Re: Tomcat vs Jboss-Tomcat
Sridhar, For just JSPs, you only need Tomcat. I think that JBoss will be needed if you use EJBs. Jim Sridhar wrote: Hi Everybody, Is it any difference will come between Tomcat and Jboss-Tomcat. Which is best for Executing executing only JSPs. Regards Sridhar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm and Subject
Rogerio, Re. Jo's message: I didn't interpret his message to mean that you could access the Subject, but rather, I think that he was suggesting that you could access the Principal using request.getUserPrincipal(), and then you could do something like casting the object returned by the getUserPrincipal() to gain access to the Principal object. Jim Rogerio Baldini das Neves wrote: Jim, First of all, thanks so much for your help. I have got same conclusions. Your Subject is inaccessible directly in your web application, using jaas realm in tomcat . You must use request.getRemoteUser and request.isUserInRole. I think that is impossible to access the list of user´s roles. In another way, you can create a form that implements your logon and calls your LoginModule, putting Subject in user session. So, in your application, you can access Subject from this session. I don´t know you, but I prefer the first choice. It´s more beautiful. And refering to Jo´s message, I don´t believe that it works. Principals can´t be cast to Subject. They are not related. But I am not 100% sure about that. Thank you again. Rogerio - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Monday, July 18, 2005 10:14 PM Subject: Re: JAASRealm and Subject Jo, Thanks for the hint. I think that your comment, along with the section labelled How can I access members of a custom Realm or Principal? here: http://wiki.apache.org/jakarta-tomcat/HowTo might allow the Principal to be allowed. I can get to request.getUserPrincipal().getName(), but I haven't tried the cast yet. If that works, that would at least allow me to get to the credentials, etc. that get populated by the LoginModule, if need be. I guess the Subject is inaccessible directly though, but I think that's suppose to be the same as request.getRemoteUser if the user has been authenticated, right? Jim Jo wrote: Is casting request.getUserPrincipal() to your custome-made Principal gonna help get what you want ? Jojada.- - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, July 19, 2005 9:46 AM Subject: Re: JAASRealm and Subject Rogerio, Try taking a look at this page: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html I read through this awhile ago, but as I was just re-reading it for maybe the 10th time, I think that I'm starting to see the light and understand what the page's author (Michiel Toneman) was trying to say, and the problem (with JAAS and Tomcat) that he was trying to describe and work around. In the 1st paragraph, he says: This is because the principals are used to denote the concepts of user and role, and are no longer available in the security context in which the webapp is executed. The result of the authentication is available only through request.getRemoteUser() and request.isUserInRole(). I think that what he is trying to say is that when you use JAAS normally with Tomcat (e.g., configure a JAASRealm), the only artifacts from the LoginModule that servlets and JSPs have access to are the user (via request.getRemoteUser()) and the user's roles (via calls to request.isUserInRole()). Putting it another way, I think that the author is saying that your JSPs and servlets under Tomcat simply cannot access things like the Subject, the Principals, etc. So, this page is about his proposed workaround for this. From what I can tell, the way that he does this is that he has a SecurityFilter, which gets invoked BEFORE the LoginModule, and this SecurityFilter populates the Subject into the HTTP session before creating the context and invoking the LoginModule. In other words, this SecurityFilter kind of wedges itself between Tomcat and the LoginModule, I think, and by doing that, the Subject, etc. are now no longer lost to being accessed by servlets/JSPs. If you have a chance, please take a look at the above link, and see if you read this page the same way that I do? Comments from anyone else would be greatly appreciated, as I am very curious about this. It's not so much that I can't seem to access the Subject, but it seems like with the Tomcat environment, any work that the LoginModule does to populate the Principals, etc. seems to be totally inaccessible to servlets and JSPs? Thanks, and apologies for the longish message... Jim ohaya wrote: Hi, I'm not 100% sure if this is applicable, but I just found this: Due to a design oversight in the JAAS 1.0, javax.security.auth.Subject.getSubject() does not return the Subject associated
Re: JAASRealm and Subject
Hi, I'm not 100% sure if this is applicable, but I just found this: Due to a design oversight in the JAAS 1.0, javax.security.auth.Subject.getSubject() does not return the Subject associated with the thread of execution inside a java.security.AccessController.doPrivileged() code block. This can present a inconsistent behavior that is problematic and causes undesirable effort. com.ibm.websphere.security.auth.WSSubject provides a work around to associate Subject to thread of execution. com.ibm.websphere.security.auth.WSSubject extends the JAAS authorization model to J2EE resources. in this thread: http://groups-beta.google.com/group/comp.lang.java.security/browse_thread/thread/3fbba23648cfb556/b736a3b0f27fc170?q=get+subject+loginmodulernum=21#b736a3b0f27fc170 If the above is applicable, then I don't know what the equivalent workaround would be for Tomcat? Jim ohaya wrote: Rogerio, I've been wrestling with this exact same problem, but haven't had any more success than you have had thus far, so if you find out the answer to this, can you please post a msg here? I'll do the same... Thanks, Jim Rogerio Baldini das Neves wrote: Hi! I'm using the Tomcat 5 JAASRealm for authenticating users with my own LoginModule. In my LoginModule I am populating the Subject object delivered by the Realm with Principals, Role Principals and Credentials. The authentication and the mapping of my user defined roles to tomcat roles work fine, but I can´t get a reference to the Subject object in my servlets. I have tried: AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); But it´s not working... subject = null; Can anybody help me, please ? Rogerio. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm and Subject
Rogerio, I've been wrestling with this exact same problem, but haven't had any more success than you have had thus far, so if you find out the answer to this, can you please post a msg here? I'll do the same... Thanks, Jim Rogerio Baldini das Neves wrote: Hi! I'm using the Tomcat 5 JAASRealm for authenticating users with my own LoginModule. In my LoginModule I am populating the Subject object delivered by the Realm with Principals, Role Principals and Credentials. The authentication and the mapping of my user defined roles to tomcat roles work fine, but I can´t get a reference to the Subject object in my servlets. I have tried: AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); But it´s not working... subject = null; Can anybody help me, please ? Rogerio. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm and Subject
Rogerio, Try taking a look at this page: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html I read through this awhile ago, but as I was just re-reading it for maybe the 10th time, I think that I'm starting to see the light and understand what the page's author (Michiel Toneman) was trying to say, and the problem (with JAAS and Tomcat) that he was trying to describe and work around. In the 1st paragraph, he says: This is because the principals are used to denote the concepts of user and role, and are no longer available in the security context in which the webapp is executed. The result of the authentication is available only through request.getRemoteUser() and request.isUserInRole(). I think that what he is trying to say is that when you use JAAS normally with Tomcat (e.g., configure a JAASRealm), the only artifacts from the LoginModule that servlets and JSPs have access to are the user (via request.getRemoteUser()) and the user's roles (via calls to request.isUserInRole()). Putting it another way, I think that the author is saying that your JSPs and servlets under Tomcat simply cannot access things like the Subject, the Principals, etc. So, this page is about his proposed workaround for this. From what I can tell, the way that he does this is that he has a SecurityFilter, which gets invoked BEFORE the LoginModule, and this SecurityFilter populates the Subject into the HTTP session before creating the context and invoking the LoginModule. In other words, this SecurityFilter kind of wedges itself between Tomcat and the LoginModule, I think, and by doing that, the Subject, etc. are now no longer lost to being accessed by servlets/JSPs. If you have a chance, please take a look at the above link, and see if you read this page the same way that I do? Comments from anyone else would be greatly appreciated, as I am very curious about this. It's not so much that I can't seem to access the Subject, but it seems like with the Tomcat environment, any work that the LoginModule does to populate the Principals, etc. seems to be totally inaccessible to servlets and JSPs? Thanks, and apologies for the longish message... Jim ohaya wrote: Hi, I'm not 100% sure if this is applicable, but I just found this: Due to a design oversight in the JAAS 1.0, javax.security.auth.Subject.getSubject() does not return the Subject associated with the thread of execution inside a java.security.AccessController.doPrivileged() code block. This can present a inconsistent behavior that is problematic and causes undesirable effort. com.ibm.websphere.security.auth.WSSubject provides a work around to associate Subject to thread of execution. com.ibm.websphere.security.auth.WSSubject extends the JAAS authorization model to J2EE resources. in this thread: http://groups-beta.google.com/group/comp.lang.java.security/browse_thread/thread/3fbba23648cfb556/b736a3b0f27fc170?q=get+subject+loginmodulernum=21#b736a3b0f27fc170 If the above is applicable, then I don't know what the equivalent workaround would be for Tomcat? Jim ohaya wrote: Rogerio, I've been wrestling with this exact same problem, but haven't had any more success than you have had thus far, so if you find out the answer to this, can you please post a msg here? I'll do the same... Thanks, Jim Rogerio Baldini das Neves wrote: Hi! I'm using the Tomcat 5 JAASRealm for authenticating users with my own LoginModule. In my LoginModule I am populating the Subject object delivered by the Realm with Principals, Role Principals and Credentials. The authentication and the mapping of my user defined roles to tomcat roles work fine, but I can´t get a reference to the Subject object in my servlets. I have tried: AccessControlContext context = AccessController.getContext(); Subject subject = Subject.getSubject(context); But it´s not working... subject = null; Can anybody help me, please ? Rogerio. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm and Subject
Jo, Thanks for the hint. I think that your comment, along with the section labelled How can I access members of a custom Realm or Principal? here: http://wiki.apache.org/jakarta-tomcat/HowTo might allow the Principal to be allowed. I can get to request.getUserPrincipal().getName(), but I haven't tried the cast yet. If that works, that would at least allow me to get to the credentials, etc. that get populated by the LoginModule, if need be. I guess the Subject is inaccessible directly though, but I think that's suppose to be the same as request.getRemoteUser if the user has been authenticated, right? Jim Jo wrote: Is casting request.getUserPrincipal() to your custome-made Principal gonna help get what you want ? Jojada.- - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Tuesday, July 19, 2005 9:46 AM Subject: Re: JAASRealm and Subject Rogerio, Try taking a look at this page: http://www.kopz.org/public/documents/tomcat/jaasintomcat.html I read through this awhile ago, but as I was just re-reading it for maybe the 10th time, I think that I'm starting to see the light and understand what the page's author (Michiel Toneman) was trying to say, and the problem (with JAAS and Tomcat) that he was trying to describe and work around. In the 1st paragraph, he says: This is because the principals are used to denote the concepts of user and role, and are no longer available in the security context in which the webapp is executed. The result of the authentication is available only through request.getRemoteUser() and request.isUserInRole(). I think that what he is trying to say is that when you use JAAS normally with Tomcat (e.g., configure a JAASRealm), the only artifacts from the LoginModule that servlets and JSPs have access to are the user (via request.getRemoteUser()) and the user's roles (via calls to request.isUserInRole()). Putting it another way, I think that the author is saying that your JSPs and servlets under Tomcat simply cannot access things like the Subject, the Principals, etc. So, this page is about his proposed workaround for this. From what I can tell, the way that he does this is that he has a SecurityFilter, which gets invoked BEFORE the LoginModule, and this SecurityFilter populates the Subject into the HTTP session before creating the context and invoking the LoginModule. In other words, this SecurityFilter kind of wedges itself between Tomcat and the LoginModule, I think, and by doing that, the Subject, etc. are now no longer lost to being accessed by servlets/JSPs. If you have a chance, please take a look at the above link, and see if you read this page the same way that I do? Comments from anyone else would be greatly appreciated, as I am very curious about this. It's not so much that I can't seem to access the Subject, but it seems like with the Tomcat environment, any work that the LoginModule does to populate the Principals, etc. seems to be totally inaccessible to servlets and JSPs? Thanks, and apologies for the longish message... Jim ohaya wrote: Hi, I'm not 100% sure if this is applicable, but I just found this: Due to a design oversight in the JAAS 1.0, javax.security.auth.Subject.getSubject() does not return the Subject associated with the thread of execution inside a java.security.AccessController.doPrivileged() code block. This can present a inconsistent behavior that is problematic and causes undesirable effort. com.ibm.websphere.security.auth.WSSubject provides a work around to associate Subject to thread of execution. com.ibm.websphere.security.auth.WSSubject extends the JAAS authorization model to J2EE resources. in this thread: http://groups-beta.google.com/group/comp.lang.java.security/browse_thread/thread/3fbba23648cfb556/b736a3b0f27fc170?q=get+subject+loginmodulernum=21#b736a3b0f27fc170 If the above is applicable, then I don't know what the equivalent workaround would be for Tomcat? Jim ohaya wrote: Rogerio, I've been wrestling with this exact same problem, but haven't had any more success than you have had thus far, so if you find out the answer to this, can you please post a msg here? I'll do the same... Thanks, Jim Rogerio Baldini das Neves wrote: Hi! I'm using the Tomcat 5 JAASRealm for authenticating users with my own LoginModule. In my LoginModule I am populating the Subject object delivered by the Realm with Principals, Role Principals and Credentials. The authentication and the mapping of my user defined roles to tomcat roles work fine, but I can´t get a reference to the Subject object in my servlets. I have tried: AccessControlContext context
Re: Where is default logon.jsp for Tomcat Admin webapp?
Mark, As I indicated in my original msg, on my installation of Tomcat (5.0.27), there is no login.jsp file in that location, or anywhere else on my hard drive. And yet, if I leave the login-config section of web.xml to the default, which is login.jsp, everything STILL seems to work. I've checked for hidden files, etc., but login.jsp just isn't there. That is why I'm asking my question... Jim Mark Thomas wrote: CATALINA_BASE\server\webapps\admin\login.jsp ohaya wrote: Hi, When connecting to the Tomcat Admin webapp, a forms-based login page appears. The web.xml for admin has a login-config section that indicates that the login page is /login.jsp. However, I've looked all over my hard drive, and especially in the admin directory, and I can't find any such file. If I change the login-config section to /jimlogin.jsp, Tomcat seems to look for jimlogin.jsp in the admin directory, but does anyone know where the default login.jsp is located? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where is default logon.jsp for Tomcat Admin webapp?
Caldarale, Charles R wrote: From: ohaya [mailto:[EMAIL PROTECTED] Subject: Re: Where is default logon.jsp for Tomcat Admin webapp? As I indicated in my original msg, on my installation of Tomcat (5.0.27), there is no login.jsp file in that location, or anywhere else on my hard drive. For the admin app, jsps are pre-compiled. The class of interest is inside catalina-admin.jar, called login_jsp.class. Charles, AHHH! Mystery solved :)! Ok, that explains things... I've been able to enable my own replacement login page for admin (just for testing) by changing the name in login-config to say jimlogin.jsp and making my own jimlogin.jsp, and that works. If I don't want to use a different name for the login page (i.e., I still want to use login.jsp as the login page for admin, but use my own page, can I just put my own login.jsp in the admin directory and will my login.jsp then override the pre-compiled CLASS file? Thanks again! Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is anyone receiving this? Messages bouncing
Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is anyone receiving this? Messages bouncing
Edrei and Zhou, Ok, thanks! I'll try again with the msgs that bounced. Sorry for the bother... Jim Edrei Marcelo wrote: hi, i received - Original Message - From: ohaya To: tomcat-user@jakarta.apache.org Sent: Friday, July 15, 2005 5:10 PM Subject: Is anyone receiving this? Messages bouncing Hi, Since last night, I have been getting delivery failed messages when sending to the mailing list. If anyone sees this message, would you mind responding to let me know? I've emailed the help email address last night, but haven't heard back yet. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
Bill Barker wrote: ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. [Sorry everyone. I'm resending this because it looks like I got a bounce from my previous attempts?? Jim] Hi Bill, Thanks! I think that I've at least been able to get started with this, but instead of RealmBase, I've gotten a very (I mean, VERY) crude JAASRealm example working, where I built my own JAASLoginModule, etc. So far, it seems to be working ok, but I haven't really added any too complicated yet... Jim P.S. I forgot to ask: Is this mailing list appropriate for questions about this type of subject? Or, is one of the other Tomcat lists more appropriate? I'll be needing to add more functionality to this, so I'm just wondering if this is the right place for future questions? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where is default logon.jsp for Tomcat Admin webapp?
Hi, When connecting to the Tomcat Admin webapp, a forms-based login page appears. The web.xml for admin has a login-config section that indicates that the login page is /login.jsp. However, I've looked all over my hard drive, and especially in the admin directory, and I can't find any such file. If I change the login-config section to /jimlogin.jsp, Tomcat seems to look for jimlogin.jsp in the admin directory, but does anyone know where the default login.jsp is located? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to Replace Tomcat authentication?
Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. Has anyone here done this before, and can you provide me to some pointers as to where/how to get started with it with the current version of Tomcat? Thanks in advance!! Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
Bill Barker wrote: ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. Hi Bill, Thanks! I think that I've at least been able to get started with this, but instead of RealmBase, I've JUST gotten a very (I mean, VERY) crude JAASRealm example working, where I built my own JAASLoginModule, etc. So far, it seems to be working ok, but I haven't really added any too complicated yet... Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
Bill Barker wrote: ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. P.S. I forgot to ask: Is this mailing list appropriate for questions about this type of subject? Or, is one of the other Tomcat lists more appropriate? I'll be needing to add more functionality to this, so I'm just wondering? Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
Bill Barker wrote: ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. [Sorry everyone. I'm resending this because it looks like I got a bounce from my previous attempts?? Jim] Hi Bill, Thanks! I think that I've at least been able to get started with this, but instead of RealmBase, I've JUST gotten a very (I mean, VERY) crude JAASRealm example working, where I built my own JAASLoginModule, etc. So far, it seems to be working ok, but I haven't really added any too complicated yet... Jim P.S. I forgot to ask: Is this mailing list appropriate for questions about this type of subject? Or, is one of the other Tomcat lists more appropriate? I'll be needing to add more functionality to this, so I'm just wondering? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL Client Authentication
Hi, Sorry if that didn't help. Here's what I have in server.xml (I don't remember if I had to change anything outside of server.xml to enable client authentication): !-- Define a SSL Coyote HTTP/1.1 Connector on port 8443 -- Connector port=8443 className=org.apache.coyote.tomcat5.CoyoteConnector maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=true sslProtocol=TLS keystoreFile=e:\tomcat\jakart~1.27\ssl\servercertificate.keystore keystoreType=PKCS12 truststoreFile=C:\Documents and Settings\Administrator\.keystore truststorePass=XXX truststoreType=JKS / Jim P.S. When I was doing this (which was awhile ago), I didn't find any way to get Tomcat to check for client cert revocations (i.e., CRL checking). I don't know if that has changed at all since then. lercoli wrote: Hi Jim I've tried with clientAuth = true but server certificate window doesn't appear and I get page not found error. - Original Message - From: ohaya [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Wednesday, April 27, 2005 12:49 PM Subject: Re: Tomcat SSL Client Authentication Hi, I believe that the clientAuth needs to be set to true in the server.xml. Jim lercoli wrote: Hello I've configured Tomcat SSL Client Authentication with these settings : web.xml ... security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodCLIENT-CERT/auth-method /login-config . server.xml . Connector port=8443 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true clientAuth=false sslProtocol=TLS keystoreFile=D:\jdk1.5.0_02\bin\keystore.jks keystorePass=changeit truststoreFile=D:\jdk1.5.0_02\bin\cacerts.jks / ... Client certificate (client.cer) is installed in my IE Browser (version 6.0.28). When I invoke htpps://localhost:8443/myweapp appears a window that asks me to accept the server certificate. I accept and my webapp index page appears. So why I don't see a window for client authentication ? And why I 've the same behaviour also when I remove the client.cer from my Browser ? It seems that client-certification doesn't work. Any help would be greatly appreciated. Thank You Luca Ercoli - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Running Tomcat as service
Hi, I've been running (an older) version of Tomcat (4.1.31) on a test Windows 2000 system for awhile as an application, and this weekend, I wanted to try to run it as a service, so I downloaded and ran the .EXE version from www.apache.org. The installation seemed to go ok, but whenever the service starts, I am having a problem... I am seeing an error Exception in cleanup after start failed. From what I can tell, this is happening when Tomcat is trying to deploy the examples. I've been doing some searching on this, and although I didn't find anything specific to it, I did find some hints, and I tried deleteing the context for examples in the server.xml file. After I did that, and restarted the Tomcat service, it looks like it came up without errors, but of course, I don't have the examples anymore. This is all right, I guess, but I'm just curious as to why this occurred, and if there was another resolution other than completely deleting the context? I think that I am also noticing that when Tomcat is run as a service (on Windows 2000, at least), it seems to run a lot slower than when I ran it as an application. Is this normal, and is there anything that I can do to tune the service configuration to improve its performance? Thanks in advance, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Enable Logging HTTP Requests (Tomcat standalone)?
1/ please post a *new* message when writing to the list. Replying to an old (unrelated) message confuses thread-aware mailers, which makes your question harder to find (and thus answer). Sorry, I couldn't remember the address and got lazy (too early in the morning :)) 2/ do you mean a basic web log format, similar to Apache httpd? Look into AccessLogVale. Yes, something like that. Did you mean AccessLogValue? I did a search on that and didn't find much, but that looks like an Apache thing? I'm running Tomcat standalone (not being front-ended with Apache). If I can configure this with standalone Tomcat, can you (or anyone else) indicate how? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: How to Enable Logging HTTP Requests (Tomcat standalone)?
In 5.0.28 the accessLogValve is already configured for you. You just need to uncommment it in your server.xml file. !-- Access log processes all requests for this virtual host. By default, log files are created in the logs directory relative to $CATALINA_HOME. If you wish, you can specify a different directory with the directory attribute. Specify either a relative (to $CATALINA_HOME) or absolute path to the desired directory. -- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ Ben, Thanks. Unfortunately, and I have to apologize for this omission, I forgot to mention that I'm working with Tomcat 4.1.31. Also unfortunately, that's the only version that I can work with, for some specific reasons... For V4.1.31, is there any similar capability? Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Enable Logging HTTP Requests (Tomcat standalone)?
Ben Souther wrote: Ben, Thanks. Unfortunately, and I have to apologize for this omission, I forgot to mention that I'm working with Tomcat 4.1.31. Also unfortunately, that's the only version that I can work with, for some specific reasons... For V4.1.31, is there any similar capability? Jim This is from the server.xml file in 4.1.24: !-- Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=common resolveHosts=false/ -- Ben, Thanks. Something similar was in the 4.1.31 server.xml also, which worked. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to Enable Logging HTTP Requests (Tomcat standalone)?
Hi, I was wondering if it's possible to configure a standalone Tomcat to log HTTP requests (and posts too, ideally)? If it is, how do I do this, and where does it (Tomcat) log the output to? I've tried editing the Debug level in the Connector in server.xml, and then bouncing Tomcat, but that doesn't seem to do it. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat binaries for Solaris 9 SPARC?
Hi, I was wondering where I might get binaries for Tomcat for Solaris 9 SPARC? I went to the www.apache.org website, and there are .tar.gz versions, but I couldn't see any specific for Solaris/SPARC systems. Thanks in advance, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat binaries for Solaris 9 SPARC?
Caldarale, Charles R wrote: From: ohaya [mailto:[EMAIL PROTECTED] Subject: Tomcat binaries for Solaris 9 SPARC? I was wondering where I might get binaries for Tomcat for Solaris 9 SPARC? I went to the www.apache.org website, and there are .tar.gz versions, but I couldn't see any specific for Solaris/SPARC systems. Tomcat is written in pure Java, so the binaries are identical for all platforms. The only difference in the downloads is the compression mechanism (plus a Windows-only installer version). You would normally get the .tar.gz version for any UNIX/Linux system, although the .zip one has the same content. There used to be a warning to always use the GNU versions of the compression tools for UNIX/Linux, but I can't find that statement anymore (but I didn't look real hard). Hi Chuck, The warning about tar is in one of the README files (the one describing different versions). BTW, I notice that in my Solaris system, it looks like some Tomcat packages are already installed, probably because I did a full Solaris installation. It's kind of strange though. I can't find any server.xml files anywhere. It's like a partial installation? Do you or anyone know how I can fully install whatever version comes with Solaris 9? That'd be the easiest, because I have problems bringing in CDs at where I work, so if we can use whatever Sun happened to put into the Solaris distro, that'd be great. We only need Tomcat 4.1 standalone, minimum. I need this (Tomcat) because an app that I'm trying to install calls for Tomcat 4.1 because it's distributed as a WAR. No need for Apache, etc. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Where are Tomcat logs when run as service?
Hi, Up until tonight, I've been running standalone Tomcat as an executable. But, I installed Tomcat on another machine, this time, installing it as a service. I can't find anywhere where Tomcat on this new machine logs the messages like you seen in the DOS window when you run Tomcat as an executable. I've checked in my .\logs directory, and watched the localhost...txt file, but I don't seen anthing much there? Can someone tell me where Tomcat is logging to? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where are Tomcat logs when run as service?
Shakeel wrote: Hi, thats good that you started this as a service, we just done same with our application, and may be our discussion help each other. Here is exact information about logs of Tomcat when running as a service. 1- All System.out.print go to $:\Tomcat4.1\logs\stdout.log 2- All System.err.print go to $:\Tomcat4.1\logs\stderr.log 3- All other loggers like Log4j etc go to there respective streams. Now if you want to see the live logs exactly like Tomcat running as a stand alone server you will install cygwin and use folllowing command. tail -f c:/Tomcat4.1/logs/stdout.log etc. I wish we could communicate as we also have some unresolved issues like printing from POS terminals, which are under RD. Also keep in mind that as a service JVM is picking JAVA_OPTS or not. Or you will have to edit some registry values. Hi Joseph, Eric, and Shakeel, Thanks! I missed those files, as I've been working with the .EXE for awhile, and didn't notice them there after I installed the service on the new machine :(. Things seem to be working ok now. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
John, FYI, that (Apache+SSL) was my first approach, and I spent over a week trying to get it working, and posted a bunch of times about my problems. I was able to get the SSL authentication working early on, but what I was struggling with is getting access to the client cert information from JSPs. In the end, I was able to conclude that the reason for that last problem was that the binaries that I was working with (Apache, mod_jk/jk2) were not compiled with the --EAPI directive, and that was preventing the SSL/client cert info from passing to Tomcat. Besides the fact that I'm kind of running out of time to get something working, so I wouldn't have the time to build Apache, mod_ssl, mod_jk/jk2, I'm working in an environment where the binaries are controlled and single-sourced internally, and so even if I did have the time, I wouldn't be allowed to do and deploy a 'special' build. After all of that, I turned back to Tomcat, and like I said, I'm that close now. Also, as I indicated in an earlier msg in this thread, this is not going to be a high-volume website, at most maybe 1-2 people at a time, so performance is not a major concern. Jim John Villar wrote: Excuse me everyone who has talked on this thread, i haven't followed this thread closely, but why aren't you using a proven software for that matter like Apache HTTPD?. it has years of SSL patches, corrections and improvements, also, tomcat is just too slow to serve static content like images or large files. If you're concerned with security, you should never think on the first place to begin a new development, security has to have a process of maturity before you can decide something is *secure enough* Shapira, Yoav escribió: Hi, I'm afraid I can't help much with CRLs on Tomcat. I've never done that before ;) I don't see much in the docs. I do see hits on Google, such as http://proj-grid-data-build.web.cern.ch/proj-grid-data-build/edg-java-se curity/edg-java-security-1.5.9/tomcat/Authentication_Admin_Guide.html, suggesting a custom SSLSocketFactory is in order. Tomcat of course lets you integrate whatever socket factory you want for your connector, and the one in the above links allows for CRL configuration. Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Friday, August 20, 2004 9:55 AM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Yoav, The problem is that I can't find any info at all on how to configure it to use a CRL. FYI, after an all-nighter, I was just able to get the client and server SSL part working with standalone Tomcat. Very cool :)! And, best of all, I was able to confirm that with this, I can access the client certificate info from my JSPs. I'm just so close to what I need now, if I can just figure out how to enable or incorporate the CRL checking, as from a security standpoint, they won't let me deploy a PKI-enabled system if it doesn't support CRLs. Jim Shapira, Yoav wrote: Hi, I don't know about CRL support -- why not just try it out? Yoav Shapira Millennium Research Informatics -Original Message- From: ohaya [mailto:[EMAIL PROTECTED] Sent: Thursday, August 19, 2004 7:51 PM To: Tomcat Users List Subject: Re: New idea - Enable Tomcat for SSL? Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you
New idea - Enable Tomcat for SSL?
Hi, With the problems that I've posted about, trying to run Apache+Tomcat+mod_jk/jk2/proxy and not being able to retrieve the PKI client certificate information in JSPs, I'm now wondering if the best way to do this might be to just forget about Apache, and just run Tomcat by itself. I've seen some info that SEEMS to indicate that it's possible to configure Tomcat as a standalone webserver+container that supports both client and server SSL authentication, i.e., no Apache, no mod_xxx, etc. Can anyone confirm that this is true? Also, if this is true, does anyone know if I'll then be able to access the client certificate information from my JSPs? If anyone can point to some detailed instructions or HOWTOs on configuring Tomcat this way, I'd really appreciate it. This would be for the latest Tomcat (5.0.27?). Even in production, traffic on the server for my project is going to be very limited, so I'm thinking that this might be the easiest option, if it can work, and if it allows me to access the info in client certs from JSP. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: New idea - Enable Tomcat for SSL?
Shapira, Yoav wrote: Hi, http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html And, of course, http://jakarta.apache.org/tomcat/faq/connectors.html#integrate which should have saved you considerable time and effort. Yoav, I had posted a number of messages about problems I was having, but in any event, thanks for the links. One other question: If I configure Tomcat (5.0.27) as a standalone SSL-enabled (client and server) webserver+container, will the Tomcat SSL handling support the use of certificate revocation lists (CRLs)? I've been trying to research this, and so far have had no luck finding anything on it, and, from the standpoint of security, support for CRLs is going to be a must-have if I go this direction. If you or anyone knows the answer to this question, please let me know. Thanks again, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to get mod_jk2 to pass (environment?) variables
Hi, My apologies for continuing to post similar messages, but I'm still not able to get my JSPs to retrieve any of the information from client certificates in my Apache+Tomcat+mod_jk2 server. I've been testing like crazy for 2-3 days now, and going nowhere fast. At this point, I'm getting more convinced that something is wrong in the Apache-mod_jk2-Tomcat path. Specifically, I think that Apache is sending the SSL-related variables to Tomcat, but somewhere along the way, they're not making it to my JSPs. Part of this is that I've run the 'printenv.pl' in cgi-bin, and that displays a TON of SSL-related information. What I'm thinking is that Apache is passing the variables, but probably mod_jk2 is not passing them to Tomcat. During my testing, I thought that I'd run across some information about setting environment variables or something similar in one of the configuration files, maybe workers2.properties, but I can't find this reference. It was something like AjpEnvVars=. If this rings a bell for someone, can you point me to a reference on this? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Building mod_jk2 and pointers to where to modify it...
Hi, I am not getting anywhere with a problem that I'm having with trying to access/retrieve SSL client certificate information with Apache+Tomcat+mod_jk2, so I'm thinking that my only avenue for resolving this problem may be to build mod_jk2 binary myself, possibly modifying the code to add some additional information (e.g., dumping out what it is getting from Apache). I built this system from Binaries for Apache, Tomcat, and mod_jk2, and I'm wondering how difficult is this going to be? I have Visual Studio/C++, and have some experience with C/C++ programming. It would be very helpful if someone could point me to what module to look at to add this additional debug info. What I would like to do is maybe have mod_jk2 dump the information that it receives from Apache into a file so that I can see whether or not the SSL-related attributes/headers are being sent by Apache. Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat dies immediately
Hi, I'm trying to setup Tomcat 5.0.27 to talk to Apache using mod_proxy on Win2K server. When I add the following to server.xml to setup the proxy port: Connector className=org.apache.catalina.connector.http.HttpConnector port=8088 proxyport=9091 minProcessors=5 maxProcessors=75 enableLookups=true redirectPort=8443 acceptCount=10 debug=0 connectionTimeout=6/ and try to start Tomcat, a DOS window flashes up for a few seconds, then disappears, i.e., Tomcat doesn't seem to be able to startup. Can anyone tell me why the above is happening? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat dies immediately
QM wrote: On Wed, Aug 18, 2004 at 10:00:43PM -0400, ohaya wrote: : I'm trying to setup Tomcat 5.0.27 to talk to Apache using mod_proxy on : Win2K server. : When I add the following to server.xml to setup the proxy port: : [snip] : and try to start Tomcat, a DOS window flashes up for a few seconds, then : disappears, i.e., Tomcat doesn't seem to be able to startup. The tomcat fails to start question shows up frequently on the list. 1/ check the logs 2/ change startup.bat to pause at the very end, so you can see what's going on etc. QM, This is on Win2K, and I found that if I did the startup using the Windows Services applet, Tomcat would put messages into the Event log... Re. the actual problem, I was able to get around it by commenting out the AddModule associated with mod_proxy, and then adding a Location.../Location in the httpd.conf. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem retrieving client cert info
Hi, I have an SSL-enabled Apache + Tomcat with mod_jk2. Apache is configured to require client certificates, and I've confirmed that this client authentication seems to be working (see below). I have a JSP where I want to retrieve some info from the client certificate. Here's the code that I'm trying to use for retrieving the certificate info: out.println(BRBRBClient Certificate Info:/BBR); X509Certificate[] certs = (X509Certificate[])request.getAttribute(javax.servlet.request.X509Certificate); if (certs != null) { X509Certificate cert = certs[0]; String dn = cert.getSubjectDN().getName(); out.println(dn); } else { out.println(Certs returned NULL); } BUT, I am finding 'certs' is always null :(!! I added some additional code to display some other info from the request: Client Info: request.getRemoteHost(): jimnew.foo.com request.getRemoteAttr(): 192.168.0.120 request.getProtocol(): HTTP/1.1 request.getScheme(): https request.isSecure(): yes request.getAuthType(): null request.getRemoteUser(): null request.getMethod(): GET request.getRequestURI(): /showcert.jsp request.getServletPath(): /showcert.jsp request.getContentType(): null request.getContentLength(): 0 request.getCharacterEncoding(): null When I connect with a client, I am getting a popup asking to select my client certificate. Can anyone tell me why the 'certs' is always returning null, and how can I retrieve the DN/subjectName? Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to enable mod_jk2 logging or trace problem
Hi, I had posted a msg earlier today about a problem I'm having where in my JSP, I don't seem to be able to retrieve the client certificate information for my Apache+Tomcat+mod_jk2 server. I'm starting to wonder if maybe the problem may be that Apache is not passing the information on to Tomcat. Is there a way to enable logging of what mod_jk2 is seeing, or some other ideas about how to debug/trace this problem. Right now, in my Apache httpd.conf, I have: IfModule !mod_jk2.c LoadModule jk2_module modules/mod_jk2.so #JkLogFile logs/mod_jk.log #JkLogLevel debug #JkRequestLogFormat %w %V %T %q /IfModule I added the lines above that are commented out, but that didn't seem to do anything (it didn't create a mod_jk.log)... Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
d_1, Answers/comments below, interspersed... Jim d_l wrote: Can you clarify what version of Tomcat you are using? d_1, I'm running Tomcat 5.0.27... It seems that there is a configuration change .. from Tomcat4 to Tomcat5 .. the context goes in to \conf\Catalina\localhost\webappname.xml .. for each webapp. Here is a reference I found in my own digging around .. ___ http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html which states .. Please note that for tomcat 5.x, unlike tomcat 4.x, it is NOT recommended to place Context elements directly in the server.xml file. Instead, put them in the META- INF/context.xml directory of your WAR file or the conf directory as described above. ___ BUT .. in my Tomcat 5.0.27 .. I only see three webappname.xml files in above location .. admin.xml balancer.xml manager.xml no other webappname.xml files (context.xml files) show up such as jsp-examples.xml servlets-examples.xml I don't understand why you have jsp-examples.xml and I don't see that file (only the three above). No, I seem to have a .XML for each webapp. I didn't create them, they were just there. Here's a 'dir' (I did create the 'new.xml' is for a new test webapp that I'm working with): E:\Tomcat\jakarta-tomcat-5.0.27\conf\Catalina\localhostdir Volume in drive E is DATA Volume Serial Number is CE83-0200 Directory of E:\Tomcat\jakarta-tomcat-5.0.27\conf\Catalina\localhost 08/05/2004 11:41p DIR . 08/05/2004 11:41p DIR .. 08/07/2004 01:09p 370 admin.xml 08/07/2004 01:09p 160 balancer.xml 08/07/2004 01:09p 339 manager.xml 08/07/2004 01:09p 176 webdav.xml 08/07/2004 01:09p 566 servlets-examples.xml 08/07/2004 08:53p 634 jsp-examples.xml 08/07/2004 01:09p 186 tomcat-docs.xml 08/08/2004 12:35a 239 ROOT.xml 08/08/2004 07:00p 243 new.xml 9 File(s) 2,913 bytes 2 Dir(s) 22,732,374,016 bytes free so I added just the ResourceLink to jsp-examples.xml, bounced Tomcat, and VOILA!!! It worked!! Where is the default context information when there is no webappname.xml? There is no context entry in server.xml. ... And I confirm that there is no webapps\examples\in my configuration .. replaced, it seems, by the two separate webapps above. ... I'm still puzzled. On my system, it looks like there IS a webappname.xml, for each webapp, and in each case, the Context is in these .XML files. Thanks re. the 'examples' question. That was causing me to wonder if there was something wrong with my installation. As to your implied question above of why do I have all the .XML files, whereas you only have 3?, is it possible that whoever built the Tomcat installation created it that way? FYI, I did my Tomcat installation from the Tomcat binaries for 5.0.27 (in a .zip file) that I found at http://www.apache.org, but I didn't look closely at what was where after I unzipped the distribution, so it may be that the .XML files were already in the distribution. So I don't know if they were there immediately after the unzip. All I know is that they're there now, and I didn't create them. It does seem that you have to manually create these .XML files, as with the new.xml, which I had to create manually, because when I started Tomcat up without the new.xml file, I saw some errors on startup. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
QM wrote: On Mon, Aug 09, 2004 at 09:29:51AM -0400, ohaya wrote: : BUT .. in my Tomcat 5.0.27 .. I only see three webappname.xml files in above : location .. : : admin.xml : balancer.xml : manager.xml : : no other webappname.xml files (context.xml files) show up such as If there is no context.xml, as with the examples, then Tomcat won't create (copy) the file to {tomcat}/conf/{...}. Take note: if you are using a WAR file and make changes to the internal context.xml file, delete the one under {tomcat}/conf/{...} before you bounce the process. At least for now, Tomcat doesn't check a whether a WAR file's context.xml is newer than its copy under the conf dir. QM, A couple of questions: 1) Any idea why d_l has only the 3 .xml files in [tomcat]/conf/[...], whereas I have a bunch? As I indicated in an earlier msg, I didn't create them. 2) When you and others refer to context.xml, are you referring to a file that is literally named context.xml, or do you mean an file containing the webapp's Context that is named webappname.xml? I've seen references to context.xml in various places, but there are no files named context.xml in my Tomcat subdirs. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re: Newbie - JDBC problem Name is not bound in this context
From: d_l [EMAIL PROTECTED] Date: 2004/08/09 Mon AM 10:24:12 EDT To: [EMAIL PROTECTED] Subject: Re: Newbie - JDBC problem Name is not bound in this context On 9 Aug 2004 at 9:29, ohaya ohaya-at-cox.net |Tomcat User List| wrote: As to your implied question above of why do I have all the .XML files, whereas you only have 3?, is it possible that whoever built the Tomcat installation created it that way? My 5.0.27 binary was straight out of the can from the Apache site .. and I configured it myself on my localhost. I've tried to download Tomcat 5.0.27 afresh several times .. always getting the same results .. three context.xml files. context.xml files here .. C:\Program Files\Apache Group\Tomcat 5.0\conf\Catalina\localhost I can also see references to context for all webapps in Admin Manager Tomcat server | Service (CATALINA) | Host (localhost) .. but they are empty entries in Admin Manager .. but no sign of the jsp-examples.xml and servlets-examples.xml files. The jsp and servlets examples all work .. so it must be a glitch somewhere in setting up. That is really weird! I'll try to unzip the original .ZIP that I downloaded, and see if the other .xml files are there to begin with, but I won't be able to do that until this evening. Will post back then. Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
d_l wrote: On 9 Aug 2004 at 12:37, QM qm300-at-brandxdev.net |Tomcat User Li wrote: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html My previous message will make more sense then, and both of your questions should be answered. I referred to that same link in an earlier posting .. but I'm afraid it is still not clear to me (after reading that tome again) why two separate installers of Tomcat 5.0.27 should see different content (webapps.xml) in ..\Catalina\locahost\ Something must be different between the two 5.0.27 setups .. can you offer another clue? Are you referring to Automatic Application Deployment? Sure enough, the second question (on webappsname.xml) is answered clearly enough. Thanks. d_l, I just got back, and as I mentioned earlier, I unzipped the original .ZIP file, and I guess at least PART of the mystery is solved. Immediately after unzipping the file, I checked in the conf\Catalina\localhost directory, and there are only the 3 .xml files that you mentioned. Now the thing that I'm wondering is where did those others come from. At this point, it's clear that Tomcat must've created them (I'm 100% sure I didn't create them), at some point. I'm just not sure when or why... Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
There are 2 ways for the {tomcat}/conf/{...}.xml files to be created: 1/ META-INF/context.xml is extracted from a WAR file when it is deployed and copied there. (Unless the matching XML file already exists under conf/, in which case the WAR file's context.xml is ignored) 2/ The file is manually copied there by someone. QM, I'll try the experiment that you suggested, but FYI, there are no .WAR files in either the unzipped directories from just unzipping, or in any subdirectories under my working [TOMCAT HOME]. If those extra .xml files got created because of #1 above, would you expect to find some files named .war? Also, there are no directories named META-INF or files called context.xml. I'll post back in a bit after I've tried the bit with changing the Engine name... Jim The servlet-examples.xml and jsp-examples.xml files are included in the default Tomcat distro, and remain there unless explicitly removed. For example, to address the issue mentioned in point #1, I periodically clear out the conf/{...}/*.xml files. Here's an experiment and learning exercise for you: edit server.xml, change the Engine element's name attr, then bounce Tomcat. Notice under {tomcat}/conf/ there's a new dir that matches the Engine name. What files are under that directory, now? I realize this may be confusing at times because there's a lot to absorb when leaping into Tomcat (or any container, for that matter). Give it time, and soon you'll know all of this by heart. =) btw, if you use separate Tomcat instances (check the docs for CATALINA_HOME vs CATALINA_BASE) then this is moot: the only context-related XML files under {instance dir}/conf/ will be the ones for your webapps, not the samples. ;) But that's another story for another day. -QM -- software -- http://www.brandxdev.net tech news -- http://www.RoarNetworX.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
d_l wrote: On 9 Aug 2004 at 17:00, ohaya ohaya-at-cox.net |Tomcat User List| wrote: Now the thing that I'm wondering is where did those others come from. At this point, it's clear that Tomcat must've created them (I'm 100% sure I didn't create them), at some point. I'm just not sure when or why... Jim .. thanks for taking the time to check this out .. I'll try to track down when/how they are created .. as a learning experience .. probably something to do with automatic application deployment (that's my best guess). Look in Manager | Tomcat Server | Service (CATALINA) | Host (localhost) .. the context references are defined therein (but in my case blank entries for the jsp-examples and servlets-examples). d_l, I'm assuming you meant Tomcat Administration, not Tomcat Manager :)... Ok, if I go to where you indicated, it shows all of the tree-type display of Contexts: / /admin /balancer /jsp-examples /manager /new /servlets-examples /tomcat-docs /webdav Something labeled Logger for Host(localhost) Are you saying that all of the above Contexts don't show up under Contexts? Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Newbie - JDBC problem Name is not bound in this context
Hi, I just got Tomcat 5.0.27 installed (with Apache 2.0.50), and am trying to get a simple JDBC JSP working. The JSP is called 'test.jsp'. I have the JDBC-ODBC bridge installed and am going through that. I've been using the bridge driver from standalone Java applications, so I think that is working ok, but even with a really simple JSP, I'm getting an Name jdbc is not bound in this context error. I'm including my server.xml, test.jsp, and the error details below. I was wondering if anyone could tell me what I'm doing wrong? Thanks, Jim Here's my server.xml: ?xml version='1.0' encoding='utf-8'? Server Listener className=org.apache.catalina.mbeans.ServerLifecycleListener/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource auth=Container description=User database that can be updated and saved name=UserDatabase type=org.apache.catalina.UserDatabase/ Resource name=jdbc/jimnew type=javax.sql.DataSource/ ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams ResourceParams name=jdbc/jimnew parameter namevalidationQuery/name value/value /parameter parameter nameurl/name valuejdbc:odbc:PROD/value /parameter parameter namepassword/name valuepassword/value /parameter parameter namemaxActive/name value4/value /parameter parameter namemaxWait/name value5000/value /parameter parameter namedriverClassName/name valuesun.jdbc.odbc.JdbcOdbcDriver/value /parameter parameter nameusername/name valuejim/value /parameter parameter namemaxIdle/name value2/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=2 disableUploadTimeout=true port=9090 redirectPort=8443 maxSpareThreads=75 maxThreads=150 minSpareThreads=25 /Connector Connector enableLookups=true port=8009 protocol=AJP/1.3 protocolHandlerClassName=org.apache.jk.server.JkCoyoteHandler redirectPort=8443 /Connector Engine defaultHost=localhost name=Catalina Host appBase=webapps name=localhost Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_log. suffix=.txt timestamp=true/ /Host Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm/ /Engine /Service /Server and here's my JSP: %@ page import='java.sql.*, javax.sql.*, javax.naming.*' % % Context ic = new InitialContext(); DataSource ds = (DataSource) ic.lookup(java:comp/env/jdbc/jimnew); Connection conn = ds.getConnection(); try { Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery(select * from certrequest_db); %h2Brooms:/h2% while (rs.next()) { % %= rs.getString(1) % %= rs.getString(2) %br% } } finally { conn.close(); } % The exact error I'm getting is: type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: Name jdbc is not bound in this Context org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:825) org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:758) org.apache.jsp.test_jsp._jspService(test_jsp.java:80) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324) org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292) org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) root cause javax.naming.NameNotFoundException: Name jdbc is not bound in this Context org.apache.naming.NamingContext.lookup(NamingContext.java:768) org.apache.naming.NamingContext.lookup(NamingContext.java:138) org.apache.naming.NamingContext.lookup(NamingContext.java:779) org.apache.naming.NamingContext.lookup(NamingContext.java:138) org.apache.naming.NamingContext.lookup(NamingContext.java:779) org.apache.naming.NamingContext.lookup(NamingContext.java:151) org.apache.naming.SelectorContext.lookup(SelectorContext.java:136) javax.naming.InitialContext.lookup(InitialContext.java:347)
Re: Newbie - JDBC problem Name is not bound in this context
I'm not a JNDI expert but you can try this: Context ic = new InitialContext(); Context ctx = (Context) ic.lookup(java:comp/env); DataSource ds = (DataSource) ic.lookup(jdbc/jimnew); Hi Dennis, I've been wrestling with this problem for most of today, and at this point, I don't think the problem is with the code, but rather, I think it's some kind of problem with configuration. What it looks like is that Tomcat, for some reason, doesn't think that there is a resource called 'jdbc/jimnew', even though 'jdbc/jimnew' appears to exist in GlobalNamingResources in server.xml. After working on this for hours, I'm a bit confused about this, as my impression was that if a resource was defined in GlobalNamingResources, then any application would be able to access that resource. I kind of cheated a bit with my small test page, and maybe that's why things aren't working. When Tomcat installed, it had a bunch of demo applications at http://myhost/jsp-examples. Just for this (I thought) quick test, I created a single JSP file, test.jsp in the jsp-examples directory, because I didn't want to go through all of the things to set up a new application in Tomcat, and I thought that my test.jsp would be automatically able to see the resources in GlobalNamingResources. Well, I'm either doing something wrong, or my assumption was wrong, because I keep getting that error (jdbc not bound in this context), and I can't find any way around it. I've tried adding the resource-ref, res-ref-name, res-type, and res-auth to the web.xml in the jsp-examples\WEB-INF directory, but even that didn't do the trick. At this point, I'm kind of stuck, and I'm hoping that someone on this list can tell me how I might be able to make this resource visible to my test.jsp. If I can't figure that out, I'm probably going to just try doing the JDBC stuff directly, without JNDI, etc... Thanks for trying... Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
D'Alessandro, Arthur wrote: Add a resourcelink to your context definition. Arthur, I'm kind of (well, really) new to Tomcat, so could you clarify? Am I right that you mean to add that to the server.xml? At least with the distribution that I installed, which I posted with my original msg, when I looked at the server.xml, there was hardly anything in it, i.e., no Context, etc. I think that there was basically just the SERVER, RESOURCE, RESOURCE PARAMS, and SERVICE. Given that that's the case, can I add JUST a RESOURCELINK, or do I need to add a CONTEXT also? Like I said, this is almost all new to me, so it's a little confusing... Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie - JDBC problem Name is not bound in this context
D'Alessandro, Arthur wrote: Context cachingAllowed=true docBase=yourwebappname.war debug=99 path=/yourwebappname privileged=false reloadable=true swallowOutput=true ResourceLink name=jdbc/jimnew global=jdbc/jimnew type=javax.sql.DataSource/ /Context Either in your server.xml, or as 'context.xml' in your webapps /META-INF folder.. Hi Arthur, Guess what? I think that I've found where the Contexts ended up!! I was digging around the Tomcat directories, and I found that at [TOMCAT HOME]\conf\Catalina\localhost, there was a bunch of .XML files, one named after each of the webapps, e.g., jsp-examples.xml. And, it looks like each of these are the Context for the respective webapps. My test JSP is in jsp-examples, so I added just the ResourceLink to jsp-examples.xml, bounced Tomcat, and VOILA!!! It worked!! BTW, I am curious about something. It seems that my installation seems a bit non-standard. All the docs that I've seen talk about 'examples', but in my case, I don't have an 'examples' directory or webapp, just a 'jsp-examples'. Do you, or does anyone else know if this is something that has changed in the distribution? Thanks for all of your help!! Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]