Re: apache2+mod_jk + ssl: howto
faisal wrote: Apache web server's SSL certificate was already configured by our client so i did't ve to configure anything on apache. But we did configure SSL on tomcat. When redirecting, redirect through apache web server's port instead of tomcat's port, because now your requests are being processed by apache web server not tomcat. I also made this mistake of redirecting to tomcat's ports whenever switching between SSL to Non-SSL ports. We are using tomcat 5.5.9. -Original Message- From: jfc100 [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 4:27 PM To: Tomcat Users List Subject: Re: apache2+mod_jk + ssl: howto faisal wrote: i used mod_jk2 when i was integrating tomcat with apache2. i also tried my hands on mod_jk and i find mod_jk2 a bit simpler of the two. I have been using mod_jk2 to forward requests on the httpd2 web server to tomcat4 successfully - but this was before I tried to implement SSL. Now that I am looking at how to configure things, I read that jk2 is no longer supported and that all the new features unique to jk2 have been included in jk. Seeing as you have it working, lets assume for the rest of this thread that I still want to get it working with jk2. regarding SSL, ur gonna ve to enable SSL on both server. Does that mean generating the key stuff on both machines? apache2 on fedora core 3 comes SSL ebabled so i did't ve to do anything there. I thought my httpd was SSL-enabled too but I couldn't find any ssl.conf on my htttp machine. I found a mod_ssl.so file but no config. I didn't know what to do about it. my java web application used SSL for user logins so i had to configure my tomcat to enable SSL (java jeystore and tomcat server.xml and stuff.) This I did too and could access the tomcat install and successfully use SSL in my app but I was still (and still am) stuck with setting up an ssl-enabled httpd server and configuring it to act as a front to my tomcat servlet engine. be carefull when redirecting user requests to HTTP to SSL or SSL to HTTP port on ur tomcat. use Apache web server ports instead of tomcat's port(which are 80 for http and 443 for https.) why? how ur gonna integrate Apache web server - tomcat?? u dont. AJPConnetor13 does it for u. u only ve to configure ur apache server to use mod_jk2 for ur web app requests. tomcat handles everything out of box(atleast newer one which we uses.) which version of tomcat are you using? Thanks! jfc -Original Message- From: jfc100 [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 1:54 PM To: tomcat-user Subject: apache2+mod_jk + ssl: howto Hi, My environment: linux 2.4.22, httpd2 running on its own machine with an appropriate mod_jk module, tomcat4.1.24+jboss3 running on a seperate machine. I have searched this list for an answer to my question but so far have come up empty handed. My question is simply, 'If I want to front an instance of tomcat with an instance of apache httpd and to enable my java webapps to use ssl, do I need to configure httpd for ssl or do I need to configure tomcat for ssl?'. Any help will be much appreciated. jfc - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] ok, let me just get a few things straight. 1. What version of Apache httpd are you using? 2. What version of mod_jk are you using? 3. When you say 'redirect' do you mean the directives in the workers properties file? Thanks jfc - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apache2+mod_jk + ssl: howto
Hi, My environment: linux 2.4.22, httpd2 running on its own machine with an appropriate mod_jk module, tomcat4.1.24+jboss3 running on a seperate machine. I have searched this list for an answer to my question but so far have come up empty handed. My question is simply, 'If I want to front an instance of tomcat with an instance of apache httpd and to enable my java webapps to use ssl, do I need to configure httpd for ssl or do I need to configure tomcat for ssl?'. Any help will be much appreciated. jfc - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache2+mod_jk + ssl: howto
faisal wrote: i used mod_jk2 when i was integrating tomcat with apache2. i also tried my hands on mod_jk and i find mod_jk2 a bit simpler of the two. I have been using mod_jk2 to forward requests on the httpd2 web server to tomcat4 successfully - but this was before I tried to implement SSL. Now that I am looking at how to configure things, I read that jk2 is no longer supported and that all the new features unique to jk2 have been included in jk. Seeing as you have it working, lets assume for the rest of this thread that I still want to get it working with jk2. regarding SSL, ur gonna ve to enable SSL on both server. Does that mean generating the key stuff on both machines? apache2 on fedora core 3 comes SSL ebabled so i did't ve to do anything there. I thought my httpd was SSL-enabled too but I couldn't find any ssl.conf on my htttp machine. I found a mod_ssl.so file but no config. I didn't know what to do about it. my java web application used SSL for user logins so i had to configure my tomcat to enable SSL (java jeystore and tomcat server.xml and stuff.) This I did too and could access the tomcat install and successfully use SSL in my app but I was still (and still am) stuck with setting up an ssl-enabled httpd server and configuring it to act as a front to my tomcat servlet engine. be carefull when redirecting user requests to HTTP to SSL or SSL to HTTP port on ur tomcat. use Apache web server ports instead of tomcat's port(which are 80 for http and 443 for https.) why? how ur gonna integrate Apache web server - tomcat?? u dont. AJPConnetor13 does it for u. u only ve to configure ur apache server to use mod_jk2 for ur web app requests. tomcat handles everything out of box(atleast newer one which we uses.) which version of tomcat are you using? Thanks! jfc -Original Message- From: jfc100 [mailto:[EMAIL PROTECTED] Sent: Saturday, June 04, 2005 1:54 PM To: tomcat-user Subject: apache2+mod_jk + ssl: howto Hi, My environment: linux 2.4.22, httpd2 running on its own machine with an appropriate mod_jk module, tomcat4.1.24+jboss3 running on a seperate machine. I have searched this list for an answer to my question but so far have come up empty handed. My question is simply, 'If I want to front an instance of tomcat with an instance of apache httpd and to enable my java webapps to use ssl, do I need to configure httpd for ssl or do I need to configure tomcat for ssl?'. Any help will be much appreciated. jfc - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how does tomcat store session objects?
Phillip Morelock wrote: I just quickly checked the site and there are also a couple of tomcat internals articles and the full javadoc for Tomcat 4 is already posted there as well. /f/ -- Have you built the Tomcat source javadoc tree? Maybe you don't want to wade knee-deep in source...understandable, I guess. But at least build yourself the javadoc from the sources and read that stuff. Also see the high-level architecture image (or maybe pdf?) on the jakarta site. fillup Can someone tell me how tomcat stores session objects or at least where I could find out this info without looking at the src? without looking at the source? why not? it's Free, and it's the most authoritative answer you can get. Hi, Maybe I just feel like getting someone else's opinion. Because, where reading the src is excellent excercise, you may not find what the general policies are regarding any particular feature. What you will get is a precise picture of what the product does at that specific point in time(or for that specific version). I am trying to establish the broad policies of a servlet engine implementation - the reference implementation. If one was going to produce a document which introduced the product's features I would expect to find this kind of information in it. So if the servlet spec is a bit vague perhaps the document might mention a few implementation details. Not an all-out volume of commentry - just the general approach taken. Seeing as tomcat has undergone a fair bit of development and has been subjected to some structural changes between recent releases(i.e. 3.x vs 4.0), I thought my first port of call might be to find a long suffering fellow tomcat-user who may have passed on a few helpful hints or his/her take on the big picture (or part thereof, even) - just because he can. Can someone point me to a reference / tech article or discussion? Does anyone know whether or not the way the session management is handled by tomcat has changed in any major way? Are there any caveats to accessing session objects from multiple simultaneous requests? The way this is implementated in the reference implementation (between specs) I would have thought would be documented somewhere other than in the src code. Regards Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Thanks for that, Phillip. I have downloaded the src-dist for both 3 and 4 versions but have not yet genned the javadoc - I'll do that when I've looked at the catalina docs. I was hoping there may be docs prior to tc4 (we are currently on 3.3) but that is a big help nevertheless. I guess its likely I'll find out soon the extent of the rewrite. Cheers Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: how does tomcat store session objects?
Phillip Morelock wrote: On the TC 3 documentation page there is an excellent tomcat internals documentbut maybe you already saw that? I myself am a big TC 3 user as well, most of my stuff still runs on that. fillup On 5/26/02 4:11 AM, jfc100 [EMAIL PROTECTED] wrote: Phillip Morelock wrote: I just quickly checked the site and there are also a couple of tomcat internals articles and the full javadoc for Tomcat 4 is already posted there as well. /f/ -- Have you built the Tomcat source javadoc tree? Maybe you don't want to wade knee-deep in source...understandable, I guess. But at least build yourself the javadoc from the sources and read that stuff. Also see the high-level architecture image (or maybe pdf?) on the jakarta site. fillup Can someone tell me how tomcat stores session objects or at least where I could find out this info without looking at the src? without looking at the source? why not? it's Free, and it's the most authoritative answer you can get. Hi, Maybe I just feel like getting someone else's opinion. Because, where reading the src is excellent excercise, you may not find what the general policies are regarding any particular feature. What you will get is a precise picture of what the product does at that specific point in time(or for that specific version). I am trying to establish the broad policies of a servlet engine implementation - the reference implementation. If one was going to produce a document which introduced the product's features I would expect to find this kind of information in it. So if the servlet spec is a bit vague perhaps the document might mention a few implementation details. Not an all-out volume of commentry - just the general approach taken. Seeing as tomcat has undergone a fair bit of development and has been subjected to some structural changes between recent releases(i.e. 3.x vs 4.0), I thought my first port of call might be to find a long suffering fellow tomcat-user who may have passed on a few helpful hints or his/her take on the big picture (or part thereof, even) - just because he can. Can someone point me to a reference / tech article or discussion? Does anyone know whether or not the way the session management is handled by tomcat has changed in any major way? Are there any caveats to accessing session objects from multiple simultaneous requests? The way this is implementated in the reference implementation (between specs) I would have thought would be documented somewhere other than in the src code. Regards Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Thanks for that, Phillip. I have downloaded the src-dist for both 3 and 4 versions but have not yet genned the javadoc - I'll do that when I've looked at the catalina docs. I was hoping there may be docs prior to tc4 (we are currently on 3.3) but that is a big help nevertheless. I guess its likely I'll find out soon the extent of the rewrite. Cheers Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] yes I briefly looked at it but didn't on the initial parse find anything on session management. From what I can gather, there is no synchronization provided by tomcat when it comes to accessing sessions or session contents. Maybe accessing sessions is a bit of a red herring since we are talking about concurrent access within a single session. Whichever data structure tc uses for storing the session objects (or facades) would probably answer that one. Hastable is synced while HashMap anf the others are not. thanks for your input fillup! joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: how does tomcat store session objects?
Thanks! joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
how does tomcat store session objects?
Hi, Can someone tell me how tomcat stores session objects or at least where I could find out this info without looking at the src? Thanks Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: how does tomcat store session objects?
Phillip Morelock wrote: On 5/25/02 6:20 AM, jfc100 [EMAIL PROTECTED] wrote: Can someone tell me how tomcat stores session objects or at least where I could find out this info without looking at the src? without looking at the source? why not? it's Free, and it's the most authoritative answer you can get. Thanks Joe fillup -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Hi, Maybe I just feel like getting someone else's opinion. Because, where reading the src is excellent excercise, you may not find what the general policies are regarding any particular feature. What you will get is a precise picture of what the product does at that specific point in time(or for that specific version). I am trying to establish the broad policies of a servlet engine implementation - the reference implementation. If one was going to produce a document which introduced the product's features I would expect to find this kind of information in it. So if the servlet spec is a bit vague perhaps the document might mention a few implementation details. Not an all-out volume of commentry - just the general approach taken. Seeing as tomcat has undergone a fair bit of development and has been subjected to some structural changes between recent releases(i.e. 3.x vs 4.0), I thought my first port of call might be to find a long suffering fellow tomcat-user who may have passed on a few helpful hints or his/her take on the big picture (or part thereof, even) - just because he can. Can someone point me to a reference / tech article or discussion? Does anyone know whether or not the way the session management is handled by tomcat has changed in any major way? Are there any caveats to accessing session objects from multiple simultaneous requests? The way this is implementated in the reference implementation (between specs) I would have thought would be documented somewhere other than in the src code. Regards Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Howto notify tomcat of jaas login
Hi, I'm doing a JAAS login in a servlet i.e. I'm not using realms and I'm not using form-based auth - for this purpose (form-based is used but not for anonymous users). I'm logging all anonymous users in (behind the scenes i.e. without the user even knowing) using a jaas loginContext but I need to notify tomcat so that the request can reflect the anonymous user's login status. Is this workable or are we just banging our heads against a brick wall? Thanks Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Loosing identity when switching to non-protected webresource
jfc100 wrote: Hi, I am experiencing the exact same problem. Here is my post to the struts list: Hi, Has anyone encountered the following situation using form-based auth in catalina? 1. login successfully using 'j_security_check'; 2. the next request happens to be to an unsecured url (e.g. /do/frontpage (with no restrictions in web.xml) -- DispatchServlet -- user.frontpage (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' and 'getRemoteUser()' tell me the user is not logged in (in DispatchServlet)! (I'm using jboss244+tomcat401, struts1.0, tiles) I heard this might be an issue with jboss. Can anyone confirm? Joe I don't know how JBoss behaves, but this is exactly how WebSphere behaves. -TP I have found the same using jb241a+tc323 as well as jb300RC2+tc403. I started looking at the tomcat code but I'm not sure I want to commit the time it may take to understand the intricacies when someone else may well have an answer. I'd like to know whether this is worth pursuing or if perhaps it is better to sacrifice the declarative model for a role-your-own approach. Joe From: Erwin Teseling Subject: Loosing identify when switching to non-protected webresource Date: Thu, 21 Feb 2002 15:57:12 +0100 I am using the combination of Tomcat/Jboss and am having problems when using webcontainer security (using j_security_check). I have some resource protected in my web.xml (using security- contraint tag). Now when I try to acces this resource Tomcat presents me my loginform and validates my identify. If this is correct I will gain access to the secured resource. So far so good. Now I have a custom tag that verifies the role in which I am to display some pages differently. My tag nicely detects the users identity (using getUserPrincipal() method). Now when I go to a non-secured jsp-page, my tag returns null on getUserPrincipal?!?! When I switch to a secured jsp-page it does work and I receive the correct identity. I have the same behaviour in servlets. I was not expecting this behaviour and I really need to be able to determine the identity on these non-secured resources (both servlets and jsp). It there a setting that makes Tomcat behave in this way and is there a way to change this behaviour. Thanks, Erwin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] Correction, jb241a+tc323 = ok, jb243tc400 = ok, jb244tc323 = ok Anything above these has the problem. Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Tomcat valve behaviour overview
Hi, Can anyone give a brief summary of the circumstances under which a valve implementation is invoked (form-based would be great)? I'm thinking specifically about *when* and *why* it gets invoked. And even more specifically whether or not it should be invoked under certain circumstances - which I can elaborate on if neccessary. (a pointer to an external reference will do nicely if the answer is long winded) (If the answer changes with each release then just the major differences between tomcat and catalina) . Thanks Joe -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
either Tomcat or JBoss is my stumbling block
Hi, I am currently trying to design a webapp using opensource containers which implement the latest specs. This means tomcat403(for servlets2.3 and jsp1.2) and jboss300(for ejb2.0). During an upgrade to both of the containers implementing these specs, I experience an anomally which has to do with the servlet container not remembering an authenticated user unless he has requested a secured web resource (i.e. the request method getUserPrincipal() returns null when he has requested an unsecured web resource). I am using form-based authentication aka j_security_check. At the moment the highest I can go before I lose either spec is the following: jb241a+tc323=ok! jb243+tc40=ok! jb244+tc323=ok! jb244+tc40=bad! (using the same tc40 as above!); jb245+tc40=bad! (using the same tc40 as above!); jb243+tc401=starts up ok but I didn't get far enough to test (get http status 403 - access to requested resource denied when accessing a secured resource); jb243+tc403= (same as above) jb244+tc331=(didn't get far enough to test) jb244+tc324=(couldn't test due to classpath problem I have yet to resolve - only in this bundle, tho'); I've spent ages on this trial and error approach but I'm still really stuck with this - I want to proceed using servlets2.3 and jsp1.2 but not at the expense of ejb2.0 and vice versa. *Please* could someone let me know whether this is a tomcat problem (I will ask again on the jboss forum). I heard on the struts mailing list that this problem is occurring on someone's websphere containers too so that could be a real spanner. Also I noticed that the form-based auth valve is only being called for secured resources - is this intended? Thanks Joe (should this go to tomcat-dev, perhaps?) -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Loosing identify when switching to non-protected webresource
Hi, I am experiencing the exact same problem. Here is my post to the struts list: Hi, Has anyone encountered the following situation using form-based auth in catalina? 1. login successfully using 'j_security_check'; 2. the next request happens to be to an unsecured url (e.g. /do/frontpage (with no restrictions in web.xml) -- DispatchServlet -- user.frontpage (tiles)) ; 3. the request methods 'getUserPrincipal()', 'isUserInRole()' and 'getRemoteUser()' tell me the user is not logged in (in DispatchServlet)! (I'm using jboss244+tomcat401, struts1.0, tiles) I heard this might be an issue with jboss. Can anyone confirm? Joe I don't know how JBoss behaves, but this is exactly how WebSphere behaves. -TP I have found the same using jb241a+tc323 as well as jb300RC2+tc403. I started looking at the tomcat code but I'm not sure I want to commit the time it may take to understand the intricacies when someone else may well have an answer. I'd like to know whether this is worth pursuing or if perhaps it is better to sacrifice the declarative model for a role-your-own approach. Joe From: Erwin Teseling Subject: Loosing identify when switching to non-protected webresource Date: Thu, 21 Feb 2002 15:57:12 +0100 I am using the combination of Tomcat/Jboss and am having problems when using webcontainer security (using j_security_check). I have some resource protected in my web.xml (using security- contraint tag). Now when I try to acces this resource Tomcat presents me my loginform and validates my identify. If this is correct I will gain access to the secured resource. So far so good. Now I have a custom tag that verifies the role in which I am to display some pages differently. My tag nicely detects the users identity (using getUserPrincipal() method). Now when I go to a non-secured jsp-page, my tag returns null on getUserPrincipal?!?! When I switch to a secured jsp-page it does work and I receive the correct identity. I have the same behaviour in servlets. I was not expecting this behaviour and I really need to be able to determine the identity on these non-secured resources (both servlets and jsp). It there a setting that makes Tomcat behave in this way and is there a way to change this behaviour. Thanks, Erwin -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
