Re: Turning on debugging in Tomcat 5.5
James Rome [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Most of the installed Tomcat classes have something like
container.isDebugEnabled() {...}
How do I enable these debug statements in Tomcat 5.5?
I'll assume that you are using Juli. If you are using log4j, compare what
I'm saying to http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html
to see what you need to do.
First you edit $CATALINA_HOME/conf/logging.properties and add and something
like:
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/myapp].level
= FINE
s/Catalina/EngineName/ s/localhost/my.host.name/
Of course, if you really want to fill up your logs, you can do something
like:
org.apache.catalina.level = FINE
Thanks,
Jim
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q:how to remove charset from HTTP responce to allow browser use a browser selected charset?
Mark [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi Mark,
In my case servlet generates an output, so no JSP for now...
Can I do it using filters? Or define and store user's prefs with
encoding outside of tomcat and in the session and use if it's exists
in the session?
Other Mark's answer was a little incomplete. If your Servlet uses
response.getWriter, then the spec requires that you get a charset on the
Response headers. If your Servlet doesn't specify a charset in the
response.setContentType, then a Filter something like:
public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain)
throws ServletException, IOException {
if(request instanceof HttpServletRequest) {
HttpServletRequest hreq = (HttpServletRequest)request;
HttpSession session = hreq.getSession();
String enc = (String)session.getAttribute(MY_ENC_ATTR_NAME);
if(enc == null) {
enc = getCharSetForUser(hreq); // Your lookup from DB
function
if(enc != null) {
session.setAttribute(MY_ENC_ATTR_NAME, enc);
}
}
if(enc != null) {
response.setCharacterEncoding(enc);
}
}
chain.doFilter(request, response);
}
Thanks a lot!
Mark.
--- Mark Thomas [EMAIL PROTECTED] wrote:
Mark wrote:
Hello,
In my application users enter data using different languages.
The problem I'm facing is the browser sets the page encoding
always
to ISO-8859-1. (I guess this is default based on server OS)
User can change encoding on the page (Browser settings) and
everything looks OK but only for one page. On the next page
encoding
is back to ISO-8859-1.
Is there any way to instruct tomcat not to send the page
encoding?
If you are using JSPs, no. The spec requires that the charset is
set.
Mark
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
__
Yahoo! for Good
Donate to the Hurricane Katrina relief effort.
http://store.yahoo.com/redcross-donate3/
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.12 and user-agent header
Richard Mixon [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I tested out my application on 5.5.12 yesterday and noticed one small anomally. I had a JSP in my sitemesh decorator default.jsp that ends up wrapping the login page for container managed authentication. This page had a statement String _userAgent = request.getHeader(user-agent).toLowerCase(); It gets a null-pointer exception in 5.5.12, but under 5.5.9 it runs fine. In 5.5.12, after the login succeeds then the user-agent headers appear to be there just fine, but not on the initial login page. Is this a known issue? It's certainly not a known issue. It would help a lot if you could tell us which Connector you are using at the time (e.g. HTTP/1.1, HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR). Thank you - Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat start exception
If you add the attribute channelSocket.soLinger=-1 to your AJP/1.3 Connector element in server.xml, it should make the error go away. It's beyond me why Sun has decided to throw an exception here. Jun Zhu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a Tomcat5.5.9 server that works fine with JDBCRealm. I am trying to configure a customRealm for the sever. The customRealm.jar file was placed in the directory of $Tomcat_Home/server/lib. The realm in the server.xml has been defined as: Realm className=edu.aces.realm.JDBCUnixRealm connectionName= connectionPassword=XXX connectionURL=jdbc:mysql://oscar.acesag.auburn.edu:3306/authenticate driverName=org.gjt.mm.mysql.Driver roleNameCol=role_name userCredCol=user_pass userNameCol=user_name userRoleTable=tomcat_user_roles userTable=tomcat_users validate=true / After starting tomcat, I can see tomcat page via IE browser, but when click on Tomcat Manager, just got a blank page. I got exception in catalina.out as: WARNING: Exception executing accept java.net.SocketException: Invalid argument at java.net.PlainSocketImpl.socketSetOption(Native Method) at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:264) at java.net.Socket.setSoLinger(Socket.java:869) at org.apache.jk.common.ChannelSocket.accept(ChannelSocket.java:300) at org.apache.jk.common.ChannelSocket.acceptConnections(ChannelSocket.j$ at org.apache.jk.common.SocketAcceptor.runIt(ChannelSocket.java:852) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thread$ at java.lang.Thread.run(Thread.java:595) In most case this exception means The server is not running (nobody is listening on the specified port) or The host is not reachable. Is there any additional configuration I missed? How to fix this problem? Please help. Julia Zhu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat working directory
The easiest way to to open up the nice GUI (If it isn't in the System-Tray or the Start menu, then it's usually at $CATALINA_HOME\bin\tomcat5w.exe), open the Startup tab, fill-in the Working Path box, and click 'OK'. Then restart the service. It's also possible to do this from the command line, but I'll leave that as an exercise for people that have actually read the commons-daemon FM. Samit Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, How do I set tomcat-5's working directory to something other than C:\Windows\System32 when it is run as windows (XP) service . Even if I set CATALINA_HOME to point to the tomcat installation directory it doesn't take it. Everything works great if I run tomcat from the command line using tomcat's startup.bat file. Any help would be appreciated. ~Samit Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Suppress Connection reset by peer: socket write error.
Dola Woolfe [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I apologize for asking this question again for I remembering asking this question in the past, but I can't find the response. What setting (and where) will suppress the aforementioned exception in the tomcat log? Including the Tomcat version helps ;-). I'm assuming that this is for the AJP/1.3 Connector. The answer is to change the logging level for that component to be one higher than the level in the message (in the latest version, it's at DEBUG level and I don't remember what it used to be). For example, if you are using JDK1.4 logging you would do something like: org.apache.jk.common.level=SEVERE in your logging.properties file. Thank you very much in advance, again! Dola __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: password authentication causes 403 error
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I would like to set up my development tomcat-5.0.28 (on port 8080) so that all webapps that are not password protected, to have password authentification. Since it is my dev box I would like to use the memory realm. I have this in my web.xml: security-constraint web-resource-collection url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-name=admin/ It's: auth-constraint role-nameadmin/role-name /auth-constraint What you have (other than being invalid, if validation-checking was enabled :), tells Tomcat to forbid access to everyone. user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config I have this in my tomcat-users.xml: tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ role rolename=admin/ user username=mylogin password=mypassword roles=admin,manager,role1/ /tomcat-users If I go to http://localhost:8080/manager it asks me to login and then gives me access to the webapp as expected. If I go to http://localhost:8080/ it asks me to login and if I get it wrong is gives me a 401 error as expected but if I get it right it gives me a 403 error instead of allowing access to the webapp. This happens with all webapps that do not have their own authentication. How do I configure tomcat to give me access to my webapps when I login correctly? Thanks, Paul -- Paul Mackinlay (PhD, MEng) http://www.webotech.co.uk/ [EMAIL PROTECTED] Tel: +44(0)7050 699971 Fax: +44(0)7050 699972 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Final questions: workers.properties
David Thielen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi; First off thanks to all for help - I think I'm just about done. Question: workers.properties.minimal (which works fine) only has: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 While workers.properties (not load balancing) also has: workers.tomcat_home=/var/tomcat3 workers.java_home=/opt/IBMJava2-13 ps=/ worker.inprocess.* (lots of inprocess ones) Are the above needed for anything? It wasn't clear to me reading the docs what inprocess was for. The inprocess is for Apache to connect to Tomcat using JNI. It currently only works for TC 3.3.x, so you can likely safely ignore it (or comment it out). ??? - thanks - dave David Thielen 303-499-2544 www.windwardreports.com http://www.windwardreports.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Final questions: Default pages
David Thielen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi; I have multiple domains on my website (IIS). I would like to do the following. When a user goes to http://www.windward.net/cart.jsp or http://www.windwardreports.com/cart.jsp that it then loads the jsp page in the root of a specific webapp of mine. In other words, all requests for a .jsp (or .faces) page is mapped to the same servlet regardless of the domain. And that the servlet name is not needed as part of the url. How can I do this? Simplest is to Alias one or the other to your real VHost. With TC 5.5.10+ you can also use useIPVHosts=true on the Connector to use whatever IIS sends for SERVER_NAME as the Host name for mapping (really don't know, and care even less how this will work :). Thanks - dave David Thielen 303-499-2544 www.windwardreports.com http://www.windwardreports.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Suspected memory leak in Tomcat or JVM?
There are some memory leaks in the AJP/1.3 Connector (e.g. http://issues.apache.org/bugzilla/show_bug.cgi?id=32141), but the CVS logs say that these were introduced after 4.1.27. Jochen Wiedmann [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, we have an elder application running on Tomcat 4.1.27 with Java 1.4.2_08 on Sparc Solaris 8. Recently we moved the application to a new machine running on Sparc Solaris 9. Since then we have a serious memory problem and need to restart the same application twice a day. One minor change: We are now using mod_jk 1.2.14 and no longer mod_proxy. As I am unaware of any serious heap profiler that is fast enough for production use, I decided to try the very simple heap profiler from http://www.virtualmachine.de/. I made a dump after starting the application and before shutting down. The results were (to me) quite surprising: The main difference was in the following numbers: At startBefore shutdown Objects Size Objects Size [byte5638 6M160796569M [char 3006402 195M 3211457418M ByteChunk62 2K 345450 14M CharChunk 46 2K 324080 13M (With ByteChunk and CharChunk being from the org.apache.tomcat.util.buf package.) To me, this numbers seem to be related. Any ideas? Regards, Jochen -- Having experienced 7 years of labour/green government, I now know the reason, why a conservative government is good for the economy: The economy's unable to imagine anything else ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: connecting tomcat-5-5-9 to apache server 2-0-54
If you have MSVC 6+ installed, just use the mod_jk2.dsp file in native2\server\apache2. Otherwise, you'll probably have to roll your own Makefile. Thomas Clery [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I would like to connect Apache Tomcat and Apache Server using mod_jk2 but I cannot find the .dll. How do I build the mod_jk2.dll for apache 2.0.54. I would like to install this on windows xp professional Thank you - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JAVA_HOME beginner
Hey Scott-- The website seems to be password protected. I get a password screen and can't get past it. Bill -Original Message- From: Anto Paul [mailto:[EMAIL PROTECTED] Sent: Sat 8/27/2005 8:07 AM To: Tomcat Users List Cc: Subject: Re: JAVA_HOME beginner Did you set JAVA_HOME environment variable. It should point to the JDK installation directory for eg. c:\j2sdk1.4.2_02. Try setting it in startup.bat as the first line. On 8/27/05, ganesan malairaja [EMAIL PROTECTED] wrote: i am using win XP. tomcat 5.0.xx and jdk1.4_02 i tried running several jsp pages ..it resturns this errors Unable to find a javac compiler; com.sun.tools.javac.Main is not on the classpath. Perhaps JAVA_HOME does not point to the JDK how do i over come this ..pls help thx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JAVA_HOME beginner-APOLOGIES
My apologies to [EMAIL PROTECTED] MSOutlook. Obviously this went to the wrong place. Sigh . . . it's awfully late. Bill -Original Message- From: Bill Clemmons Sent: Sat 8/27/2005 6:26 PM To: Tomcat Users List Cc: Subject:RE: JAVA_HOME beginner Hey Scott-- The website seems to be password protected. I get a password screen and can't get past it. Bill -Original Message- From: Anto Paul [mailto:[EMAIL PROTECTED] Sent: Sat 8/27/2005 8:07 AM To: Tomcat Users List Cc: Subject: Re: JAVA_HOME beginner Did you set JAVA_HOME environment variable. It should point to the JDK installation directory for eg. c:\j2sdk1.4.2_02. Try setting it in startup.bat as the first line. On 8/27/05, ganesan malairaja [EMAIL PROTECTED] wrote: i am using win XP. tomcat 5.0.xx and jdk1.4_02 i tried running several jsp pages ..it resturns this errors Unable to find a javac compiler; com.sun.tools.javac.Main is not on the classpath. Perhaps JAVA_HOME does not point to the JDK how do i over come this ..pls help thx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom SSLServerSocket implementation
Alain Brousseau [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need to tell Tomcat 5.5 to use my custom SSLServerSocketFactory for backwards compatibility with our client-side software. It was relatively easy with Tomcat 4.1 (using a Factory element in the Connector configuration) but with tomcat 5.5 it doesn't work. The Connector seems to ignore the factory attribute. How can this be done with Tomcat 5.5 ? You can't implement a custom SSLServerSocketFactory in TC 5.5. You can however implement a custom SSLImplementation. You need to extend o.a.t.u.net.SSLImplementation (implementing the abstract methods), and then use something like: Connector port=443 secure=true scheme=https sSLImplementation=com.myfirm.mypackage.MySSLImplementation / Thanks Alain Brousseau - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Http Keep-Alive
As I recall, TC 3.2.x only has a HTTP/1.0 Connector. In particular, it never respects HTTP keep-alives. Jamie Spurr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know the property in the server.xml file on Tomcat for switching off http keep-alives? I'm using version 3.2.1. I can't find a listing for this deprecated version - Thanks, Jamie. ** Disclaimer: This message may contain privileged or confidential information. If you are not the intended recipient, please notify the sender and delete this message. Please be advised that any disclosure, copying, distribution or use of this information is strictly prohibited. Views expressed in this message are those of the individual sender and are not necessarily the views of Streamdoor Ltd, unless otherwise stated. Although Streamdoor Ltd has taken precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage caused arising from the use of this email or attachment. www.streamdoor.com ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: anonymising Tomcat
Paul Singleton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is it possible to configure Tomcat (5.5.9) so that a moderately able hacker couldn't figure out what is serving up our web apps? As documented at http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html: Connector protocol=HTTP/1.1 server=MSIE/5.0 / Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.x and Unix Sockets
Haven't tried it, but it should still work. The main difference is that (since mod_jk2 is deprecated) Tomcat 5.5.x no longer reads jk.properties by default. You need something like: Connector protocol=AJP/1.3 propertiesFile=conf/jk2.properties / Alternatively, you can include the settings from jk2.properties as attributes of the Connector element. Vijay Babu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi , Had anyone of you tested Tomcat 5.5.x with mod_jk2 configured for using Unix sockets. I have not been able to make this work. I know mod_jk2 is deprecated. The open source doesnt say that it will not work , but says it may work. Since i want to upgrade to Tomcat 5.5.9 i want to check this. Please let me know the configuration details for this to work. Tomcat 4 configuration doenst work here. Thanks in advance, Regards, Bob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet mapping - url pattern with *
flower [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello,
Let's consider situation like this:
We have got some servlets responsible for genereting galery page. We want
group galery pages by use common part in uri (/galery/):
http://x.com/galery/galery_id/firstpage.html
http://x.com/galery/galery_id/secondpage.html
firstpage.html is generated by servlet1 , secondpage.html by servlet2.
So we must url-pattern like this: /galery/*/firstpage.html and
/galery/*/secondpage.html but this url-pattern doesn't work.
question: why ? ( I use version 5.5.9 )
Some people, with I was talking about this, said that patterns like this
was work with previously version and that version 5.5.9 is crazy ;]
I've got a vague recollection that some some such Tomcat-specific extension
was proposed on the dev list. Can't remember if it was ever implemented
(and to which version), and I'm much to lazy to look it up :). However, the
5.5.9 behavior is in strict compilance with the Servlet spec (and, hence
anything but crazy).
Is any way to obtain behaviour like above with latest version ?
Simplest is with a Filter that does something like:
RequestDispatcher rd = null;
if(request.getRequestURI().endsWith(/firstpage.html) {
rd = getServletContext().getNamedDispatcher(servlet1);
} else if(request.getRequestURI().endsWith(/secondpage.html);
rd = getServletContext().getNamedDispatcher(servlet2);
}
if(rd != null) {
rd.forward(request, response);
}
Greatings
flow
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is APR ?
http://apr.apache.org/ Anto Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Is APR for Tomcat is any native library or java ? Where to get it ? -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getting Tomcat 5.5 daemon/service to startup automatically on bootup?
Ferindo Middleton Jr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm running *Tomcat/5.5.6 on* Fedora Core 4. What is the best way to get my Tomcat server to start automatically on bootup. My server does use SSL. I have read through the info on setting up tomcat as a daemon under Unix at http://jakarta.apache.org/tomcat/tomcat-5.5-doc/setup.html and this works after i run the command: ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap but when the computer reboots, no daemon/service restarts the tomcat automatically. How do you get it to start automatically during bootup. In the jsvc-src/native directory where you unpacked the jsvc source code there is a file called Tomcat5.sh. Edit that so that it specifies the options you want. Then copy it to /etc/init.d. Then cd to /etc/rc2.d (or rc3.d if you boot to init-level three) do: ln -s ../init.d/Tomcat5.sh S75tomcat Ferindo -- Ferindo Middleton Chief Architect Sleekcollar.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem running Tomcat on Windows 64-Bit Edition
There is a srvbatch in commons-daemon (I'm too lazy to look if there is a binary released for it :) that will allow you run the batch files as a service. You can also grab the source from commons-daemon and compile a 64bit version yourself (only the MSDK is needed, but you need to create your own makefiles). I've done both, and they both work well (but only the second one lets you have the nice configuration GUI :). Spors, Jeffrey R [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am trying to run Tomcat 5.5.9 as a service on Windows Server 2003 64-Bit Edition. The following scenarios work fine: - 32-bit JDK and Tomcat 5.5 running as a service and using startup.bat - 64-bit JDK and Tomcat 5.5 using startup.bat However, I can't run 64-bit JDK and Tomcat 5.5 as a service because it runs tomcat5.exe, which is 32-bit app (32-bit apps cannot reference 64-bit apps and vice versa on Windows 64). Is there a 64-bit binary for tomcat5.exe, is it possible for me to build tomcat5.exe as a 64-bit app from source, or is there a way of getting Tomcat to run as a service using only the .bat files? Thanks for any help. Jeff Spors Winona State University - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. Has anyone here done this before, and can you provide me to some pointers as to where/how to get started with it with the current version of Tomcat? Thanks in advance!! Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is there another version of Tomcat coming any time soon
I would guess that 5.5.10 will likely come out within the next month+0.5, but this is only a guess. No timetable for a release has been mentioned recently on the dev list. Edmon Begoli [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am trying to schedule a production release, so I would like to know if there is another point release of Tomcat coming out (like 5.5.10) within next month and a half. -- Thank you, Edmon Begoli http://blogs.ittoolbox.com/eai/software - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is allowed to do with a HttpServletRequest ?
cristi [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello all
I have a web application where I need to use in a second request the
HttpServletRequest object sent to the same servelet in the first
request.
Here is what my servlet looks like :
public void doGet( HttpServletRequest request, HttpServletResponse
response )
{
/*
some code here detecting if this request
is the first one. This code initializes
isFirstRequest
*/
if( isFirstRequest )
{
session.setAttribute( FIRST_REQUEST_OBJECT, request );
request.getRequestDispatcher(somepage.jsp).forward(request, response);
}
else
{
HttpServletRequest oreq =
(HttpServletRequest)session.getAttribute(FIRST_REQUEST_OBJECT);
request.getRequestDispatcher(somepage.jsp).forward(oreq, response);
}
}
It seems that it is not safe to do so. What can I do to handle this
situation ?
According to the spec (section 8.2 for those of you following along at home
:), the only safe HttpServletRequest to pass is the one that was passed into
the Servlet, or a child of HttpServletRequestWrapper that wraps the one that
was passed into the Servlet.
Tomcat happens to be very lenient in inforcing this restriction among
Servlet-Containers out there. The other-guys would probably throw an
exception straight away for attempting something like the above.
Thx.
Cristi
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat JSVC Errors
At a first guess, compare the version of libgcc for jsvc and libjvm.so. I remember that java -version tells you the second one on Lynux. Otherwise, you can use 'ldd'. You can also use 'ldd' to get the first. Wasik, Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I'm rather new to Tomcat. I have configured Tomcat 5.0.28 to launch under a non-privileged user account using the jsvc launcher. Tomcat works fine except I am finding the following errors in my Tomcat logs. I'm running this on Red Hat EL3 Linux server. I'm running the Sun JDK 1_5_0_03. jsvc.exec error: Service exit with a return value of 143 Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed Can anyone point me in the right direction on how to resolve this? I have Googled around but not found a good answer. Thanks, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do i prevent tomcat5 from adding trailing slash?
Edmund Urbani [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hi! i ran into some trouble with tomcat5 and its slash adding behaviour. there's this MS WebFolder client (M$ for WebDAV), that does not seem to be able to cope with status 302 redirects in some situations. in order to work around this problem i modified the class org.apache.tomcat.util.http.mapper.Mapper, so it would not add a trailing slash for an URL like http://host:8080/slide. But since I really don't want to (and usually don't need to) change anything about tomcat, I'd rather have a configuration option for this. I know that the old tomcat4 did not do redirects for this either, so I thought maybe someone would add a config option to revert to that old behaviour. if not, is there a any way to prevent this redirect without modifying tomcat5's source? I'm too lazy to look at the commit log to see what TC 5 version it was changed in, but if you use url-pattern/*/url-pattern for your webdav servlet instead of url-pattern//url-pattern, Tomcat will not send the 302 response for a directory request. Cheers, Edmund - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Authentication for individual apps
Mahesh S Kudva [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All Thanks for the note. May be I was not clear in my earlier mail. I have client authentication using certificates. I want to skip client auth for certain hosted applications on the server but preserve client auth for other apps. On the Connector leave the 'clientAuth' attribute as 'false' (or use 'want', if you really want to be annoying :). Then in the webapps that care setup your web.xml files with something like: login-config auth-methodCLIENT-CERT/auth-method /login-config In this case, any page protected by a security-constraint will force the user to send a client-cert. Unfortunately, most of the production-quality Realms that ship with Tomcat don't support CLIENT-CERT auth. For 4.1.x = tcversion = 5.0.x, there is also a request attribute that you can use to do the same thing. If you need it, search the archives. Regards Thanks Mahesh S Kudva -Original Message- From: Paul Singleton [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 01 Jul 2005 15:32:12 +0100 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva wrote: How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. I believe that, at least under SSL, certificates authenticate *servers* not applications, and that the Connector offers a certificate before it checks, or regardless of, the context path within that server. So you need to deploy each app at a different (virtual) host, each with a different IP address. We do this currently with 5.5.9. You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.5.7 and Log4j
Robert Taylor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings, I'm trying to use Log4j in my web app and I'm having some difficulty. I'm running Tomcat5.5.7 and JDK 1.5.0 I've followed the instructions here: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html -placed log4j.jar and commons-logging.jar in commons/lib -placed log4j.xml in commons/classes -Added the following to the Tomcat startup: -Dlog4j.configuration=file:///D:/j2ee_containers/servlet/tomcat/5.5.7/Tomcat%205.5/common/classes/log4j.xml Don't know exactly what you're trying to do. The URL above is about using log4j for Tomcat internal logging (including HttpServlet.log). If you don't care about this, then just remove the log4j.jar from commons/lib (and log4j.xml from commons/classes just to be clean :). Then you're webapp will use the log4j in WEB-INF/lib and everybody is happy. Alternatively, if you want to use log4j for Tomcat logging as well as for your webapp, then either: 1) remove the log4j.jar from your webapp's WEB-INF/lib and force it to use the one in common/lib. This is good for small sites that want one central place to control all of the logging, and can easily setup common/classes/log4j.xml to handle all webapps that are deployed. 2) move log4j.jar to $CATALINA_HOME/server/lib and log4j.xml to $CATALINA_HOME/server/classes. In this case, this copy of log4j will be used for Tomcat internal logging only. Your webapp will use the copy in WEB-INF/lib, with the configuration that is in WEB-INF/classes. Personally, if you're not a Tomcat developer, I think that this is a questionable use-case since Juli (the default Tomcat logging) is good enough to handle the Tomcat logs in most cases. It looks like Tomcat is finding and recognizing log4j.xml but is failing with the following error in the log file: log4j:ERROR A org.apache.log4j.xml.DOMConfigurator object is not assignable to a org.apache.log4j.spi.Configurator variable. log4j:ERROR The class org.apache.log4j.spi.Configurator was loaded by log4j:ERROR [EMAIL PROTECTED] whereas object of type log4j:ERROR org.apache.log4j.xml.DOMConfigurator was loaded by [WebappClassLoader delegate: false repositories: -- Parent Classloader: [EMAIL PROTECTED] ]. log4j:ERROR Could not instantiate configurator [org.apache.log4j.xml.DOMConfigurator]. I googled for this and didn't find anything relavent. http://www.google.com/search?biw=1266hl=enq=A+%22org.apache.log4j.xml.DOMConfigurator%22+object+is+not+assignable+to+a+%22org.apache.log4j.spi.Configurator%22+variable.btnG=Google+Search Any hints (even if its RTFM with a link) would be great. /robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Test - please[don't] ignore!
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, This is really wierd - I can't post this msg to the list! The Test went through fine, but every time I try and post the msg below, it just disappears. Anyone guess why? Anyone know the answer?!! cheers, David Subject: Get Tomcat's port in startup servlet Body: Hi, I have a servlet which runs on startup. Within it, I need to get the port number that tomcat is using. Does anyone know the best way to do this? Strictly speaking, you want request.getLocalPort(). However, usually you want request.getServerPort() instead. cheers, David |-+ | | David Hay | | | [EMAIL PROTECTED]| | | l.com | | || | | 06/24/2005 09:19 | | | AM | | | Please respond to| | | Tomcat Users| | | List| | || |-+ ---| | | | To: tomcat-user@jakarta.apache.org | | cc: | | Subject: Test - please ignore! | ---| testing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Building tomcat-connectors with ANT
Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Ah. It wasn't clear from your original post which part of the connectors you were trying to build. I was referring to the Tomcat end of things (the Java AJP/HTTP connectors) rather than mod_jk. The following from the dev list might help. Failing that, with the clarification of what it is you want to do, someone else may pitch in with some help. http://marc.theaimsgroup.com/?l=tomcat-devm=50341215849w=2 Yup. The Ant build of mod_jk isn't supported and I don't think that it has worked in a very long time. Use the configure/make option as outlined in the link above. Mark BATCHELOR, SCOTT (CONTRACTOR) wrote: Would you mind pointing me in the right direction for some docs? I really only want to build mod_jk Thanks, -SB -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Monday, June 27, 2005 2:08 PM To: Tomcat Users List Subject: Re: Building tomcat-connectors with ANT BATCHELOR, SCOTT (CONTRACTOR) wrote: Has anyone been successful in this? Yes. Regularly. 4.1.x, 5.0.x and 5.5.x Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rc3.d startup scripts
For Apache 2.0.52, unless you need SSL, you can do worse than: ln -s /usr/local/apache2/bin/apachectl S35apache If you don't mind running as root, you can do the same thing for Tomcat: ln -s /path/to/tomcat/bin/catalina.sh S34tomcat If you are using jsvc, then the Tomcat5.sh script that ships with it is meant to be the start of an rcx.d script. Even if you're not using jsvc, you could always unpack the distro and look at the script as a pattern to start from. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am trying to create a startup script for Solaris for both Tomcat 5.5.9 and Apache 2.0.52. Can anyone tell me how to do that, so that when the box is rebooted it automatically starts Tomcat and Apache. Thank you for your help. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuration question : the number of connections could be supported by a connector in Tomcat 5.0
If you are fronting with Apache, then the mapping between connections and threads is more a function of your MPM. As a result, I'm just going to answer for the stand-alone Connector. In Tomcat 5.0, there is a one-to-one mapping between socket connections and threads. Pipelined HTTP/1.1 keep-alive connections will all use the same thread to process. In 5.5.10+ this will no longer necessarily be the case. It will be possible for Tomcat to handle many (and the value of 'many' is heavily dependent on what your app does :) more socket connections than the configured maxThreads. Feng Xie (fxie) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I like to get some help on how to configure the maximum number of connections could be supported by Tomcat5.0. There is one config attribute called maxThreads, according to Tomcat doc, which isThe maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. . My question comes from the fact that there might be multiple HTTP requests pipelined in each HTTP/1.1 connections, so can we still treat the maxThread as the maxConnections. Thanks in advance, Feng - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3.2.3 / JDK 1.4.2_04-b05
Samit Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, Can somebody help me find out how my tomcat is dying. As far as I know it's not triggered by any url access or memory leak or stack overflow. It dies on it's own( I guess). Is there any kind of hook I can provide that will tell me when it dies? If this subject is already covered , please atleat point me there. Well, as I remember, tomcat dying on 3.2.3 was one of it's major features ;-). This was one of the major reasons for the re-designs in both TC 3.3.x and TC 4.x. Unless you think that you look distinguished after pulling all of your hair out, I'd strongly suggest upgrading ;-). Thanks, Samit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Web Server ServerTokenNotSet Vulnerability
My long-time favorite is server=Microsoft-IIS/5.0 ;-). Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] No idea. Try , , Tin foil hats R us or something similar. I am not even sure this is why your scanner is reporting a problem. Mark Gao, Frank wrote: What the server parameter value should be in order to pass the security scan? -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: Tomcat Users List Subject: Re: Tomcat Web Server ServerTokenNotSet Vulnerability Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.28 w/ MX4J 3.0.1, possible?
Rick [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have been trying to migrate to the latest version of MX4J (3.0.1) from the old 1.1.1 version. And for the life of me, I don't seem to be able to get it to work. I use JMX to communicate to various servers in our webapp to show session info on different nodes, and I would also like to implement some other features.. Old 1.1.1 implementation -- jk2.properties mx.enabled=true mx.jrmpPort=1099 mx.jrmpHost=localhost -- Code -- Hashtable environment = new Hashtable(); environment.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.rmi.registry.RegistryContextFactory); environment.put(Context.PROVIDER_URL,rmi://localhost:1099); JRMPConnector connector = new JMRPConnector(); connector.connect(jrmp, environment); RemoteMBeanServer server = connector.getRemoteMBeanServer(); Ok.. So I replaced jmx.jar with the latest version of mx4j.jar (renamed to jmx.jar) under tomcat_home/bin And replaced or added Mx4j-jmx.jar Mx4j-tools.jar Mx4j-remote.jar To /tomcat_home/common/lib Now, when I start tomcat I get the error.. MX4j RMI adapter not loaded: java.lang.ClassNotFoundException: mx4j.adaptor.rmi.jrmp.JRMPAdaptor Which is correct, since that's not a valid class now, but how do I configure tomcat to properly use the new mx4j. Yep. The jrmp adapter is gone. If I enable mx.httpPort=9000/mx.httpHost=localhost then JMX does enable and I get a pretty little message like... HttpAdapter version 3.0.1 started on port 9000 , but I have no idea at this point how to properly use the HTTP connector. Any info or suggestions to getting the RMI adapter working, or how to use the http adapter, or just the best way to go about Using MX4J, not sure if either is possible with out updating to tomcat 5.5.x. The RMI adapter is gone in mx4j 3.x. There is nothing that Tomat can do about it. You can access the http adapter by simply typing http://localhost:9000 in you favorite browser. The only thing you gain by upgrading to 5.5.x is the ability to use the http adapter in XML instead of HTML. Thanks, Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: After a successful build of tomcat from build.xml, how do I install it?
Optionally copy your build.properties file to .../jakarta-tomcat-5. Then in your .../jakarta-tomcat-5/build.properties file add the property: tomcat.dist=/path/to/my/tomcat/install/dir Then from .../jakarta-tomcat-5 do 'ant dist'. This is the closest to 'ant install' that you can get. The other option (w/o necessarily setting the property above) is to do 'ant release' from the .../jakarta-tomcat-5 directory. That will create the source and binary release .tar.gz and .zip files that you could otherwise install just as if you had downloaded them. In short, the top-level build.xml is just a convenience file. The one with all the power is the one in jakarta-tomcat-5. Clark, Benjamin [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am a Tomcat newbie, having been a Perl webguy for the past 5 years. Because I like to build that which I use from source, I am trying to get Tomcat running on my Linux laptop using a build.xml file from http://jakarta.apache.org/tomcat/tomcat-5.5-doc/build.xml http://jakarta.apache.org/tomcat/tomcat-5.5-doc/build.xml I created a /home/tomcatd/tomcat_build directory, put the build.xml file in there, and then created a build.properties file with base.path=/home/tomcatd/lib $ pwd /home/tomcatd/tomcat_build $ ls build.xml build.properties $ ant ... blah blah blah - build was successful $ ls build.properties jakarta-servletapi-5 jakarta-tomcat-connectors build.xml jakarta-tomcat-5 jakarta-tomcat-jasper jakarta-commons jakarta-tomcat-catalina LICENSE This is all the instructions for 'Building Tomcat' say to do. $ cd jakarta-tomcat-5 $ ls BENCHMARKS.txtcompat NOTICE RUNNING.txt Build CVS RELEASE-NOTES tomcat.nsi BUILDING.txt deployer RELEASE-PLAN-5.0.txt build.properties.defaultKEYS RELEASE-PLAN-5.5.txt build.xml LICENSE resources $ cd build $ ls bincommondocs logs shared tests work classes conf lib servertemp webapps This is the stuff ( I think ) that comes with the pre-compiled distributions. It would seem there is one more step akin to a 'make install' that I need to perform, but I can't seem to find it. Does anyone know what I would need to do to actually install the stuff in the build directory into another directory from which it could be used? Yes, I know I could just copy the stuff out myself, but I would have a nagging feeling there might be an 'ant install' step I should have done that may or may not do more than just copy stuff. Thanks. - Please note that with our change to TD Banknorth, N.A. our e-mail addresses have changed. Please make note of my new e-mail address. And while our name has changed, remember this: Everything else has stayed the same. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.5.9's choice of certificate from keystore
Paul Singleton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I believe that a keystore can legitimately contain many certificates, whether root- or self-signed. How does (and should) Tomcat 5.5.9 choose which of many such certificates to offer when a client makes an HTTPS request? It will use the one with the 'tomcat' alias by default. Is there any way of hinting or telling it which to use (to help me implement multi-IP-address-based virtual root-certified HTTPS hosts)? You can specify the attribute keyAlias=myCertAlias on the Connector element to tell Tomcat which cert to use. (Empirically, it seems to pick an arbitrary root certificate if it can find one, else an arbitrary self-signed one...) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 4/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security constraints in tomcat 4.1.30
Along with what Mark said, you should know that TC 4.1.30 stops checking after the *first* matching constraint (so in your case, the '/*' always wins). Try reversing the order of your constraints in web.xml. As Mark mentioned, this has changed in TC 5.x, and your web.xml should work as written. Angela Stempfel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello all I have a problem concerning Tomcat 4.1.30. In web.xml i defined several security constraint. First of all I protected the whole application and then I excluded the directories with images and css files. Furthermore I defined some roles. pre security-constraint display-nameTCE GUI/display-name web-resource-collection web-resource-nameWEBGui Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/*/url-pattern /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint /security-constraint security-constraint web-resource-collection web-resource-nameImages and CSS Not Protected/web-resource-name url-pattern/images/*/url-pattern url-pattern/css/*/url-pattern http-methodGET/http-method http-methodHEAD/http-method /web-resource-collection /security-constraint security-constraint display-nameDSLAM Configuration/display-name web-resource-collection web-resource-name Access to DSLAM Configuration /web-resource-name url-pattern/DslamConfig/*/url-pattern /web-resource-collection auth-constraint role-namedslamConfig/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/login-error.jsp/form-error-page /form-login-config /login-config security-role role-namedslamConfig/role-name /security-role /pre So my problem is that this works fine with Tomcat 5.0 but not with Tomcat 4.1.30. If I go to the login page, the stylesheet and images are not found when running the Application with version 4.1.30. Also the Security Constraints are not working correctly, this means that a user that hasn't the role dslamConfig is able to enter the following URL: /DslamConfig/* Has anyone some ideas? Thanks a lot Angela - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and RMI client - setup
Nikola Milutinovic [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi all.
This might be a simple question. I have a working RMI client and server. I
have tested it no problem. Now I would like to make a JSP/Servlet that
will act as a RMI client and connect to the RMI server running outside
Tomcat JVM.
I keep running into access permission violations. I understand that I need
to setup security policy, I had that for RMI. One thing than makes me
slightly suspicious, is the fact that when I debug TC/RMI combo, I can see
that my RMI client enters into setting up RMISecurityManager:
if (System.getSecurityManager() == null) {
goes in = System.setSecurityManager( new RMISecurityManager() );
}
Is that OK? I thought TC would setup security manager.
Setting an SM this late could cause wierd problems, depending on what
permissions it doesn't grant, so it's probably at the least a bad idea. TC
only sets up the SM if you start it with '-security'.
Now, my question is, what about Tomcat? If I want to run this, what do I
need to do?
If I get it, I need to:
- setup catalina.policy
- run it with -security option
I'm on Windows XP, how do I enable security mode for TC?
That's the idea. And, as a bonus, it works the same on Linux, Solaris,
OS/X, .
Am I barking up the wrong tree?
Nix.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with precompiled JSP's (2nd Try)
I just checked, and there is indeed NoSuchMethod in Tomcat 5. You need to re-precompile your JSPs using the jspc from Tomcat 5 for it to work. It's not enough to just move the class files over, since they reference the Jasper version that they were compiled with. Mike Baliel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have an application that is currently running under JBoss 3.2.x with Jetty that I would like to get running on Tomcat 5.X. I have precompiled all of the JSP's and mapped them to there respective JSP path in the web.xml. Here is a sample fragment of the web.xml: ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=WebApp display-namemjc_campus_tour/display-name servlet servlet-nametourArea0/servlet-name display-nametourArea0/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea0_jsp/servlet-class /servlet servlet servlet-nametourArea1/servlet-name display-nametourArea1/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea1_jsp/servlet-class /servlet servlet servlet-nametourArea2/servlet-name display-nametourArea2/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea2_jsp/servlet-class /servlet servlet servlet-nametourArea3/servlet-name display-nametourArea3/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea3_jsp/servlet-class /servlet servlet servlet-namefooter/servlet-name display-namefooter/display-name servlet-classcom.atomogy.virtualtour.view.include.footer_jsp/servlet-class /servlet servlet servlet-nameheader/servlet-name display-nameheader/display-name servlet-classcom.atomogy.virtualtour.view.include.header_jsp/servlet-class /servlet servlet-mapping servlet-nametourArea0/servlet-name url-pattern/pages/tourArea0.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea1/servlet-name url-pattern/pages/tourArea1.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea2/servlet-name url-pattern/pages/tourArea2.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea3/servlet-name url-pattern/pages/tourArea3.jsp/url-pattern /servlet-mapping servlet-mapping servlet-namefooter/servlet-name url-pattern/include/footer.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameheader/servlet-name url-pattern/include/header.jsp/url-pattern /servlet-mapping welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list /web-app The error message that I get when trying to run the application on Tomcat is as follows: 2005-05-26 09:33:03 StandardWrapperValve[tourArea0]: Servlet.service() for servlet tourArea0 threw exception java.lang.NoSuchMethodError: org.apache.jasper.runtime.JspRuntimeLibrary.include(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V at com.atomogy.virtualtour.view.pages.tourArea0_jsp._jspService(tourArea0_jsp.java:43) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at
Re: Problem with precompiled JSP's (2nd Try)
Mike Baliel [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Thanks for replying Bill
I have Tomcat 5.0 installed and I checked the jasper-runtime.jar located
at Tomcat5.0\common\lib and in my copy the method exists... ?
Are you looking in jasper-compiler or jasper-runtime?
Admittedly, I'm looking at the 5.5 version (since I removed the 5.0 version
here long ago :). However, I didn't think that there were such major
changes in Jasper between 5.0 and 5.5 (and a quick check of the CVS log
confirms it :). The signature in all recent versions of TC 5.x
jasper-runtimes is:
public static void include(ServletRequest request,
ServletResponse response,
String relativePath,
JspWriter out,
boolean flush)
throws IOException, ServletException {
which is clearly different from your pre-compiled JSPs.
Bill Barker wrote:
I just checked, and there is indeed NoSuchMethod in Tomcat 5.
You need to re-precompile your JSPs using the jspc from Tomcat 5 for it
to work. It's not enough to just move the class files over, since they
reference the Jasper version that they were compiled with.
Mike Baliel [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello,
I have an application that is currently running under JBoss 3.2.x
with Jetty that I would like to get running on Tomcat 5.X. I have
precompiled all of the JSP's and mapped them to there respective JSP
path in the web.xml. Here is a sample fragment of the web.xml:
?xml version=1.0 encoding=UTF-8?
!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd;
web-app id=WebApp
display-namemjc_campus_tour/display-name
servlet
servlet-nametourArea0/servlet-name
display-nametourArea0/display-name
servlet-classcom.atomogy.virtualtour.view.pages.tourArea0_jsp/servlet-class
/servlet
servlet
servlet-nametourArea1/servlet-name
display-nametourArea1/display-name
servlet-classcom.atomogy.virtualtour.view.pages.tourArea1_jsp/servlet-class
/servlet
servlet
servlet-nametourArea2/servlet-name
display-nametourArea2/display-name
servlet-classcom.atomogy.virtualtour.view.pages.tourArea2_jsp/servlet-class
/servlet
servlet
servlet-nametourArea3/servlet-name
display-nametourArea3/display-name
servlet-classcom.atomogy.virtualtour.view.pages.tourArea3_jsp/servlet-class
/servlet
servlet
servlet-namefooter/servlet-name
display-namefooter/display-name
servlet-classcom.atomogy.virtualtour.view.include.footer_jsp/servlet-class
/servlet
servlet
servlet-nameheader/servlet-name
display-nameheader/display-name
servlet-classcom.atomogy.virtualtour.view.include.header_jsp/servlet-class
/servlet
servlet-mapping
servlet-nametourArea0/servlet-name
url-pattern/pages/tourArea0.jsp/url-pattern
/servlet-mapping
servlet-mapping
servlet-nametourArea1/servlet-name
url-pattern/pages/tourArea1.jsp/url-pattern
/servlet-mapping
servlet-mapping
servlet-nametourArea2/servlet-name
url-pattern/pages/tourArea2.jsp/url-pattern
/servlet-mapping
servlet-mapping
servlet-nametourArea3/servlet-name
url-pattern/pages/tourArea3.jsp/url-pattern
/servlet-mapping
servlet-mapping
servlet-namefooter/servlet-name
url-pattern/include/footer.jsp/url-pattern
/servlet-mapping
servlet-mapping
servlet-nameheader/servlet-name
url-pattern/include/header.jsp/url-pattern
/servlet-mapping
welcome-file-list
welcome-fileindex.jsp/welcome-file
/welcome-file-list
/web-app
The error message that I get when trying to run the application on Tomcat
is as follows:
2005-05-26 09:33:03 StandardWrapperValve[tourArea0]: Servlet.service()
for servlet tourArea0 threw exception
java.lang.NoSuchMethodError:
org.apache.jasper.runtime.JspRuntimeLibrary.include(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V
at
com.atomogy.virtualtour.view.pages.tourArea0_jsp._jspService(tourArea0_jsp.java:43)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520
Re: ip-based virtual hosting
Mirko [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I know name-based virtual hosting works great in Tomcat but I am interested in setting up ip-based virtual hosting in standalone Tomcat. Is that possible? It will be possible in TC 5.5.10. It's not possible in any of the currently released versions. /Mirko - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ip-based virtual hosting
Hassan Schroeder [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: I ... am interested in setting up ip-based virtual hosting in standalone Tomcat. Is that possible? It will be possible in TC 5.5.10. It's not possible in any of the currently released versions. ?! Could you explain, please? Because I've currently got several systems running what *I* think of as IP-based virtual hosts using TC 5.0.x and 5.5.x... All TC versions = 5.5.9 use the Host header on the Request to map the Request to a Host. Starting with 5.5.10, it is possible to specify the attribute useIPVHosts=true on the Connector element that will cause Tomcat to use request.getLocalName() to map the Request to a Host, independently of whatever the browser has sent for the Host header. Granted, it was assumed that this option would be mostly useful to people using an AJP/1.3 Connector. However, it will work with the standalone Connector as well. -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Connector + truststore refresh without bouncing tomcat
Diego Ballve [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I'm using ssl client authentication with Tomcat 5.0.28. I have configured it to use my truststoreFile and all works fine there. I have added a feature to my webapp (The freebXML Registry, http://ebxmlrr.sourceforge.net/) to allow the user to register his own certificate when creating an user account. The certificate gets added to truststoreFile and other account details are set. My problem is that the SSL Connector will only read the truststoreFile when it is initialized. What I would like to have something monitoring the keystore file for changes and reload it to to the connector when it happens. I could not find a way to do it yet by checking the source for JSSEConnector (method init() triggers keystore loading). Has anybody done something similar?? Strangely, there seems to be more requests to do this sort of thing. Take a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=34643. It's possible to bounce the Connector using JMX (which probably isn't good enough, since it bounces already-connected sessions as well). Otherwise, no, Tomcat currently initializes the TrustStore on startup, and won't re-initialize it afterwards. As always, patches are always welcome :). Another posibility would be to re-initialize the connector every hour, fo instance. There would be some delay after registration but user could be pacient and wait a bit. Is this easy to achieve/configure?? Thanks, Diego -- Diego Ballve Digital Artefacts Europe http://www.digital-artefacts.fi/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AW: Directory Structure Rationale
Agreed, apps can go anywhere, but what is the advantage to installing admin and manager under /server/webapps, instead of under /webapps? Pfingstl Gernot wrote: You can install your apps whereever you want, you only have to put a context.xml file in conf/[enginename]/[hostname] and set the docBase Attribute to your app directory or war file. -Ursprüngliche Nachricht- Von: Bill Winspur [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 13. Mai 2005 11:44 An: Tomcat Users List Betreff: Directory Structure Rationale In the Tomcat distribution, why are the admin and manger webapps installed under /server/webapps, instead of in /webapps like all other webapps? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Directory Structure Rationale
In the Tomcat distribution, why are the admin and manger webapps installed under /server/webapps, instead of in /webapps like all other webapps? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem starting jrmp service in tomcat 5.5.9 ?
Ah, yes, there was another reason to deprecate JkMX :). mx4j no longer ships with the jrmp Adapter. You need to downgrade your mx4j to version 1.1. Pankaj Bhatnagar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi I am trying to upgrade from Tomcat 5.0.x to Tomcat 5.5.9. I have an application that used to monitor Tomcat 5.0.x by connecting to the jrmp service and retreiving the MBeanServer. I used to enable the jrmp service by adding the 2 lines : mx.port= mx.jrmpPort=1099 to the jk2.properties file in the /conf folder. This does not work with Tomcat 5.5.9 :( I added these 2 lines to the jk2.properties file but found that there was no change in Tomcat starting up. I realized that the jk2.properties file was not being read by default. I then added the attribute propertiesFile=/conf/jk2.properties to the AJP Connector definition in the server.xml file. Now I get the following : May 13, 2004 1:16:35 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 May 13, 2004 1:16:35 PM org.apache.jk.common.JkMX init INFO: Can't enable log4j mx: java.lang.ClassNotFoundException: org.apache.log4j.jmx.HierarchyDynamicMBean at java.net.URLClassLoader$1.run(URLClassLoader.java:199) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:187) at java.lang.ClassLoader.loadClass(ClassLoader.java:289) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at ava.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:141) at org.apache.jk.common.JkMX.registerObject(JkMX.java:382) at org.apache.jk.common.JkMX.init(JkMX.java:341) at org.apache.jk.server.JkMain.start(JkMain.java:326) at org.apache.jk.server.JkCoyoteHandler.start(JkCoyoteHandler.java:200) at org.apache.catalina.connector.Connector.start(Connector.java:1001) at .. May 13, 2004 1:16:35 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/79 config=/conf/jk2.properties Now I dont understand whether the service started successfully or not ? How can I check whether the service started or not ? I am not able to connect to the service through code. Could please help me as to how I can enable the jrmp service in Tomcat 5.5.9 and retreive the MBeanServer programatically ? Also, how do I start Tomcat in debug mode where will I get the debug messages ? Thanks in advance Pankaj Bhatnagar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to change the port for jmx in tomcat 5.5.9 ?
Well, firstly JkMX is deprecated in 5.5 in favor of javax.management.remote. To use JkMX anyway, you need to either specify the properties directly on the Connector (e.g. mx.jrmpPort=1099) or specify the location of the properties file (e.g. propertiesFile=conf/jk2.properties) Pankaj Bhatnagar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi I used to change the port for jmx by specifying the property : jrmpPort=1099 in the jk2.properties file while using Tomcat 5.0.28 After adding this property when I started Tomcat I used to get the following in the console : May 11, 2005 12:57:22 PM org.apache.jk.common.JkMX loadAdapter INFO: Creating Naming:name=rmiregistry May 11, 2005 12:57:22 PM org.apache.jk.common.JkMX loadAdapter INFO: Creating Adaptor:protocol=jrmp on host localhost at port 1099 May 11, 2005 12:57:22 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=15/328 config=D:\Apps\tomcat5.0.19\conf\jk2.properties I made the same changes to the jk2.properties file in Tomcat 5.5.9, but it seems that it does not read the jk2.properties file. I get the following in the console : May 11, 2005 10:55:32 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null Could someone help me out as to what I am missing in this ? Thanks Pankaj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring Separate Instances Using CATALINA_BASE
Peter, thanks for your tomcat instance (Catalina_base) installation process. It has been very helpful, but I have couple of questions (interleaved with your information, below). Hey Bill, here my simple catalina.base installation description: install jakarta-tomcat-5.5.x mkdir node1 cd node1 mkdir bin conf temp logs webapps work cd bin Since what follows, edits the startup scripts, I presume the above steps included a copy of $CATALINA_HOME/bin/ contents to node1/bin/ # windows edit startup.bat set CATALINA_BASE=.. set [EMAIL PROTECTED]@ set CATALINA_OPTS=-server [EMAIL PROTECTED]@m [EMAIL PROTECTED]@m %CATALINA_HOME%\bin\catalina run %1 %2 %3 %4 %5 %6 %7 %8 %9 edit shutdown.bat set CATALINA_BASE=.. set [EMAIL PROTECTED]@ %CATALINA_HOME%\bin\catalina stop %1 %2 %3 %4 %5 %6 %7 %8 %9 # unix edit startup.sh #!/bin/sh export CATALINA_BASE=.. export [EMAIL PROTECTED]@ export [EMAIL PROTECTED]@/logs/catalina.pid export CATALINA_OPTS=-server [EMAIL PROTECTED]@m [EMAIL PROTECTED]@m exec $CATALINA_HOME/bin/catalina.sh run $@ the following should be edit shutdown.sh, right? edit startup.sh #!/bin/sh export CATALINA_BASE=.. export [EMAIL PROTECTED]@ export [EMAIL PROTECTED]@/logs/catalina.pid exec $CATALINA_HOME/bin/catalina.sh stop $@ # unix cd ../conf and use cp cd ..\conf copy @[EMAIL PROTECTED]/\server-minimal.xml server.xml copy @[EMAIL PROTECTED] copy @[EMAIL PROTECTED] # only tomat 5.5 copy @[EMAIL PROTECTED] # optional copy @[EMAIL PROTECTED] copy @[EMAIL PROTECTED] mkdir Catalina\localhost # install manager app that reference the app inside catalina.home copy @[EMAIL PROTECTED] The above step of copying manager.xml (which is an xml fragment defining a tomcat context) raises a couple of questions: 1. Should we also copy admin.xml ? (we assign its security role to a user below) 2. Having our tomcat instance use the manager and admin files in $CATALINA_HOME/server/webapps means that those apps will be shared by all tomcat instances on a given host. This seems unsafe. If multiple instances need to use manager and/or admin, I assume we should copy these apps into our new instance (node1/webapps/ in this case) and adjust the the context definitions in node1/con/Catalina/local host accordingly. edit tomcat-users.xml # add role rolename=manager/ role rolename=admin/ user username=manager password=tomcat roles=manager,admin/ edit server.xml # change ports or at your special server.xml config elements cd ..\bin startup # Tomcat works # install you apps with copy to webapps or with manager app # next instance - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Configuring Separate Instances Using CATALINA_BASE
I'm experimenting with creating a separate Tiomcat instance from the distribution, using $CATALINA_BASE, with the goal of setting up an instance that provides the admin and manager apps distributed with Tomcat, plus my own applications. At present progress is slow because I am unsure of how to provide the manager and admin apps in my new instance. I started with O'Reilly's Tomcat book (very useful), which on p 56, has a section 'Relocating the Web Applications Directory' . Unfortunately, the book does not mention that the /shared directory is also located via $CATALINA_BASE, and does not discuss relocating the admin and manager apps or why they occupy their own /server/webapps directory, instead of just residing in /webapps). Various howto's on non-jakarta, mostly edu, sites have filled the picture in somewhat, but I still do not know why the /server directory is used to hold the admin and manager apps in the distribution. Also, the following from the tomcat documentation Introduction is very misleading: /Throughout the docs, you'll notice there are numerous references to *$CATALINA_HOME*. This represents the root of your Tomcat installation. When we say, This information can be found in your $CATALINA_HOME/README.txt file we mean to look at the README.txt file at the root of your Tomcat install./ /These are some of the key tomcat directories, all relative to *$CATALINA_HOME*:/ * /*/bin* - Startup, shutdown, and other scripts. The |*.sh| files (for Unix systems) are functional duplicates of the |*.bat| files (for Windows systems). Since the Win32 command-line lacks certain functionality, there are some additional files in here./ * /*/conf* - Configuration files and related DTDs. The most important file in here is server.xml. It is the main configuration file for the container./ * /*/logs* - Log files are here by default./ * /*/webapps* - This is where your webapps go/. In fact, it seems that /conf /logs, and /webapps are actually resolved by tomcat as relative to $CATALINA_BASE, which is set by tomcat to the value in CATALINA_HOME if it is not explicitly specified when tomcat is launched. *Questions* -- * I have not been able to find a section of the documentation that deals with setting up usage-specific instances by exploiting $CATALINA_BASE. Can somebody direct me to the documentation if it exists? * Should admin and manager be copied and to and installed in a special-purpose-instance's /webapps directory, or can they be safely shared from the distribution by all instances that need them? * What is the rationale for installing admin and manager under /server in the distribution ? * Is /server interpreted relative to $CATALINA_BASE or $CATALINA_HOME Thanks for your attention, Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.0.28; Struts 1.2.4 - - FileUploadException
Hi All - We are using the Struts fileupload. Periodically (on the order of 100 of 3000 uploads) we get the error below where the upload request fails with a Read timed out: SEVERE: Failed to parse multipart request org.apache.commons.fileupload.FileUploadException: Processing of multipart/form-data request failed. Read timed out at org.apache.commons.fileupload.FileUploadBase.parseRequest(FileUploadBase .java:429) at org.apache.struts.upload.CommonsMultipartRequestHandler.handleRequest(Co mmonsMultipartRequestHandler.java:195) Does anyone know where and how to reset the time out interval for the fileuploader in an effort to get around this issue? Or is there another fix? or there a known issue with the fileuploader? Thanks! -- William J. Sweeney| ChartOne, Inc. 617.648.4764 voice [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Launching an embedded Tomcat from Maven 1.x
Since you are using Embedded, your class needs to be loaded by the same
ClassLoader that loads Tomcat.
You might want to look at the examples for loading Tomcat from ant in
commons-modeler, as an alternative way of doing what you want.
Alonso Dominguez [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi there!
I'm working to embed a Tomcat server as a servlet container inside an
Avalon Framework with a Loom engine. I looked for information how to
launch the Catalina service from Java and finally I wrote the next
file:
package org.jlabase.framework.tomcat.startup;
import java.io.File;
import java.net.InetAddress;
import org.apache.catalina.*;
import org.apache.catalina.connector.*;
import org.apache.catalina.realm.*;
import org.apache.catalina.startup.*;
import org.apache.tomcat.util.*;
import org.jlabase.framework.tomcat.*;
/**
* @author a href=mailto:[EMAIL PROTECTED]A. Alonso Dominguez/a
* @version 1.0
*/
public class TomcatImpl implements Tomcat {
private String path = null;
private Embedded catalina = null;
private Host host = null;
private Context rootContext;
private int port = 8080;
public String getPath() {
return path;
}
public void setPath(String value) {
path = value;
}
public int getPort() {
return port;
}
public void setPort(int value) {
port = value;
}
public void start() throws Exception {
Engine engine = null;
// Create an embedded server
catalina = new Embedded();
catalina.setCatalinaHome(getPath());
// Set the MemoryRealm
MemoryRealm mr = new MemoryRealm();
catalina.setRealm(mr);
// Create an engine
engine = catalina.createEngine();
engine.setDefaultHost(localhost);
// Create a default virtual host
host = catalina.createHost(localhost, getPath() + /webapps);
engine.addChild(host);
// Create the ROOT context
rootContext = catalina.createContext(, getPath() + /webapps/ROOT);
rootContext.setReloadable(false);
rootContext.addWelcomeFile(index.jsp);
host.addChild(rootContext);
// Create the Manager context
Context managerCtx = catalina.createContext(/manager, getPath() +
/webapps/manager);
managerCtx.setPrivileged(true);
host.addChild(managerCtx);
// Assemble the container hierarchy
catalina.addEngine(engine);
// TODO Repair the Connector bug
String addr = null;
Connector connector = null;
InetAddress address = null;
try {
connector = new Connector();
connector.setSecure(false);
address = InetAddress.getLocalHost();
if(address != null) {
IntrospectionUtils.setProperty(connector, address, address.toString());
}
IntrospectionUtils.setProperty(connector, port, new
Integer(getPort()).toString());
}
catch(Exception e) {
e.printStackTrace();
}
connector.setEnableLookups(false);
catalina.addConnector(connector);
catalina.start(); // Starts the embedded server
}
public void stop() throws Exception {
catalina.stop();
}
public static void main(String args[]) {
System.out.println(Creating server instance...);
TomcatImpl tomcat = new TomcatImpl();
tomcat.setPath(
new File(System.getProperty(jlbframework.tomcat.home,
System.getProperty(basedir, .))).getAbsolutePath()
);
try {
System.out.println(Using CATALINA_HOME = + tomcat.getPath());
System.out.println(Starting server on port + tomcat.getPort());
tomcat.start();
//tomcat.catalina.setAwait(true);
}
catch(Exception e) {
e.printStackTrace();
}
}
}
My intention is to configure the Catalina service from this class and
use a simple Ant-like script in Maven to launch the main method of
this class. So, my next step was write the maven.xml file, this is:
project xmlns:ant=jelly:ant xmlns:j=jelly:core
xmlns:u=jelly:util default=loom:sar
goal name=jlbframework:tomcat-init
ant:path id=tomcat.classpath
j:forEach var=artifact items=${pom.artifacts}
j:set var=dependency value=${artifact.dependency} /
j:if test=${dependency.getProperty('sar.bundle')=='true'}
ant:fileset
dir=${maven.repo.local}/${dependency.artifactDirectory}/jars
prefix=lib
ant:echoAdding artifact: ${dependency.artifact} to the
Tomcat classpath./ant:echo
ant:include name=${dependency.artifact} /
/ant:fileset
/j:if
/j:forEach
ant:pathelement path=${jlbframework.tomcat.home}/conf /
/ant:path
/goal
goal name=jlbframework:tomcat-start
prereqs=jar:jar,jlbframework:tomcat-init
ant:echoStarting Tomcat in stand-alone mode.../ant:echo
ant:java jar=${maven.build.dir}/${maven.final.name}.jar
fork=true maxmemory=15M failonerror=true
classpathref=tomcat.classpath
ant:sysproperty key=basedir value=${basedir} /
ant:sysproperty key=jlbframework.home value=${jlbframework.home}
/
ant:sysproperty key=jlbframework.tomcat.home
value=${jlbframework.tomcat.home} /
/ant:java
/goal
/project
And this are the contents of the project.properties file:
jlbframework.home=${basedir}/../..
jlbframework.tomcat.home=${basedir}
maven.xdoc.date=left
maven.xdoc.version=${pom.currentVersion}
maven.eclipse.resources.addtoclasspath=true
Many hosts sharing servlets
I am moving from jserv to tomcat. I have 100+ servlets and classes that I want to be available to up to 100 virtual hosts. The server I am moving to runs RHE3 with Apache2, Plesk and Tomcat4. Plesk only supports the mod_webapp connector. I can't find much info on mod_webapp but it seems to me that each virtual host must have its own webapps deployed. So I have tried to put all the classes into /var/tomcat4/shared/classes. In each host, I deploy a servlets.war file that contains only the following WEB-INF/web.xml file - ?xml version=1.0 encoding=ISO-8859-1? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app display-nameGlogal servlets/display-name description Global servlets. /description servlet-mapping servlet-nameinvoker/servlet-name url-pattern/*/url-pattern /servlet-mapping /web-app This is working on the few hosts I tried so far. I can link to a servlet using http://a-host.com/servlets/MyServlet. Questions Is there a better way to do this ? Will tomcat be using hugely more memory than jserv was ? Should I abandon Plesk, use Cpanel and configure apache/tomcat manually (but I don't want to have to ssh in and configure each new host manually) ? Thanks Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Many hosts sharing servlets
Thanks for your quick reply. Yes I have read the pros cons and I would prefer not to use the invoker but the work in updating many webapps each time a servlet changes is daunting, particularly using Plesk. Bill - Original Message - From: QM [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 20, 2005 8:48 PM Subject: Re: Many hosts sharing servlets On Wed, Apr 20, 2005 at 05:06:00PM +1000, Bill Sutton wrote: : I have 100+ servlets and classes that I want to be available to up to 100 : virtual hosts. : So I have tried to put all the classes into /var/tomcat4/shared/classes. : In each host, I deploy a servlets.war file that contains only the following : [snip: web.xml with Invoker servlet] : Questions : Is there a better way to do this ? Better depends on your goals, but most a lot of people would say that using the invoker has its pros and cons. Mostly cons. =) (See the archives for why.) You could just JAR up the 100+ servlet classes and drop them in each webapp's WEB-INF/lib. Next, write something to create a set of proper servlet/ and servlet-mapping/ entries for those servlets. This is a one-time hit that will pay off long-term. : Will tomcat be using hugely more memory than jserv was ? Depends on your app. Only a load test + profiling will let you know. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JSPc excludes?
Guys, I've been using the JSPc task (org.apache.jasper.JspC) to compile a set of JSPs. So far so good, but I now want to exclude a few of the JSPs from being precompiled. Unfortuntely, there's no attribute (that I know of) in the JSPc task to do this. Am I missing something here? Thanks, --Bill
Re: JSPc excludes?
Guys, Sorry to ask a redundant question -- I looked on the list archives and found my answer: http://marc.theaimsgroup.com/?l=tomcat-userm=110607458931449w=2 No possiblity of doing excludes. I'm going to try to hack in this functionality to the org.apache.jasper.JspCclass but I'm unclear as to how it's working. First off, the class doesn't extend org.apache.tools.ant.Task. Anyone know how this class actually works? Thanks, --Bill On 4/18/05, Bill Lynch [EMAIL PROTECTED] wrote: Guys, I've been using the JSPc task (org.apache.jasper.JspC) to compile a set of JSPs. So far so good, but I now want to exclude a few of the JSPs from being precompiled. Unfortuntely, there's no attribute (that I know of) in the JSPc task to do this. Am I missing something here? Thanks, --Bill
Re: jsvc.exec error: syscall failed in set_caps
Georges Roux [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks much for sharing your solution with the group -- this will help people when they search the archives. -QM Well hm, bad news, the probleme is already here and I don't have the solution. Yeah, well, check out http://issues.apache.org/bugzilla/show_bug.cgi?id=33154. Sorry Georges - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Developing custom Realm
The archives are your friend. For example: http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg150366.html. alebu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi! I was searching for any documentation about developing custom Realm for Tomcat but did'nt found anything. Could someone point me in the right direction? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[6]: Tomcat/4.1.31 - SSL Troubles
Andrey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Wednesday, April 13, 2005, 10:17:42 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Just a basic guesswork... Assuming the code does not differentiate between ssl and non-ssl, could it be a browser specific problem? Also, can you see it from local machine, i.e. https://localhost:8443/...? Just my 2 pence... No difference between local/remote. I don't think it's network/browser related problem. Thanks to Jason.. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Wed, 13 Apr 2005 19:38:50 GMT Server: Apache-Coyote/1.1 What can i do ? :) MSIE is sending the wrong Host header (it's known to do that :), so the Location is bad on the response (it's asking MSIE to connect to port 443). What you can do is: 1) Use FireFox. 2) Configure the connector to run on the default port of 443. 3) Get MS to fix their browser. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat user 'roles' question
Wendy Smoak [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] From: Bill Barker [EMAIL PROTECTED] Custom Realms really aren't all that hard. You typically create a class that extends RealmBase (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/realm/RealmBase.html, changing the '5.5' to the TC version you care about, unless it's 3.3 where the package is different). Then you override the 'getPassword(String)' (returns the db-password of the user), the 'getPrincipal(String)' (returns the userPrincipal for the user), and the 'getName()' (returns the name of the realm -- any identifying string). If you return anything but a o.a.c.realm.GenericPrincipal from getPrincipal, then you'll have to override the 'hasRole(Principal, String)' method as well. Thank you, that gives me a place to start. But I don't want to _authenticate_ the user at all... that's done elsewhere (one of two different places, actually,) and handled by a Filter. And yet I realize that somehow Tomcat has to know who the user is. :/ If I create a realm and configure it, will I be able to circumvent the user getting prompted for a userID and password? Can I (in the Filter) place a GenericPrincipal object in the session under some key? I'm really only after the programmatic security of isUserInRole(...) here, but would like to stick to the standard way of doing things as much as possible. The Realm will populate the 'userRoles' only if they are accessing a protected page (one that is under a security-contraint), so it doesn't change prompting. And, no, a normal Filter can't set the userPrincipal, since that requires access to Tomcat internals. You could use a Valve, but it sounds like for what you want, you could simply wrap the HttpServletRequest in your Filter with a wrapper that overrides isUserInRole. If anything, this would be more 'the standard way', since then your app would also be portable to another Servlet Container. -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Clean shutdown? Can sessions survive a jsvc stop/start ?
August Detlefsen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] In TC 5.5.7, the tomcat start/stop script for Linux/Solaris (/etc/init.d/tomcat) stops tomcat by simply killing the process: stop) # # Stop Tomcat # PID=`cat /var/run/jsvc.pid` kill $PID ;; Do user sessions ever get a chance to be serialized if tomcat is stopped in such a manner? They do if you're not using the broken version of jsvc that ships with Tomcat. The non-buggy jsvc program catches SIGTERM and performs a clean shutdown of Tomcat. I have noticed that users are forced to login again (we determine login status based on an object in a user's session) after tomcat restarts and I need to know if the object is getting serialized at all. Is there a better stop procedure? Nope. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat user 'roles' question
Yeah, but writing your own custom UserDatabase is usually harder than writing your own custom Realm (at least four classes vs. one.). It does have the advantage that (in theory) it should work with the admin webapp ;-). Custom Realms really aren't all that hard. You typically create a class that extends RealmBase (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/realm/RealmBase.html, changing the '5.5' to the TC version you care about, unless it's 3.3 where the package is different). Then you override the 'getPassword(String)' (returns the db-password of the user), the 'getPrincipal(String)' (returns the userPrincipal for the user), and the 'getName()' (returns the name of the realm -- any identifying string). If you return anything but a o.a.c.realm.GenericPrincipal from getPrincipal, then you'll have to override the 'hasRole(Principal, String)' method as well. One strategy is to just do the above, and you are done. The other is to implement the required overrides (except 'getName') to return null, and override the 'authenticate(String, String)' method. Whichever works better with your DB. Jerome Jar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I think you can modify the UserDatabase part in server.xml, to change the authentiation to use in your own way. On Apr 9, 2005 1:41 AM, Wendy Smoak [EMAIL PROTECTED] wrote: The only exposure that I have to this is configuring tomcat-users.xml so I can use the manager webapp, so please bear with me. I've got several web front-ends for a non-JDBC database. There is a 'green screen' (telnet) app running against the DB that uses a system of user security classes to which different 'screens' are assigned. That data is stored in the DB itself. We've fit the web front end into this system by assigning each 'page' of the webapp a 'screen id', so that the admin can define who sees what in a single place. What I'm wondering is if there's any hope of using this data with the existing request.isUserInRole() method. (The security classes are (loosely) roles.) I only need to deal with authorization. Authentication is handled separately by a Filter that redirects elsewhere to make them log in. Can someone point me in the right general direction? Everything Google turns up starts in with configuring a JDBC or JNDI realm, and I don't think that part of it will ever work with this database. Would I end up defining my own kind of a Realm? Confused, -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3 and Tomcat 5 on JDK 1.3 and JDK 1.5 respectively
I routinely run TC 3.3.2 on JDK 1.4.x (and even occationally on 1.5.x :) without any problems. I haven't used TC 3.2.3 in very many years, so I don't know. I'd guess that it would run ok, except possibly if you are using SSL. Fredrik Liden [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know if this configuration is possible on one computer? The reason for the two different JDKs is that I'm guessing that Tomcat 3.23 isn't compatible with jdk 1.5 or even 1.4 or is it? So I guess the question is if it's in Catalinas startup config files it's possible to specify different JAVA_HOMEs. Anyone have any experience with running different versions like this? Any input would be appreciated. Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.27 context MBeans
I don't believe that TC 4 registers the webapp's classloader with JMX (only the Catalina Loader). You'll need TC 5 for that. Sheykhet, Rostic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I would like to deploy my webapp along with custom mbeans. I have LifeCycleListeners enabled, and I can get a hold of MBeanServer object from my webapp's servlet code, list mbeans, etc. I cannot call the MBeanServer.createMBean() method because all of my mbean-related classes are only known to the webapp's class loader. I would like the mbean classes to not be shared and to remain in the WAR file. How can I pass the webapp's class loader to the MBeanServer? I've read the mbean descriptor howto, but found no suitable answers there. Thanks, Rostic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apply SSL using tomcat 3.3.1a and JDK 1.3.1
Marcus Nugroho [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, Is it possible to apply SSL on tomcat 3.3.1a using JDK 1.3.1 ? We have succeeded for Tomcat 3.3.1a using JDK 1.4.2. unfortunately, the application required JDK 1.3.1 Does anyone have similar experince about this ? You need to download JSSE 1.0.x from Sun, and copy the jars to $TOMCAT_HOME/lib/common. After that, it's just like with JDK 1.4.x. Thanks, Marcus. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Well I have more info now. I turned on debugging and saw that I'm getting a 'null cert chain' SSLHandshakeException. So, I started from scratch and went through each of my steps one by one and I've apparently got one of them wrong. Now when I do these steps: # Create a private key and certificate request for your own CA: openssl req -new -subj /C=US/ST=New York/L=New York/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit This is either/or with truststoreFile (which, since you are using 4.1.x, is done with the -Djavax.net.ssl.trustStore=/path/to/trust.store; for TC 3 5 it's configured like keystoreFile). However, you need to trust your CA cert (i.e. -trustcacerts). This (and everything I've said before) is assuming that you're using the Coyote Connector. I don't really remember how the (deprecated) Http11Connector works (and don't care enough to look it up :). # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit It's good practice to import the server CA as well, so that JSSE can send the entire chain, but at this point, I imagine you just want it to work ;-). It's also necessary if you are pointing your truststore to your keystore. I get a 'Failed to establish chain from reply' exception at his point. Since you re-created your CA, you would need to re-import it into your browser. However, I'm guessing that it's because of the lack of trust mentioned above. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem
Re: Help with SSL Cert config
You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
clientAuth=true; non-SSL?
Hello folks - I am working with Tomcat 5.0.28; j2sdk 1_4_2_07 The question is this: Do I need an SSL connection in order to get Tomcat to force the presentation of a client side certificate? In other words, I only want to force authentication, not wrap the connection in SSL. Here is the connector config: Connector port=8080maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 scheme=http secure=true clientAuth=true acceptCount=100keystoreType=JKS keystoreFile=C:\j2sdk1.4.2_07\bin\client.keystore keystorePass=changeit debug=0 connectionTimeout=2 disableUploadTimeout=true / The result is that I am not able to access the page at port 8080, but I am not getting the normal certificate request either. Any help welcome and appreciated! - wjs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[QUAR]Re: clientAuth=true; non-SSL?
Thanks QM - Agreed. No way around SSL, as the client certificate request is dependent on the SSL handshake. For those in the list who have followed these links while building their own keystores and self signed certs and client certs for authentication: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html#SSL%20S upport http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#genkey Cmd http://mark.foster.cc/kb/openssl-keytool.html I needed to add to the Java Options: -Djavax.net.ssl.trustStore=[path to]\myClient.keystore -Djavax.net.ssl.trustStorePassword=mypassword Else the server was not finding the client.keystore and was throwing bad_certificate errors. Now works fine. Tested in IE6 and Firefox. - wjs -Original Message- From: QM [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:10 PM To: Tomcat Users List Subject: [QUAR]Re: clientAuth=true; non-SSL? On Wed, Mar 23, 2005 at 01:21:11PM -0800, Sweeney, Bill wrote: : The question is this: Do I need an SSL connection in order to get : Tomcat to force the presentation of a client side certificate? In other : words, I only want to force authentication, not wrap the connection in : SSL. If you want to force authentication using certs (which is what clientAuth is all about) then I don't see a way around SSL. The cert exchange takes place during the SSL handshake. If you want to just protect access to certain areas of the webapp, check the Tomcat docs for realms and skim the servlet spec for FORM authentication. -QM -- software -- http://www.brandxdev.net/ tech news -- http://www.RoarNetworX.com/ code scan -- http://www.JxRef.org/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]RE: Address localhost:8080 already in use
try %catalina_home%\bin\catalina stop Has always worked for me. - wjs -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:52 PM To: Tomcat Users List Subject: [QUAR]RE: Address localhost:8080 already in use I killed the java processes that were bound to 8080 but there must be a better way. I'm sure I'm not the only one that accidentally tried to start tomcat 2 times. -Original Message- From: Folashade Adeyosoye [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 4:42 PM To: 'Tomcat Users List' Subject: RE: Address localhost:8080 already in use Reboot ! -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 23, 2005 7:30 PM To: Tomcat Users List Subject: Address localhost:8080 already in use Here is a big problem that I've run into so many times. I run start tomcat. And then by accident I start it again while it is running. After that I can't shut it down again. And if I try to run it it says the address is in use. Have someone found any solution to this problem? Any suggestions would be appreciated. /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CERT Vulnerability Note VU#204710 on Tomcat 3.x
Jess Holle [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] This vulnerability note has to be amongst the most vague and least informative I've ever seen. It says that Tomcat 3.x and AJP12 has an issue and that the issue is not present in Tomcat 5. What about Tomcat 4 and 4.1? What about AJP13? The report simply does not address any of these variations. AJP12 is deprecated in Tomcat 3.3.x, and isn't supported at all in Tomcat = 4. At a guess, the AJP13 variant of it is http://issues.apache.org/bugzilla/show_bug.cgi?id=31204. On the other hand, any production installation should block communication on the AJP 12 or AJP13 port except where it is coming from Apache. This completely addresses the vulnerability irrespective of version. -- Jess Holle [EMAIL PROTECTED] wrote: Hi, CERT released a vulnerability note on Tomcat 3.x last week. See the following url for details: http://www.kb.cert.org/vuls/id/204710 We are running two configurations of Apache and Tomcat: Apache v1.3.27 with Tomcat v4.1.29 Apache v1.3.27 with Tomcat v4.0.6 I'm trying to determine if these versions of Tomcat are vulnerable. Can anyone confirm or deny? If you like, respond to summers_ed () emc ! com Thanks, Ed - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Howto MBean
Tomcat doesn't have an automatic MBean deployment option for a Context.
You'll need a ServletContextListener (or otherwise) to register your
application MBeans.
Note that with commons-modeler 1.1 (which ships with Tomcat 5), it is no
longer necessary to include your mbeans-descriptor.xml in the
ServerLifecycleListener. commons-modeler will automagically load it when
your MBeans are registered.
Kris Balle Kristensen [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hi there,
I have written a bunch of MBeans for JBoss, but I can't figure out how
to do it for Tomcat5 :(. I have google'd a lot of pages containing the
MBean keyword, but have yet to find a tutorial for MBeans deployed on
Tomcat5.
My scenario:
I need a persistent object in Tomcat (trigger mechanism) that will be
triggered when a certain time of day (like midnight) is up. Furthermore
I need some kind of cache for some of my beans. This cache should be
callable from any jsp page if so desired. I'm not sure if MBean would be
the right approach, but anyway this is what I normally use with JBoss.
What I need is an MBean example written for Tomcat5 including example
descriptors for same. I have tried to do this myself, but it looks like
my Mbean doesn't get deployed on startup of Tomcat. I can't see it in
the Tomcat log.
In the test example below, the Mbean is just suppose to show the current
datetime when the getShowTime (attribute showTime) gets activated. Also
the System.outs should be printed out during init/start/stop/destroy of
this MBean, but nothing happens.
I have tried the following:
In server.xml I added the following:
Listener className=org.apache.catalina.mbeans.ServerLifecycleListener
debug=0
descriptors=/mbean/test/mbean-descriptors.xml/
Listener
className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener
debug=0/
In mbean/test/mbean-descriptors.xml:
mbean name=mbean.test.ShowTimeMBean
className=org.apache.catalina.mbeans.ClassNameMBean
description=Shows the current time
domain=Catalina
group=ShowTime
type=mbean.test.ShowTime
attribute name=timeNow
description=Shows the current time
type=java.lang.String
writeable=false/
operation name=start description=Start impact=ACTION
returnType=void /
operation name=stop description=Stop impact=ACTION
returnType=void /
operation name=init description=Init impact=ACTION
returnType=void /
operation name=destroy description=Destroy impact=ACTION
returnType=void /
operation name=showDateTimeNow description=showDateTimeNow
impact=ACTION returnType=java.lang.String /
/mbean
In package test.mbean:
public class ShowTime {
private String showTime;
public String getShowTime() {
SimpleDateFormat sdf = new SimpleDateFormat(-MM-dd
tt:mm:ss);
showTime = sdf.format(new Date());
return showTime;
}
public void start() {
System.out.println(start called..);
}
public void stop() {
System.out.println(stop called..);
}
public void init() {
System.out.println(init called..);
}
public void destroy() {
System.out.println(destroy called..);
}
}
public class ShowTimeMBean extends BaseModelMBean{
String timeNow = null;
protected MBeanServer mserver;
protected ManagedBean managed;
public ShowTimeMBean() throws MBeanException,
RuntimeOperationsException {
initialize();
}
public ShowTimeMBean(ModelMBeanInfo modelMBeanInfo) throws
MBeanException, RuntimeOperationsException {
super(modelMBeanInfo);
initialize();
}
public ShowTimeMBean(String s) throws MBeanException,
RuntimeOperationsException {
super(s);
initialize();
}
public ShowTimeMBean(String s, ModelerSource modelerSource) throws
MBeanException, RuntimeOperationsException {
super(s, modelerSource);
initialize();
}
private void initialize() {
registry = MBeanUtils.createRegistry();
mserver = MBeanUtils.createServer();
managed = registry.findManagedBean(ShowTime);
}
public void start() {
System.out.println(ShowTimeMBean::start called..);
}
public void stop() {
System.out.println(ShowTimeMBean::stop called..);
}
public void init() {
System.out.println(ShowTimeMBean::init called..);
}
public void destroy() {
System.out.println(ShowTimeMBean::destroy called..);
}
public String showDateTimeNow() {
ShowTime st = (ShowTime)resource;
timeNow = st.getShowTime();
return timeNow;
}
public String getTimeNow() {
return timeNow;
}
}
Everything gets deployed using a .war file.
Can any of you point me in the right direction?
Regards.
Kris
-
To unsubscribe,
Re: Authentication for streaming file (OT)
Have you tried other browsers than MSIE? If it works for FireFox, then
you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750.
Mark Leone [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Slightly off-topic -- Tomcat related
I have a servlet that is invoked by clicking a hyperlink that is rendered
by a JSP running in Tomcat. The servlet receives a file path parameter in
the HTTP request, and then streams that file to the requesting client. I
have a security-constraint/ defined in Tomcat for the JSP, requiring
basic password authentication. However, if I define the
security-constraint/ so that it applies to the servlet also, then the
following error occurs when the servlet attempts to stream the file to the
client.
The browser presents the file info and prompts to save or open the file,
but then when the actual streaming is attempted, the browser reports that
the site is unreachable. This is apparently caused by the lack of any
authentication during the file streaming operation, because when I define
the security-constraint/ so that it applies to the JSP but not the
servlet, the problem does not occur. I don't really understand why it
behaves this way, since the servlet was invoked with proper authorization,
and the problem occurs only when the servlet starts streaming a file to
the client. But it does seem to be an authorization problem, since it goes
away when I don't constrain the servlet for authentication. I can operate
this way, but then my JSP is protected and the servlet is not.
Is there a way to specify authentication parameters during the file
streaming operation? Does anyone have an explanation for what I'm
experiencing? Here's my servlet code:
public class FileSender extends HttpServlet{
protected void doGet(HttpServletRequest request,
HttpServletResponse response)
throws ServletException, IOException{
String filename = request.getParameter(file);
File file = new File(filename);
MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap
(C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types);
String mime = mimeTypes.getContentType(file);
response.setContentType(mime);
response.setHeader(Content-Disposition, attachment;
+ filename= + file.getName());
FileInputStream in = new FileInputStream(file);
OutputStream out = response.getOutputStream();
byte[] buf = new byte[1024];
int i = 0;
while((i=in.read(buf))!=-1) {
out.write(buf, 0, i);
}
in.close();
out.close();
}
}
And here's my web.xml. With this configuration, the file downolad fails as
described above. To make it work, I remove the second url-pattern/
element as indicated.
!DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application
2.2//EN
http://java.sun.com/j2ee/dtds/web-app_2_2.dtd;
web-app
display-name
File Port
/display-name
description
Makes files available through the web container
/description
servlet
servlet-nameFilePort/servlet-name
description
Retrieves specified file and sends it to requester
/description
servlet-classFileSnatcher.FileSender/servlet-class
/servlet
servlet-mapping
servlet-nameFilePort/servlet-name
url-pattern/FilePort/url-pattern
/servlet-mapping
!-- Define a Security Constraint on this Application --
security-constraint
web-resource-collection
web-resource-nameFileSnatcher/web-resource-name
url-pattern*.jsp/url-pattern
url-pattern/FilePort/url-pattern !-- remove this to make it
work --
/web-resource-collection
auth-constraint
role-namemanager/role-name
/auth-constraint
/security-constraint
!-- Define the Login Configuration for this Application --
login-config
auth-methodBASIC/auth-method
realm-nameJDBCRealm/realm-name
/login-config
!-- Security roles referenced by this web application --
security-role
description
The role that is required to log in to the Manager Application
/description
role-namemanager/role-name
/security-role
/web-app
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]SSL tomcat support
Start with: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Then, this page details the procedure for you to set your systems up using keytool: http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml To use the keystore generated with keytool you will need to extract and convert the client key and cert to a PFX: http://mark.foster.cc/kb/openssl-keytool.html server should know his clients... To set Tomcat up to require client certificates set clientAuth=true in the server.xml definition for the SSL connector. - wjs -Original Message- From: Shahin Hadjikuliev [mailto:[EMAIL PROTECTED] Sent: Friday, March 11, 2005 8:45 AM To: tomcat-user@jakarta.apache.org Subject: [QUAR]SSL tomcat support Hi , list! I want to configure tomcat running on https, main purpose is that: server should know his clients (only specified clients can user server) I want to achieve it with certificates I have read some documentation on java.sun.com http://java.sun.com/webservices/docs/1.0/tutorial/doc/WebAppSecurity6.ht m but it doesnt sufficient for me, can anybody tell me more info about this Thanx a lot - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, Sun One Webserver 6.1
Since SunOne isn't the most supported platform (at least at Apache; I believe that Sun has a better-supported plugin, but you'll have to ask them :), you'll need to build mod_jk from the source distro in jk/native/netscape (for the simple reason that nobody has contributed a binary distro for SunOne in a very long time). After that, you'll need http://jakarta.apache.org/tomcat/connectors-doc-archive/jk2/jk/neshowto.html, and possibly enabling NSConfig (for TC 5: Listener className=org.apache.jk.conf.NSConfig /) to work out the configuration. Of course, if you want to share back your success/horror-stories to improve the Tomcat docs, it will be appreciated. Ashish Tripahi [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] the doco on the tomcat website is not helping me at all. Can somebody please explain how to integrate SunOne/IPlanet 6.1 with Tomcat. Waiting for the response - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuration Problem in Tomcat for HTTPS
Urm, not really enough info here to help you. Of course I'm assuming that you've already read http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html. Beyond that, you can try setting your logging category (log4j/java.util.logging config) for 'org.apache.tomcat.net.jsse' to DEBUG to increase the number of messages. suryadevara dushyanth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am trying to configure my Tomcat with https support. I tried in two versions of tomcat. Tomcat 5 I followed the process as given by the documentation but https is not working as i typed in the url https://localhost:8443; I am getting page not available. Tomcat 4.1.29 I followed the process and modified the server.xml file by uncommenting the 8443 port. When i start my tomcat server it is shutting down and it does not start. I tried it through Tomcat Admin page but it says resource requested not available. Please help me out as I have to host my application in Tomcat using HTTPS port. And I am under a tight deadline for hosting this application. Thanks Regards Dushyanth __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Being lost in the mailing list
Klaus-F. Kaal [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Peter, I can imagine that the gurus get tons of eMails with difficult and silly questions. And as there is limited time, they can't answer them all. I believe they keep answering the freshly incoming ones. Since I am really in problems and did not get an answer over days, I thought, I was lost in the cant do this bin and it's better to shout out to get attention. Believe me: that is not my normal style. I aquired a dedicated server and got it with Suse 9.1 preinstalled. Apache 2.0.48 was on it. It uses virtual hostst. Apart from that it seems to be not special. But it runs without problems (as far as I can judge from the logs) I installed - Java 1.4 - Tomcat 5.0.28 - mod_jk2 from the latest binary distribution Well, there is your problem. The mod_jk.conf generated by ApacheConfig is for mod_jk. It's totally useless with mod_jk2. For mod_jk2, you have to set up the configuration by hand. Independently, Apache and Tomcat work well. Tomcat reports in the logs that it listens on port 8009 for mod_jk communication. It also created /conf/auto/mod_jk.conf, the content of which, I show later in this text. Apache does not shift incoming JSP calls to mod_jk. It just states that it could not find the document in the normal public_html space. Can you do something with this info? Thanks a lot for your hints. Klaus Peter Johnson schrieb: Klaus, Taking a tone with people gives you less chance of a response. Are you doing any url rewriting in Apache? PJ Klaus-F. Kaal wrote: _In my Tomcat log, I can see:_ INFO: JK2: ajp13 listening on /0.0.0.0:8009 06.03.2005 00:54:10 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=5/43 config=/usr/tomcat/conf/jk2.properties _I included my automatically created mod_jk.conf into the httpd.conf:_ Include /usr/tomcat/conf/auto/mod_jk.conf This mod_jk.conf looks like this: IfModule !mod_jk.c LoadModule jk_module /usr/lib/apache2-prefork/mod_jk.so /IfModule JkWorkersFile /etc/apache2/workers2.properties JkLogFile /usr/tomcat/logs/mod_jk.log JkLogLevel emerg _The workers2.properties is here:_ [channel.socket:localhost:8009] port=8009 host=127.0.0.1 [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/jsp-examples/*] worker=ajp13.localhost:8009 [uri:www.technologyserver.com/*.jsp] worker=ajp13:localhost:8009 Apache and Tomcat are working fine, independently. But when I try to call a JSP on port 80, Apache states that it cannot find the file. What am I doing wrong?? Thanks for your help. Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem on Tomcat 3.3.1a: hang
Connection reset by peer isn't usually that interesting (it usually means that the browser dropped the connection). Making some wild guesses: Using the Http10Connector on Windows usually means that you need to add something like socketCloseDelay=50 to the element in server.xml. Even better would be to upgrade to 3.3.2 and use the CoyoteConnector (the same one that TC 4 5 use). This is much more reliable that the Http10Connector. Marcus Nugroho [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, We are implementing CRM application using Tomcat as a web server : The platform and version : - Jakarta Tomcat 3.3.1a - Windows 2000 Advance Server SP4 The problem is after several users logged in properly, then the next user login will hang. Any other login process after it will failed also (hang). This problem can be solved by restarting the Tomcat server. The above problem is intermittent. The error message is : 2005-01-17 17:12:58 - Ctx(/epoint) : IOException in R( /epoint + /Clients/HTML/e rror.jsp + null) - java.net.SocketException: Connection reset by peer: socket wr ite error anyone can help on this matter ? Many Thanks, Marcus. The full Tomcat output when the error occured is as follows : 85) at org.apache.tomcat.core.ContextManager.internalService(ContextManager. java:917) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:833 ) at org.apache.tomcat.modules.server.Http10Interceptor.processConnection( Http10Interceptor.java:176) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :494) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:516) at java.lang.Thread.run(Thread.java:484) 2005-01-17 17:12:58 - Ctx(/epoint) : IOException in R( /epoint + /Clients/HTML/e rror.jsp + null) - java.net.SocketException: Connection reset by peer: socket wr ite error at java.net.SocketOutputStream.socketWrite(Native Method) at java.net.SocketOutputStream.write(SocketOutputStream.java:83) at org.apache.tomcat.modules.server.Http10.doWrite(Http10.java:436) at org.apache.tomcat.modules.server.HttpResponse.doWrite(Http10Intercept or.java:480) at org.apache.tomcat.core.OutputBuffer.realWriteBytes(OutputBuffer.java: 188) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:360) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:338) at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverte r.java:234) at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:230) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:244) at org.apache.tomcat.util.buf.WriteConvertor.flush(C2BConverter.java:183 ) at org.apache.tomcat.util.buf.C2BConverter.flushBuffer(C2BConverter.java :126) at org.apache.tomcat.core.OutputBuffer.realWriteChars(OutputBuffer.java: 337) at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:388) at org.apache.tomcat.core.OutputBuffer.flush(OutputBuffer.java:314) at org.apache.tomcat.core.OutputBuffer.close(OutputBuffer.java:305) at org.apache.tomcat.core.Response.finish(Response.java:271) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:838 ) at org.apache.tomcat.modules.server.Http10Interceptor.processConnection( Http10Interceptor.java:176) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :494) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:516) at java.lang.Thread.run(Thread.java:484) 2005-01-17 17:12:58 - Ctx(/epoint) : Error: exception inside exception servlet n ull class java.net.SocketException 2005-01-17 17:12:58 - ErrorHandler: Error loop for R( /epoint + /Clients/HTML/er ror.jsp + null) error java.net.SocketException: Connection reset by peer: socket write error - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [QUAR]Re: Tomcat5 and Client Certificates
Thanks guys - Got the configs and logging worked out. Your help appreciated. Still stuck on getting the .pfx out of the client.keystore. Trying java forums on that front. If anyone interested in the solution let me know and I'll fill you in when I get it worked out. - wjs -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Saturday, March 05, 2005 3:27 PM To: tomcat-user@jakarta.apache.org Subject: [QUAR]Re: Tomcat5 and Client Certificates Jason Bainbridge [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill [EMAIL PROTECTED] wrote: Hello TC5 Users - I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? I think you are going to have to use openssl to convert the file after exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html has a little info on that but the reverse. I'm sure there are better resources but that was the first Google I saw. (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) There is a parameter (keyStoreFile?) that you can specify the location in the Connector properties it's detailled in one of those links you have. The one you want is: truststoreFile. (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
group-to-role mapping
Hello, Are any plans in the works for Tomcat to support the concept of mapping J2EE security-roles (as defined in web.xml) to one or more groups, where a group is an entity in an LDAP/RDBMS/XML security store that may be shared by multiple applications? Right now, Tomcat supports a one-to-one mapping via the security-role-ref element in web.xml, but it's not clear whether there's a way to map a role to *multiple* shared groups... for instance, an create-employee role might be mapped to both the HR group and the Superuser group. This seems to be supported in WebLogic 8.1, Oracle 9iAS/10g, and SunONE. Not sure about JBoss or WebSphere. Or am I just overlooking something simple? -- Bill -- Bill Schneider Chief Architect Vecna Technologies 5004 Lehigh Rd., Suite B College Park, MD 20740 [EMAIL PROTECTED] t: 301-864-7253 x1140 f: 301-699-3180 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.net.SocketException when user disconnects from response stream
Urm, the entire point of ClientAbortException (which is a Tomcat class) is to allow Tomcat to know that it shouldn't be logging it. If com.lowagie.text.pdf chooses to log it, well you'll have to take it up with them ;-). Allistair Crossley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've seen similar posts from users before on this topic but do not believe I saw a concrete answer. I was streaming a PDF to my browser yesterday when I decided to quickly move to another page in the website and therefore stopping the PDF response stream. When I looked in the logs, I found the following stack trace. The com.lowagie.text.pdf has spotted that this was a Client Abort which it was, but I also noted that it is wrapping up the real error that occured which was a java.net.SocketException: Connection reset by peer: socket write. We have this java.net.SocketException: Connection reset by peer: socket write error in our logs quite often on our production server and I am guessing that perhaps users are stopping the response stream somehow, perhaps closing the browser or moving to another page mid-response? In both that case, and in the case of aborting the PDF stream as below, I am not convinced I need to care since it does not impair the server that a user did not bother to receive the full response. Does anyone disagree or have an explanation why such scary stack traces should be output by Tomcat each time a user does not complete receiving their response .. is it perhaps because Tomcat is unable to differentiate between a user closing their browser and some other network problem that I may well want to know about? Thanks, Allistair. ExceptionConverter: ClientAbortException: java.net.SocketException: Connection reset by peer: socket write error at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:366) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403) at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314) at org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:293) at org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:85) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at com.lowagie.text.pdf.OutputStreamCounter.flush(Unknown Source) at com.lowagie.text.DocWriter.close(Unknown Source) at com.lowagie.text.pdf.PdfWriter.close(Unknown Source) at com.lowagie.text.pdf.PdfDocument.close(Unknown Source) at com.lowagie.text.Document.close(Unknown Source) at net.sf.jasperreports.engine.export.JRPdfExporter.exportReportToStream(JRPdfExporter.java:457) at net.sf.jasperreports.engine.export.JRPdfExporter.exportReport(JRPdfExporter.java:282) at net.sf.jasperreports.engine.JasperExportManager.exportReportToPdfStream(JasperExportManager.java:174) at net.sf.jasperreports.engine.JasperPrintManager.printReportToPdfStream(JasperPrintManager.java:145) at net.sf.jasperreports.engine.JasperRunManager.runReportToPdfStream(JasperRunManager.java:269) at com.qas.newmedia.intranet.pof.actions.mypos.PDFGenerateAction.doWork(PDFGenerateAction.java:155) at com.qas.newmedia.intranet.iq.actions.SecuredBaseAction.execute(SecuredBaseAction.java:188) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1158) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.qas.newmedia.common.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:305) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:383) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:745) at
Re: Tomcat5 and Client Certificates
Jason Bainbridge [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill [EMAIL PROTECTED] wrote: Hello TC5 Users - I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? I think you are going to have to use openssl to convert the file after exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html has a little info on that but the reverse. I'm sure there are better resources but that was the first Google I saw. (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) There is a parameter (keyStoreFile?) that you can specify the location in the Connector properties it's detailled in one of those links you have. The one you want is: truststoreFile. (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat5 and Client Certificates
Hello TC5 Users - I am setting up Tomcat 5 in a production environment. The requirement is to lock down the site so that only users with trusted personal certificates may access the site. I believe I have everything configured in server.xml. Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=3 scheme=https secure=true clientAuth=true sslProtocol=TLS / I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Environment is J2sdk1.4.2_07; Tomcat 5.0.28 running as a service on Win2003 Server. FYI - for others working with Tomcat and SSL these links are an excellent resource: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html#SSL%20S upport http://java.sun.com/webservices/docs/1.1/tutorial/doc/WebAppSecurity5.ht ml http://java.sun.com/j2se/1.4.2/docs/tooldocs/solaris/keytool.html#genkey Cmd Thanks in advance to everyone in the group ! - wjs - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc.exec error on FC3
Chong Yu Meng [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Barker wrote: | Chong Yu Meng [EMAIL PROTECTED] wrote in message | news:[EMAIL PROTECTED] | | The daemon starts up ok, but when shutting down, I get this error: | | Feb 28, 2005 3:23:40 PM org.apache.coyote.http11.Http11Protocol pause | INFO: Pausing Coyote HTTP/1.1 on http-8080 | jsvc.exec error: Service exit with a return value of 143 | | When I do a shutdown using the shutdown.sh script, Tomcat shuts down | gracefully. | | Is there a way to shutdown jsvc gracefully? | | Yes. Don't use the version that ships with Tomcat. Hi Bill, I just downloaded and compiled the source version from the Commons website (http://www.apache.org/dist/jakarta/commons/daemon/binaries/). Unfortunately, I still get the same error. Any ideas? Perhaps you could point me to the site you downloaded your jsvc sources from, because the date stamp on the two sites I visited were different -- although the results were the same. You need CVS HEAD. - -- ~ -- ~ Pascal Chong -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCJaUgmVdpiRJSldgRAo8/AJ0QnHZ9OAiWCnYZ307u+2f1MyMOAwCgksRt h0KffKXJ+tk+cU3JXD3TT7U= =Vgbu -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to disable PUT, DELETE http methods etc if not using container managed security?
Sorry, I blanked on this one. You also need the http-methodGET/http-method etc on the second (SSL) constraint. It's a pain, but the servlet-spec says you get the least restrictive combination of constraints. Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks Bill but I'm not sure it's working. Per your suggestion here's what I have now: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method http-methodPUT/http-method http-methodDELETE/http-method http-methodTRACE/http-method http-methodOPTIONS/http-method /web-resource-collection auth-constraint / /security-constraint security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint But, how do I verify that PUT's and DELETE's are blocked now? My vulnerability scanner still shows them as open: It seems that the PUT method is enabled on your web server Although we could not exploit this, you'd better disable it Solution : disable this method Risk factor : High BID : 12141 If I try to delete index.jsp through a telnet session: DELETE /index.jsp HTTP/1.1 I get this as a response: HTTP/1.1 400 Bad Request What's a good way to verify that DELETE is blocked? Can someone give a definitive test? Thanks - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Saturday, February 26, 2005 3:33 PM Subject: Re: How to disable PUT, DELETE http methods etc if not using container managed security? For TC 5.x.x, you need two security-constraints to do what you want. One of them looks like your first example, and the other like your second example (except that you probably want auth-constraint /, which is deny all, instead of role-name/ which is deny to all but the blank role). Since you are forbidding all access, you could also drop the user-data-constraint on the second one (since with it, TC will first redirect a PUT to SSL, and then deny it). Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to prevent PUT or DELETE http methods if you're not using container managed security? If so, how? I already have this to force the use of https: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint What changes are needed? I tried this but it didn't seem to work: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method -- http-methodPUT/http-method -- http-methodDELETE/http-method -- http-methodTRACE/http-method-- http-methodOPTIONS/http-method -- /web-resource-collection auth-constraint role-name/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Inserting these statements seems to turn off the automatic enforcement of https which was achieved with the first version. Any ideas? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc.exec error on FC3
Chong Yu Meng [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm trying to configure jsvc to work on a Fedora Core 3 system running Blackdown Java 1.4.2. I managed to do a configure and compile jsvc all right. I used the Tomcat5.sh script to start up and shutdown jsvc. The daemon starts up ok, but when shutting down, I get this error: Feb 28, 2005 3:23:40 PM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8080 jsvc.exec error: Service exit with a return value of 143 When I do a shutdown using the shutdown.sh script, Tomcat shuts down gracefully. Is there a way to shutdown jsvc gracefully? Yes. Don't use the version that ships with Tomcat. - -- ~ -- ~ Pascal Chong -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCItLzmVdpiRJSldgRAvmvAKCm9a0bCgMM/MyqAK3Z+didFbljDACeMLCI mTEsiSSYMKZjLouLXON4/Eo= =L0kT -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Startup
patrick et michelle [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I'm a newcomer in Web technology and I need to understand how to configure Tomcat 3.3 In fact, I can see that the servlets examples offered with tomcat are located in tomcat\jakarta-tomcat-3.3.2\webapps\examples\web-inf\classes\whatever.class Although, the URL to invoke these servlets is HTTP://localhost:8080/examples/servlet/whatever.class How is this URL-directory path relation done ? (through what config file / what command / TAG ??) In the case of the examples, it's $TOMCAT_HOME/conf/apps-examples.xml. If TC 3.3 doesn't find a $TOMCAT_HOME/conf/apps-myapp.xml, it will also attempt to mount any directories found in $TOMCAT_HOME/webapps. If I want to build a web application and want to put a new directory structure, where do I put it and what configuration files do I have to modify in order to be able to invoke them through a URL. If you want to put your apps someplace other than $TOMCAT_HOME/webapps, you need to change/add the AutoWebApp and AutoDeploy elements in server.xml. If you just one one app someplace else, then you can do it easier by creating an apps-myapp.xml file with the docBase pointing to the correct place. Can somebody provide me with a step-by-step ? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Benefits of running Tomcat as a daemon with JSVC
Behrang Saeedzadeh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Mladen, But not everything that runs when the system starts up is a daemon. For example, to run Tomcat as a daemon one needs to use JSVC (or something like that.) But it's also possible to write an init script for Tomcat and store it in /etc/init.d and add it to the list of the programs that are executed when the system starts up and in that init script only call Tomcat's startup.sh script. This won't run Tomcat as a daemon. In Linux, as you said, one can use daemons to run on ports 1024 but on Windows I doubt if the only benefit would be that to run a certain program when the Windows boots. That's pretty much it. About the only other benefit is to not tie up a TS session on your W2K+3 machine just to run Tomcat. Of course (thanks to Mladen), using procrun (aka tomcatw.exe) also gives you the nice GUI to do configuration :). Best Regards, Behrang S. On Sat, 26 Feb 2005 11:06:07 -0800, Shankar Unni [EMAIL PROTECTED] wrote: Mladen Turk wrote: Behrang Saeedzadeh wrote: What are the benefits of running an application like Tomcat with as a daemon (with JSVC) vs. running it like a normal application? In one sentence: Running as non-root on port 1024 In another sentence, starting up the service automatically on system startup. That's the big one. We actually run Tomcat as a non-root user, but we need to start it up automatically on system startup. On Windows, too - the same rationale. Making it start up as a service means you don't have to log in and start it up manually each time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Behrang Saeedzadeh http://www.jroller.com/page/behrangsa - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to disable PUT, DELETE http methods etc if not using container managed security?
For TC 5.x.x, you need two security-constraints to do what you want. One of them looks like your first example, and the other like your second example (except that you probably want auth-constraint /, which is deny all, instead of role-name/ which is deny to all but the blank role). Since you are forbidding all access, you could also drop the user-data-constraint on the second one (since with it, TC will first redirect a PUT to SSL, and then deny it). Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to prevent PUT or DELETE http methods if you're not using container managed security? If so, how? I already have this to force the use of https: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint What changes are needed? I tried this but it didn't seem to work: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method -- http-methodPUT/http-method-- http-methodDELETE/http-method -- http-methodTRACE/http-method-- http-methodOPTIONS/http-method -- /web-resource-collection auth-constraint role-name/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Inserting these statements seems to turn off the automatic enforcement of https which was achieved with the first version. Any ideas? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Howto get Port in HttpServlet#init(ServletConfig)?
Patrick Wunderlich [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hey Tomcat Fans, is there a programmatically way to get the Http-Port in the HttpServlet#init(ServletConfig) method? No, for the simple reason that the Http-Port isn't well-defined during init. For example, if you have both a HTTP Connector and a HTTPS Connector defined, then the same servlet will serve requests on both port 80 and port 443. Kind Regards, Patrick Wunderlich (Germany) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Merge webapp doc roots
All, I'm developing a webapp and for various reasons it has multiple document roots which can override each other. For example, c:\webapp is one directory, but c:\webapp-editionA and c:\webapp-editionB are other editions of the same application. There are a base set of JSPs in the 'webapp' directory and some of those are overridden in the 'edition' directories. I do my development in different modes -- so if I'm developing the webapp for edition A I'll need the jsp's from the base directory plus those in the A directory. Resin has a new merge() function which will merge together different doc roots for a webapp: web-app id=/foo document-directory=merge:(c:\webapp;c:\webapp-editionA); .. / This means everything in webapp-editionA will override what's in webapp. I do this right now and it works perfectly for development. My question is -- is this possible in Tomcat? I'd like to use Tomcat for more dev, mostly because of it's blazing fast JSP compilation in 5.5 (very impressive BTW!). Thanks in advance, --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Merge webapp doc roots
QM, Yes, I could definitely do that but the nice thing now is that I don't need to use a build process to copy merge so it's nice and fast. Thanks anyway, --Bill On Tue, 22 Feb 2005 19:12:23 -0600, QM [EMAIL PROTECTED] wrote: On Tue, Feb 22, 2005 at 02:08:50PM -0800, Bill Lynch wrote: : Resin has a new merge() function which will merge together different : doc roots for a webapp: : [snip] : web-app id=/foo : document-directory=merge:(c:\webapp;c:\webapp-editionA); .. / : : This means everything in webapp-editionA will override what's in : webapp. I do this right now and it works perfectly for development. : : My question is -- is this possible in Tomcat? To my knowledge, no, this is not possible using Tomcat alone. Tomcat expects a standard webapp (that is, either wrapped in a WAR file or in exploded-dir format). You can achieve what you're after by moving the merge into your build process -- that is, have Ant (or whatever you use) create the dir/WAR by copying all of those webapps to it (that is, copy them over one another). -QM - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can servlet mappings be done somewhere other than web.xml?
Yup. Tomcat 3.3 has the Invoker enabled by default (although 3.3 doesn't have a global web.xml file, so it's declared in server.xml :). Drew Jorgenson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Looks like the invoker servlet is being used, which is declared in the global web.xml file. The servlet-name and servlet-class that you see are used to map a name to a servlet, which are all accessed through /servlet/* Drew. On Tue, 2005-02-22 at 10:43, Beckle, Steven R wrote: I'm currently working on a legacy Tomcat 3.3 project that was developed (not by me) a couple of years ago, and I am having a heck of a time understanding how servlets are getting mapped properly. A typical URL in the application is of the form CONTEXT/servlet/servletName - nothing fancy there. However, the webapp's web.xml file contains no servlet-mapping tags, but just the servlet-name and servlet-class tags. Is there another way in Tomcat to map URL's to servlets, either through a server configuration setting or some other global information contained in a conf/xml file that I'm not aware of? My problem isn't that the servlets aren't being accessed - they display content fine. I'm for now just trying to understand how Tomcat is associating the URL string with the actual servlet class since there is no servlet mapping being done in the web.xml file. The servlets themselves reside in jar files under CONTEXT/WEB-INF/lib. Thank you. Steve Beckle Computer Associates tel: +1 (630) 505 6855 fax: +1 (630) 505 6983 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connecting http-2.0.48 with tomcat 3.3.1a using jk connector.
Well, since 3.3.1a doesn't ship with the CoyoteConnector, you need to have the AJP13Connector in server.xml (it's enabled by default). I'm assuming that you aren't using the JNIConnector (although it's still supported in mod_jk 1.2.8 :). You need the Http10Connector if you want Tomcat to answer on 8080. Otherwise, you can follow Charles' suggestions, along with possibly 'ps'. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have already installed the apache(http-2.0.48) and tomcat 3.3.1a in my Linux system. The jk connector is also installed. But now the problem is that I don't know how to test whether my tomcat is running or not. When I try to see giving the URL: http://IP http://ip/ Address:8080/ it doesn't display any pages. Could anyone give me a detailed procedure of how to test my tomcat is running? Regards, Varsha. Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coyote standalone?
Adam Fisk [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Yes. You need to create a Coyote Adapter (org.apache.coyote.Adapter) that is responsible for wrapping the Coyote Request Response and passing them off to Jetty. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Revocation List
Martin Dubuc [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does Tomcat support certificate revocation list? If it does, could someone send me a pointer to a page that explains how to configure Tomcat to enable this? Not currently. It's something that probably could be added to TC 5.5 when using a 1.5 JVM. Regards, Martin __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: issues using Tomcat 3.2.4 with JavaVM jdk 1.4.1?
Mieke Banderas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Are there any issues I should know about using Tomcat 3.2.4 with JavaVM jdk 1.4.1? I'm looking for general known info/bugs . I'm deploying on Mac OS X Server 10.2.6 and the bundled Tomcat 3.2.4 distribution. Other than it is unsupported, and the number of people who even remember how to use it is getting smaller, most of http://issues.apache.org/bugzilla/buglist.cgi?bug_status=__open__product=Tomcat+3 refers to issues in 3.2.4. Database is MySQL 3, which may change and Web server is Apache 1.3. I believe that 3.2.x only supports AJP/1.2, so you can't use mod_jk2. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session restart replication when using jsvc
Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: This is the old, buggy, code that ships with Tomcat. You need to get the code from commons-daemon CVS HEAD if you want shutdowns (and restarts) to work properly. Bill, Just thinking ahead to the next 4.1.x release - do you know if there is a commons-daemon release that includes the necessary fixes or does it have to be CVS head? There has only been the c-d 1.0 release, so, yes, it has to be CVS HEAD. Cheers, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session restart replication when using jsvc
This is the old, buggy, code that ships with Tomcat. You need to get the
code from commons-daemon CVS HEAD if you want shutdowns (and restarts) to
work properly.
Wade Chandler [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Trond G. Ziarkowski wrote:
Hi Wolfgang!
by using signal 9 you give Tomcat no chance to perform any further
action. Maybe you omit -9 from your kill command.
Thanks for the tip. Tried it, but same results.
Trond
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Hmmm. Here is the source code of the jsvc-unix.c which is called upon a
signal.
static void handler(int sig) {
switch (sig) {
case SIGTERM: {
log_debug(Caught SIGTERM: Scheduling a shutdown);
if (stopping==true) {
log_error(Shutdown or reload already scheduled);
} else {
stopping=true;
}
if (handler_trm!=NULL) (*handler_trm)(sig);
break;
}
case SIGINT: {
log_debug(Caught SIGINT: Scheduling a shutdown);
if (stopping==true) {
log_error(Shutdown or reload already scheduled);
} else {
stopping=true;
}
if (handler_int!=NULL) (*handler_int)(sig);
break;
}
case SIGHUP: {
log_debug(Caught SIGHUP: Scheduling a reload);
if (stopping==true) {
log_error(Shutdown or reload already scheduled);
} else {
stopping=true;
doreload=true;
}
if (handler_hup!=NULL) (*handler_hup)(sig);
break;
}
default: {
log_debug(Caught unknown signal %d,sig);
break;
}
}
}
So, from the text I would assume SIGINT and SIGTERM should perform the
same shutdown behavior, but you can try to use
kill -s SIGTERM pid
or
kill -s SIGINT pid
and see what results you get. If it isn't behaving correctly then you
need to maybe
1) You might want to make sure you don't have the serialization of session
turned off some how...is it behaving correctly if you don't use jsvc?
2) You are using the right tomcat class to start it up...surely or you
should get an errorI would imagine anywaysso maybe forget
this altogether.
3) You might want to search the tomcat source code for the Daemon
implementer class and locate the method stop to see if you can figure out
if it is being called. It should be I would imagine since tomcat is
stopping, but if it is not, then I guess it's a Daemon/jsvc error and you
need to talk to that list. On another note same subject.You can look
in the daemon src at the file /src/native/unix/native/java.c and you
could put some code into the java_stop function to see if you can figure
out if the function is going to call (through jni) the Daemon stop method
correctly or not. REMEMBER: The Daemon startup code does not force the
class used as a Daemon to actually implemnt the interface through source
code, but the class can simply have the correct methods.only know this
because of the source code not any docsdon't know if Tomcat does this
or not.
4) You might look in your jsvc error file...where ever you have put it and
look for the text 'Cannot stop daemon' or 'Cannot found Daemon Loader
stop entry point'that mis type of Cannot foundis really in the
logging of the 1.0 release source code. Because even though you get this
text and tomcat goes awaythe method to stop may not have been found
and the jsvc process is going to kill the JVM anyways.
Hope some of that helps
Wade
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
