tomcat to tomcat redirect.
Hi All, I'm using tomcat 5.5 . I'm using public IP- http://1.2.3.4:8084/Project/. Now the similar instance is running on the internal IP. http ://192.168.100.102:8080/Project/. My question is - Can I redirect from http://1.2.3.4:8084/Project/ to http ://192.168.100.102:8080/Project/ ? Please help me for the same. Thnaks Rohan7 -- View this message in context: http://www.nabble.com/tomcat-to-tomcat-redirect.-tp19912490p19912490.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] Communicating between webapps
Thanks to all for the answers, and an interesting thread. As just an occasional dabbler into this, I must say that the more I dig into Java, the more I get the impression that this is a language that needs lifetime dedication in order to fully understand the beauties of it. I am starting to understand why the designers built introspection into it, so it could look into itself. I think that was revenge. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat to tomcat redirect.
- Original Message - From: Rohan7 [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Friday, October 10, 2008 8:02 AM Subject: tomcat to tomcat redirect. Hi All, I'm using tomcat 5.5 . I'm using public IP- http://1.2.3.4:8084/Project/. Now the similar instance is running on the internal IP. http ://192.168.100.102:8080/Project/. My question is - Can I redirect from http://1.2.3.4:8084/Project/ to http ://192.168.100.102:8080/Project/ ? Please help me for the same. Thnaks Rohan7 Hi Rohan, Not sure if you asking how to set TC if so look at the connector in server.xml... Or if you want to do an actual redirect in your app... response.sendRedirect(newUrl); --- HARBOR : http://www.kewlstuff.co.za/index.htm The most powerful application server on earth. The only real POJO Application Server. See it in Action : http://www.kewlstuff.co.za/cd_tut_swf/whatisejb1.htm --- If you cant pay in gold... get lost... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problems of 5.0 to 5.5 upgrade
ancles wrote: So how could I find the best way to achieve this in programming? Achieve what? What is it you are actually trying to do? Mark Mark Thomas-18 wrote: In both cases what are you actually trying to achieve. The 5.0-5.5 refactoring means that the 'new' classes might not be the best way to achieve what you are trying to achieve. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6.0.18 empties tomcat-users.xml
Hi, thanks a lot, you are right, they are commented out and I did not see that. At least for me it was a bit unexpected that Tomcat clears at least parts of a configuration file, but thats OK. best regards Robert -- [EMAIL PROTECTED] On Oct 9, 2008, at 22:20, Caldarale, Charles R wrote: From: Robert Hufsky [mailto:[EMAIL PROTECTED] Subject: Tomcat 6.0.18 empties tomcat-users.xml Before starting, $CATALINA_HOME/conf/tomcat-users.xml contains the default user entries. Look again - they're all commented out. After starting Tomcat, $CATALINA_HOME/conf/tomcat-users.xml is pretty much empty and looks like ?xml version='1.0' encoding='utf-8'? tomcat-users /tomcat-users That's expected behavior. If you don't want Tomcat to rewrite the file on startup, set the readonly attribute to true in the Resource element for UserDatabase in the conf/server.xml file. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setHeader after DoFilter delegation in filter?
slioch wrote: [...] I'll risk an explanation here.. I think maybe the issue is a misunderstanding of how a servlet filter works. It took me a while too, but I think I've got it in the end. Sorry if this is level 101, that's my own level. What was confusing to me at first, is that this is different from, for instance, Apache input and output filters. There there is a clear distinction between an input filter, which sees all the data on the way in to the application, and an output filter, which sees all the data that the application produces, before it goes out to the browser. An input filter and and output filter are two separate pieces of code, and you can install them independently. In the Java servlet view of things, a filter is a wrapper, within which the other filters and the webapp run. It's like an onion : your filter is the outer layer, within which there are possibly further layers (other filters), and at the center is the webapp. When your filter calls doFilter(), it executes all its inner layers in one go. The bummer is that, unless you take pains to change that, each of these layers has a direct access to the output buffers, which live outside the onion. So unless you prevent them from doing that, they will start putting bytes there, and by the time your doFilter() returns, it's too late to change that. When you execute doFilter(), in fact you execute, at that point, all the further filters that are in the chain, and the webapp at the deepest level. If any of these starts sending output, then by the time the doFilter() returns, that output is already past your filter, and there is nothing you can do anymore to modify it. If you want something else to happen, then you have to do something like this : - in your filter, subclass the HttpRequest, say as myHttpRequest. In this subclass, redefine the methods that the underlying filters and webapp will (presumably) use to send output to the buffer. In these redefined methods, you can then do whatever you want to transform what the application sends out via these methods. - then, instead of passing the original HttpRequest to the doFilter(), pass your own myHttpRequest instance of it. This way, whenever the application thinks it is just using the (say) HttpRequest.setHeader() method, it is in fact using *your* myHttpRequest.setHeader() method, in which you can catch and pervert whatever you want, before passing it on to the real HttpRequest.setHeader() method. The point is, if you let any underlying (from the point of your filter) other filter or webapp call i.e. the original setHeader(), then that's it : that line of output is now already in the HTTP output buffer queue, and by the time your doFilter() returns, it no longer can claw it back. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
is possible Single sign on authentication with unique page login on the same tomcat server?
Hi all, I have implemented a custom single sign on JAAS login for a tomcat 6.018 server, it's works perfectly with my only context that I had until now. I have added the second context into the same server and i like to set form-login-page/form-login-page in web.xml context file to access a page from the other context, but always starts the URL's page login with its name context. Can I reference a page of the other context or I will have to create other page login for this context ? Thank you very much. Best regards, Mariano
Re: setHeader after DoFilter delegation in filter?
André Warnier wrote: slioch wrote: [...] I'll risk an explanation here.. I think maybe the issue is a misunderstanding of how a servlet filter works. It took me a while too, but I think I've got it in the end. Sorry if this is level 101, that's my own level. What was confusing to me at first, is that this is different from, for instance, Apache input and output filters. There there is a clear distinction between an input filter, which sees all the data on the way in to the application, and an output filter, which sees all the data that the application produces, before it goes out to the browser. An input filter and and output filter are two separate pieces of code, and you can install them independently. In the Java servlet view of things, a filter is a wrapper, within which the other filters and the webapp run. It's like an onion : your filter is the outer layer, within which there are possibly further layers (other filters), and at the center is the webapp. When your filter calls doFilter(), it executes all its inner layers in one go. The bummer is that, unless you take pains to change that, each of these layers has a direct access to the output buffers, which live outside the onion. So unless you prevent them from doing that, they will start putting bytes there, and by the time your doFilter() returns, it's too late to change that. When you execute doFilter(), in fact you execute, at that point, all the further filters that are in the chain, and the webapp at the deepest level. If any of these starts sending output, then by the time the doFilter() returns, that output is already past your filter, and there is nothing you can do anymore to modify it. If you want something else to happen, then you have to do something like this : - in your filter, subclass the HttpRequest, say as myHttpRequest. In this subclass, redefine the methods that the underlying filters and webapp will (presumably) use to send output to the buffer. In these redefined methods, you can then do whatever you want to transform what the application sends out via these methods. - then, instead of passing the original HttpRequest to the doFilter(), pass your own myHttpRequest instance of it. Close enough; the spec has some stuff that covers this type of problem, so I'd recommend investigating: javax.servlet.http.HttpServletRequestWrapper javax.servlet.http.HttpServletResponseWrapper (hereafter HSRsW) Using the latter should allow you to modify the appropriate header. HSRsW wrappedHres = new HttpServletResponseWrapper(hres); chain.doFilter(hreq, wrappedHres); Where your HSRsW contains appropriate code to modify the header, perhaps in the construction phase. p This way, whenever the application thinks it is just using the (say) HttpRequest.setHeader() method, it is in fact using *your* myHttpRequest.setHeader() method, in which you can catch and pervert whatever you want, before passing it on to the real HttpRequest.setHeader() method. The point is, if you let any underlying (from the point of your filter) other filter or webapp call i.e. the original setHeader(), then that's it : that line of output is now already in the HTTP output buffer queue, and by the time your doFilter() returns, it no longer can claw it back. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Monitoring of services deployed in tomcat
Hi, the lambdaprobe site doesn't seem to be online since september or like. Softpedia ( http://www.softpedia.com/get/UNIX/Networking/Server-Applications/LambdaProbe-for-Tomcat.shtml) could help. Chris, did it ever happen to you to get an exception like this (lower) after logging into lambdaprobe? (Or at least don't you know a place to ask, since the pages are down?) Seems to me like comming on all our servers upgraded to tomcat 6. I use the lambdaprobe 1.7. For me it looked similat to an exception i used to get by spring with bad dependencies, but here i don't think so. EXCEPTION: java.lang.StackOverflowError javax.servlet.ServletException: java.lang.StackOverflowError at org.apache.jasper.runtime.PageContextImpl.doHandlePageException(PageContextImpl.java:852) at org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:781) at org.apache.jsp.index_jsp._jspService(index_jsp.java:64) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at com.opensymphony.module.sitemesh.filter.PageFilter.parsePage(PageFilter.java:120) at com.opensymphony.module.sitemesh.filter.PageFilter.doFilter(PageFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:857) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:565) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:1509) at java.lang.Thread.run(Unknown Source) Caused by: java.lang.StackOverflowError at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at org.springframework.web.util.NestedServletException.getCause(NestedServletException.java:69) at javax.servlet.ServletException.getRootCause(ServletException.java:96) at AND SO ON AND SO ON, until the stack is full... Nikola 2008/10/7 Christopher Schultz [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Raghu, Raghunandan wrote: Is it required to monitor the deployed services in tomcat? No. You can ignore Tomcat after it's been started if you want. Is there option for auto restart if the service goes down? Tomcat does not include any such functionality. You will need to set up this capability on your own. If it is necessary to monitor the deployed services, what are the different ways of monitoring. google tomcat monitoring Many folks have had good results using LambdaProbe (http://www.lambdaprobe.org/), but this does not include any auto-restart features: it's mainly reporting on Tomcat and the JVM from a running instance. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32)
RE: external folder be mapped to Tomcat 'specific 'web application'
Hi I have checkd the URL ' http://tomcat.apache.org/tomcat-6.0-doc/config/context.html done the same for our applications, But please check if this can be achieved ? 1) My external folder which has *images* is on folder e/STATICIMAGES 2) TOMCAT6018 is installed on folder D:/TOMCAT5523 3) The web apps under XYZAPPS is as D:/TOMCAT5523/webapps/XYZAPPS and accessible via http://IP:PORT/XYZAPPS Is this possible to map the STATICIMAGES to webapps to serve in browser as * http://IP:PORT/XYZAPPS/STATICIMAGES * With regardfs Karthik -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 7:32 PM To: Tomcat Users List Subject: Re: external folder be mapped to Tomcat 'specific 'web application' Karthik Nanjangude wrote: Hi SPEC TOMCAT 6018 O/s UNIX11 J2SDK 1.6 Folder : /root/images Web application folder : /root/TOMCAT6018 / webapps / XYZAPPS Note: by defining the xml in context under TOMCAT6018/conf/Catalina\localhost Virtual Mapping as 'http://IP:PORT/images' can be achieved Question Can a external folder be mapped to Tomcat 'specific 'web application' only as shown below The URL Mapping should behttp://IP:PORT/XYZAPPS/images Yes, just set up a sub-context. Something like a file called: $CATALINA_BASE/Catalina/localhost/XYZAPPS#images.xml with content: Context docBase=/root/images / Reason : Most of the APP Servers for web container provide this functionality So does Tomcat ;) See http://tomcat.apache.org/tomcat-6.0-doc/config/context.html for details. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
(updated) Problem in finding APP-BASE (IIS--- Worker Tomcat A----Tomcat B---- Further config help
Hi , I have a problem in finding the webapps and my application where it is deployed My application URL is http://virtualdir.cca.com.in/via/jsp/Index.jsp WebServer is :Microsoft IIS Web Container: Apache tomcat 4.1.30 I need to find my apps class files. This is what i did to trace to find the class file. 1. I went to IIS service manager to find the virtual directory( virtualdir). It uses tomcat A as a worker tomcat (with Worker.properties and URIWorkermap.properties) 2.Then I went to this Worker Tomcat A's CATALINA_HOME/conf/ntis/worker.properties to find the port number of tomcat and server in which listens for requests. 3.I found it is tomcat B.I went to Tomcat B's CATALINA_HOME and there i can find the webapps folder present. but there is no BIN folder For the purpose of restart which tomcat should i use.Please help me on this? I need to find the tomcat!! Regards, Thangavel Sankaranarayanan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
Hi, I had a look at the tomcat dbcp documentation and found that it is possible to retrieve the underlying connection. As described here http://commons.apache.org/dbcp/configuration.html The problem i am getting now is that i still cannot cast the class properly to get the underlying connection. As described in the docs i added the following property in the datasource definition [code] accessToUnderlyingConnectionAllowed=true [/code] My datasource definition now looks like this [code] Resource name=jdbc/testdb auth=Container type=javax.sql.DataSource driverClassName=oracle.jdbc.driver.OracleDriver url=jdbc:oracle:thin:@10.10.10.10:1521:testdb username=testuser password=testuser maxActive=20 maxIdle=10 maxWait=-1 accessToUnderlyingConnectionAllowed=true/ [/code] And change my code slightly to be [code] Connection conn = ds.getConnection() Connection dconn = ((DelegatingConnection) conn).getInnermostDelegate(); [/code] The problem i have now is i am getting a class cast execption on the second line (where i am trying to getInnermostDelegate(). Here is the error i am getting [code] java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource$PoolGuardConnectionWrapper at com.bt.ccs21.data.accessors.ConsignmentDAO.submitDeclaration(ConsignmentDAO.java:250) at com.bt.ccs21.presentation.events.consignment.search.SubmitDeclaration.midAction(SubmitDeclaration.java:105) at com.bt.ccs21.presentation.events.CCS21EventAction.execute(CCS21EventAction.java:67) at org.apache.struts.chain.commands.servlet.ExecuteAction.execute(ExecuteAction.java:58) at org.apache.struts.chain.commands.AbstractExecuteAction.execute(AbstractExecuteAction.java:67) at org.apache.struts.chain.commands.ActionCommandBase.execute(ActionCommandBase.java:51) at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) at org.apache.commons.chain.generic.LookupCommand.execute(LookupCommand.java:304) at org.apache.commons.chain.impl.ChainBase.execute(ChainBase.java:190) at org.apache.struts.chain.ComposableRequestProcessor.process(ComposableRequestProcessor.java:283) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1913) at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:462) at javax.servlet.http.HttpServlet.service(HttpServlet.java:647) at javax.servlet.http.HttpServlet.service(HttpServlet.java:729) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:174) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:875) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:689) at java.lang.Thread.run(Thread.java:595) [/code] Thanks On Thu, Oct 9, 2008 at 5:53 PM, Ziggy [EMAIL PROTECTED] wrote: Hi, I originally only had it on $TOMCAT_HOME/common/lib but it didnt work. I only put it on both locations to test it out. I have now removed the copy from $APPLICATION_ROOT_DIR/WEB-INF/ lib/ and i still have the same problem described below. Thanks On Thu, Oct 9, 2008 at 5:35 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Ziggy [mailto:[EMAIL PROTECTED] Sent: 2008 October 09, Thursday 11:12 org.apache.tomcat.dbcp.dbcp.PoolingDataSource I have placed the jdbc driver on both the following directories [code] $TOMCAT_HOME/common/lib/ $APPLICATION_ROOT_DIR/WEB-INF/lib/ [/code] Never, never, never put the same class(es) in more than one location in a given branch of the classloader tree. Since you're using Tomcat to manage the DB connection pool, the .jar file containing the JDBC driver classes must be placed in common/lib. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: Problem in finding APP-BASE (IIS--- Worker Tomcat A----Tomcat B---- Further config help
Thangavel Sankaranarayanan wrote: Hi , I have a problem in finding the webapps and my application where it is deployed My application URL is http://virtualdir.cca.com.in/via/jsp/Index.jsp That's not a real URL, so why do you mention it ? WebServer is :Microsoft IIS Web Container: Apache tomcat 4.1.30 That is a very old Tomcat. This is not to annoy you, but just to let you know that some people on this list were still in programming school when that one was released, so not many are still here that can really help you. I need to find my apps class files. This is what i did to trace to find the class file. 1. I went to IIS service manager to find the virtual directory( virtualdir). It uses tomcat A as a worker tomcat (with Worker.properties and URIWorkermap.properties) How do you know that ? I mean, unless I am mistaken, these two files will not tell you which Tomcat, just its hostname and port, no ? Can you copy them here ? 2.Then I went to this Worker Tomcat A's CATALINA_HOME Same question : how did you find this one ? /conf/ntis/worker.properties to find the port number of tomcat and server in which listens for requests. Well, this will tell you to which host and port IIS/redirector is sending the requests, but not really who is listening. For that, you need the conf/server.xml of Tomcat. 3.I found it is tomcat B.I went to Tomcat B's CATALINA_HOME So you have 2 Tomcats ? and there i could not find any webapps folder present. That is still possible. Maybe the webapps *are* somewhere else. That would be indicated in the Host tag inside the server.xml of the Tomcat that is really there (the appBase attribute). To me at least, what you write above is a bit confusing. How do you know that you have 2 Tomcats, and which one has which CATALINA_HOME (or CATALINA_BASE) ? Since this seems to be all under Windows (yes?), if you go in a command window and type net start, how many Tomcat's do you see listed ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problems of 5.0 to 5.5 upgrade
Sorry for not making it clear. Current question is how to set a customize SSLImplemention for a HTTPS connector. In previous version we use CoyoteServerSocketFactory.setSSLImplementation(); I have checked the Tomcat document and found the factory (nested component of connector) was removed. I guess this method can achieve this setting: Connector.setProperty(sSLImplementation, custom_SSLImpl); But a new problem is there's no method to replace setting ciphers attribute of Factory. Connector port=8443 ... Factory className=a custom ServerSocketFactory class ciphers= / /Connector I need to migrate the ciphers setting in custom SSLImplement to new version Tomcat. Another problem about Deployer, I am still investigating it. It brought much trouble that the Deployer.install() method was removed. Mark Thomas-18 wrote: ancles wrote: So how could I find the best way to achieve this in programming? Achieve what? What is it you are actually trying to do? Mark Mark Thomas-18 wrote: In both cases what are you actually trying to achieve. The 5.0-5.5 refactoring means that the 'new' classes might not be the best way to achieve what you are trying to achieve. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/problems-of-5.0-to-5.5-upgrade-tp19896877p19914612.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ziggy, Ziggy wrote: The problem i am getting now is that i still cannot cast the class properly to get the underlying connection. Your best bet is to use standard JDBC API calls instead of trying to use Oracle's proprietary APIs. You may have to use Oracle's connection pooling instead of Tomcat's. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvXeIACgkQ9CaO5/Lv0PB2vQCfb8amv7/X/UPq6VBllTKh/awT CUIAnRTeS2VG3c6ExUUvagIn67tZPJLi =yyGE -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: dbcp error with java.lang.ClassCastException: org.apache.tomcat.dbcp.dbcp.PoolingDataSource
Hi, I am really stuck with the tomcat connection pool as its the application server that i am using. How does the oracle connection pool work? Could you point me to some info somewhere so that i can read about it. Thanks On Fri, Oct 10, 2008 at 2:51 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ziggy, Ziggy wrote: The problem i am getting now is that i still cannot cast the class properly to get the underlying connection. Your best bet is to use standard JDBC API calls instead of trying to use Oracle's proprietary APIs. You may have to use Oracle's connection pooling instead of Tomcat's. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvXeIACgkQ9CaO5/Lv0PB2vQCfb8amv7/X/UPq6VBllTKh/awT CUIAnRTeS2VG3c6ExUUvagIn67tZPJLi =yyGE -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Serge, Serge Fonville wrote: I have Tomcat 6.0.18 with the native dll installed I have two hosts presently (more to come) localhost and autumn.nl What I want now is *.autumn.nl accessble only via http You need a Host name=autumn.nl with an HTTP Connector only. Also, you need to set this Host as the defaultHost for your Engine. secure.autumn.nl accessible only via https You need a Host name=secure.autumn.nl with an HTTPS Connector only. localhost accessible via both Another Host name=localhost with both kinds of connectors. See http://tomcat.apache.org/tomcat-6.0-doc/config/host.html and http://tomcat.apache.org/tomcat-6.0-doc/config/engine.html Note that for each Host you have, you will need separate deployment directories and each application will be deployed separately for each host. So, if you have 2 applications to deploy over these 3 domains, you'll get 6 running applications. There /are/ other ways of achieving your goal. Here are some ideas that will allow you to have only a single instance of each of your applications running: 1. Run Apache httpd out front to handle SSL and your security desires. I suspect you already know how to configure this. 2. Use filters in your application (or valves directly in Tomcat) to inspect requests and reject those that match certain criteria (such as SSL access to (^secure).autumn.nl. You can use a tool like http://tuckey.org/urlrewrite/ to do this quite easily. I'm sure there are other ways. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvZo4ACgkQ9CaO5/Lv0PBNpQCfaQscn9zwpv+lgUW+AdDNhuF8 VmgAn2KfcNZaz7iu7sMk2xvScMEWhQ/m =XiAQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
refresh bad db connection on tomcat - urgent help
Hi All, what is the syntaxt to refresh bad db connection on tomcat - context.xml? We are using tomcata 5.5.9 connecting to oracle 10. The issue is that our jvm crashed because in the connection pool we had bad db connection and it the connections were out of limit. we could not detect and it happened in our prod environment. if there is any command for that it would be great help. Thanks, Srinivas Jonnalagadda - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter, Peter Rossbach wrote: As you want SSL enabled, you must add schema=https secure=true SSLEnabled=true at your config. No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvZ6EACgkQ9CaO5/Lv0PD1jQCcCSGXFpvP3L5lkDV62rQJau+J qekAoIhvvNGuoewgdwa6omh6bvzoAlX/ =hA5e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: video/x-flv mime-mapping does not for Tomcat 5.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André Warnier wrote: Johnny Kewl wrote: - Original Message - From: Dave [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Tuesday, October 07, 2008 11:03 PM Subject: video/x-flv mime-mapping does not for Tomcat 5.5 we are using JBoss4.0.5. For flash video, we added mime-mapping extensionflv/extension mime-typevideo/x-flv/mime-type /mime-mapping in tomcat conf/web.xml. Restarted jboss. When uploading a foo.flv, uploadeFile.getContentType returns application/octet-stream, not video/x-flv. Could you please help me? I think Johnny's talking nonsense. But he's gone watch the debate, so I can probably get away with this. Seriously, my guess : I think you are confusing what happens on the way in (browser - Tomcat) with what happens on the way out (Tomcat - browser). The mime-mappings above probably only tell Tomcat what it should put in the HTTP response headers as Content-type when *returning* such a file to the browser. On the way in, on the other hand, it is the browser that guesses the file type, and sends this to the server as part of the POST data. The server then just picks up what the browser says. If the browser doesn't know what the file is, it will probably in this case determine that the file is binary (not text), and since it does not know a precise type, it will send it with a type application/octet-stream, which is the standard safe Mime type for any binary file you do not really know the type of. Try the following : somewhere in your browser or your operating system, there must be a way to specify that ..for this file type .. do this. Do that for this file type, and then try to resubmit the same file to your Tomcat application and see what it says. If it then works, unfortunately that is only a solution for your own browser and your own workstation. In order to determine the file type correctly no matter which browser it comes from, you probably have to do it in your application. There exist standard modules/add-ons/libraries/subroutines in most programming languages, that can make guesses at the mime type of a file. Unfortunately in Java I personally don't know what it would be. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvaFIACgkQ9CaO5/Lv0PAU6ACgv9T2Cs9QXQMMw3cwaZ1nanY5 QsUAn1T/KVvoljpv30b9pWCdXhkHk4n3 =GiGc -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: video/x-flv mime-mapping does not for Tomcat 5.5
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, (Sorry for the blank post. Who knew CTRL-ENTER would ever be something I would hit accidentally?) André Warnier wrote: There exist standard modules/add-ons/libraries/subroutines in most programming languages, that can make guesses at the mime type of a file. Unfortunately in Java I personally don't know what it would be. You've hit the nail on the head: the browser doesn't know the content-type of the file, so it just uses the generic application/octet-stream. On the server side, you need to figure out what that should be converted to if you don't like the content-type provided by the client (browser). You can do this in any servlet like this: String guessedContentType = getServletContext().getMimeType(filename); This method should use the mime-type mapping you have set up in conf/web.xml. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvaRoACgkQ9CaO5/Lv0PBoZgCeIDqXjKl6rQHdvQZG3nTliCrU sKYAn3ku1W3aWbvjiv/E1PO+pDy1tV22 =Gshk -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Monitoring of services deployed in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikola, Nikola Bozadziev wrote: the lambdaprobe site doesn't seem to be online since september or like. Softpedia ( http://www.softpedia.com/get/UNIX/Networking/Server-Applications/LambdaProbe-for-Tomcat.shtml) could help. Wow, that's no good! did it ever happen to you to get an exception like this (lower) after logging into lambdaprobe? (Or at least don't you know a place to ask, since the pages are down?) Seems to me like comming on all our servers upgraded to tomcat 6. I use the lambdaprobe 1.7. I've lost me LambdaProbe credentials and have no idea what file to look in, and the WAR file I have doesn't seem to advertise its version number, so I have no idea what version I'm (not) running. I've never seen any exceptions when running lambdaprobe, though. For me it looked similat to an exception i used to get by spring with bad dependencies, but here i don't think so. StackOverflowError is probably not a deployment issue (unless you have circular Spring deps, which is certainly possible). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvZDYACgkQ9CaO5/Lv0PCVywCZAYS2IcM5TAg5hS9EAwn9KBIo yIoAniDajdO+afQGebyrKpZxspswyyti =hDlb -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication behaviour
On 9 Oct 2008 at 14:16, Christopher Schultz wrote: Maurizio, Christopher, Maurizio Lotauro wrote: On 6 Oct 2008 at 14:58, Christopher Schultz wrote: [...] If you are writing network code, you need to handle disconnects at any time. This is handled, but in that case there is no need to send the rest of request. That's a reasonable interpretation of the spec, but obviously not a practical one. Even omitting and interpreting? Sure. The server can interpret part of the request and respond whenever it wants. Here's another good example: some servers have a file-size upload limit. If the server were required to process the entire file upload before rejecting it (based upon the Content-Length header), DOS attacks would be trivial to mount against any web server. This is a good point. But I suppose that in this case the server also close the connection, otherwise it would be useless. In our case the connection is keep alive. BTW what is the status code in that case? [...] I think my file upload example is a compelling one. If the connection is closed by the server then it is a different situation. Bye, Maurizio. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem in finding APP-BASE (IIS--- Worker Tomcat A----Tomcat B---- Further config help
Hi , I have a problem in finding the webapps and my application where it is deployed My application URL is http://virtualdir.cca.com.in/via/jsp/Index.jsp WebServer is :Microsoft IIS Web Container: Apache tomcat 4.1.30 I need to find my apps class files. This is what i did to trace to find the class file. 1. I went to IIS service manager to find the virtual directory( virtualdir). It uses tomcat A as a worker tomcat (with Worker.properties and URIWorkermap.properties) 2.Then I went to this Worker Tomcat A's CATALINA_HOME/conf/ntis/worker.properties to find the port number of tomcat and server in which listens for requests. 3.I found it is tomcat B.I went to Tomcat B's CATALINA_HOME and there i could not find any webapps folder present. I think TOMCAT B is configured in such a manner it in turn sends the request to some other tomcat. Please help me on this to find the APP-BASE. Thanks in Advance.. Regards, Thangavel Sankaranarayanan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: external folder be mapped to Tomcat 'specific 'web application'
From: Karthik Nanjangude [mailto:[EMAIL PROTECTED] Subject: RE: external folder be mapped to Tomcat 'specific 'web application' 1) My external folder which has *images* is on folder e/STATICIMAGES I presume there's a colon missing in the above, and all your forward slashes should really be back slashes. (It helps to be precise, so people don't have to guess at what you're really doing.) 2) TOMCAT6018 is installed on folder D:/TOMCAT5523 Is this possible to map the STATICIMAGES to webapps to serve in browser as * http://IP:PORT/XYZAPPS/STATICIMAGES * Mark T already told you exactly how to do this: Yes, just set up a sub-context. Something like a file called: $CATALINA_BASE/Catalina/localhost/XYZAPPS#images.xml with content: Context docBase=/root/images / For your specific environment, the file containing the Context element is: D:\TOMCAT5523\Catalina\localhost\XYZAPPS#STATICIMAGES.xml (assuming you insist on using upper case names; this is case-sensitive, even on Windows). The Context element within the above file looks like this: Context docBase=E:/STATICIMAGES / (Yes, that is a forward slash in the above, even on Windows.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK and IIS - troubles?
Apologies, This one is much better, netstat shows 50 connections I don't know enough of Tomcat to understand if anything in this log could cause this issue.. Thanks! Br1 http://www.nabble.com/file/p19920236/tomcat%2Bthread%2Bdump%2B4%2B-%2Bfiltered.zip tomcat+thread+dump+4+-+filtered.zip -- View this message in context: http://www.nabble.com/JK-and-IIS---troubles--tp19750760p19920236.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: refresh bad db connection on tomcat - urgent help
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Srinivas, Srinivas Jonnalagadda wrote: what is the syntaxt to refresh bad db connection on tomcat - context.xml? We are using tomcata 5.5.9 connecting to oracle 10. The issue is that our jvm crashed because in the connection pool we had bad db connection and it the connections were out of limit. we could not detect and it happened in our prod environment. if there is any command for that it would be great help. Just to be clear: you ran out of database connections, or your database connections went stale and you just need to replace one connection at a time? If you are getting stale connections, you just need to set a validation query in your connection configuration. In your application's META-INF/context.xml, you should have a Resource element which defines your data source (this may also be in Tomcat's server.xml if you have a global data source). Just add validationQuery=SELECT 1 FROM DUAL to detect stale connections. The query itself is irrelevant, except that it needs to return successfully and you want something that's not going to put a load on the server. Some drivers/servers support a 'ping' query that is super lightweight (for instance, recent versions of MySQL's Connector/J allows a query starting with '/* ping */' to be used as a lightweight communications check). If you are leaking connections from your pool, you should review your application for proper try/finally processing of JDBC connections. Tomcat's connection pool (which is really commons-dbcpo in disguise) can help you find places where connection are being leaked using a few other attributes: logAbandoned=true removeAbandoned=true removeAbandonedTimeout=30 These settings tell the connection pool that it should keep track of where connections are borrowed from the connection pool. If the connection hasn't been returned to the pool within removeAbandonedTimeout seconds, then the connection will be purged from the pool, and a stack trace showing the code that borrowed the connection will be dumped into your log. See http://commons.apache.org/dbcp/configuration.html for more information. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvcOEACgkQ9CaO5/Lv0PDVWACfTxkUIKm/M6mcGVnFQ9yQjsKe RfYAnjnaW8aSH4ZGOJqrg4GAXshyasyk =FsRS -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is possible Single sign on authentication with unique page login on the same tomcat server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mariano, Mariano López wrote: I have added the second context into the same server and i like to set form-login-page/form-login-page in web.xml context file to access a page from the other context, but always starts the URL's page login with its name context. I'm not sure what else is possible, but you could always set your form-login-page to point to a URL that gets redirected to the preferred login URL in your other context. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvcTYACgkQ9CaO5/Lv0PA2WQCeLoZXKd7yAeGgOOz2S2rM6Xpg lvUAnjFMP7/c3fjj8RDnqS9IQfHwoXi9 =etQQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat to tomcat redirect.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rohan7, Rohan7 wrote: I'm using tomcat 5.5 . I'm using public IP- http://1.2.3.4:8084/Project/. Now the similar instance is running on the internal IP. http ://192.168.100.102:8080/Project/. My question is - Can I redirect from http://1.2.3.4:8084/Project/ to http ://192.168.100.102:8080/Project/ ? A redirect isn't what you want. Technically, a redirect is a response to the original request back to the client that says see this other URL instead. That's not going to work with your private, non-routable 192.168 IP address. Instead, what you're talking about doing is proxying. I'm positive Tomcat can be used as a proxy, but there are better packages out there for proxying like Apache httpd (a bit heavy, but definitely up to the task) or squid (which is exclusively a proxy server). Do you want to proxy all traffic, or just a few special URLs? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvcf0ACgkQ9CaO5/Lv0PDRKgCgpA7zNP0/ljxlnQWA6dvxqX/1 2sEAnjQqzXsVsaKlrOwhGWpFXhW/cu4w =4zLL -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). David - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Forwarding an exception to the default HTTP 500 error page
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lance, Lance Bader wrote: Everything works fine when the proxy exception is in the cause chain, but I don't want to handle all the cases were the javax.el.ELException is caused by something else! Instead, I want to forward those cases to the existing Tomcat HTTP 500 error report page. Why not create your own error page and use that throughout your application? The default Tomcat 500 error page is pretty ugly. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvcoIACgkQ9CaO5/Lv0PA0nQCgmG8FBMAh1lQGPlcmH4mUIXy6 jV4AoJe/f8gkvSz5GXBxSCmcgbP8caYu =dZDf -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Host
Chris, Thanks a lot for your reply. I read both and what I still don't get is: How do I specify a connector to a host? it seems connectors cannot be nested inside an engine nor in a host and connectors can contain neither Otherwise I would create two engines one with ssl and the other without and specify the hosts herein or with each host, specify which connectors it can use or specify the applicable hosts inside a connector Those three aren't possibe (according to the docs) I would like https://localhost/ and http://localhost/ to refer to the same appbase and have http://*.autumn.nl/ to refer to one appbase and https://secure.autumn.nl/ to another appbase basically having three appbases, secure.autumn.nl, localhost and *.autumn.nlwhich then contain contexts as usual How would I go about this then? Thanks in advance, Serge Fonville On Fri, Oct 10, 2008 at 4:28 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Serge, Serge Fonville wrote: I have Tomcat 6.0.18 with the native dll installed I have two hosts presently (more to come) localhost and autumn.nl What I want now is *.autumn.nl accessble only via http You need a Host name=autumn.nl with an HTTP Connector only. Also, you need to set this Host as the defaultHost for your Engine. secure.autumn.nl accessible only via https You need a Host name=secure.autumn.nl with an HTTPS Connector only. localhost accessible via both Another Host name=localhost with both kinds of connectors. See http://tomcat.apache.org/tomcat-6.0-doc/config/host.html and http://tomcat.apache.org/tomcat-6.0-doc/config/engine.html Note that for each Host you have, you will need separate deployment directories and each application will be deployed separately for each host. So, if you have 2 applications to deploy over these 3 domains, you'll get 6 running applications. There /are/ other ways of achieving your goal. Here are some ideas that will allow you to have only a single instance of each of your applications running: 1. Run Apache httpd out front to handle SSL and your security desires. I suspect you already know how to configure this. 2. Use filters in your application (or valves directly in Tomcat) to inspect requests and reject those that match certain criteria (such as SSL access to (^secure).autumn.nl. You can use a tool like http://tuckey.org/urlrewrite/ to do this quite easily. I'm sure there are other ways. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvZo4ACgkQ9CaO5/Lv0PBNpQCfaQscn9zwpv+lgUW+AdDNhuF8 VmgAn2KfcNZaz7iu7sMk2xvScMEWhQ/m =XiAQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problems of 5.0 to 5.5 upgrade
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Ancles, ancles wrote: Current question is how to set a customize SSLImplemention for a HTTPS connector. In previous version we use CoyoteServerSocketFactory.setSSLImplementation(); I have checked the Tomcat document and found the factory (nested component of connector) was removed. I guess this method can achieve this setting: Connector.setProperty(sSLImplementation, custom_SSLImpl); What does your custom SSL implementation do that is not supported by the standard? Maybe you don't even need to do what you are trying to do... But a new problem is there's no method to replace setting ciphers attribute of Factory. Connector port=8443 ... Factory className=a custom ServerSocketFactory class ciphers= / /Connector I need to migrate the ciphers setting in custom SSLImplement to new version Tomcat. Note that the Connector element for Tomcat already supports the setting of whatever ciphers you want to use. You might want to read http://tomcat.apache.org/tomcat-5.5-doc/config/http.html#SSL+Support - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvc84ACgkQ9CaO5/Lv0PDNagCfemOLZ/dwNjwviGoHzyRdT2PL 5P0Ani8BF1E3lFNDZCJF81WvybR+tyYn =NDYi -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Host
From: Serge Fonville [mailto:[EMAIL PROTECTED] Subject: Re: SSL Host I read both and what I still don't get is: How do I specify a connector to a host? You can't. You would need multiple Service elements, each with its own nested Connector and corresponding Host elements. Alternatively, to keep the configuration much simpler, use valves as Chris suggested to accept or reject requests based on whatever rules you like. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Host
Chuck, Thanks for your answer. I tried and it works Just one thing; If I access https://*.autumn.nl (which shouldn't exist, I get the defaulthost, instead I wan't to get a 404 of some sort, indicating that that site does not exist? Do I need to add a 404-host to either engine as a default host service which just throws a 404 or something Thanks a lot so far, Serge Fonville On Fri, Oct 10, 2008 at 5:27 PM, Caldarale, Charles R [EMAIL PROTECTED] wrote: From: Serge Fonville [mailto:[EMAIL PROTECTED] Subject: Re: SSL Host I read both and what I still don't get is: How do I specify a connector to a host? You can't. You would need multiple Service elements, each with its own nested Connector and corresponding Host elements. Alternatively, to keep the configuration much simpler, use valves as Chris suggested to accept or reject requests based on whatever rules you like. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and apache and jk_mod HowTo
Hello all, Be kind, this is my first mailing to the usergroup. I am implementing a webserver for a group use, where most of the group will be creating web pages with php and jsp connections. This server is running Ubuntu Gutsy (7.10) and may be updated to Hardy shortly. In the mean time, currently I'm running apache/2.2.4 with the mod_user module enabled, and people in the group using public_html directories to serve their web pages. I have come to expect that not many in the group will be utilizing jsp as the scripting language of choice, but would like it to be available, thus I am trying to implement tomcat and a connector with jk_mod to apache. I have successfully setup Tomcat (version 6.0.18) with Java 1.6.0_03 (Java(TM) SE Runtime Environment (build 1.6.0_03-b05)), and I have downloaded the mod_jk-1.2.23-apache-2.2.x-linux-i686.so module and symlinked /usr/lib/apache2/modules/mod_jk.so to that file. BTW: I have also setup the user webapp access successfully and can connect to http://localhost:8090/~username/webapp.jsp I planned to use this HowTo to get mod_jk configured in Tomcat and Apache, but am seeing different references and believe this article might be a few versions behind: http://tomcat.apache.org/connectors-doc/generic_howto/quick.html This section: Here is the minimum which should be set in httpd.conf directly or included from another file: # Load mod_jk module # Update this path to match your modules location LoadModulejk_module libexec/mod_jk.so # Declare the module for IfModule directive (remove this line on Apache 2.x) AddModule mod_jk.c # Where to find workers.properties # Update this path to match your conf directory location (put workers.properties next to httpd.con$ JkWorkersFile /etc/httpd/conf/workers.properties # Where to put jk shared memory # Update this path to match your local state directory or logs directory JkShmFile /var/log/httpd/mod_jk.shm # Where to put jk logs # Update this path to match your logs directory location (put mod_jk.log next to access_log) JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevelinfo # Select the timestamp log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] # Send everything for context /examples to worker named worker1 (ajp13) JkMount /examples/* worker1 I believe there should be some changes to these instructions, and I would ask that someone with more knowledge than me give me validation and any pointers to ensuring that this works as planned. I am creating a file called /etc/apache2/conf.d/mod_jk.conf that contains the above information with the alterations as follows: change libexec/mod_jk.so to /usr/lib/apache2/mod_jk.so comment out the AddModule mod_jk.c line repace all instances of httpd with apache2 and point the JkWorkersFile to /etc/apache2/conf.d/workers.properties Does this make sense? Also, I've interpreted from http://tomcat.apache.org/connectors-doc/generic_howto/workers.html that the workers.properties file should be in $CATALINA_HOME/conf/ is this not correct? Is there anything else that needs to be done, other than restarting apache2 and tomcat? I attempted these changes and stopped tomcat and apache, then started apache and got the following error: [EMAIL PROTECTED]:~$ sudo /etc/init.d/apache2 start * Starting web server apache2 Syntax error on line 2 of /etc/apache2/conf.d/workers.properties: Invalid command 'worker.list=worker1', perhaps misspelled or defined by a module not included in the server configuration [fail] I've looked at the log and no jk log is being created, and the error log doesn't have anything after stopping the apache daemon. Any help would be greatly appreciated. Thanks!
Re: JK and IIS - troubles?
br1 wrote: I managed to schedule a few thread dumps (3, with a 5 seconds interval) and a Tomcat restart in case of troubles, and just implemented some more logging. I kept the faulty Tomcat app running all day. There were three failures today, but thanks to the logging I just added I can be only sure about the last one, and it was blocking the whole site. As usual, a simple Tomcat restart cured the whole site hang. The HTTP error the application gives, as well as the error of the site root (that BTW is a static html page) simply is: The connection with the server was terminated abnormally Very strangely, an (automated) netstat in this last event shows just four (4) ESTABLISHED connections on the Tomcat server from the IIS server when everything was failing. Can you provide the netstat (because of having a look at other connection stati aprt from ESTABLISHED). I am enclosing the last thread dump here, hoping it could shed some light. Unfortunately the thread dumps show that Tomcat is basically idle. Three threads are connected to the redirector and wait for the next request, and one thread actually works on a request (ag_005fclassifschemes JSP). A few additional threads are sitting idle in the pool, waiting for handling future connections. The picture is the same in all 3 dumps. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
Tim Potter wrote: Be kind, this is my first mailing to the usergroup. I'll do my best. This server is running Ubuntu Gutsy (7.10) and may be updated to Hardy shortly. In the mean time, currently I'm running apache/2.2.4 with the mod_user module enabled, and people in the group using public_html directories to serve their web pages. I have come to expect that not many in the group will be utilizing jsp as the scripting language of choice, but would like it to be available, thus I am trying to implement tomcat and a connector with jk_mod to apache. I have successfully setup Tomcat (version 6.0.18) with Java 1.6.0_03 (Java(TM) SE Runtime Environment (build 1.6.0_03-b05)), and I have downloaded the mod_jk-1.2.23-apache-2.2.x-linux-i686.so module and symlinked /usr/lib/apache2/modules/mod_jk.so to that file. Not relevant concerning your observations, but when you start something new, you shouldn't use old version without good reasons. Apache httpd is at 2.2.9 (soon 2.2.10) and mod_jk is at 1.2.26. Java 6 is at 1.6.0_07. BTW: I have also setup the user webapp access successfully and can connect to http://localhost:8090/~username/webapp.jsp Fine. I planned to use this HowTo to get mod_jk configured in Tomcat and Apache, but am seeing different references and believe this article might be a few versions behind: http://tomcat.apache.org/connectors-doc/generic_howto/quick.html This section: Here is the minimum which should be set in httpd.conf directly or included from another file: # Load mod_jk module # Update this path to match your modules location LoadModulejk_module libexec/mod_jk.so The default directory is libexec for httpd 1.3.x and modules for httpd 2.x. You can put any path here as long as the file is there. You can even point directly to the versioned file you downloaded without using any symlink. # Declare the module for IfModule directive (remove this line on Apache 2.x) AddModule mod_jk.c Delete this for httpd 2.x. # Where to find workers.properties # Update this path to match your conf directory location (put workers.properties next to httpd.con$ JkWorkersFile /etc/httpd/conf/workers.properties You can put the workers.properties file anywhere you like, as long as you put the chosen path here. You can even change it's name. Beware: Depending on your Linux distribution, there might be magic directories which should only contain httpd configuration files, because the httpd configuration of your distribution might try to read in all files in such a magic directory via Include when parsing the httpd configuration. The error cited by you below indicates, that this is the case here. Your httpd configuration contains an include for /etc/httpd/conf/*, so it tries to read all files including workers.properties although workers.properties is *not* a general httpd configuration file, but instead a special mod_jk file. So put it elsewhere and change the path given to JkWorkersFile accordingly. # Where to put jk shared memory # Update this path to match your local state directory or logs directory JkShmFile /var/log/httpd/mod_jk.shm # Where to put jk logs # Update this path to match your logs directory location (put mod_jk.log next to access_log) JkLogFile /var/log/httpd/mod_jk.log # Set the jk log level [debug/error/info] JkLogLevelinfo # Select the timestamp log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] Delete the JkLogStampFormat. The default should be fine. # Send everything for context /examples to worker named worker1 (ajp13) JkMount /examples/* worker1 If you want to forward requests for the URI /examples/*, then this is OK, else you need to put the URI here, that you are actually going to use, e.g. JkMount /*.jsp worker1. worker1 here is a name you can choose, but you need to define the properties of this worker in thhe JkWorkersFile (workers.properties), like IP, Port etc. I am creating a file called /etc/apache2/conf.d/mod_jk.conf that contains the above information with the alterations as follows: change libexec/mod_jk.so to /usr/lib/apache2/mod_jk.so comment out the AddModule mod_jk.c line repace all instances of httpd with apache2 and point the JkWorkersFile to /etc/apache2/conf.d/workers.properties Does this make sense? Yes, see above. Also, I've interpreted from http://tomcat.apache.org/connectors-doc/generic_howto/workers.html that the workers.properties file should be in $CATALINA_HOME/conf/ is this not correct? You can place it in an arbitrary directory, as long as you put the path to the file as the value to JkWorkersFile. Is there anything else that needs to be done, other than restarting apache2 and tomcat? Yes, producing a correct workers.properties file. I attempted these changes and stopped tomcat and apache, then started apache and got the following error: [EMAIL PROTECTED]:~$ sudo /etc/init.d/apache2 start * Starting web server apache2
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Filip, Filip Hanik - Dev Lists wrote: secure=... corresponds to request.isSecure I have not found this to be entirely true. Please see my original post. If secure=true merely sets the return value for request.isSecure, then I should not need a keystore file during startup. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfz0ACgkQ9CaO5/Lv0PD7qgCgncdi01+AR4eJiSTPHkyG7Ms2 +gQAoI9ZXQ2aLxQuhObdTyyxJnrmBMxG =Ygca -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Wall wrote: No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. What about the AJP connector, which does exactly the same thing? An SSL connection to Apache httpd is translated into a non-secure communication to Tomcat, and yet request.isSecure() returns true. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). I would also like to use transport-guaranteeCONFIDENTIAL/transport-guarantee which essentially requires HTTPS to be used. I would like to represent a connection as secure, not as HTTPS. Since I trust localhost, I consider that secure, just as I trust the connections coming from mod_jk as outlined above. This is not a case of true = false or 1 = 2. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfvoACgkQ9CaO5/Lv0PCJsACffNLqYH1/ecumoMiGdldz+Plz xh4An3/+JGTlWBRqWHUL34PMX9pSebDe =4Bwd -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is possible Single sign on authentication with unique page login on the same tomcat server?
Hi Christopher, that is what I have, but tomcat always put the current context name before login page URL of other context and gives bad reference to page. Regards, Mariano 2008/10/10 Christopher Schultz [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mariano, Mariano López wrote: I have added the second context into the same server and i like to set form-login-page/form-login-page in web.xml context file to access a page from the other context, but always starts the URL's page login with its name context. I'm not sure what else is possible, but you could always set your form-login-page to point to a URL that gets redirected to the preferred login URL in your other context. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvcTYACgkQ9CaO5/Lv0PA2WQCeLoZXKd7yAeGgOOz2S2rM6Xpg lvUAnjFMP7/c3fjj8RDnqS9IQfHwoXi9 =etQQ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: The code in 6.0 is noticeably different from that in 5.5 for protocol initialization, including setting up the socket factory. Would it be possible to test the config on 6.0 to see if you can achieve the desired results there? Here is what I've found: Tomcat 5.5.26 with the following Connector configuration (which is identical to that provided in the example server.xml that ships with TC 5.5.26 plus the secure=true attribute): Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true secure=true / I get the following exception: java.io.FileNotFoundException: /home/chris/.keystore (No such file or directory) at java.io.FileInputStream.open(Native Method) at java.io.FileInputStream.init(FileInputStream.java:106) at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:284) Removing the secure=true attribute results in a successful startup (as expected). Tomcat 6.0.18 with the following Connector configuration (which is the default that ships with TC 6.0.18 plus the secure=true attribute): Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8443 secure=true / Successful startup. Using HTTP, a test JSP reports that request.isSecure() returns true, which is exactly what Filip claims. It appears that the behavior of TC 6.0 and 5.5 are not the same. I would have expected 5.5 to act like 6.0. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvhBEACgkQ9CaO5/Lv0PCyfwCeLea0BMA8CwntIS5GcuM+09KM ebYAnislqC5kphJalmEBoy+YcuM9JhQt =ltK5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK and IIS - troubles?
br1 wrote: Apologies, This one is much better, netstat shows 50 connections I don't know enough of Tomcat to understand if anything in this log could cause this issue.. Much better: You have a synchronization issue in your database connection pool. It seems you are using the c3p0 pool, which can be found at: http://c3p0.cvs.sourceforge.net/ Your thread dumps (all three of them) show, that 52 threads are waiting to get a connection from the pool: java.lang.Object.wait(Native Method) - waiting on 0x07c3cc50 (a com.mchange.v2.resourcepool.BasicResourcePool) com.mchange.v2.resourcepool.BasicResourcePool.awaitAcquire(BasicResourcePool.java:968) com.mchange.v2.resourcepool.BasicResourcePool.checkoutResource(BasicResourcePool.java:208) - locked 0x07c3cc50 (a com.mchange.v2.resourcepool.BasicResourcePool) com.mchange.v2.c3p0.impl.C3P0PooledConnectionPool.checkoutPooledConnection(C3P0PooledConnectionPool.java:260) com.mchange.v2.c3p0.PoolBackedDataSource.getConnection(PoolBackedDataSource.java:94) com.mchange.v2.c3p0.ComboPooledDataSource.getConnection(ComboPooledDataSource.java:521) org.theorg.thebranch.util.Sql.GetMySqlJDBCConnFromPool(Sql.java:61) Those calls are coming from three JSPs: Count JSP 47 jinclude.pager_jsp 3 ag_005ffigures_jsp 2 ag_005falpha_jsp but those are not the problems. The problem seems to be either in the pool, or the application doesn't return connections correctly to the pool after use. The c3p0 web site has a couple of bug entries, which at first site look related. One Thread TP-Processor number 8 is working on some request in all three dumps, returning content via the default servlet. In this situation further requests would simply get stuck in the same stack, eating up IIS threads and connections. You can free the IIS threads by using a reply_timeout for the worker, but you can't break the waiting for the pool inside tomcat. If you consider using a reply_timeout, use version 1.2.26 of the redirector and don't set the timeout to low. Also consider using max_reply_timeouts. If the reply_timeout fires (and you got more than max_reply_timeouts of them), then the redirector will disable the whole worker (Tomcat) for some time. In the observed situation this is the correct way of handling it, but you don't want to set the timeout let's say to 5 seconds and then notice, that every now and then a Tomcat gets disabled because one request took longer than 5 seconds. Have a look at the Timeouts docs page. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
Same here. I terminate all SSL in a load balancer and forward in the clear back to 8080 or 8081. Application code is peppered non-standard calls to see things set by a filter to see if it's considered secure even though Tomcat thinks otherwise. In the more extreme case, I could consider all packets to be secure in that all packets are traveling over a VPN tunnel or on a high-speed interconnect between nodes inside the same box. If I recall, SSL doesn't actually require you to negotiate any encryption standard (the NULL cipher -- http://www.openssl.org/docs/ apps/ciphers.html). And of course, selecting SSL doesn't meant the keys haven't been unknowingly compromised. Really, this should be a marker to denote that the connection is administratively considered secure. greg On Oct 10, 2008, at 9:12 AM, Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Wall wrote: No, I don't want SSL enabled. I want Tomcat to NOT do SSL, but I want it to report to my application that SSL is being used. So you want quality software to lie to you? It would be a bug if Tomcat said it was secure when it's not, and it sounds pretty goofy to want it. What about the AJP connector, which does exactly the same thing? An SSL connection to Apache httpd is translated into a non-secure communication to Tomcat, and yet request.isSecure() returns true. The deal is that I want to be able to have a localhost-only Connector that appears to be secure, but isn't actually using SSL so I can avoid the SSL performance hit. So use HTTP. Appearing secure buys you nothing other than fooling yourself. You are not telling us something because such a spec makes no sense. Your app can assume anything it wants (boolean isSecure = true; int one = 2;). I would also like to use transport-guaranteeCONFIDENTIAL/transport-guarantee which essentially requires HTTPS to be used. I would like to represent a connection as secure, not as HTTPS. Since I trust localhost, I consider that secure, just as I trust the connections coming from mod_jk as outlined above. This is not a case of true = false or 1 = 2. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvfvoACgkQ9CaO5/Lv0PCJsACffNLqYH1/ecumoMiGdldz+Plz xh4An3/+JGTlWBRqWHUL34PMX9pSebDe =4Bwd -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
I attempted these changes and stopped tomcat and apache, then started apache and got the following error: [EMAIL PROTECTED]:~$ sudo /etc/init.d/apache2 start * Starting web server apache2 Syntax error on line 2 of /etc/apache2/conf.d/workers.properties: Invalid command 'worker.list=worker1', perhaps misspelled or defined by a module not included in the server configuration [fail] See above, this is because there is some include for any file in /etc/apache2/conf in some of your httpd configuration files. workers.properties is not understandable by httpd itself, only by mod_jk, which will load it separately. Regards, Rainer Rainer, Thanks for your prompt reply. I was able to resolve the apache error by moving the workers.properties file to /etc/apache2/ and changing the relevant reference in /etc/apache2/conf.d/jk_mod I also added Listener className=org.apache.jk.config.ApacheConfig modJk=/usr/lib/apache2/mod_jk.so workersConfig=/etc/apache2/workers.properties / between /Host and /Engine in the conf/server.xml file Now Apache starts successfully. I also modified jk_mod section: JkMount /*.jsp worker1 as you suggested. With this apache runs, and tomcat runs (as it should), however, .jsp files are not being parsed. Should I change the Connector port=8090 protocol=HTTP/1.1 to 80 Any suggestions for troube shooting this? Aslo, can you CC me on these emails, as I am only subscribed to the digest and don't get your message without awaiting that or checking the archives. Thanks so much!
RE: Non-secure HTTP connector with secure=true requires a keystore?
From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? Successful startup. Using HTTP, a test JSP reports that request.isSecure() returns true, which is exactly what Filip claims. It appears that the behavior of TC 6.0 and 5.5 are not the same. That's what I surmised from reading the code; 6.0 is more straightforward, with less interaction amongst the attributes. I would have expected 5.5 to act like 6.0. An odd assumption... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: SSL Host
From: Serge Fonville [mailto:[EMAIL PROTECTED] Subject: Re: SSL Host If I access https://*.autumn.nl (which shouldn't exist, I get the defaulthost, instead I wan't to get a 404 of some sort, indicating that that site does not exist? A request that has a domain that resolves to your IP address but doesn't match your declared Host or Alias names will be sent to the default Host for the Engine. If you want all requests with a non-approved domain to be given a 404, keep the default Host separate from the others, and don't deploy *anything* under it (unless you want to present a pretty error page, in which case create a ROOT webapp for the default Host that does only that). Alternatively, use a valve to reject such requests. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Non-secure HTTP connector with secure=true requires a keystore?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: From: Christopher Schultz [mailto:[EMAIL PROTECTED] Subject: Re: Non-secure HTTP connector with secure=true requires a keystore? I would have expected 5.5 to act like 6.0. An odd assumption... Perhaps I should have said the 6.0 behavior is what I would have expected. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvjZIACgkQ9CaO5/Lv0PAkgwCeMFz4Co5amkOKLC0PgKM7LcU6 NXAAoLsyCs226ONrxTUtrUqO1spwKglN =4j8S -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
I also added Listener className=org.apache.jk.config.ApacheConfig modJk=/usr/lib/apache2/mod_jk.so workersConfig=/etc/apache2/workers.properties / between /Host and /Engine in the conf/server.xml file The listeners are only needed if you want Tomcat to generate a mod_jk configuration for you. The files which are auto-generated by the listener are not very good though. I would suggest to write a simple workers.properties yourself. worker.list=worker1 worker.worker1.host=XXX worker.worker1.port=YYY XXX should by the address of the system, on which your Tomcat runs. If it is the same as your Apache system, localhost should do it. You can use names or IP address, but the name has to be resolvable during startup of httpd. YYY is the port number of your Tomcat AJP port. It is not the same as the HTTP port of Tomcat (8090). You will find the port number in your server.xml. There should be a Connector element there for the AJP protocol. By default it is 8009. Now Apache starts successfully. I also modified jk_mod section: JkMount /*.jsp worker1 as you suggested. If everything works, you should have a look the the reference docs pages for tomcat-connectors, especially those concerning Apache and Workers. Regards, Rainer - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is possible Single sign on authentication with unique page login on the same tomcat server?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mariano, Mariano López wrote: Hi Christopher, that is what I have, but tomcat always put the current context name before login page URL of other context and gives bad reference to page. I'm not suggesting that you do: form-login-page/path/to/other/context/login.jsp/form-login-page Instead, I'm suggesting that you do this: form-login-page/same/webapp/login.jsp/form-login-page login.jsp: % response.sendRedirect(/path/to/other/context/login.jsp); % - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvmXoACgkQ9CaO5/Lv0PBNMgCgoS3ocIoOaLstVuQegRKR8O3G a0oAoL2XLxyCD/23k6bZs2U+BrUaFouR =sual -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
On Fri, Oct 10, 2008 at 12:16 PM, Rainer Jung [EMAIL PROTECTED]wrote: I also added Listener className=org.apache.jk.config.ApacheConfig modJk=/usr/lib/apache2/mod_jk.so workersConfig=/etc/apache2/workers.properties / between /Host and /Engine in the conf/server.xml file The listeners are only needed if you want Tomcat to generate a mod_jk configuration for you. The files which are auto-generated by the listener are not very good though. I would suggest to write a simple workers.properties yourself. worker.list=worker1 worker.worker1.host=XXX worker.worker1.port=YYY XXX should by the address of the system, on which your Tomcat runs. If it is the same as your Apache system, localhost should do it. You can use names or IP address, but the name has to be resolvable during startup of httpd. YYY is the port number of your Tomcat AJP port. It is not the same as the HTTP port of Tomcat (8090). You will find the port number in your server.xml. There should be a Connector element there for the AJP protocol. By default it is 8009. Now Apache starts successfully. I also modified jk_mod section: JkMount /*.jsp worker1 as you suggested. If everything works, you should have a look the the reference docs pages for tomcat-connectors, especially those concerning Apache and Workers. Regards, Rainer It seems that every thing is running, however I get the Tomcat 404 error (in the Tomcat style, not apache style) on a test page that I have put in /var/www [EMAIL PROTECTED]:~$ ls -al /var/www | grep test -rw-r--r-- 1 rootroot 235 2008-10-10 12:04 test.jsp output of apache2/error.log [Fri Oct 10 12:59:32 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4 mod_jk/1.2.23 configured -- resuming normal operations output of access.log xxx.xxx.xxx.xxx- - [10/Oct/2008:13:00:26 -0500] GET /test.jsp HTTP/1.1 404 979 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) output of mod_jk.log [Fri Oct 10 12:59:32 2008] [19584:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized [Fri Oct 10 12:59:32 2008] [19585:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized output of catalina.out Oct 10, 2008 12:59:53 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 645 ms Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Oct 10, 2008 12:59:54 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/37 config=null Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 924 ms So It seems that the call to test.jsp is being redirected somewhere? Am I missing something? Thanks again!
Re: Tomcat and apache and jk_mod HowTo
On Fri, Oct 10, 2008 at 1:20 PM, Tim Potter [EMAIL PROTECTED] wrote: On Fri, Oct 10, 2008 at 12:16 PM, Rainer Jung [EMAIL PROTECTED]wrote: I also added Listener className=org.apache.jk.config.ApacheConfig modJk=/usr/lib/apache2/mod_jk.so workersConfig=/etc/apache2/workers.properties / between /Host and /Engine in the conf/server.xml file The listeners are only needed if you want Tomcat to generate a mod_jk configuration for you. The files which are auto-generated by the listener are not very good though. I would suggest to write a simple workers.properties yourself. worker.list=worker1 worker.worker1.host=XXX worker.worker1.port=YYY XXX should by the address of the system, on which your Tomcat runs. If it is the same as your Apache system, localhost should do it. You can use names or IP address, but the name has to be resolvable during startup of httpd. YYY is the port number of your Tomcat AJP port. It is not the same as the HTTP port of Tomcat (8090). You will find the port number in your server.xml. There should be a Connector element there for the AJP protocol. By default it is 8009. Now Apache starts successfully. I also modified jk_mod section: JkMount /*.jsp worker1 as you suggested. If everything works, you should have a look the the reference docs pages for tomcat-connectors, especially those concerning Apache and Workers. Regards, Rainer It seems that every thing is running, however I get the Tomcat 404 error (in the Tomcat style, not apache style) on a test page that I have put in /var/www [EMAIL PROTECTED]:~$ ls -al /var/www | grep test -rw-r--r-- 1 rootroot 235 2008-10-10 12:04 test.jsp output of apache2/error.log [Fri Oct 10 12:59:32 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4 mod_jk/1.2.23 configured -- resuming normal operations output of access.log xxx.xxx.xxx.xxx- - [10/Oct/2008:13:00:26 -0500] GET /test.jsp HTTP/1.1 404 979 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) output of mod_jk.log [Fri Oct 10 12:59:32 2008] [19584:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized [Fri Oct 10 12:59:32 2008] [19585:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized output of catalina.out Oct 10, 2008 12:59:53 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 645 ms Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Oct 10, 2008 12:59:54 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/37 config=null Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 924 ms So It seems that the call to test.jsp is being redirected somewhere? Am I missing something? Thanks again! I was definately on to something as I went to http://mysite/index.jsp and got to the webapp/ROOT/index.jsp status page!! but the images are not loading error.log: [Fri Oct 10 13:25:49 2008] [error] [client xxx] File does not exist: /var/www/tomcat-power.gif, referer: http://mysite/index.jsp I honestly do not care too much about that, I can try to fix that later. Snow my question is how do I make the calls transparent, in that when I go to http://mysite/~username/index.jsp it GET's from /home/~username/public_html/index.jsp and parses the script instead of just displays the html?
Problem running TC 6.0.18 with CATALINA_BASE
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, I've been running multiple TC 4.1 and 5.5 instances using CATALINA_BASE for years, and I'm starting to play with TC 6.x. I use ant to run bin/startup.sh (actually, I usually go right for catalina.sh start, but I went to using startup.sh just to simplify things a bit) and it does not seem to be working for me. Here are the steps I went through: 0. I'm using Sun JDK 1.5.0_13-b05 on Gentoo Linux kernel 2.6. 1. Installed the tar.gz version of TC 6.0.18 directly from the TC site (installed into /usr/local/apache-tomcat-6.0.18) 2. Created a deployment directory (/home/chris/app/connector-test/8785) and installed the following directories and files: /home/chris/app/connector-test/ /home/chris/app/connector-test/8785 /home/chris/app/connector-test/8785/conf /home/chris/app/connector-test/8785/conf/web.xml /home/chris/app/connector-test/8785/conf/server.xml /home/chris/app/connector-test/8785/webapps /home/chris/app/connector-test/8785/logs /home/chris/app/connector-test/8785/temp web.xml and server.xml are identical to the config files from the distro. All files and directories are owned and writable/executable by the user who will be launching Tomcat. 3. Started tomcat using my ant tomcat-start target: echo=== Starting Tomcat === JAVA_HOME is ${app.java-home} CATALINA_BASE is ${app.home.dir} /echo exec os=Linux executable=${app.tomcat-home}/bin/startup.sh env key=JAVA_HOME value=${app.java-home} / env key=CATALINA_BASE value=${app.home.dir} / /exec I added some 'echo' statements to catalina.sh to display the command ultimately being run, and this is the output: tomcat-start: [echo] === [echo] Starting Tomcat [echo] === [echo] JAVA_HOME is /usr [echo] CATALINA_BASE is /home/chris/app/connector-test/8785 [exec] running command: /usr/bin/java - -Djava.endorsed.dirs=/usr/local/apache-tomcat-6.0.18/endorsed -classpath :/usr/local/apache-tomcat-6.0.18/bin/bootstrap.jar - -Dcatalina.base=/home/chris/app/connector-test/8785 - -Dcatalina.home=/usr/local/apache-tomcat-6.0.18 - -Djava.io.tmpdir=/home/chris/app/connector-test/8785/temp org.apache.catalina.startup.Bootstrap start /home/chris/app/connector-test/8785/logs/catalina.out 21 BUILD SUCCESSFUL Total time: 1 second All the paths are correct and the command looks good to me. The result is that I get this and only this in /home/chris/app/connector-test/8785/logs/catalina.out: Exception in thread main java.lang.NoClassDefFoundError: That's right: no exception stack trace. No nothing. Just that one line of output, and the process dies. When running directly from the deployment directory (i.e. NOT using CATALINA_BASE), startup works as expected. Here is the output from the standard launch: Using CATALINA_BASE: /usr/local/apache-tomcat-6.0.18 Using CATALINA_HOME: /usr/local/apache-tomcat-6.0.18 Using CATALINA_TMPDIR: /usr/local/apache-tomcat-6.0.18/temp Using JRE_HOME: /etc/java-config-2/current-system-vm running command: /etc/java-config-2/current-system-vm/bin/java - -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager - -Djava.util.logging.config.file=/usr/local/apache-tomcat-6.0.18/conf/logging.properties - -Djava.endorsed.dirs=/usr/local/apache-tomcat-6.0.18/endorsed -classpath :/usr/local/apache-tomcat-6.0.18/bin/bootstrap.jar - -Dcatalina.base=/usr/local/apache-tomcat-6.0.18 - -Dcatalina.home=/usr/local/apache-tomcat-6.0.18 - -Djava.io.tmpdir=/usr/local/apache-tomcat-6.0.18/temp org.apache.catalina.startup.Bootstrap start /usr/local/apache-tomcat-6.0.18/logs/catalina.out 21 Obviously there are some differences, here. First, JAVA_HOME is set differently, but that does not seem to be a problem since they actually point to the same place (Gentoo has some very configurable Java installation options). Also, the logging configuration looks different. catalina.sh sniffs for $CATALINA_BASE/conf/logging.properties and adds configuration as necessary. Since I have no logging.properties, this is also no surprise. catalina.base, catalina.home, and the classpath all look correct and there appear to be no obvious problems. Does anyone have any suggestions? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvqhcACgkQ9CaO5/Lv0PDiEQCeMptOzf9KLvvxplUQin1TBAq8 N10An3gvFy7bIgIetrMS6Wi0dRamjRHd =ihJl -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat and apache and jk_mod HowTo
the way you have it configured.. test.jsp would only render if implemented in the 'ROOT' webapp of TC I would suggest implementing a test webapp where the exact physical location of test.jsp would be $CATALINA_HOME/webapps/test/test.jsp Regards/ Martin __ Disclaimer and confidentiality note Everything in this e-mail and any attachments relates to the official business of Sender. This transmission is of a confidential nature and Sender does not endorse distribution to any party other than intended recipient. Sender does not necessarily endorse content contained within this transmission. Date: Fri, 10 Oct 2008 13:20:32 -0500 From: [EMAIL PROTECTED] To: users@tomcat.apache.org Subject: Re: Tomcat and apache and jk_mod HowTo On Fri, Oct 10, 2008 at 12:16 PM, Rainer Jung [EMAIL PROTECTED]wrote: I also added Listener className=org.apache.jk.config.ApacheConfig modJk=/usr/lib/apache2/mod_jk.so workersConfig=/etc/apache2/workers.properties / between /Host and /Engine in the conf/server.xml file The listeners are only needed if you want Tomcat to generate a mod_jk configuration for you. The files which are auto-generated by the listener are not very good though. I would suggest to write a simple workers.properties yourself. worker.list=worker1 worker.worker1.host=XXX worker.worker1.port=YYY XXX should by the address of the system, on which your Tomcat runs. If it is the same as your Apache system, localhost should do it. You can use names or IP address, but the name has to be resolvable during startup of httpd. YYY is the port number of your Tomcat AJP port. It is not the same as the HTTP port of Tomcat (8090). You will find the port number in your server.xml. There should be a Connector element there for the AJP protocol. By default it is 8009. Now Apache starts successfully. I also modified jk_mod section: JkMount /*.jsp worker1 as you suggested. If everything works, you should have a look the the reference docs pages for tomcat-connectors, especially those concerning Apache and Workers. Regards, Rainer It seems that every thing is running, however I get the Tomcat 404 error (in the Tomcat style, not apache style) on a test page that I have put in /var/www [EMAIL PROTECTED]:~$ ls -al /var/www | grep test -rw-r--r-- 1 rootroot 235 2008-10-10 12:04 test.jsp output of apache2/error.log [Fri Oct 10 12:59:32 2008] [notice] Apache/2.2.4 (Ubuntu) PHP/5.2.3-1ubuntu6.4 mod_jk/1.2.23 configured -- resuming normal operations output of access.log xxx.xxx.xxx.xxx- - [10/Oct/2008:13:00:26 -0500] GET /test.jsp HTTP/1.1 404 979 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1) output of mod_jk.log [Fri Oct 10 12:59:32 2008] [19584:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized [Fri Oct 10 12:59:32 2008] [19585:34480] [info] init_jk::mod_jk.c (2743): mod_jk/1.2.23 initialized output of catalina.out Oct 10, 2008 12:59:53 PM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: /usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386/client:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/lib/i386:/usr/lib/jvm/java-6-sun-1.6.0.03/jre/../lib/i386:/usr/java/packages/lib/i386:/lib:/usr/lib Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol init INFO: Initializing Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina load INFO: Initialization processed in 645 ms Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardService start INFO: Starting service Catalina Oct 10, 2008 12:59:54 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.18 Oct 10, 2008 12:59:54 PM org.apache.coyote.http11.Http11Protocol start INFO: Starting Coyote HTTP/1.1 on http-8090 Oct 10, 2008 12:59:54 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 Oct 10, 2008 12:59:54 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/37 config=null Oct 10, 2008 12:59:54 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 924 ms So It seems that the call to test.jsp is being redirected somewhere? Am I missing something? Thanks again! _ Get more out of the Web. Learn 10 hidden secrets of Windows Live. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008
Re: Too many open files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohit, Mohit Anchlia wrote: So I tried all the options. I also changed the code to use connection pooling with only 2 connections but still there are bunch of CLOSE_WAITS. As soon as I stop tomcat all of them go away. I am not able to figure out why there are so many CLOSE_WAITS hanging around when I just have 2 connections in my pool. These are mostly HTTP connections to localhost, right? Maybe you are using connection timeout options that are too long for your quick transactions. CLOSE_WAIT is a normal TCP state, but if these polie up on top of each other because of long (minutes?) timeouts then you can easily run out of file handles (socket ~= file handle, which is why you are getting the too many open files error). Consider setting some of these timeout options on HttpClient (if such options exist) or researching the defaults for these options. Also, make sure you are cleaning up after your connections appropriately (properly catching IOExceptions, closing connections in finally blocks, etc.). If connections are closing unexpectedly, they may be sitting in CLOSE_WAIT longer than necessary. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvqzkACgkQ9CaO5/Lv0PA8dgCdHtFiD0gquai4yEBXOKdZFOrm bsEAoKOXMxo+u5I1EW2MQPuWvLJGhEYe =m2kr -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Too many open files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: PS: I see you have a Apache in front... Try this... setup the 8080 connector if you havnt already got it working in TC... and go into TC direct... then check file handles If no problem, you know its Apache or the JK connector... ... will at least point you in right direction... Oh, I hadn't even considered that. Are you using Apache httpd + mod_proxy_http? If so, then the connections might be the ones from Apache httpd to Tomcat, as Johnns suggests. In that case, you'll want to inspect your httpd configuration for socket timeout configuration options. Also, you might be able to remove Apache httpd from the mix entirely. Are you sure you need to front Tomcat with Apache? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvq7YACgkQ9CaO5/Lv0PAcbwCfTs6rmtPRXkGzqxQe3WvOMJiJ PkkAnRHrOl6QuoqOipqcyoCw3eZbcUjh =qWJz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache virtual hosts using different tomcat on different servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nicola, Nicola Burns wrote: Is it possible to have the following scenario configured? Executive summary: different back-end Tomcat servers for different VistualHosts. The answer is of course you can! It sounds like you want this: VirtualHost test1.foo.com workerA - localhost:jboss VirtualHost test2.foo.com workerB - server2:jboss test1.foo.com works. Test2.foo.com goes to the same application because they are both reading from the localhost mod-jk.conf. mod-jk.conf isn't something standard, so whatever you have has been home-built. I suspect that you have all your mod_jk configuration in there, including JkMount statements, and that you are including it at the top-level. You have to separate your JkMount statements into your VirtualHosts. For example, I have a global mod_jk.conf file and it looks like this: LoadModule jk_module /usr/lib/apache2/modules/mod_jk-1.2.26.so JkLogFile /var/log/apache2/mod_jk.log JkWorkersFile /usr/lib/apache2/modules/jk_workers.properties JkShmFile /var/log/apache2/jk-runtime-status That's it! Everything else goes into the appropriate VirtualHost along with the rest of the config for that VH. Note that the workers configuration is shared. That means that workers.properties must contain the configuration for all workers across all virtual hosts. Maybe something like this: workers.list=workerA,workerB workerA.host=localhost workerA.port=[your jboss port] workerB.host=server2 workerB.port=[your jboss port] Then, you need something in each VirtualHost that looks like this (your configuration may vary wildly, but this should get you started): VirtualHost test1.foo.com ... other VH configuration ... JkMount *.jsp workerA /VirtualHost VirtualHost test2.foo.com ... other VH configuration ... JkMount *.jsp workerB /VirtualHost With regard to Mikolaj's comments, mod_jk just has a different style of defining endpoints than mod_proxy_ajp. Technically, mod_jk does not require workers.properties, nor does it require mod-jk.conf. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvrogACgkQ9CaO5/Lv0PDRsgCfSTIG1xxGriYilkyXNwrY+6c7 qEoAoJWNFsiOpSFttrqRKdZ6OPDGwY51 =wBnJ -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: is possible Single sign on authentication with unique page login on the same tomcat server?
Hi Christopher, I will try this and well see. Thank you for your attention, Mariano 2008/10/10 Christopher Schultz [EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mariano, Mariano López wrote: Hi Christopher, that is what I have, but tomcat always put the current context name before login page URL of other context and gives bad reference to page. I'm not suggesting that you do: form-login-page/path/to/other/context/login.jsp/form-login-page Instead, I'm suggesting that you do this: form-login-page/same/webapp/login.jsp/form-login-page login.jsp: % response.sendRedirect(/path/to/other/context/login.jsp); % - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvmXoACgkQ9CaO5/Lv0PBNMgCgoS3ocIoOaLstVuQegRKR8O3G a0oAoL2XLxyCD/23k6bZs2U+BrUaFouR =sual -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darryl, Darryl Pentz wrote: In my case, webapp A needs to let webapp B know that an event has occurred ... webapp B then does something based on that event, and the result of that action is relevant to webapp A. What are your options for simply moving the webapp B processing into webapp A? Do you have any? I think it might help if we had an example of what you're actually doing. If you can't give us details, how about generalities like I might have to invoke a JSP or I have a specific servet that needs to be called or this isn't really HTTP at all. What I find to be the KISSiest (thanks Leon) approach is for your application to drink its own Kool-Aid by using the same interface that the rest of the world would see for whatever application B (which almost sounds like a service) would see. I hope that stimulates some discussion. With this crowd, if no doubt will. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvsCUACgkQ9CaO5/Lv0PBckgCePZEUkp8Q7fpmwbALtmp02lXK sVUAoKR/ivY54UGpe6mycTDXTdH6zNtz =ng4l -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Communicating between webapps
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darryl, Darryl Pentz wrote: I also just encountered the 'crosscontext' attribute in the context.../ block and was wondering whether that could serve any purpose. If you don't mind issuing another request (not a new HTTP connection, just another request dispatched within Tomcat), you can use cross context like this. The docs for that option say: Set to true if you want calls within this application to ServletContext.getContext() to successfully return a request dispatcher for other web applications running on this virtual host. Set to false (the default) in security conscious environments, to make getContext() always return null. That means that if you have webappA deployed to /webappA and webappB deployed to /webappB in the same container, then you should be able to do this in a servlet in webappA: ServletContext application = getServletContext(); ServletContext webappB = application.getContext(/webappB/service/to/call); RequestDispatcher dispatcher = webappB.getRequestDispatcher(/service/to/call); // Invoke webapp B's service dispatcher.forward(request, response); - - Now, if this works, you have some options. Obviously, you don't simply want to turn processing completely over to webappB's service. In that case, you should be able to create your own HttpServletRequest and HttpServletResponse objects (or wrap the existing ones already available from the current invocation) and use /those/ with the dispatcher. Than, you can pick and choose what happens to the response. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvsfAACgkQ9CaO5/Lv0PD4zgCgvMqDxgAl+AkI7Do6LeHTSTct O/8An0po+B4IBbHgSeNZppucLa/IUP8R =EcZu -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setHeader after DoFilter delegation in filter?
Thanks much for the responses. I understand. It makes sense to use HttpServletRequestWrapper, but there are no methods in HttpServletRequestWrapper or HttpServletRequest that initiates the sending of the response back to the client. So, by subclassing HttpServletRequest there doesn't appear to be any way to suppress the sending on the response back to the client (until I've completed processing). What I would like to do is to prevent the response from being sent back to the client until my filter has completed it's processing (and this is after my filter delegates the doFilter() call to the other filters). Mike Pid-2 wrote: André Warnier wrote: slioch wrote: [...] I'll risk an explanation here.. I think maybe the issue is a misunderstanding of how a servlet filter works. It took me a while too, but I think I've got it in the end. Sorry if this is level 101, that's my own level. What was confusing to me at first, is that this is different from, for instance, Apache input and output filters. There there is a clear distinction between an input filter, which sees all the data on the way in to the application, and an output filter, which sees all the data that the application produces, before it goes out to the browser. An input filter and and output filter are two separate pieces of code, and you can install them independently. In the Java servlet view of things, a filter is a wrapper, within which the other filters and the webapp run. It's like an onion : your filter is the outer layer, within which there are possibly further layers (other filters), and at the center is the webapp. When your filter calls doFilter(), it executes all its inner layers in one go. The bummer is that, unless you take pains to change that, each of these layers has a direct access to the output buffers, which live outside the onion. So unless you prevent them from doing that, they will start putting bytes there, and by the time your doFilter() returns, it's too late to change that. When you execute doFilter(), in fact you execute, at that point, all the further filters that are in the chain, and the webapp at the deepest level. If any of these starts sending output, then by the time the doFilter() returns, that output is already past your filter, and there is nothing you can do anymore to modify it. If you want something else to happen, then you have to do something like this : - in your filter, subclass the HttpRequest, say as myHttpRequest. In this subclass, redefine the methods that the underlying filters and webapp will (presumably) use to send output to the buffer. In these redefined methods, you can then do whatever you want to transform what the application sends out via these methods. - then, instead of passing the original HttpRequest to the doFilter(), pass your own myHttpRequest instance of it. Close enough; the spec has some stuff that covers this type of problem, so I'd recommend investigating: javax.servlet.http.HttpServletRequestWrapper javax.servlet.http.HttpServletResponseWrapper (hereafter HSRsW) Using the latter should allow you to modify the appropriate header. HSRsW wrappedHres = new HttpServletResponseWrapper(hres); chain.doFilter(hreq, wrappedHres); Where your HSRsW contains appropriate code to modify the header, perhaps in the construction phase. p This way, whenever the application thinks it is just using the (say) HttpRequest.setHeader() method, it is in fact using *your* myHttpRequest.setHeader() method, in which you can catch and pervert whatever you want, before passing it on to the real HttpRequest.setHeader() method. The point is, if you let any underlying (from the point of your filter) other filter or webapp call i.e. the original setHeader(), then that's it : that line of output is now already in the HTTP output buffer queue, and by the time your doFilter() returns, it no longer can claw it back. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/setHeader-after-DoFilter-delegation-in-filter--tp19862960p19925786.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Too many open files
I am using tomcat to apache (for load balancing) On Fri, Oct 10, 2008 at 12:23 PM, Christopher Schultz [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Johnny, Johnny Kewl wrote: PS: I see you have a Apache in front... Try this... setup the 8080 connector if you havnt already got it working in TC... and go into TC direct... then check file handles If no problem, you know its Apache or the JK connector... ... will at least point you in right direction... Oh, I hadn't even considered that. Are you using Apache httpd + mod_proxy_http? If so, then the connections might be the ones from Apache httpd to Tomcat, as Johnns suggests. In that case, you'll want to inspect your httpd configuration for socket timeout configuration options. Also, you might be able to remove Apache httpd from the mix entirely. Are you sure you need to front Tomcat with Apache? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvq7YACgkQ9CaO5/Lv0PAcbwCfTs6rmtPRXkGzqxQe3WvOMJiJ PkkAnRHrOl6QuoqOipqcyoCw3eZbcUjh =qWJz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
the way you have it configured.. test.jsp would only render if implemented = in the 'ROOT' webapp of TC I would suggest implementing a test webapp where the exact physical location of test.jsp would be $CATALINA_HOME/webapps/test/test.jsp Regards/ Martin Ok, that works fine, however that does not solve the problem I originally had, which is getting jsp scripting support in the home directories of the users on the same port as apache. Essentially like php5 does with apache, being tranparent to the viewer.
Re: setHeader after DoFilter delegation in filter?
slioch wrote: Thanks much for the responses. I understand. It makes sense to use HttpServletRequestWrapper, but there are no methods in HttpServletRequestWrapper or HttpServletRequest that initiates the sending of the response back to the client. So, by subclassing HttpServletRequest there doesn't appear to be any way to suppress the sending on the response back to the client (until I've completed processing). Yes there is. To create output for the client, the application calls something, right ? (I mean a method of HttpRequest). So, redefine this same method in your subclass. Then, whenever the application calls this method, thinking it is sending output to the client, in fact it calls your method in your subclass. Sneaky, he ? Now your method in your subclas gets whatever the webapp thought it was sending directly out. Now it's up to your method, whatever it does with that data, before itself calling the real Httprequest method to really send the data out. For example, you could buffer all the data somewhere waiting for the webapp to have finished its complete response. The above all happens *during* your call to doFilter(), because it is during that call that the webapp executes. The webapp just calls back into the methods you have defined in your wrapper. *Then* when your doFilter() returns (meaning the webapp is done), all the data is in the buffer, and you start processing it and outputting whatever you want. (Maybe not recommended for megabytes of data, that, but I am sure you'll think of something.) Me speak in mine not really Java-like approximative language, but hope you understand what me means. What I would like to do is to prevent the response from being sent back to the client until my filter has completed it's processing (and this is after my filter delegates the doFilter() call to the other filters). Mike Pid-2 wrote: André Warnier wrote: slioch wrote: [...] I'll risk an explanation here.. I think maybe the issue is a misunderstanding of how a servlet filter works. It took me a while too, but I think I've got it in the end. Sorry if this is level 101, that's my own level. What was confusing to me at first, is that this is different from, for instance, Apache input and output filters. There there is a clear distinction between an input filter, which sees all the data on the way in to the application, and an output filter, which sees all the data that the application produces, before it goes out to the browser. An input filter and and output filter are two separate pieces of code, and you can install them independently. In the Java servlet view of things, a filter is a wrapper, within which the other filters and the webapp run. It's like an onion : your filter is the outer layer, within which there are possibly further layers (other filters), and at the center is the webapp. When your filter calls doFilter(), it executes all its inner layers in one go. The bummer is that, unless you take pains to change that, each of these layers has a direct access to the output buffers, which live outside the onion. So unless you prevent them from doing that, they will start putting bytes there, and by the time your doFilter() returns, it's too late to change that. When you execute doFilter(), in fact you execute, at that point, all the further filters that are in the chain, and the webapp at the deepest level. If any of these starts sending output, then by the time the doFilter() returns, that output is already past your filter, and there is nothing you can do anymore to modify it. If you want something else to happen, then you have to do something like this : - in your filter, subclass the HttpRequest, say as myHttpRequest. In this subclass, redefine the methods that the underlying filters and webapp will (presumably) use to send output to the buffer. In these redefined methods, you can then do whatever you want to transform what the application sends out via these methods. - then, instead of passing the original HttpRequest to the doFilter(), pass your own myHttpRequest instance of it. Close enough; the spec has some stuff that covers this type of problem, so I'd recommend investigating: javax.servlet.http.HttpServletRequestWrapper javax.servlet.http.HttpServletResponseWrapper (hereafter HSRsW) Using the latter should allow you to modify the appropriate header. HSRsW wrappedHres = new HttpServletResponseWrapper(hres); chain.doFilter(hreq, wrappedHres); Where your HSRsW contains appropriate code to modify the header, perhaps in the construction phase. p This way, whenever the application thinks it is just using the (say) HttpRequest.setHeader() method, it is in fact using *your* myHttpRequest.setHeader() method, in which you can catch and pervert whatever you want, before passing it on to the real HttpRequest.setHeader() method. The point is, if you let any underlying (from the point of your filter) other filter or webapp call i.e. the original
Re: SSL Host
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Serge, Serge Fonville wrote: If I access https://*.autumn.nl (which shouldn't exist, I get the defaulthost, instead I wan't to get a 404 of some sort, indicating that that site does not exist? Did you really use *.autumn.nl? I don't think that's a a valid hostname. If you only want to accept known hostnames (which doesn't seem to be the case, since you asked for wildcard behavior), then you need to define Alias elements for every recognized domain name, and remove the defaultHost setting (or set it to a host that always says not found or something like that). - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkjvhKsACgkQ9CaO5/Lv0PBkuwCcDCG4n82JsOHmHxjN4lPJWZyZ rdAAoIHf5Ng4ewN7fdzZ7qBkIrlkMK4+ =D1gz -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and apache and jk_mod HowTo
Tim Potter wrote: the way you have it configured.. test.jsp would only render if implemented = in the 'ROOT' webapp of TC I would suggest implementing a test webapp where the exact physical location of test.jsp would be $CATALINA_HOME/webapps/test/test.jsp Regards/ Martin Ok, that works fine, however that does not solve the problem I originally had, which is getting jsp scripting support in the home directories of the users on the same port as apache. And your users are all nice guys, right ? Essentially like php5 does with apache, being tranparent to the viewer. I'm not sure Tomcat is really designed for that kind of thing. (But I'm willing to be surprised). I can kind of imagine a forest of JkMount's on the Apache side, and a corresponding forest of webapp dirs on the Tomcat side. Or maybe, using a LocationMatch .. under Apache, with a SetHandler in it for mod_jk woule make this easier. And then this under Tomcat : http://www.tuckey.org/urlrewrite/ But I'm sure someone will come up with an easier way, and probably with a lot of don'ts, because... - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: setHeader after DoFilter delegation in filter?
From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: setHeader after DoFilter delegation in filter? To create output for the client, the application calls something, right? (I mean a method of HttpRequest). Not quite - you're confusing request with response. There are methods in HttpServletResponse - an Interface, not a class - to obtain a PrintWriter or ServletOutputStream that the webapp uses to generate data to be sent to the client at some point in the future. The data isn't sent until flushBuffer(), sendError(), or sendRedirect() are called. Since the HttpServletResponseWrapper class implements the interface, those methods are available via the wrapper. The filter needs to subclass the wrapper in order to subvert anything else in the filter/servlet chain. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem running TC 6.0.18 with CATALINA_BASE
2008/10/10 Christopher Schultz [EMAIL PROTECTED]: (..) The result is that I get this and only this in /home/chris/app/connector-test/8785/logs/catalina.out: Exception in thread main java.lang.NoClassDefFoundError: It is a known issue with 6.0.18, see https://issues.apache.org/bugzilla/show_bug.cgi?id=45585 The message with no class name is caused by passing an empty argument to /usr/bin/java. Also, you are missing /work subdirectory in your ${catalina.base}. Maybe it is auto-created, but just in case. Best regards, Konstantin Kolinko - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: setHeader after DoFilter delegation in filter?
Sorry all--I'm still stumped. Tried the suggestions and here's what I found. I've subclass HttpServletResponseWrapper and overloaded the following methods: public void flushBuffer(); public void sendRedirect(String str); public void sendError(int sc); public void sendError(int sc, String msg); in my new response wrapper. These methods have been disabled while processing is in the scope of my filter (I also record if these methods are called). I've replaced the response object with my new wrapper: public void doFilter(ServletRequest req, ServletResponse res, FilterChain fc) throws java.io.IOException, javax.servlet.ServletException { ResponseWrapper resp = new ResponseWrapper((HttpServletResponse)(res)); And I've found that sendError(), sendRedirect(), and flushBuffer() are not being called while in the processing is in the scope of my filter. In other words the filter looks something like: dofilter(ServletRequest req, ServletResponse res, FilterChain fc) { ResponseWrapper resp = new ResponseWrapper((HttpServletResponse)(res)); //resp.isCommitted() returns false //some processing work //resp.isCommitted() returns false; fc.doFilter(req,resp); //resp.isCommitted() returns TRUE //some more process work return; } If I know that sendError(), sendRedirect(), and flushBuffer() are not being called how would response be sent (provided autoflush is false and the buffer size is large enough for the print writer). Thanks for the help (and patience)! mike Caldarale, Charles R wrote: From: André Warnier [mailto:[EMAIL PROTECTED] Subject: Re: setHeader after DoFilter delegation in filter? To create output for the client, the application calls something, right? (I mean a method of HttpRequest). Not quite - you're confusing request with response. There are methods in HttpServletResponse - an Interface, not a class - to obtain a PrintWriter or ServletOutputStream that the webapp uses to generate data to be sent to the client at some point in the future. The data isn't sent until flushBuffer(), sendError(), or sendRedirect() are called. Since the HttpServletResponseWrapper class implements the interface, those methods are available via the wrapper. The filter needs to subclass the wrapper in order to subvert anything else in the filter/servlet chain. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- View this message in context: http://www.nabble.com/setHeader-after-DoFilter-delegation-in-filter--tp19862960p19929361.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]