access denied
hi all i am tryin gto access a zip fie that has being uploaded into a web-ap and unzip its content. can you please advice why i cannot access the file in that web-app specified web-app java.io.FileNotFoundException: d:\Tomcat 5.0\webapps\ivasThinClient\uploads\axis-bin-1_2_1.zip (Access is denied) java.io.FileInputStream.open(Native Method) java.io.FileInputStream.init(FileInputStream.java:106) org.nato.nc3a.ivas.util.CompressFileHandler.decompress(Unknown Source) org.nato.nc3a.ivas.ebxml.UnzipFilesServlet.unzipFiles(Unknown Source) org.nato.nc3a.ivas.ebxml.UnzipFilesServlet.processRequest(Unknown Source) org.nato.nc3a.ivas.ebxml.UnzipFilesServlet.doGet(Unknown Source) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802) org.nato.nc3a.ivas.ebxml.Controller.doGet(Unknown Source) javax.servlet.http.HttpServlet.service(HttpServlet.java:689) javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
Recompiling jsp; Problems with Access Denied errors after I edit a file in a webapp; Admin app
I've been away from Tomcat for a while, and just tried setting up 5.5.9 on WinXP, with JDK1.5.0_2. It's working reasonably well, but I'm having some issues. First of all, what is the admin app? It's obviously different from manager, but I can't find any information about it. When I try to execute it, it says I must download and install the admin package. I found a reference in tomcat-user to the Admin tool which shows how you install it once you get the installer, but nothing about where to get the installer, or even what the admin app does. After I installed Tomcat, I deployed an app through the Manager app, from a directory and context, not uploading a WAR. It confused me later when I tried changing one of the JSP files in the directory, and it wouldn't get recompiled. I later realized that deploying from a directory actually copies the tree from that directory into the webapps directory inside the Tomcat distribution. Is it feasible to have the actual webapp location be outside of the Tomcat distribution? This is more realistic in a development situation. The most bizarre thing is that I've twice tried to edit files in the Tomcat distribution, being the conf/web.xml and then later the JSP file for my application stored in the webapp directory, and that seems to cause Tomcat to fail with Access denied errors on the files that I edited. After I change the file, I've made sure my reference to the file was closed, from the editor I was using. I even tried restarting the box, and surprisingly, that had no effect. It still got Access Denied errors. The only thing I could do was undeploy the app (in the case of the the JSP file) and redeploy it, or in the case of the conf/web.xml, I had to completely uninstall Tomcat and reinstall it. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Recompiling jsp; Problems with Access Denied errors after I edit a file in a webapp; Admin app
From: Karr, David [mailto:[EMAIL PROTECTED] Subject: Recompiling jsp; Problems with Access Denied errors after I edit a file in a webapp; Admin app First of all, what is the admin app? The admin app lets you view and manipulate nearly all Tomcat configuration values. It's a web-based interface to the myriad of .xml files. it says I must download and install the admin package. The admin package is the .zip file called, cleverly enough, admin on the Tomcat download page. Just download and unzip it, using the same base directory in which Tomcat is installed. Is it feasible to have the actual webapp location be outside of the Tomcat distribution? Yes, read the how-to on deployment. that seems to cause Tomcat to fail with Access denied errors on the files that I edited. I suspect you're running Tomcat as a service, with its own account (by default, SYSTEM). When you edited the file under your account, the ownership changed, and Tomcat no longer had access. You should be able to fix this by specifying the proper security on the directories and files you want Tomcat to use. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Access denied with Apache + Tomcat config
Tony Stocker wrote: All, I believe that I found my problem, and for the sake of posterity I'm posting it for the next poor fool who is forced to chase around the web and through books looking for decent documentation. When I set up Tomcat I copied the sample workers.properties file from the JK source. However it turns out that the sample file uses the wrong worker name (compared to the name that is automatically generated.) In my case, the sample file was this: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 However, as can be seen in my original post, the conf/auto/mod_jk.conf file wants to use ajp13. By changing the workers.properties file to 'ajp13' and NOT 'ajp13w' everything started working. Since you adresss the worker to use in the JkMount-entry, you should use the name of the existing worker in your virtualhost-file. (ajp13w) Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Access denied with Apache + Tomcat config
Paul, My virtualhost file is automatically generated by Tomcat on startup, so IT is defining the worker (ajp13) by default. The problem arose because the sample workers.properties file doesn't use the same name, by default, for illustrating how the file is used. I'm sure there's a way to change the Jkworker that is automatically generated by the server on startup so that it will be any name I want, including that found in the sample workers.properties file. I just find it a bit irritating that the default implementations of the two components don't match up on something simple, yet key, as the worker name. Seems to be a case of the left-hand developer not keeping up with changes made by the right-hand developer. What was really helpful was the complete lack of any logging that indicated this was the problem. As I said I was simply documenting what fixed my problem for the sake of posterity since after days of searching through archives and google search results looking for information I ran across many threads that would state a problem, get some responses, but then never report whether the problem was ever fixed and if so how. On Wed, 16 Mar 2005 16:29:47 +0100, Paul Puschmann [EMAIL PROTECTED] wrote: Tony Stocker wrote: All, I believe that I found my problem, and for the sake of posterity I'm posting it for the next poor fool who is forced to chase around the web and through books looking for decent documentation. When I set up Tomcat I copied the sample workers.properties file from the JK source. However it turns out that the sample file uses the wrong worker name (compared to the name that is automatically generated.) In my case, the sample file was this: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 However, as can be seen in my original post, the conf/auto/mod_jk.conf file wants to use ajp13. By changing the workers.properties file to 'ajp13' and NOT 'ajp13w' everything started working. Since you adresss the worker to use in the JkMount-entry, you should use the name of the existing worker in your virtualhost-file. (ajp13w) Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Access denied with Apache + Tomcat config
Hello All,
I have searched the archives but have been unable to find a solution
to my problem.
I am integrating Apache 2.0.52 with Tomcat 5.0.28 using mod_jk 1.2.8
(compiled from source). My client wants to continue using Apache as
the web server due to security and ease of configuration issues, so
using Tomcat as the web server is *not* an option.
The configuration appears to be good, and I can load a page such as
loading {server}/servelets-examples. However I get 500 Interal
Server Error whenever I try to launch any of the jsp files. There is
no indication of error in the CATALINA/logs files. The only
indication in the Apache log files (error_log) occurs when attempting
to load the initial index.jsp page of a context:
[Tue Mar 15 16:10:23 2005] [error] [client xxx.xxx.xxx.xxx] client
denied by server configuration: index.jsp
I have checked my httpd.conf file and the
CATALINA/conf/auto/mod_jk.conf file but can find no reason why access
to the *jsp is denied.
I can include full versions of my various files, but for the sake of
space I'm only going to include snippets here:
[Apache httpd.conf]
LoadModule jk_module modules/mod_jk.so
...
Include /usr/local/tomcat/conf/auto/mod_jk.conf
[Tomcat conf/auto/mod_jk.conf]
JkWorkersFile /usr/local/tomcat/conf/jk/workers.properties
JkLogFile /usr/local/tomcat/logs/mod_jk.log
...
machine2.sample.com:/servlets-examples
# Static files
Alias /servlets-examples
/usr/local/jakarta-tomcat-5.0.28/webapps/servlets-examples
Directory /usr/local/jakarta-tomcat-5.0.28/webapps/servlets-examples
Options Indexes FollowSymLinks
DirectoryIndex index.html index.htm index.jsp
/Directory
# Deny direct access to WEB-INF and META-INF
#
Location /servlets-examples/WEB-INF/*
AllowOverride None
deny from all
/Location
Location /servlets-examples/META-INF/*
AllowOverride None
deny from all
/Location
JkMount /servlets-examples/jsp/security/protected/j_security_check ajp13
JkMount /servlets-examples/servlet/HelloWorldExample ajp13
JkMount /servlets-examples/servlet/SessionExample ajp13
JkMount /servlets-examples/servlet/RequestHeaderExample ajp13
JkMount /servlets-examples/servlet/RequestParamExample ajp13
JkMount /servlets-examples/servlet/CookieExample ajp13
JkMount /servlets-examples/*.jspx ajp13
JkMount /servlets-examples/CompressionTest ajp13
JkMount /servlets-examples/*.jsp ajp13
JkMount /servlets-examples/servlet/RequestInfoExample/* ajp13
[Tomcat server.xml]
Server port=8005 shutdown=SHUTDOWN debug=0
Listener className=org.apache.jk.config.ApacheConfig
modJk=/usr/local/apache/modules/mod_jk.so
/
...
Host name=machine2.example.com debug=0 appBase=webapps
unpackWARs=true autoDeploy=true
xmlValidation=false xmlNamespaceAware=false
Listener className=org.apache.jk.config.ApacheConfig
append=true forwardAll=false
modJk=/usr/local/apache/modules/mod_jk.so
/
Help greatly appreciated.
Tony
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Access denied with Apache + Tomcat config
All, I believe that I found my problem, and for the sake of posterity I'm posting it for the next poor fool who is forced to chase around the web and through books looking for decent documentation. When I set up Tomcat I copied the sample workers.properties file from the JK source. However it turns out that the sample file uses the wrong worker name (compared to the name that is automatically generated.) In my case, the sample file was this: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 However, as can be seen in my original post, the conf/auto/mod_jk.conf file wants to use ajp13. By changing the workers.properties file to 'ajp13' and NOT 'ajp13w' everything started working. On Tue, 15 Mar 2005 12:15:42 -0500, Tony Stocker [EMAIL PROTECTED] wrote: Hello All, I have searched the archives but have been unable to find a solution to my problem. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Access Denied, now what?
Hi everybody, Iwas trying to install Tomcat 5.5.8 for a few days now with noresults. I am using win 98 SE. This is the result of the run when I execute the start.pifgenerated when I changed the memory variable of the start.bat CATALINA_BASE: C:\archivos de programa\java\jakarta-tomcat-5.5.8Using CATALINA_HOME: C:\archivos de programa\java\jakarta-tomcat-5.5.8Using CATALINA_TMPDIR: C:\archivos de programa\java\jakarta-tomcat-5.5.8\tempUsing JAVA_HOME: C:\archivos de programa\java\jdk1.5.0_01Acceso denegado. For who does not understand spanish the last line says "denied access". I got to this point after trying a lot of different things, 'cause at first, I had a lot of problems with the installation exe file, and then setting the environment variables. Thanks in advance for any help. Jorge No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.7.2 - Release Date: 11/03/05 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Access Denied, now what?
Blanks in the insides of file or folder names will cause grief in any language. You can get by some of the problems by quoting the file name. Many things in strange places will consider the file name as C:\archivos followed by some unintelligible stuff. -Original Message- From: Ing. Jorge E. Abramian [mailto:[EMAIL PROTECTED] Sent: Sunday, March 13, 2005 9:01 AM To: tomcat-user@jakarta.apache.org Subject: Access Denied, now what? Hi everybody, I was trying to install Tomcat 5.5.8 for a few days now with no results. I am using win 98 SE. This is the result of the run when I execute the start.pif generated when I changed the memory variable of the start.bat CATALINA_BASE: C:\archivos de programa\java\jakarta-tomcat-5.5.8 Using CATALINA_HOME: C:\archivos de programa\java\jakarta-tomcat-5.5.8 Using CATALINA_TMPDIR: C:\archivos de programa\java\jakarta-tomcat-5.5.8\temp Using JAVA_HOME: C:\archivos de programa\java\jdk1.5.0_01 Acceso denegado. For who does not understand spanish the last line says denied access. I got to this point after trying a lot of different things, 'cause at first, I had a lot of problems with the installation exe file, and then setting the environment variables. Thanks in advance for any help. Jorge
RE: java.security.AccessControlException: access denied
i was able to get this fixed by replacing the
permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat
4.1\\certs\\-, read;
with
permission java.io.FilePermission ALL FILES, read;
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 25, 2004 1:23 PM
To: Shilpa Nalgonda
Subject: RE: java.security.AccessControlException: access denied
That's really curious. I'd try two things:
1) change the file permission to this:
permission java.io.FilePermission ALL FILES, read;
If that works, then there's a problem with the path in the file
permission. If that doesn't work, then...
2) add a java.security.AllPermission permission (for testing only) If
that doesn't work, then this is not the policy file in use. If it does,
then another permission is missing, and the exception is being
misreported.
Again, I'd also try writing a JSP that creates a java.io.File at the
certs location, and calls File#canRead() in a
try{}catch(SecurityException) block to make sure that we're looking at
the right problem.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 5:36 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I wrote a jsp file to read the cert file from the C:/certs dir. Initially i
got the same error,
then i changed the catalina.policy file to include file name
permission java.io.FilePermission C:/certs/f73e89fd.0, read;
and it worked.
But for some reason the verisign authentication still shows the same error.
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I am using -security option to run TC.
I am not quite sure about the syntax of the policy file, i should check
that,
but can u suggest me what is the correct syntax ?
and also i will try to read this file using some test.jsp and let you know.
thanks.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:42 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
You shouldn't need to add it anywhere else: Permissions are cumulative,
so if that file permission is in a grant{} block, all the code running
under the jvm will have it. You mentioned making the changes to
java.policy as well: This should be unnecessary, as the catalina.policy
file is the only one in effect if you start TC with the -security
option. The situation as you're describing it sounds right, but since I
know from experience that the security manager works just fine in 4.1.x,
something is getting left out.
Are you using the -security option to get the security manager, or are
you using some parameters in $JAVA_OPTS?
Are you certain about the syntax of your policy file (although that
usually fails more dramatically than this)?
Can you write a test JSP or servlet that reads a file out of that
directory?
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:10 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the
general grant block.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have
tomcat5: Error java.security.AccessControlException: Access denied (mx4j.server.MBeanTrustPermission register): MBean class org.apache.commons.modeler.BaseModelMBean is not trusted for registration
I get a really strange error when tomcat5 is loading our webapps. I have no clue where does it comes from. Please help Aug 24, 2004 5:57:00 PM org.apache.commons.modeler.Registry registerComponent SEVERE: Error registering Catalina:j2eeType=WebModule,name=//localhost/xclin,J2EEApplication=none, J2EEServer=none java.security.AccessControlException: Access denied (mx4j.server.MBeanTrustPermission register): MBean class org.apache.commons.modeler.BaseModelMBean is not trusted for registration at mx4j.server.interceptor.SecurityMBeanServerInterceptor.checkTrustRegistr ation(SecurityMBeanServerInterceptor.java:156) at mx4j.server.interceptor.SecurityMBeanServerInterceptor.registration(Secu rityMBeanServerInterceptor.java:116) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.registration(Defau ltMBeanServerInterceptor.java:113) at mx4j.server.interceptor.DefaultMBeanServerInterceptor.registration(Defau ltMBeanServerInterceptor.java:113) at mx4j.server.interceptor.ContextClassLoaderMBeanServerInterceptor.registr ation(ContextClassLoaderMBeanServerInterceptor.java:108) at mx4j.server.MBeanServerImpl.registerImpl(MBeanServerImpl.java:1051) at mx4j.server.MBeanServerImpl.registerMBeanImpl(MBeanServerImpl.java:1002) at mx4j.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:978) at org.apache.commons.modeler.Registry.registerComponent(Registry.java:871) at org.apache.catalina.core.StandardContext.registerJMX(StandardContext.jav a:5361) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4379 ) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) at org.apache.catalina.core.StandardHost.start(StandardHost.java:789) at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) at org.apache.catalina.core.StandardService.start(StandardService.java:480) at org.apache.catalina.core.StandardServer.start(StandardServer.java:2313) at org.apache.catalina.startup.Catalina.start(Catalina.java:556) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:284) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:422) Aug 24, 2004 5:57:00 PM org.apache.catalina.core.StandardContext registerJMX Benoit Marchal Director NovaXon BV Tel: +31 43 356 14 60 Fax: +31 43 356 14 61
java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned on. My java application which is using JDK 1.4, connects to the the credit card authorizing company called verisign, and returns the approval authorization code. I have installed the digital certificate on $TOMCAT_HOME\certs directory. There are read permissions on the cert file. But still for some reason the verisign is not able to read the cert file due to the below error. RESULT=-31RESPMSG=The certificate chain did not validate, no local certificate found, java.security.AccessControlException: access denied (java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs read) However when i run Tomcat server without security, everything is file. Somehow tomcat is restricting the permission to read the cert file. Verisign uses Jsse.jar to do the security authentication. I have modofied both java.policy and catalina.policy to grant permission on the cert file as below. permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read; But this does not help, is there anything else i should do to the server.xml file... How does the security manager runs in Tomcat4.1 Please help... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block?
If not, it's possible that your code doesn't have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate
on $TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache Group\\Tomcat
4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem.
can you think of anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block?
If not, it's possible that your code doesn't have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate
on $TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the
general grant block.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
RE: java.security.AccessControlException: access denied
You shouldn't need to add it anywhere else: Permissions are cumulative,
so if that file permission is in a grant{} block, all the code running
under the jvm will have it. You mentioned making the changes to
java.policy as well: This should be unnecessary, as the catalina.policy
file is the only one in effect if you start TC with the -security
option. The situation as you're describing it sounds right, but since I
know from experience that the security manager works just fine in 4.1.x,
something is getting left out.
Are you using the -security option to get the security manager, or are
you using some parameters in $JAVA_OPTS?
Are you certain about the syntax of your policy file (although that
usually fails more dramatically than this)?
Can you write a test JSP or servlet that reads a file out of that
directory?
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:10 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the
general grant block.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED
RE: java.security.AccessControlException: access denied
I am using -security option to run TC.
I am not quite sure about the syntax of the policy file, i should check
that,
but can u suggest me what is the correct syntax ?
and also i will try to read this file using some test.jsp and let you know.
thanks.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:42 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
You shouldn't need to add it anywhere else: Permissions are cumulative,
so if that file permission is in a grant{} block, all the code running
under the jvm will have it. You mentioned making the changes to
java.policy as well: This should be unnecessary, as the catalina.policy
file is the only one in effect if you start TC with the -security
option. The situation as you're describing it sounds right, but since I
know from experience that the security manager works just fine in 4.1.x,
something is getting left out.
Are you using the -security option to get the security manager, or are
you using some parameters in $JAVA_OPTS?
Are you certain about the syntax of your policy file (although that
usually fails more dramatically than this)?
Can you write a test JSP or servlet that reads a file out of that
directory?
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:10 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the
general grant block.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy and catalina.policy to grant permission
on the cert file as below. permission java.io.FilePermission
C:\\Program Files\\Apache Group\\Tomcat 4.1\\certs\\-, read;
But this does not help, is there anything else i should do to the
server.xml file...
How does the security manager runs in Tomcat4.1
Please help...
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED
RE: java.security.AccessControlException: access denied
I wrote a jsp file to read the cert file from the C:/certs dir. Initially i
got the same error,
then i changed the catalina.policy file to include file name
permission java.io.FilePermission C:/certs/f73e89fd.0, read;
and it worked.
But for some reason the verisign authentication still shows the same error.
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I am using -security option to run TC.
I am not quite sure about the syntax of the policy file, i should check
that,
but can u suggest me what is the correct syntax ?
and also i will try to read this file using some test.jsp and let you know.
thanks.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:42 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
You shouldn't need to add it anywhere else: Permissions are cumulative,
so if that file permission is in a grant{} block, all the code running
under the jvm will have it. You mentioned making the changes to
java.policy as well: This should be unnecessary, as the catalina.policy
file is the only one in effect if you start TC with the -security
option. The situation as you're describing it sounds right, but since I
know from experience that the security manager works just fine in 4.1.x,
something is getting left out.
Are you using the -security option to get the security manager, or are
you using some parameters in $JAVA_OPTS?
Are you certain about the syntax of your policy file (although that
usually fails more dramatically than this)?
Can you write a test JSP or servlet that reads a file out of that
directory?
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:10 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
No certs is a directory. shall i add it in other place other than the
general grant block.
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 4:09 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
If certs is a file and not a directory, take off the \\- at the end
of the permission url.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 2:50 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
I added the below line in the general grant{} block.
permission java.io.FilePermission C:\\Program Files\\Apache
Group\\Tomcat 4.1\\certs\\-, read;
I tried placing the certs file in other directory too where there is no
whitespace issue. But i still have the problem. can you think of
anything else?
-Original Message-
From: Benjamin Armintor [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 3:32 PM
To: Tomcat Users List
Subject: RE: java.security.AccessControlException: access denied
Where did you add the permission in the catalina.policy file? In a
general grant{} block? If not, it's possible that your code doesn't
have the permission.
It may also be the case that the whitespace in the filepath causes
problems, but someone who actually runs on Windows could tell you better
than I.
Benjamin J. Armintor
Operations Systems Specialist
ITS-Systems: Mainframe Group
University of Texas - Austin
tele: (512) 232-6562
email: [EMAIL PROTECTED]
-Original Message-
From: Shilpa Nalgonda [mailto:[EMAIL PROTECTED]
Sent: Tuesday, August 24, 2004 1:51 PM
To: [EMAIL PROTECTED]
Subject: java.security.AccessControlException: access denied
I am running Tomcat4.1.30 on windows 2000, with security option turned
on. My java application which is using JDK 1.4, connects to the the
credit card authorizing company called verisign, and returns the
approval authorization code. I have installed the digital certificate on
$TOMCAT_HOME\certs directory. There are read permissions on the cert
file. But still for some reason the verisign is not able to read the
cert file due to the below error.
RESULT=-31RESPMSG=The certificate chain did not validate, no local
certificate found, java.security.AccessControlException: access denied
(java.io.FilePermissi on C:\Program Files\Apache Group\Tomcat 4.1\certs
read)
However when i run Tomcat server without security, everything is file.
Somehow tomcat is restricting the permission to read the cert file.
Verisign uses Jsse.jar to do the security authentication.
I have modofied both java.policy
File Access Denied
Hello everyone, I have a file in 1 of the directories - from where 1 of the files in the same directory is reading it - the directory being inside webapp/testApp directory.I get the exception - file access denied permission to read .Could u tell me a way to get rid of this exception to read this file ? Regards, Teja. - Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it!
AUTO 'Getty=986-760'File Access Denied
Hello and thank you for your email. We strive to respond to all email inquiries within one business day. If your issue cannot wait that long, please call us at 877-438-8966. Our hours are 6:00 a.m. to 6:00 p.m. Pacific Standard Time, Monday through Friday. For reference, your assigned case ID is:986760 -Original Message- From: Teja Jo [EMAIL PROTECTED] Sent: Friday, Jan 30 2004 3:00AM To: Tomcat User Mailing List [EMAIL PROTECTED] Subject: File Access Denied Hello everyone, I have a file in 1 of the directories - from where 1 of the files in the same directory is reading it - the directory being inside webapp/testApp directory.I get the exception - file access denied permission to read .Could u tell me a way to get rid of this exception to read this file ? Regards, Teja. - Do you Yahoo!? Yahoo! SiteBuilder - Free web site building tool. Try it! === This email and its contents are confidential. If you are not the intended recipient, please do not disclose or use the information within this email or its attachments. If you have received this email in error, please delete it immediately. Thank you. === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL failure with some browsers - Access denied by access control list - SOLUTION
Thanks for all the help. I was not able to discover the exact cause of the problem, but I tracked the issue down to a problem with misconfigured DNS and Proxy servers. I was able to consistently avoid it by not using the proxy for this server (since it is in the intranet) and using a fully qualified machine name. It is puzzling though, that most browsers (other than Mozilla) were able to somehow recover and bypass the issue. b. -Original Message- From: Melloni Bruno (Nokia-BI/Dallas) Sent: Tuesday, January 13, 2004 10:44 AM To: 'Tomcat Users List'; '[EMAIL PROTECTED]' Subject: RE: SSL failure with some browsers - Access denied by access control list Mixed results: - I got no debug messages when it failed even after setting log4j.logger.org.apache.tomcat.net=DEBUG. - By experimenting (afterwards) and placing the files in common/lib and common/classes instead of server/lib and server/classes and adding log4j.logger.org.apache.catalina.session.ManagerBase=INFO, RollFile I managed to eliminate the annoying (unrelated) bug in Tomcat 5 that gives the warning message: log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase). log4j:WARN Please initialize the log4j system properly. b. -Original Message- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version
RE: SSL failure with some browsers - Access denied by access control list
Mixed results: - I got no debug messages when it failed even after setting log4j.logger.org.apache.tomcat.net=DEBUG. - By experimenting (afterwards) and placing the files in common/lib and common/classes instead of server/lib and server/classes and adding log4j.logger.org.apache.catalina.session.ManagerBase=INFO, RollFile I managed to eliminate the annoying (unrelated) bug in Tomcat 5 that gives the warning message: log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase). log4j:WARN Please initialize the log4j system properly. b. -Original Message- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name
RE: SSL failure with some browsers - Access denied by access control list
BTW, I when this failed to produce debug messages I tried to verify that there are classes with the org.apache.tomcat.net package in Tomcat 5. Maybe I missed it, but I did not see it on any of the jar files. b. -Original Message- From: Melloni Bruno (Nokia-BI/Dallas) Sent: Tuesday, January 13, 2004 10:44 AM To: 'Tomcat Users List'; '[EMAIL PROTECTED]' Subject: RE: SSL failure with some browsers - Access denied by access control list Mixed results: - I got no debug messages when it failed even after setting log4j.logger.org.apache.tomcat.net=DEBUG. - By experimenting (afterwards) and placing the files in common/lib and common/classes instead of server/lib and server/classes and adding log4j.logger.org.apache.catalina.session.ManagerBase=INFO, RollFile I managed to eliminate the annoying (unrelated) bug in Tomcat 5 that gives the warning message: log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase). log4j:WARN Please initialize the log4j system properly. b. -Original Message- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className
Re: SSL failure with some browsers - Access denied by access control list
You are correct: The correct package is org.apache.tomcat.util.net. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, January 13, 2004 10:39 AM Subject: RE: SSL failure with some browsers - Access denied by access control list BTW, I when this failed to produce debug messages I tried to verify that there are classes with the org.apache.tomcat.net package in Tomcat 5. Maybe I missed it, but I did not see it on any of the jar files. b. -Original Message- From: Melloni Bruno (Nokia-BI/Dallas) Sent: Tuesday, January 13, 2004 10:44 AM To: 'Tomcat Users List'; '[EMAIL PROTECTED]' Subject: RE: SSL failure with some browsers - Access denied by access control list Mixed results: - I got no debug messages when it failed even after setting log4j.logger.org.apache.tomcat.net=DEBUG. - By experimenting (afterwards) and placing the files in common/lib and common/classes instead of server/lib and server/classes and adding log4j.logger.org.apache.catalina.session.ManagerBase=INFO, RollFile I managed to eliminate the annoying (unrelated) bug in Tomcat 5 that gives the warning message: log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase). log4j:WARN Please initialize the log4j system properly. b. -Original Message- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing
RE: SSL failure with some browsers - Access denied by access control list
Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector port=8089 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS / Connector port=8109 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className
Re: SSL failure with some browsers - Access denied by access control list
Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector port=8089 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true
RE: SSL failure with some browsers - Access denied by access control list
This is the log4j.properties file that I created and that should do what you recommended, unless I missed something. Does Tomcat 5 have any special requirements for log4j? log4j.logger.org.apache.tomcat.net=DEBUG log4j.rootLogger=INFO, RollFile log4j.appender.RollFile=org.apache.log4j.RollingFileAppender log4j.appender.RollFile.File=./tomcat.log log4j.appender.RollFile.MaxFileSize=1000KB log4j.appender.RollFile.MaxBackupIndex=4 log4j.appender.RollFile.layout=org.apache.log4j.PatternLayout log4j.appender.RollFile.layout.ConversionPattern=%d %-5p (%F:%L) - %m%n Thanks again, b. -Original Message- From: ext Bill Barker [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 2:00 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list Copy the log4j-1.2.8.jar and commons-logging.jar to $CATALINA_HOME/server/lib, and create a log4j.properties (or .xml) file in $CATALINA_HOME/server/classes with the logging level. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:24 AM Subject: RE: SSL failure with some browsers - Access denied by access control list Bill, Where do I find the place to set the debug level for 'org.apache.tomcat.net'? I apologize for bugging you with this. I already searched the Tomcat docs, the whole Tomcat 5.0 deployed tree, and the contents of the whole conf directory (including server.xml) but could not find where Tomcat hides the log4j config file (or for that matter even the commons-logging jar file!!!). I know it must be somewhere since the server does actually log its messages, but I can't find it. I am familiar with log4j and my application uses it. My application has log4j-1.2.8 in its lib directory and its own application-specific log4j configuration file, and it all works wonderfully. Except of course, for the usual annoying but innocuous well-known Tomcat bug (that no one knows how to fix) about the log4j:WARN No appenders could be found for logger (org.apache.catalina.session.ManagerBase) message. Bruno -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of ext Bill Barker Sent: Friday, January 09, 2004 9:33 PM To: [EMAIL PROTECTED] Subject: Re: SSL failure with some browsers - Access denied by access control list At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource
SSL failure with some browsers - Access denied by access control list
Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector port=8089 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS / Connector port=8109 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ /Host /Engine /Service /Server Bruno Melloni eBusiness Application Center, Americas Nokia, Inc 6000 Connection Drive, Mailstop 4w223 Irving, TX 75039 USA *Office: +1 (972)894-6120 *Cellular: +1 (469) 939-1067 * SMS: [EMAIL PROTECTED] * e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL failure with some browsers - Access denied by access control list
At a guess, those Mozilla versions don't support TLS, which is Tomcat's default SSL protocol. Whatever it is, try turning up your commons-logging debug level for 'org.apache.tomcat.net' to 'debug'. You should get plenty of messages in your Tomcat logs to help you figure out why Tomcat doesn't like Mozilla. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Problem: - Making any https call fails with the message Forbidden. You were denied access because: Access denied by access control list.. - The failure happens even accessing https://host:8443/tomcat-docs, while a regular http call succeeds. - The failure happens with some browsers (i.e.: Mozilla) but now with others (i.e.: Internet Explorer, and most versions of Netscape). - The failure appears to only happen when accessing a server on a different box than the one where the browser is running. It has not happened (so far) on the same box as the client. - The failure appears to happen with the Tomcat running on either Windows or Solaris. - The failure is not related to the JDK's Verisign Certificate issue (expired Jan 7). It was happening in December, and it was not corrected by JDK 1.4.2_03. Also, the certificates being used are self-signed according to the Tomcat's default instructions. Questions: - Is this a configuration issue? Or is it a deeper problem with either Tomcat or the browsers? I have not seen many postings out there on this topic, so I assume (and hope) the problem is a dumb configuration snafu. - Is there a know solution? I have not found any on the Tomcat archives, on the Mozilla archives, or even after several exchanges with the Mozilla support people. - Is there any additional information I can provide that might shed some light as to why this is happening? Environment details: - Tomcat version: 5. - JDK version 1.4.2 (both _02 and _03). - Mozilla versions failing (at least 1.4 and 1.5). - IE version succeeding (at least 6.0) - Netscape version succeeding (at least 4.5, 4.7, and I believe one of the 7.x versions). server.xml: (feel free to comment if you see something wrong even if unrelated) Server port=8105 shutdown=SHUTDOWN debug=0 Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved /Resource ResourceParams name=UserDatabase parameter namefactory/name valueorg.apache.catalina.users.MemoryUserDatabaseFactory/value /parameter parameter namepathname/name valueconf/tomcat-users.xml/value /parameter /ResourceParams /GlobalNamingResources Service name=Catalina Connector port=8089 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 debug=0 connectionTimeout=2 disableUploadTimeout=true / Connector port=8443 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 debug=0 scheme=https secure=true clientAuth=false sslProtocol=TLS / Connector port=8109 enableLookups=false redirectPort=8443 debug=0 protocol=AJP/1.3 / Engine name=Catalina defaultHost=localhost debug=0 Logger className=org.apache.catalina.logger.FileLogger prefix=catalina_log. suffix=.txt timestamp=true/ Realm className=org.apache.catalina.realm.UserDatabaseRealm debug=0 resourceName=UserDatabase/ Host name=localhost debug=0 appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Logger className=org.apache.catalina.logger.FileLogger directory=logs prefix=localhost_log. suffix=.txt timestamp=true/ /Host /Engine /Service /Server Bruno Melloni eBusiness Application Center, Americas Nokia, Inc 6000 Connection Drive, Mailstop 4w223 Irving, TX 75039 USA *Office: +1 (972)894-6120 *Cellular: +1 (469) 939-1067 * SMS: [EMAIL PROTECTED] * e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Access denied with jk1 and iis
I have a site running ok with tomcat and can browse at port 8080. I have set up the jk1 redirector and when I first try to open a jsp page I get error: access denied in the web browser. The second time I try to open a jsp page I just get the source of the jsp page. I think the isapi_redirector.dll is crashing. Can somebody please help or give me more information? I have included the debug output from jk. Christoph ~ [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1018)]: Using registry. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1020)]: Using log file C:\web\tomcat\logs\jk.log. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1021)]: Using log level 0. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1022)]: Using extension uri /jakarta/isapi_redirect.dll. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1023)]: Using worker file C:\web\tomcat\conf\workers.properties. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1024)]: Using worker mount file C:\web\tomcat\conf\uriworkermap.properties. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1025)]: Using uri select 0. [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (172)]: Into jk_uri_worker_map_t::uri_worker_map_alloc [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (375)]: Into jk_uri_worker_map_t::uri_worker_map_open [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (396)]: jk_uri_worker_map_t::uri_worker_map_open, rule map size is 1 [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (299)]: Into jk_uri_worker_map_t::uri_worker_map_open, suffix rule /***.**.**.**/webtest/.jsp=defworker was added [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (408)]: Into jk_uri_worker_map_t::uri_worker_map_open, there are 1 rules [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (422)]: jk_uri_worker_map_t::uri_worker_map_open, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (88)]: Into wc_open [Wed Dec 10 11:21:11 2003] [jk_worker.c (222)]: Into build_worker_map, creating 1 workers [Wed Dec 10 11:21:11 2003] [jk_worker.c (228)]: build_worker_map, creating worker defworker [Wed Dec 10 11:21:11 2003] [jk_worker.c (148)]: Into wc_create_worker [Wed Dec 10 11:21:11 2003] [jk_worker.c (162)]: wc_create_worker, about to create instance defworker of ajp13 [Wed Dec 10 11:21:11 2003] [jk_ajp13_worker.c (108)]: Into ajp13_worker_factory [Wed Dec 10 11:21:11 2003] [jk_worker.c (171)]: wc_create_worker, about to validate and init defworker [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1343)]: Into jk_worker_t::validate [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1364)]: In jk_worker_t::validate for worker defworker contact is 127.0.0.1:8009 [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1397)]: Into jk_worker_t::init [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1421)]: In jk_worker_t::init, setting socket timeout to 300 [Wed Dec 10 11:21:11 2003] [jk_worker.c (187)]: wc_create_worker, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (238)]: build_worker_map, removing old defworker worker [Wed Dec 10 11:21:11 2003] [jk_worker.c (250)]: build_worker_map, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (111)]: wc_open, done 1 [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (655)]: Detected IIS = 5.0 [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (696)]: HttpFilterProc started [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (759)]: In HttpFilterProc Virtual Host redirection of /***.**.***.**/webtest/test.jsp [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/***.**.***.**/webtest/test.jsp' [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (558)]: jk_uri_worker_map_t::map_uri_to_worker, Found a suffix match defworker - *.jsp [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (775)]: HttpFilterProc [/webtest/test.jsp] is a servlet url - should redirect to defworker [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (838)]: HttpFilterProc check if [/webtest/test.jsp] is points to the web-inf directory [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (190)]: Into jk_uri_worker_map_t::uri_worker_map_free [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (441)]: Into jk_uri_worker_map_t::uri_worker_map_close [Wed Dec 10 11:21:11 2003] [jk_worker.c (118)]: Into wc_close [Wed Dec 10 11:21:11 2003] [jk_worker.c (199)]: close_workers got 1 workers to destroy [Wed Dec 10 11:21:11 2003] [jk_worker.c (206)]: close_workers will destroy worker defworker [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1461)]: Into jk_worker_t::destroy [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1468)]: Into jk_worker_t::destroy up to 10 endpoint to close [Wed Dec 10 11:21:11 2003] [jk_worker.c (120)]: wc_close, done - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Access denied with jk1 and iis
I think this may have something to do with the IIS server handling web sites for two different ip addresses. Christoph -Original Message- From: Chris Donges Sent: Wednesday, 10 December 2003 11:18 AM To: [EMAIL PROTECTED] Subject: Access denied with jk1 and iis I have a site running ok with tomcat and can browse at port 8080. I have set up the jk1 redirector and when I first try to open a jsp page I get error: access denied in the web browser. The second time I try to open a jsp page I just get the source of the jsp page. I think the isapi_redirector.dll is crashing. Can somebody please help or give me more information? I have included the debug output from jk. Christoph ~ [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1018)]: Using registry. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1020)]: Using log file C:\web\tomcat\logs\jk.log. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1021)]: Using log level 0. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1022)]: Using extension uri /jakarta/isapi_redirect.dll. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1023)]: Using worker file C:\web\tomcat\conf\workers.properties. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1024)]: Using worker mount file C:\web\tomcat\conf\uriworkermap.properties. [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (1025)]: Using uri select 0. [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (172)]: Into jk_uri_worker_map_t::uri_worker_map_alloc [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (375)]: Into jk_uri_worker_map_t::uri_worker_map_open [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (396)]: jk_uri_worker_map_t::uri_worker_map_open, rule map size is 1 [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (299)]: Into jk_uri_worker_map_t::uri_worker_map_open, suffix rule /***.**.**.**/webtest/.jsp=defworker was added [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (408)]: Into jk_uri_worker_map_t::uri_worker_map_open, there are 1 rules [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (422)]: jk_uri_worker_map_t::uri_worker_map_open, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (88)]: Into wc_open [Wed Dec 10 11:21:11 2003] [jk_worker.c (222)]: Into build_worker_map, creating 1 workers [Wed Dec 10 11:21:11 2003] [jk_worker.c (228)]: build_worker_map, creating worker defworker [Wed Dec 10 11:21:11 2003] [jk_worker.c (148)]: Into wc_create_worker [Wed Dec 10 11:21:11 2003] [jk_worker.c (162)]: wc_create_worker, about to create instance defworker of ajp13 [Wed Dec 10 11:21:11 2003] [jk_ajp13_worker.c (108)]: Into ajp13_worker_factory [Wed Dec 10 11:21:11 2003] [jk_worker.c (171)]: wc_create_worker, about to validate and init defworker [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1343)]: Into jk_worker_t::validate [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1364)]: In jk_worker_t::validate for worker defworker contact is 127.0.0.1:8009 [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1397)]: Into jk_worker_t::init [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1421)]: In jk_worker_t::init, setting socket timeout to 300 [Wed Dec 10 11:21:11 2003] [jk_worker.c (187)]: wc_create_worker, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (238)]: build_worker_map, removing old defworker worker [Wed Dec 10 11:21:11 2003] [jk_worker.c (250)]: build_worker_map, done [Wed Dec 10 11:21:11 2003] [jk_worker.c (111)]: wc_open, done 1 [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (655)]: Detected IIS = 5.0 [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (696)]: HttpFilterProc started [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (759)]: In HttpFilterProc Virtual Host redirection of /***.**.***.**/webtest/test.jsp [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (460)]: Into jk_uri_worker_map_t::map_uri_to_worker [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (477)]: Attempting to map URI '/***.**.***.**/webtest/test.jsp' [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (558)]: jk_uri_worker_map_t::map_uri_to_worker, Found a suffix match defworker - *.jsp [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (775)]: HttpFilterProc [/webtest/test.jsp] is a servlet url - should redirect to defworker [Wed Dec 10 11:21:11 2003] [jk_isapi_plugin.c (838)]: HttpFilterProc check if [/webtest/test.jsp] is points to the web-inf directory [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (190)]: Into jk_uri_worker_map_t::uri_worker_map_free [Wed Dec 10 11:21:11 2003] [jk_uri_worker_map.c (441)]: Into jk_uri_worker_map_t::uri_worker_map_close [Wed Dec 10 11:21:11 2003] [jk_worker.c (118)]: Into wc_close [Wed Dec 10 11:21:11 2003] [jk_worker.c (199)]: close_workers got 1 workers to destroy [Wed Dec 10 11:21:11 2003] [jk_worker.c (206)]: close_workers will destroy worker defworker [Wed Dec 10 11:21:11 2003] [jk_ajp_common.c (1461)]: Into jk_worker_t::destroy [Wed
JK2 error- file access denied
I am getting the following error when I try to access a file from the remote server: Created catalinaLoader in: d:\Program Files\Apache Group\Tomcat 4.1\server\lib Nov 20, 2003 11:41:31 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true Nov 20, 2003 11:41:48 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true Nov 20, 2003 11:42:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:42:01 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Nov 20, 2003 11:42:01 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=30/30 config=d:\Program Files\Apache Group\Tomcat 4.1\conf\jk2.properties java.io.FileNotFoundException:\\ceoimage\ceodata$\crc\00057720.tif (Access is denied) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:103) at util.fileUtil.filescopy.copyFile(filescopy.java:26) at util.fileUtil.filescopy.init(filescopy.java:13) at util.fileUtil.runfile.init(runfile.java:9) at domain.Client.init(Client.java:20) at domain.ClientDAO.getClient(ClientDAO.java:56) at domain.CRCService.getClient(CRCService.java:17) at web.CEOCRCServlet.processClient(CEOCRCServlet.java:68) at web.CEOCRCServlet.doPost(CEOCRCServlet.java:32) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:241 7) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherVa lve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:193) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:78 1) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:549) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:58 9) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:666) at java.lang.Thread.run(Thread.java:536) my system is windows 2k adv. server , sp4. thanks, James Ostad Application Developer/Analyst TMS Department Ex. 4457 E-mail: [EMAIL PROTECTED] Out--- (3) - To
RE : JK2 error- file access denied
Hi, You have not the rights to write Or you write with incorrect path separator / Correct under windows \ for file and directory I hope , i answer to your probleme -Original Message- From: James Ostad [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 6:02 PM To: Tom (E-mail) Subject: JK2 error- file access denied Importance: High I am getting the following error when I try to access a file from the remote server: Created catalinaLoader in: d:\Program Files\Apache Group\Tomcat 4.1\server\lib Nov 20, 2003 11:41:31 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true Nov 20, 2003 11:41:48 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true Nov 20, 2003 11:42:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:42:01 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Nov 20, 2003 11:42:01 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=30/30 config=d:\Program Files\Apache Group\Tomcat 4.1\conf\jk2.properties java.io.FileNotFoundException:\\ceoimage\ceodata$\crc\00057720.tif (Access is denied) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:103) at util.fileUtil.filescopy.copyFile(filescopy.java:26) at util.fileUtil.filescopy.init(filescopy.java:13) at util.fileUtil.runfile.init(runfile.java:9) at domain.Client.init(Client.java:20) at domain.ClientDAO.getClient(ClientDAO.java:56) at domain.CRCService.getClient(CRCService.java:17) at web.CEOCRCServlet.processClient(CEOCRCServlet.java:68) at web.CEOCRCServlet.doPost(CEOCRCServlet.java:32) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilt er(Applica tionFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli cationFilt erChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardW rapperValv e.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardC ontextValv e.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContex t.java:241 7) at org.apache.catalina.core.StandardHostValve.invoke(StandardHost Valve.java :180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi spatcherVa lve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport Valve.java :172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEn gineValve. java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter. java:193) at org.apache.coyote.http11.Http11Processor.process(Http11Process or.java:78 1) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandle r.processC onnection(Http11Protocol.java:549
RE: RE : JK2 error- file access denied
I feel I am in heaven. some one responded back. here is my case, I use SunOne Studio to create my web apps. It does work in it, but when I move it out to tomcat, that is what I get. I just stated to look at the jk2.properties file. Currently nothing has been setup there. It seems that SunOne is taking care of this part by itself. Thank you for replying back. James -Original Message- From: eric perso [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 12:01 PM To: 'Tomcat Users List' Subject: RE : JK2 error- file access denied Hi, You have not the rights to write Or you write with incorrect path separator / Correct under windows \ for file and directory I hope , i answer to your probleme -Original Message- From: James Ostad [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 6:02 PM To: Tom (E-mail) Subject: JK2 error- file access denied Importance: High I am getting the following error when I try to access a file from the remote server: Created catalinaLoader in: d:\Program Files\Apache Group\Tomcat 4.1\server\lib Nov 20, 2003 11:41:31 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true Nov 20, 2003 11:41:48 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true Nov 20, 2003 11:42:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:42:01 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Nov 20, 2003 11:42:01 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=30/30 config=d:\Program Files\Apache Group\Tomcat 4.1\conf\jk2.properties java.io.FileNotFoundException:\\ceoimage\ceodata$\crc\00057720.tif (Access is denied) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:103) at util.fileUtil.filescopy.copyFile(filescopy.java:26) at util.fileUtil.filescopy.init(filescopy.java:13) at util.fileUtil.runfile.init(runfile.java:9) at domain.Client.init(Client.java:20) at domain.ClientDAO.getClient(ClientDAO.java:56) at domain.CRCService.getClient(CRCService.java:17) at web.CEOCRCServlet.processClient(CEOCRCServlet.java:68) at web.CEOCRCServlet.doPost(CEOCRCServlet.java:32) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilt er(Applica tionFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli cationFilt erChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardW rapperValv e.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardC ontextValv e.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContex t.java:241 7) at org.apache.catalina.core.StandardHostValve.invoke(StandardHost Valve.java :180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi spatcherVa lve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport Valve.java :172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEn gineValve. java:174) at org.apache.catalina.core.StandardPipeline
RE: RE : JK2 error- file access denied
I wish you would have been right on this. In either case the application works in SunOne, but not in Tomcat. got to be something else. James -Original Message- From: eric perso [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 12:01 PM To: 'Tomcat Users List' Subject: RE : JK2 error- file access denied Hi, You have not the rights to write Or you write with incorrect path separator / Correct under windows \ for file and directory I hope , i answer to your probleme -Original Message- From: James Ostad [mailto:[EMAIL PROTECTED] Sent: Thursday, November 20, 2003 6:02 PM To: Tom (E-mail) Subject: JK2 error- file access denied Importance: High I am getting the following error when I try to access a file from the remote server: Created catalinaLoader in: d:\Program Files\Apache Group\Tomcat 4.1\server\lib Nov 20, 2003 11:41:31 AM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.util.LocalStrings', returnNull=true Nov 20, 2003 11:41:43 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.struts.action.ActionResources', returnNull=true Nov 20, 2003 11:41:48 AM org.apache.struts.util.PropertyMessageResources init INFO: Initializing, config='org.apache.webapp.admin.ApplicationResources', returnNull=true Nov 20, 2003 11:42:00 AM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on port 8080 Nov 20, 2003 11:42:01 AM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Nov 20, 2003 11:42:01 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=30/30 config=d:\Program Files\Apache Group\Tomcat 4.1\conf\jk2.properties java.io.FileNotFoundException:\\ceoimage\ceodata$\crc\00057720.tif (Access is denied) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:103) at util.fileUtil.filescopy.copyFile(filescopy.java:26) at util.fileUtil.filescopy.init(filescopy.java:13) at util.fileUtil.runfile.init(runfile.java:9) at domain.Client.init(Client.java:20) at domain.ClientDAO.getClient(ClientDAO.java:56) at domain.CRCService.getClient(CRCService.java:17) at web.CEOCRCServlet.processClient(CEOCRCServlet.java:68) at web.CEOCRCServlet.doPost(CEOCRCServlet.java:32) at javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilt er(Applica tionFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.doFilter(Appli cationFilt erChain.java:193) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardW rapperValv e.java:256) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContextValve.invoke(StandardC ontextValv e.java:191) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardContext.invoke(StandardContex t.java:241 7) at org.apache.catalina.core.StandardHostValve.invoke(StandardHost Valve.java :180) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDi spatcherVa lve.java:171) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReport Valve.java :172) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:641) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEn gineValve. java:174) at org.apache.catalina.core.StandardPipeline$StandardPipelineValv eContext.i nvokeNext(StandardPipeline.java:643) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipel ine.java:4 80) at org.apache.catalina.core.ContainerBase.invoke
RE: Tomcat 4.1, https access denied
Hi, I can get my web application from https://localhost:8443/ but not from https://hostname:8443/.. I got error message for access denied. It works fine for http://hostname:8080/ What should I do? Thanks = error message from web == The requested URL could not be retrieved While trying to retrieve the URL: hostname The following error was encountered: Access Denied. Access control configuration prevents your request from being a - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
https Access Denied.
Hi I can start my web page from https://localhost:8443 but If I try to start from https://host-name:8443 it will give me following error It works fine on both http://localhost:8080 http://host-name:8080 What should I do Thanks Rowena == error from web == The requested URL could not be retrieved While trying to retrieve the URL: host-name The following error was encountered: Access Denied. Access control configuration prevents your request from being a - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet, Tomcat 3.3, IIS virtual directory access denied
On W2K, by default, the service user doesn't have access to any remote shared drives. IMHO, this is a good thing. Cinzia S [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello people, I've set up Tomcat to run as a service with a domain log on usr/pswd. IIS works fine redirecting servlet requests to Tomcat via ISAPI redirector. All on Windows 2000 Server. The problem: The java application creates and reads files from a location which corresponds to an IIS virtual directory and is also a local directory with respect to the Tomcat and IIS installation. The application is denied access to this directory when submitting a network path (\\server/drive/directory/) where to store and read files, but is happy when a local path is given instead (E:/) Why? The domain user should have complete access to this. Is it Tomcat, IIS, or java restrictions? I appreciate any suggestion on this Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet, Tomcat 3.3, IIS virtual directory access denied
Thanks for confirming what I found out last night. I noticed that the virtual directory had web sharing set with some permissions which did not include tomcat service domain account. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 22, 2003 9:05 AM Subject: Re: Servlet, Tomcat 3.3, IIS virtual directory access denied On W2K, by default, the service user doesn't have access to any remote shared drives. IMHO, this is a good thing. Cinzia S [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello people, I've set up Tomcat to run as a service with a domain log on usr/pswd. IIS works fine redirecting servlet requests to Tomcat via ISAPI redirector. All on Windows 2000 Server. The problem: The java application creates and reads files from a location which corresponds to an IIS virtual directory and is also a local directory with respect to the Tomcat and IIS installation. The application is denied access to this directory when submitting a network path (\\server/drive/directory/) where to store and read files, but is happy when a local path is given instead (E:/) Why? The domain user should have complete access to this. Is it Tomcat, IIS, or java restrictions? I appreciate any suggestion on this Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Servlet, Tomcat 3.3, IIS virtual directory access denied
Hello people, I've set up Tomcat to run as a service with a domain log on usr/pswd. IIS works fine redirecting servlet requests to Tomcat via ISAPI redirector. All on Windows 2000 Server. The problem: The java application creates and reads files from a location which corresponds to an IIS virtual directory and is also a local directory with respect to the Tomcat and IIS installation. The application is denied access to this directory when submitting a network path (\\server/drive/directory/) where to store and read files, but is happy when a local path is given instead (E:/) Why? The domain user should have complete access to this. Is it Tomcat, IIS, or java restrictions? I appreciate any suggestion on this Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
javax.security.auth.AuthPermission - access denied error
Hi,
I am using a security manager to run NTLogin module available as a
jar file. My catalina.policy file looks like this.
grant codeBase
file:${catalina.home}/webapps/examples/WEB-INF/lib/NTLogin.jar {
permission javax.security.auth.AuthPermission modifyPrincipals;
permission java.lang.RuntimePermission loadLibrary.NTSystem;
permission java.util.PropertyPermission user.dir, read;
};
grant codeBase
file:${catalina.home}/webapps/examples/WEB-INF/lib/ntAtn.jar {
permission javax.security.auth.AuthPermission createLoginContext;
permission javax.security.auth.AuthPermission
createLoginContext.NTLogin;
permission javax.security.auth.AuthPermission doAsPrivileged;
permission java.lang.RuntimePermission loadLibrary.NTSystem;
permission javax.security.auth.AuthPermission modifyPrincipals;
};
I get an error:- access denied (javax.security.auth.AuthPermission
createLoginContext.NTLogin)
Any idea how to resolve this?
Daniel.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Security manager, velocity and logging - access denied
Hello, I'm a tomcat newbie running debian and trying to use tomcat 4.0.3-3woody2 and velocity-1.3.1-rc2. So far I haven't managed all that well. =) If I disable the java security manager everything works fine. But I kinda figure that the security manager is there to serve a purpose. I would really like to have it activaded and not less strict than necessary. When I enable it I get the following error, probably caused by the combination of some automatic(?) logging in velocity that haven't got the correct access rights in catalina.policy: Apache Tomcat/4.0.3 - HTTP Status 500 - Internal Server Error exception javax.servlet.ServletException: Error initializing Velocity: java.lang.Exception: Unable to configure AvalonLogSystem: java.security.AccessControlException: access denied (java.io.FilePermission /var/lib/tomcat4/webapps/ROOT read) at org.apache.velocity.servlet.VelocityServlet.initVelocity( VelocityServlet.java:236) [snippage] I have tried random (doh!) changes in the policy, but without much luck. I'll be greatful to get some hints... What are good default grants for webapps using velocity? TIA regards, -- Fredrik Jonson [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
access denied
hi all,
i tried this code.. the below mentioned error is coming pl help
javax.naming.Context ctx = new javax.naming.InitialContext();
if(ctx == null )
System.out.println(Context is null);
else {
javax.sql.DataSource ds1 = (javax.sql.DataSource)ctx.lookup
(java:comp/env/TestDB);
if (ds1 != null) {
java.sql.Connection conn = ds1.getConnection();
-
org.apache.jasper.JasperException: java.sql.SQLException: Invalid
authorization specification: Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:248)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
T I A
best regards
sunil
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: access denied
What's the database you're using? MySQL? The other question is how you have
defined the login for the database. Have you litterly stated
[EMAIL PROTECTED] there?
Marc
- Original Message -
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, 24 December 2002 12:12
Subject: access denied
hi all,
i tried this code.. the below mentioned error is coming pl help
javax.naming.Context ctx = new javax.naming.InitialContext();
if(ctx == null )
System.out.println(Context is null);
else {
javax.sql.DataSource ds1 = (javax.sql.DataSource)ctx.lookup
(java:comp/env/TestDB);
if (ds1 != null) {
java.sql.Connection conn = ds1.getConnection();
-
org.apache.jasper.JasperException: java.sql.SQLException: Invalid
authorization specification: Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:2
48)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
T I A
best regards
sunil
--
To unsubscribe, e-mail:
mailto:[EMAIL PROTECTED]
For additional commands, e-mail:
mailto:[EMAIL PROTECTED]
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
access denied
hi all,
i tried this code.. the below mentioned error is coming pl help
javax.naming.Context ctx = new javax.naming.InitialContext();
if(ctx == null )
System.out.println(Context is null);
else {
javax.sql.DataSource ds1 = (javax.sql.DataSource)ctx.lookup
(java:comp/env/TestDB);
if (ds1 != null) {
java.sql.Connection conn = ds1.getConnection();
-
org.apache.jasper.JasperException: java.sql.SQLException: Invalid
authorization specification: Access denied for user:
'[EMAIL PROTECTED]' (Using password: YES)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:248)
at
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:295)
T I A
best regards
sunil
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Access denied... to /tmp !?
On Monday 02 Dec 2002 5:01 pm, Jeanfrancois Arcand wrote:
That's the proper behaviour. By default, a web application is only able
to read under the context under which it was deployed. If you want to
grant access to the /tmp !*be carefull*!, add the following in your
catalina.policy file:
grant codeBase file:${catalina.home}/webapps/your context/- {
permission java.io.FilePermission /tmp, read;
};
OK, this raises another issue. The problem arose because my servlet makes use
of the maybeupload package URL: http://www.weft.co.uk/library/maybeupload/
which I wrote and maintain, but which is also used in a number of other
people's code including Cocoon 2, so it's moderately important that it
doesn't do stupid things.
MaybeUploadServlet checks in it's init method that it's upload directory
exists and is writable:
uploadDir = new File( uploadDirPath);
if ( ! uploadDir.isDirectory() || ! uploadDir.canWrite())
throw new
UnavailableException( Cannot write to upload directory +
uploadDirPath);
UploadDirPath is a runtime configurable parameter, expected to be picked up
from the web.xml:
uploadDirPath = getStringParameterValue( upload_dir_path, config,
uploadDirPath);
However, if no value is specified in the web.xml, then currently the
hard-coded default is /tmp; the thinking being this is it's usually a safe
place to write stuff.
Clearly, though, as you point out, this is the wrong thing to do. The obvious
solution is to alter MaybeUploadServlet so that if no upload_dir_path is
specified in the web.xml, to switch off the upload facility altogether,
possibly appending a warning to the log. However I don't know who else's code
this will hurt (and, indeed, it's interesting that I haven't had anyone else
report this to me as a bug).
Could anyone suggest a means of getting a 'safe' directory path for
UploadDirPath to default to, or should I go for the 'switch off' behaviour?
Cheers
Simon
--
[EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/
;; making jokes about dyslexia isn't big, it isn't clever and
;; it isn't furry.
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Access denied... to /tmp !?
Hi, However, if no value is specified in the web.xml, then currently the hard-coded default is /tmp; the thinking being this is it's usually a safe place to write stuff. How about, if no value is specified in web.xml, use javax.servlet.context.tempdir? That's always available as if it were specified as a context parameter in web.xml. Yoav Shapira Millennium ChemInformatics -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Access denied... to /tmp !?
Simon Brooke wrote:
On Monday 02 Dec 2002 5:01 pm, Jeanfrancois Arcand wrote:
That's the proper behaviour. By default, a web application is only able
to read under the context under which it was deployed. If you want to
grant access to the /tmp !*be carefull*!, add the following in your
catalina.policy file:
grant codeBase file:${catalina.home}/webapps/your context/- {
permission java.io.FilePermission /tmp, read;
};
OK, this raises another issue. The problem arose because my servlet makes use
of the maybeupload package URL: http://www.weft.co.uk/library/maybeupload/
which I wrote and maintain, but which is also used in a number of other
people's code including Cocoon 2, so it's moderately important that it
doesn't do stupid things.
MaybeUploadServlet checks in it's init method that it's upload directory
exists and is writable:
uploadDir = new File( uploadDirPath);
if ( ! uploadDir.isDirectory() || ! uploadDir.canWrite())
throw new
UnavailableException( Cannot write to upload directory +
uploadDirPath);
UploadDirPath is a runtime configurable parameter, expected to be picked up
from the web.xml:
uploadDirPath = getStringParameterValue( upload_dir_path, config,
uploadDirPath);
However, if no value is specified in the web.xml, then currently the
hard-coded default is /tmp; the thinking being this is it's usually a safe
place to write stuff.
Clearly, though, as you point out, this is the wrong thing to do. The obvious
solution is to alter MaybeUploadServlet so that if no upload_dir_path is
specified in the web.xml, to switch off the upload facility altogether,
possibly appending a warning to the log. However I don't know who else's code
this will hurt (and, indeed, it's interesting that I haven't had anyone else
report this to me as a bug).
Because they probably runs Tomcat without the security manager, so they
can read/write from any context :-)
Could anyone suggest a means of getting a 'safe' directory path for
UploadDirPath to default to, or should I go for the 'switch off' behaviour?
Have you try the solution proposed by Yoav? This is probably the best
solution if you want a tmp directory for each web-app. If you only
want 1 directory, then the /tmp is fine (but works only on Unix).
-- Jeanfrancois
Cheers
Simon
Access denied... to /tmp !?
Hi I've been running things under various versions of Tomcat for a long time now, but it's always been Tomcats I've compiled and installed myself. Now I'm trying to get things running with the version of Tomcat which is packaged in the Debian package 'tomcat4 4.0.3-3woody1'. The tomcat install works, and I can install my webapp OK, and tomcat serves static pages out of my webapp just fine. But when I try to access a Servlet, I get Apache Tomcat/4.0.3 - HTTP Status 500 - Internal Server Error type Exception report message Internal Server Error description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet.init() for servlet items threw exception at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:935 ) ... usual stuf... root cause java.security.AccessControlException: access denied (java.io.FilePermission /tmp read) at java.security.AccessControlContext.checkPermission(AccessControlContext.java( Compiled Code)) Now if I understand what's going on there, the servlet is falling over because it can't read /tmp... What I want to know is where this security policy is set? -- [EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/ Error 1109: There is no message for this error -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: Access denied... to /tmp !?
That's the proper behaviour. By default, a web application is only able
to read under the context under which it was deployed. If you want to
grant access to the /tmp !*be carefull*!, add the following in your
catalina.policy file:
grant codeBase file:${catalina.home}/webapps/your context/- {
permission java.io.FilePermission /tmp, read;
};
-- Jeanfrancois
Simon Brooke wrote:
Hi
I've been running things under various versions of Tomcat for a long time
now, but it's always been Tomcats I've compiled and installed myself. Now I'm
trying to get things running with the version of Tomcat which is packaged in
the Debian package 'tomcat4 4.0.3-3woody1'. The tomcat install works, and I
can install my webapp OK, and tomcat serves static pages out of my webapp
just fine. But when I try to access a Servlet, I get
Apache Tomcat/4.0.3 - HTTP Status 500 - Internal Server Error
type Exception report
message Internal Server Error
description The server encountered an internal error (Internal Server
Error) that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Servlet.init() for servlet items threw
exception at
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:935
)
... usual stuf...
root cause
java.security.AccessControlException: access denied (java.io.FilePermission
/tmp read) at
java.security.AccessControlContext.checkPermission(AccessControlContext.java(
Compiled Code))
Now if I understand what's going on there, the servlet is falling over
because it can't read /tmp...
What I want to know is where this security policy is set?
--
To unsubscribe, e-mail: mailto:[EMAIL PROTECTED]
For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: Access denied... to /tmp !?
Howdy, Mr. Arcand already answered, but I wanted to add something: you can use the directory indicated by context property javax.servlet.context.tempdir as your temporary directory, rather than hard-coding /tmp. See the servlet spec, section 3.7.1, for details. Yoav Shapira Millennium ChemInformatics -Original Message- From: Simon Brooke [mailto:[EMAIL PROTECTED]] Sent: Monday, December 02, 2002 11:40 AM To: 'Tomcat Users List' Subject: Access denied... to /tmp !? Hi I've been running things under various versions of Tomcat for a long time now, but it's always been Tomcats I've compiled and installed myself. Now I'm trying to get things running with the version of Tomcat which is packaged in the Debian package 'tomcat4 4.0.3-3woody1'. The tomcat install works, and I can install my webapp OK, and tomcat serves static pages out of my webapp just fine. But when I try to access a Servlet, I get Apache Tomcat/4.0.3 - HTTP Status 500 - Internal Server Error type Exception report message Internal Server Error description The server encountered an internal error (Internal Server Error) that prevented it from fulfilling this request. exception javax.servlet.ServletException: Servlet.init() for servlet items threw exception at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.ja va:9 35 ) ... usual stuf... root cause java.security.AccessControlException: access denied (java.io.FilePermission /tmp read) at java.security.AccessControlContext.checkPermission(AccessControlContext .jav a( Compiled Code)) Now if I understand what's going on there, the servlet is falling over because it can't read /tmp... What I want to know is where this security policy is set? -- [EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/ Error 1109: There is no message for this error -- To unsubscribe, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] For additional commands, e-mail: mailto:tomcat-user- [EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: DBMS access denied with Jakarta NT Service
I've solved the problem. It was a setting in the Jakarta NT service, the LogOnAs which limited access to the LocalSystem only. Thanks - Original Message - From: Sexton, George [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, October 08, 2002 1:42 PM Subject: RE: DBMS access denied with Jakarta NT Service Don't you think the name and version number of the DBMS would be of the least bit help in solving your issue? -Original Message- From: Cinzia S [mailto:[EMAIL PROTECTED]] Sent: 08 October, 2002 2:10 AM To: [EMAIL PROTECTED] Subject: DBMS access denied with Jakarta NT Service Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
DBMS access denied with Jakarta NT Service
Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: DBMS access denied with Jakarta NT Service
excuse me but I would like to know how do you do to access a database with tomcat 3.3.1 server.xml? web.xml? lookup? Can you give me a complete exemple? thanks for your help -Message d'origine- De: Cinzia S [SMTP:[EMAIL PROTECTED]] Date: mardi 8 octobre 2002 10:10 À:[EMAIL PROTECTED] Objet:DBMS access denied with Jakarta NT Service Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: DBMS access denied with Jakarta NT Service
Don't you think the name and version number of the DBMS would be of the least bit help in solving your issue? -Original Message- From: Cinzia S [mailto:[EMAIL PROTECTED]] Sent: 08 October, 2002 2:10 AM To: [EMAIL PROTECTED] Subject: DBMS access denied with Jakarta NT Service Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: DBMS access denied with Jakarta NT Service
just through a System DSN. The java application uses jdbc:odbc bridge. Nothing specific in server.xml or web.xm Thanks - Original Message - From: CLAIRE Celine [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, October 08, 2002 9:09 AM Subject: RE: DBMS access denied with Jakarta NT Service excuse me but I would like to know how do you do to access a database with tomcat 3.3.1 server.xml? web.xml? lookup? Can you give me a complete exemple? thanks for your help -Message d'origine- De: Cinzia S [SMTP:[EMAIL PROTECTED]] Date: mardi 8 octobre 2002 10:10 À: [EMAIL PROTECTED] Objet: DBMS access denied with Jakarta NT Service Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
RE: DBMS access denied with Jakarta NT Service
I'll be specific again: What database are you using? -Original Message- From: Cinzia S [mailto:[EMAIL PROTECTED]] Sent: 08 October, 2002 8:11 AM To: Tomcat Users List Subject: Re: DBMS access denied with Jakarta NT Service just through a System DSN. The java application uses jdbc:odbc bridge. Nothing specific in server.xml or web.xm Thanks - Original Message - From: CLAIRE Celine [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, October 08, 2002 9:09 AM Subject: RE: DBMS access denied with Jakarta NT Service excuse me but I would like to know how do you do to access a database with tomcat 3.3.1 server.xml? web.xml? lookup? Can you give me a complete exemple? thanks for your help -Message d'origine- De: Cinzia S [SMTP:[EMAIL PROTECTED]] Date: mardi 8 octobre 2002 10:10 À: [EMAIL PROTECTED] Objet: DBMS access denied with Jakarta NT Service Hi all, I'm having database access denied when running Jakarta as an NT Service, while no db access problems when running as a standalone program. This is the spec: Jakarta-Tomcat 3.3.1, servicing servlets and jsp requested by IIS through isapi_redirect.dll, Windows 2000 Server. Thanks for any suggestion -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Re: access denied for non-localhost ssl
Here's the solution to my problem, to get it into the archives for the next person: In server.xml, inside the 'host' element, I added an alias element with the domain name of the computer. aliaswww.host.domain.com/alias Joan Joan Friedman wrote: hi all, Thank you to anyone who helps me with this - I could use some new approaches. Access to my servlet through ssl is blocked unless I'm accessing through 'localhost', with an error page displayed saying 'access denied by access control list'. Here is what I've done so far: I've read tomcat's docs about ssl and security, searched google and the tomcat-user mailing list archives, and of course tomcat's logs. I added a security debug value to CATALINA_OPTS (-D.java.security.debug=all). I commented out the memory realm in tomcat's server.xml, and commented out the apache connector and service. None of that solved the problem. I'm using tomcat 4.0.4, standalone, with windows 2000 service pack 2. I configured ssl to work on port 1234 and non-ssl to run on port 80. As long as all my access is through localhost (http://localhost/servletname/whatever), both ssl and non-ssl work just fine. Access through the host's domain name or ipaddress works ok for non-ssl, both locally and from another machine. When I try to access the ssl pages using the host's domain name or ipaddress (rather than 'localhost'), I get this message in mozilla 1.1 Forbidden You were denied access because: Access denied by access control list. thanks for any help, Joan Friedman -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED] -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
access denied for non-localhost ssl
hi all, Thank you to anyone who helps me with this - I could use some new approaches. Access to my servlet through ssl is blocked unless I'm accessing through 'localhost', with an error page displayed saying 'access denied by access control list'. Here is what I've done so far: I've read tomcat's docs about ssl and security, searched google and the tomcat-user mailing list archives, and of course tomcat's logs. I added a security debug value to CATALINA_OPTS (-D.java.security.debug=all). I commented out the memory realm in tomcat's server.xml, and commented out the apache connector and service. None of that solved the problem. I'm using tomcat 4.0.4, standalone, with windows 2000 service pack 2. I configured ssl to work on port 1234 and non-ssl to run on port 80. As long as all my access is through localhost (http://localhost/servletname/whatever), both ssl and non-ssl work just fine. Access through the host's domain name or ipaddress works ok for non-ssl, both locally and from another machine. When I try to access the ssl pages using the host's domain name or ipaddress (rather than 'localhost'), I get this message in mozilla 1.1 Forbidden You were denied access because: Access denied by access control list. thanks for any help, Joan Friedman -- To unsubscribe, e-mail: mailto:[EMAIL PROTECTED] For additional commands, e-mail: mailto:[EMAIL PROTECTED]
Access Denied when starting tomcat
Hello. I am having difficulty getting apache tomcat to work despite having followed appropriate instructions. When I start tomcat with Startup.bat (in Windows 98) an MSDOS window appears stating that it has set CATALINA_BASE, CATALINA_HOME, CATALINA_TMPDIR, and JAVA_HOME to the directories specified in my Autoexec.bat (which have been set as instructed - I don't think this is the problem). Below these messages it says 'Access is denied' - I have traced the error to Catalina.bat at the line: %_EXECJAVA% %JAVA_OPTS% %CATALINA_OPTS% %DEBUG_OPTS% -Djava.endorsed.dirs=%JAVA_ENDORSED_DIRS% -classpath %CLASSPATH% -Dcatalina.base=%CATALINA_BASE% -Dcatalina.home=%CATALINA_H OME% -Djava.io.tmpdir=%CATALINA_TMPDIR% %MAINCLASS% %CMD_LINE_ARGS% %ACTION% This line (when echoed) became: start java * org.apache.catalina.startup.Bootstrap start (where * is all the classpath and java options) What is going on? I have tried using ports 80 and 8080... -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: [TC402] Manager Context in IIS 5 is access denied
Check the permissions for the redirector dll and the virtual directory. Also, if you want Tomcat to handle authentication (which you need for the manager app), IIS must be configured to allow anonymous access to the virtual directory. Randy -Original Message- From: Frans Thamura [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 5:04 PM To: Tomcat Users List Subject: [TC402] Manager Context in IIS 5 is access denied I install IIS + Tomcat 4.02 and activate the manager. i tomcat with manager context (http://localhost:8080/manager) it is work well.. but when i try the port 80 (IIS) access denied. Do you know this problem. Frans -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
[TC402] Manager Context in IIS 5 is access denied
I install IIS + Tomcat 4.02 and activate the manager. i tomcat with manager context (http://localhost:8080/manager) it is work well.. but when i try the port 80 (IIS) access denied. Do you know this problem. Frans
Access Denied Error
Hello there, We have an application where IIS 4.0 is connected to Tomcat 4.0.1 with SQL Server 7.0 as the database. Tomcat is started up with the security policy where in the class directory is mentioned. We encounter the following error when the application tries to connect to the database: java.security.AccessControlException: access denied (java.net.SocketPermission 10.20.4.100:1433 connect,resolve) at java.security.AccessControlContext.checkPermission(AccessControlContext.java:272) at java.security.AccessController.checkPermission(AccessController.java:399) at java.lang.SecurityManager.checkPermission(SecurityManager.java:545) at java.lang.SecurityManager.checkConnect(SecurityManager.java:1044) at java.net.Socket.(Socket.java:262) at java.net.Socket.(Socket.java:100) at com.internetcds.jdbc.tds.Tds.(Tds.java:177) at com.internetcds.jdbc.tds.Connection.allocateTds(Connection.java:333) at com.internetcds.jdbc.tds.Connection.(Connection.java:169) at com.internetcds.jdbc.tds.Driver.connect(Driver.java:257) at java.sql.DriverManager.getConnection(DriverManager.java:517) at java.sql.DriverManager.getConnection(DriverManager.java:177) at com.genisys.codwap.utilities.DBConnection.open(DBConnection.java:69) at org.apache.jsp.Login$jsp._jspService(Login$jsp.java:178) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:107) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:201) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:381) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:473) at javax.servlet.http.HttpServlet.service(HttpServlet.java:1264) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247) at org.apache.catalina.core.ApplicationFilterChain.access$0(ApplicationFilterChain.java:197) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:176) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:172) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:215) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2366) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163) at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1005) at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1098) at java.lang.Thread.run(Thread.java:484) We have given the socket privileges for the IP address and port no in the catalina.policy. But this does not solve the above problem. Thanks in advance, Vinay __ Do You Yahoo!? Send FREE Valentine eCards with Yahoo! Greetings! http://greetings.yahoo.com -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
ORB Singleton: Access Denied
Hi, I am using JDK1.3 and Tomcat 4.0 on win 2K. I am trying to access my remote machine and give a handle to my application server of the remote object using RMI-IIOP. I know this method works, because its been working on Websphere on OS/390. I am trying to port my product to Tomcat on Win/Linux. The code is ** orb = ORB.init(); // getIOR returns a string String factoryIOR = getIOR(path); //fails below org.omg.CORBA.Object genFacRef = orb.string_to_object(factoryIOR); ** When ran it gives me an exception called java.lang.securityException: ORBSingleton:access denied This is apparently a common error, but I have not found solutions on the net for this. Help would be appreciated. Thanks. Brown Bay. -- To unsubscribe: mailto:[EMAIL PROTECTED] For additional commands: mailto:[EMAIL PROTECTED] Troubles with the list: mailto:[EMAIL PROTECTED]
RE: IIS 5.0 Access denied for non-domain administrators
Check the permissions on the isapi_redirect.dll file. This is just a guess, but IIS might be looking to the permissions of the file you are about to execute to determine if you can execute it. Randy -Original Message- From: COFFMAN Steven [mailto:[EMAIL PROTECTED]] Sent: Wednesday, May 16, 2001 2:25 PM To: '[EMAIL PROTECTED]' Subject: IIS 5.0 Access denied for non-domain administrators Howdy. I got tomcat up and running on Win 2000 with IIS 5.0 just fine (jakarta as NT service), but when I changed the authentication to require basic and disallow anonymous, servlet access gives a 401.3 error: access denied by ACL on resource. When I authenticate as a domain administrator, everything works fine. It's only when a joe-average user tries to authenticate that things do not function properly. I've changed the permissions on the jakarta-tomcat directory to basically give everyone full control but still no go. I gave everyone log on locally rights even. The ISAPI filter has read, script, and execute. I've searched all the archives, the web, and spent a couple days taking messing with it, but I'm completely out of ideas. I have reboot several times since then with no change, so it's not that. If anyone has any suggestions whatsover, I will be eternally grateful. Would making jakarta be in-process help things? -Steve
RE: IIS 5.0 Access denied for non-domain administrators
What do you want to do? To use basic auth for the entire site? A solution : * Use ajp12 and Tomcat 3.3, * put TomcatAuthentication attribute to true on the ajp12 request interceptor line on server.xml. * Disengage *all* auth from IIS... * Put container auth to work on your contexts , tweaking web.xml, as an example follow the examples context web.xml, changing it to BASIC instead of FORM auth You will get BASIC auth handled enterely by tomcat ..not using IIS for auth at all.. I'm still having no time to research why with ajp13 the method does not work.. I need to figure out how to protect static resources whne served by IIS ..but at least for me do the job.. protecting at least the dynamic portinon of my sites..this is all that i need..:) Saludos , Ignacio J. Ortega -Mensaje original- De: COFFMAN Steven [mailto:[EMAIL PROTECTED]] Enviado el: miércoles 16 de mayo de 2001 20:25 Para: '[EMAIL PROTECTED]' Asunto: IIS 5.0 Access denied for non-domain administrators Howdy. I got tomcat up and running on Win 2000 with IIS 5.0 just fine (jakarta as NT service), but when I changed the authentication to require basic and disallow anonymous, servlet access gives a 401.3 error: access denied by ACL on resource. When I authenticate as a domain administrator, everything works fine. It's only when a joe-average user tries to authenticate that things do not function properly. I've changed the permissions on the jakarta-tomcat directory to basically give everyone full control but still no go. I gave everyone log on locally rights even. The ISAPI filter has read, script, and execute. I've searched all the archives, the web, and spent a couple days taking messing with it, but I'm completely out of ideas. I have reboot several times since then with no change, so it's not that. If anyone has any suggestions whatsover, I will be eternally grateful. Would making jakarta be in-process help things? -Steve
JSP Interaction Problem - Access Denied
--- | A | --- | | | | B |C| | | | --- I have an application in which within one browser window I wish to display, within 3 frames, 3 separate JSPs. Frames A and B are JSPs sourced from server 1 Frame C is a JSP sourced from Server 2 When the JSP from Frame C attempt to obtain session information from the JSP in Frame B, the JSP in Frame C generates an ACCESS DENIED error. How do I fix this, if it is fixable? Have I provided sufficient information? Thanks _ Darrell Porter Operations Manager 415.355.9990 x290 [EMAIL PROTECTED] WiseConnect, Inc. http://www.wiseconnect.com/ "Powering the people behind stores"
Re: JSP Interaction Problem - Access Denied
On Fri, 23 Mar 2001, Darrell Porter wrote: --- | A | --- | | | | B |C| | | | --- I have an application in which within one browser window I wish to display, within 3 frames, 3 separate JSPs. Frames A and B are JSPs sourced from server 1 Frame C is a JSP sourced from Server 2 When the JSP from Frame C attempt to obtain session information from the JSP in Frame B, the JSP in Frame C generates an ACCESS DENIED error. This is a standard security feature in your browser, and doesn't directly have anything to do with JSPs. The browser sees that the two frames came from different hosts, so it prevents cross-host access in order to avoid malicious scripts from one host interfering with the operation of an application from another host. How do I fix this, if it is fixable? Have I provided sufficient information? You can check through the config settings for your browser, but I'm not sure that any of them will allow you to turn this off -- it's pretty dangerous. Darrell Porter Craig McClanahan
