RE: Tomcat 5.5.12 and user-agent header

2005-10-11 Thread Mark Thomas
Have you looked at the headers between Tomcat and your UA? Is your UA actually
sending the UA header? If it is then it looks like a sitemesh problem from what
you have described. There are a range of tools for looking at headers.
livehttpheaders is good, as is TcpMon which is distributed as part of Axis.

Mark 

 -Original Message-
 From: Richard Mixon [mailto:[EMAIL PROTECTED] 
 Sent: Monday, October 10, 2005 12:00 AM
 To: 'Tomcat Users List'
 Subject: RE: Tomcat 5.5.12 and user-agent header
 
 Leon,
 
 Thank you for the test - but I still get a null user-agent 
 right after the
 login. Here is a snippet of my code:
 
   !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN 
   http://www.w3.org/TR/html4/loose.dtd;
   %@ include file=/common/taglibs.jspf%
   %@ page import=com.ltoj.common.Constants %
   html:html locale=true
   head
   %@ include file=/common/meta.jspf %
   titledecorator:title//title
   script type=text/javascript src=c:url
 value='/scripts/environment.js'//script
   script type=text/javascript src=c:url
 value='/scripts/util.js'//script
   script type=text/javascript src=c:url
 value='/scripts/helptip.js'//script
   script type=text/javascript src=c:url
 value='/scripts/tabs.js'//script
   script type=text/javascript src=c:url
 value='/scripts/CalendarPopup.js'//script
   script type=text/javascript src=c:url
 value='/scripts/chartWizard.js'//script
   link rel=stylesheet type=text/css media=all href=c:url
 value='/styles/default.css'/ / 
   link rel=stylesheet type=text/css media=all href=c:url
 value='/styles/messages.css'/ / 
   link rel=stylesheet type=text/css media=all href=c:url
 value='/styles/tabs.css'/ / 
   decorator:head/
   %
   String _userAgent = request.getHeader(user-agent);
   out.write(USER-AGENT='+_userAgent+'); 
   ...
 
 Here's the sequence:
 
 1) I issue a request to this page.
 
 2) CMA says oh, that's protected and shows my custom login 
 page. I get
 user-agent displayed fine:
  USER-AGENT='Mozilla/5.0 (Windows; U; Windows NT 5.2; 
 en-US; rv:1.7.12)
 Gecko/20050915 Firefox/1.0.7'
 
 3) But on the next page (the original target page of the request),
 user-agent shows as null.
  USER-AGENT='null'
 
 I can refresh the page or go to any other page in my 
 application and the
 user agent is fine again.
 
 The only thing a bit non-standard about this JSP page is that it is a
 SiteMesh decorator page. 
 
 If I run the same test, same pages in Tomcat 5.5.9 I never 
 get user-agent of
 null.
 
 Our application does check the user-agent header a good bit. 
 We use Select
 lists with option groups - but some browsers do not support this so we
 simulate it by indenting the select options ourselves.
 
 Luckily all of this activity happens well after the initial 
 login - so we
 are safe, now that I changed the decorator to make sure 
 user-agent is not
 null before doing anything with it.
 
 But it seems other applications might be affected by this - no?
 
 Thanks again - Richard
 
 
 
 
 
 
 -Original Message-
 From: Leon Rosenberg [mailto:[EMAIL PROTECTED] 
 Sent: Sunday, October 09, 2005 1:45 PM
 To: Tomcat Users List; [EMAIL PROTECTED]
 Subject: Re: Tomcat 5.5.12 and user-agent header
 
 Hmm, I downloaded 5.5.12 and tried the agent-header specific 
 code with it:
 
   public void processLogin(User user, HttpServletRequest req,
 HttpServletResponse res) {
   StringBuffer info = new StringBuffer();
   info.append(login );
   info.append(user.getUserName());
   info.append( [);
   info.append(user.getUserId().getPlainPresentation());
   info.append(] );
   info.append(user.getEmail());
   info.append( );
   
 info.append(UserHelper.getGenderDescription(user.getGender()));
   info.append( );
   
 info.append(UserHelper.getStatusDescription(user.getMembership
 Status()));
   info.append( );
   info.append(req.getRemoteAddr());
   info.append( / );
   info.append(req.getRemoteHost());
   info.append( Agent: );
   info.append(req.getHeader(user-agent));
   log.info(info); 
   }
 
 outcome was:
 
 2005-10-08 15:36:50,453 INFO  - login leon [6] [EMAIL PROTECTED] male premium
 127.0.0.1 / 127.0.0.1 Agent: Mozilla/5.0 (Windows; U; Windows 
 NT 5.0; en-US;
 rv:1.7) Gecko/20040626 Firefox/0.8
 
 which I think was same behaviour as before.
 
 I took tomcat out of the box (5.5.12 tar.gz) and only changed 
 the http port.
 
 regards
 leon
 
 
 On 10/8/05, Richard Mixon [EMAIL PROTECTED] wrote:
  I am just using the standard HTTP connector. This is on my 
 development 
  workstation so I don't normally run JK and Apache, except for final
 testing.
 
  On the developer list I did see one mention of user-agent 
 header, but 
  on closer inspection it appeared to be for a completely 
 different issue.
 
  Thanks - Richard
 
  -Original 

RE: hot redeploy now work. locked jsf-impl.jar

2005-10-08 Thread Mark Thomas
Take a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=10026. It may
be related.

Mark

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 Sent: Saturday, October 08, 2005 5:20 PM
 To: tomcat-user@jakarta.apache.org
 Subject: hot redeploy now work. locked jsf-impl.jar 
 
 I deploy xsoft.war in webapps directory.  It creates a 
 diretory xsoft and
 deploy works.
 
 NEXT, I drop xsoft.war in the webapps directory again.  Tomcat starts
 deleting all files from previous deployment but can't delete 
 jsf-impl.jar.
  Because of this, tomcat does not deploy xsoft.war and the 
 xsoft directory
 is left empty except this one file.
 
 This was hard to figure out as tomcat logs say nothing about what
 happened.  They don't tell you that redeploy failed because 
 tomcat did not
 succeed in deleting the first deployment.  It took me forever 
 to figure
 out what was going on.
 
 Anyone know why jsf-impl.jar would be locked.  I try to 
 manually delete it
 and can't until I shutdown tomcat.  Is tomcat not unlocking the file
 correctly after it reads it into the classloader for this app?
 
 thanks for any help on this,  Temporarily I just created an ant script
 that stops tomcat, deletes previous xsoft directory, redeploys app and
 restarts tomcat but this takes forever.
 dean
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -- 
 No virus found in this incoming message.
 Checked by AVG Anti-Virus.
 Version: 7.0.344 / Virus Database: 267.11.13/124 - Release 
 Date: 07/10/2005
 
 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: hot redeploy now work. locked jsf-impl.jar

2005-10-08 Thread Mark Thomas
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 
 I am confused.  It looks like they found a way to make tomcat 
 so if the
 jars had that problem, tomcat could still handle it, but only 
 put this in
 4.x.  It is not in 5.0(ie. the last post in the message).

The functionality has been in 5.5.x for a while. It wasn't back ported to the
5.0.x branch. Development on the 5.0.x branch stopped shortly after the first
stable 5.5.x so it is very unlikely that it ever will. If you are using 5.0.x at
the moment, now might be a good time to move to 5.5.x. You should also note that
there are two anti-locking options, antiJARLocking and antiResourceLocking. Make
sure you read the docs before trying to use them.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



RE: SessionListener invoked sometimes and not others

2005-10-08 Thread Mark Thomas
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
 So after a restart of tomcat, I login and it appears the 
 session is still
 valid, so it does not go through my session listener.
 
 I need to be aware of the web application lifecycle and want to grab a
 resource when the webapp starts and release when the web app 
 goes away. 
 How do I do that?

Use a ServletContextListener.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: isapi_redirector2.dll question

2005-10-06 Thread Mark Thomas

John,

JK2 is deprecated. Are you sure you want to use it? See 
http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/connectors.html 
for a list of connectors and current statuses for TC4.


Mark

John MccLain wrote:

I have installed the IIS to Tomcat redirector on my windows XP pro machine
and it works great. I took the same steps to install in on a win2k machine
running IIS5.0, and it fails. Both machines have the same tomcat version
(5.5.11) and both are configured identically. Here is the
workers2.properties file
-
#Look at
#http://jakarta.apache.org/tomcat/tomcat-4.1-doc/jk2/jk2/configwebcom.html
#for parameter description

[shm:]
info=Scoreboard. Required for reconfiguration and status with multiprocess
servers
file=c:/tomcat/temp/jk2.shm
size=1048576

#[channel.socket:localhost:8009]
#info=Ajp13 forwarding over socket
#tomcatId=localhost:8009

# define the worker
[ajp13:localhost:8009]
channel=channel.socket:localhost:8009
tomcatId=localhost:8009


# Map webapps to the Web server uri space
[uri:/Acuity/*]
-
I ahve also put the required registry entries in and added the dll as a
filter into IIS - both done on both machines.
All is fine on my machine, but on the win2k machine (with 256 mb memory),
the log file gives the error:

Error [jk_isapi_plugin.c(496)]HttpExtensionPOroc: worker is NULL


I have rebooted both machines, and the filter DOES have an up arrow listed
for its status in both machines.

My question is - What are the ways a worker is NULL can occur, and how do
I fix this error???

John McClain
Senior Software Engineer
TCS Healthcare
[EMAIL PROTECTED]
(530)886-1700x235
Skepticism is the first step toward truth


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: how to disable jk2 and enable jk1 on Tomcat5 with Apache 1.3

2005-10-06 Thread Mark Thomas

alebu wrote:

On Tomcat startup there is info message that indicates that tomcat starts
using jk2.

As I understand, that cames from that line in server.xml:
Connector port=8009 enableLookups=false redirectPort=8443 debug=0
protocol=AJP/1.3 /

How to disable jk2 and prevent tomcat to use jk1.2 ?

 The info messages shows it starting with JK on my machine. I think 
we will need to see a copy of the message and your server.xml


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: mysql connection with JSP

2005-10-06 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list. 
It should also be noted that many list subscribers automatically 
ignore any messages that hijack another thread.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner


Cengiz Yazgan wrote:

Hi  everybody

I want to connect a mysql database with jsp code.
Can anybody help me to write a connection string.

Thx.


Cengiz YAZGAN
Sistem Mühendisi/System Engineer
DorukNet
Tel / Phone : +90 212 326 92 00 / 447
Fax : +90 212 227 28 11
E-mail : [EMAIL PROTECTED] 
http://www.doruk.net.tr 
http://www.doruk.net.tr/english.html




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Why Tomcat return me a OLD version of my doc.jar ?

2005-10-06 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list. 
It should also be noted that many list subscribers automatically 
ignore any messages that hijack another thread.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner


Amadeo Alonso wrote:

Hi all,
¿Can anyone explain it , please?

I use Tomcat 5.5 as server pages html with an 'Applet' that uses a 
'doc.jar'
I have placed two connector tags  in 'server.xml' file to use ports 
:80 y :8080 in the same way
I Have fixed bugs from mi 'doc.jar' (v1) to a new version with the same 
name 'doc.jar' (v2)


and now, (using IExplorer):

OK: 
_http://expresiongrafica.caminos.upm.es:8080/PAU/PAU-Septiembre2005-C2.html

return de rigth 'doc.jar' (v2)

BUT: 
_http://expresiongrafica.caminos.upm.es:80/PAU/PAU-Septiembre2005-C2.html
   o 
_http://expresiongrafica.caminos.upm.es/PAU/PAU-Septiembre2005-C2.html
return me the OLD VERSION of 'doc.jar' (v1) with the old bugs, as I 
deduct from the 'Java Console'


OK also _http://localhost /PAU/AppletDoc.html   (or 127.0.0.1)
 _http://localhost:80/PAU/AppletDoc.html
 _http://localhost:8080/PAU/AppletDoc.html
 _http://localhost:8080/PAU/AppletDoc.html

BUT  _http://138.100.67.143:8080/PAU/AppletDoc.html OK
_http://138.100.67.143 /PAU/AppletDoc.html (o 
:80) BAD, v1


How can I destroy the old version? where is it? What is it happening?

regards
amadeo.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: exception in session handling

2005-10-06 Thread Mark Thomas

Ronald Klop wrote:

Hello,

Is it normal that the session is invalidated before the valueUnbound 
handlers are called?


The spec is your friend.

spec-quote section=SRV.15.1.7
...For sessions that are invalidated or expire, notifications are sent 
after the session has been invalidated or expired...

/spec-quote

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Q:how to remove charset from HTTP responce to allow browser use a browser selected charset?

2005-10-06 Thread Mark Thomas

Mark wrote:

Hello,

In my application users enter data using different languages.
The problem I'm facing is the browser sets the page encoding always
to ISO-8859-1. (I guess this is default based on server OS)

User can change encoding on the page (Browser settings) and
everything looks OK but only for one page. On the next page encoding
is back to ISO-8859-1.
Is there any way to instruct tomcat not to send the page encoding?


If you are using JSPs, no. The spec requires that the charset is set.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat Manager, Session Statistics

2005-10-05 Thread Mark Thomas

Jean-Pierre Pelletier wrote:

Hi,

1) When I look at sessions statistics for an application,
using https://localhost/manager/html/sessions?path=/myApplication

Why does Tomcat always list the number of sessions to expired
within 10 minutes as equal to the number of active sessions?


Looks like a bug to me.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: setting the context path in tomcat5.5.9?

2005-10-04 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list. 
It should also be noted that many list subscribers automatically 
ignore any messages that hijack another thread.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner


Mbah Tenjoh-Okwen wrote:

hello

i would like to know how to set the context path in
tomcat5.5.9 hi

 I  also read something and a build.properties file
and i dont know how to do this too.

please i need help on this cause i cant see my
application file when i give in the uri
http://localhost:8080/myApp






___ 
How much free photo storage do you get? Store your holiday 
snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: httpConnector secure=true problem (second attempt)

2005-10-04 Thread Mark Thomas

This is a bug that is fixed in 5.5.10+

Mark

Reynir Hubner wrote:

Hi,

I'm trying to have one connector on tomcat 5.0.x open with secure=true
with
out it being SSL or https. I just want request.isSecure() return true.
This is the setup for the connector :

  Connector port=9020

   maxThreads=150 minSpareThreads=25 maxSpareThreads=75

   enableLookups=false redirectPort=8443 acceptCount=100

   debug=99 connectionTimeout=2

   disableUploadTimeout=true secure=true scheme=http  /

The port is opened with out errors, but does never return anything, and
I see no errors in my log.
Am I missing out on something or is this a bug ?, It works fine with
tomcat 4.1.x.

Any suggestions ?
thanx
[EMAIL PROTECTED]

ps. thanx for the info Mark.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Certificate authentication

2005-10-04 Thread Mark Thomas

James Rome wrote:

Why don't my methods get called? The start() method gets called, but
nothing else.
Take a look at 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/authenticator/package-summary.html


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Setting up HTTP Basic for a full Web-App

2005-10-04 Thread Mark Thomas

David,

You post is missing some key information before anyone here is going 
to be able to help you.


What happens that you don't expect to happen?
What doesn't happen that you do expect to happen?

Mark

David Johnson wrote:

Anyone have any thoughts on this?

On 9/30/05, David Johnson [EMAIL PROTECTED] wrote:


Hi all.

I think I'm doing something wrong. I'veadded the following to my web
application to use http-basicis there anything else I need to do to ensure
anyone logging in like this has full access to the app?

!-- Define a security constraint on this application --
security-constraint
 web-resource-collection
   web-resource-nameEntire Application/web-resource-name

   url-pattern/*/url-pattern
 /web-resource-collection
 auth-constraint
   !-- This role is not in the default user directory --
   role-namemanager/role-name

 /auth-constraint
/security-constraint

!-- Define the login configuration for this application --
login-config
 auth-methodBASIC/auth-method
 realm-nameMy Application/realm-name

/login-config

!-- Security roles referenced by this web application --
security-role
 description
   The role that is required to log in to the Application
 /description

 role-namemanager/role-name
/security-role



--
-Dave
[EMAIL PROTECTED]






--
-Dave
[EMAIL PROTECTED]






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: WebDAV characters bug?

2005-10-03 Thread Mark Thomas
Looks like a bug to me. Create a bugzilla entry for it and I'll try 
and take a look before the next release.


Mark

Roland Rabben wrote:

I am using Tomcat 5.5.9 (on Windows XP) and WebDAV to upload files to my
server. However it seems to be a bug or limitation in the Tomcat WebDAV
that limits the use of some characters I frequently use.

Unsupported characters are :
; (semicolon)
+ (plus)
# (pound)

I know these are reserved characters, so I have tried to URL encode
them, but Tomcat ignores the URL encoding and writes the URL encoded
filenames to disk. Eg. myfile;01.txt is saved like myfile%B301.txt
on the server. Tomcat is configured to do URL Encoding. If I don't do
URL Encoding it simply cuts the end of the filename from semicolon like
myfile.

This is my Connector configuration in server.xml:
 Connector port=80 
 maxHttpHeaderSize=8192 useBodyEncodingForURI=true

URIEncoding=UTF-8
 maxThreads=150 minSpareThreads=25 maxSpareThreads=75
 enableLookups=false redirectPort=8443 acceptCount=100
 connectionTimeout=2 disableUploadTimeout=true /

I also tested this in Tomcat 5.5.12 with same problems. I have tested
several clients. IE 6.0, DavExplorer and own code.

The reason I think this is a bug is because these characters are
supported by Apache/mod_dav. 
Anyone know of a fix to this problem, or if it is a known bug?


Regards
Roland Rabben
Technical Director
Scala Nordic AS
[EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: http connector secure=true

2005-10-03 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list. 
It should also be noted that many list subscribers automatically 
ignore any messages that hijack another thread.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner


Reynir Hubner wrote:

Hi,

I'm trying to have one connector on tomcat open with secure=true with
out it being SSL or https. I just want request.isSecure() return true.
This is the setup for the connector :

  Connector port=9020

   maxThreads=150 minSpareThreads=25 maxSpareThreads=75

   enableLookups=false redirectPort=8443 acceptCount=100

   debug=99 connectionTimeout=2

   disableUploadTimeout=true secure=true scheme=http  /

The port is opened with out errors, but does never return anything, and
I see no errors in my log.
Am I missing out on something or is this a bug ?, It works fine with
tomcat 4.1.x.

Any suggestions ?
thanx
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: combining form based authentication with https

2005-10-01 Thread Mark Thomas

Peddireddy Srikanth wrote:

Hi all,

I have a basic doubt  If there are any resoursec which will me on this
please point me towards them. I will carry on from there.

My question is how to combine the form based authentication, where we use
jsecuritycheck , jusername etc with https.
As far as I know if we use form based authentication username and
password will be authenticated by the container managed resource
called 'jsecuritycheck. But the data transfer from client browser to
tomcat will be still a plain text. i want to encrypt this and
obviously i need to use https.
So how to combine both  and how tomcat wil help me doping this??


Providing you have an https connector configured, you can use 
something like this in your security-constraint


user-data-constraint
  transport-guaranteeCONFIDENTIAL/transport-guarantee
/user-data-constraint

See the spec for more details.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: wrapper.properties is existing?

2005-10-01 Thread Mark Thomas

Matson, Sunny (GE Healthcare) wrote:

Hi All,

   Is there any wrapper.properties file we can write in Tomcat 5.5
which is equivalent to jserv.properties in Jserv. If it is, how should I
write this file and where I need to place it. 


Don't know. What does it do?

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Charset configurations for JSP pages

2005-10-01 Thread Mark Thomas

Mieke Banderas wrote:

Mark Thomas said:

Read the spec.

Where in the spec?


JSP.4 Internationalization Issues would seem to be a blinding 
obvious place to start.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Reg form based authentication

2005-10-01 Thread Mark Thomas

sree kanth wrote:

Hi all,
i have been developing on JSP's for the last one year,but still i have never
implemented form based authentication.
Can any one help me in implenting form based authentication?
Thank you all
Sreekanth


Very basic example:
Put login.jsp and error.jsp in the root of your application and add 
the web.xml snippet to your application's web.xml file.


Mark

login.jsp
html
  head
titleLogin/title
  /head
  body
form method=POST action='%= 
response.encodeURL(j_security_check) %' name=loginForm

  input type=text name=j_username size=16 id=username/
  input type=password name=j_password size=16 id=password/
  input type=submit value=Submit /
  input type=reset value=Reset /
/form
  /body
/html

error.jsp
html
  head
titleLogin Error/title
  /head
  body
pLogin failed./p
  /body
/html

web.xml snippet
  login-config
auth-methodFORM/auth-method
realm-nameTest/realm-name
form-login-config
  form-login-page/login.jsp/form-login-page
  form-error-page/error.jsp/form-error-page
/form-login-config
  /login-config



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Running Servlet in Tomcat

2005-09-29 Thread Mark Thomas

Reading the provided documentation is usually a good place to start.

Singh, VilishKumar wrote:

I have done that.
I have not used any package in my servlet.

You must place all your class files in packages.
http://jakarta.apache.org/tomcat/faq/classnotfound.html


Can u describe the steps precisely to run the first servlet in tomcat

http://jakarta.apache.org/tomcat/tomcat-5.5-doc/appdev/index.html

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Webapp deploy on windows

2005-09-29 Thread Mark Thomas

Joakim Ahlén wrote:
I'm not trying to blame anyone for not fixing this issue, (well, maybe 
i'm laying some blame on those who thinks this is _not_ a tomcat 
issue..) however, i am really interested in having this bug fixed, and i 
am prepared to put some effort and time into it myself. To do this, 
though, i need the help of someone who knows more about this problem.


As far as I am aware, the Tomcat code correctly closes all the files 
it opens. However, we are dependent on a number of third party 
libraries that might not be as well behaved. See bug 10026 for an 
example of a typical situation.


If you want to put some effort into this the best thing you could do 
is create the simplest possible test .war file that demonstrates this 
issue so we can take a look at it. If the anti-locking features of TC5 
(which are better than TC4) don't fix it then we can look to see if 
there is anything that can be done to improve things.


However, please remeber that this is fundamentally an OS issue, not a 
Tomcat one, and the fix may well be outside of our control.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Possible Security Bug

2005-09-28 Thread Mark Thomas

John Caron wrote:
I have a _possible_ bug involving security in Tomcat 5.0.28. I dont see 
it in the bug database, although it may be described in a way that I 
didnt search for.


I would prefer to send it privately in case its real. If thats not 
feasible, I will post it here. Or is there a way to put it in the 
database but mark it private?


Can anyone advise?


Security bugs should be sent to [EMAIL PROTECTED] (who will send it 
on to the tomcat team). If you send it to me directly I'll take a look 
now.


One other point, when sending a message on a new topic to the list, 
please don't reply to an old message and change the subject line. 
Thread aware mail clients still recognise your new message as part 
of the old thread. The correct process is to create a new message.


Mark
[EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Virtual hosts and Threads

2005-09-28 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner

Mahesh S Kudva wrote:

Hi All

I have setup virtual hosts for 3 apps with virtual hosts config as 
follows. These virtual hosts are first handled by Apache and mod_jk. My 
apps have scheduler and automated mailing services.


Host name=vhost.domain.com debug=0 appBase=”deploy” 
unpackWARs=true

Aliaswww.vhost.domain.com/Alias
Logger className=org.apache.catalina.logger.FileLogger
directory=${jboss.server.home.dir}/log prefix=vhost_log1. 
suffix=.log timestamp=true/
 Context path= 
docBase=${jboss.server.home.dir}/deploy/application.war debug=0 
reloadable=true/

 /Host

This config is mailing the same mail 7 time. Further I noticed that there 
were 7 service started of the same kind. Querying the developer, he said 
that he had coded the apps to have the mail sent once every week. The 
mails are sent once every week but as said 7 copies of the same mail is 
delivered.


The request for the app results in page not found if I follow the 
following config, even thought there is no error in startup.


Context path=application 
docBase=${jboss.server.home.dir}/deploy/application.war debug=0 
reloadable=true/




Can you guys have any idea on this and help me troubleshoot ???


Regards  Thanks

Mahesh S Kudva


---
Robosoft Technologies - Partners in Product Development


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Vexing Problem with Tomcat connector

2005-09-28 Thread Mark Thomas
When starting a new thread (ie sending a message to the list about a 
new topic) please do not reply to an existing message and change the 
subject line. To many of the list archiving services and mail clients 
used by list subscribers this  makes your new message appear as part 
of the old thread. This makes it harder for other users to find 
relevant information when searching the lists.


This is known as thread hijacking and is behaviour that is frowned 
upon on this list. Frequent offenders will be removed from the list. 
It should also be noted that many list subscribers automatically 
ignore any messages that hijack another thread.


The correct procedure is to create a new message with a new subject. 
This will start a new thread.


Mark
tomcat-user-owner

[EMAIL PROTECTED] wrote:

Hello,

I have a website that I am migrating to a new server.

Server is Redhat ES3 2.4.21-20.0.1.ELsmp.  Server version: Apache/2.0.46

I have jakarta-tomcat-5.5.9 installed and working properly on the new
server.  It is perfectly accessible from the legacy web server.  


On the Website on the new server, access to jsp based pages give a 503
error.

The main page, home.jsp, loads fine in the servlet if no page is given.
http://webserver/PI/  The home.jsp spawns a 503 if is in the URL.
http://webserver/PI/home.jsp   I can successfully get images from the
page from the tomcat instance.  It does not like the .jsp extension.

In the mod_jk log i can see the match made:
[Wed Sep 28 10:29:14 2005] [18841:2816] [debug]
map_uri_to_worker::jk_uri_worker_map.c (461): Attempting to map context
URI '/PI/*'
[Wed Sep 28 10:29:14 2005] [18841:2816] [debug]
map_uri_to_worker::jk_uri_worker_map.c (475): Found a wildchar match
worker3 - /PI/*
  
However, in the apache access log is the 503. 
xxx.89.23.173 - - [28/Sep/2005:10:29:14 -0400] GET /PI/home.jsp

HTTP/1.1 503 412 - Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US;
rv:1.7.12) Gecko/20050915 Firefox/1.0.7
SESSIONID=128F9AD992A16BC3D3EB1ED0AD5549C1

I have watched in Ethereal as no traffic goes from the apache to the
tomcat.
I have tried using the loopback and local network address.
I have tried adding a *.jsp directive to the mod_jk config for the
servlet.

Any help would be appreciated.  I have a dent in my desk from hitting it
with my forehead.

Apache Config:

#INSERT OF TOMCAT CONF PARAMETERS
# Load mod_jk module
# LoadModule jk_module modules/mod_jk.so
LoadModule jk_module /etc/httpd/modules/mod_jk.so

# Declare the module for IfModule directive
#AddModule mod_jk.c

# Where to find workers.properties
JkWorkersFile /etc/httpd/conf/workers.properties

# Where to put jk logs
JkLogFile /var/log/httpd/mod_jk.log

# Set the jk log level [debug/error/info]
JkLogLevel debug

# Select the log format
JkLogStampFormat [%a %b %d %H:%M:%S %Y] 

# JkOptions indicate to send SSL KEY SIZE,
JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories

# JkRequestLogFormat set the request format
JkRequestLogFormat %w %V %T

# Send servlet for context /examples to worker named worker1
JkMount /examples/servlet/* worker1
JkMount /PI/* worker3
#JkMount /PI/*.jsp worker3
# Send JSPs for context /examples to worker named worker1
JkMount /examples/*.jsp worker1
JkMount /journals/*.jsp worker1

Worker Properties
/etc/httpd/conf/workers.properties
# Define some properties
workers.apache_log=/var/log/httpd/ 
workers.tomcat_home=/usr/local/tomcat/jakarta-tomcat-5.5.9 
workers.java_home=/usr/bin/java
ps=/ 

#  
worker.list=worker1 


# Set properties for worker1 (ajp13)
worker.worker1.type=ajp13
worker.worker1.host=172.20.1.19
worker.worker1.port=8009

#
worker.list=worker2

# Set properties for worker2 (ajp13)
worker.worker2.type=ajp13
worker.worker2.host=172.20.1.19
worker.worker2.port=10009

#
worker.list=worker3

# Set properties for worker3 (ajp13)
worker.worker3.type=ajp13
worker.worker3.host=127.0.0.1
worker.worker3.port=8099

#
worker.list=worker4

# Set properties for worker4 (ajp13)
worker.worker4.type=ajp13
worker.worker4.host=172.20.1.19
worker.worker4.port=8099


_

Tim Pickard
CrossRef 
Systems Support Analyst and Administrator

40 Salem Street
Lynnfield, MA 01940
tpickard at crossref dot org
781 295 0072 x27
__




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Protecting applications in Tomcat using Directory Server

2005-09-26 Thread Mark Thomas

Surya Mishra wrote:

Thank You Mark,
My Tomcat server won't even start if the directory server is unreachable.
That means other applications that have not protected are also failing.
Second question: There is no attribute in the Realm definition to give a
name to realm (as per the how-to document.

Realm names are defined in web.xml


How do I configure different
realms for different applications?

You can nest realms inside contexts.

What is the default realm name for the

tomcat-users.xml?

It depends. Test your setup with basic auth and find out.

I want the manager application to run using the default

tomcat-users.xml. Another application is to be protected using JNDI realm. A
third one is public meaning nothing is protected in that application.

Set realms at the context level.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Need to contact mailing list admin regarding delivery issues

2005-09-26 Thread Mark Thomas

As per the welcome e-mail you received when you subscribed:

[EMAIL PROTECTED]

David Delbecq wrote:

Hello,

I need to contact the admin of this mailing list regarding delivery
issues with it.
Please cc: your reply to david.delbecq at myrealbox.com to ensure delivery.


Thanks.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: isapi_redirector and danish chars

2005-09-26 Thread Mark Thomas

Michael Salmon wrote:

Hi everybody

 


I have a problem with Isapi_redirector and danish chars. I have a webapp
downloading files with special Danish chars in the filename. Everything
woks fine when Tomcat is doing the hole show, but when I do the same
thing through IIS and isapi_redirector I get and error.

 


Any help would be appreciated.


Some version numbers would be a start...



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Protecting applications in Tomcat using Directory Server

2005-09-25 Thread Mark Thomas

Surya Mishra wrote:

 I have successfully used JNDI realm to protect my applications on Tomcat.
But if Tomcat is unable to connect to the the directory server, it refuses
access. I want it to use the tomcat-users list as a backup if it fails to
connect to the directory. It seems if the JNDI realm is set up, the
tomcat-users.cml file entries become useless.
Need Help!!!
Thanks
-Surya

You are correct. This type of fall-back from one realm to another is 
not supported. However, JNDI does have an alternateURL attribute which 
is used if connecting to connectionURL fails. It isn't as well 
documented as it should be - something that I'll fix later today - but 
if you search 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html for 
alternateURL you should find the info you need.


More generally, I suspect that making your directory more reliable (or 
replicating to a second directory and using the alternateURL) is going 
to be less effort and less error prone that trying to keep to 
completely different lists of users, passwords and role assignments in 
sync.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: force reload of individual class files

2005-09-24 Thread Mark Thomas

matador wrote:

Leon Rosenberg [EMAIL PROTECTED] wrote in
news:[EMAIL PROTECTED]: 




You don't need to restart the server to get your changes live, you can
force it to reload the whole application, which, in case of tomcat,
your users wouldn't even notice (as long as ALL your beans in session
are serializable).





thanks much. i do understand it better now, is there any other special 
setup to make sure that tomcat persists sessions across restarts? 
(e.g. context.xml pararms)




Nope. For more info read 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/manager.html 
particularly 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/manager.html#Restart%20Persistence


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: CGI difficulty, binmode(STDIN) not working in FileUpload

2005-09-24 Thread Mark Thomas

Ron Cozad wrote:

I have a form input on a html page that does a file upload.  I am only
getting the first 3k of an upload file.  If the file is less than 3k,
the multipart boundaries are structured properly, otherwise, I never get
the end of the file or the ending boundary.

 


I did binmode(STDIN); but still not getting the whole file.

 


Running Tomcat 4.1.31 and IE browser 6.x.

 


Appreciate any suggestions or theories as to why I am not getting the
whole file.


There is a bug in the CGIServlet (32023) that has been fixed in the 
latest version available from SVN.


http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.1.x/catalina/src/share/org/apache/catalina/servlets/CGIServlet.java



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: getRequestURL and forwards

2005-09-23 Thread Mark Thomas

[EMAIL PROTECTED] wrote:

Hi,
We have an application that does the following ( we use struts 1.2.4, 
tomcat 5.0.28, jdk 1.4.2)


a) user requests /x/y/action.do?x=1

b) the action executes then JSP forwards (via ActionForward) to 
/x/y/somefile.jsp


c) the resulting JSP page calls request.getRequestURL(). It returns 
/x/y/action.do  (which is what we expect)




We just upgraded Tomcat to 5.5.9 and to jdk 1.5, (struts still the same) 
now the behavior has changed. 



a) user requests /x/y/action.do?x=1

b) the action executes then JSP forwards (via ActionForward) to 
/x/y/somefile.jsp


c) the resulting JSP page calls request.getRequestURL(). It returns 
/x/y/somefile.jsp (instead of action.do)


Our app is broke because of this, any ideas?



Read section SRV.8.4 of the Servlet specification. 5.0.28 was not 
following the spec. 5.5.9 is.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How show CLIENT-CERT Realm

2005-09-21 Thread Mark Thomas

Antony GUILLOTEAU wrote:

I'm able to show the login window of a basic realm with following code :
   response.setHeader(WWW-Authenticate, BASIC realm=\myName\);
   response.sendError(HttpServletResponse.SC_UNAUTHORIZED);

Now I wish to show the window like CLIENT-CERT : when all realm parameters are 
set in the web.xml that 's work fine. But I want to do the same thing 
programmaticly with response.sendError(HttpServletResponse.SC_UNAUTHORIZED).

I think it is done in the tomcat code ... but where ?

Thanks


It is done in o.a.c.authenticator.AuthenticatorBase and the process is 
basically issue a redirect to SSL. You will need to set the clientAuth 
attribute on the connector to true to require all connections to 
present a client certificate. If you want to validate the clienbt 
certificate, have a look at o.a.c.authenticator.SSLAuthenticator


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Charset configurations for JSP pages

2005-09-20 Thread Mark Thomas

T P wrote:

There are bunch of parameters and finding the right combination does not
seem to be trivial. For example there seems to be the following
parameters, for which it is hard to find extensive documentation:

On jsp page %page%-directive:
contentType
pageEncoding


Read the spec.


On web.xml (tomcat configuration)
javaEncoding


For 99.9% of use cases the default of UTF-8 will be fine.


Java system properties
file.encoding


This is a read-only property and for properly written pages has no effect.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: org.apache.catalina.valves.RemoteHostValve issue

2005-09-20 Thread Mark Thomas

Tony Tomcat wrote:
Actually.. according to the documentation the RemoteHostValve and 
RemoteAddrValve both do the same thing..


They both say...
Concrete implementation of RequestFilterValve that filters based on the 
string representation of the remote client's IP address.


The javadoc is exactly the same except the class name. :-P

The JavaDocs for RemoteHostValve are wrong. It should say ...filters 
based on the remote client's hostname. The JavaDocs for 
RemoteAddrValve are correct.


I don't see anything in the JavaDocs that suggests regular expressions 
should not be used for the allow and deny patterns.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: org.apache.catalina.valves.RemoteHostValve issue

2005-09-20 Thread Mark Thomas

Tony Tomcat wrote:
ok. got off my lazy butt and looked at the code. RemoteHostValve uses 
request.getRequest().getRemoteHost() 

so just the javadoc needs updating for RemoteHostValve.java. I'm sure this 
was just a copy of RemoteAddrValve. ;-)


Looks like it. I have just committed a fix to CVS.

Now i just need to figure out how to configure my tomcat to return values 
for getRemoteHost calls. 


http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html
Look for enableLookups

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: tomcat url connections

2005-09-17 Thread Mark Thomas

Navalpotro Herrero, Luis wrote:

Hello, I have face recently found a tomcat issue that is driving me nuts.
 
I have a Java application that opens a URL connection against tomcat. The

parameteres are URLEncoded to be UTF-8 compatible. One of the values of the
params is xml (which is the one that makes the thing fail).
 
If I use tomcat 4.1.30 or lower version (up to .24 works fine, which are the

one I tested) the code runs fine, but when I change to Tomcat 4.1.31 I find
the code throws a socketException when trying to parse the http headers.
 
I have reading the changes introduced in tomcat 4.1.31 and some are relative

to encoding which makes me think this could be the cause of the problem.
 
Does any one have faced this problem also?
 
 
Thanks for your help,
 
Luis Navalpotro


Create a test case, attach it to a bug report and I'll take a look. 
Can't make any promises on timing though.


The simpler you keep the test case, the greater the chances of me 
looking at it.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Broken links on the Tomcat 5.5 Docs pages

2005-09-17 Thread Mark Thomas

Brian Cook wrote:


The following links relating to realm logging on page 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/realm-howto.html are broken



http://jakarta.apache.org/tomcat/tomcat-5.5-doc/context.html
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/host.html
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/engine.html


Fixed in CVS. Thanks for the report.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[ANN] Tomcat 3 and Tomcat 4 have moved to subversion

2005-09-17 Thread Mark Thomas

The following CVS modules have been migrated to subversion

jakarta-tomcat
jakarta-tomcat-4.0

These modules are now read only in CVS.

The new SVN locations for the head of these repositories are:
http://svn.apache.org/repos/asf/tomcat/container/branches/tc3.3.x/
http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.1.x/

The new SVN locations for key branches are:
http://svn.apache.org/repos/asf/tomcat/container/branches/tc3.2.x/
http://svn.apache.org/repos/asf/tomcat/container/branches/tc4.0.x/

NB Committers wishing to make changes to these modules will need to 
use https as per http://www.apache.org/dev/version-control.html#https-svn


The next and final stage of the SVN migration will be to move tomcat5, 
catalina, jasper and the connectors. A detailed plan for this 
migration will be published on the dev list.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Scripting variable is not generated

2005-09-14 Thread Mark Thomas
Have a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=21390 
and http://issues.apache.org/bugzilla/show_bug.cgi?id=23425


Mark

Wei Zhao wrote:

I am migrating some code from tomcat 4.* to 5.5.
However, I got some compilation error regarding the
scripting variable from taglib.

This is the definition of the scripting variable in
TEI file:

VariableInfo vSystemName = new VariableInfo(
SystemName,
String,
true,
VariableInfo.AT_END
);

This is how this tag is used in the JSP page:

If( some condition )
{
system:getSystemName/
%=SystemName%
}
else
{
system:getSystemName/
%=SystemName%
}

But a got a Java compilation error saying the second
SystemName cannot be resolved.
I looked into the generated java code and it seems
that only one SystemName is declared which is within
the “if� and not visible in the “else�.  If I
remove the “system:getSystemName� inside if,
“SystemName� is now declared inside “else�. 


This works differently from Tomcat 4.* which always
generate the declaration of the “SystemName� in
above case. And I don’t think it’s consistent with
the spec. The variable is defined as “AT_END�
scope and “declare� is set to true. So it should
always be declared or a lot of existing code will be
broken.

Any thoughts? Did I miss anything?

Thanks

Wei





__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Issue with the admin webapp

2005-09-14 Thread Mark Thomas

Sastry Malladi wrote:
I filed a bug for this 
(http://issues.apache.org/bugzilla/show_bug.cgi?id=35835) and it seems
this is fixed in 5.5.10.  But I don't see a 5.5.10 download and wanted 
clarification on whether 5.5.11-alpha
contains the fix as well. I'm going to check it out anyways when I get a 
chance.


Yes it does include the fix. More generally, any x.y.z+1 release 
contains all the fixes in x.y.z


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake

2005-09-14 Thread Mark Thomas

Xia, Hong wrote:

Hi, Mark,

I have the both server and client .cer imported to cacerts but the problem 
persists

commands to generate the server and client key:
Keytool -genkey -alias server -keyalg RSA -keystore serverstore.jks
Keytool -genkey -alias client -keyalg RSA -keystore clientstore.jks

commands to create client certificate
keytool -export -alias client -file clientcert.cer -keystore clientstore.jks

commands to create server certificate
keytool -export -alias server -file servercert.cer -keystore serverstore.jks

commands to import certificates
keytool -import -alias client -file clientcert.cer -keystore serverstore.jks

under $JAVA_HOME/jre/lib/security/
keytool -import -v -trustcacerts -alias server -file servercert.cer -keystore 
cacerts



You are not signing your certificates. Look at keytool -selfcert

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: mod_jk performance

2005-09-14 Thread Mark Thomas

KEREM ERKAN wrote:

Tomcat is harder to configure and -sadly- it has a far worse documentation
than Apache (for now).


I look forward to seeing your documentation patches in Bugzilla ;)

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How to get user name after login

2005-09-14 Thread Mark Thomas

梁炳場 wrote:

After implementation of JDBCRealm,
how to retrieve the username in Servlet after login?


getRemoteUser()


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Storing a request

2005-09-13 Thread Mark Thomas
Take a look at how form authenticator does it. See 
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/FormAuthenticator.java?rev=1.24view=markup

and the SavedRequest class in the same package.

Note that the way this restores the request, particularly the body 
content, is *very* Tomcat specific.


Mark

Ajay Arjandas Daryanani wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi everyone,

this is my first mail to this list, forgive me for any mistake I may make...

I'm developing a authorization filter for Tomcat 5; in some cases, if
the user credentials are invalid, I have to save the original request,
redirect the user to an external authentication engine, handle the
response and then proceed with the original request. The problem is, I
can't find a way to clone the request or create a new one.

Any comments are welcome.

Thanks everyone,

Ajay

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDJqOSUIJoGmiuVrwRAqiHAJ4xBi9L2CwbPUAG2IfuZ04vnw7S1wCg9AJA
Z7/YgABDRBF0JMc0D82DtYs=
=eyYs
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake

2005-09-13 Thread Mark Thomas

Xia, Hong wrote:

Hello,

I am trying to set up Tomcat5 ( as standalone web server ) with https mutal authentication. 
There is the connector config

Connector port=443 maxHttpHeaderSize=8192
   maxThreads=150 minSpareThreads=25 maxSpareThreads=75
   enableLookups=true disableUploadTimeout=true
   acceptCount=100 scheme=https secure=true
   keystoreFile=F:\Apache Software 
Foundation\keystores\serverstore.jks
   keystorePass=changeit
   clientAuth=true  sslProtocol=TLS/

The keys and keystore were created using Keytool

Client certificate client.cer was sent to the client machine which uses IE6 to 
connect the tomcat server. IE6 imported the client certificate into IE6 under 
the Trusted Root Certification Authorites.

When the client IE6 connects to the tomcat web server, the Client Authentication Window appeared without the client certificate. 
Tomcat log gives following error:


*** CertificateRequest
Cert Types: RSA, DSS, 
Cert Authorities:

CN=ppwchongdev.plugpower.com, OU=IS, O=Plug Power, L=Latham, ST=New York, C=US
CN=Client, OU=TRL, O=IBM, L=Yamato-shi, ST=Kanagawa-ken, C=JP
*** ServerHelloDone
http-443-Processor25, WRITE: SSLv3 Handshake, length = 938
http-443-Processor25, received EOFException: error
http-443-Processor25, handling exception: javax.net.ssl.SSLHandshakeException: 
Remote host closed connection during handshake
http-443-Processor25, SEND SSLv3 ALERT:  fatal, description = handshake_failure
http-443-Processor25, WRITE: SSLv3 Alert, length = 2
http-443-Processor25, called closeSocket()
http-443-Processor25, called close()
http-443-Processor25, called closeInternal(true)


Has anyone know why does this error happen? I am suspecting that IE6 has a 
problem with the imported client.cer file but I am not able to pinpoint it.

Your help will be very much appreciated.

Hong


You need to import the client cert as a user cert, not as a trusted 
root certificate.


Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake

2005-09-13 Thread Mark Thomas

Xia, Hong wrote:

Thanks for your help Mark.

When I imported the client cert, I pick the 'Automatically select the 
certificate store ...' option and the certificate appeared under the Trusted 
Root.

I tried to place the certificate under Personal and Other People but the certificate did not appear after the import. 


Then you haven't created the certifcate correctly.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL mutual communication problem with Tomcat5 --- Remote host closed connection during handshake

2005-09-13 Thread Mark Thomas

Hector Adolfo Alonso wrote:

Hi Xia:
   I think you cannot use an self-signed certificate (as keytool 
generates) for mutual authentication.
User certificate's certificate authority signer shoul be the same that 
signs the server certificate. In this case,
the server certificate is self-signed. On the othe hand, who signs the 
client certificate ? It's self signed too ?
In this case, there is a problem, because both of them are self signed 
-- both of them are signed by

different CAs -- there is a handshake failure.
  INHO, Tomcat's cert shoud be signed by a true CA ... then the browser 
should recognize CA's cert.
  I'm sure there is a more technical and deep explanation, but I hope 
this help.


This is simply wrong. There is *no* requirement that the client and 
server certificates must be signed by the same CA for the handshake to 
work.


Possible causes of the problem are:
- CA cert client not in $JAVA_HOME/jre/lib/security/cacerts on server
- client certificate not created with correct usage types
- wrong key algorithm / signing algorithm selected

First, get HTTPS working with a server certificate. Then get it 
working over HTTPS using BASIC auth and then get it working using 
CLIENT-CERT auth.


Mark




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: web.xml, url-pattern

2005-09-12 Thread Mark Thomas

Trond Hersløv wrote:

But, if I try using wildcards, eg. url-pattern/*foxer/url-pattern it doesent 
work anymore.


Correct. Wildcards are not supported for mapping paths. Read the 
servlet spec for more details.



If I try to map the servlet so that it seems like a jsp-page 
url-pattern/foxer.jsp/url-pattern, it doesn't work at all.


Also correct. There is a server-wide mapping for *.jsp (wild cards are 
supported for extension mapping) in $TOMCAT_HOME/conf/web.xml



In the book I also read that I should be able to access the servlet even if 
it's not mapped up in web.xml. http://www.mymachine.no/servlet/foxer Ofcourse 
this does also not work.


This is using the invoker servlet, which is disabled by default.


Who can explain how to use the url-pattern and maybe tell me where I can find 
some documentation on how to configure web.xml


The servlet spec.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: isapi_redirector or isapi_redirector2?

2005-09-12 Thread Mark Thomas

Tracy Spratt wrote:

Again, if I am mistaken, please correct me, but this is what I have
recently come to understand.

The isapi_redirect2.dll is part of the JK2 connector, along with the
corresponding conf files.  JK2 was deprecated in 2004 because of
insufficient interest by both developers and users.  


http://jakarta.apache.org/tomcat/connectors-doc/news/20041100.html

I do not know what is the significance of JK2 will have it's successor
within core Apache2.1/2.2 distribution.


This is refering to mod_proxy_ajp

See http://httpd.apache.org/docs/2.1/mod/mod_proxy_ajp.html


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: set different JRE versions on Tomcat 5.x

2005-09-12 Thread Mark Thomas

Olena Mitovska wrote:

How Tomcat 5.0.28 running on IIS (OS windows XP)  can be configured to use 
different JVM ( JRE versions) for J2EE applications running on the server?
There are a bunch of existing applications that were compiled using 1.4 
version, while our new apps use 1.5. We need to be able to set JRE version for every application. There are some version conflicts that prevent us from setting one common JRE for all apps.

This is the production server so we don't have any other Java software like 
Eclipse installed there. I know that Eclipse allows to choose JRE for every 
deployed application, but we don't have it on production machine.


Sorry, this can't be done. Tomcat and all the apps run within a single 
JVM. You would have to have multiple Tomcat instances.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: web.xml, url-pattern

2005-09-12 Thread Mark Thomas

Trond Hersløv wrote:

Can you please be so kind and explain what the servlet spec. has to do with 
configuring the deployment descriptor.


The servlet specification defines the format of the deployment 
descriptor and this therefore the definitive reference for what is, 
and is not, allowed.



Could you give me a link to the servlet spec?


Would it have killed you to do a Google or to search the Sun/Java
website?

http://java.sun.com/products/servlet/docs.html
http://java.sun.com/products/servlet/reference/api/index.html




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Ant deployment to Tomcat issue - UnknownHostException: C

2005-09-08 Thread Mark Thomas

Usually caused by a URL of the form file://C:...

The fix is to add an extra / to your URL so it looks like:
file:///C:...

Mark

patrick van den Bemt wrote:

Hi there,

* Ant script Deployment from ws1 (with ant1.6.2) onto ws2 (with
tomcat5.0.28) returns build.xml:150: java.net.UnknownHostException:
C.

* Web interface Deployment from ws1 onto ws2 of the same .war file
succeeds (use same http://hostname:8081/manager and username+password)

Build.xml

taskdef name=testdeploy 


classname=org.apache.catalina.ant.DeployTask

classpath refid=tomcat.classpath /

/taskdef 


target name=deploy

depends=dist

description=deploy application to servlet container

testdeploy url=${manager.url}

username=${manager.username}

password=${manager.password}

path=${app.path}

war=file://${build.home}/${app.name}-${app.version}.war/

/target

Build.properties

manager.username = x

manager.password = y

manager.url = http://hostname:8081/managerhttp://hostname:8081/manager
and username+password)

Build.xml

taskdef name=testdeploy 


classname=org.apache.catalina.ant.DeployTask

classpath refid=tomcat.classpath /

/taskdef 


target name=deploy

depends=dist

description=deploy application to servlet container

testdeploy url=${manager.url}

username=${manager.username}

password=${manager.password}

path=${app.path}

war=file://${build.home}/${app.name}-${app.version}.war/

/target

Build.properties

manager.username = x

manager.password = y

manager.url = http://hostname:8081/managerhttp://hostname:8081/manager

If it would have been a network or tomcat related issue it would fail
web deployment as well I guess.

Therefore I assume it is an issue with the ant configuration.

Has anyone some clue on what I might do wrong ? Some help would be
very much appreciated.

Best regards,

Patrick.

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Why does tomcat redirect to welcome files

2005-09-07 Thread Mark Thomas

Jim Kennedy wrote:

Thanks Mark, found some good info.  Another question:

Is is possible to force a forwards for welcome pages with Tomcat.  Is there
an engine setting for that? Or would I be forced to change the Tomcat
source. I notice with other web servers (i.e. IIS) I can specify a default
page which returns HTTP 200 code instead of redirect codes.

Thanks


You'd need to change the source.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: how tomcat not run .EXE as CGI

2005-09-06 Thread Mark Thomas
gjl wrote:
 Thanks very much to read my question.
 I have tomcat5.0 for Win32 installed locally on
  Windows 2k, SP4. I'm trying to run a namazu.cgi.exe (a Full-Text Search
 Engine. that's not Perl scripts ,but a binary file) .
 the file is in Tomcat 5.0\webapps\XXX\WEB-INF\cgi ,and I set the web.xml
 file as followservlet
 servlet-namecgi/servlet-name
 
 servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class
 init-param
   param-nameclientInputTimeout/param-name
   param-value100/param-value
 /init-param
 init-param
   param-namedebug/param-name
   param-value6/param-value
 /init-param
 init-param
   param-namecgiPathPrefix/param-name
   param-valueWEB-INF/cgi/param-value
 /init-param
  load-on-startup5/load-on-startup
 /servlet
 servlet-mapping
 servlet-namecgi/servlet-name
 url-pattern/cgi-bin/*/url-pattern
 /servlet-mapping
 
  However, any reference to one of the .EXE in the
 http://localhost:8080/jsp-examples/cgi-bin/namazu.cgi.exe directory results
 in the browser trying to download the EXE. and I got the message 2005-09-06
 10:07:25 StandardContext[/jsp-examples]cgi: runCGI (stderr):Unrecognized
 character \x90 at \Tomcat
 5.0\webapps\jsp-examples\WEB-INF\cgi\namazu.cgi.exe line 1. in logs.
 how can I set the tomcat to run the .exe?

With 5.0.x:
You can't use the CGI servlet. You would need to write your own
servlet that wraps the .exe using java.lang.Runtime.exec()
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/servlets/CGIServlet.java?view=markup
should provide some pointers on how to wrap exec() (search the source
for exec and remember that most of the CGIServlet is unnecessary for
what you want to do.

With 5.5.x:
You *might* have some luck setting the new executable init parameter.
I would try  or cmd.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: SSL problem

2005-09-05 Thread Mark Thomas

For 5, import the CA cert to $JAVA_HOME/jre/lib/security/cacerts

Do 4 after 5.

If you do it right, you shouldn't see the prompt to trust the CA as it 
is already in your list of trusted certs.


Also, check the server cert you get back is indeed what you expect.

Mark

Peter Betz wrote:

Hi,

I am having a problem here. I am using Jakarta Tomcat V5.5 (part of
jboss-4.0.2) and j2sdk1.4.2_08 on a Redhat Linux server.
I having been trying to register a signed certificate but have thus far
being unsuccessful.
It always comes out as a self-signed certificate. What am I doing wrong?
Details are as follows:

Here is what I have been doing:

~~~
Logged in and performed commands as jboss user because the J2EE and Jakarta
Tomcat environment is run under jboss user.

1. Generate a private key with the following command:
$JAVA_HOME/bin/keytool -genkey -alias tomcat -keyalg RSA -keystore
k-factor88.kdb

2. Generate the Certificate Signing Request (CSR)
$JAVA_HOME/bin/keytool -certreq -alias tomcat -keystore k-factor88.kdb -file
k-factor88.csr

3. Generate the Server Certificate
Submit k-factor88.csr to root certification authority and save returned
certificate into k-factor88.cer

4. Import the Server Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
root -file k-factor88.cer
Note: Keytool confirms that the certificate has been signed by a
certification authority. I choose to trust it.

5. Import the Trust Certificate
$JAVA_HOME/bin/keytool -import -trustcacerts -keystore k-factor88.kdb -alias
jboss -file UTN.cer
Note: UTN.cer is the certification authority certificate and needs to be
imported.

server.xml

~
 Connector port=8443 address=${jboss.bind.address}
   maxThreads=100 strategy=ms maxHttpHeaderSize=8192
   emptySessionPath=true
   scheme=https secure=true clientAuth=false
   keystoreFile=${jboss.home.dir}/bin/certs/k-factor88.kdb
   keystorePass=changeit sslProtocol = TLS /



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Manager error 'FAIL - Invalid context path null was specified'

2005-09-04 Thread Mark Thomas

Andy wrote:

When I request a reload like this -

http://testxtb.example.com/manager/reload?xtb

I get this response-

FAIL - Invalid context path null was specified

However according to this page -

http://jakarta.apache.org/tomcat/tomcat-5.5-doc/manager-howto.html

This is a valid syntax


You need to read this page again and look more closely at the 
examples. For a reload the example is:

http://localhost:8080/manager/reload?path=/examples

so you need

http://localhost:8080/manager/reload?path=/xtb

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: After 1st installation of JDBCRealm?

2005-09-04 Thread Mark Thomas
梁炳場 wrote:
 Thank you Mark,
 
 How about security manager?
 
 Can I use policy file under $CATALINA_HOME/conf/catalina.policy file
 with JDBCRealm?

Yes you can but this is not at all related to application users/roles.
See
http://java.sun.com/j2se/1.4.2/docs/guide/security/smPortGuide.html
for what this does.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Why does tomcat redirect to welcome files

2005-09-04 Thread Mark Thomas

Jim Kennedy wrote:

I have setup Tomcat to use index.html as the only welcome file.  I noticed
that the engine redirects to index.html.  I'm wondering why that is the
case.  I would prefer Status: HTTP/1.1 200 OK 
Not:  Status: HTTP/1.1 302 Moved Temporarily 


spec quote section=SRV.9.10
The container may send the request to the welcome resource with a 
forward, a redirect, or a container specific mechanism that is 
indistinguishable from a direct request.

/spec-quote

There is also the issue of security constraints. See 
http://marc.theaimsgroup.com/?l=tomcat-devm=110980317127394w=2 for a 
discussion.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: After 1st installation of JDBCRealm?

2005-09-04 Thread Mark Thomas
 Can JDBCRealm support a user has more than 1 roles?

Yes.

 Can the SecurityManager support controlling path of Struts such  as
 /fooApp/fooPath.do?
Yes you can but this is not at all related to application users/roles.
See
http://java.sun.com/j2se/1.4.2/docs/guide/security/smPortGuide.html
for what this does.

Again, please read the security manager docs. It has *nothing* to do
with web application user/roles.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Shared object between Tomcat and external program?

2005-09-03 Thread Mark Thomas

Look at JMS. Should do exactly what you want.

Mark

wolverine my wrote:

I'm running Tomcat 5.5.
I want to create a servlet to accept a HTTP request. The servlet
creates an object based on the request parameters and forward the
object (using Queue) to another standalone Java process started from
the command line, a background process.

In this case, the same Queue object should be accessible both in the
servlet and in the standalone Java process:
- the servlet adds object into the Queue and,
- the standalone Java process retrieve the object from the same Queue

How can we do this?

Is there a way the servlet to lookup an Queue object created by the
standalone Java program or vise versa?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat imbedded open source componets ??

2005-09-03 Thread Mark Thomas

Bovy, Stephen J wrote:
 
Our company has a strictly controlled policy for using open source.  We

must get approval
for each and every component on a version by version basis.

Can someone give me a list or point me to a link where the list is
located of 
all imbedded open source sub components that are used by tomcat 5.x 


http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-5/build.properties.default?view=markup

You are probably aware that Tomcat 5 is distributed under the Apache 2 
licence (http://www.apache.org/licenses/). Apache goes to great 
lengths to ensure that the use of any and all sub-components is 
compatible with distribution under this licence. If the Apache 2 
licence is acceptable then you should be fine. Of course if the 
lawyers want more...


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: After 1st installation of JDBCRealm?

2005-09-03 Thread Mark Thomas

梁炳場 wrote:

I just install JDBCRealm of Tomcat 5.5
It works. Very simple to configure.

But I have a few questions to ask.

1. How can users change password?

They can't without you writing some custom code.


And if password is encrypted, how to manage password?
eg, how to create the 1st user name and password?
Again, custom code. If you use digest passwords, you can use the same 
digest mechanism.



2. Can the Struts Action class get the value of request.isUserInRole()?

Yes.


3. Can JDBCRealm support policy like JAASRealm?

No.

4. Roles are defined in web.xml and database's tables. 
Is it double work? If there is a difference of roles in web.xml

and tables for the same username, which prevail?
There is no user to role mapping in web.xml therefore there is no 
question of one prevailing over another.


Database defines mapping between users and roles.
web.xml defines mappign between roles and application resources




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Waste of our bandwidth

2005-09-02 Thread Mark Thomas

Brian Cook wrote:


I do not know if it is an admin but the contact for the Tomcat list is :

[EMAIL PROTECTED]


No, it isn't.
The correct addresses are tomcat-user-owner@ or tomcat-dev-owner@

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[ANN] Servlet and JSP APIs have moved to subversion

2005-09-02 Thread Mark Thomas

The following CVS modules have been migrated to subversion

jakarta-servletapi
jakarta-servletapi-4
jakarta-servletapi-5

These modules are now read only in CVS.

The new SVN locations are:
http://svn.apache.org/repos/asf/tomcat/servletapi/branches/servlet2.2-jsp1.1-tc3.x/
http://svn.apache.org/repos/asf/tomcat/servletapi/branches/servlet2.3-jsp1.2-tc4.x/
http://svn.apache.org/repos/asf/tomcat/servletapi/servlet2.4-jsp2.0-tc5.x/

NB Committers wishing to make changes to these modules will need to 
use https as per http://www.apache.org/dev/version-control.html#https-svn


TC34 will move next (phase 4), followed by TC5, Connectors and 
Jasper2 (phase 5). A more detailed schedule, particularly for phase 5 
since this is the focus of development, will be posted on the 
tomcat-dev list nearer the time.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Archive search is corrupted?

2005-09-01 Thread Mark Thomas

Tracy Spratt wrote:

Like a good newbie, I'm trying to first find my solution in the
Archives.  While I got several very good looking subject hits, when I
click the link to go to the thread, I find that the  message has nothing
to do with the subject.

Are some search sites better than others?  I am using
http://www.junlu.com.  
For example, the search:

isapi and authorization

returns three VERY interesting subjects, but none of them point to the
correct message.

Any pointers?


Try a different archive. There are plenty out there. Google is your friend

Alternatively did you read http://jakarta.apache.org/site/mail.html ? 
It has links to some, but by no means all, archives.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How to remove charset from tomcat response?

2005-08-30 Thread Mark Thomas

Dmitry wrote:

Hello Tomcat,

I am trying to return an XML with content-type text/xml
Without any charset specified in header.

I set [EMAIL PROTECTED] contentType=text/xml% in my jsp, expecting header
Content-Type: text/xml

But despite the page directive given I have header
Content-Type: text/xml;charset=ISO-8859-1

Is it possible to avoid charset=... clause?
Tomcat 5.5.9 on Windows.


If you use JSPs, there will always be a charset as per section JSP.4.2 
of the JSP 2.0 spec.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: sharing directory between web application

2005-08-25 Thread Mark Thomas

Davide Frigerio wrote:

Hi,
 I would you like to know if it is possibile in Tomcat to share the
same directory between two different web application?

Thanks,

Yes, if your OS supports symlinks. See the allowLinking property in 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/context.html


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Passing parameter upon login using j_security_check

2005-08-25 Thread Mark Thomas

Mark Goking wrote:


There was someone who posted 2 yrs ago about a fix for this. But it
involved modifying the source code of SavedRequest.class in the
catalina.jar

Here is the url of that post

http://sourceforge.net/tracker/?group_id=59484atid=491164func=detaila
id=766413

I went to tomcat site but I couldn't find any source code for the files
of catalina.jar

If anyone finds the url, pls post it here, thanks..


http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/
and specifically
http://cvs.apache.org/viewcvs.cgi/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenticator/SavedRequest.java?rev=1.4view=log

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Integrating two applications

2005-08-25 Thread Mark Thomas

[EMAIL PROTECTED] wrote:

Hello:
 
I have two applications that have front-ends developed using the struts 
framework. They both run on weblogic application servers.


Each application has its own controller. They operate in two different 
physical environments. In the MVC paradigm, it's two independent MVCs.


I should be able to bring up pages that are controlled
by one Application from within the other.

They have to share sessions. This is because authenticated users on one 
system should be respected in the other. They share the same security 
infrastructure.


Any ideas are welcome.

Venki


1. Reading your post, you haven't actually asked a question
- but you did say ideas were welcome so here are mine ;)

2. This has what to do with Tomcat?

3. Reading http://jakarta.apache.org/site/mail.html before posting is 
a good idea, particularly the bit about smart questions.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: 10 connection limit with IIS and JK/ISAPI 1.2.14

2005-08-25 Thread Mark Thomas
doc-quote 
src=http://jakarta.apache.org/tomcat/connectors-doc/config/workers.html;
Cachesize defines the number of connections made to the AJP backend 
that are maintained as a connection pool. It will limit the number of 
those connection that each web server child process can made.


Cachesize property is used only for multi threaded web servers such as 
Apache 2.0 (worker), IIS and Netscape. The cachesize property should 
reflect the number of threads per child process. JK will discover the 
number of threads per child process on Apache 2 web server with 
worker-mpm and set its default value to match the ThreadsPerChild 
Apache directive. For IIS the default value is 10. For other web 
servers this value has to be set manually.


Do not use cachesize with values higher then 1 on Apache 2.x prefork 
or Apache 1.3.x!

/doc-quote


Spors, Jeffrey R wrote:

I also ran into this just today (although I don't get entries in my
logs).  I believe I found a solution.  In workers.properties under the
ajp13 Worker Definition I uncommented the worker.ajp13.cachesize line
and set it equal to the desired max cache size.

For example:
worker.ajp13.cachesize=20

I don't really know the details of how jk works so I don't know what
implications setting this value has.  If there are any, please let me
know.  Hope this helps.

Jeff Spors
Winona State University



-Original Message-
From: David [mailto:[EMAIL PROTECTED] 
Sent: Wednesday, August 24, 2005 3:09 PM

To: tomcat-user@jakarta.apache.org
Subject: 10 connection limit with IIS and JK/ISAPI 1.2.14

I'm using Tomcat 5.5.9 on Windows Server 2003, JDK 1.5.0_04, IIS 6.0,
with the JK 1.2.14 isapi_redirector.dll.
 
I've been trying to track down a problem whereby all of the web apps

under our Tomcat instance are seeming to stall. There's no indication of
any problems in the Tomcat logs themselves. I suspect IIS is unable to
forward requests to Tomcat. I either have to recycle the IIS worker
process or restart Tomcat to resolve the problem.
 
Here's what I'm seeing with netstat (port 8008 is my AJP 1.3 port):
 
Z:\netstat -a -n | grep 8008

  TCP0.0.0.0:8008   0.0.0.0:0  LISTENING
  TCP147.92.2.137:2871  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:2915  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:2944  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:2965  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:2969  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:3019  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:3034  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:3039  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:3041  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:3060  147.92.2.137:8008  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:2871  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:2915  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:2944  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:2965  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:2969  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:3019  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:3034  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:3039  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:3041  ESTABLISHED
  TCP147.92.2.137:8008  147.92.2.137:3060  ESTABLISHED
 
Every time the stall has happened, I have noticed that there are always

exactly ten connetions between IIS and Tomcat (they're on the same
server). Everything works fine until we reach this point.
 
In my JK log, I'm seeing things like this:
 
[Wed Aug 24 14:10:57 2005] [error]

ajp_connection_tcp_get_message::jk_ajp_common.c (961): Can't receive the
response message from tomcat, network problems or tomcat is down
(147.92.2.137:8008), err=-54
[Wed Aug 24 14:10:57 2005] [error] ajp_get_reply::jk_ajp_common.c
(1503): Tomcat is down or refused connection. No response has been sent
to the client (yet)
 
 
My workers.properties looks like this:
 
worker.list=ajp13a
 
worker.ajp13a.port=8008

worker.ajp13a.host=www.bvu.edu
worker.ajp13a.type=ajp13
 
cachesize=20

cache_timeout=600
recycle_timeout=300
 
 
And here's the AJP connection defininition from my server.xml:
 
Connector port=8008

   maxThreads=150 minSpareThreads=25
maxSpareThreads=75
   enableLookups=false redirectPort=443 debug=5
connectionTimeout=2
   protocol=AJP/1.3/
 
 
Any idea what might be happening? It sure looks like I'm hitting some

kind of 10 connection limit somewhere, but I can't seem to figure out
where.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








Re: Malformed URL Exception: unknown protocol: c

2005-08-25 Thread Mark Thomas
I assume becuase the url you pass it starts c:\ as that is the start 
of the XML_WORK_PATH. You need to prefix it with file:/// (or however 
many slashes you need to get this to work in windows).


Mark

Franklin Phan wrote:
I use Windows XP Pro. My JAVA_HOME environment variable points to 
c:\j2sdk1.4.2_05.  The CLASSPATH is set to have as the first element 
%JAVA_HOME%\bin.  I've written an XSL Transform servlet that makes use 
of the package javax.xml.transform.  Why do I get the following error:


javax.servlet.ServletException:
javax.xml.transform.TransformerConfigurationException:
javax.xml.transform.TransformerException:
java.net.MalformedURLException: unknown protocol: c

The four lines above actually appear altogether in one line.  And the 
error appears to be due to the following piece of code where I'm trying 
to get the path to a folder on the local drive to access a file:


String XML_WORK_PATH = /WEB-INF/work_xml;
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer =
  tFactory.newTransformer(new 
javax.xml.transform.stream.StreamSource(getServletContext().getRealPath(XML_WORK_PATH) 
+ \\ + xslParam)); //xslParam is an XSL file name



The Malformed URL Exception does not occur on another machine running 
Windows XP Server.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Single copy of Tomcat shared amongst multiple users

2005-08-25 Thread Mark Thomas

Franklin Phan wrote:

In RUNNING.txt, a paragraph says:

In many circumstances, it is desirable to have a single copy of a Tomcat 4
binary distribution shared among multiple users on the same server.  To 
make

this possible, you must configure a CATALINA_BASE environment variable (in
addition to CATALINA_HOME as described above) that points to a directory
that is unique to your instance.

I'm not understanding this.  I've been thinking about having multiple 
installs of Tomcat 4 on the same server.  I'm now wondering whether what 
RUNNING.txt suggests can take the place of having multiple installs.  
But I'm not understanding how just setting a CATALINA_BASE env var can 
achieve this.  I can only set one CATALINA_BASE env var, right?  What if 
there are four ...um...not instances, but...users who each want their 
own Tomcat to work with?  How is it possible to have four CATALINA_BASE 
environment variables?


You need to read the rest of the text below the paragraph you quoted. 
In summary,


There is one CATALINA_HOME which all users use for the the following 
directories:

/bin
/common
/server

Each user sets their own CATALINA_BASE that points to their own copy 
of the following directories:

/conf
/logs
/shared
/webapps
/work
/temp

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Override WAR file security settings.

2005-08-23 Thread Mark Thomas

I can confirm that you can't override these web.xml settings in server.xml

It should be simple enough in Ant to generate two .war files that only 
differ by the web.xml file


Mark

Jim Henderson wrote:

By the lack of response to my question, I take it that it is not possible to
override the following web.xml settings by redefining them in Tomcat’s
server.xml 

security-constraint
login-config
security-role

Any changes to those values must be made after the application has been
deployed by editing the deployed web.xml.  Is that correct?  There is now
way to override then as can be done with Environment values?

Can someone confirm this or have I just missed something in the Tomcat
documentation?

Thanks

-Original Message-
From: Jim Henderson [mailto:[EMAIL PROTECTED]
Sent: Monday, August 22, 2005 3:13 PM
To: tomcat-user@jakarta.apache.org
Subject: Override WAR file security settings.


I am working on a web application that can be used in two ways at the same
time depending on its URL.  The original WAR file has a web.xml that defines
tight security requiring form authentication with id and password.

In Tomcat’s server.xml I have two Contexts with different paths but to the
same docBase.  I can override various Resource and Environment settings
differently for each Context.  However, the war file by default defines
(among many other things):

security-constraint
login-config
security-role

In one of the server.xml context definitions, I want to undefine the above
items (so the application just asks for the user ID).  Is that possible?  Or
is there some other way to neutralize them in the server.xml file?  The
application works as desired if I edit the deployed application’s web.XML
(located in webapps/… directory after Tomcat deploys the war file) and
completely remove the above settings.

The other mode (Context) requires the use of the above items and that works
OK.

Hope the above makes sense or have I abbreviated the description too much?

Thanks,
Jim



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: WebDav on Port 80

2005-08-22 Thread Mark Thomas

George Francis wrote:

Thanks - thats exactly my experience also;  Does anyone here know why
port 80 doesnt work?


See http://issues.apache.org/bugzilla/show_bug.cgi?id=36303

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: #1578;#1605; #1575;#1587;#1578;#1604;#1575;#1605; #1575;#1604;#1585;#1587;#1575;#1604;#1607; DISABLE YOUR AUTO REPLY

2005-08-21 Thread Mark Thomas

Wade Chandler wrote:

Please disable your auto reply or remove yourself from
the list.  I receive an email from your directly every
time I write to the list.  It's part of the rules of
the list not to use auto replies.

Wade


Auto-replying to posts is more than enough of a reason for me to kick 
them off the list. Give me 5 minutes and they'll be gone.


Mark
[EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: refusing low-grade SSL connections

2005-08-20 Thread Mark Thomas
Set the ciphers attribute on the connector. See 
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html


Mark


Paul Singleton wrote:

According to the OWASP Web Application Penetration Checklist
(available from www.owasp.org), a secure application server
should:

 * Ensure that supported SSL versions do not have
   cryptographic weaknesses. Typically, this means
   supporting SSL 3 and TLS 1.0 only.

 * Ensure that the web server does not allow anonymous
   key exchange methods. Typically ADH Anonymous
   Diffie-Hellman.

 * Ensure that weak algorithms are not available.
   Typically, algorithms such as RC2 and DES.

 * Ensure the web site uses an appropriate length key.
   Most web sites should enforce 128 bit encryption.


How can we achieve all this (esp. with Tomcat 5.5)?

Paul Singleton






-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Securing Tomcat Context Descriptor

2005-08-20 Thread Mark Thomas

A couple of observations:

- If someone can read the context descriptor they pretty much own
Tomcat and probably the server as well. If this person is unauthorised,
you have big problems regardless of whether or not they have read-only 
access to the database.


- If the password is encrypted, where do you store the decryption key?
Tomcat still needs to be able to decrypt the password in order to use
it to access the database. At best, this is security by obscurity
which is not very good security at all.

You could write some custom code that required the password to be 
entered on the command line when Tomcat starts but this still has the 
following issues:


- If Tomcat goes down, you need someone who knows the password to 
restart it. If the group of people that know the password is small, 
you have an availability issue.


- Chances are that everyone who administers Tomcat will know this 
password. Given that these people should be the only ones with access 
at the OS level to the Tomcat configuration files there seems little 
point in going to all this trouble.


In my experience securing the configuration files (Tomcat  JVM) using 
OS file permissions is usually the appropriate course of action to 
take unless your security environment is very unusual.


Mark

Brett Parsons wrote:

Hi All,

There is a requirement on the server that we have Tomcat 5.0.28 deployed 
that no username/password information can be stored in plaintext (in the 
open).  Like many people, we are using JNDI datasources in our web 
application.  The datasource connection information (including the 
database username/password) is stored in the Tomcat Context Descriptor 
under TOMCATDIR/conf/Catalina/localhost/myApp.xml.


Does Tomcat provide a more secure way of storing the connection 
information stored in these context deployment descriptors?  Has anyone 
else run into the same problem and been able to solve it somehow?


Thanks,

Brett



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Thread-47 java.lang.NullPointerException

2005-08-18 Thread Mark Thomas
Applets are a client side technology not a server side one. This means 
that applets are executed by browsers, not by Tomcat. As far as Tomcat 
is concerned, an applet is just a file delivered to the browser.


This is a bug in the applet you are using or possibly an error in the 
way you are using it.


Also, if you look at the stack trace, it is all from the 
sun.plugin.util.GrayBoxPanel class which is not a Tomcat class.


Mark

[EMAIL PROTECTED] wrote:

hi ,


I click and browse through some of the features accessing applets in
the application, quite often I get the following  Null Pointer
Exception  in  the java console.
I really do not understand the cause of the problem.I am using
tomcat4.1.



the error is :

Exception in thread Thread-47 java.lang.NullPointerException

at sun.plugin.util.GrayBoxPanel.paint(Unknown Source)

at sun.plugin.util.GrayBoxPanel.setImage(Unknown Source)

at sun.plugin.util.GrayBoxPanel.setCustomImage(Unknown Source)

at sun.plugin.util.GrayBoxPainter.getGrayBoxPanel(Unknown Source)

at sun.plugin.util.GrayBoxPainter.paintGrayBox(Unknown Source)

at sun.plugin.util.GrayBoxPainter.repaintGrayBox(Unknown Source)

at sun.plugin.util.GrayBoxPainter.access$000(Unknown Source)

at sun.plugin.util.GrayBoxPainter$1.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)





Next time when I repeat the same scenario I get the following:

Exception in thread Thread-182 java.lang.NullPointerException

at sun.plugin.util.GrayBoxPanel.paint(Unknown Source)

at sun.plugin.util.GrayBoxPanel.setImage(Unknown Source)

at sun.plugin.util.GrayBoxPanel.setCustomImage(Unknown Source)

at sun.plugin.util.GrayBoxPainter.getGrayBoxPanel(Unknown Source)

at sun.plugin.util.GrayBoxPainter.paintGrayBox(Unknown Source)

at sun.plugin.util.GrayBoxPainter.repaintGrayBox(Unknown Source)

at sun.plugin.util.GrayBoxPainter.access$000(Unknown Source)

at sun.plugin.util.GrayBoxPainter$1.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)





 I do not  really know if it is really a Tomcat issue or not..

 Any help or pointers would be of immense help.

Thanks in advance.


--shashi




Confidentiality Notice


The information contained in this electronic message and any attachments to 
this message are intended
for the exclusive use of the addressee(s) and may contain confidential or 
privileged information. If
you are not the intended recipient, please notify the sender at Wipro or [EMAIL 
PROTECTED] immediately
and destroy all copies of this message and any attachments.




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Http-status 500 error in Tomcat 4.1

2005-08-18 Thread Mark Thomas
Just guessing, but are your servlets in a package? Packageless classes 
do not work. See http://jakarta.apache.org/tomcat/faq/classnotfound.html


Mark

subi wrote:

Hello All,

I am using Tomcat 4.1. I just started working in it,
 
so this asking may be childish, if so, pls don't

mistake me.

Here is my webapp structure:

1. C:\Program Files\Apache Group\Tomcat 4.1\webapps\testapp\classes 
   -here i have my servlet classes

2. C:\Program Files\Apache Group\Tomcat 4.1\webapps\testapp\jsp
-here i have a sample.htmfile
3. C:\Program Files\Apache Group\Tomcat 4.1\webapps\testapp\WEB-INF 
   -here is the web.xml resides


my web.xml entry is like this:

!DOCTYPE web-app PUBLIC -//Sun Microsystems,
Inc.//DTD Web Application 2.3//EN
http://java.sun.com/dtd/web-app_2_3.dtd;
web-app
servlet
  servlet-nameTestServlet/servlet-name
  servlet-classTestServlet/servlet-class
/servlet
  
	servlet-mapping

  servlet-nameTestServlet/servlet-name
 
url-pattern/TestServlet/url-pattern

/servlet-mapping
/web-app

--
the sample.htm has the following entries:

!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01
Transitional//EN
html
head
titleUntitled Document/title
meta http-equiv=Content-Type content=text/html;
charset=iso-8859-1
/head

body
pfont color=#99Hello, Welcome!/font /p
form
action=http:\\localhost:8080\testapp\TestServlet method=post
name=form1 target=_self
  input type=submit name=Submit value=Click Me
/form
pnbsp; /p
/body
/html

---

Here is what I done:
1. I started the Tomcat server
2. opened the IE browser and http://localhost:8080/testapp/jsp/sample.htm;
3. clicked the button which gives the error HTTP Status 500 -
TestServlet is not found

Please tell me what is the problem?







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: org.apache.catalina.valves.RemoteHostValve issue

2005-08-17 Thread Mark Thomas

Tony Tomcat wrote:

Does the RemoteHostValve work?   There are no examples in the Tomcat 5
docs and the tomcat 4 docs have the following..

 Valve className=org.apache.catalina.valves.RemoteHostValve
 allow=*.mycompany.com,www.yourcompany.com/


The docs have been updated for 4 and 5 not to use this example.

The problem is that . is a special character in a regular expression 
and needs to be escaped if you want to match a single . character in 
your input.


The regexp docs are the place to read up on this.

The following should work but I haven't tried it.

  Valve className=org.apache.catalina.valves.RemoteHostValve
  allow=.*mycompany\.com,www\.yourcompany\.com/

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: What to do if you receive a 554 delivery error when posting

2005-08-17 Thread Mark Thomas

All,

I believe I have tracked down and fixed the root cause of this issue.

If anyone is still receiving these messages or starts to receive them 
in the future please forward them as per below.


Mark

Mark Thomas wrote:
If you receive a 554 delivery failure message please forward the message 
*and the headers* to [EMAIL PROTECTED] or 
[EMAIL PROTECTED]


The headers are particularly important. 
http://www1.physics.ox.ac.uk/help/spam.html contains information on how 
to make sure the mail you send me includes the headers. Although this 
page refers to spam messages I should stress that I do not believe the 
554 messages are spam.



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Enabling CGI/Perl in Tomcat 5.5.9

2005-08-17 Thread Mark Thomas

I haven't tested any of this, I am working entirely from memory and
the documentation.

I think you have a security problem.

As your system is configured a request for
http://foo.bar.com/3gflex/3gcgi/somedir/myscript.cgi
will look for the script at
/usr/prod/3gflex/somedir/myscript.cgi
but a request for
http://foo.bar.com/3gflex/somedir/myscript.cgi
will return the content of your script.

You have two options.
1. Move all your cgi scripts under the WEB-INF directory.
2. Use extension mapping (which is now supported) rather than path
mapping.

The easiest fix will depend on how your application is structured.
Extension mapping will look something like:
 servlet-mapping
 servlet-namecgi/servlet-name
 url-pattern*.cgi/url-pattern
 /servlet-mapping

Mark

A Madhusudan-A5324C wrote:

Hi,

I am facing some problems with enabling CGI in Tomcat 5.5.9.

I followed the instructions given in the Manual, and renamed the
servlets-cgi.renametojar under jakarta-tomcat-5.5.9\server\lib\ to
servlets-cgi.jar.

Further I modified the web.xml files to uncomment the CGI enabling part.
Here they are

servlet
servlet-namecgi/servlet-name
 
servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class

init-param
  param-namedebug/param-name
  param-value6/param-value
/init-param
init-param
  param-nameexecutable/param-name
  param-value/usr/local/bin/perl/param-value
/init-param
init-param
  param-namecgiPathPrefix/param-name
  param-value//param-value
/init-param
 load-on-startup5/load-on-startup
/servlet

servlet-mapping
servlet-namecgi/servlet-name
url-pattern/3gcgi/*/url-pattern
/servlet-mapping

My context.xml file points to a directory outside the tomcat dir structure.
It is

Context path=/3gflex docBase=/usr/prod/3gflex allowLinking=true
debug=0

!-- Default set of monitored resources --
WatchedResourceWEB-INF/web.xml/WatchedResource

!-- Uncomment this to disable session persistence across Tomcat
restarts --
!--
Manager pathname= /
--
Resources className=org.apache.naming.resources.FileDirContext
allowLinking=true /
/Context

The problem I am facing is that whatever perl scripts I have stored under
/usr/prob/3gflex/, does not execute. But any perl script under any directory
under /usr/prob/3gflex/ executes perfectly. The same if copied one level
above fails. The error thrown is given below..

java.lang.StringIndexOutOfBoundsException: String index out of range: -2
java.lang.String.substring(String.java:1480)
java.lang.String.substring(String.java:1447)

org.apache.catalina.servlets.CGIServlet$CGIEnvironment.findCGI(CGIServlet.ja
va:942)

org.apache.catalina.servlets.CGIServlet$CGIEnvironment.setCGIEnvironment(CGI
Servlet.java:1009)

org.apache.catalina.servlets.CGIServlet$CGIEnvironment.init(CGIServlet.jav
a:787)
org.apache.catalina.servlets.CGIServlet.doGet(CGIServlet.java:591)
javax.servlet.http.HttpServlet.service(HttpServlet.java:689)
javax.servlet.http.HttpServlet.service(HttpServlet.java:802)


Can anyone please hep me on this one..

Thanks
Madhusudan

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]








-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: serving japanese file problem

2005-08-16 Thread Mark Thomas
You need to change your connector element(s) in server.xml

Mark

Arun Prasad R wrote:
 thanks Mark,Hiroshi
 
 but how do i specify this in tomcat configuration. in which config file i 
 need to change. what are the changes to be done to achive this.
 pls help. im newbie
 
 arun
 
 On 8/12/05, Mark Thomas [EMAIL PROTECTED] wrote:
 
Arun Prasad R wrote:

i have a ウェブ.jpg (japanese filename) in images directory.
while requesting that file url encode to %E3%82%A6%E3%82%A7%E3%83%96.jpg

but tomcat doesn't serve ウェブ.jpg instead it says file not found.

my question is how to make tomcat to decode
%E3%82%A6%E3%82%A7%E3%83%96.jpg as ウェブ.jpg


You should set the URIEncoding paramter of the connector to UTF-8.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


 
 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



[ANN] Watchdog has moved to Subversion

2005-08-14 Thread Mark Thomas
As those of you subscribed to the dev list may have already noticed, 
the following CVS modules have been migrated to Subversion.


jakarta-watchdog
jakarta-watchdog-4.0

These modules are now read only in CVS.

The new SVN locations are:
http://svn.apache.org/repos/asf/tomcat/watchdog/branches/tc3.3.x/
http://svn.apache.org/repos/asf/tomcat/watchdog/branches/tc4.1.x/

NB Committers wishing to make changes to these modules will need to 
use https as per http://www.apache.org/dev/version-control.html#https-svn


I'll update the Tomcat web-site shortly.

Apache plans to turn off CVS on 31/12/2005. Therefore, the current 
plan is that the remainder of the Tomcat modules will be moving to SVN 
some time between now and the end of the year. Regular updates will be 
posted to the dev list and announcements made on both lists as each 
migration goes live.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Tomcat and the HttpServletRequest Object

2005-08-13 Thread Mark Thomas

Jeff Grangier wrote:

Would anyone in the Project Management Committee, Advisory board, or the
committer group acknowledge that this bug is understood and will be
considered in the next releases of Tomcat?


The issue is understood.

This is not a bug, since there is no spec violation. Given the 
strength of your feelings, you should lobby the spec team for the 
change. That way, all servlet containers will implement this feature.


I don't see any committer wanting to scratch this particular itch. You 
could implement it yourself and submit it as an enhancement request 
but, like any patch, one of the committers would need to apply it and 
any committer concerns leading to a binding -1 would also need to be 
addressed.


I can't speak for the rest if the committers but at best I am going to 
be -0 on this and depending on the patch might be -1. It is obviously 
difficult to comment on a patch that doesn't yet exist but my key 
concerns at this point are:

1. It would encourage the development of non-portable applications
2. It adds unnecessary (not required by the spec) bloat
3. Making it configurable adds yet more code/complexity (but does 
address my first concern as long as the default is the current behaviour)


For the record, and given previous comments on this thread, 
performance is a concern but it is quite a long way down my list.


Again, speaking purely personally, I don't see this as something that 
needs to be addressed in any future release. If the spec mandates this 
change then I'll be first in line to implement it. Until that time 
there are enough things that need doing to keep me and the other 
committers busy at the moment.


Other committers may well have differing views but that is my $0.02

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Does Tomcat 5 support mod_JK?

2005-08-12 Thread Mark Thomas

Try reading:
http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/ajp.html for 
the Tomcat end and 
http://jakarta.apache.org/tomcat/connectors-doc/config/apache.html for 
the Apache httpd end.


Mark

g1 Sunkersett wrote:

Hi,

I am trying load balancing with Tomcat 5, fornted with Apache's mod_jk 
connector.


It is always the local one that serves my request. Cannot get my remote 
Tomcat to serve any.

http://localhost/jkstatus also gives a error page
Have workers.properties and all configured but ...

Doing a search on google found Tomcat + mod_JK documentation take me to

Tomcat 4.0.1 docs 
(http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/jk.html)
Tomcat 5 docs has almost nothing on mod_JK (The page 
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/jk.html is NON 
existant)


Am I trying in vain.
DOES TOMCAT 5.x.xx support mod_JK or vice versa.

I am using Tomcat 5.0.28 and mod_JK binary - mod_jk-1.2.14-apache-2.0.54.so
OS: Windows XP

any clues will be appreciated.

thx
g1

_
Is your PC infected? Get a FREE online computer virus scan from McAfee® 
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: ssl/tls - INTEGRAL/CONFIDENTIAL - question

2005-08-12 Thread Mark Thomas

[EMAIL PROTECTED] wrote:

Hello,

I'm having some trouble configuring secure connections. I have 2 webapps that I
deployed myself. One in /dspace and another one in /odin. I have set the
transport-guarantuee for both to INTEGRAL. I did this in their own
web.xml-files. In both cases I used / as url-pattern.
I have set the transport-guarantuee for /manager to CONFIDENTIAL.

I have set ciphers to (shortened) NULL_SHA and two others with encryption and
authentication.

When I browse the /dspace- and /odin-pages I het authentication and encryption,
while I only would like to have authentication.

Can anyone tell me/help me why I also get encryption in these cases?


As far as I recall, the JSSE implementation has an order of preference 
for the ciphers and NULL_SHA is very likely to be below the others.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: serving japanese file problem

2005-08-12 Thread Mark Thomas
Arun Prasad R wrote:
 i have a ウェブ.jpg (japanese filename) in images directory.
 while requesting that file url encode to %E3%82%A6%E3%82%A7%E3%83%96.jpg
 
 but tomcat doesn't serve ウェブ.jpg instead it says file not found.
 
 my question is how to make tomcat to decode
 %E3%82%A6%E3%82%A7%E3%83%96.jpg as ウェブ.jpg


You should set the URIEncoding paramter of the connector to UTF-8.

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Test Post

2005-08-11 Thread Mark Thomas

Dave Morrow wrote:

I am receiving some NDR's when sending to this list.


This shouldn't happen. Please forward the NDR including all the 
headers to [EMAIL PROTECTED] ir directly to 
[EMAIL PROTECTED] and I will investigate futher.


Thanks,

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: sessions dropping with mod_ssl, mod_jk, mod_rewrite rules

2005-08-10 Thread Mark Thomas

Seale, Deryl wrote:

Thanks for the information, Jon. I finally realized this when I examined the 
two different cookies Tomcat was setting: the first was marked secure, and the 
second was not.

I followed the threads you provided, and one of the respondents hinted that 
this behavior may change. Does Tomcat 5.5.x still enforce this rule?


This rule is still enforced and I am aware of no plans to change it.

Mark



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



What to do if you receive a 554 delivery error when posting

2005-08-06 Thread Mark Thomas

All,

Reports of 554 delivery errors have continued. My investigations are 
progressing but I need more information to track down the root cause. 
If you receive a 554 delivery failure message please forward the 
message *and the headers* to [EMAIL PROTECTED] or 
[EMAIL PROTECTED]


The headers are particularly important. 
http://www1.physics.ox.ac.uk/help/spam.html contains information on 
how to make sure the mail you send me includes the headers. Although 
this page refers to spam messages I should stress that I do not 
believe the 554 messages are spam.


Regards,

Mark
(one of) [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Having problem posting to the group

2005-08-01 Thread Mark Thomas

See: http://marc.theaimsgroup.com/?l=tomcat-userm=111895333829546w=2

There has been no progress since my original message.

Mark
[EMAIL PROTECTED]

Ikonne, Ike wrote:

Hi all,

Could anyone explain to me why I can't post to
[EMAIL PROTECTED]

I get the following error message when I make a post to the group:


Unable to deliver message to the following address(es)
tomcat-user@jakarta.apache.org.
Remote host said: 554 delivery error: This user doesn't have an ac


I know that I subscribe to the group and I do receive postings from the 
members of the group.


Thanks,

Ike


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: W3C log format in Tomcat 4?

2005-08-01 Thread Mark Thomas

Jason,

See http://jakarta.apache.org/tomcat/tomcat-4.1-doc/config/valve.html

You want the AccessLogValve

Mark

Jason wrote:

I'm new to Tomcat 4 and am trying to figure out how to
configure my logs so that Deepmetrix's LiveStats 7 can
import them. Does Tomcat 4 support logging to the W3C
Extended logging format? If so, could you provide me
with a link to a resource that tells how to configure
this?

Thanks,

Jason

__
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: accessing global Environment values?

2005-07-28 Thread Mark Thomas

Seth Ladd wrote:
I am not able to lookup the default simpleValue environment variable 
form JNDI with a simple JSP file.  Is there anything else I have to do 
to move an Environment variable, from GlobalNamingResources, into the 
scope of a webapp?


Any advice on how to expose GlobalNamingResources's Environment 
variables into webapps?


You could start by reading the documentation for JNDI resources.

http://jakarta.apache.org/tomcat/tomcat-5.5-doc/jndi-resources-howto.html

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: How to configure tomcat default character encoding ?

2005-07-27 Thread Mark Thomas

http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/http.html

You should read the documentation for the URIEncoding and 
useBodyEncodingForURI options.


Mark

Dongsheng Song wrote:

I user Tomcat 5.0.28, the browser send server UTF-8 query string like:

QueryString: id=12code=13name=%E5%90%8D%E7%A7%B0

How to configure tomcat default character encoding to UTF-8 ?

Dongsheng Song

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: how to contribute to Admin ApplicationResources_ko.properties, Korean version

2005-07-25 Thread Mark Thomas

Kenu Heo wrote:

Korean translation of ApplicationResources.properties is finished.



I wish it would be a helpful resource.
untar attatch file in $CATALINA_HOME


Many thanks. Many atatchment types are blocked on the list. Please 
create a bugzilla item and add your properties file to that.


Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: how to get the original requestURI after jsp:forward()

2005-07-24 Thread Mark Thomas

You need to read SRV.8.4 of the servlet specification.

Mark

Marten Lehmann wrote:

Hello,

I have a forward to a jsp-file. This jsp-file needs to know which URI 
was requested in the initial request. Currently, I can only see the 
requestURI of the forwarded jsp-file. Any ideas?


Regards
Marten

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]







-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



Re: Request parameter data not being recognised as UTF-8

2005-07-21 Thread Mark Thomas

Tim Koop wrote:
I have a web page form that is expecting UTF-8 data, but when my code 
gets the data, the getParameter() methods don't return the right thing.  

snip

In server.xml, I have added these lines to each Connector:
 URIEncoding=UTF-8  useBodyEncodingForURI=false
 (I have also tried useBodyEncodingForURI=true)

Leave this as false.
I have added this text to JAVA_OPTS (in my rc.d init script) and have 
confirmed that these are indeed Java system properties

-Djavax.servlet.request.encoding=UTF-8 -Dfile.encoding=UTF-8
I am not sure if the first one of these will do anything and I am 
certain the second will not - it is a read only property on most JVMs.


I have tried calling request.setCharacterEncoding(UTF-8) in my code.  
I've even made it the first line of the jsp page.  No luck.

This is good.


I even have the environment variable LANG set to en_GB.UTF-8

Not necessary.



I have %@ page contentType=text/html; charset=UTF-8  
pageEncoding=UTF-8 % in my jsp page.

Good.

I have meta http-equiv=Content-Type content=text/html; 
charset=utf-8 in my jsp page.

Not necessary.

Should this actually work and I'm just doing something wrong?

Yes it should (and does for me) work.


Is there anything else I can try?


1. Try accessing Tomcat directly to see if mod_jk is causing problems.
2. Try 4.1.31 - it has a bunch of bug fixes that might (I haven't 
checked the release note for details) help
3. Try the following simple test JSP and once this works, see how your 
app is different.


%@ page contentType=text/html; charset=UTF-8 %
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN
html
  head
titleEncoding fun/title
  /head
  body
pData posted to this form was:
%
  request.setCharacterEncoding(UTF-8);
  out.print(request.getParameter(mydata));
%

/p
form method=post action=index.jsp
  enctype=application/x-www-form-urlencoded
  input type=text name=mydata
  input type=submit value=Submit /
  input type=reset value=Reset /
/form
  /body
/html

Mark


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



  1   2   3   4   5   >