you have sql server on a 4 CPU system. the practical limit is 8 concurrent queries. Anything above 8 will get queued up. which means throwing more concurrent requests will just swamp the database. You'll have to test the database you're using to figure out the practical limit for concurrent queries. since you're already using weblogic, I'm going to guess there's an EJB somewhere providing data. If that is the case, follow the normal EJB best practices like using local interfaces to EJB's. In terms of clustering, if you're talking about session replication, I have no experience with clustering TC5. If you're talking about load balancing, there shouldn't be any performance issues. If you're planning on havng lots of servers, I would recommend using hardware load balancing. hope that helps. peter lin MacManus, Brett C wrote: Sorry Peter You are correct. I need in terms of clustering, and concurrent connections. Thank You Brett MacManus You're going to have to qualify your definition of scalability before anyone can provide useful information. scalability in terms of concurrent users? requests per second? average response time? cluster size? concurrent connections? without a point of reference, scalability means very little :) peter MacManus, Brett C wrote: Hello, I am needing information on the scalability of Tomcat. We are currently using Web Logic, but are considering Tomcat and our only concern in scalability. Can anyone help me out with this as I am unable to track down any specifics. Thank You Brett - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - Do you
How to filter out HTTP requests, or limit requests
I have a new web server running Tomcat and serving jsp pages on a RedHat9 box. I am new to web technologies and have been reviewing the access logs daily. I find several attempts in the logs to run root.exe, cmd.exe, and various scripts. What I have seen so far appear to be attempts against IIS which I am not running. But with each request the server has to respond with 404 and 500 codes and reply traffic of various sizes. I saw one posting on Google where repeated requests for default.ida shut down the site because of the reply traffic. I could find on Google that for Apache a file called htaccess could have commands to trap requests but elsewhere it said that Tomcat doesn't use htaccess, but I can't find what it does instead. So I am hoping Tomcat has a method to let me trap strings like default.ida or root.exe and just drop them to a black hole before the server is requested to service the request. I was also wondering if in the same method or another I could specifically list html, jsp, and graphics that I will service and drop all others. Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Multiple certificates for multiple virtual hosts (1:1)
No idea, but for now, ... 1 name -- 1 certificate -- 1 (TCP port, IP address) pair. You can't do any better with any implementation I know of. Yours, Antonio Fiol Martin Alley wrote: Aha... This from http://ietf.org/rfc/rfc3546.txt 3.1. Server Name Indication [TLS] does not provide a mechanism for a client to tell a server the name of the server it is contacting. It may be desirable for clients to provide this information to facilitate secure connections to servers that host multiple 'virtual' servers at a single underlying network address. In order to provide the server name, clients MAY include an extension of type server_name in the (extended) client hello. ... This rfc is dated June 2003, so I wonder when it will become mainstream?? Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 15:25 To: 'Tomcat Users List' Subject: RE: Multiple certificates for multiple virtual hosts (1:1) Hi Doug, I guess my point is that given there may be multiple certificates installed on a web server, and given that certificates authenticate Distinguished Name there should be an effective way to make sure the correct certificate is sent to the user. The certificate isn't just for viewing on the client when there is a name mismatch, or out of date of whatever - it can be used by SSL 3 supported RSA key exchange. Why should the user get the wrong certificate when the correct one is available??? I understand about SSL fitting between TCP/IP and HTTP in the protocol stack. I would expect the host name to transition as part of the SSL session initiation - given that the certificate authenticates the *name* and not the IP address!! It looks like this has already been considered by the gurus (not surprisingly :-) http://ietf.org/internet-drafts/draft-ietf-tls-emailaddr-00.txt I shall do a bit more research... Cheers Martin -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 14:55 To: Tomcat Users List Subject: Re: Multiple certificates for multiple virtual hosts (1:1) Martin, You missed something fundamental. See the following document for a brief description of the problem. http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html For a more detailed description see: http://httpd.apache.org/docs-2.0/ssl/ssl_intro.html Short answer you can't. I have an idea about a work around using non-standard ports: Short version- No connectors on 443. Redirect or link from http page to https nonstandard port. Has anyone tried this or have it working Doug www.parsonstechnical.com - Original Message - From: Martin Alley [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 8:39 AM Subject: RE: Multiple certificates for multiple virtual hosts (1:1) Okay, I see that the address attribute of the connector element can be used to retrict IP/port combinations. As I've only got 1 IP this doesn't really affect me. Either I've misunderstood something fundamental, or the configuration capabilities are not optimal. Any one? Thanks Martin -Original Message- From: Martin Alley [mailto:[EMAIL PROTECTED] Sent: 31 March 2004 12:10 To: Tomcat Users List Subject: Multiple certificates for multiple virtual hosts (1:1) Hi, I want to have different certificates for different virtual hosts on my tomcat setup (embedded in JBoss). I only have 1 IP address. I want to use the default ports (80 443) for each virtual server. A certificate doesn't say anything about the IP address - only the common name (ie the FQDN). It is perfectly possible to change the IP address of the machine on which the cert is installed, and not have to update the certificate. Just let DNS update round the world. The key thing is to keep the private key that is paired with the public key embedded in the cert (that's been signed by the CA) secured on the same machine. Tomcat: The Definitive Guide, has this to say about multiple server certificates: Suppose you are an ISP with clients, several of whom want to have their own certificate. Typically this would involve using Virtual Hosts (as covered in Chapter 7). Simply add an SSL Factory element to the appropriate client's Connector, giving the keystore file for that specific client. I don't see how virtual hosts are associated directly with certificates. From my reading, certificates are associated with keystore, which are associated with connectors, which are globally shared by one engine. In other words it seems you can have different certs for different *ports*, and you can use any of the virtual host names with any of the ports declared, but you can't have the appropriate cert selected based on the host name. This is a shame, because *that* is what has been certified! So, suppose I have 2 pairs of HTTP connectors each with an SSL factory: Http 80 with SSL 443 (cert common name www.company1.com)
RE: How to filter out HTTP requests, or limit requests
Hi, sorry mi english. You probe ServletFilter tecnology ? Saludos !! SALVATIERRA, Mauricio Hugo Information Technology Ford Argentina S.C.A. Phono/Fax: 54-11-4756-8750 mailto: [EMAIL PROTECTED] Visit our page: http//www.ford.com.ar/ STRICTLY CONFIDENTIAL. The contents of this e-mail and any attachments are strictly confidential and property of Ford Argentina S.C.A. They may not be used or disclosed by someone who is not a named recipient. If you have received this e-mail in error please notify the sender by replying to this email inserting the word Misdirected as the message and delete the present message. -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 16:57 To: Tomcat Users List Subject: How to filter out HTTP requests, or limit requests I have a new web server running Tomcat and serving jsp pages on a RedHat9 box. I am new to web technologies and have been reviewing the access logs daily. I find several attempts in the logs to run root.exe, cmd.exe, and various scripts. What I have seen so far appear to be attempts against IIS which I am not running. But with each request the server has to respond with 404 and 500 codes and reply traffic of various sizes. I saw one posting on Google where repeated requests for default.ida shut down the site because of the reply traffic. I could find on Google that for Apache a file called htaccess could have commands to trap requests but elsewhere it said that Tomcat doesn't use htaccess, but I can't find what it does instead. So I am hoping Tomcat has a method to let me trap strings like default.ida or root.exe and just drop them to a black hole before the server is requested to service the request. I was also wondering if in the same method or another I could specifically list html, jsp, and graphics that I will service and drop all others. Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: How to filter out HTTP requests, or limit requests
Hi, You have several choices, although the default behavior isn't that bad. Your choices include: - Tomcat's RemoteAddr and RemoteHost valves (http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html) - A custom Servlet Filter you write to deny specific requests like root.exe/cmd.exe/default.ida. - Others but I have to run to a meeting ;) Yoav Shapira Millennium Research Informatics -Original Message- From: lrnobs [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 2:57 PM To: Tomcat Users List Subject: How to filter out HTTP requests, or limit requests I have a new web server running Tomcat and serving jsp pages on a RedHat9 box. I am new to web technologies and have been reviewing the access logs daily. I find several attempts in the logs to run root.exe, cmd.exe, and various scripts. What I have seen so far appear to be attempts against IIS which I am not running. But with each request the server has to respond with 404 and 500 codes and reply traffic of various sizes. I saw one posting on Google where repeated requests for default.ida shut down the site because of the reply traffic. I could find on Google that for Apache a file called htaccess could have commands to trap requests but elsewhere it said that Tomcat doesn't use htaccess, but I can't find what it does instead. So I am hoping Tomcat has a method to let me trap strings like default.ida or root.exe and just drop them to a black hole before the server is requested to service the request. I was also wondering if in the same method or another I could specifically list html, jsp, and graphics that I will service and drop all others. Thanks, Larry Nobs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat5/tomcat4 comparison
Posting my findings for Redhat Linux 7.3 on a Intel Zeon 2.4 with a GB of ram. My kernel is not SMP even though the Zeon has hyperthreading. I also ran ab on the same machine as apache and tomcat. I was interested in seeing the WARP connector maintained, so I also include those numbers in my tests. I find that WARP works with both Apache 1.3.29 and 2.0.49. It does not however work with tomcat 5. I also found that it does not have the performance of the jk2 connector. This was told to me, but I didn't believe it until I tested it myself. I found that the warp connector was removed from tomcat 5, and I did not work on porting it. +--+ | Tomcat | Apache| Connector| Mean | | Version | Version | | Connection | +==+ | 4.1.30 | 1.3.29| webapp | 73.81 | | +---+ | | 2.0.49| webapp | 74.19 | | | +---+ | | | jk2(ajp) | 40.16 | | | +---+ | | | jk2(coyote) | 29.31 | | +---+ | | none | http(coyote) | 18.98 | +--+ | 5.0.19 | 2.0.49| jk2 | 27.35 | | +---+ | | none | http(coyote) | 18.76 | +--+ All my tests were using the HelloWorldExample servlet. I did not perform any static page tests. The example servlet changed URLs between 4.1 and 5.0 tomcat versions. I used the ab version from my 1.3.29 apache. I don't know if there were any changes between it and the one in 2.0.49. Tomcat 4.1.30 - ab -n 1 -c 30 http://www/examples/servlet/HelloWorldExample Tomcat 5.0.19 - ab -n 1 -c 30 http://www/servlets-examples/servlet/HelloWorldExample These numbers did not match my expectations, but then I am not familiar with the code in each module. It shows that using the Http Connector is faster than going through apache for the dynamic content. I would expect dynamic content to be the reverse, so consider what percentage of your pages/images are dynamic when choosing which to use. As a side note, I believe that since webapp works with 2.0.49, it does support threads. Because it doesn't have the performance of jk2, I won't be trying to get it out of deprication. I know that my tests don't compare directly to the other post, and it doesn't look like there is as much of a change in performance as the other tests showed between versions. The HelloWorldExample servlet was 1.2% faster using 5.0.19 compared to 4.1.30 with the HTTP Connector. It was 7.2% faster when comparing 5.0.19 and 4.1.30 using the jk2 Connector. jk2 4.1.30 100.0 % http 4.1.30 154.4 % jk2 5.0.19 107.2 % http 5.0.19 156.2 % -walter Apache 1.3.29/Tomcat 4.1.30/mod_webapp 1.20 Total transferred: 5442176 bytes HTML transferred: 3931572 bytes Requests per second:406.47 [#/sec] (mean) Time per request: 73.81 [ms] (mean) Time per request: 2.46 [ms] (mean, across all concurrent requests) Transfer rate: 221.21 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/mod_webapp 1.20 Total transferred: 5641692 bytes HTML transferred: 3931179 bytes Requests per second:404.38 [#/sec] (mean) Time per request: 74.19 [ms] (mean) Time per request: 2.47 [ms] (mean, across all concurrent requests) Transfer rate: 228.14 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/jk2 2.04(org.apache.ajp.tomcat4.Ajp13Connector) Total transferred: 5575013 bytes HTML transferred: 3933537 bytes Requests per second:746.99 [#/sec] (mean) Time per request: 40.16 [ms] (mean) Time per request: 1.34 [ms] (mean, across all concurrent requests) Transfer rate: 416.45 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/jk2 2.04(org.apache.coyote.tomcat4.CoyoteConnector) Total transferred: 5910030 bytes HTML transferred: 4056885 bytes Requests per second:1023.44 [#/sec] (mean) Time per request: 29.31 [ms] (mean) Time per request: 0.98 [ms] (mean, across all concurrent requests) Transfer rate: 604.85 [Kbytes/sec] received Tomcat 4.1.30/Coyote Http Total transferred: 5541060 bytes HTML transferred: 4058100 bytes Requests per second:1581.03 [#/sec] (mean) Time per request: 18.98 [ms] (mean) Time per request: 0.63 [ms] (mean, across all concurrent requests) Transfer rate: 876.06 [Kbytes/sec] received Tomcat 5.0.14/Coyote Http Total transferred: 5273150 bytes HTML transferred: 3598975 bytes Requests per second:1599.49 [#/sec] (mean) Time per request: 18.76 [ms] (mean)
RE: tomcat5/tomcat4 comparison
Hi, Great stuff, thanks for posting. Now if we could only get people to search the archives before posting questions ;) Yoav Shapira Millennium Research Informatics -Original Message- From: Walter Truitt [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 31, 2004 3:24 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: tomcat5/tomcat4 comparison Posting my findings for Redhat Linux 7.3 on a Intel Zeon 2.4 with a GB of ram. My kernel is not SMP even though the Zeon has hyperthreading. I also ran ab on the same machine as apache and tomcat. I was interested in seeing the WARP connector maintained, so I also include those numbers in my tests. I find that WARP works with both Apache 1.3.29 and 2.0.49. It does not however work with tomcat 5. I also found that it does not have the performance of the jk2 connector. This was told to me, but I didn't believe it until I tested it myself. I found that the warp connector was removed from tomcat 5, and I did not work on porting it. +--+ | Tomcat | Apache| Connector| Mean | | Version | Version | | Connection | +==+ | 4.1.30 | 1.3.29| webapp | 73.81 | | +---+ | | 2.0.49| webapp | 74.19 | | | +---+ | | | jk2(ajp) | 40.16 | | | +---+ | | | jk2(coyote) | 29.31 | | +---+ | | none | http(coyote) | 18.98 | +--+ | 5.0.19 | 2.0.49| jk2 | 27.35 | | +---+ | | none | http(coyote) | 18.76 | +--+ All my tests were using the HelloWorldExample servlet. I did not perform any static page tests. The example servlet changed URLs between 4.1 and 5.0 tomcat versions. I used the ab version from my 1.3.29 apache. I don't know if there were any changes between it and the one in 2.0.49. Tomcat 4.1.30 - ab -n 1 -c 30 http://www/examples/servlet/HelloWorldExample Tomcat 5.0.19 - ab -n 1 -c 30 http://www/servlets-examples/servlet/HelloWorldExample These numbers did not match my expectations, but then I am not familiar with the code in each module. It shows that using the Http Connector is faster than going through apache for the dynamic content. I would expect dynamic content to be the reverse, so consider what percentage of your pages/images are dynamic when choosing which to use. As a side note, I believe that since webapp works with 2.0.49, it does support threads. Because it doesn't have the performance of jk2, I won't be trying to get it out of deprication. I know that my tests don't compare directly to the other post, and it doesn't look like there is as much of a change in performance as the other tests showed between versions. The HelloWorldExample servlet was 1.2% faster using 5.0.19 compared to 4.1.30 with the HTTP Connector. It was 7.2% faster when comparing 5.0.19 and 4.1.30 using the jk2 Connector. jk2 4.1.30 100.0 % http 4.1.30 154.4 % jk2 5.0.19 107.2 % http 5.0.19 156.2 % -walter Apache 1.3.29/Tomcat 4.1.30/mod_webapp 1.20 Total transferred: 5442176 bytes HTML transferred: 3931572 bytes Requests per second:406.47 [#/sec] (mean) Time per request: 73.81 [ms] (mean) Time per request: 2.46 [ms] (mean, across all concurrent requests) Transfer rate: 221.21 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/mod_webapp 1.20 Total transferred: 5641692 bytes HTML transferred: 3931179 bytes Requests per second:404.38 [#/sec] (mean) Time per request: 74.19 [ms] (mean) Time per request: 2.47 [ms] (mean, across all concurrent requests) Transfer rate: 228.14 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/jk2 2.04(org.apache.ajp.tomcat4.Ajp13Connector) Total transferred: 5575013 bytes HTML transferred: 3933537 bytes Requests per second:746.99 [#/sec] (mean) Time per request: 40.16 [ms] (mean) Time per request: 1.34 [ms] (mean, across all concurrent requests) Transfer rate: 416.45 [Kbytes/sec] received Apache 2.0.49/Tomcat 4.1.30/jk2 2.04(org.apache.coyote.tomcat4.CoyoteConnector) Total transferred: 5910030 bytes HTML transferred: 4056885 bytes Requests per second:1023.44 [#/sec] (mean) Time per request: 29.31 [ms] (mean) Time per request: 0.98 [ms] (mean, across all concurrent requests) Transfer rate: 604.85 [Kbytes/sec] received Tomcat 4.1.30/Coyote Http Total transferred: 5541060 bytes HTML transferred: 4058100 bytes Requests per second:1581.03 [#/sec] (mean) Time
problem with new 2.04 mod_jk2
Hello, I decided to try the new mod_jk2 today. I put all the files in the right place, but fot this error when starting up httpd: Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/jk2.conf: Cannot load /etc/httpd/modules/mod_jk2.so into server: /etc/httpd/modules/mod_jk2.so: undefined symbol: apr_socket_send has anyone seen this or know what I have done wrong? Thanks, Devin
RE: tomcat5/tomcat4 comparison
I pray for that day, but not holding my breath. :) peter Shapira, Yoav [EMAIL PROTECTED] wrote: Hi, Great stuff, thanks for posting. Now if we could only get people to search the archives before posting questions ;) Yoav Shapira Millennium Research Informatics - Do you Yahoo!? Yahoo! Finance Tax Center - File online. File on time.
Re: tomcat5/tomcat4 comparison
Walter Truitt wrote: I know that my tests don't compare directly to the other post, and it doesn't look like there is as much of a change in performance as the other tests showed between versions. The HelloWorldExample servlet was 1.2% faster using 5.0.19 compared to 4.1.30 with the HTTP Connector. It was 7.2% faster when comparing 5.0.19 and 4.1.30 using the jk2 Connector. There's no difference because the HWE is a rather bad test (if you're out there to test throughtput): - it retrieves an i18n bundle on each request, and gets a String from it (profiling has shown it's not something trivial) - it uses a writer: this means most of the activity is converting the chars to bytes Since it doesn't exercise anything else (filters, request dispatcher, any API method), there's little difference between 4.1.x and 5.0.x (which now also use the same connectors, so there's no difference there either). If you want to test the output speed, you need a servlet which simply writes byte arrays (and does nothing else). You could also use keepalive when testing (unfortunately, ab doesn't allow a mix). Again, you'll see bigger differences. -- x Rémy Maucherat Developer Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with new 2.04 mod_jk2
for what I have researched, you need to have APR's and build mod_jk2 against it. That's why I decided to mantain mod_jk. Still have some problems, but I'll post it in another mail. Emerson [EMAIL PROTECTED] wrote: Hello, I decided to try the new mod_jk2 today. I put all the files in the right place, but fot this error when starting up httpd: Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/jk2.conf: Cannot load /etc/httpd/modules/mod_jk2.so into server: /etc/httpd/modules/mod_jk2.so: undefined symbol: apr_socket_send has anyone seen this or know what I have done wrong? Thanks, Devin -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with new 2.04 mod_jk2
weird. Why would they put Linux binaries up on the Jakarta site that wont work in Linux? -devin for what I have researched, you need to have APR's and build mod_jk2 against it. That's why I decided to mantain mod_jk. Still have some problems, but I'll post it in another mail. Emerson [EMAIL PROTECTED] wrote: Hello, I decided to try the new mod_jk2 today. I put all the files in the right place, but fot this error when starting up httpd: Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/jk2.conf: Cannot load /etc/httpd/modules/mod_jk2.so into server: /etc/httpd/modules/mod_jk2.so: undefined symbol: apr_socket_send has anyone seen this or know what I have done wrong? Thanks, Devin -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with new 2.04 mod_jk2
I had the same error than him, and it looks like he is using apache 1.3, that doesn't come with APR, so you have to install it separated (although it didn't worked for me)... [EMAIL PROTECTED] wrote: weird. Why would they put Linux binaries up on the Jakarta site that wont work in Linux? -devin for what I have researched, you need to have APR's and build mod_jk2 against it. That's why I decided to mantain mod_jk. Still have some problems, but I'll post it in another mail. Emerson [EMAIL PROTECTED] wrote: Hello, I decided to try the new mod_jk2 today. I put all the files in the right place, but fot this error when starting up httpd: Starting httpd: Syntax error on line 5 of /etc/httpd/conf.d/jk2.conf: Cannot load /etc/httpd/modules/mod_jk2.so into server: /etc/httpd/modules/mod_jk2.so: undefined symbol: apr_socket_send has anyone seen this or know what I have done wrong? Thanks, Devin -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Emerson Cargnin Analista de Sistemas Setor de Desenvolvimento de Sistemas - TRE-SC tel : (048) - 251-3700 - Ramal 3181 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
report
here is my photo! Norton AntiVirus Deleted1.txt Description: plain/text - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]