Bad ArrayOutOfBoundsException in BodyContentImpl.write()
Dear All, I am using the milestone build Tomcat 3.33 M2 on Windows 2000 through IIS. At the moment certain pages are throwing a very strange ArrayIndexOutOfBoundsException (see stack trace below). The pages use valid index.jsp (and succussfully run on Tomcat 3.2.1). The error occurs within text output that: a) contains lines indented with spaces instead of tabs b) %= % directives that have surrounding white space If I elimimate the above the exceptions are resolved. However, the errors also occur within text that is within a a taglib tag (specifically, a JDBC taglib resulSet tag) and with a Java while loop. Please, please advise what is going wrong here as this is causing consitent problems on an urgent project I am working on, yours... Root cause: java.lang.ArrayIndexOutOfBoundsException at java.lang.System.arraycopy(Native Method) at java.lang.String.getChars(String.java:553) at org.apache.jasper.runtime.BodyContentImpl.write(BodyContentImpl.java:182) at org.apache.jasper.runtime.BodyContentImpl.write(BodyContentImpl.java:192) at employee._0002femployee_0002findex_0002ejspindex_jsp_40._jspService(_0002fem ployee_0002findex_0002ejspindex_jsp_40.java:746) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119) at javax.servlet.http.HttpServlet.service(HttpServlet.java) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.ja va:179) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:320) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:393) at javax.servlet.http.HttpServlet.service(HttpServlet.java) at org.apache.tomcat.facade.ServletHandler.doService(ServletHandler.java:500) at org.apache.tomcat.core.Handler.service(Handler.java:223) at org.apache.tomcat.facade.ServletHandler.service(ServletHandler.java:448) at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:78 8) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:701) at org.apache.tomcat.modules.server.Ajp12Interceptor.processConnection(Ajp12Int erceptor.java:191) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:424) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:497) at java.lang.Thread.run(Thread.java:484) -- Ricardo Gladwell UBQT Media PLC, Windsor Mobile: (07779) 841 444
Basic HTTP Authorization and JDBCRealm
Dear All, I'm using JDBCRealm on Tomcat through IIS 5.0 on Windows 2000 to authenticate users for my companies Intranet. I managed to configure my server to authenticate user via HTTP basic authorization. However, when I attempt to log into my web application I receive the following errors in my jvm.stderr.log file: 2001-04-12 12:54:33 - ContextManager: JDBCRealm: JDBCRealm.authenticate: SELECT Password FROM People WHERE UserName = ? 2001-04-12 12:54:34 - ContextManager: JDBCRealm: Authentication unsuccessful for user null With a bit a research it would appear that the JDBCRealm interceptor is not reading the HTTP Authorization header properly. The authenticate( String, Hashtable ) method is being passed a null value for the username, or the authenticate( Request, Response ) is not receiving the headers. Perhaps IIS or the ISAPI redirector are stripping this header when it passes the request onto Tomcat? If anyone could tell me what I'm doing wrong or where the problem is likely to lie, I would be most grateful as this conundrum is eating up days of my time. Here is the configuration for my server.xml file (the SimpleRealm interceptor is commented out): RequestInterceptor className="org.apache.tomcat.request.JDBCRealm" debug="99" driverName="sun.jdbc.odbc.JdbcOdbcDriver" connectionURL="jdbc:odbc:Intranet" connectionName="user" connectionPassword="pass" userTable="People" userNameCol="UserName" userCredCol="Password" userRoleTable="Roles" roleNameCol="RoleName" / Here is the configuration from the web.xml for my web application: security-constraint web-resource-collection web-resource-nameIntranet/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameIntranetUser/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameUBQT Media Intranet/realm-name /login-config TIA... -- Ricardo Gladwell UBQT Media PLC, Windsor Mobile: (07779) 841 444
RE: JDBCRealms
To secure you web application you need to add the following sequence to the web.xml file for the web application you want to secure, amended for your own needs: security-constraint web-resource-collection web-resource-nameIntranet/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameIntranetUser/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method realm-nameUBQT Media Intranet/realm-name /login-config The web-resource-collection details the areas and access points of your application you wish to secure. The web-resource-name *appears* to be just an identifier for the particular web-resource, but with documentation for this feature being very thin on the ground it's dificult to say for sure. The url-pattern tag allows you to specify wildcard filters to determine which files are to be secured. For example, url-pattern/*.jsp/url-pattern will only ask for authentication for your JSP files. You may also add http-method tags to limit authentication to specific HTTP methods, such as GET or POST. By default all HTTP methods will be authenticated. The auth-constraint specifies the authentication constraints on users. For example, the role-name tags allows you to specify that only users that members of certain roles have access. Finally, the login-config group allows you specify the authentication method (which must be either BASIC or FORM). The realm-name tag allows you specify the domain/realm name that will appear in the password dialog for the client. Hope that was helpful, yours... -- Ricardo Gladwell UBQT Media PLC, Windsor Mobile: (07779) 841 444 -Original Message- From: Leon Palermo [mailto:[EMAIL PROTECTED]] Sent: 12 April 2001 15:00 To: [EMAIL PROTECTED] Subject: JDBCRealms Hello, I have set up my database tables and the appropriate RequestInterceptor in my server.xml file. Can someone show me an example of what should be in the web.xml file (including roles) to utilize the JDBCRealm? Thanks in advance! Leon Palermo
RE: ISAPI filter question
The ISAPI filter is not responsible for starting Tomcat: it merely handles redirecting requests from IIS to Tomcat. You can configure your machine to start Tomcat automatically: http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/NT-Service-howto.htm l And you can even configure Tomcat to start in the same service as your web server: http://jakarta.apache.org/tomcat/jakarta-tomcat/src/doc/in-process-howto.htm l Most of this documentation should be in the Tomcat standard download. Yours... -- Ricardo Gladwell UBQT Media PLC Mobile: (07779) 841 444 -Original Message- From: Borislav Iordanov [mailto:[EMAIL PROTECTED]] Sent: 05 April 2001 02:49 To: Tomcat User List Subject: ISAPI filter question Hi, I've used tomcat for a while, starting it from the command line. Now, I've configured the ISAPI filter for IIS 5.0 under Windoz 2000 Professional and it works fine also. Except, I'm wondering why do I have to start tomcat from the shell as usual? Why doesn't the ISAPI filter start it? What are all those configuration variables (classpaths, tomcat home directory) in 'workers.properties' used for, if the filter seems to be communicating with tomcat through TCP/IP (on the port 8007 set for the worker)? Maybe I'm missing some configuration variable that'll make the filter start tomcat automatically... Thanks, Borislav
Workaround for ISAPI Index Loading Problem
Dear All, About a couple of days ago I posted a query regarding Gal Shachor's ISAPI filter for Tomcat. After fruitless searching I discovered a solution (read hack) to the problem quite by accident. The problem is thus: configuring IIS server to forward any requests from its root for servlets or JSP files to Tomcat is simple. Just add a context in server.xml whose docBase points to the web root of IIS and add the following line to uriworker.properties: /*.jsp=ajp12 IIS will continue to serve other pages (.html or .asp for example) itself but will use Tomcat to handle JSP (and servlets if you wish). The problems begins when you want IIS to use JSP "default documents" (index pages to you and I) such as index.jsp. The ISAPI filter doesn't know to check IIS for an index page when it encounters a directory URI unless it is explicitly instructed to. If you specify an index.jsp page in the 'Default Document' dialog in the IIS set-up utility you just get the raw, un-compiled JSP page passed to the client. It is simpler to remove any reference to index.jsp from IIS and try one of two solutions to the problem: a) Add an index.html of Default.htm document in same directory as your index.jsp page that contains a redirection command. This is ugly because the client will see a flicker as the pages switch. b) My solution is, for each directory that has an index.jsp page add a reference to in the uriworker.properties file. For example, if you have an index.jsp page in the /intranet/ directory of your site you need to add: /intranet/=ajp12 to uriworker.properties. This is better than a) because the client doesn't ever see the misdirection, although every time you add an index.jsp to your site you have to alter the uriworker.properties file and restart IIS! Let me know if this was of use to anyone or if anyone has a better workaround. Yours... -- Ricardo Gladwell UBQT Media PLC Mobile: (07779) 841 444
