On Tue, 2010-06-22 at 16:25 -0400, Christopher Schultz wrote:
On 6/22/2010 12:07 PM, Gregor Schneider wrote:
2010/6/18 Mikolaj Rydzewski m...@ceti.pl:
Luca Gervasi wrote:
i can read my /etc/passwd from a malicious jsp.
Where can i find infos on limiting filesystem access / visibility ?
On 23 Jun 2010, at 00:12, David Fisher dfis...@jmlafferty.com wrote:
Hi All,
I've got myself in a situation where I need a stopgap quick fix - until we
can respond correctly.
I have the following workers file:
# define the worker list
worker.list=LoadBalancer
# Define the LB
On 23 Jun 2010, at 02:40, Rainer Jung rainer.j...@kippdata.de wrote:
On 22.06.2010 21:59, Marc Boorshtein wrote:
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
You'll need to add a security
On 22 Jun 2010, at 22:38, Mick Knutson mknut...@baselogic.com wrote:
have an application I am trying to move to Tomcat 6.0 from Tomcat 5.5.
Which versions exactly, (- it does matter)?
Also OS, JVM and any other relevant app versions.
This
is a VXML Voice Browser application.
In this app,
On 22 Jun 2010, at 14:55, laredotornado laredotorn...@gmail.com wrote:
Hi,
I'm using Tomcat 6.0.26. I notice that when I define an error page for my
JSPs
%@ page errorPage=/error-pages/500.jsp %
The error page gets called properly, but the stack trace of the error is no
longer
I'll have to look at the code, but maybe you're being affected by a recent bug
whereby the session id changes after login but isn't then replicated.
You might search bugzilla to see if this applies to 6.0.26.
p
On 22 Jun 2010, at 22:41, Okubo, Yasushi (TSD) yasushi.ok...@takedasd.com
wrote:
Hi:
I use ant to deploy a servlet project like this : ant all, ant install.
And it worked. But the next time after I restarted tomcat, I got 404 not
found error.
Anyone know why this happened? Thanks very much.
--
Roy
Hello Andre,
Thanks for the excellent respons; it took some time, but we finally got it to
work!
It turned out that after logging in using IE the redirect (HTTP 302) thrown
by the webserver confused IE. After changing some keepalive settings it worked.
I'd never figured this out without
Hello Rainer,
It turned out that the KeepAlive setting of Apache could solve our issue.
Thanks for the tip!
Best, Robin
-Original message-
From: Rainer Jung rainer.j...@kippdata.de
Sent: Wed 09-06-2010 13:00
To: Tomcat Users List users@tomcat.apache.org;
Subject: Re: Question
Hi dB,
That looks promising and might come in handy for another project I'm doing.. :-)
Best, Robin
-Original message-
From: dB. dbl...@dblock.org
Sent: Tue 08-06-2010 13:58
To: Tomcat Users List users@tomcat.apache.org;
Subject: RE: Question on IE zones with Mod_jk
I think
On 23.06.2010 09:51, Pid wrote:
On 23 Jun 2010, at 02:40, Rainer Jungrainer.j...@kippdata.de wrote:
On 22.06.2010 21:59, Marc Boorshtein wrote:
Unless you are going to authenticate via one of Tomcat's authentication
methods; BASIC, FORM, etc, then getRemoteUser() is going to return null.
Thanks Leo. I've got the same setup in IIS regarding integrated windows
security. However, IIS is on port 80 and Tomcat is on 9080 so as not to
conflict.
IIS is giving the ISAPI filter the user info that I'm looking for as indicated
in the ISAPI log.
Thanks for trying. It's appreciated.
Op dinsdag, 22 juni 2010 18:33 schreef Robinson, Eric
eric.robin...@psmnv.com:
This is a similar question to one already being discussed in the list
with the subject Setting the Right Amount of Memory.
We have 160 instances of tomcat on the same server, with most instances
configured to
I am pleased to say that myearlier issue appears to have solved itself? But
what is happening? I had to remake, recompile, redeploy and restart just to
get tomcat and hibernate to play nicely with the database! Now I am unable
to use the realm to authenticate users but I don't know why.
I am pleased to say that myearlier issue appears to have solved itself? But
what is happening? I had to remake, recompile, redeploy and restart just to
get tomcat and hibernate to play nicely with the database! Now I am unable
to use the realm to authenticate users but I don't know why.
On 23/06/2010 12:12, yucca...@live.co.za wrote:
I am pleased to say that myearlier issue appears to have solved itself?
But what is happening? I had to remake, recompile, redeploy and restart
just to get tomcat and hibernate to play nicely with the database! Now I
am unable to use the realm to
On 23/06/2010 12:15, yucca...@live.co.za wrote:
I am pleased to say that myearlier issue appears to have solved itself? But
what is happening? I had to remake, recompile, redeploy and restart just to
get tomcat and hibernate to play nicely with the database! Now I am unable
to use the realm
On 23/06/2010 11:13, superman wrote:
how to setup session scop at MemoryRealm class in tomcat ?
http://catb.org/esr/faqs/smart-questions.html
p
signature.asc
Description: OpenPGP digital signature
On 23/06/2010 10:45, Rainer Jung wrote:
On 23.06.2010 09:51, Pid wrote:
On 23 Jun 2010, at 02:40, Rainer Jungrainer.j...@kippdata.de wrote:
On 22.06.2010 21:59, Marc Boorshtein wrote:
Unless you are going to authenticate via one of Tomcat's
authentication methods; BASIC, FORM, etc, then
className,
debug,
digest,
pathname
are valid attributes for MemoryRealm
http://tomcat.apache.org/tomcat-4.1-doc/realm-howto.html#MemoryRealm
we can provide greater assistance to you.. if you can you explain what you're
trying to accomplish
Martin Gainty
On 23/06/2010 09:19, Roy Chang wrote:
Hi:
I use ant to deploy a servlet project like this : ant all, ant install.
And it worked. But the next time after I restarted tomcat, I got 404 not
found error.
Anyone know why this happened? Thanks very much.
Christopher Schultz wrote:
I've never seen a system where /etc/passwd wasn't world-readable.
Otherwise, 'ls' doesn't even work well ;)
I saw a free shell server once. There was some kind of linux kernel hack
implemented, that used to filter /etc/passwd to display only system
accounts and
Luca Gervasi wrote:
Tomcat uses a low privilege user and the system-wide permissions are
thus enforced by OS but...i can still read all the istance-wide files
(tomcat-users.xml, server.xml and any other 644 file).
What is your scenario for running webapps? Are you going to run
third-party
aplogies
--
From: Pid p...@pidster.com
Sent: Wednesday, June 23, 2010 1:44 PM
To: Tomcat Users List users@tomcat.apache.org
Subject: Re: fantastic! but what's going on?
-
To
You can monitor the gc with jstat.
jstat -gc pid 10s
This wil show you the memory usage of a java instance with the time
spent in GC.
If it does 0.9 sec. of GC every sec. yare running inefficient. :-)
Thanks. I guess I could restate the question as, Does GC inefficiency
really matter if
Let me ask, what maybe a stupid question now, but when I print out the
enumeration value of the request header names, see below, using
request.getHeaderNames() should the user be listed as one of the headers which
is passed on from the ISAPI filter:
=== MimeHeaders ===
accept = */*
On Wed, Jun 23, 2010 at 8:49 AM, Savoy, Melinda
melindasa...@texashealth.org wrote:
Let me ask, what maybe a stupid question now, but when I print out the
enumeration value of the request header names, see below, using
request.getHeaderNames() should the user be listed as one of the headers
Jun 23, 2010 3:14:33 PM org.apache.catalina.core.StandardContext
addApplicationListener
INFO: The listener org.springframework.web.context.ContextLoaderListener
is already configured for this context. The duplicate definition has been
ignored.
Jun 23, 2010 3:14:34 PM
I just tried the request.getAttributeNames() and I got nulls for all the
elements in this enumeration.
Thanks.
-Original Message-
From: Marc Boorshtein [mailto:mboorsht...@gmail.com]
Sent: Wednesday, June 23, 2010 8:03 AM
To: Tomcat Users List
Subject: Re: Still having problem
I also tried request.getAttribute(user) but I got a null value as well.
-Original Message-
From: Savoy, Melinda
Sent: Wednesday, June 23, 2010 8:09 AM
To: 'Tomcat Users List'
Subject: RE: Still having problem retrieving user value from ISAPI Filter for
authentication
I just tried the
From: Robinson, Eric [mailto:eric.robin...@psmnv.com]
Subject: RE: Does GC Really Matter (In This Situation)?
Does GC inefficiency really matter if overall CPU
utilization remains low?
If CPU utilization is low, you are not experiencing meaningful GC inefficiency.
The heap configuration
1. Please tell us your exact Tomcat version (three numbers, x.y.z).
2. There are several log files in Tomcat. Have you tried to look into
all of them?
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail:
Op woensdag, 23 juni 2010 14:31 schreef Robinson, Eric
eric.robin...@psmnv.com:
You can monitor the gc with jstat.
jstat -gc pid 10s
This wil show you the memory usage of a java instance with the time spent in GC.
If it does 0.9 sec. of GC every sec. yare running inefficient. :-)
David, you might want to take a look at
http://tomcat.apache.org/connectors-doc/generic_howto/loadbalancers.html under
Advanced lb Worker properties. There's an example for what you want with
what Reiner was talking about (activation/redirect).
Shay
On Wed, Jun 23, 2010 at 3:48 AM, Pid
1) Terminal Services starts listening on port 80 instead of 3380
2) We determined this by disabling Tomcat. The problem stopped. This is
happening on their website, so we would know it happens because customers would
call in saying the website is down.
3) Right now (before the switch) it is
Let me ask another question if I might in addition to the one below:
In my ISAPI log it shows:
[Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (3108):
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM
Hello,
we've a web service that receives SOAP RPC-encoded xml requests on HTTP
through axis and tomcat 5.5.
We'd like to log every xml rq we receive using a Filter, because we've
to write the xml to a file whose name depends on the xml request.
The problem is that one can call
Thanks Pid
It might be related to the fix for 45255. This is the only one I can see
remotely related. According to this fix, (I might be wrong), but it
looks like once the user is logged-out from the application or node upon
regular logout or node shutdown or some other reasons, a user is asked
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck,
On 6/22/2010 5:00 PM, Caldarale, Charles R wrote:
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Showing Tomcat Memory Utilization with 'top'
Also, I believe VIRT includes memory shared with other processes
From: Christopher Schultz [mailto:ch...@christopherschultz.net]
Subject: Re: Showing Tomcat Memory Utilization with 'top'
I didn't realize that the server JVM didn't share class
templates. Do you have any ideas why not?
AFAIK, Sun just hadn't gotten around to it yet; don't know if it's in
-Original Message-
From: yucca...@live.co.za [mailto:yucca...@live.co.za]
Subject: soory I am starting new thread for new problem
No, you're hijacking yet another thread. Stop doing that.
--
From: Christopher Schultz
Hi Rainer,
Thank you for your reply - it really has helped out today in several ways.
I've got myself in a situation where I need a stopgap quick fix - until we
can respond correctly.
It turns out I was overreacting and we have other better tools to fix the
troubles - no need to discuss as
Hi Pid
I tested tomcat with three different versions [6.0.18, 6.0.20, 6.0.24]
and the all results were consistent. SingleSignOn session did not
failover.
I hope someone can help me about this.
yasushi
-Original Message-
From: Okubo, Yasushi (TSD)
Sent: Wednesday, June 23, 2010 9:20
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Luca,
On 6/23/2010 3:18 AM, Luca Gervasi wrote:
Hi guys, thanks for answering me.
Tomcat uses a low privilege user and the system-wide permissions are
thus enforced by OS but...i can still read all the istance-wide files
(tomcat-users.xml,
Dear colleagues,
I'm running IIS version 6 and Apache Tomcat 6.x on a Windows 2003 enterprise
server. I had to renew SSL certificates for both the IIS and Tomcat web server.
I was told to raise a CSR from the IIS server and create a certificate. The
certificate (.PFX) could then be converted
On 23.06.2010 16:58, Savoy, Melinda wrote:
In my ISAPI log it shows:
[Wed Jun 23 09:50:59.568 2010] [5024:6028] [debug] jk_isapi_plugin.c (3108):
Service protocol=HTTP/1.1 method=GET host=127.0.0.1 addr=127.0.0.1
name=localhost port=80 auth=NTLM user=TEXAS\SavoyM uri=/index.jsp
The value of
Google is your friend?
http://www.cb1inc.com/2007/04/30/converting-pfx-certificates-to-java-keystores/
Please note that I have not tried this. Your mileage may vary.
/mde/
--- On Wed, 6/23/10, ian loyola ian_loy...@yahoo.com wrote:
From: ian loyola ian_loy...@yahoo.com
Subject: Convert a
Hi Mark,
Thanks for that. I did try searching a lot for it and I did come across that
article. But that method doesn't explain how to chain the CA's intermediate
certificates. Any idea how to do that?
Cheers,
Ian
From: Mark Eggers its_toas...@yahoo.com
To:
Hi Ian,
Take a look on this
http://tp.its.yale.edu/pipermail/cas/2005-July/001337.html. Hope it helps.
On 24 June 2010 06:41, Konstantin Kolinko knst.koli...@gmail.com wrote:
2010/6/24 Mark Eggers its_toas...@yahoo.com:
Google is your friend?
Hi
I have successfully configured server certificate using keytool and now I
can access my web application using HTTPS. Now I want to configure client
certificate but I dont have any idea of how to do this.
Can anyone please let me know step by step procedure on how to implement
this. Note
Dear,
If You are accessing your application from same system i.e server then you
have to import that certificate into browser.
To access your application through client machine you have to purchase
certificate. I will suggest you to purchase some basic certificate from
GoDadday. its cheap one..
51 matches
Mail list logo