RE: Help with manager app
Shane, In this application, Tomcat is the sole server running on the machine. I have Apache running on another machine to serve basic web pages, but the two are not connected at all. The Apache/web/server listens on port 80, while the Tomcat/servlet/server listens on 443 (https). That separation keeps things clean and simple. I went this route about 2 years ago after load testing showed the Apache server was using significant CPU cycles (when both were on the same machine). So, whether for good or bad, Tomcat is solely responsible for it's fate. Cheers, -Richard I am by no means a network configuration specialist, so take what I say with a grain of salt :) You havn't mentioned how Tomcat is accessed from the internet, such as do you have a Apache or IIS, server acting as a proxy/redirector to tomcat, or whether tomcat itself is internet facing. If you have a separate web server infront of tomcat, then the web server only needs to be configured with the URI's to pass through to tomcat for your web application AND NOT specify those URIs for the manager app. That way you can access the manager app from the internal network by directly going to tomcat, but the external internet users will never be able to access it, because no path exists to it for them. If however you tomcat is internet facing (not an option I would recommend) then I wouldn't know how you should properly deal with that. At least have a good password :) Regards, Shane -Orig - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with manager app
Doug, I checked both the admin web.xml and the manager web.xml, and I do have a valve in them, restricting access to localhost plus the internal web. It is entirely possible that I am mistaken - what I thought was external access was in fact a router being intelligent. I will have to test more to see if there is a real external connection. Thanks, -Richard Richard, Use a remote address valve. http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/valve.html Set it up for allow and the IP ranges you want to get in. Doug www.parsonstechnical.com - Original Message - From: Richard S. Huntrods [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 04, 2004 1:41 AM Subject: Help with manager app I have a rather urgent problem. I have been using tomcat for several years now, and normally weather the upgrades with some few problems, but nothing serious - until now. My problem - in the old Tomcat, I used the manager application to monitor the number of users accessing the system. In the old version, I had it set up so that external requests could NOT see the manager, ever. Now, under the new Tomcat, the manager app has changed. Today I also noticed that it is also available to the internet. How do I restrict access to the manager application to the local network - i.e. how do I turn off internet access to the manager app? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Help with manager app
I have a rather urgent problem. I have been using tomcat for several years now, and normally weather the upgrades with some few problems, but nothing serious - until now. My problem - in the old Tomcat, I used the manager application to monitor the number of users accessing the system. In the old version, I had it set up so that external requests could NOT see the manager, ever. Now, under the new Tomcat, the manager app has changed. Today I also noticed that it is also available to the internet. How do I restrict access to the manager application to the local network - i.e. how do I turn off internet access to the manager app? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Directory question for the masters...
Yoav, Hi, See the allowLinking attribute: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html. Yoav Shapira Millennium Research Informatics Thank you very much. That's just what I was looking for. That's the problem when you only need to do something once, much after the fact. (that is, I've been running this app on Tomcat for over 2 years now and never needed this when I read all the docs for the initial install). Cheers, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Directory question for the masters...
I need to access a specific directory from within tomcat, but I'm having a specific problem and require some advice. I have a link to a file in the servlet, something like https://myserver.com/special-directory/file.zip; If I create the directory as follows: /export/home/tomcat/webapps/ROOT/special-directory/ and put file.zip in that directory, it all works perfectly. HOWEVER, if instead of creating the actual directory, I create a symbolic link to a different directory (i.e. in ROOT I type ln -s /export/home/myfiles/directory special-directory, the linked directory appears, and (in unix) I can see/access the files. BUT - tomcat no longer finds the files, even though the linked directory has the required name and files. Is there some way to make tomcat see a linked directory? The problem is that the servlets are writing a data file for offline use in one directory, and then I was hoping to symbolically link that directory under ROOT so the user could access it. Worst case, I guess I could write to ROOT/special-directory, but I didn't really want the user files stored there - just a link. Since these files are created on the fly, a hard link won't work. Thanks very much in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Upgrading Java Version
David Evans [EMAIL PROTECTED] wrote: Hello all, I looked through the list archives and the jakarta docs, but didn't find any info. What changes, if any, do i have to make to my tomcat configuration if i want to upgrade my java SDK. I would like to do this because of the verisign root certificate expiration. my versions: j2sdk1.4.0_01 jakarta-tomcat-4.0.4 apache 1.3.20 dave David, First - for your specific versions, all you have to do is upgrade java. Once that works, you're in business - no changes to Tomcat. This is because the changes between JDK 1.4.0_01 and 1.4.2_01 should not have an impact on libraries used by Tomcat. HOWEVER, the prudent action when upgrading any part of your enterprise system is to do the upgrade on some other system first, and get all the kinks out before you upgrade a production environment. Just last week I went through the very same process, triggered by a bug in an older version of MySQL. The bug was identified and fixed in more recent versions, but I had not kept up-to-date. Worse, my development environment had become much newer (though not fully up-to-date) than my production environment... Time to upgrade both! (NOTE: production is on a Sun server running Solaris, Devel is on a Win-XP box. MySQL, Tomcat and Java have versions for both, and my code can compile on one and run on the other with no problems.) First, I upgraded the devel system. Since this system is not mission critical on a daily basis, and since it is the devel environment, it was a good candidate. It was also almost current, so (hopefully) few changes. MySQL upgraded seamlessly (backup database, archive old version, unzip new version, restore database). Java also upgraded seamlessly (uninstall old version, install new version). I got the newest version of what used to be called the MM JDBC jar file, and was fine. Tomcat was more of a challenge. I was a few versions old, so server.xml had changed quite a bit. It had trouble initially finding my .keystore file, but I asked on this list and got that working. *this is why upgrading on a non-critical system is so essential. Had I started on the production machine, I would have been down for a week*. I also had to make some changes to the way the manager application worked (old vs. new), but once that was done I was fine. The big problem with Tomcat upgrades is making sure it all runs. Most critical are the Java libraries (jar files) for special things. I had to be sure poi.jar (Java excell spreadsheet support), mysql.jar (the JDBC driver), activation.jar and mail.jar (the Java mail API) were all correct for both compile and Tomcat. I usually use a server upgrade as a time to upgrade and test newest versions of these support libraries as well. Once that was done, I tested the application on the devel machine. Once the tests all run, I simply repeat the process on the devel server. I keep notes on what I do (or have done) when building / upgrading my server, so installing new versions is rarely a big problem. Finally, you can upgrade in parallel. That is, before you turn off or remove the old versions of this stuff, you can often install and run the new version to test that it works. Certainly I have been able to do that on my Sun box with MySQL. Java is tougher - I find it's just better to install the new version and go. Likewise, Tomcat's use of ports prevents parallel operation on the same port, but my server runs only SSL (port 443 with all other ports disabled), so the default install of Tomcat (port 8080) will work in parallel. I hope this helps, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How does Tomcat 5.0.16 process the keystoreFile tag?
Subject: Re: How does Tomcat 5.0.16 process the keystoreFile tag? From: Bill Barker [EMAIL PROTECTED] Date: Fri, 9 Jan 2004 19:26:13 -0800 To: [EMAIL PROTECTED] From a quick look at the code, it seems that Tomcat looks for 'keys/.keystore' relative to the directory that Tomcat was started from. Thanks, Bill. That worked perfectly. Since I'm starting from %TOMCAT_HOME%/bin, I just changed the keystoreFile from keys/.keystore to ../keys/.keystore and it worked perfectly. Cheers, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem finding .keystore in change from TC 4.1.27 to 5.0.16
I'm having a problem with SSL keystore location moving from Tomcat 4.1.27 to Tomcat 5.0.16 Here's the 4.1.27 SSL connector code from servlet.xml !-- Define a SSL Coyote HTTP/1.1 Connector on port 443 -- Connector className=org.apache.coyote.tomcat4.CoyoteConnector port=443 minProcessors=5 maxProcessors=75 enableLookups=true acceptCount=100 debug=0 scheme=https secure=true useURIValidationHack=false disableUploadTimeout=true Factory className=org.apache.coyote.tomcat4.CoyoteServerSocketFactory keystoreFile=keys/.keystore keystorePass=password clientAuth=false protocol=TLS / /Connector Here's the new code from 5.0.16 !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystoreFile=keys/.keystore keystorePass=password clientAuth=false sslProtocol=TLS / The file .keystore is stored in a directory keys located off $TOMCAT_ROOT$ (i.e. C:\jakarta-tomcat-5.0.16\keys. It was in the same relative place for 4.0.17, and the keystore file was found without any problems. But - If I start up Tomcat, I get a FileNotFoundException - it cannot find keys\.keystore. If I change this line to this: keystorePass=password Then it expects to find .keystore in C:\Documents and Settings\Richard\.keystore. If I put .keystore there, it all works perfectly. So my question is - where is Tomcat 5.0.16 expecting to find a file called keys/.keystore ? Should I have another directory parameter or some such? Thanks, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How does Tomcat 5.0.16 process the keystoreFile tag?
Greetings! I was usingthe keystoreFile tag successfully with Tomcat 4.1.27. However the same tag does not work as expected with Tomcat 5.0.16. Here's the SSL connector code from server.xml: !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true keystoreFile=keys/.keystore keystorePass=password clientAuth=false sslProtocol=TLS / The file .keystore is stored in a directory keys located off $TOMCAT_ROOT$ - i.e. C:\jakarta-tomcat-5.0.16\keys\.keystore. For Tomcat 4.1.27 this location worked with the keystoreFile tag shown above. Now with 5.0.16, I get the error FileNotFoundException. If I remove the keystoreFile tag, then 5.0.16 looks for the .keystore file in C:\Documents and Settings\Richard\.keystore. If I put .keystore there, 5.0.16 works perfectly. So my question is - How does Tomcat 5.0.16 parse the keystoreFile tag? Where is Tomcat 5.0.16 expecting to find a file called keys/.keystore? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Have some questions, also possible contract work up for grabs
Graham, Hi everyone, I had some questions regarding Tomcat. Is Tomcat able to handle a steady stream of about 200 years efficiently without crashing, being unreliable, etc.. ? I personally don't know the limitations of it as I am fairly new to Java. Assuming your application is written and tested, yes. I'm running a servlet/tomcat/mysql application that currently has 3000 users. The real question is not how many users but how many concurrent users. My app has never seen more than 50 simulataneous users, and works fine on a Sun SPARC E-250. What would an ideal server be to handle that type of userbase? Right now it's running on a 1ghz celeron with I believe 512mb of ram running linux. Again, simultaneous users/sessions is the key. I'm looking at upgrading to a 2-4 CPU machine, possibly Intel architecture as we ramp up to 2 users in the next year. No OS has been chosen yet (probably a unix flavor). Do any hosting companies offer reasonably priced colocation or flexible accounts with tomcat, php, and mysql installed? The IT company I work for has developed a great piece of software using JSP and Java technology but we need to get it onto a good box for production use. Waste of money and time. As someone else said - build your own and co-locate if necessary. Even if you did manage to get someone able to install/support tomcat and mysql, you'd probably pay through the nose for actual support (i.e. when something goes down). Far better to be in total control. PC's are not expensive, and a good OS (unix/linux/solaris) is not expensive. Co-locate? probably expensive, but still cheaper than what you would pay for REAL hosting (i.e. that worked when things broke). Cost of building your own and KNOWING what's going on... priceless. Does anyone here offer services such as using SSH to install Tomcat remotely? We would be willing to pay for someone to install Tomcat in a short timeframe. I doubt it. Most ISP's cannot even support PHP or perl, let alone tomcat/mysql/java. The ideal person would be someone that knows Tomcat installation quite well. We have installed it on a couple boxes, but usually by a lot of trial and error. We would like to get it up and running properly very quickly. Sorry to say this, but spend time with the docs and spend time doing the builds yourself. If anyone is interested, please send me an email and I can send you the details. I apologize in advance if this is not the place for an email like this. I figured this was probably one of the best places for an experienced Tomcat userbase. As long as you don't want to integrate Apache and Tomcat, you can email me. I will not put both on the same machine, after finding that the web server was killing tomcat performance (due to the number of web hits). I split Apache off to it's own server, and used a simple firewall (appliance) to forward port 80 requests to one machine, with port 443 (SSL) to the tomcat server. Secure application access, no hit from the web server. Thank you all very much for your time, Cheers, -Richard ~Graham - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help! Anyone successfully install a purchased certificate?
Matt, You are most welcome. I do hope it works for you, but I also know you would be very happy with Thawte. I chose them based on cost (less that 1/2 verisign and others). Cheers, -Richard Matt Fury wrote: Richard, Thanks so much for your reply! I'm trying one last time with InstantSSL. We'll find out soon and I'll let everyone know whether you can go with InstantSSL or not! :-) -Matt --- Richard S. Huntrods huntrods@xxx wrote: *** I am re-sending this email with the attachment 'kt.bat' removed and the text of the batch file included in email body - after being flooded with anti-virus messages from a couple dozen ISP's that have labelled '.bat' files as potential viruses. *** Matt, I'm sorry I didn't see this sooner (or did you post before you purchased?). I've installed a Thawte Certificate (one year ago), and then installed the renewal certificate again this month. The first installation was a nightmare, because no-one seemed to know all of the required details (and you must get them ALL correct, or nothing works!) Anyway, the technicians at Thawte finally figured the problem, and we got it working. This time, I simply followed the same process and it worked the very first time. I'm attaching an abbreviated step-by-step for SSL certificates using ONLY Tomcat (no Apache in the loop). This is a DOS-type BATCH file that I used on my Win2K machine to generate the appropriate certificates. The actual certificate runs on my production server, which is Solaris 2.8 on a Sparc E250, running only Tomcat and MySQL. In otherwords, the process should be portable. The only other IMPORTANT item is the type of certificate. In my case, the only mistake in the whole original process (that caused everything to fail) was that I requested the wrong certificate type. Once the correct certificate was requested, it all worked - and has been working ever since! The type you want is PKCS #7 no other type worked for me (we tried them all G). If you cannot get it to work with JUST Tomcat at all, get a refund and RUN (don't walk) to the Thawte website and get one of theirs. Cheers, -Richard DISCLAIMER: I have no connection whatsoever with Thawte. I receive nothing for endorsing their certificate. The only reason I endorse Thawte is that I know their certs do work with Tomcat, and their tech support is pretty good. ===kt.bat=== echo off rem mycompany.com rem INSTRUCTIONS rem 1. BE SURE JAVA (I use SDK 1.4) is installed and WORKING before you begin... rem 2. unremark the lines with asterisks '*' for each step in the process. remthe batch file is run once for each step. rem 3. BETWEEN Step 2 and 3, you must copy the CSR to the appropriate place on the remThawte website and request the PKCS#7 certificate. It will arrive by email remonce all the 'paperwork' has been processed. Save this as a text file 'myc-thawte.txt' remand proceed to step 3. rem 4. Of course, you will have to modify the field data to suit your actual information. rem STEP 1. - generate the .keystore file (self-signed certificate) rem remove the .keystore file or step 1 will fail rem*if exist .keystore del .keystore rem generate the self-signed certificate rem* keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -dname CN=mycompany.com, OU=myc, O=My Company Name, L=MyCity, S=MyProvince, C=CA -storepass mypassword rem*copy .keystore keystore.private rem STEP 2. - generate the csr (can be done together with step 1) rem remove the -csr.txt file or step 2 will fail rem*if exist *-csr.txt del *-csr.txt rem make the appropriate CSR - mycompany.com rem*keytool -certreq -alias tomcat -keystore .keystore -file myc-csr.txt -storepass mypassword rem STEP 3. - after the signer has issued the certificate, import it into a new .keystore file rem import thawte certificate - mycompany.com rem*keytool -import -v -alias tomcat -trustcacerts -keystore .keystore -file myc-thawte.txt -storepass mypassword rem verify the keystore (I do this for every step) keytool -list -keystore .keystore -storepass mypassword Subject: Re: Help! Anyone successfully install a purchased certificate? They do have Apache instructions. But I guess I better request that soon before the warranty runs out. LOL They have instructions for how to do create and install it with generic Java based servers but it hasn't been specific enough with Tomcat. -Matt --- Ian Hunter ihunter@x wrote: From what I understand, some different certificate vendors require different installation methods... Did they include instructions for IIS or Apache, for instance? Worst possible case you could front-end your site(s) with Apache and use connectors to get to Tomcat. - Original Message - From: Matt Fury matty@ To: tomcat-user@xx Sent: Thursday, February 20
Re: Help! Anyone successfully install a purchased certificate?
*** I am re-sending this email with the attachment 'kt.bat' removed and the text of the batch file included in email body - after being flooded with anti-virus messages from a couple dozen ISP's that have labelled '.bat' files as potential viruses. *** Matt, I'm sorry I didn't see this sooner (or did you post before you purchased?). I've installed a Thawte Certificate (one year ago), and then installed the renewal certificate again this month. The first installation was a nightmare, because no-one seemed to know all of the required details (and you must get them ALL correct, or nothing works!) Anyway, the technicians at Thawte finally figured the problem, and we got it working. This time, I simply followed the same process and it worked the very first time. I'm attaching an abbreviated step-by-step for SSL certificates using ONLY Tomcat (no Apache in the loop). This is a DOS-type BATCH file that I used on my Win2K machine to generate the appropriate certificates. The actual certificate runs on my production server, which is Solaris 2.8 on a Sparc E250, running only Tomcat and MySQL. In otherwords, the process should be portable. The only other IMPORTANT item is the type of certificate. In my case, the only mistake in the whole original process (that caused everything to fail) was that I requested the wrong certificate type. Once the correct certificate was requested, it all worked - and has been working ever since! The type you want is PKCS #7 no other type worked for me (we tried them all G). If you cannot get it to work with JUST Tomcat at all, get a refund and RUN (don't walk) to the Thawte website and get one of theirs. Cheers, -Richard DISCLAIMER: I have no connection whatsoever with Thawte. I receive nothing for endorsing their certificate. The only reason I endorse Thawte is that I know their certs do work with Tomcat, and their tech support is pretty good. ===kt.bat=== @echo off rem mycompany.com rem INSTRUCTIONS rem 1. BE SURE JAVA (I use SDK 1.4) is installed and WORKING before you begin... rem 2. unremark the lines with asterisks '*' for each step in the process. remthe batch file is run once for each step. rem 3. BETWEEN Step 2 and 3, you must copy the CSR to the appropriate place on the remThawte website and request the PKCS#7 certificate. It will arrive by email remonce all the 'paperwork' has been processed. Save this as a text file 'myc-thawte.txt' remand proceed to step 3. rem 4. Of course, you will have to modify the field data to suit your actual information. rem STEP 1. - generate the .keystore file (self-signed certificate) rem remove the .keystore file or step 1 will fail rem*if exist .keystore del .keystore rem generate the self-signed certificate rem* keytool -genkey -alias tomcat -keyalg RSA -keystore .keystore -dname CN=mycompany.com, OU=myc, O=My Company Name, L=MyCity, S=MyProvince, C=CA -storepass mypassword rem*copy .keystore keystore.private rem STEP 2. - generate the csr (can be done together with step 1) rem remove the -csr.txt file or step 2 will fail rem*if exist *-csr.txt del *-csr.txt rem make the appropriate CSR - mycompany.com rem*keytool -certreq -alias tomcat -keystore .keystore -file myc-csr.txt -storepass mypassword rem STEP 3. - after the signer has issued the certificate, import it into a new .keystore file rem import thawte certificate - mycompany.com rem*keytool -import -v -alias tomcat -trustcacerts -keystore .keystore -file myc-thawte.txt -storepass mypassword rem verify the keystore (I do this for every step) keytool -list -keystore .keystore -storepass mypassword Subject: Re: Help! Anyone successfully install a purchased certificate? They do have Apache instructions. But I guess I better request that soon before the warranty runs out. LOL They have instructions for how to do create and install it with generic Java based servers but it hasn't been specific enough with Tomcat. -Matt --- Ian Hunter [EMAIL PROTECTED] wrote: From what I understand, some different certificate vendors require different installation methods... Did they include instructions for IIS or Apache, for instance? Worst possible case you could front-end your site(s) with Apache and use connectors to get to Tomcat. - Original Message - From: Matt Fury [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 20, 2003 3:58 PM Subject: Help! Anyone successfully install a purchased certificate? Has anyone successfully installed a purchase root certificate? I've purchased a cert from installssl.com and they haven't been much help. I've done everything I am supposed to but it just won't get recognized when I hit the page. I know the Tomcat SSL is working because a self-generated one works fine but when I try to import the purchased cert, when a user hits the page it
Problem reloading data...
I am having a strange problem reloading data into one copy of MySQL. Details: production server: MySQL - Ver 8.38 Distrib 4.0.5a-beta, for sun-solaris2.8 on sparc development system: MySQL - Ver 8.38 Distrib 4.0.5a-beta, for Win95/Win98 on i32 test system: MySQL - Ver 8.38 Distrib 4.0.5a-beta, for sun-solaris2.8 on sparc production server: Sun E250, Solaris 2.8, 9 gig disk (plenty of free space), 256 M ram. development system: Toshiba laptop, Win2000, 15 gig disk (plenty of free space), 512 M ram. test system: Sun Sparc-20, Solaris 2.8, 9 gig disk (plenty of free space), 256 M ram. All systems are nominal. Every day, the E250 server runs a cron job to backup the database via the command: mysqldump -u root --lock-tables --databases mydb CurrentMydb.mysql This has worked (and still works) for over 1.5 years. The database dump is FTPed to the development machine. The database dump is currently 48 Megabytes in size (was 45, but usage logs grow...). The database is rebuilt on the Win2000 server every couple of days using a set of scripts that remove the database and rebuild it from the dump file with the following command: mysql -u root CurrentMydb.mysql where CurrentMydb.mysql is the dump file from the E250 This works fine (even today). However, the same sequence of commands (that has been working for 1.5 years) issued TODAY on the testing server gives the following error: ERROR 1064 at line 430725: You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'VALUES (51172,700,3,0,0,-1,1,'Mon Feb 17 19:59:27 MST 2003')' a However, I've FTPed the dump from the E250 to the Sparc 20 three times (and verified they are identical), and each time I run the rebuild script I get the same type of error - but targeting a different line every time!!! Also - I've used this file on the W2K machine - there is no actual error in the file. The only thing that has changed at all is the size of the database dump (from 45M to 48M). There is plenty of disk space. Has anyone encountered such a problem before, and is there a workaround? Thanks in advance, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apology...
Sorry, folks. I sent an email to this group about MySQL, when it CLEARLY should have gone to the MySQL list instead. Please accept my apologies. Cheers, -Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Redirect port 80 requests to 443
John Roth said: This seems simple, but ... I am running Tomcat 4.0.3, standalone on w2k. I would like all requests to http://oursite/ to be automatically redirected to https://oursite/ but am not finding an elegant/simple solution. Below is a snippet from server.xml: Why not simply create a web page that automatically redirects the request to the https page? That is what I did and it works fine. -Richard -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Who use Tomcat as a stand-alone server in production environment ?
Anthony, == Anthony Eden [EMAIL PROTECTED] I was unable to get it working with my Thawte certificate (which works fine in Apache). After some research I determined that there is an issue with the JSSE from Sun which prevents certain certs from working. Has this changed recently? Personally I would much rather remove Apache from the chain as it is really doing nothing for me other than handling the SSL decoding and then passing the request to Tomcat. Sincerely, Anthony Eden == I'm not 100% sure about Apache, but I suspect you need to get another type of Cert from Thawte. I beleive Apache takes one type of cert, while the Java certificate mechanism of Tomcat requires another type of cert chain. When I did the SSL thing with my Tomcat application, I had to play around for a while before I got the proper cert from Thawte (or any vendor, for that matter) - before it worked. It does work quite fine - I am running Tomcat as standalone servlet engine on my servers, with SSL enabled, using a Thawte cert with no problems. Contact Jason Barr at Thawte - he is the person who I worked with to get it all working. Cheers, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Tomcat 3.2.3 and SSL
Paul, The protocol https is hard-wired to port 443. Using port 8443 as you have done works, but only with the hardcoded port number in the URL, as you have found out. To make Tomcat SSL work using https, you must modify the SSL port used - in server.xml. Change 8443 to 443 and restart Tomcat. Also, if you want others to access your machine, change port 8080 to port 80 in server.xml. This will allow them to access static web pages using just http. However, if you have another web server (i.e. IIS) running on port 80, you will have to decide if Tomcat gets port 80 (shut off IIS) or if they coexist. There is assistance here and in the Tomcat FAQs if you want to run both IIS and Tomcat. Cheers, -RIchard == From: Paul Ferguson [EMAIL PROTECTED] I have been trying to get SSL to work with tomcat 3.2.3 on Windows NT. I've followed the steps on differenet web sites and I now have the server configured so that it works with the URL http://localhost:8080/index.html as well as https://localhost:8443/index.html (for the SSL). But when using the https prefix I cannot get the web page to display if I put the IP address in instead of localhost and so cannot view it from another computer.Any ideas??? === -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
How to redirect port 8080 to port 443?
Greetings! I am moving from an insecure to a secure server for Tomcat. Currently, I have both ports 8080 (for http) and ports 443 (for https) enabled in my server.xml.file. Now I have must remove port 8080 (insecure). Is there a way to redirect port 8080 to port 443 within server.xml? Is there an *easy* way? G (i.e. the setup is currently very stable and simple - I don't want to start trying to enable multiple virtual servers or contexts or anything like that - just a simple port redirection (if possible). Thanks in advance for your assistance. -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Silly little error with JBoss-Tomcat and EJB's...
I have a silly little error trying to compile a java program that implements EJBs and is to run on Tomcat / JBoss. The compiler will not compile the source code - complaining that: import javax.ejb.EJBObject; does not exist. I've found it in the J2EE javadocs (on Suns web site), and have (I thought) set up my compile class path correctly (it uses the classes in java1.3.1/lib, java1.3.1/ext and JBoss/lib/ext. Has this happened to anyone, and what was the fix? OR... what java archive contains these classes from javax.ejb? Note - other classes compile just fine, and they also call javax.ejb classes - so most are being found - just not EJBObject. Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Please Help - Tomcat serves HTTPS with self-signed cert, but not Thawte cert!
Paul, It is not strange - just very, very convoluted. I have spent 2 months getting this stuff to work, and am about to order my cert from Thawte. There are a couple of problems. First, all certs in your keystore must have the 'tomcat' alias. Second, the type of certificate ordered from a vendor is *CRITICAL*, both to the way the final keystore is generated, and to your ability to use the 'tomcat' alias without error. In a nutshell, you must request a PKCS#7 chain format certificate from the vendor, or nothing else will work. Also, don't remove the trailing linefeeds on the vendor cert - or it won't import. I suspect either your alias, or your type of cert. Contact Thawte for further info - but I worked with Jason Barr and he was EXCELLENT. Here is a excerpt from one of his emails to me about getting and installing a Thawte cert: ~~from Jason Barr at Thawte Generate the keystore and key files without the parameters specifying a validity date, so the command should look like this: keytool -genkey -keyalg RSA -keystore [keystore name] -alias [key name] Then you will generate a CSR with the following command: keytool -certreq -keystore [keystore name] -file mycsr.csr -alias [key name] With the trusted certs you receive a status page where various formats of the cert can be downloaded, and the default option should be PKCS#7, if it isn't you can select it. ; ) Import the file with the following command: keytool -import -file mycert.crt -alias [keyentry alias in keystore] -trustcacerts -keystore [keystore name] The private key file is the file created within the keystore and the -alias switch gives the key its name. You should backup the keystore file created, as this will backup the key file. If you have problems with the certificate you should be able to fix them, but if you lose the private key you will need to buy another. Cheers, -Richard =Paul Morrow wrote: Date: Wed, 6 Feb 2002 16:03:39 -0800 From: Paul Morrow [EMAIL PROTECTED] This is a rather strange problem that I'm hoping someone can assist with. In a nutshell, Tomcat serves HTTPS pages when a self-signed cert is installed, but not when a Thawte cert is installed. I'm running Tomcat 4.0.1 on Solaris 8. I used keytool to create a self-signed cert, i.e. ./keytool -genkey -alias tomcat -keyalg RSA I restarted Tomcat and could then access my pages via https as expected. I ordered and received a cert from Thawte which I used keytool to install (after deleting the self-signed cert), i.e. ./keytool -import -alias foo -file baz I restarted Tomcat, but now HTTPS no longer works (however, the pages are still available via HTTP). openssl reports the following CONNECTED(0004) 3824:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 7 bytes and written 130 bytes --- New, (NONE), Cipher is (NONE) --- Does anyone have any ideas why this might be the case? Thanks in advance for any help you can provide. Paul Morrow MMS Incentives, Inc. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
PLEASE REMOVE THE VIRUS BEFORE MAILING THE LIST...
Greetings! Well, my ISP nuked your last issue of the digest (tomcat-user Digest 29 Jan 2002 07:19:31 - Issue 352) because it was emailed with the Party virus intact. I know this list has been talking about SPAM removal, but now it is not only annoying, but has begun to SERIOUSLY IMPACT the list. After all, if the list will not be delivered by ISPs, then it is out of business. SO PLEASE PLEASE PLEASE - start instituting some serious SPAM filters, or only allow posts by members. I prefer the latter (membership). Thanks very much - (even though I'm very unlikely to ever get to read this or any further digests until the virus runs its course) -RIchard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL and certificates, AGAIN
Greetings! Three quick question to all who have SSL working with signed certificates (not just self-signed): 1. What provider did you use? Verisign, Entrust, Thawte, etc? 2. Has anyone gotten signed certificates working with Thawte certification? 3. Would you be willing to discuss this by personal email rather than through the list (to conserve bandwidth). Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL and signed certificates...
Greetings! I am hoping someone can provide some assistance regarding SSL and signed certificates. The Tomcat SSL-how-to FAQ stops just short of where I need to be. I have self-signed certificates working just fine with Tomcat 4.0.1. I created a 'csr' request from the working certificate (.keystore) file. The signing authority returned a certificate. I understand that this needs to be chained to the original self-signed certificate, so that the .keystore file will then contain two certs - mine and the signing agencies one. This process is not working. Some examples from this list indicate the use of the '-alias tomcat' flag on all uses of keytool. Unfortunately, the keytool docs explicitly state that two certs in a .keystore file cannot have the same alias, so this will not work when importing. That is, this does not work (I tried it). keytool -genkey -alias tomcat -keyalg RSA keytool -certreq -alias tomcat -file /tmp/mine.csr paste this into the signing authority request, you get back a cert that you paste into a new file, i.e. mine.cer keytool -import -alias tomcat -file /tmp/mine.csr THIS LAST COMMAND DOES NOT WORK - you cannot add the new cert to the existing keystore file with the same alias. I get a java exception if I try. So - how does one import the signing authority certificate and make the chain? If you leave off -alias tomcat on the import line, it *will* import and create the chain, but the security level is uchanged from a self-signed cert. The reply from the signing authority is not included in the certificate sent to a browser. If you delete the self-signed .keystore and just import the signing authority cert by itself, it works (even with the tomcat alias), but then Tomcat ceases to serve secure pages (error 404 - not found). SO (again) - how do I import the certificate reply from the signing authority such that it works with tomcat? Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
A problem with manager and Valves...
I believe the RemoteAddrValve uses regular expression, so try a leading period as I'm not sure how reg exp treats a leading asterik. '.*' should allow all Charlie I also noticed that this should be 'allow', not 'accept' Charlie Charlie, Thank you so much. It turned out to be the allow not accept thing. The following now works - restricting manager servlet to stuff behind the firewall ONLY (this has been tested both inside and out). !-- Tomcat Manager Context -- Context path=/manager docBase=manager debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=127.0.0.1,10.1.1.*/ /Context Note both localhost (127.0.0.1 and a wildcarded 10 series (10.1.1.*) have been allowed. THanks again, -RIchard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: What does it mean - \Name on certificate does not match name of the site\
Pae wrote: It usually means that the name, e.g., Common Name, in your certificate and the name of your server, e.g., http server, where the certificate originated from don't match. How did you created the certificate? Ex, openssl? Pae Pae, Thank you for your assistance so far. I'm using the Java SDK keytool tool to create the certificate. Here is an actual session with keytool. My typing is in just for clarity. The contains either what I have been typing, or a comment on what I was typing. All other text comes from the keytool... === keytool -genkey -alias tomcat -keyalg RSA -keystore /users/.keystore Enter keystore password: password What is your first and last name? [Unknown]: Richard Huntrods What is the name of your organizational unit? [Unknown]: hci - I don't really know what to put here - I was putting machine What is the name of your organization? [Unknown]: HCI - this is my company, not my domain What is the name of your City or Locality? [Unknown]: Calgary What is the name of your State or Province? [Unknown]: Alberta What is the two-letter country code for this unit? [Unknown]: CA - for Canada Is CN=Richard Huntrods, OU=hci, O=HCI, L=Calgary, ST=AB, C=CA Correct? [no]:yes Enter key password for tomcat (RETURN if sam as keytore password): RETURN === That generates the keystore. Which one is common name? Thanks again in advance for your assistance. Is there more documentation on keytool that you know of? The on line help merely lists the possible options, but does not tell you what they mean. -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
A problem with manager and Valves...
Greetings! I have the manager servlets working quite fine - even have the HTTP version running. I added the user to tomcat-users.xml, edited server.xml to enable the manager (it was commented out), and even edited the manager/WEB-INF/web.xml to change it to HTMLManagerServlet. However, if I add a Valve to server.xml to try and restrict access, then everything is denied. Here's the lines in server.xml: Context path=/manager docBase=manager debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve accept=*.*.*.*/ /Context I've tried this valve with accept=*,*,*,* as above, and with accept=*. Neither works. I've also tried RemoteHostValve with accept=localhost and accept=*, both as the only valve and in combination with the RemoteAddrValve. So far the only thing that works is if I comment out the valve competely. I have set debug to 1, and there are no errors in any of the log files - except the following entries in localhost_access_log.2001-12-22.txt: 127.0.0.1 - - [22/Dec/2001:11:22:07 -0700] GET /manager/list HTTP/1.1 401 618 127.0.0.1 - manager [22/Dec/2001:11:22:11 -0700] GET /manager/list HTTP/1.1 200 5573 The first entry is with the valve (above) in place, the second entry is with the valve commented out. The user name manager is just for local testing. As an aside, I sure would like to know what 401 618 means (the 401 is access denied, I believe). This is Tomcat 4.0.1 running very successfully on Windows 2000, and using IE on the same machine (accessing https://localhost/manager/list; in both cases). What am I missing? -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Tompcat - Manager Functions without the Manager?
Thanks, Craig - this is exactly what I was looking for. Cheers, -Richard On Thu, 20 Dec 2001, Richard S. Huntrods wrote: Date: Thu, 20 Dec 2001 09:23:11 -0700 From: Richard S. Huntrods [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Tompcat - Manager Functions without the Manager? Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). The manager app doesn't really track users -- it only tells you how many active sessions there are. However, it's possible to set up this app (or any other) in a manner that makes it available only inside the firewall. It works like this: * Add the manager webapp's subdirectory back in to your webapps directory. * Add a Context element in server.xml that includes a request filter preventing access to the manager webapp from anywhere *other* than inside the firewall: Context path=/manager docBase=manager Valve className=org.apache.catalina.valves.RemoteAddrValve accept=xxx.xxx.xxx./ /Context where xxx.xxx.xxx.xxx is the IP address (or a regular expression pattern) that must match in order for this request to succeed. * This filter will accept *only* requests that match the accept pattern, so any outside-the-firewall attempt will fail (even if they know the right username and password). More information is in the Server Configuration Reference documentation that ships with Tomcat. Thanks in advance, -Richard Craig -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
What does it mean - Name on certificate does not match name of the site
Greetings! Last post for a while - I promise! G What does it mean - Name on certificate does not match name of the site? I did the self-signed certificate thing for SSL. There are three messages that appear on the pop-up dialog when you access the secure site. The first says The certificate ... non-trusted company (in essence). It is a warning. The second message says ... date is valid. It is OK. The third warning is the one above. I know and expect the first warning - unless someone like Verisign signs the certificate, it is considered untrusted. Self-signed certificates will always give this warning. No problem. However, when you create a self-signed cert, I cannot find a place to put the site - so I cannot see how this third warning can be prevented. The questions are: Your name (I assume that's my personal name) Your company org unit (what the heck is this? I put my domain name here) Your company (obvious) Your city (obvious) Your province/state (obvious) Your country code (two letters) Besides the passwords, I cannot see what would signify site to the certificate. Assistance? Feel free to point me to something on Sun or Verisign's site. I didn't find anything on a cursory look-over, but I'd be glad to know of an M to RTF. Cheers, and thanks in advance. -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: What does it mean - Name on certificate does not match name of the site
Greetings! Thanks for the replies so far. Unfortunately, I haven't got it to work yet. I'm putting various combinations of server name / domain name in the Company Org Unit field, but to no effect. Is there a way to view the two fields while running in a browser, i.e. what the server is sending, and what the certificate says? Actually, I know what the cert says, but it obviously does not agree with what the server is sending. I'd like to be able to see what is coming to the browser. IE doesn't seem to display much info. Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Can you view SSL without the https prefix?
Greetings! Is it possible to view an SSL document without using the https prefix? Before I enabled SSL on my servlets, I was using port 8080. Now I have SSL working, and have disabled the normal non-SSL port 8080. Instead, I am using SSL on port 8080. This makes my application ONLY run with SSL. I can change any references internal to my system (index.html, etc) to use https, but some clients have bookmarked the servlet page, rather than the access page. Is there a way to redirect http://xx.xx.xx.xx:8080/index.html; to *actually* call up the page https://xx.xx.xx.xx:8080/index.html; ? Thanks very much in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Tompcat - Manager Functions without the Manager?
Greetings! For security purposes, my tomcat server is behind a firewall, with the firewall forwarding port 8080 requests to the server (as port 8080). All works very well. FTP and Telnet are blocked by the firewall as well. Only port 80 (another machine running Apache to serve a web site) and port 8080 are open on this firewall. Also for security, I have removed the original webapps directory and replaced it with my own webapps directory with just my servlets and such in it. Again, all works very, very well. NOW - I would like to track who is currently using the system. Apache is not running - only Tomcat. Rather than try to track users internally with my servlets, I would like to be able to use the Tomcat manager functions to do this. Is there a way to use manager functions without the original webapps/manager directory - i.e. ONLY from behind the firewall, perhaps even only when logged on to the server as root? My understanding is that if I put the manager directory back, then it is open to the world (password protection is rarely enough, I've found). Thanks in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: Can you view SSL without the https prefix?
I can change any references internal to my system (index.html, etc) to use https, but some clients have bookmarked the servlet page, rather than the access page. Is there a way to redirect http://xx.xx.xx.xx:8080/index.html; to *actually* call up the page https://xx.xx.xx.xx:8080/index.html; ? Can't you make whatever handles the http requests on 8080 return a redirect to the same page but with an https protocol request? That's what I'm doing at present, but it requires support for both plain (8080) pages and SSL (port 8443) pages. I want to remove the normal factory and only allow the SSL factory (in servlet.xml) - but then all requests, even the initial one, must have https. I'm looking for the best of both worlds. I'm also unsure of what would happen if BOTH non-secure and secure pages come from port 8080 (in servlets.xml). -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Can you view SSL without the https prefix?
You can't have http and https listen on the same port since https has an entire SSL handshake that must take place before the GET/POST transfer takes place. But you could have the 8080 redirect to something like 8081 with HTTPs running on that instead. Of course, the correct way is to use port 80 for http, and redirect to 443 for https, since all other ports will really have problems for just about anybody with a firewall correctly configured. David Thanks for the excellent advice. Question: if you type https://xx.xx.xx.xx/; who is it that knows this goes to port 443? I have port 80 forwarded by my firewall to another machine running only Apache. Tomcat is on another machine, and I've been using port 8080 forwarded to that machine. If I type in https://xx.xx.xx.xx/;, who knows that that should go to port 443? Is it whatever server is listening to port 80 (i.e. I then must turn on redirection in Apache), or is this a net standard? Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
HTTP and HTTPS on two servers...
Greetings! Well, the more you learn, the more you know how little you know! G Current status: I have two servers, one with Apache only and one with Tomcat only. This is for historic reasons of server load, but serves me very well. The Apache server listens only to port 80. All works well. For example, http://xx.xx.xx.xx/; calls up the appropriate index.html page. The Tomcat server now only listens to port 443 - and responds with SSL enabled servlets. This also works well. For example: https://yy.yy.yy.yy/; calls up a secure index.html file, which starts the servlets rolling. NOW, heres the problem. A router directs port 80 to the Apache server and port 443 to the Tomcat server. There is a domain name pointing to the address of the router. If you type http://domain.com/;, the Apache server properly serves the web page. HOWEVER - if you type https://domain.com/;, you get the infamous page cannot be displayed message. How does one direct https inquiries to port 443? I thought this would work. Who or what interprets https as a request on port 443? Must I configure the port 80 Apache machine to hear requests on port 443 and then relay them to the Tomcat box - and if so, how? (which Apache config file) Thanks very much in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: HTTP and HTTPS on two servers...
Greetings! - Me again! Problem solved. I *was* correct - https has been standardized as port 443 - so Netscape, Opera, IE - all must support it. My particular problem was the defaultrouter file in Solaris. My firewall that forwarded port 443 to the Tomcat server was on one local address, but the Tomcat machine was using another as the defaultrouter. I edited defaultrouter to point to the router that was doing the forwarding, rebooted, and everything works! Cheers, -Richard Richard S. Huntrods wrote: Greetings! Well, the more you learn, the more you know how little you know! G Current status: I have two servers, one with Apache only and one with Tomcat only. This is for historic reasons of server load, but serves me very well. The Apache server listens only to port 80. All works well. For example, http://xx.xx.xx.xx/; calls up the appropriate index.html page. The Tomcat server now only listens to port 443 - and responds with SSL enabled servlets. This also works well. For example: https://yy.yy.yy.yy/; calls up a secure index.html file, which starts the servlets rolling. NOW, heres the problem. A router directs port 80 to the Apache server and port 443 to the Tomcat server. There is a domain name pointing to the address of the router. If you type http://domain.com/;, the Apache server properly serves the web page. HOWEVER - if you type https://domain.com/;, you get the infamous page cannot be displayed message. How does one direct https inquiries to port 443? I thought this would work. Who or what interprets https as a request on port 443? Must I configure the port 80 Apache machine to hear requests on port 443 and then relay them to the Tomcat box - and if so, how? (which Apache config file) Thanks very much in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
SSL and W2K vs. Solaris - SOLVED
Greetings! I have solved the problem I was having with getting SSL to work on Solaris. As you may recall, I had it all working on W2K with Tomcat 4.0.1, but could not get it to run under Solaris 8 (SPARC). The problem was simple, as was the solution. Java 1.2 (default Java on Solaris 8) is missing the security components required to support SSL. I upgraded my Solaris box to 1.3.1, copied the jsse jar files to JDK/jre/lib/ext (as recommended in the SSL installation documents), rebooted and all worked the first time - with my certificate created on the W2K box. One final question - If I *always* want SSL to be on for this server (i.e. no unsecured pages or servlets), do I comment out the normal server stuff in server.xml and change the SSL port to 8080 (which I'm using for everything at the moment), or are there additional steps? Tomcat is running standalone at the moment. Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Assistance please - fixed W2k 4.0 vs 4.0.1 problem, created another!
Richard, I don't mess with CLASSPATH or the copying the jar files to JDK/jre/lib/ext directory. I use JBuilder 5 Personal to compile my java classes. That way you just point the IDE to the libs that you want to include in the project. You can tell the IDE to use the jar's that Tomcat is currently using without copying them to another directory (as well as Struts or anything else you are using). P.S. JBuilder 5 Personal is free from Borland. :) Barry Barry, Thanks for the info on Borland. I have 4 professional, due to my teaching of Java. You are quite correct about it's handling of class libraries - it is quite good at that. I have also got VisualAge 3.2 and Together 5. All have many plusses, and some minuses. In the end, because I wanted a stock compile environment that I could use on any machine (i.e. W2K or Solaris), I went with the Sun Java SDK plus a good editor (WinEdit, although Crimson is also good - and free). The benefit is that anything that compiles on W2K will also compile exactly the same way on Solaris. I know there are versions of many IDE's for Solaris, but I cannot afford the time to learn them at present. Thanks again and cheers, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Question on SSL...
Greetings! I have SSL working with a self-signed certificate on Tomcat 4.0 - on a Win2K box. The only difficulty I had was that the jsse jar files had to be placed in jre/lib/ext, as the JSSE_HOME variable did not work for me. Now I am trying to move this work to Solaris. I have Tomcat 4.0.1 working well on a Solaris (SPARC) box. I duplicated the process of putting the jar files in the jre/lib/ext directory, and ***copied*** the self-signed certificate to the same directory (relative to CATALINA_HOME) as on the W2K box. I also appropriately edited server.xml. Starting Tomcat with the -debug parameter on the Solaris box, I found no errors. Likewise, examining the logs reveals no errors, BUT - when I try to access an html file using port 8443 (the same action worked on W2K - same directory structures and html files), I get The page cannot be displayed. The page displays fine using port 8080. In other words, http://xx.xx.xx.xx:8080/index.html; works, but https://xx.xx.xx.xx:8443/index.html; does not. With the same certificate, directory structures, jar files (in the JDK/jre/lib/ext directory), server.xml, etc. on W2K, both work. Question: MUST you generate the certificate on the box you will use (or at least the OS)? I generated the certificate on the W2K box and just copied it (binary FTP) to the Solaris box. Thanks in advance, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Assistance please - fixed W2k 4.0 vs 4.0.1 problem, created another!
Greetings! I have solved my problem on W2K where Tomcat 4.0 worked, but Tomcat 4.0.1 did not. I simply moved some jar files (most importantly servlet.jar) from JDK/jre/lib/ext into somewhere else (a temp directory). Now Tomcat 4.0.1 runs perfectly. Obviously the occurance of TWO servlet.jar files was causing all my problems. BUT - Now I have a new problem, for which I would like to solicit some advice. NOW - I cannot compile servlets. The problem is historic - I hate the classpath, as almost everyone who tries to use classpath gets into big trouble - *eventually*. I teach Java at the University level, and classpath is a nightmare for students. But - most of the time you do not need any classpath at all, as Java is very intelligent about finding what it needs. Hence my use of the JDK/jre/lib/ext directory. This is where Java says to place those jar files for java extensions (i.e. servlet.jar, junit.jar, mail.jar, activation.jar, etc...). AND - javac and java always find them. Until Tomcat 4.0.1 (which found them twice G). Even Tomcat says to put stuff in JDK/jre/lib/ext - specifically this is one of the two approved methods to get SSL (jsse) working. In my case, I had to do this as the JSSE_HOME variable did not get picked up properly. Using the jre worked perfectly. So - how do most people compile servlets, etc if they do not put those jar files in JDK/jre/lib/ext? I guess I could use classpath (i.e. in the compile command line), but I'd really like to find a better solution. Until TC 4.0.1's double load of servlet.jar, the JDK/jre/lib/ext was essentially perfect. Thanks in advance for any recommendations from all you Java / servlet developers! Cheers, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Question on SSL...
Greetings! Weird. Here's some more info on my attempts to get SSL working on Solaris with Tomcat 4.0.1. In a previous email I mentioned that I generated the .keystore file on W2K and just copied it to Solaris. I just tried to generate a .keystore file on Solaris, and got this error message: keytool -genkey -alias tomcat -keyalg RSA -keystore /home/tomcat/keys/.keystore Enter keystore password: pass keytool error: KeyPairGenerator not avaliable (CATALINA_HOME/keys is where I'm storing the keystore files). This is Solaris 8, full install. The Java SDK is 1.2.2. Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Assistance please - fixed W2k 4.0 vs 4.0.1 problem, created another!
Greetings! Well, I fixed the problem completely! I checked the jar files I was using in JDK/jre/lib/ext against the ones in Tomcat 4.0.1, and the file servlet.jar was larger and newer. Although I'm using JDK 1.3 on my machine, servlet.jar (and a number of other JAVAX jar files) come from the Sun site as add ins. I tried replacing my older servlet.jar with the one in TOMCAT/common/lib, and everything works, including (non-classpath) compiles! This is not only great news, but solves all my Tomcat 4.0 / 4.0.1 problems! So - I would say the key thing here with add on jar files is that whatever you have in Tomcat library directories MUST BE IDENITCAL with whatever you have in your JDK, especially the JDK/jre/lib/ext directory. I have identical copies of mail.jar, activation.jar and servlet.jar in both places, and *now that they are identical copies*, Tomcat 4.0.1 works perfectly. Cheers, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Try a different approach - What's wrong with catalina.session???
Greetings! Let's try this again. From the error message below, it would appear that there is something WRONG with org.apache.catalina.session.StandardSession. Note from the error that we get a java.lang.NoSuchMethodError - the method does not exist. After reading the Catalina Javadocs, it becomes aparent there are two StandardSessionFacade constructors. One is: StandardSessionFacade(javax.servlet.http.HttpSession session); the other is StandardSessionFacade(org.apache.catalina.session.StandardSession session) It would appear that the catalina session version is getting called by default, because I ask for no specific one in my code. The problem is that there is NO StandardSession class, according to the javadocs - or if there is (undocumented), it is missing the putSession method, as stated in the error. I think this is a BUG in Catalina. Why call one particular constructor by default, which does not use the standard javax classes, and then NOT supply all the required session methods? NOTE - this constructor is called OUTSIDE my code by other Catalina code - I have no real control over which constructor is used. Does anyone in the developmer community know of a workaround? java.lang.NoSuchMethodError at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1185) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at qti.object.Login.putSession(Login.java:572) -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Try a different approach - What's wrong with catalina.session???
More stuff Here is the source code to a servlet that RUNS under Tomcat 4.0 but does NOT RUN under Tomcat 4.0.1. I can email (upone request) a zip file containing the full directory structure (with class file) that can be unzipped an placed directly under webapps. Put it in Tomcat 4.0 and it runs, put it under Tomcat 4.0.1 and it does not. Of course - tc 4.0 and tc 4.0.1 are in totally separate directories, can run all example servlets AND any servlet without the session stuff in it. Also of course I never try to run TC4 and 4.01 at the same time. On Solaris 8, this runs under tc 4.0.1 without error. Only on Win 2000 does this error happen. I have also re-downloaded Tomcat for Windows and done a binary compare between what I have and the latest - and they are identical. It really does seem as if TC 4.0.1 on W2K has a problem with the catalina.StandardSesionFacade incorrectly calling catalina.StandardSession instead of javax.servlet.http.HttpSession, but I do not know why this happens on W2K but NOT on Solaris. I am not a newbie in this particular stuff, and have done my homework. I would appreciate a reply from someone in the Tomcat developer community. Cheers, -Richard =the code== /** * Title: SessionTestServlet * * Description: Session Test Servlet - duplicate Catalina Session error * * Copyright: Copyright (c) 2001, Huntrods Consulting Inc. * * Company: Huntrods Consulting Inc. * Author: Richard S. Huntrods * Version: 1.0 * Date: December 13, 2001 * * @author Richard S. Huntrods * @version 1.0 */ package testing; import javax.servlet.*; import javax.servlet.http.*; import java.io.*; import java.util.*; public class SessionTestServlet extends HttpServlet { public void init(ServletConfig config) throws ServletException { super.init(config); } public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { doPost(request, response); } public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setContentType (text/html); StringBuffer buffer = new StringBuffer(); HttpSession session = request.getSession(true); if(session != null) { session.setAttribute(name, Richard Huntrods); session.setAttribute(company, Huntrods Consulting Inc.); } buffer.append(HTML\n); buffer.append(HEAD\n); buffer.append( META NAME=\GENERATOR\ CONTENT=\WinEdit - Richard S. Huntrods\\n); buffer.append( TITLESession Test/TITLE\n); buffer.append(/HEAD\n); buffer.append(BODY BGCOLOR=\#99\\\n); buffer.append( PCENTERBIH2\n); buffer.append(Session Test\n); buffer.append( /H2/I/B/CENTER/P\n); buffer.append(/BODY\n); buffer.append(/HTML\n); PrintWriter out = response.getWriter(); out.println(buffer); out.close(); } public String getServletInfo() { return SessionTestServlet Information; } } = -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Try a different approach - What's wrong with catalina.session??
Hmmm the difference between these two constructors is, that the one which takes a StandardSession upcasts it to HttpSession before assigning it to it's session attribute, this should not cause this problem, as StandardSession does implement all HttpSession methods (otherwise the compiler would want to have it declared abstract). . From my (I confess very distant) position it looks like a jvm on W2K problem. Especially because you say it does work on Solaris. Mika EXACTLY! That is what I think as well, except... Both TC 4.0 and TC 4.0.1 are on the same machine. I have read all the release notes with both versions, and cannot find anywhere that suggests a difference in how the JVM is found / used. In fact, the batch file I created to run tc 4.0 and to run 4.0.1 is identical (i.e. JAVA_HOME) except for the location of the bin files that actually start Tomcat. So - if you or anyone knows of differences in how TC 4.0 vs. 4.0.1 find/load/use things like the servlet .jar files in JAVA_HOME vs. the Tomcat libraries, I'd like to know. -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Try a different approach - What's wrong with catalina.session???
Greetings! Craig said... This kind of problem indicates that your Tomcat installation is somehow corrupted. If it were really a bug, it would be happening to everyone, not just to you. I suggest that you do the following: * Make sure you do not have anything in $JAVA_HOME/jre/lib/ext (most *especially* not things like servlet.jar or j2ee.jar, which are *guaranteed* to cause nothing but grief) RSH: WHY? That is where you put these files to allow you to compile code. Why should it cause Tomcat grief (esp. NOT 4.0 but only 4.0.1) unless the Tomcat jar loader code is now broken? * Do a clean installation of Tomcat 4 into a new directory. RSH: Done 3 times, downloaded new binaries 2 times, did binary comparisons of all copies of 4.0.1 - all the same every time. That is NOT the problem. * Make sure that all the examples work (including the ones that use sessions) RSH: Which ones are the session ones? I tried 1/2 dozen examples, all worked. * Install your applications and test. We're now down to the simple servlet I sent to this list. Why doesn't someone with 4.0.1 on W2K compile it and try it. If it runs, then tell me which version of the Sun Java SDK you have, and what is inside .../jre/lib/ext ? And, if servlet.jar is NOT in that directory, how the heck did they get my servlet to compile with the SDK? (Using JBuilder is cheatingG). -Richard Craig McClanahan -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: Try a different approach - What's wrong with catalina.session???
Thanks, Mika. I tried this servlet in Tomcat 4.0.1: http://localhost:8080/examples/servlet/SessionExample and it works in 4.0.1 UNTIL I press the URL encoded link. Then I get the exact same error message as I've been reporting. Also, typing in the Name of Session... and pressing Submit Query also generates the same error. Kind of supports the theory that the way 4.0.1. loads the jar files has changed. Now to find out how to fix it... -Richard Session in use: From the jsps, NumberGuess, Snoop, ErrorPage (after submitting the form), Carts (after submitting) (I did stop testing here) From the servlets only the session example. Mika -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Why 500 error in Tomcat 4.0.1 but NOT 4.0???
I have a servlet that runs fine in Tomcat 4.0 on a Win2000 machine. If I run the same servlet, using the same server.xml, in the same directory structure in Tomcat 4.0.1, I get the following error. If I run this same servlet, with the same server.xml, in the same directory structure on Tomcat 4.0.1 on Solaris, I get NO ERROR. Can anyone tell me what might cause this error ONLY on Tomcat 4.0.1 on Windows 2000? Thanks, -Richard Apache Tomcat/4.0.1 - HTTP Status 500 - Internal Server Error type Exception report message Internal Server Error description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet execution threw an exception at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106) at java.lang.Thread.run(Thread.java:484) root cause java.lang.NoSuchMethodError at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1182) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at qti.object.Login.putSession(Login.java:572) at qti.system.SystemTestServlet.doPost(SystemTestServlet.java:78) at qti.system.SystemTestServlet.doGet(SystemTestServlet.java:34) at javax.servlet.http.HttpServlet.service(HttpServlet.java:740) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170) at
Has Tomcat lost the ability to display simple HTML pages?
Greetings! I've just been informed of a strange problem. In my webapps directory, under the sub-directory ROOT, I have a file called index.html. In Tomcat 3, this file would display if you called http://xxx.xxx.xxx.xxx:8080/; Now that I'm running Tomcat 4.0.1, this page will no longer display. I get the 500 error. Everything else (in the webapps/project/WEB-INF/classes/...) directories (all my servlets) work fine - just the html page in ROOT has quit working. Can someone point me to the document that describes how to get this working? Thank you. -RIchard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
What happened to Session.setAttribute in Tomcat 4.0.1???
I have servlet code that worked perfectly this morning on Tomcat 4.0.0. It uses the Session to store and retreive some data thusly: public void putSession(HttpServletRequest request) { if(request != null) { HttpSession session = request.getSession(true); if(session != null) { session.setAttribute(idnumber, getIdNumberString()); } } } This code compiles with no errors in JDK 1.3. It ran perfectly under Tomcat 4.0.0. This morning (after testing this code), I replaced Tomcat 4.0.0 with 4.0.1. I correctly set up server.xml and my webapps directory structure as before (working under 4.0.0). HOWEVER, the code above now generates an exception: java.lang.NoSuchMethodError at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1185) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) What gives??? -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Re: What happened to Session.setAttribute in Tomcat 4.0.1???
Craig, From: Craig R. McClanahan [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sounds like whatever process you used to install 4.0.1 corrupted things. Did you try to install 4.0.1 directly on top of your 4.0 install? If so, this is *always* a risky thing to do. You're much better off doing a clean install of the new version, and then copying in your application stuff. Craig RSH: Doubtful. I downloaded the zip for 4.01, and unzipped it to a new directory. Both 4.0.0 and 4.0.1 were co-existing for a time (completely separate, never run together). The servlet will run if I don't access the Session code. But, as soon as I try to read or write the Session, that exception appears. I did a WINDIFF on both directories - lots of changes between 4.0.0 and 4.0.1 - LOTS AND LOTS of changes. (Hardly a minor revision number, in my opinion - massive differences in the names and number of jar files and where located, tomcat.exe appears, etc.). Now 4.0.1 is running fine with the same exact code (same class files FTP'd to the sun box) on a Solaris-Sun box. The only difference is that the Sun box (Solaris 2.8) is running JDK 1.2.2, while this W2K box is running JDK 1.3. It's as if key methods have been removed from the servlet.jar. -Richard On Fri, 7 Dec 2001, Richard S. Huntrods wrote: Date: Fri, 07 Dec 2001 15:48:00 -0700 From: Richard S. Huntrods [EMAIL PROTECTED] Reply-To: Tomcat Users List [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: What happened to Session.setAttribute in Tomcat 4.0.1??? I have servlet code that worked perfectly this morning on Tomcat 4.0.0. It uses the Session to store and retreive some data thusly: public void putSession(HttpServletRequest request) { if(request != null) { HttpSession session = request.getSession(true); if(session != null) { session.setAttribute(idnumber, getIdNumberString()); } } } This code compiles with no errors in JDK 1.3. It ran perfectly under Tomcat 4.0.0. This morning (after testing this code), I replaced Tomcat 4.0.0 with 4.0.1. I correctly set up server.xml and my webapps directory structure as before (working under 4.0.0). HOWEVER, the code above now generates an exception: java.lang.NoSuchMethodError at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1185) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:191) What gives??? -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Help: diff between tomcat 4.0 and tomcat 4.0.1
I am having the exact same problem. Interestingly, 4.0.1 runs the SAME exact code (.class files) without error on a Solaris 2.8 (Sparc) box. BUT... I am also using W2K, but with JDK 1.3. Same exact problem, same exact error messages. So - to echo Nirmal... WHAT *IS* the difference with 4.0.1. A minor revision number should NOT produce such massive changes. -Richard Date: Fri, 07 Dec 2001 19:49:21 -0800 From: Nirmal Rajarathnam [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] My webapp which was working fine on tomcat 4.0 after I upgraded to tomcat 4.0.1 has not worked since. Can someone tell me what is the difference between both. I am running the server on Win 2000 with JDK 1.4 beta 3 on a stand-alone mode. The error seems to be where I call getServletContext().getRequestDespatcher(location).forward(request, response); (the last line in the error message dump) Can someone help, point me the mistake. Thanks, Nirmal R. Error Message _ SNIP... -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
Quick Question...
Greetings! I have a quick question. I was running just fine on Tomcat 3.2.3. I have built servlets, which sit in webapps/myapp/WEB-INF/classes/myapp/*.class In Tomcat 3.2.3, this structure was picked up when Tomcat started, and the servlets ran perfectly. Note - there was no need for web.xml in the directories, as I was just using defaults. Everything ran. I have now installed Tomcat 4.0. Tomcat runs perfectly with the default set of webapps. Now, I have replaced these with my set of classes (as above) from 3.2.3, and Tomcat tries to start, but immediately quits. If I replace the default set of webapps, it will run - so it is my stuff. The quick question - Tomcat is supposed to automatically pick up the classes in this directory structure whenever it starts, but is not doing it the same as for 3.2.3. I assume something simple has changed. Can anyone tell me what I need to add? I tried adding a default web.xml, but that didn't seem to do it. Thanks, -Richard -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]