Re: jdbc realms timing out database connection and not reconnecting

[Andrew Robson]

Hi,
  I bet the elapsed time between your last succesful login and the 
next attempt is 8 hours. There's a connection timeout variable in MySql which
controls this value but can't remember exact name off the top off my head.

Anyway to sort it out try adding - autoReconnect=true to the connectionURL 
string in server.xml i.e.
connectionURL="jdbc:mysql://localhost/dbName?autoReconnect=true"

btw, if you are going to use JDBCRealms you should 
upgrade to tomcat 3.2.3 because there is a large security hole 
in previous versions. 

- andrew

On Fri, 31 Aug 2001, you wrote:
> Everyone:
> 
> I am seeing some odd behavior using mysql database and jdbc realms.  When I
> first start up jakarta-tomcat it allows me to authenticate in and navigate
> my protected web area.  I can even exit and relogin within a couple of
> minutes later.  
> 
> When I go away for the day and come back it does not allow me to relogin.  I
> use the exact same usernames and passwords that I have used before.  It
> seems to be losing the database connection name and connection password that
> I have set in the server.xml file.  Do I need to configure the web.xml file
> for jdbc connectivity.  At present I am using a form to gather to login data
> and passing it to the jdbc realm to login the user in.  Is this the correct
> way of doing things?
> 
> Please see below for my present configuration.  Thanks in advance for any
> help that you can render.
> 
> 
> Tam
> 
> 
> 
> Software
> 
> Redhat Linux 7.0 Kernel 2.4.0
> Mysql Version: mysql  Ver 11.15 Distrib 3.23.39, for pc-linux-gnu (i686)
> Jakarta-tomcat Version: 3.2.1
> Database Driver: mm.mysql 2.0.4
> 
> 
> -
> Successful Authentication
> -
> 2001-08-30 07:27:33 - ContextManager: JDBCRealm: JDBCRealm.roles: SELECT
> role_name FROM user_roles WHERE user_name = ?
> 
> 2001-08-30 07:27:33 - ContextManager: JDBCRealm: Auth ok, first role=tomcat
> 
> 2001-08-30 07:27:38 - ContextManager: JDBCRealm: Authentication successful
> for user tampham
> 
> 2001-08-30 07:27:38 - ContextManager: JDBCRealm: Auth ok, user=billybob
> 
> 
> 
> ---
> Unsucessful authentication 
> ---
> 2001-08-31 01:09:45 - ContextManager: JDBCRealm: The  database connection is
> null or was found to be closed. Trying to re-open it.
>  
> 2001-08-31 01:09:45 - ContextManager: JDBCRealm: There was an SQLException
> while in authenticate: null
> 
> 2001-08-31 01:09:45 - ContextManager: JDBCRealm: SQLException:
> java.sql.SQLException: Invalid authorization spec
> ification: Access denied for user: '[EMAIL PROTECTED]' (Using
> password: NO)
> --
> 
> 
> 
> ---
> Web.xml present config for authentication
> ---  
> 
> 
> FORM
> Example Form-Based Authentication
> 
> /jsp/login/login.jsp
> /jsp/login/error.jsp
> 
> 
> --
> 
> 
> 
> 
> server.xml present config for jdbc realm configuration
>  
>className="org.apache.tomcat.request.JDBCRealm"
>  debug="99"
>  driverName="org.gjt.mm.mysql.Driver"
>  connectionURL="jdbc:mysql://localhost/authority"
>  connectionName="mydatabaseuser"
>  connectionPassword="mydatabasepassword"
>  userTable="users" userNameCol="user_name" userCredCol="user_pass"
>  userRoleTable="user_roles" roleNameCol="role_name" />
> 
> 
> 
> Tam
-- 

Re: STARTUP FILE HANGS AFTER A WHILE..........Error = Starting Ajp12ConnectionHandler on 8007

[Andrew Robson]

Hi,
  Are you sure it is hanging? The message you quote is the 
perfectly normal and is the last message you get once tomcat 
has completed its initialisation (with a default config). The Ajp12
Connector is necessary to shutdown tomcat smoothly and can be used
to integrate tomcat with another webserver. It's not an error message; 
its telling you all the necessary services are now running.
 
Have you tried running servlets or jsp's? If so, what happens?
 
 - andrew

On Fri, 31 Aug 2001, you wrote:
> How to run tomcat ?
> I was earlier having out of environment space problem when i fixed that and
> am running startup file, it starts runningnow, shows CLASSPATH setting but
> after a while it hangs, what's the problem ?
> 
> Hangs and at message :
> 
> PoolTcpConnector : Starting Ajp12ConnectionHandler on 8007
-- 

Re: Has anyone used JDBC realms successfully yet?

[Andrew Robson]

On Mon, 27 Aug 2001, you wrote:
> Hello, I'm frustrated, trying to use JDBC realms. Can anyone help me here
> before I start wading trough the TOMCAT source-code?
> 
> Thanks for any help
--

Hi,
  I have this working and I'm sure a lot of other people do.
I'm guessing you've read the howto? If you post with a bit
more info about where you've got to, what problems you are 
having etc I'm sure people will be able to help. 
Relevant portions of server.xml, web.xml, the database
and driver you are using would be a start. Version 
of tomcat and whether you are integrating with another 
web server would also be of help.

- andrew

Re: Tomcat 3.3.2 with IIS

[Andrew Robson]

Hi,
  Have you looked at  TOMCAT_HOME/doc/tomcat-iis-howto.html ?

-andrew

On Mon, 27 Aug 2001, you wrote:
> Hi,
> 
> I am a new user with TomcatI need to establish a connector between IIS
> 4.0 and Tomcat 3.3.2 so that when IIS receive a JSP request, he'll send it
> to Tomcat...
> 
> The Tomcat WebBrowser on port 8080 is working but when I request a JSP page
> on port 80, Tomcat doesn't answer the request so I get This page cannot be
> displayed.
> 
> I'm sure this is a newbie question but if someone could help be I'll
> apreciate it.
> 
> Glenn Fullum
> IT Security Consultant
> Devicom Inc

RE: Pre-install question

[Andrew Robson]

Tomcat can also act as a http server. So it will handle
your html as well as JSP's and servlets. Apache is not 
required.
However many people choose to integrate the two so that
apache is managing the static content and Tomcat is managing
the dynamic content. There has been much recent discussion on 
the list about whether this is the best configurtion to go for. 
I don't intend to rehash all the arguments. Take a look at the archive
and decide what is best for you in the light of what you are
trying to do achieve with your applications.

http://www.mail-archive.com/tomcat-user@jakarta.apache.org/

I would suggest (particularly if you are just starting out with JSP's)
to do some development just with tomcat. Later on you can integrate 
with another webserver (Apache,IIS or whatever) or just stick with using
tomcat on its own. 

andrew

On Thu, 23 Aug 2001, you wrote:
> So if I only need to be able to run JSPs then all I
> need is Tomcat? It's its own webserver?
> 
> -Greg
> 
> --- "Rob S." <[EMAIL PROTECTED]> wrote:
> > Apache serves documents plain and simple.  You
> > request a file from the
> > server and it gives it back to you.  Of course,
> > there are lots of modules
> > written for Apache that enable it to do extra
> > things, this is just an
> > extreeemely high level description =)
> > 
> > Tomcat is a servlet container (an environment that
> > servlets run in) and a
> > jsp engine (process JSP requests).
> > 
> > Check out the introduction in the Tomcat 3.x guides
> > on integrating Apache
> > with Tomcat for more info...
> > 
> > - r
> > 
> > > -Original Message-
> > > From: Gregory Reddin [mailto:[EMAIL PROTECTED]]
> > > Sent: Wednesday, August 22, 2001 11:17 AM
> > > To: [EMAIL PROTECTED]
> > > Subject: Pre-install question
> > >
> > >
> > > I have a Windows 2000 Server that I would like to
> > be
> > > able to process JSP files with. I do not have IIS
> > > installed on this server.
> > >
> > > I am getting confused with the difference between
> > > Apache webserver and Tomcat. Do I need to download
> > and
> > > install Apache before using Tomcat?
> > >
> > > What would be the best to do?
> > >
> > > Thank you,
> > > -Gregory Reddin
> > >
> > > __
> > > Do You Yahoo!?
> > > Make international calls for as low as $.04/minute
> > with Yahoo! Messenger
> > > http://phonecard.yahoo.com/
> > 
> 
> 
> __
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
-- 

Re: Tomcat FORM Authentication and Apache

[Andrew Robson]

Hi,
  You need to add 
JkMount /secure/j_security_check ajp13 to httpd.conf
(or ajp12 if that is the connector you are using).

btw, this has been answered many times on the list. A search
of the archive at 
http://www.mail-archive.com/tomcat-user@jakarta.apache.org/
would have got you an answer in under a minute.
Don't mean to single you out Carlos. Just want to remind
everyone that a search of the archives before posting 
can often solve the problem quicker and may provide you
with more info than a single post will.

andrew  

On Thu, 16 Aug 2001, you wrote:
> Hi,
> I have a system based on win2k+Apache+Tomcat+MySQL.
> Now I have using Basic Authentication, all right.
> I would use FORM authentication, when I call a page like
> http://localhost:8080/secure/index.htm
> all right, bu if I call a page like http://localhost/secure/index.htm a
> message like this appear: "The requested URL /secure/j_security_check was
> not found on this server."
> Can I use Form authentication in Tomcat+Apache system?
> Thanks. Carlo Sorda.

Re: How to get userRole from Tomcat 3.2.3?

[Andrew Robson]

Why not use

HttpServletRequest 
boolean isUserInRole(java.lang.String role)

andrew


On Mon, 13 Aug 2001, you wrote:
> Hi,
> 
> I am using JDBCRealm and need a convenient way to get the userRoles of the
> user. GetRemoteUser is not the right way. In the source code of JDBCRealm I
> found a getuserRoles method - how can I use it in my own servlets? Calling
> jedbcRealm = new JDBCRealm() and then jdbcRealm.getuserRoles do not work,
> of course...
> 
> Best thanks in advance
> 
> Thomas W. Richter

Re: RH Linux 7.1 Java Error

[Andrew Robson]

Hi,
  Your problem is that 'cut' is in the wrong place. 
Copy it from wherever it is (/bin I think) into /usr/bin/
This will get rid of error message but you're not out of the 
woods yet. See the thread from yesterday about a missing
file - libstd++-libc6.1-1.so.2 I suspect you will get the 
same problem. I searched redhat to find the package this 
file belonged to and installed via rpm. Had to force it 
as believe it is a 'downgrade' of an existing package.
If you get this far you should rid yourself of any error
messages but you may well find that javac and java
just hang when you try to use them. At this point I 
gave up and switched to RH 7.0. I'm sure a couple of days
later I came across something on the web about a fix to 7.1 
to prevent the jvm hanging problem. But I can't remember where
or the details. Search the Redhat support forums would be a good place
to start. It may be something specific to  particular version of 
jdk which you will avoid because you have the latest (?). 

good luck
andrew

On Fri, 10 Aug 2001, you wrote:
> Hi all,
> I know this is perhaps not the most appropriate place
> to present this question as it is a purely java
> installation problem. But I hope you'll bare with
> me.Am getting an 'libjvm.so' error.
> 
> I am trying to install jdk1.3.0_02 on RH linux 7.1
> from the .rpm installation. 
> I've used the rpm -ivh  and even the
> GnomeRPM after login as root. The installation
> completes successfully, and I even query for errors
> using the GnomeRPM but shows me nothing.
> However when I run the java or the javac programs I
> get the following error.
> 
> --start
> #java somefile
> /usr/java/jdk1.3.0_02/bin/java: /usr/bin/cut: No such
> file or directory
> /usr/java/jdk1.3.0_02/bin/i386/native_threads/java:
> error while loading shared libraries: libjvm.so:
> cannot load shared object file: No such file or
> directory
> --end
> Indeed the /usr/bin/cut file doesn't exist.
> I can't try download the jdk1.3.1 (now downloadable as
> one single file) as I am on slow and unrealiable
> dial-up link.
> 
> Finally, I have the same jdk (jdk1.3.02) installed
> from the same .rpm file running flawlessly on a RedHat
> 6.2 system.
> 
> Thank you.
> Allan
> 
> __
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
-- 

RE: Servlet/ Database Conenction Persists Question

[Andrew Robson]

gt;   I don't believe my question pertains
> > > > specifically to
> > > > > Tomcat, so I was wondering whether or not any
> > of
> > > > you
> > > > > knew where there are list servers which deal
> > with
> > > > > servlets in general.
> > > > 
> > > > This mailing list is fine for general servlet
> > > > questions.  But this seems to
> > > > be a JDBC question,...
> > > > 
> > > > -- Bill
> > K. 
> > > > 
> > > > > -Original Message-
> > > > > From: A.L. [mailto:[EMAIL PROTECTED]]
> > > > > Sent: Tuesday, August 07, 2001 9:07 AM
> > > > > To: [EMAIL PROTECTED]
> > > > > Subject: Servlet/ Database Conenction Persists
> > > > Question
> > > > > 
> > > > > 
> > > > > I have developed a servlet web application
> > > > which
> > > > > connects to a database to retrieve
> > information.  I
> > > > > noticed that if within my servlet I destroy
> > the
> > > > > connection to the database there is no way to
> > > > > reconnect to the database .  In other words I
> > need
> > > > to
> > > > > keep my connection to the database at all
> > times
> > > > that
> > > > > tomcat is up.  My questions include:
> > > > > 
> > > > >  Is this correct that there is no way to
> > reconnect
> > > > to
> > > > > the database?  If this is not correct, how
> > does
> > > > one
> > > > > reconnect, and or reinitialize the servlet?
> > > > >  Is keeping the persistent connection to the
> > > > database
> > > > > a heavy burden on tomcat?  In other words, is
> > it
> > > > o.k.
> > > > > to design an application which never releases
> > its
> > > > > conenction to the database?
> > > > >  
> > > > > 
> > > > >   I don't believe my question pertains
> > > > specifically to
> > > > > Tomcat, so I was wondering whether or not any
> > of
> > > > you
> > > > > knew where there are list servers which deal
> > with
> > > > > servlets in general.
> > > > > 
> > > > >
> > __
> > > > > Do You Yahoo!?
> > > > > Make international calls for as low as
> > $.04/minute
> > > > with 
> > > > > Yahoo! Messenger
> > > > > http://phonecard.yahoo.com/
> > > > > 
> > > 
> > > 
> > > __
> > > Do You Yahoo!?
> > > Make international calls for as low as $.04/minute
> > with 
> > > Yahoo! Messenger
> > > http://phonecard.yahoo.com/
> > > 
> 
> 
> __
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
-- 

Andrew Robson 

tel: (0141) 424 0607
mobile: 07759 430234
email: [EMAIL PROTECTED]

RE: Servlet/ Database Conenction Persists Question

[Andrew Robson]

Hi,
  Are you creating the database connection in the servlets
init method and then closing it in doPost or doGet? This would 
explain your problem because the init mthod only gets called on
servlet start-up not on every request. Keeping the connection open for the
lifetime of the servlet would be reasonable performance-wise but not very fault
- tolerant. Creating and closing database connections on a per request basis is
liable to result in a serious performance hit as creating a database connection 
is typically an expensive operation  

For a robust and scaleable solution you probably want to look at database
connection pooling. Here a pool of database connections are created at start-up.
When your servlet needs to connect to the database it requests one of the
already created connections, uses it and then returns it to the pool. A 
decent implementation will balance (within set bounds) the number of database
connections available according to the needs of your application.
And if this sounds like a bit of work don't worry because some kind souls 
have already done it for you. Packages below are two commonly used 
implementations which are quite easy to integrate into your web app.

Poolman
http://www.codestudio.com/
DbConnectionBroker
http://www.javaexchange.com

Hope this helps

andrew

On Tue, 07 Aug 2001, you wrote:
> > I have developed a servlet web application which
> > connects to a database to retrieve information.  I
> > noticed that if within my servlet I destroy the
> > connection to the database there is no way to
> > reconnect to the database .
> 
> Maybe this is a JSP thing (I'm not too familiar with those), and JSPs have
> some weird JDBC cover methods.  But you _should_ be able to disconnect, by
> calling Connection.close(); and to reconnect, the same way you connected the
> first time.
> 
> Why can't you reconnect?  Are you getting an exception from
> DriverManager.getConnection()?
> 
> >  Is keeping the persistent connection to the database
> > a heavy burden on tomcat?
> 
> Persistent connections aren't a burden on Tomcat, but might be on your
> database, especially if the modifications aren't committed immediately.  You
> should always try to close connections (and other resources) if you don't
> think you'll be using it again in a few seconds.
> 
> >   I don't believe my question pertains specifically to
> > Tomcat, so I was wondering whether or not any of you
> > knew where there are list servers which deal with
> > servlets in general.
> 
> This mailing list is fine for general servlet questions.  But this seems to
> be a JDBC question,...
> 
> -- Bill K. 
> 
> > -Original Message-
> > From: A.L. [mailto:[EMAIL PROTECTED]]
> > Sent: Tuesday, August 07, 2001 9:07 AM
> > To: [EMAIL PROTECTED]
> > Subject: Servlet/ Database Conenction Persists Question
> > 
> > 
> > I have developed a servlet web application which
> > connects to a database to retrieve information.  I
> > noticed that if within my servlet I destroy the
> > connection to the database there is no way to
> > reconnect to the database .  In other words I need to
> > keep my connection to the database at all times that
> > tomcat is up.  My questions include:
> > 
> >  Is this correct that there is no way to reconnect to
> > the database?  If this is not correct, how does one
> > reconnect, and or reinitialize the servlet?
> >  Is keeping the persistent connection to the database
> > a heavy burden on tomcat?  In other words, is it o.k.
> > to design an application which never releases its
> > conenction to the database?
> >  
> > 
> >   I don't believe my question pertains specifically to
> > Tomcat, so I was wondering whether or not any of you
> > knew where there are list servers which deal with
> > servlets in general.
> > 
> > __
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute with 
> > Yahoo! Messenger
> > http://phonecard.yahoo.com/
> >

Re: CPU going to 100%

[Andrew Robson]

Hi,
  Following is taken from the readme for 3.2 and is probably
what the person was referring to 

"6.11 Misconfiguration Can Cause CPU-Bound Loop
 
If you misconfigure Tomcat 3.2 in a way that there is no valid context to
handle a request (such as removing the root context and then attempting a
request that should be handled by that context), Tomcat will enter a CPU-bound
loop instead of responding with a 404 error.
 
Workaround:  kill the offending Tomcat process and correct your server.xml
file such that there is a properly configured root context."

Haven't checked whether this is still an issue for 3.2.3 but at least you 
know now where this advice is coming from even if it doesn't help ;-)

andrew

On Fri, 03 Aug 2001, you wrote:
> I know there have been some discussion a few weeks ago.  That is when I
> was just getting started with tomcat.  A person refered to the a section
> in the readme file 6.11.  My readme file 6.11 deals with SSL and APJ12?
> 
> My problem is that 100% of my cpu is taken up after tomcat has been
> running for a while.
> 
> tomcat v3.2.3
> iis
> nt4
> 
> If the answer should be in the documentation please point me in the
> right direction, but it is not in the readme file under 6.11
> 
> Thanks.
> 
> Joe
-- 

Re: .htm problem

[Andrew Robson]

On Mon, 30 Jul 2001, you wrote:
> 
> I have a web site to which a lot of cross-links have been built up over time.  
>Inevitably the links are to pages with names like index.htm.  I would like to change 
>these to jsp pages, but of course I can't change the name without breaking the link 
>(and losing traffic).  
> 
> Any ideas how I can put jsp functionality on a jsp page (I already have Tomcat 
>serving out the .htm pages and I have tried simply using an htm page like a jsp page, 
>but it doesn't work)?
> 
> Many thanks for any help.
> 
> Mark
> 

Mark,
  All I can suggest is the obvious. Write a program to do a global search and
replace (if you are on Linux a little sed script should do the trick). Put in
your index.jsp, run your program to change all references in your html from 
index.htm to index.jsp, test your links and then archive your index.htm page. 

andrew

Re: Apache cannot connect to Tomcat

[Andrew Robson]

Hang on Jeff this isn't correct is it? mod_jk can support either the ajp12 
or ajp13 protocol so adding the ajp13 connector to server.xml isn't likely
to help. 
I'm afraid I can't help with the jsp side of things as I only ever 
write servlets. Might be interesting to see if you can get a servlet
to work to see if JSP issue. 

andrew 

On Sun, 29 Jul 2001, you wrote:
> If you're using mod_jk, you have to add the connector to your server.xml
> file. I'm not sure why you *haven't* done that. Apache and Tomcat won't be
> able to communicate without it. So, I would suggest starting there.
> 
> --jeff
> 
> - Original Message -
> From: "Kelly E. Grooms" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Saturday, July 28, 2001 2:50 PM
> Subject: Apache cannot connect to Tomcat
> 
> 
> > Hello,
> >
> > I've scoured the web and all the Tomcat lists that I can find and still
> > cannot solve this error.  Everything works fine through port 8080 as
> > stand-alone, but when I try accessing Tomcat through Apache the page times
> > out with no output from the JSP.  Afterward my mod_jk.log file contains:
> >
> > [jk_connect.c (143)]: jk_open_socket, connect() failed errno = 110
> > [jk_ajp12_worker.c (152)]: In jk_endpoint_t::service, Error sd = -1
> >
> > I compiled mod_jk.so myself.  I've added mod_jk.conf-auto to my httpd.conf
> > file.  I altered workers.properties to reflect my JAVA_HOME, TOMCAT_HOME
> and
> > file separator ("/").  I have _not_ added the connector for ajp13 to my
> > server.xml file.
> >
> > Here is my configuration:
> >
> > Mandrake Linux 8.0
> > Apache 1.3.19
> > Java 1.3.1 (from Sun)
> > Tomcat 3.2.3
> >
> > I've installed older versions of Tomcat on other configurations in the
> past
> > and did not have this much trouble.  I'm beginning to feel very
> discouraged.
> > Can anyone help?  Thanks.
> >
> > Kelly E. Grooms
> > [EMAIL PROTECTED]
> >
-- 

Andrew Robson 

tel: (0141) 424 0607
mobile: 07759 430234
email: [EMAIL PROTECTED]

Re: HTML in Messages and politeness

[Andrew Robson]

[X] +1 -> Plain Text only. Strip HTML on the mailing list.

Otherwise you start to exclude people who don't use html 
enabled mail client. 

Also it seems to me if you are going to post to a list you
should read the guidelines first which explicity say not to 
post HTML or "Stylelized" emails. I don't understand quite why 
Emir is getting such stick for pointing this out particularly as
the question was completely off-topic and he was offering 
to help if the person just stuck to the guidelines.

andrew

Re: Problems with authentication

[Andrew Robson]

Hi,
  If you get it to work in tomcat standalone (have you
tried that?) then you need to add 
JkMount /examples/jsp/security/login/j_security_check ajp13
(or ajp12 if that's the connector you are using)
to httpd.conf to get it to work with apache. 
Otherwise apache won't know to delegate the handling of
this url to tomcat.

andrew

On Thu, 26 Jul 2001, you wrote:
> Thank you! this will help me understand how it works
> with j_security_check, j_username and j_password
> better.
> But i still have the problem that the authorization
> doesn't work with apcach + tomcat.
> I've read that other people that have the problem have
> got it to work on tomcat standalone server!?
> 
> 
>  --- Joseph D Toussaint <[EMAIL PROTECTED]>
> wrote: > It's my understanding that j_security_check,
> > j_username and j_password
> > are all used with form based authentication
> > (specified in th web.xml).
> > The idea is that you create a 'custom login screen'
> > and name you user
> > field j_username and your password j_password.  Then
> > the action for that
> > form is j_security_check.
> > 
> > Thats about the extent of my knowledge, for more
> > information I'd look at
> > the Servlet 2.3 spec.  Thats where I found the stuff
> > mentioned above.
> > 
> > 
> > hope it helps
> > 
> > 
> > joe
> > 
> > 
> > On 26 Jul 2001 15:15:08 +0200, Mattias Karlsvaerd
> > wrote:
> > > Hello!
> > > 
> > > I've have problems with getting the authorization
> > to
> > > work in tomcat 3.2.2 and Apache 1.3.19. I have
> > tried
> > > to the example comes with tomcat. I get the login
> > > page, but when I've typed the username and
> > password I
> > > get the following error:
> > > The requested URL
> > > /examples/jsp/security/login/j_security_check was
> > not
> > > found on this server.
> > > 
> > > I've searched on the web and found out that other
> > > people have had the same problem. Is there a
> > solution
> > > to this problem.
> > > What I understand j_security_check, j_username and
> > > j_password is some kind of implicit variables. Is
> > > there any document where this specified.
> > > 
> > > I use linux Redhat 7.1 and IBM's java2 1.3
> > > I would be thankful for any help
> > > 
> > > =
> > > /Mattias Karlsvärd
> > > 
> > >
> >
> _
> > > Do You Yahoo!?
> > > [EMAIL PROTECTED] - skaffa en gratis mailadress
> > på http://mail.yahoo.se
> > 
> > 
> > 
> > -- 
> > ##
> > # Joseph Toussaint   #
> > # Caribou Lake Software  #
> > # http://www.cariboulake.com #
> > # [EMAIL PROTECTED]   #
> > # 952-837-98029  #
> > ##
> >  
> 
> =
> /Mattias Karlsvärd
> 
> _
> Do You Yahoo!?
> [EMAIL PROTECTED] - skaffa en gratis mailadress på http://mail.yahoo.se
-- 

Re: request for suggestions on how to secure a web application....

[Andrew Robson]

Hi Peter,
  Have you looked at Realms? This allows you to specify a set of resources
(html, jsp, servlets etc) to be protected in your web.xml file. Any
unauthorised access attempt to these files will automatically throw up 
a login form. Means you don't have to code in protection to each page.
You can authorise your users against a text file (SimpleRealm) or a
database (JDBCRealm). There is an example in the examples directory.
Check out the web.xml file in there and also look for Realm in server.xml
If you want to use a database look at TOMCAT_HOME/doc/JDBCRealm.howto

If you like the look of Realms I'm afraid you will have to upgrade to 3.2.3 
as earlier versions have a rather large security vulnerability.

andrew

  On Wed,
25 Jul 2001, you wrote: > I'm not sure whether it'll work for you but you can
assert current session on  > each jsp page that you want to protect  (assuming
you store user login info in  > the session) and throw an exception in case the
object is not found in the  > session, then the exception can be caught by an
error jsp page.  > 
> hth
> 
>   - Boris
> 
> 
> >
> >This posting is a request for suggestions on how best to 
> >secure a web application.
> >
> >First my setup:
> >
> >NT 4.0
> >Apache 1.3.12
> >Tomcat 3.2.1 (running behind Apache)
> >servlets 
> >jsp pages
> >static html pages
> >jdk1.3
> >
> >
> >Web-app directory structure:
> >
> >webapps/my_context/
> >/jsp/jsp_pages
> >/web-inf/classes/my_servlets
> >/web-inf/classes/beans/my_java_beans
> >
> >My static html files reside under the apache 
> >document root.
> >
> >For servlet access I am using session cookies, as specified in
> >the Java Servlet Spec, to authorize users. This works very 
> >well for my purposes.
> >
> >My concern is protecting sensitive jsp and static
> >html pages.
> >
> >How do I stop an unauthorized user from accessing a 
> >jsp or html resource directly?  ie: a back-door attack.  
> >
> >For example, I am protecting my site with a login page, 
> >but if a user simply sidesteps the login and types
> >
> >http://my_domain/my_context/jsp/any_jsp_page
> >
> >into his browser, he will get access to any jsp page 
> >that resides in the specified context. 
> >
> >I have experimented with some different approaches:
> >
> >1.  hide the jsp directory directly under the /web-inf 
> >directory and let Tomcat restrict access.
> >
> >So I would have:
> >
> >/web-inf/classes/servlets
> >/web-inf/jsp/jsp_pages
> >
> >Then provide access to jsp pages only through a 
> >verification servlet, which can verify the user and
> >then forward the request to the correct resource. 
> >
> >However, this is causing problems when I utilize a 
> >RequestDispatcher(path).forward(req, res)  or 
> >RequestDispatcher(path).include(req, res) 
> >instruction.
> >
> >The path needs to start with a "/" and be relative to 
> >the context root, per the Java Servlet API docs, which makes 
> >it impossible(?) to provide a correct path, since my 
> >verification servlet, and hence the execution thread, 
> >is in /web-inf/classes. When I issue the forward or inlude, 
> >I need to provide a path that looks something like:
> >
> >/../jsp/jsp_page 
> >
> >which is correctly making the JVM puke.
> >
> >
> >2. Utilize the apache rewrite module and have apache
> >rewrite all requests for http://my_domain/my_context/jsp/*.jsp
> >to my verification servlet. The verification servlet can then
> >do its thing and forward valid requests to the appropriate 
> >request. 
> >
> >A hornet's nest of complexity here! and my nose tells
> >me this is the wrong path to take.
> >
> >
> >3. Thought a lot about utilizing the Tomcat API.
> >
> >ie: RequestInterceptor, Virtual Host, Valves etc.
> >
> >I found rudimentary information about what these
> >constructs are, but very little on how to use them.
> >
> >So, I am kinda stumped :-(
> >
> >I guess the next step would be to explore Basic or
> >Digest Authorization, but I was hoping there would be
> >a simpler way, that uses the power of servlets
> >
> >I would greatly welcome any and all suggestions
> >
> >Thank you, and keep up the great work.
> >The Tomcat effort rocks!
> >
> >Peter
> >
> >
> >BTW, I anticipate that the Tomcat docs will improve greatly 
> >in the future, and I was greatly encouraged to see the 
> >effort being put into making a book, and the template forming
> >around v4.0
> >
> >I would like to suggest a section on real world examples, 
> >using and programming the Tomcat API and the xml config 
> >files, like server.xml. 
> >
> >For an example of what I mean, the documentation 
> >for the Apache mod_rewrite, written by Ralf S. Engelschall, 
> >has a section on practical solutions. 
> >
> >http://httpd.apache.org/docs/mod/mod_rewrite.html
> >
> >That's kinda what I mean.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >
-- 

Re: Need workaround for Tomcat security.

[Andrew Robson]

Jeff,
   TC 3.2.1 on linux. 
   Apache and mod_jk
It seems to me (without having had a chance to check)
that this must be a misconfig at the apache  
and apache/tomcat end of things rather than a tomcat bug as such.

Any thoughts? It would be a pretty big hole if it was a genuine
bug.

andrew
  
On Mon, 16 Jul 2001, you wrote:
> Andrew,
> 
> What version of Tomcat did this affect Form-based authentication on? I tried
> the URL patterns mentioned on my Form-based Realm, and the Realm worked
> correctly -- no security problems. I'm using TC 3.2.2 on Linux.
> 
> Thanks,
> --jeff
> 
> ----- Original Message -
> From: "Andrew Robson" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 16, 2001 7:29 AM
> Subject: Re: Need workaround for Tomcat security.
> 
> 
> > Hi,
> >   No workaround I'm afraid. I can confirm that the problem
> > affects form - based JDBCRealm as well. Tried putting
> > */admin/* into url pattern and broke security completely.
> > I wonder whether a JkMount directive with approriately
> > placed wildcards might work but haven't had time to try.
> > I'd be very interested if you find a solution.
> > Presumably no-one on the list has one?
> >
> > andrew
> >
> > On Sun, 15 Jul 2001, you wrote:
> > > Ok, i needed to put some security constraints to a dircetory, so I added
> this
> > > to my web.xml:
> > >  
> > >   UQoS Amin Area
> > >   
> > >  UQoS Amin Area
> > >/admin/*
> > >   
> > > I use BASIC authentication using the memory realm.
> > > Works like it supposed to when someone goes to my
> http://xxx/webapp/Admin/ or
> > > something below, HOWEVER, if they type http://xxx/webapp//Admin/ (or
> even
> > > more slashes), all security checkings are bypassed, anyone arr let right
> in !
> > > (same things happens always, try it with the 'security' example shipped
> with
> > > Tomcat.
> > > Sever bug!, I have posted it to BugZilla. This applies to atleast Tomcat
> > > 3.2.1 and 3.2.2.
> > > And I need it fixedas soon as possible. Does anyone know a workaround to
> > > thisone.(I'd rather not upgrade to Tomcat 4 yet,seems like its fixed
> here.)
> > > --
> > > Nils O. Selåsdal
> > --
> >
> > Andrew Robson
> >
> >
> >
-- 

Re: Need workaround for Tomcat security.

[Andrew Robson]

Hi,
  No workaround I'm afraid. I can confirm that the problem
affects form - based JDBCRealm as well. Tried putting
*/admin/* into url pattern and broke security completely.
I wonder whether a JkMount directive with approriately
placed wildcards might work but haven't had time to try.
I'd be very interested if you find a solution. 
Presumably no-one on the list has one?

andrew 

On Sun, 15 Jul 2001, you wrote:
> Ok, i needed to put some security constraints to a dircetory, so I added this 
> to my web.xml:
>  
>   UQoS Amin Area
>   
>  UQoS Amin Area
>/admin/*
>   
> I use BASIC authentication using the memory realm.
> Works like it supposed to when someone goes to my http://xxx/webapp/Admin/ or 
> something below, HOWEVER, if they type http://xxx/webapp//Admin/ (or even 
> more slashes), all security checkings are bypassed, anyone arr let right in !
> (same things happens always, try it with the 'security' example shipped with 
> Tomcat.
> Sever bug!, I have posted it to BugZilla. This applies to atleast Tomcat 
> 3.2.1 and 3.2.2. 
> And I need it fixedas soon as possible. Does anyone know a workaround to 
> thisone.(I'd rather not upgrade to Tomcat 4 yet,seems like its fixed here.)
> -- 
> Nils O. Selåsdal
-- 

Andrew Robson 

Re: java-linux-tomcat configuration problem

[Andrew Robson]

What linux distribution do you have? Redhat 7.1?
andrew

On Wed, 11 Jul 2001, you wrote:
> I installed jdk 1.3.1 on my linux box to support tomcat, and set the PATH 
> variable accordingly.  However, now the instances of my server don't start 
> up and java hangs.  (The TOP command shows that java is consuming 97% of my 
> CPU!!!).  Has anybody seen this behaviour before?  If so, what is the 
> remedy?
> 
> Thanks!
> Dan
> _
> Get your FREE download of MSN Explorer at http://explorer.msn.com
-- 
=======
Andrew Robson 
2/1 
723 Pollokshaws Road
Glasgow G41 2AA
 
Tel: (0141) 424 0607
Mobile:  07759 430234 

Re: List traffic et al

[Andrew Robson]

Hi,
  I've been on the list about eight months and I'm not sure 
I agree that splitting it will alleviate the volume problem.
I'm rather afraid that I would end up subscribed to 2 or 3 
high volume lists rather than one. I imagine that we would
see a lot of multiple posts across the lists.

Previous suggestions for how the list could be split seem to me to fall into 
three categories
1) By platform
2) By competence (i.e. newbie list, advanced user list)
3) By category of problem

Splitting the list on basis of platform strikes me as little perverse
for a java based technology. However I recognise there are
substantive issues because different platform = different web server.
And I guess it would mean no more 'out of environment space'
and 'how do i run tomcat as a service' posts but I already manage to filter
most of these out anyway. My main concern would be that I'd be effectively
cutting off a valuable section of the tomcat community. Whose to say
the person capable and willing to solve my problem isn't running NT?
And conversly why should i only post solutions to people who happen
to be running the same OS as me?

Problem with dividing on competence is that it is not clear how attractive
a newbie list would be. Would people subscribe to a list made up of
people  who by definition are unlikely to know the answer to your question?
Also aren't we trying to foster a strong community of tomcat/servlet
developers. We would hardly be doing that by cutting newbies off 
from the 'experts'. After all what is going to happen? Newbies will post 
to their list, wait , not get an answer and repost to the advanced users
list. Not a very encouraging introduction to tomcat.

Dividing by category of problem seems to me the suggestion with the 
most merit. However here again I'm not convinced. I just think it would be 
incredibly difficult to get the right categories. Problems by their nature 
tend to cut across such neat boundaries. And half the time you don't 
know what category your problem fits into; that's why you have a problem.
Suppose I'm trying to set up SSL. Potentially this is going to fall into 
all three of the categories that Sam has suggested. So again I think 
we are going to get multiple redundant posts and I think we completly
cloud the issue of where to look for help.  

So what is to be done. It seems to me that good documentation projects
(such as the tomcat book at sourceforge) offer the best hope for cutting
the volume on this list. I know there is a big problem people posting 
problems which have been dealt with many, many times (sometimes
in the same day!). I just don't know what  you do about it other than 
regular reminders to check the archives before posting. And it is fairly
clear that doesn't work.

Last point: This list has saved my bacon a couple of times in the last 
eight months. As irritating as the high volume can be I think it is 
still very valuable in its current form.

andrew

 

On Fri, 06 Jul 2001, you wrote:
> I'm not sure that I agree with the idea that I have to wade through all
> these messages "for the good of the list". As I said, I have no experience
> with Tomcat on Windows, so I'm not interested in Windows specific issues nor
> can I help to solve them. Splitting along platform lines should retain a
> relatively good mix of newbies and experienced developers in each list, so I
> don't see the problem you are pointing out.
> 
> In any event, even if the list is split on basic vs. advanced topics,
> advanced users who wanted to help the community could subscribe to all
> lists. I don't think it's necessarily "bad" to want to subscribe only to the
> lists you feel you can learn from. I've been lurking and posting for about 9
> months now and it seems that the same basic group of people answer a
> majority of the questions. I used to answer a lot more than I do now, but
> I'll admit that I get pretty frustrated answering the same questions over
> and over when I know the answers can be easily found in the archive. Is it
> selfish or bad of me to skip over questions I used to answer, or should more
> responsibility be placed on the person asking the question? (rhetorical,
> because there's no way to control whether or not people actually search the
> archives before posting...)
> 
> A digest version is already available for this list.
> 
> --jeff
> 
> > From: Dmitri Colebatch <[EMAIL PROTECTED]>
> > Reply-To: [EMAIL PROTECTED]
> > Date: Fri, 6 Jul 2001 16:03:14 +1000
> > To: [EMAIL PROTECTED], Jeff Kilbride <[EMAIL PROTECTED]>
> > Subject: Re: List traffic et al
> > 
> > I think the big problem with splitting the list is that everyone is going to
> > be interested in their own little niche.  I for instance learn nothing by
> > answering many questions that I answer, but I do learn things from reading
> > other answers.  If the list was split, I would (potentially) have the option
> > to only see the messages that I would learn from.  This disadvantages other
> > people on t

RE: Re: JDBC Realm

[Andrew Robson]

Below is good advice. If the login page does not
come up (btw, what happens does it just take you 
direct to the protected resource?) the first place I would
look is the tomcat config files. So basically I would 
double-check server.xml and the web-xml for your app.
If you are sure they are correct and you still have a problem
you might want to try posting the relevant sections to the list. 

If you do get JDBCRealm working with tomcat standalone then
to integrate with apache you need to add

JkMount /examples/jsp/security/login/j_security_check ajp13  
(or ajp12 if using mod_jserv) to httpd.conf to tell apache
to delegate the handling of this bit of magic to tomcat.

andrew
 
On Wed, 13 Jun 2001, you wrote:
> > Mark, I appreciate your help.   I have tried 
> > to adapt the examples and I believe I have everything 
> > in place.  However, apache just wont bring the login 
> > form when I try to access a protected resource. 
> > Would you have any idea where to look at for this problem?  
> 
> You might want to check and see if you can get a
> JDBCRealm to work with tomcat standalone(i.e. accessing
> you site as http://localhost:8080/... directly).
> If this doesn't work get this working first and
> that's a good place to start from.  Once you have
> JDBCRealm working correctly then you can deal with
> making sure it works when passed through apache.
> 
> 
> ---
> Michael Wentzel
> Software Developer
> Software As We Think - http://www.aswethink.com
-- 

Re: form-based authentication tomcat->apache

[Andrew Robson]

Try putting
JkMount  /examples/jsp/security/login/j_security_check ajp13
into httpd.conf

andrew

On Sun, 27 May 2001, you wrote:
> Hi everyone,
> 
> Has anyone been able to get the form-based authentication example to work
> with tomcat? I can get it to work if I connect to tomcat's own http-server
> on port 8080
> but when I connect to the same example via apache (via mod_jk to tomcat)
> after I log in I get
> http://localhost/examples/jsp/security/login/j_security_check
> 
> with a message saying "the page cannot be found".
> Is this a known bug in tomcat? Is there some subtle configuration thing
> I've missed?
> 
> -Mike Jennings
> 
> __
> Mike Jennings
> Southgate  Software Ltd.
> 250-382-6851 (ph)
> 250-382-6800 (fax)
> [EMAIL PROTECTED]
-

Re: java.lang.IllegalStateException

[Andrew Robson]

Hi Chad,
  Yes. I think more or less any time I write to WEB-INF/classes 
without re-starting tomcat I get exact same error.  
I have the same set-up but also had the same problem tomcat 3.2 and redhat 6.2

andrew

On Wed, 16 May 2001, you wrote:
> tomcat 3.2.1
> redhat 7
> 
> every now and then, we get the following error. it seems to only happen 
> when we are compiling new classes a lot during development. if we are 
> not developing, but rather, just using our application, we never get 
> this error.
> 
> has anyone seen this before?
> 
> 
> 
> Error: 500
> Location: /MQ100/servlet/MQ100Generator
> Internal Servlet Error:
> 
> java.lang.IllegalStateException: Can't happen - classname is null, who 
> added
> this ?
>   at
> org.apache.tomcat.core.ServletWrapper.loadServlet(ServletWrapper.java:261)
>   at org.apache.tomcat.core.ServletWrapper.init(ServletWrapper.java:289)
>   at org.apache.tomcat.core.Handler.service(Handler.java:254)
>   at 
> org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
>   at
> org.apache.tomcat.core.ContextManager.handleStatus(ContextManager.java:1049)
>   at
> org.apache.tomcat.facade.HttpServletResponseFacade.sendError
> (HttpServletResp
> onseFacade.java:216)
>   at
> org.apache.tomcat.facade.HttpServletResponseFacade.sendRedirect
> (HttpServletR
> esponseFacade.java:230)
>   at Admin.Redirect(Admin.java:46)
>   at AddScoreCard.SelectAddScoreCard(AddScoreCard.java:143)
>   at MQ100Generator.doGet(MQ100Generator.java:287)
>   at MQ100Generator.doPost(MQ100Generator.java:389)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
>   at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
>   at 
> org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404)
>   at org.apache.tomcat.core.Handler.service(Handler.java:286)
>   at 
> org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
>   at
> org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:
> 79
> 7)
>   at 
> org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
>   at
> org.apache.tomcat.service.http.HttpConnectionHandler.processConnection
> (HttpC
> onnectionHandler.java:210)
>   at
> org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
>   at
> org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498)
>   at java.lang.Thread.run(Thread.java:484)
-- 
===
Andrew Robson 
2/1 
723 Pollockshaws Road
Glasgow G41 2AA
 
Tel: (0141) 424 0607
Mobile:  07759 430234 

Re: where is j_security_check?

[Andrew Robson]

hi,
  Couple of possibilities.
1) You are trying to go directly to the login form rather than having it 
thrown up automatically when you try to access a protected resource
2) You are running apache which doesn't know to pass the handling
of j_security_check to tomact. If so add following line to httpd.conf
JkMount /examples/jsp/security/login/j_security_check ajp12 
(or I think ajp13 if you are using mod_jk)

hope this helps
andrew


On Thu, 10 May 2001, you wrote:
> Hi all,
> 
> I'm trying to set up form-based authentication on Tomcat 3.2.1. I've been trying out 
>the example that comes with tomcat but when I
> submit the login-form I received a 404 stating that j_security_check can not be 
>found.
> 
> I know enough by now to realize that there isn't really a j_security_check servlet 
>and that I probably have a configuration problem,
> but I'm completely in the dark as to what I need to do to fix it.
> 
> Anyone?
> 
> thanx,
> 
> Dante
-- 

Re: JDBC Realm problem

[Andrew Robson]

Hi Jeff,
  I had exactly the same problem (with mm 2.0.2) and only
solved it by customisng JDBCRealm to use database 
connection pooling. A bit heavy handed but might be 
a lot easier than trying to track potential driver problem if time is 
an issue. I have also seen a suggestinon on the list that adding
autoreconnect=true to the database connection string solves 
the problem but I haven't tried it myself.

andrew

On Mon, 23 Apr 2001, you wrote:
> Hi Ignacio,
> 
> Thanks for the quick response! First, my apologies for the HTML format. I
> didn't realize I hadn't changed this machine...
> 
> I'll try the 3.2.2 branch and see what happens. Any word on a final release
> for 3.2.2?
> 
> I'm using the 2.0.4 drivers for MySQL, which seem to be the latest. Can you
> be more specific on why this relates to the driver? If so, I'll take a look
> at the driver code and see if I can locate the problem or recommend a
> solution to the mm.mysql developer.
> 
> On another note, I've seen discussions saying the mod_jk implementation in
> the 3.3 branch is implemented/optimized better than the mod_jk in 3.2.*. Do
> you recommend using the 3.3 mod_jk?
> 
> Thanks,
> --jeff
> 
> - Original Message -
> From: "Ignacio J. Ortega" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, April 23, 2001 3:31 PM
> Subject: RE: JDBC Realm problem
> 
> 
> > Hola Jeff:
> >
> > Some people has reported problems that lookclose to yours..no solutions
> > ... please test against latest code on CVS for 3.2 branch...3.3 code (m2
> > is known to be broken in auth ...get it from CVS until m3 arrives..)..
> > or 4.0 Beta2...to give that problem another shake.. in different
> > flavours of tomcat..to se if that makes a difference ( i dont believe
> > that's wil be true but who knows ..)
> >
> > For me until now...with one more code review done after reading your
> > message...this problem relates to the MySql JDBC Driver...so change you
> > Driver jar version to see if that makes a difference..
> >
> > Sorry for trying to augment your problems ... not solve them..:)))
> >
> > TIA.
> >
> > ( Please do not use HTML mail makes hard to chat, thanks)
> >
> > Saludos ,
> > Ignacio J. Ortega
-- 

Re: timeout on form based security

[Andrew Robson]

Hi,
  One possibility: you can set a sesson timout value in the web.xml  for your
application


  
30
  

Don't know what default is if you don't

andrew 

On Wed, 28 Mar 2001, you wrote:
> dear colleagues,
> i have noted that, when using form based security (tomcat 3.2.1), a kind of 
>expiration is on: if i connect to a secured page (actually a servlet) and stay 
>inactive for a while (not sure about the lapse) when i reload the page or try to 
>connect to another resource, i have to re insert username and password.
> am i right? which parameter have i to change to prevent tomcat to do this?
> thanks,
> simone

Re: Login Servlet

[Andrew Robson]

Hi,

Tomcat has authentication via database built in which means you should be
able to accomplish everything without need to write any code.
Read http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto 
Look at server.xml for the examples of setting up a JDBCRealm with various
databases. Look in the web.xml in the examples/WEB-INF dir for an example of
setting up a login form and set of protected resources. 

Note the (very good) model that tomcat uses is 
1) Allow you to define a set of protected resources (html, servlets whatever)
2) when your user attempts to access one of those resources they get redirected
to your login form
3) Succesful login - they get sent to the original page they requested
4) Unsuccessful login - they get sent to your error page.

A common mistake in using JDBCRealm is to provide a link to your login form
rather than have it invoked automatically when they try to access a protected 
resource. This won't work - on posting from the login page you'll get 
a 404. 

Let me know if you need any help with any of this

andrew
 
ps I'm surprised "boolean found = rs.next()" works if result set is empty.
I'd kind of expect a null pointer exception. I always do
if (rs != null && rs.next()) {
  // assign something
}
if i'm expecting a single row.


>Does anyone know where I could find code for a login servlet using JDBC.
>I have a login tested, it checks the database and it outputs whether the 
>username and password are correct to the jsp page, but I need to use a 
>servlet for redirecting the user.
>Here is the code i have for the login procedure
>
>public void applyChanges() throws Exception
>{
>  Statement statement = connection.createStatement();
>  try{
> ResultSet rs = statement.executeQuery("SELECT * from Registration 
>WHERE (Username ='"
>   + theUsername
>   + "' AND Password = '"
>   + thePassword + "');");
>
> boolean found = rs.next();
> System.out.println(found);
> rs.close();
> statement.close();
>
> if(found == true)
> {
>
> System.out.println("THAT IS THE CORRECT USERNAME AN PASSWORD!!");
> //request.setAttribute ("servletName", "servletToJsp");
> rs.close();
> statement.close();
> //response.sendRedirect ("/login.jsp");
> }
> else
> {
> System.out.println("YOU ARE NOT IN OUR DB :-(");
> rs.close();
> statement.close();
> }
> }
> catch (Exception e)
> {
>
> }
>
>}
>}
>
>ANY help at all would be much appreciated. Thanks in advance, Mick
>_
>Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
>
>
>

Re: ODP: JDBCRealm reconnect problems?

[Andrew Robson]

Hi,
  I've had this as well. Solved it by customising JDBCRealm to use database
connection pooling - perhaps a little heavy handed ;-). 
As far as I could make out the problem seemed to be related to the wait_timout
variable set to 28800 by default. According to earlier posts 
1) This bug is fixed in 3.2.2. , 3.3 and 4.0
2) Can also be solved by adding ;autoreconnect=true to the db connect string
  (haven't tried this myself)

Andrew

On Mon, 19 Mar 2001, you wrote:
> i had a similar problem and solved it by changing connectionURL to:
> connectionURL="jdbc:mysql://localhost/dbase?user=somebody&password=secre
> t"
> and commenting connectionName and Password.
> 
> vVolf
> 
> 
> > -Oryginalna wiadomooeæ-
> > Od: Vladimir Grishchenko [mailto:[EMAIL PROTECTED]]
> > Wys³ano: 16 marca 2001 20:45
> > Do: [EMAIL PROTECTED]
> > Temat: JDBCRealm reconnect problems?
> > 
> > 
> > Has anyone experienced JDBCReconnect problems???
> > Looks like mysql db connection times out and JDBCRealm cannot
> > reopen it for some reason. 
> > Actually it tries to reopen it and somehow is able to authenticate
> > a user, but then dies completely...
> > Any ideas what can be wrong?
> > 
> > This is the error/exceptions from tomcat log file:
> > 
> > 
> > 2001-03-16 11:20:33 - ContextManager: JDBCRealm: The database 
> > connection is null or was
> > found to be closed. Trying to re-open it.
> > 2001-03-16 11:20:33 - ContextManager: JDBCRealm: There was an 
> > SQLException while in
> > authenticate: null
> > 2001-03-16 11:20:33 - ContextManager: JDBCRealm: 
> > SQLException: java.sql.SQLException:
> > Error during query: Unexpected Exception: 
> > java.sql.SQLException message given:
> > Communication link failure: java.io.IOException
> > 2001-03-16 11:20:38 - ContextManager: JDBCRealm: The database 
> > connection is null or was
> > found to be closed. Trying to re-open it.
> > 2001-03-16 11:20:38 - ContextManager: JDBCRealm: 
> > JDBCRealm.authenticate: SELECT password
> > FROM profiles WHERE username = ?
> > 2001-03-16 11:20:38 - ContextManager: JDBCRealm: 
> > Authentication unsuccessful for user null
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: 
> > Authentication successful for user Walter
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: Auth ok, user=Walter
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: Controled 
> > access for Walter R( /ngs_web +
> > /entering/buttons.jsp + null) Ct 
> > (jsp(org.apache.jasper.servlet.JspServlet/null) )
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: There was an 
> > SQLException while in
> > getUserRoles: Walter
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: 
> > SQLException: java.sql.SQLException:
> > Error during query: Unexpected Exception: 
> > java.sql.SQLException message given:
> > Communication link failure: java.io.IOException
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: Auth ok, 
> > user has no roles
> > 2001-03-16 11:20:47 - ContextManager: JDBCRealm: UnAuthorized Y
> > 2001-03-16 11:20:55 - ContextManager: JDBCRealm: The database 
> > connection is null or was
> > found to be closed. Trying to re-open it.
> > 2001-03-16 11:20:55 - Ctx( /ngs_web ): Exception in: R( 
> > /ngs_web + /entering/buttons.jsp +
> > null) - java.lang.NullPointerException
> > at 
> > org.gjt.mm.mysql.PreparedStatement.executeQuery(PreparedStatem
> > ent.java:198)
> > at 
> > org.apache.tomcat.request.JDBCRealm.authenticate(JDBCRealm.java:307)
> > at 
> > org.apache.tomcat.request.JDBCRealm.authenticate(JDBCRealm.java:482)
> > at 
> > org.apache.tomcat.core.ContextManager.doAuthenticate(ContextMa
> > nager.java:837)
> > at 
> > org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341)
> > at 
> > org.apache.tomcat.request.JDBCRealm.authorize(JDBCRealm.java:503)
> > at 
> > org.apache.tomcat.core.ContextManager.doAuthorize(ContextManag
> > er.java:855)
> > at 
> > org.apache.tomcat.core.ContextManager.internalService(ContextM
> > anager.java:789)
> > at 
> > org.apache.tomcat.core.ContextManager.service(ContextManager.java:743)
> > at
> > org.apache.tomcat.service.http.HttpConnectionHandler.processCo
> > nnection(HttpConnectionHandler.java:210)
> > at 
> > org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoin
> > t.java:416)
> > at 
> > org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPo
> > ol.java:498)
> > at java.lang.Thread.run(Thread.java:498)
> > 
> > 2001-03-16 11:21:00 - Ctx( /ngs_web ): Exception in: R( 
> > /ngs_web + /display/ngs_home.jsp +
> > null) - javax.servlet.ServletException
> > at java.lang.Throwable.(Throwable.java:96)
> > at java.lang.Exception.(Exception.java:44)
> > at 
> > javax.servlet.ServletException.(ServletException.java:161)
> > at
> > org.apache.jasper.runtime.PageContextImpl.handlePageException(
> > PageContextImpl.java:459)
> > at
> > display._0002fdi

Re: database question

[Andrew Robson]

Firstly I very strongly highly recommend you buy a decent book on servlets with
a section on JDBC 
  The O'Reilly  book Java Servlet Programming - by Jason Hunter is a good one.

On Thu, 15 Mar 2001, you wrote:
> Hi I am using MySQL and JDBC mm.mysql Driver to connect to the database. I am 
> having trouble trying to connect. Can anyone tell me if MySQL is even 
> compatible with servlets? 

It is not a question of whether it is compatible with servlets. Anything you
can do in Java can be done in a servlet. So can you connect from 
Java to MySql? Yes - this is what the mm.mysql Driver is specifically 
designed to facilitate.
With the distribution I have all I needed to was put mysql.jar in
TOMCAT_HOME/lib - documentation which you got with mysql 
will tell you how to register this driver in your Java code 
The jar file you have may be called something different.

>From the JDBC mm.mysql Driver it looks as if it 
> is. Also in one of the emails I saw a sample script and they used this driver 
> :
> 
> "sun.jdbc.odbc.JdbcOdbcDriver"
> 
> I've seen that driver a lot before in documentations. What database does it 
> work with. And is that database easier to implement than MySQL.

It will work with any ODBC compliant database. It comes with your jdk which is
why you will see it a lot in documentation. However it is not recomended you
use it in a real system as it is not thread-safe. It is a lowest common
denominator driver so that you can start using Java to connect to db's
without obtaining and possibly paying for a driver specific to your db. 


andrew 

RE: almost there

[Andrew Robson]

Ken,
  Only ever tried with mod_jserv.so but probably you should use
mod_jk. There are many, many posts about building mod_jk on this 
list so if you go this way look at the archives. Was your apache built
with DSO support? If so then command in the minimilist guide
   apxs -c -o mod_jserv.so *.c
should work. It did for me. I don't think you have to edit the tomcat.conf file
Tomcat generates a tomcat-apache.conf file when it is run which should have the
configuration you need. Take a copy of this file. You will probably need to edit
it at some point as it contains the Ajpserv mount directives. I had to right at
the start becasue redhat seems to do a non-standard install of apache and I had
to edit the file so that the jserv module could be found. You need to
include your copy of the file in httpd.conf  (tomcat will over-write the
original each time it is run)

Hope this gives you something to go on.
Andrew

On Thu, 15 Mar 2001, you wrote:
> Andrew,
>   I checked it out using fuser 8007/tcp with tomcat shutdown and
> started and I only get the pid's of the processes associated with tomcat
> when it is started.  I get nothing when it is shutdown.  So I am confident
> that there is no other process running on 8007.  I must believe that the
> problem lies in Apache.  I used a mod_jserv.so that I downloaded.  Should I
> use mod_jk instead?  I may try this but wouldn't know how to edit
> tomcat.conf to reflect the change.  I could not get mod_jserv.so or
> mod_jk.so to compile on my maching using defaults.  I will try to download
> the binary of mod_jk first and then edit the tomcat.conf file.  If this does
> not work, I will try to compile once more.
> Thanks,
> Ken
> 
> -Original Message-
> From: andrewdrobson [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 15, 2001 8:47 AM
> To: [EMAIL PROTECTED]
> Subject: Re: almost there
> 
> 
> Hi Ken,
>   Have you ever got rid of the initial rogue process running on
> port 8007? You'll certainly get this error until you do whether running
> tomcat standalone or not with your current config.
> I'd shutdown everything, make sure no longer have the connector
> running on 8007 before trying again.
> To get the examples to work  I don't think you should have to do
> anything beyond setting CLASSPATH, TOMCAT_HOME (etc?)
> if you are running tomcat standalone. I'd also recommend
> you get tomcat running standalone before integrating with apache.
> I can send you details about this integration if necessary.
> (at the moment I'm logged into NT and can't look over my
> tomcat config on linux)
> andrew
> -Original Message-
> From: Reeves, Kenneth <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
> Date: 15 March 2001 14:07
> Subject: RE: almost there
> 
> 
> >You are absolutly right.  I realized my mistake and took the edit I made
> out
> >of the script.  Restarted tomcat, restarted apache and I get the same error
> >as before.  Now I am just trying to get tomcat to answer on port 8080, and
> >it won't do that.  So again I believe that I have some configuration wrong.
> >I don't start tomcat as a user, just root for the moment.
> >Thanks,
> >Ken
> >
> >-Original Message-
> >From: Andrew Robson [mailto:[EMAIL PROTECTED]]
> >Sent: Wednesday, March 14, 2001 4:50 PM
> >To: [EMAIL PROTECTED]
> >Subject: Re: almost there
> >
> >
> >Hi,
> >  Sorry don't have solution but may have hint. I've seen this error a
> couple
> >of
> >times in the last week. Thought it a bit wierd as I've been developing with
> >tomcat for last 4 months and hadn't seen it before. Following a hunch I've
> >just reproduced it. I have a user set up that I run tomcat under. I get
> this
> >error if having started under this user I carelessly shut down the server
> >while
> >root. Can sort it by doing a reboot but suppose you can do it by
> identifying
> >the process running on 8007 and killing it.
> >Don't know if this helps you much.
> >BTW, could be wrong but I would think that the Ajpv12 stuff you added
> >to server.xml would have already been there by default?
> >
> >andrew
> >
> >
> >On Wed, 14 Mar 2001, you wrote:
> >> I have the tomcat server running and I can get to the
> >> "examples/servlets" page.  When I click on "HelloServlet Execute button"
> >> I get a pop-up box that states that
> >> there was no data.  I figured that I did not have the connector set up
> >> right so, I edited the server.xml file and added;
> >>
> >>
> >>  
> >>

Re: almost there

[Andrew Robson]

Hi,
  Sorry don't have solution but may have hint. I've seen this error a couple of
times in the last week. Thought it a bit wierd as I've been developing with
tomcat for last 4 months and hadn't seen it before. Following a hunch I've 
just reproduced it. I have a user set up that I run tomcat under. I get this
error if having started under this user I carelessly shut down the server while
root. Can sort it by doing a reboot but suppose you can do it by identifying
the process running on 8007 and killing it. 
Don't know if this helps you much.
BTW, could be wrong but I would think that the Ajpv12 stuff you added
to server.xml would have already been there by default?

andrew


On Wed, 14 Mar 2001, you wrote:
> I have the tomcat server running and I can get to the
> "examples/servlets" page.  When I click on "HelloServlet Execute button"
> I get a pop-up box that states that
> there was no data.  I figured that I did not have the connector set up
> right so, I edited the server.xml file and added;
> 
> 
>  
>   className="org.apache.tomcat.service.PoolTcpConnector">
>   
> value="org.apache.tomcat.service.connector.Ajp12ConnectionHandler"/>
>value="8007"/>
>  
> 
> I added this right below the other connector.  When I startup and
> shutdown the server I get the following message.
> 
> [root@webservices bin]# ./startup.sh
> Using classpath:
> 
>/usr/jakarta-tomcat-3.2.1//lib/ant.jar:/usr/jakarta-tomcat-3.2.1//lib/jasper.jar:/usr/jakarta-tomcat-3.2.1//lib/jaxp.jar:/usr/jakarta-tomcat-3.2.1//lib/parser.jar:/usr/jakarta-tomcat-3.2.1//lib/servlet.jar:/usr/jakarta-tomcat-3.2.1//lib/test:/usr/jakarta-tomcat-3.2.1//lib/webserver.jar:/usr/java/jdk1.3.0_02/lib/tools.jar
> 
> [root@webservices bin]# 2001-03-14 08:43:49 - ContextManager: Adding
> context Ctx( /examples )
> 2001-03-14 08:43:49 - ContextManager: Adding context Ctx( /admin )
> Starting tomcat. Check logs/tomcat.log for error messages
> 2001-03-14 08:43:50 - ContextManager: Adding context Ctx(  )
> 2001-03-14 08:43:50 - ContextManager: Adding context Ctx( /test )
> 2001-03-14 08:43:53 - PoolTcpConnector: Starting Ajp12ConnectionHandler
> on 8007
> FATAL:java.net.BindException: Address already in use
> java.net.BindException: Address already in use
>  at java.net.PlainSocketImpl.socketBind(Native Method)
>  at java.net.PlainSocketImpl.bind(PlainSocketImpl.java:408)
>  at java.net.ServerSocket.(ServerSocket.java:170)
>  at java.net.ServerSocket.(ServerSocket.java:121)
>  at
> 
>org.apache.tomcat.net.DefaultServerSocketFactory.createSocket(DefaultServerSocketFactory.java:97)
> 
>  at
> org.apache.tomcat.service.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java:239)
> 
>  at
> org.apache.tomcat.service.PoolTcpConnector.start(PoolTcpConnector.java:188)
> 
>  at org.apache.tomcat.core.ContextManager.start(ContextManager.java:527)
> 
>  at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:202)
>  at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)
> 
> [root@webservices bin]# ./shutdown.sh
> Using classpath:
> 
>/usr/jakarta-tomcat-3.2.1//lib/ant.jar:/usr/jakarta-tomcat-3.2.1//lib/jasper.jar:/usr/jakarta-tomcat-3.2.1//lib/jaxp.jar:/usr/jakarta-tomcat-3.2.1//lib/parser.jar:/usr/jakarta-tomcat-3.2.1//lib/servlet.jar:/usr/jakarta-tomcat-3.2.1//lib/test:/usr/jakarta-tomcat-3.2.1//lib/webserver.jar:/usr/java/jdk1.3.0_02/lib/tools.jar
> 
> Stop tomcat
> java.lang.NullPointerException
> Signal ignored: 15
> 2001-03-14 08:44:32 - Ctx(  ): IOException in: R(  + / + null) Bad file
> descriptor
> [root@webservices bin]#
> 
> 
> 
> Any ideas.  I haven't tried to re-start the webserver at this point.
> 
> Thanks,
> Ken Reeves
> 
> 
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
-- 

Re: Ctx( ): IOException in: R( + /tomcat-power.gif + null) socket write error

[Andrew Robson]

Hi,
  I think this is an error which has been discussed a number of times
on the list. To the best of my recollection problem stems from IE's
caching behaviour. You have two choices
1) Ignore it - as you say page loads fine
2) Do something to prevent IE caching the resources
however recollection hazy - your best bet is to look 
through the archives on this list for proper explanation 
and best course of action

andrew

On Mon, 12 Mar 2001, you wrote:
> Hello,
> 
> I am running tomcat 3.2 on NT. While trying to access
> http://localhost/index.html I get the following errors:
> 
> 2000-12-12 09:27:41 - Ctx(  ): IOException in: R(  + /index.html +
> null)
> socket write error (code=10053)
> 2000-12-12 09:27:41 - Ctx(  ): IOException in: R(  + /tomcat-
> power.gif +
> null) socket write error (code=10053)
> 
> but page loads fine. Any ideas?
> 
> _
> Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: Does Tomcat3.2.1 use a servlet pool in SingleThreadModel

[Andrew Robson]

Hi,
  No. It synchronizes the calls to the service method (see Craig McLanahan's
post from 2nd of March). That tomcat properly implements SingleThreadModel
should be easy to verify by generating a unique id for each of your requests and
tracing their execution.
Andrew

On Fri, 09 Mar 2001, you wrote:
> Hello,
> 
> I am testing the SingleThreadModel. My test way was to write a servlet which will 
>take 3 minutes to process a request. Then I opened serveral browsers to send requests 
>almost in the same time. Form the responses, I found out that all the responses were 
>generated by the same servlet instance. 
> 
> Does Tomcat3.2.1 use a servlet pool in SingleThreadModel? If my test mehod is wrong?
> 
> Best Regards
> Zou Hua
-- 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: Form Based Authentication with Encryption

[Andrew Robson]

Hi Amit,
  Firstly I'm assuming your comfortable with java (rather than just jsp)
programming. 
  Also you are going to need a source distribution of tomcat.
If you have that then in TOMCAT_HOME/src/org/apache/tomcat/request
you will be able to see the source code for the authentication modules
provided. To create your own in 3.2 you create a subclass of BaseInterceptor. 
( in tomcat 4.0 I believe class hierachy has changed you need to subclass 
  org.apache.catalina.realm.RealmBase ). As I said the easiest way to do this
is just copy whichever Realm best fits your needs- I think SimpleRealm for you
- and create your own class by amending the source and adding the functionality
you need.
Now you are going to need to compile this class (with your encyrption
mechanism) and add it to tomcat. You can't just use javac to compile your
class becasue you need to include the other tomcat packages. I rather 
simplemindely added all the jar files in TOMCAT_HOME/lib into 
my CLASSPATH, then used javac and then added the class to webserver.jar
using jar. However I believee there is a better way - there is a build
script somewhere  which you can run to create a fresh copy of tomcat
which will have your new authentication module. However I can't find it in
my distribution.  As I said once you have added your custom functionality
into Tomcat then you need to edit server.xml to pick up your Realm class rather 
than the default. 
Sorry don't know of any documentation to help in any of this. 
As an aside if you are using the xml file you are going to have be careful
to deal with concurrency issues in the coding of your new Realm class and
your user registration servlet (assuming this is what you are doing). 

Andrew

On Wed, 07 Mar 2001, you wrote:
> 
> Thanks Andrew,
> 
> But,I'm using XML to store my whole data (this is requirement of the product)
> We are not at all using any database.
> 
> So with this regard, would u like to comment something more ?
> Also can u suggest some resource for : creating my own cutomized "authentication 
>module" ?
> 
> Thanks in advance.
> 
> Regards,
> -Amit.
> 
> - Original Message - 
>   From: Andrew Robson 
>   To: [EMAIL PROTECTED] 
>   Sent: Wednesday, March 07, 2001 3:37 PM
>   Subject: Re: Form Based Authentication with Encryption
> 
> 
> 
> 
>   Hi Amit,
> I'm using 3.2 so details may vary.
>   What you want to do is write your own authentication module.
>   Easier than it sounds. Just take a copy of the authentication module you
>   are using (SimpleRealm?) to use as a base for your own code. Add in
>   the functionality you want, compile and include in 
>   TOMCAT_HOME/lib/webserver.jar
>   Edit server.xml to use your custom authentication module.
>   Also, I'd recommend you look at JDBCRealm so that you can store usernames
>   and passwords in a database. Quite apart from the other advantages you may
>   then be able to take advantage of the db's encryption facilities (e.g. 
>   MySql's
>   Password function) and save yourself the bother of writing your own.
> 
>   Hope this helps
>   Andrew
> 
>   On Wed, 07 Mar 2001, you wrote:
>   >
>   > Hi All,
>   >
>   > I'm using tomcat 4.0 Beta1.
>   > I successfully tested out the form based authentication provided with 
>   tomcat.
>   >
>   > But , the main problem with it is : It uses plain text to store 
>   users,roles and passwords
>   > in the "tomcat-users.xml"   file placed  in TOMCAT_HOME\conf.
>   >
>   > Is there any plugin for tomcat to encrypt the passwords stored in this 
>   file ?
>   > or is there any round-about to do so.
>   >
>   > Thanking you in advance.
>   >
>   > With Regards,
>   > -Amit
>   > E-Mail:[EMAIL PROTECTED]
>   > Sansui Software Pvt. Ltd.,Pune
> 
> 


Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description: 


-- 
===
Andrew Robson 
2/1 
723 Pollockshaws Road
Glasgow G44 2AA
 
Tel: (0141) 424 0607
Mobile:  07759 430234 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: Form Based Authentication with Encryption

[Andrew Robson]

Hi Amit,
  I'm using 3.2 so details may vary.
What you want to do is write your own authentication module. 
Easier than it sounds. Just take a copy of the authentication module you 
are using (SimpleRealm?) to use as a base for your own code. Add in
the functionality you want, compile and include in TOMCAT_HOME/lib/webserver.jar
Edit server.xml to use your custom authentication module. 
Also, I'd recommend you look at JDBCRealm so that you can store usernames
and passwords in a database. Quite apart from the other advantages you may 
then be able to take advantage of the db's encryption facilities (e.g. MySql's
Password function) and save yourself the bother of writing your own.

Hope this helps
Andrew

On Wed, 07 Mar 2001, you wrote:
> 
> Hi All,
> 
> I'm using tomcat 4.0 Beta1.
> I successfully tested out the form based authentication provided with tomcat.
> 
> But , the main problem with it is : It uses plain text to store users,roles and 
>passwords
> in the "tomcat-users.xml"   file placed  in TOMCAT_HOME\conf.
> 
> Is there any plugin for tomcat to encrypt the passwords stored in this file ?
> or is there any round-about to do so.
> 
> Thanking you in advance.
> 
> With Regards,
> -Amit
> E-Mail:[EMAIL PROTECTED]
> Sansui Software Pvt. Ltd.,Pune
> 


Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description: 




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: mySQL again

[Andrew Robson]

Hi,
  You might want to try something like the following. It works for me.

 

Andrew  

On Thu, 01 Mar 2001, you wrote:
> Hi!
> My connectionURL in server.xml now looks like this:
> "jdbc:mysql://localhost/auth?user=root&password=somepassword"
> 
> and tomcat doesn't start up (although there is no error msg or anything) and
> when i execute tomcat stop i get the following exception:
> org.xml.sax.SAXParseException: Next character must be ";" terminating
> reference to entity "password" and a stack trace follows...
> 
> why is that?
> 
> 
> vVolf
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
-- 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: apache/tomcat with formbased security

[Andrew Robson]

John,
 This question has appeared on the list before. 
Below is a quote from a reply by one of the tomcat developers. I have the same
problem. I want to integrate apache/tomcat but can't at the moment because 
I need the functionality I've built into my custom JDBCRealm. And I don't know 
how to replicate in apache. I'd be very interested in how you get on. You
can email me directly if you make any progress and I'll do the same.

Andrew

>The Apache connector does not know anything about what is in your web.xml
>file,so  it doesn't know about your security constraints that ask for
>authentication. You will have to use standard Apache facilities to configure
>valid users.

>In Tomcat 4.0, this will not be the case -- the web connector will be
>configured from the contents of the web.xml file.


On Wed, 28 Feb 2001, you wrote:
> Does anyone have formbased security working with apache and tomcat?
> 
> I have formbased security working fine with tomcat in standalone, but when I
> go through apache it doesn't recognize the post to j_security_check
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED] 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: [NEWBIE] Running Servlets on Tomcat

[Andrew Robson]

On Sat, 17 Feb 2001, you wrote:
> 
> hi everybody
> 
> i have just downloaded and installed Tomcat and am a complete 
> newbie at it...the installation gave me a few problems like "environment
> out of space " and a few other regarding the class path etc...but i have 
> manged to get it right now
> 
> the problem is that I dont know how to run my servlets !!!
> I am running Tomcat and Apche on my Windows 2000 machine...
> 
> the path where i am storing my .class files is:
> 
> c:\tomcat\webapps\user\web-inf\classes\hello.class
> 
> i have been told, that one need to add  web.xml file to the 
> classes directory ??
> 
> can some one please tell me :
> 
> 1. Where to store the .class files ?
   You are putting them in the right place
  
> 2. what link to give to the browser ?

If you are running tomcat standalone and have not changed the 
default port settings then
http://localhost:8080/user/servlet/hello
If you have integrated Apache and tomcat then 
http://localhost/user/servlet/hello

> 3. in what way should i configure the web.xml file ??
> ( there is already a web.xml file in tomcat\conf\..)

 There are two types of web.xml file. The default which is global
 to tomcat i.e. the one in tomcat\conf. I believe from 3.2 onwards 
 this is no longer read by tomcat so you can forget about it. 
 You can also and should define a web.xml file for each web app.
 This should be deployed in the WEB-INF dir of your app (not the 
 classes dir)
 Take a look at the web.xml file in the examples directory. 
 Also, chapters 9,10 and 14 of the Servlet API spec is the best place 
 to learn how to configure web.xml. It is available at
 http://java.sun.com/products/servlet/

 Hope this helps
 Andrew
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: Web-site security

[Andrew Robson]

Amit,

There already is code included in tomcat for intercepting 
all requests for defined sets of URL's and applying 
authentication. Look at the definitions of RequestInterceptors for Simple and
JDBC Realms in your server.xml file and check out the source
for these.
Also look at the security constraint section of the web.xml in your
examples dir and at the example login.jsp in the security dir
If you are using a database to authenticate your users there's a howto at
http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto

However be warned I only ever got this to work with tomcat (3.2) standalone.
Couldn't get it to work when using apache and tomcat together. From 
an earlier post on this list got the impression this is because Apache 
isn't aware of the web.xml settings for your app but don't take my
word for it.
You are of course also free to write your own custom RequestInterceptor.
I'm planning to write my own version of JDBCRealm so that it is capable of
handling encrypted passwords.

Hope this helps
Andrew

On Tue, 16 Jan 2001, you wrote:
> Thanks Michael,
> 
> But I was thinking there might be a configuration file that does this. I
> think that would be a neater way of doing things than including an inlude
> file in all the pages. Can I write a servlet to which all my requests are
> directed before being passed on to the respective pages?
> 
> Thanks,
> 
> - Original Message -
> From: "Michael Wentzel" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, 16 January 2001 6:11 PM
> Subject: RE: Web-site security
> 
> 
> > > How can i specify the default page for my site hosted on Tomcat on NT. I
> > want to specify a particular > file (say index.html) where all new
> sessions
> > are redirected. If a user types a valid url path to my
> > > site, specifying any oher file on my site, he/she should be rediected to
> > the index.html page. Only
> > > when he is logged on, should he be able to access the other pages on my
> > site.
> >
> > I'm sure there are probably other ways of handling this but we have a
> common
> > include file that consists of session checking code and redirects to
> > login.jsp if session is invalid, and this file is included on
> > all pages in our context.
> >
> >
> > ---
> > Michael Wentzel
> > Software Developer
> > http://www.aswethink.com">Software As We Think
> > mailto:[EMAIL PROTECTED]">Michael Wentzel
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, email: [EMAIL PROTECTED]
> >
> >
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
-- 
===
Andrew Robson 
10 Bank Street
Glasgow G12 8JQ
 
Tel: (0141) 339 9970
Mobile:  07759 430234 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: TOMCAT PROBLEM of disconection

[Andrew Robson]

Are you using Redhat 7.0? This sounds similiar to a known
bug I came across recently. Tomcat dies and spits out
# 
# HotSpot Virtual Machine Error, Unexpected Signal 11 
# Please report this error at 
# http://java.sun.com/cgi-bin/bugreport.cgi 
# 
# Error ID: 4F533F4C494E55580E43505005BC 
# 
# Problematic Thread: prio=1 tid=0x804df78 nid=0x6e3 runnable 
# 
An irrecoverable stack overflow has occurred.

There is info about it in the bug database.  
I am using JDK 1.3 and I'm going to go back to Redhat 6.2 
as problem never occurred there.

Andrew

On Thu, 11 Jan 2001, you wrote:
> 
> In fact  i use this JVM :
>  
> java version "1.2.2"
> Classic VM (build 1.2.2-L, green threads, nojit)
>  
>  
>  
>  
> -Message d'origine-
> De : Khaled Ben Mohamed 
> Envoyé : jeudi 11 janvier 2001 18:26
> À : '[EMAIL PROTECTED]'
> Objet : TR: 
> 
> 
> I use the same jvm so i don't understand ?
>  
>  
>  > -Message d'origine-
>  > De : Michael Kuz [mailto:[EMAIL PROTECTED]]
>  > Envoyé : jeudi 11 janvier 2001 18:27
>  > À : 'Khaled Ben Mohamed'
>  > Objet : RE: 
> 
> 
> 
>  > I'm using Suns 1.2.2 for Linux 
> 
>  > [mkuz@mkuz ~]$ java -version 
>  > java version "1.2.2" 
> > Classic VM (build 1.2.2_006, green threads, nojit) 
> 
> 
> 
> > -Original Message- 
> > From: Khaled Ben Mohamed [ mailto:[EMAIL PROTECTED]
>  ] 
> > Sent: Thursday, January 11, 2001 10:17 AM 
> > To: '[EMAIL PROTECTED]' 
> > Subject: 
> > 
> > 
> > >>-Original Message- 
> > >>From: Kitching Simon [ mailto:[EMAIL PROTECTED]
>  ] 
> > >>Sent: Thursday, January 11, 2001 9:50 AM 
> > >>To: '[EMAIL PROTECTED]' 
> > >>Subject: RE: TOMCAT PROBLEM of disconection 
> > > 
> > > 
> > >>The problem is that the java virtual machine you are using 
> > >>has a bug. There really isn't any work-around for this sort 
> > >>of problem - if the jvm is buggy, the best thing is to change 
> > >>jm. 
> > > > 
> > >>JVM version 1.3 is available for just about every platform 
> > >>now, I suggest you download & install it. 
> > 
> > >Isn't 1.3 still 'buggy' on Linux? 
> > 
> > What JVM do you think i have to use ? 
> > 
> 
> 


Content-Type: text/html; name="unnamed"
Content-Transfer-Encoding: quoted-printable
Content-Description: 





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: How to: make authentication on tomcat

[Andrew Robson]

Try
http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/JDBCRealm.howto
There's an jsp example in your tomcat distribution (3.2 anyway) which this
takes you through
-A

On Tue, 09 Jan 2001, you wrote:
> Hi all,
> 
> Do you know any documentation on how to set the authentication on tomcat
> from database or other xml file.
> 
> Thanks in advance.
> 
> Regards
> johnson
> 
> 
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, email: [EMAIL PROTECTED]
-- 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]

Re: Linux/Apache/Tomcat/JDBC/MySQL, was: RE: Tomcat and jdk

[Andrew Robson]

Try http://www.mysql.com/downloads/api-jdbc.html to
get mm MySql driver (type 4). I'm using jdk1.3 and seems to work OK
(so far!)

Andrew 
PS you probably shouldn't be posting to this list unless
tomcat specific ;-)

On Thu, 14 Dec 2000, you wrote:
> > jdk1.2
> 
> I'm currently using the IBM JDK 1.1.8 since both JDBC thingies
> I have don't work under Sun's JDK 1.2.2... 
> 
> Which leads to to YAQ: does anybody have JDBC for MySQL that
> works under JDK1.2 or greater? I don't have the time to do a
> JDBC right now! ;)
> 
> Dave

Form-based authentication apache tomcat

[Andrew Robson]

This is my first post to this list so I hope my problem isn't
too stupid. I'm using tomcat 3.2 , mod_jserv, apache on redhat 6.2.
I'm trying to implement form-based authentication. 
I've got the jsp example in Tomcat 3.2 to work when running
through tomcat only. However when I try the same thing through 
apache after submitting username and password I get a 404 for request
/examples/jsp/security/login/null I don't know why the null is getting
appended but it squares with the message tomcat is sending out 
" Ctx( /examples ): 404 R( /examples + /jsp/security/login/null + null) null"

There a couple of peculiar aspects to this. When I try and access a document
in the protected dir through apache there are two attempts to send the
JSessionID cookie to my browser.Suspect the request is getting garbled
becasue of this? Also even though I get the 404 error the j_username and
j_password appear to be getting set correctly because they show up when I run
the Session example. Even more irritating - if I simply try to access the
protected dir rather than a doc within it then everything works fine (perhaps
because the index is a jsp file??).I've had a good go at the configuring the
tomact apache conf file trying the various options in the minimalist guide.
I settled on  
ApJServMount /examples ajpv12://localhost:8007/root
as my best chance because I thought this would delegate 
the handling of all files under this directory to tomcat. 
Does anyone know what I'm doing wrong?
Many thanks
Andrew