Re: Cannot load JDBC driver class 'null'
Assuming it's not a typo, your url is broken. It should be jdbc:oracle:thin:@myMachine:1521:myDBName not jdbc:oracle:thin:myMachine:1521:myDBName Note the '@' sign. I don't know if this would cause the error you are seeing. G. Wade Ben Anderson wrote: Ok, I know this topic has been posted many times, but I can't find anything to help. I have OracleDriver in [$CATALINA_HOME]/common/lib here's my server.xml GlobalNamingResources .. Resource name=myDS scope=Shareable type=javax.sql.DataSource auth=Container/ ResourceParams name=myDS parameter namevalidationQuery/name valueselect user from dual;/value /parameter parameter nameurl/name valuejdbc:oracle:thin:myMachine:1521:myDBName/value /parameter parameter nameusername/name valuehris/value /parameter parameter namepassword/name value/value /parameter parameter namemaxActive/name value4/value /parameter parameter namemaxWait/name value5000/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter namemaxIdle/name value2/value /parameter /ResourceParams /GlobalNamingResources and my web.xml: resource-ref res-ref-namejdbc/fsaDS/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth res-sharing-scopeShareable/res-sharing-scope /resource-ref in the administrative tool: the top level Resources-DataSources looks ok as MyDS is listed there but the /my_context-Resources-Datasources gives: org.apache.jasper.JasperException: Exception retrieving attribute 'driverClassName' and the localhost_log.xxx.txt (when it tries to use myDS): java.sql.SQLException: Cannot load JDBC driver class 'null Any help would be great - I've been trying everything - reloading with different configurations about 50 times - looking through books, mailing lists/archives. Thanks, Ben _ Get 10MB of e-mail storage! Sign up for Hotmail Extra Storage. http://join.msn.com/?PAGE=features/es - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Development Tools
LOL! I think that goes in my quotes file. G. Wade Tim Funk wrote: Textpad/cygwin/ANT. I love cygwin! The ease of use of *nix, the stability of windows. -Tim Mike Curwen wrote: I also use TextPad/ANT. For simple/small projects, it's a breeze. I found this for code-completion, but haven't been brave enough to try it yet. http://www.textpad.com/add-ons/files/utilities/codecompleter1_0.zip -Original Message- From: Christopher Williams [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 11:01 AM To: Tomcat Users List Subject: Re: Development Tools Having suggested Netbeans and Eclipse as possible development environments, I've been using Textpad and Ant for about six months since I failed to migrate JBuilder 6 to a new system (the license info got screwed up somehow). It works for me. The one thing I really miss is code completion, though... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeouts and SSO
Thanks, Tim. I kind of remember reading that now. I need to look at my application more carefully, to determine what is timing out. G. Wade Tim Funk wrote: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/host.html#Single%20Sign%20On As soon as the user logs out of one web application (for example, by invalidating or timing out the corresponding session if form based login is used), the user's sessions in all web applications will be invalidated. Any subsequent attempt to access a protected resource in any application will require the user to authenticate himself or herself again. -Tim G. Wade Johnson wrote: Thanks again for all of the responses so far on my Timeout issue. I still have a problem, but it is not what I thought it was. Apparently, there is a session-timeout/ set to 30 minutes in the $CATALINA_HOME/conf/web.xml that I have. I don't recall changing this (but I won't rule out the possibility). I modified that, and found that I could get the session to expire at the time I specify. This time, I looked at the cookies that were sent back just before I get the login screen and found that Tomcat is sending a request to delete the JSESSIONIDSSO cookie used by the SingleSignon valve. Apparently, it is this valve and not Tomcat proper that is signing me out after the timeout period. Is this expected behavior? Is there any way for me to work around this behavior? Thanks again, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
That's actually why I was floored when my applet was kicked back to the login form after half an hours of continuous activity. Mike Curwen wrote: anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Timeout
I'm looking at the 2.3 spec right now. SRV 7.5 does say that the timeout set by setMaxInactiveInterval() is for inactivity. However, that section doesn't address the session-timeout/ parameter. It does say that the default is up to the container. In SRV.13.3, the session-timeout/ defines the default timeout. However, the word inactivity is interestingly missing from this description. It also specifies the ability to set the system to never timeout if the value is set to 0 or less. None of this explains why my session timed out after ~30 minutes of continuous activity by default or with the session-timeout/ parameter set to 5 minutes. I must really be missing something. Everything everybody has said is reasonable and matches my expectations. However, it does not appear to match my experiments. I'll try some more. Thanks, G. Wade Shapira, Yoav wrote: Howdy, The servlet specification is the only authority on this, misleading books should be tossed aside. SRV.7.5 is clear, session timeout is for inactivity, not total duration, as Senor Curwen opined. The first part of his message, using $CATALINA_HOME/conf/web.xml, I would discourage, as it's non-standard. Stick to WEB-INF/web.xml, which is standard and therefore portable across containers. Yoav Shapira Millennium ChemInformatics -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:05 AM To: 'Tomcat Users List' Subject: RE: Session Timeout anything you set in WEB-INF/web.xml can be set in CATALINA_HOME/conf/web.xml and these setting will be used on a global basis, unless overriden at a lower level. FWIW, I've always understood session-timeout to mean after a period of inactivity. I mean really... how useful would sessions be if they logged you out after n minutes, no matter your activity level? Talk about frustrating! It doesn't matter that you've been using my site continuosly for the past 30 minutes, I'm still kicking you off. That sounds like 'session-duration' to me. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 8:45 AM To: Tomcat Users List Subject: Re: Session Timeout I'm using Tomcat 4.1.18 4.1.24 (two different machines). The behavior is the same on both. As I said in my other message, I was basing my questions on the documentation I had read. Your response made me do a little testing. Now, I'm even more confused. My assumption was based on information in Professional Java Servlets 2.3 by Wrox. In chapter 5, they explicitly state that the session-timeout/ value applies to lifetime, not inactivity, (p. 240). I also checked with http://developer.java.sun.com/developer/Books/javaserverpages/ servlets_javaserver/servlets_javaserver05.pdf Section 5.10 describes that parameter as well. It does seem to imply that we are talking about inactivity timeouts, but the text is not actually explicit. It could be read either way. For my test, I set the session-timeout/ to 5 minutes. If this was a lifetime thing, my session should expire pretty quickly. If not, it would last forever. (My servlet is being queried by an applet on a regular basis.) The session did not expire after 5 minutes. It expired after 30 minutes, just like it did before I added the session-timeout/. Any help would be appreciated. G. Wade PS. Since the session-timeout/ is located in web.xml, I assume it is webapp-specific. Is there any way to set up a timeout on multiple webapps? (Short of making a change for each webapp.) I'm currently using single-sign-on to bring a couple of webapps together into one app from the user's point of view. Filip Hanik wrote: I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. this should not be the case session-timeout should be the inactivity timeout what version of tomcat? Filip - Original Message - From: G. Wade Johnson [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Thursday, September 04, 2003 2:36 PM Subject: Session Timeout I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go
Session Timeouts and SSO
Thanks again for all of the responses so far on my Timeout issue. I still have a problem, but it is not what I thought it was. Apparently, there is a session-timeout/ set to 30 minutes in the $CATALINA_HOME/conf/web.xml that I have. I don't recall changing this (but I won't rule out the possibility). I modified that, and found that I could get the session to expire at the time I specify. This time, I looked at the cookies that were sent back just before I get the login screen and found that Tomcat is sending a request to delete the JSESSIONIDSSO cookie used by the SingleSignon valve. Apparently, it is this valve and not Tomcat proper that is signing me out after the timeout period. Is this expected behavior? Is there any way for me to work around this behavior? Thanks again, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Session Timeout
I've just been surprised by something that I thought I understood. I just found out that sessions on my webapp are automatically being logged out after some period of time. Even when they are being used. From reading the docs, it appears that the normal timeout behavior is to terminate any session that has lived longer than n minutes. Is this correct? Also there appears to be a session-timeout/ element that allows you to set the length of this timeout. However, if I am reading the documentation correctly, the only way to set an inactivity timeout is programmatically? (I actually thought the session-timeout was an inactivity timeout.shrug/) How is the best way to go about adding this feature? Is the HttpSessionListener interface the best way to go? Thanks, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 on Compaq Tru64?
I'm not sure why it works that way. I've got Tomcat working on Tru64 by calling bin/startup.sh start and bin/shutdown.sh stop in the $CATALINA_HOME directory. I hope to get a little time to get to the bottom of this someday. Later, G. Wade Søren Neigaard wrote: Does anybody have any succes with Tomcat on Tru64? I think I need to alter some shell scripts, but I have no clue what and where to make what changes? I have set the JAVA_HOME to the Compaq Fast JVM, but the startup.sh gives me thins in the catalina.out: usage: java org.apache.catalina.startup.Catalina [ -config {pathname} ] [ -debug ] [ -nonaming ] { start | stop } Please help :) Med venlig hilsen/Best regards Søren Neigaard System Architect Mobilethink A/S Arosgaarden Åboulevarden 23, 4.sal DK - 8000 Århus C Telefon: +45 86207800 Direct: +45 86207810 Fax: +45 86207801 Email: [EMAIL PROTECTED] Web: www.mobilethink.dk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Security
I would avoid basing security on IP address, in addition to the spoofing attack already mentioned, some proxy servers and cache engines replace the source IP address when they pass the request to your server. Under these circumstances, everyone seems to come from the same IP address. As recommended, a good book (or expert) on security is a requirement for looking at these kinds of problems. There is almost always more to it than you think. G. Wade Sjoerd van Leent wrote: An easy workaround is to save the client IP-address in the session, and look each page if this IP-address is the address the client has. It's not waterproof, but it makes it far more difficult (ensure that a good router is available) Sjoerd van Leent -Original Message- From: Richard Dunn [mailto:[EMAIL PROTECTED] Sent: zondag 17 augustus 2003 21:02 To: Tomcat Users List Subject: Re: Session Security On Sunday 17 August 2003 12:44, Todd O'Bryan wrote: Is there any block against someone stealing someone else's session id and using it for nefarious purposes? In other words, if I write a grade book program, could a sharp student write down the session id from a web address (if cookies are off) or look in the teacher's cookie file, and then go to a computer in the library and use the same session id to connect to the grade book page before the teacher logs out? Does the session id check itself against the issuing computer's IP address or anything to prevent such a thing from happening? I realize it's a stretch that someone might leave their computer unattended long enough for such a thing to happen, but I just want to be sure. Also, could someone listening in to the net traffic grab the session id and then use it? Thanks, Todd I am not a security expert, but if someone with my limited knowledge on security can use a tool like tcpdump and do some of what your saying (and I have), a nefarious type whose primary interest is doing this type of thing certainly can. The number of possible exploits are endless, but for a start I would suggest using SSL to encrypt the login info and data going over the wire. There are things you can do programatically to check for the computer's IP, but this can also be spoofed by someone with even a little knowledge. I would recommend getting a good book on security. There are things you can do at the system admin level to decrease the chance of a security breach, but you also have to put the right stuff in your programs. Holes on either one can negate the other. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session Security
In a previous life, I used a similar technique and was defeated when the network guys put a cache engine in front of our servers. Then, all requests came from the same IP address. This sort of thing can happen based on other priorities in the organization and break your best solutions. The main thing with security is to determine who the threat is and how difficult you want to make bypassing your security. In many cases, the added expense (in time and money) is not worth the slim chance that you are trying to eliminate. I don't know if that is the case for you, but it's worth some review before trying to build a security system. For the most bang for the buck, only allow access to the admin portions through SSL. This encrypts the cookie along with the rest of the request. The only thing you'd have left to worry about is physical security of the system. G. Wade Sjoerd van Leent wrote: Here is a question to do the same without cookies, so storing something in a cookie just won't work at al. I know that an IP address is not the best solution at all, but when you're using an internal network, it will work. I agree that using an IP address is by far not the best solution, but the odds are low... Sjoerd -Original Message- From: Mike Cherichetti (Renegade Internet) [mailto:[EMAIL PROTECTED] Sent: zondag 17 augustus 2003 22:29 To: Tomcat Users List Subject: RE: Session Security Todd, Putting the IP address of the user in the session won't work too well. An AOL user for example may have a different IP address every time they send in a request. And, it's obviously possible for someone to spoof an IP address. The best solution I've found to prevent sessions from being stolen is to use a one time access token. The token, which I usually create by doing MD5(ip + timestamp + random #), gets stored in a cookie and in the session itself. So, say a user logs in, they get a token and when they come back with their next request they send in that token. Your authentication logic checks the token in the cookie against the token in the session and handles accepting or denying the request. When the response is processed, you give them a new token and continue this cycle for all requests to follow. Now, lets say someone manages to steal the session. That person is going to get a different token than the legitimate user that's logged in currently has. So, when the legitimate user sends in their next request with a wrong token, you should catch that the session has been compromised and invalidate it immediately. This will result in the malicious user being kicked out. Still, this isn't a perfect solution because most users forget to logout. Using a low timeout value for the session is the only way I know of to deal with this scenario. You could run your application under HTTPS instead of HTTP too if that's an option :) Hope that helps, Mike -Original Message- From: Todd O'Bryan [mailto:[EMAIL PROTECTED] Sent: Sunday, August 17, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: Session Security Is there any block against someone stealing someone else's session id and using it for nefarious purposes? In other words, if I write a grade book program, could a sharp student write down the session id from a web address (if cookies are off) or look in the teacher's cookie file, and then go to a computer in the library and use the same session id to connect to the grade book page before the teacher logs out? Does the session id check itself against the issuing computer's IP address or anything to prevent such a thing from happening? I realize it's a stretch that someone might leave their computer unattended long enough for such a thing to happen, but I just want to be sure. Also, could someone listening in to the net traffic grab the session id and then use it? Thanks, Todd - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does load balancing with sticky sessions work with mod_jk? - SOLVED
I've been digging around in the source for Tomcat 4.1.27, and this is what I've found. The problem I've had with not being able to get load balancing to work in my application is a problem with Basic Authentication. Since Basic authentication never sends a JSESSIONID cookie, the jvmRoute is never available to mod_jk. This issue was obscured by the fact that I was using the SingleSignOn valve. This facility creates its own cookie JSESSIONIDSSO. This cookie also doesn't have the jvrRoute attached and that sent me on a wild goose chase through the wrong code. I've reworked my app to support FORM authentication even thought this requires a form for each servlet context and extra JkMount points. Thanks to Chris Daniluk for setting me on the right track. G. Wade G. Wade Johnson wrote: Chris, I've been investigating something that you said that triggered an a weird train of thought. My application is using the SingleSignOn Valve to allow a set of Servlets to work together. This means that I don't get the JSESSIONID cookie, I get the JSESSIONIDSSO cookie. Once you pointed it out, I realized that the jvmRoute was not on the end of the cookie. Looking in the mod_jk source, I can't find anywhere the '*SSO' cookie is used. It would not have been read, even if it had been sent. I'm doing further research. I'll post what I find. Thanks for all of your help so far. G. Wade Cristopher Daniluk wrote: Turn on the mod_jk logging. We had all sorts of problems with it at first. Turned out to be an incompatibility between the binary and apache with ours, but there's lots of possibilities. Check the mod_jk log and see if its having communication errors with Tomcat. Check the Tomcat logs (your app logs AND catalina.out) and see if anything shows up such as an exception. Use Mozilla and get LiveHTTPHeaders. This will show you the raw URL requests. Watch the JSESSIONID. Make sure the jvmRoute is appeneded to the end of the session.. i.e. JSESSIONID=abcdef12345.myTomcat1. Make sure the domain is being set right and that its not getting ignored. If you're sending a cookie and then the response is giving you a new cookie, its probably because of communication problems between Apache and Tomcat. Paste relevant parts of your httpd.conf, workers.properties, and server.xml if you still have trouble. Any helpful logs too... Cris -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 3:08 PM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? I've now compiled mod_jk 1.2.4 from source for Apache 1.3.28 under Win32. My jvmRoute attributes exist and match the entries in workers.properties for the appropriate hosts. I'm still showing my requests ping-ponging between the two servers. Can you think of anything else that I could be doing wrong? G. Wade Cristopher Daniluk wrote: Still advisable to compile the connector from source. Also maek sure your worker names in worker.properties match the names of the jvmRoute. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:29 AM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? Thanks for the response. I have the jvmRoute attribute set on both of my Tomcats. I am (unfortunately) running under Windows at the moment. From your response, I guess you are not. I'll see if I can compile the source. Thanks, G. Wade Cristopher Daniluk wrote: Make sure you set a jvmRoute and if you have trouble, compile the mod_jk.so from src rather than using a binary. It works just fine... -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:56 AM To: Tomcat Users List Subject: Does load balancing with sticky sessions work with mod_jk? Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe
Re: Trouble with Apache 1.3.28/Tomcat 4.124/mod_jk 1.24
I'm no expert, but one thing you have different from my configuration is the connector. Mine looks like Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ I have this vague recollection of someone saying to use CoyoteConnector instead of Ajp13Connector. But, that could just be a random synapse misfire. G. Wade Henry Kwan wrote: Hi, I'm trying to setup a Apache/Tomcat test server and am having some problems. Apache works fine on port 80 and Tomcat works fine on 8080 but I can't get mod_jk to connect them. I'm running Solaris 8 SPARC and I compiled Apache from source, grabbed the Tomcat binary, and compiled mod_jk from source. Here's what I have in my httpd.conf: LoadModule jk_module libexec/mod_jk.so ... VirtualHost xx.xx.xx.xx ServerAdmin [EMAIL PROTECTED] DocumentRoot /opt/tomcat/jakarta-tomcat/webapps ServerName tomcat.xxx.com DirectoryIndex index.htm index.html Directory /opt/tomcat/jakarta-tomcat/webapps Options Indexes FollowSymLinks AllowOverride All /Directory ErrorLog /export/home/httpd/logs/tomcat_error CustomLog /export/home/httpd/logs/tomcat_access common /VirtualHost IfModule mod_jk.c JkWorkersFile /opt/tomcat/jakarta-tomcat/conf/workers.properties JkLogFile /opt/tomcat/jakarta-tomcat/logs/mod_jk.log JkLogLevel debug JkAutoAlias /opt/tomcat/jakarta-tomcat/webapps JkMount /*.jsp ajp13 JkMount /*/servlet/ ajp13 JkMount /examples ajp13 JkMount /examples/* ajp13 /IfModule I have this workers.properties setup: worker.list=testWorker worker.testWorker.port=8009 worker.testWorker.host=localhost worker.testWorker.type=ajp13 And I didn't touch the Connector Classname entry in server.xml: !-- Define an AJP 1.3 Connector on port 8009 -- !-- Connector className=org.apache.ajp.tomcat4.Ajp13Connector port=8009 minProcessors=5 maxProcessors=75 acceptCount=10 debug=0/ But whenever I try to access any JSP pages via Apache, I get a 500 Internal Server Error with these entries in the mod_jk.log: [Fri Aug 15 12:51:57 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Aug 15 12:51:57 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/examples/jsp/index.html' [Fri Aug 15 12:51:57 2003] [jk_uri_worker_map.c (502)]: jk_uri_worker_map_t::map_uri_to_worker, Found a context match ajp13 - /examples/ [Fri Aug 15 12:51:57 2003] [jk_worker.c (132)]: Into wc_get_worker_for_name ajp13 [Fri Aug 15 12:51:57 2003] [jk_worker.c (136)]: wc_get_worker_for_name, done did not found a worker Any ideas or tips would be greatly appreciated. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does load balancing with sticky sessions work with mod_jk?
I've now compiled mod_jk 1.2.4 from source for Apache 1.3.28 under Win32. My jvmRoute attributes exist and match the entries in workers.properties for the appropriate hosts. I'm still showing my requests ping-ponging between the two servers. Can you think of anything else that I could be doing wrong? G. Wade Cristopher Daniluk wrote: Still advisable to compile the connector from source. Also maek sure your worker names in worker.properties match the names of the jvmRoute. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:29 AM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? Thanks for the response. I have the jvmRoute attribute set on both of my Tomcats. I am (unfortunately) running under Windows at the moment. From your response, I guess you are not. I'll see if I can compile the source. Thanks, G. Wade Cristopher Daniluk wrote: Make sure you set a jvmRoute and if you have trouble, compile the mod_jk.so from src rather than using a binary. It works just fine... -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:56 AM To: Tomcat Users List Subject: Does load balancing with sticky sessions work with mod_jk? Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Sticky-sessions problems with mod_jk
Versions: Apache: 1.3.28 Win32 mod_jk/1.2.4 Tomcat 1: 4.1.24 Tomcat 2: 4.1.24 I'm investigating load balancing a Tomcat application that I've been working on for the last few months. I'm currently having problems with stick sessions. My application uses BASIC authentication and Single Signon. Since I'm a little on the paranoid side, I went through this exercise fairly slowly. Using John Turner's docs, the last 6 months of Tomcat Users Archives, and about a dozen other links from the Tomcat site and the archives, I've managed the following steps. 1. Using mod_jk and Apache to access Tomcat server with Tomcat and Apache both on localhost. No problems. 2. Using mod_jk and Apache to access Tomcat server on a different host. No problem. Now that I'm sure I am not messing up the easy stuff, I moved to load balancing. I can see that the Apache is definitely sending the requests to both servers. However, I need the requests to remain sticky. Currently, the requests bounce randomly between the servers. Another interesting point is that I get two JSESSIONIDSSO cookies when I'm trying to do the load balancing (with different paths). When I'm not doing load balancing, I get one JSESSIONIDSSO cookie with a path of '/'. Each request to the Apache server goes to a different Tomcat instance. The main noticable problem is the need to log in twice. I also receive new cookies on every request. (Although that would not bother most people.) I'm trying to figure out if this is a mod_jk problem, an Apache 1.3 problem, a Windows problem, or my problem.grin/ Thanks for any insight into this problem. Here are appropriate chunks from my configuration files. --- mod_jk.conf - IfModule !mod_jk.c LoadModule jk_module c:/Apache/Apache/modules/mod_jk_1.3.27.dll /IfModule JkWorkersFile conf/workers.properties JkLogFile logs/mod_jk.log JkLogLevel info VirtualHost localhost ServerName localhost JkMount /IS500/change_password loadbalancer JkMount /IS500/normal_state loadbalancer JkMount /IS500/update_events loadbalancer JkMount /IS500/historical_data loadbalancer JkMount /IS500/historical_update loadbalancer JkMount /IS500/alarmlist loadbalancer JkMount /app/* loadbalancer JkMount /Pictures/* loadbalancer JkMount /Config/* loadbalancer /VirtualHost --- workers.properties - # BEGIN workers.properties worker.list=loadbalancer # Load Balancing worker worker.loadbalancer.type=lb worker.loadbalancer.balanced_workers=tomcat1,tomcat2 worker.loadbalancer.sticky_session=1 # Local Tomcat worker.tomcat1.port=8009 worker.tomcat1.host=localhost worker.tomcat1.type=ajp13 worker.tomcat1.lbfactor=1 worker.tomcat1.cachesize=10 worker.tomcat1.cache_timeout=600 worker.tomcat1.socket_keepalive=1 worker.tomcat1.socket_timeout=300 # HMIRIB3 Tomcat worker.tomcat2.port=8009 worker.tomcat2.host=testserver worker.tomcat2.type=ajp13 worker.tomcat2.lbfactor=1 worker.tomcat2.cachesize=10 worker.tomcat2.cache_timeout=600 worker.tomcat2.socket_keepalive=1 worker.tomcat2.socket_timeout=300 # END workers.properties --- server.xml : Tomcat1 . . . Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ . . . Engine jvmRoute=tomcat1 name=Standalone defaultHost=localhost debug=0 . . . --- server.xml : Tomcat2 . . . Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=8009 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 useURIValidationHack=false disableUploadTimeout=true protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler/ . . . Engine jvmRoute=tomcat2 name=Standalone defaultHost=localhost debug=0 . . . - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does load balancing with sticky sessions work with mod_jk?
Chris, I've been investigating something that you said that triggered an a weird train of thought. My application is using the SingleSignOn Valve to allow a set of Servlets to work together. This means that I don't get the JSESSIONID cookie, I get the JSESSIONIDSSO cookie. Once you pointed it out, I realized that the jvmRoute was not on the end of the cookie. Looking in the mod_jk source, I can't find anywhere the '*SSO' cookie is used. It would not have been read, even if it had been sent. I'm doing further research. I'll post what I find. Thanks for all of your help so far. G. Wade Cristopher Daniluk wrote: Turn on the mod_jk logging. We had all sorts of problems with it at first. Turned out to be an incompatibility between the binary and apache with ours, but there's lots of possibilities. Check the mod_jk log and see if its having communication errors with Tomcat. Check the Tomcat logs (your app logs AND catalina.out) and see if anything shows up such as an exception. Use Mozilla and get LiveHTTPHeaders. This will show you the raw URL requests. Watch the JSESSIONID. Make sure the jvmRoute is appeneded to the end of the session.. i.e. JSESSIONID=abcdef12345.myTomcat1. Make sure the domain is being set right and that its not getting ignored. If you're sending a cookie and then the response is giving you a new cookie, its probably because of communication problems between Apache and Tomcat. Paste relevant parts of your httpd.conf, workers.properties, and server.xml if you still have trouble. Any helpful logs too... Cris -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 3:08 PM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? I've now compiled mod_jk 1.2.4 from source for Apache 1.3.28 under Win32. My jvmRoute attributes exist and match the entries in workers.properties for the appropriate hosts. I'm still showing my requests ping-ponging between the two servers. Can you think of anything else that I could be doing wrong? G. Wade Cristopher Daniluk wrote: Still advisable to compile the connector from source. Also maek sure your worker names in worker.properties match the names of the jvmRoute. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:29 AM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? Thanks for the response. I have the jvmRoute attribute set on both of my Tomcats. I am (unfortunately) running under Windows at the moment. From your response, I guess you are not. I'll see if I can compile the source. Thanks, G. Wade Cristopher Daniluk wrote: Make sure you set a jvmRoute and if you have trouble, compile the mod_jk.so from src rather than using a binary. It works just fine... -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:56 AM To: Tomcat Users List Subject: Does load balancing with sticky sessions work with mod_jk? Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does load balancing with sticky sessions work with mod_jk?
I'll attempt the compile. I did verify that the worker names in workers.properties and jvmRoute do match. Thanks again. G. Wade Cristopher Daniluk wrote: Still advisable to compile the connector from source. Also maek sure your worker names in worker.properties match the names of the jvmRoute. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 11:29 AM To: Tomcat Users List Subject: Re: Does load balancing with sticky sessions work with mod_jk? Thanks for the response. I have the jvmRoute attribute set on both of my Tomcats. I am (unfortunately) running under Windows at the moment. From your response, I guess you are not. I'll see if I can compile the source. Thanks, G. Wade Cristopher Daniluk wrote: Make sure you set a jvmRoute and if you have trouble, compile the mod_jk.so from src rather than using a binary. It works just fine... -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:56 AM To: Tomcat Users List Subject: Does load balancing with sticky sessions work with mod_jk? Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does load balancing with sticky sessions work with mod_jk?
Thanks for the response. I have the jvmRoute attribute set on both of my Tomcats. I am (unfortunately) running under Windows at the moment. From your response, I guess you are not. I'll see if I can compile the source. Thanks, G. Wade Cristopher Daniluk wrote: Make sure you set a jvmRoute and if you have trouble, compile the mod_jk.so from src rather than using a binary. It works just fine... -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Thursday, August 14, 2003 10:56 AM To: Tomcat Users List Subject: Does load balancing with sticky sessions work with mod_jk? Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Does load balancing with sticky sessions work with mod_jk?
Has anyone gotten load balancing with stick sessions working with Apache 1.3.* and mod_jk? G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with text box and submit button
That's actually a browser feature. Since you did not click the submit button, it's value would not be sent. The browser is being helpful by allowing an Enter to submit the form. The downside of this convenience for the user is more ambiguity for the developer.shrug/ G. Wade Antony wrote: Hello, Servlet is not getting the value of submit button from HTML form. I have a form with one text box ,one submit button and a reset button. When I click the submit button the servlet gets both text box and submit button values. But when the user types in data in text box and press Enter key the servlet is not getting the submit button(the focus is on text box). I am using IE 6.0 SP1,Tomcat 4.1.18. I tested this with mozilla. Mozilla works fine. I enabled the RequestDumperValve and tested. Interestingly the form is not passing the submit button. Is it a bug ?. if required I shall send the file as attachment . Antony Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Q] Is it safe to create threads in Tomcat web-apps?
I hate to speak for someone else, but I believe that Tim may have been referring to the tendency of some people to use threads without understanding their limitations. (I've seen attempts to massively thread CPU-bound applications on single CPU machines.) Threads are not magic that can be spread on a program to make it better. That being said. Tim did not say don't he asked why.grin/ That's much politer than I've normally been to people in a similar circumstance. shrug/ G. Wade [EMAIL PROTECTED] wrote: From: Tim Funk funkman () joedog ! org Subject: Re: [Q] Is it safe to create threads in Tomcat web-apps? You can create threads all day in tomcat, but here are the importnatn things to consider: - WHY! Are threads really the correct solution? - And last but not least: WHY! Are threads really the correct solution? I'm getting the impression that you think multiple threads are never the right answer. :) That's not necessarily true. Suppose that your response to a request contains three steps which are independant of one another; in order to deliver a faster response time, you'd like to execute them concurrently. If these three steps are CPU-bound, then the amount of benefit really depends on the machine; you need multiple CPUs so that the scheduler can run the different threads on different CPUs. With a single CPU, you're not likely to see much benefit. However, if the three steps are IO-bound, using multiple threads to run them concurrently can lead to a big improvement. Most of the time spent doing IO is spent waiting. (Particularly if the IO is network IO, a sub-request to a remote site, for example). If the idle times occur concurrently instead of serially, you'll certainly do better. -- Steve - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat - PERL problem.
Without seeing the code that is running forever, it's almost impossible to tell. I have seen the running forever if you call perl without a script name on the command line. When called without a script, the perl executable waits for the script on STDIN. G. Wade tito santini wrote: Dear all, I'm currently having this strange problem with Tomcat 4.0.3 (running on Solaris) and a CGI program written in PERL. The program outputs some HTML lines, and everything goes OK until the HTML page is small. When the page grows up, i.e inserting SELECT field with 100 options, Tomcat stops responding. The UNIX ps command shows: user1 12838 12310 0 16:14:45 pts/50:00 /usr/local/bin/perl /usr/local/jakarta-tomcat-4.0.3/webapps/my_app/WEB-INF/ user1 12464 12310 0 14:34:56 pts/50:00 /usr/local/bin/perl /usr/local/jakarta-tomcat-4.0.3/webapps/my_app/WEB-INF/ Those processes don't stop running until killed. Any help? Thanks in advance. Tito. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: taking quite a long time for applet to come up
Which browser are you using? I have seen the second authentication window effect on Netscape 4.79. I don't see it on newer Netscapes, Mozilla, or recent IE. G. Wade Paridhi Bansal wrote: Hi!! I have tomcat 4.0.6 running servlet-applet application..i have two folders in my webapps folder and i have removed all the original folders(manager, example,tomcat-docs)from webapps.i have removed corresponding entries from server.xml file also..still whenever, i restart tomcat, in the logs i can see tomcat redaing and loading variouus parameters say web.xml for all these now non-existing directories..From where(which conf file) is it reading this info???Can this be a factor for the slowness?? Next, my application is SSL based and i have used BASIC authentication scheme..My servlet is invoked from an html page link.. Initially b4 i get the html page , i get the certificate dialog box and username-password window..then html page openes up..on clicking the link to servlet, the applet sized base shows up on the next page immediately but it takes a lot of time for the applet to appear..in between the certificate appears again and the authentication window too comes in again... I wanted to ask why is the authentication window coming twice when it's the same username and password that user has to enter..is it possible to get rid of any one of these windows so that ineed to authenticate only once.. Second, is it possible to reduce the time between my clicking on the hyperlink and the second certificate screen to come up...why does it takes so much time???because once the certificate screen appears, the auth window comes quickly and then within 20-30 seconds, the applet appears..IS IT possible to somehow reduce the time for the applet to appear// Paridhi -- __ Sign-up for your own FREE Personalized E-mail at Mail.com http://www.mail.com/?sr=signup - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Urgent : Can we restrict access to a directory in tomcat
Unfortunately, this doesn't always work. In the past, I've had problems with IE not sending the Referer header on some requests.shrug/ G. Wade Tom Oinn wrote: The other way to do it would be to check the referer page, this seems to be quite a common trick and will confound most people trying to link directly to your images (which is what I imagine you're trying to prevent). There may be a more elegant way of doing it, but you could create a servlet that is mapped to your /images mount point which inspects the referer field in the request and, assuming it is valid, returns the appropriate content from a directory outside of your web application. As all requests would go through the servlet you have access control. Tom Shapira, Yoav wrote: Howdy, That one's tricky (and strange). When you have a servlet or JSP, the output the user sees is HTML. In HTML, you have img tags. The browser will request those images normally in HTTP requests. So from the server's perspective, the request is the same whether the user types in the image URL or you embed it in one of your pages. Would something like using a mangled images directory name ($KF_%# or something) be sufficient? A name that's hard for users to guess and use directly? Yoav Shapira Millennium ChemInformatics -Original Message- From: Syed Nayyer Kamran [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 9:33 PM To: [EMAIL PROTECTED] Subject: Urgent : Can we restrict access to a directory in tomcat hi there, I want to restrict the user to access the images directly through the web. They should be able to access these images through web pages developed as jsp/servlet but should not be able to access these images displayed on page by copying the image url to the address bar. Is tomcat directly support this functionality. or any other solution. Thanks in advance for any solution of the problem. Nayyer Kamran This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet thread safety
This may be an obvious question, but is there any guarantee one way or the other about whether there is a separate servlet object for each concurrent request. In other words, is there any chance that instance data would be shared between two requests? If so, are we guaranteed if the instance data will always be shared between two requests. I didn't see any, but I may just have missed it. G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet thread safety
How about the flip side? Is instance data guaranteed separate for each request? I Have some code that relies on instance data and I just had the horrible realization that I have assumed that no two concurrent requests will be talking to the same object. Thanks again, G. Wade Shapira, Yoav wrote: Howdy, You didn't miss it. No such guarantee exists for normal servlets. See the javax.servlet.SingleThreadModel interface for one approach to this issue. However, many people will tell you to avoid SingleThreadModel for various reasons. I tend to agree. The design and implementation of your servlets should not depend on the synchronization of their service methods by the container. If you have shared resources put them in objects (often singletons) outside the servlets. Yoav Shapira Millennium ChemInformatics -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 12:08 PM To: Tomcat Users List Subject: Servlet thread safety This may be an obvious question, but is there any guarantee one way or the other about whether there is a separate servlet object for each concurrent request. In other words, is there any chance that instance data would be shared between two requests? If so, are we guaranteed if the instance data will always be shared between two requests. I didn't see any, but I may just have missed it. G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet thread safety
That's what I figured. Oh well, time for a little minor reorganization of code. G. Wade John Corrigan wrote: No. Concurrent requests will most likely be be processed by the same instance of your Servlet class, however it is not guarantted. -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 9:43 AM To: Tomcat Users List Subject: Re: Servlet thread safety How about the flip side? Is instance data guaranteed separate for each request? I Have some code that relies on instance data and I just had the horrible realization that I have assumed that no two concurrent requests will be talking to the same object. Thanks again, G. Wade Shapira, Yoav wrote: Howdy, You didn't miss it. No such guarantee exists for normal servlets. See the javax.servlet.SingleThreadModel interface for one approach to this issue. However, many people will tell you to avoid SingleThreadModel for various reasons. I tend to agree. The design and implementation of your servlets should not depend on the synchronization of their service methods by the container. If you have shared resources put them in objects (often singletons) outside the servlets. Yoav Shapira Millennium ChemInformatics -Original Message- From: G. Wade Johnson [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 12:08 PM To: Tomcat Users List Subject: Servlet thread safety This may be an obvious question, but is there any guarantee one way or the other about whether there is a separate servlet object for each concurrent request. In other words, is there any chance that instance data would be shared between two requests? If so, are we guaranteed if the instance data will always be shared between two requests. I didn't see any, but I may just have missed it. G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: no localhost but 127.0.0.1:8080 works
Under Windows NT, the file was found in \WINNT\System32\drivers\etc Under Windows XP, it is found in \WINDOWS\System32\drivers\etc I know it is located differently on Windows 95/98 type systems. JS wrote: Hi Group, I have a problem here, my setup no longer responds to http://localhost:8080/blahblah.It works if I use the IP addy, 127.0.0.1:8080, but I think this is causing some problems within tomcat with its own internal references. Does anyone know how I can fix this. I vaguely recall reading about a hosts file in System32 folder of windows but cant remember for the life of me what it was talking about. Thanks JS - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDBCRealm magic table names?
I just spent two hours tracking down a problem caused by new Oracle tables we created for my application. I'm running Tomcat 4.1.18 with Java 1.4.1. Our DBA created tables for my system to use with authentication thru the JDBCRealm. I populated the table and attempted to log in. The system consistently refused my login. After digging in the source of JDBCRealm, I found that no matter what I did, the request for the password would return null if the name of the table is 'WEB_USER'. If I change the name of the table, everything works. Does this make sense to anyone? I can have the table name changed, but I'd like to know why that name is special. G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: MBeanException on init new Realm class
Thanks for the response. (Apparently, all of the list archives are _not_ created equal.shrug/) I've attempted this change and ended up with another problem. Now I exception with: ServerLifecycleListener: createMBeans: MBeanException java.lang.ClassCastException at org.apache.commons.modeler.ManagedBean.createMBean(ManagedBean.java:386) at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:620) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:574) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:783) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:751) Checking the code in org.apache.commons.modeler.ManagedBean.createMBean() shows the exception is occurring in this code: Class clazz = null; try { clazz = Class.forName(getClassName()); } catch (Exception e) { throw new MBeanException (e, Cannot load ModelMBean class + getClassName()); } // Create a new ModelMBean instance ModelMBean mbean = null; try { // exception occurs here v --- mbean = (ModelMBean) clazz.newInstance(); mbean.setModelMBeanInfo(createMBeanInfo()); } catch (MBeanException e) { As near as I can tell, this method has not even accessed my object yet. Obviously, I'm baffled. Any clues that can help me track this further? Thanks again, G. Wade Bill Barker wrote: It's sparsely documented (and AFAIK only at all for 4.1.18), but it comes up on this list like clockwork ;-). You need to do a better search on the archives. You need to create an mbeans-descriptors.xml file (in your case, just copy the JDBCRealm stuff and change the name), usually in the same package as your Realm, and package it in the same jar file as your Realm. Then set the 'descriptors' attribute on the ServerLifeCycleListener to point to your mbeans-descriptors.xml. e.g. : Listener className=org.apache.catalina.mbeans.ServerLifeCycleListener descriptors=/com/myfirm/mypackage/realm/mbeams-descriptors.xml / G. Wade Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am working on a Tomcat-based server (4.1.18). I've checked the list archive without a match. The particular application required an authentication model that was close-to but not quite the same as JDBCRealm. I wrote a new class that extends JDBCRealm to add the needed behavior. When I restart the Tomcat server, I get the following exception: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with CryptJDBCRealm at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:614) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:574) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:783) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:751) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:339) at org.apache.catalina.mbeans.ServerLifecycleListener.lifecycleEvent(ServerLife cycleListener.java:206) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:166) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2182) at org.apache.catalina.startup.Catalina.start(Catalina.java:512) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) The code is called. It does function. My class basically overrides the method public synchronized Principal authenticate(Connection dbConnection, String username, String credentials); There are no other methods in the class. Any thoughts, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands
Re: MBeanException on init new Realm class - FIXED
I found the solution to my final problem on this. For the CryptJDBCRealm class, the mbean-descriptor is exactly the same as the one for JDBCRealm except for two attributes: name and type. mbean name=CryptJDBCRealm className=org.apache.catalina.mbeans.ClassNameMBean description=Extension of domain=Catalina group=Realm type=com.abbnm.realm.CryptJDBCRealm ... Don't change the 'className' attribute like I did. You'll get the ClassCastException I reported below. BTW, it is important not to change configuration files you don't understand when you are low on caffeine.shrug/ Thanks for everyone's help. G. Wade G. Wade Johnson wrote: Thanks for the response. (Apparently, all of the list archives are _not_ created equal.shrug/) I've attempted this change and ended up with another problem. Now I exception with: ServerLifecycleListener: createMBeans: MBeanException java.lang.ClassCastException at org.apache.commons.modeler.ManagedBean.createMBean(ManagedBean.java:386) at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:620) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:574) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:783) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:751) Checking the code in org.apache.commons.modeler.ManagedBean.createMBean() shows the exception is occurring in this code: Class clazz = null; try { clazz = Class.forName(getClassName()); } catch (Exception e) { throw new MBeanException (e, Cannot load ModelMBean class + getClassName()); } // Create a new ModelMBean instance ModelMBean mbean = null; try { // exception occurs here v --- mbean = (ModelMBean) clazz.newInstance(); mbean.setModelMBeanInfo(createMBeanInfo()); } catch (MBeanException e) { As near as I can tell, this method has not even accessed my object yet. Obviously, I'm baffled. Any clues that can help me track this further? Thanks again, G. Wade Bill Barker wrote: It's sparsely documented (and AFAIK only at all for 4.1.18), but it comes up on this list like clockwork ;-). You need to do a better search on the archives. You need to create an mbeans-descriptors.xml file (in your case, just copy the JDBCRealm stuff and change the name), usually in the same package as your Realm, and package it in the same jar file as your Realm. Then set the 'descriptors' attribute on the ServerLifeCycleListener to point to your mbeans-descriptors.xml. e.g. : Listener className=org.apache.catalina.mbeans.ServerLifeCycleListener descriptors=/com/myfirm/mypackage/realm/mbeams-descriptors.xml / G. Wade Johnson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am working on a Tomcat-based server (4.1.18). I've checked the list archive without a match. The particular application required an authentication model that was close-to but not quite the same as JDBCRealm. I wrote a new class that extends JDBCRealm to add the needed behavior. When I restart the Tomcat server, I get the following exception: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with CryptJDBCRealm at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:614) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:574) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:783) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:751) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecy cleListener.java:339) at org.apache.catalina.mbeans.ServerLifecycleListener.lifecycleEvent(ServerLife cycleListener.java:206) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor t.java:166) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2182) at org.apache.catalina.startup.Catalina.start(Catalina.java:512) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke
MBeanException on init new Realm class
I am working on a Tomcat-based server (4.1.18). I've checked the list archive without a match. The particular application required an authentication model that was close-to but not quite the same as JDBCRealm. I wrote a new class that extends JDBCRealm to add the needed behavior. When I restart the Tomcat server, I get the following exception: ServerLifecycleListener: createMBeans: MBeanException java.lang.Exception: ManagedBean is not found with CryptJDBCRealm at org.apache.catalina.mbeans.MBeanUtils.createMBean(MBeanUtils.java:614) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:574) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:783) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:751) at org.apache.catalina.mbeans.ServerLifecycleListener.createMBeans(ServerLifecycleListener.java:339) at org.apache.catalina.mbeans.ServerLifecycleListener.lifecycleEvent(ServerLifecycleListener.java:206) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:166) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2182) at org.apache.catalina.startup.Catalina.start(Catalina.java:512) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) The code is called. It does function. My class basically overrides the method public synchronized Principal authenticate(Connection dbConnection, String username, String credentials); There are no other methods in the class. Any thoughts, G. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]