Re: Restrict incoming connections per Application Tomcat 6.0.37
ANALIA DE PEDRO SANTAMARIA wrote: I'm going to try to explain myself better. I believe that we understand what you seem to want to do, but that there are some intrinsic problems with the way in which you are looking at this. What I'm trying to do is create a permission system in Tomcat. This permission system must allow or avoid the next connections: - Receive from IP. The application with this permission only can accept connections (or receive information) from an IP. It can't send anything or connect to anywhere. - Receive All. The application with this permission can accept connections (or receive information) from any IP. It can't send anything or connect to anywhere. - Send and Receive IP. The application with this permission can accept connection and connect to an IP. - Send to IP. The application with this permission only can connect or send information to an IP. It can't receive information or accept connections from anywhere. - Send to All. The application with this permission can connect or send information to any IP. It can't receive information or accept connections from anywhere. Accepting connections from and processing HTTP requests from are two essentially different things, and happen at different levels/moments in time. Connecting to and sending information to is a third different and independent thing. Roughly : - a TCP connection is accepted at the Tomcat/Connector level, long before anything starts reading on that connection to receive the actuall HTTP request. - then the HTTP request is read, and it is determined which application (if any) should process that request - and it is only after the above, that an application would (or would not) process the request In other words, if you really want to block connections (or allow them) from selected IP's, then this is something that happens before the target application is even known, and it cannot be specific per application. On the other hand, when the connection has been accepted and the request has been read and the target application has been selected, it is possible at the level of the selected application, to check the source IP, and reject (or accept) the request. (But at this stage, not the connection anymore, it's too late for that). The second part concerns what the application can do, once it is running to process a request. Tomcat has basically no knowledge of any incoming or outgoing connection that the application itself may be setting up with any third party. Tomcat itself is not involved in such connections, and it has no way to interfere with them. That is the domain of the JVM which runs the application code, and it is at that level that you can allow/disable such connections. With the SocketPermission, I can avoid that one application connects to an specific IP or any IP (not granting SocketPermission connect). But if I try to avoid that one IP connects to the application (not granting SocketPermission accept), it doesn't restrict all connections. For example, I can connect to the application from a browser in another host. (I'm using the Security Manager in a correct way because it works with others permissions). If I add Valve className=org.apache.catalina.valves.RemoteHostValve allow=localhost/ to the context.xml, I can restrict the previous example, but with this I restrict all connections, so it doesn't allow me to do what I want. If I combine the SocketPermission with the RemoteHostValve I can grant the first three permissions (or connections) in my list above. But I need to restrict the incoming connections (accept connections) to grant the last two. Yes, and it is all perfectly logical that it would be that way, because of where and when things happen. What I am trying to say, is that it is your requirements that do not fit the reality of how things work. You are trying to combine, under one artificial permission name, things which are difficult to combine because they happen at different levels and have different scopes. For example, if you do not grant to an application the SocketPermission accept, it means that this application cannot open it's *own* listening socket and accept connections on it. But this concerns listening sockets that your application would want to open on its own, and it is totally distinct from (and has nothing to do with) the listening socket on which Tomcat accepts HTTP requests (for this application and others). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Restrict incoming connections per Application Tomcat 6.0.37
Gracias Martin, probaré si lo que me dices me sirve. Thank you very much André, now I have understood the problem much better. Thank you for your explanation. Analía. 2013/12/16 André Warnier a...@ice-sa.com ANALIA DE PEDRO SANTAMARIA wrote: I'm going to try to explain myself better. I believe that we understand what you seem to want to do, but that there are some intrinsic problems with the way in which you are looking at this. What I'm trying to do is create a permission system in Tomcat. This permission system must allow or avoid the next connections: - Receive from IP. The application with this permission only can accept connections (or receive information) from an IP. It can't send anything or connect to anywhere. - Receive All. The application with this permission can accept connections (or receive information) from any IP. It can't send anything or connect to anywhere. - Send and Receive IP. The application with this permission can accept connection and connect to an IP. - Send to IP. The application with this permission only can connect or send information to an IP. It can't receive information or accept connections from anywhere. - Send to All. The application with this permission can connect or send information to any IP. It can't receive information or accept connections from anywhere. Accepting connections from and processing HTTP requests from are two essentially different things, and happen at different levels/moments in time. Connecting to and sending information to is a third different and independent thing. Roughly : - a TCP connection is accepted at the Tomcat/Connector level, long before anything starts reading on that connection to receive the actuall HTTP request. - then the HTTP request is read, and it is determined which application (if any) should process that request - and it is only after the above, that an application would (or would not) process the request In other words, if you really want to block connections (or allow them) from selected IP's, then this is something that happens before the target application is even known, and it cannot be specific per application. On the other hand, when the connection has been accepted and the request has been read and the target application has been selected, it is possible at the level of the selected application, to check the source IP, and reject (or accept) the request. (But at this stage, not the connection anymore, it's too late for that). The second part concerns what the application can do, once it is running to process a request. Tomcat has basically no knowledge of any incoming or outgoing connection that the application itself may be setting up with any third party. Tomcat itself is not involved in such connections, and it has no way to interfere with them. That is the domain of the JVM which runs the application code, and it is at that level that you can allow/disable such connections. With the SocketPermission, I can avoid that one application connects to an specific IP or any IP (not granting SocketPermission connect). But if I try to avoid that one IP connects to the application (not granting SocketPermission accept), it doesn't restrict all connections. For example, I can connect to the application from a browser in another host. (I'm using the Security Manager in a correct way because it works with others permissions). If I add Valve className=org.apache.catalina.valves.RemoteHostValve allow=localhost/ to the context.xml, I can restrict the previous example, but with this I restrict all connections, so it doesn't allow me to do what I want. If I combine the SocketPermission with the RemoteHostValve I can grant the first three permissions (or connections) in my list above. But I need to restrict the incoming connections (accept connections) to grant the last two. Yes, and it is all perfectly logical that it would be that way, because of where and when things happen. What I am trying to say, is that it is your requirements that do not fit the reality of how things work. You are trying to combine, under one artificial permission name, things which are difficult to combine because they happen at different levels and have different scopes. For example, if you do not grant to an application the SocketPermission accept, it means that this application cannot open it's *own* listening socket and accept connections on it. But this concerns listening sockets that your application would want to open on its own, and it is totally distinct from (and has nothing to do with) the listening socket on which Tomcat accepts HTTP requests (for this application and others). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat JBDCRealm with Oracle DB
Hi. I configured two JDBCRealm's - for MySQL and Oracle databases. Both DB have same tables with same content: mysql show tables; +--+ | Tables_in_tmc_access | +--+ | user_roles | | users| +--+ mysql desc user_roles; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | role_name | varchar(100) | NO | PRI | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql desc users; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | user_pass | varchar(100) | NO | | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql select * from users,user_roles; ++---+++ | user_name | user_pass | user_name | role_name | ++---+++ | indexadmin | password | indexadmin | indexadmin | ++---+++ 1 row in set (0.00 sec) Oracle: SQL SELECT table_name FROM user_tables; TABLE_NAME -- TMC_USERS_SET USER_ROLES_SET SQL desc USER_ROLES_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) ROLE_NAME NOT NULL VARCHAR2(100) SQL desc TMC_USERS_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) USER_PASS NOT NULL VARCHAR2(100) SQL select * from TMC_USERS_SET,USER_ROLES_SET; USER_NAME USER_PASS USER_NAME ROLE_NAME indexadmin password indexadmin indexadmin server.xml config: !-- Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://10.***.***.239/tmc_access connectionName=tmc_access connectionPassword=password userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=oracle.jdbc.driver.OracleDriver connectionURL=jdbc:oracle:thin:@oraclehost:1521:correctscheme connectionName=tmc connectionPassword=tmc userTable=tmc_users_set userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles_set roleNameCol=role_name / web.xml: security-constraint web-resource-collection web-resource-nameRestricted Area/web-resource-name url-pattern/index.jsp/url-pattern /web-resource-collection auth-constraint role-nameindexadmin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-nameindexadmin/role-name /security-role So, when I switch config to Oracle Realm - it is not working (just return again login-window)... With MySQL - working perfect. What I'm doing wrong?
Re: Tomcat JBDCRealm with Oracle DB
Арсений Зинченко wrote: Hi. I configured two JDBCRealm's - for MySQL and Oracle databases. Both DB have same tables with same content: mysql show tables; +--+ | Tables_in_tmc_access | +--+ | user_roles | | users| +--+ mysql desc user_roles; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | role_name | varchar(100) | NO | PRI | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql desc users; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | user_pass | varchar(100) | NO | | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql select * from users,user_roles; ++---+++ | user_name | user_pass | user_name | role_name | ++---+++ | indexadmin | password | indexadmin | indexadmin | ++---+++ 1 row in set (0.00 sec) Oracle: SQL SELECT table_name FROM user_tables; TABLE_NAME -- TMC_USERS_SET USER_ROLES_SET SQL desc USER_ROLES_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) ROLE_NAME NOT NULL VARCHAR2(100) SQL desc TMC_USERS_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) USER_PASS NOT NULL VARCHAR2(100) SQL select * from TMC_USERS_SET,USER_ROLES_SET; USER_NAME USER_PASS USER_NAME ROLE_NAME indexadmin password indexadmin indexadmin server.xml config: !-- Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://10.***.***.239/tmc_access connectionName=tmc_access connectionPassword=password userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=oracle.jdbc.driver.OracleDriver connectionURL=jdbc:oracle:thin:@oraclehost:1521:correctscheme connectionName=tmc connectionPassword=tmc userTable=tmc_users_set userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles_set roleNameCol=role_name / web.xml: security-constraint web-resource-collection web-resource-nameRestricted Area/web-resource-name url-pattern/index.jsp/url-pattern /web-resource-collection auth-constraint role-nameindexadmin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-nameindexadmin/role-name /security-role So, when I switch config to Oracle Realm - it is not working (just return again login-window)... With MySQL - working perfect. What I'm doing wrong? Not looking at the Tomcat logfiles ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JBDCRealm with Oracle DB
No errors, but I already found problem cause - forgot run `commit` in SQLPLUS after added rows with usernamerole. :-( Thanks for replay. 2013/12/16 André Warnier a...@ice-sa.com Арсений Зинченко wrote: Hi. I configured two JDBCRealm's - for MySQL and Oracle databases. Both DB have same tables with same content: mysql show tables; +--+ | Tables_in_tmc_access | +--+ | user_roles | | users| +--+ mysql desc user_roles; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | role_name | varchar(100) | NO | PRI | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql desc users; +---+--+--+-+-+---+ | Field | Type | Null | Key | Default | Extra | +---+--+--+-+-+---+ | user_name | varchar(100) | NO | PRI | NULL| | | user_pass | varchar(100) | NO | | NULL| | +---+--+--+-+-+---+ 2 rows in set (0.00 sec) mysql select * from users,user_roles; ++---+++ | user_name | user_pass | user_name | role_name | ++---+++ | indexadmin | password | indexadmin | indexadmin | ++---+++ 1 row in set (0.00 sec) Oracle: SQL SELECT table_name FROM user_tables; TABLE_NAME -- TMC_USERS_SET USER_ROLES_SET SQL desc USER_ROLES_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) ROLE_NAME NOT NULL VARCHAR2(100) SQL desc TMC_USERS_SET; Name Null?Type - USER_NAME NOT NULL VARCHAR2(100) USER_PASS NOT NULL VARCHAR2(100) SQL select * from TMC_USERS_SET,USER_ROLES_SET; USER_NAME USER_PASS USER_NAME ROLE_NAME indexadmin password indexadmin indexadmin server.xml config: !-- Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://10.***.***.239/tmc_access connectionName=tmc_access connectionPassword=password userTable=users userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles roleNameCol=role_name / -- Realm className=org.apache.catalina.realm.JDBCRealm driverName=oracle.jdbc.driver.OracleDriver connectionURL=jdbc:oracle:thin:@oraclehost:1521:correctscheme connectionName=tmc connectionPassword=tmc userTable=tmc_users_set userNameCol=user_name userCredCol=user_pass userRoleTable=user_roles_set roleNameCol=role_name / web.xml: security-constraint web-resource-collection web-resource-nameRestricted Area/web-resource-name url-pattern/index.jsp/url-pattern /web-resource-collection auth-constraint role-nameindexadmin/role-name /auth-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config security-role role-nameindexadmin/role-name /security-role So, when I switch config to Oracle Realm - it is not working (just return again login-window)... With MySQL - working perfect. What I'm doing wrong? Not looking at the Tomcat logfiles ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: What if my database is unavailable at startup?
-Original Message- From: Howard W. Smith, Jr. [mailto:smithh032...@gmail.com] Sent: Friday, December 13, 2013 4:23 PM To: Tomcat Users List Subject: Re: What if my database is unavailable at startup? OP, On Fri, Dec 13, 2013 at 2:24 PM, Dames, Kristopher J kristopher.da...@mercy.net wrote: I use tomcat 6 and have noticed if a database is not available when tomcat starts, tomcat will not try to connect once the database becomes available. Tomcat must be restarted to establish the database connection. What are best practices regarding this? Is there a way in tomcat to get it to automatically retry so I don't have to restart tomcat? I use DBCP but am willing to try some other pool. Barry, On Fri, Dec 13, 2013 at 4:59 PM, Propes, Barry L barry.l.pro...@citi.comwrote: I use DBCP and Oracle as well, and am also on Tomcat 6 - 6.0.26. Take a look at mine, as I have NO trouble with it, and see if you can configure it similarly with success. NOTE - remove those other two parameters that Jose mentions in a prior email. Resource auth=Container description=mytomcatapp name=jdbc/myoracle type=javax.sql.DataSource driverClassName=oracle.jdbc.driver.OracleDriver username=username password=password url=jdbc:oracle:thin:@cgnrdb1p:1648:SERVNAME maxIdle=30 maxWait=1 maxActive=10 testOnBorrow=true timeBetweenEvictionRunsMillis=-1 minEvictableIdleTimeMillis=28800 poolPreparedStatements=true removeAbandoned=true removeAbandonedTimeout=300 logAbandoned=false/ are you suggesting that your (or a correct(ed)) Resource will solve the problem stated in OP (above)? can/should we assume that your URL is referencing a database on a different machine, same network/intranet/LAN? url=jdbc:oracle:thin:@x.y.com:1521:x it seems as though OP is referencing a database somewhere on the 'internet'. -- Oh ok. Yes, mine is on the same network, through an intranet. Different machine, but same network. If that helps. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat Clustering - when the tomcat instances are on different machines
Hi, We started working on our next generation platform project. One of our requirement is to have session replication via tomcat clustering. We have managed to set up a cluster with replication when the tomcats (7.0.47) were both on the SAME machine as a POC. Now as we are setting up the production configuration... (one tomcat is on server 10.0.110.44 and the other 10.0.110.45) We are having the following issues: *When we try to configure the both tomcats with the delta manager, we use this server.xml in both of them:* .. / default configuration here ../ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=6 Manager className=org.apache.catalina.ha.session.DeltaManager expireSessionsOnShutdown=false notifyListenersOnReplication=true/ Channel className=org.apache.catalina.tribes.group.GroupChannel Membership className=org.apache.catalina.tribes.membership.McastService address=228.0.0.4 port=45564 frequency=500 dropTime=3000/ Receiver className=org.apache.catalina.tribes.transport.nio.NioReceiver address=auto port=5000 selectorTimeout=100 maxThreads=6/ Sender className=org.apache.catalina.tribes.transport.ReplicationTransmitter Transport className=org.apache.catalina.tribes.transport.nio.PooledParallelSender/ /Sender Interceptor className=org.apache.catalina.tribes.group.interceptors.TcpFailureDetector/ Interceptor className=org.apache.catalina.tribes.group.interceptors.MessageDispatch15Interceptor/ Interceptor className=org.apache.catalina.tribes.group.interceptors.ThroughputInterceptor/ /Channel Valve className=org.apache.catalina.ha.tcp.ReplicationValve filter=.*\.gif|.*\.js|.*\.jpeg|.*\.jpg|.*\.png|.*\.htm|.*\.html|.*\.css|.*\.txt/ Deployer className=org.apache.catalina.ha.deploy.FarmWarDeployer tempDir=/tmp/war-temp/ deployDir=/tmp/war-deploy/ watchDir=/tmp/war-listen/ watchEnabled=false/ ClusterListener className=org.apache.catalina.ha.session.ClusterSessionListener/ /Cluster Valve className=org.apache.catalina.valves.AccessLogValve directory=logs prefix=localhost_access_log. suffix=.txt pattern=%h %l %u %t quot;%rquot; %s %b / /Host *This configuration fails to replicate sessions and the error we get in the logs :* INFO: Cluster is about to start Dec 16, 2013 6:42:26 PM org.apache.catalina.tribes.transport.ReceiverBase bind INFO: Receiver Server Socket bound to:/127.0.1.1:5000 Dec 16, 2013 6:42:26 PM org.apache.catalina.tribes.membership.McastServiceImpl setupSocket INFO: Setting cluster mcast soTimeout to 500 Dec 16, 2013 6:42:26 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:4 Dec 16, 2013 6:42:27 PM org.apache.catalina.ha.tcp.SimpleTcpCluster memberAdded INFO: Replication member added:org.apache.catalina.tribes.membership.MemberImpl[tcp://{127, 0, 1, 1}:5000,{127, 0, 1, 1},5000, alive=2516, securePort=-1, UDP Port=-1, id={-90 41 -113 110 96 -50 78 -88 -79 -103 1 61 -60 -125 75 44 }, payload={}, command={}, domain={}, ] Dec 16, 2013 6:42:27 PM org.apache.catalina.tribes.io.BufferPool getBufferPool INFO: Created a buffer pool with max size:104857600 bytes of type:org.apache.catalina.tribes.io.BufferPool15Impl Dec 16, 2013 6:42:27 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:4 Dec 16, 2013 6:42:27 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Sleeping for 1000 milliseconds to establish cluster membership, start level:8 Dec 16, 2013 6:42:28 PM org.apache.catalina.tribes.membership.McastServiceImpl waitForMembers INFO: Done sleeping, membership established, start level:8 Dec 16, 2013 6:42:28 PM org.apache.catalina.ha.deploy.FarmWarDeployer start INFO: Cluster FarmWarDeployer started. Dec 16, 2013 6:42:28 PM org.apache.catalina.startup.HostConfig deployWAR INFO: Deploying web application archive /usr/local/tomcat7/apache-tomcat-7.0.47/webapps/HATest.war Dec 16, 2013 6:42:29 PM org.apache.catalina.ha.session.DeltaManager startInternal INFO: Register manager /HATest to cluster element Host with name localhost Dec 16, 2013 6:42:29 PM org.apache.catalina.ha.session.DeltaManager startInternal INFO: Starting clustering manager at /HATest Dec 16, 2013 6:42:29 PM
Redirection of mycompany.com to www.mycompany.com
Hello, I have a strange behavior and I do not know where to watch. I am using tomcat7 on a debian. My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I am using the node host with some nodes alias. I have searched in many configuration file and also on google but I do not find any answer to my behavior, isthere someone who can help me? Thank you. Best Regards, Pierre Posset.
Re: Redirection of mycompany.com to www.mycompany.com
On 2013-12-16 12:23 PM, pierre posset wrote: Hello, I have a strange behavior and I do not know where to watch. I am using tomcat7 on a debian. My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I am using the node host with some nodes alias. I have searched in many configuration file and also on google but I do not find any answer to my behavior, isthere someone who can help me? Thank you. Best Regards, Pierre Posset. I use a service called ZoneEdit (zoneedit.com) which lets you create records that cause similar redirections. For example, I can point a domain name, like mydomain.com to xyz.techstuff.net with their records. Perhaps something like that is causing the redirection, rather than any entries on the server itself? I expect other companies provide the same services as ZoneEdit -- Reinhardt --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Redirection of mycompany.com to www.mycompany.com
Thank you for your answer I will try to see if it is something like that which is happening. Date: Mon, 16 Dec 2013 12:34:19 -0500 From: rhi...@sympatico.ca To: users@tomcat.apache.org Subject: Re: Redirection of mycompany.com to www.mycompany.com On 2013-12-16 12:23 PM, pierre posset wrote: Hello, I have a strange behavior and I do not know where to watch. I am using tomcat7 on a debian. My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I am using the node host with some nodes alias. I have searched in many configuration file and also on google but I do not find any answer to my behavior, isthere someone who can help me? Thank you. Best Regards, Pierre Posset. I use a service called ZoneEdit (zoneedit.com) which lets you create records that cause similar redirections. For example, I can point a domain name, like mydomain.com to xyz.techstuff.net with their records. Perhaps something like that is causing the redirection, rather than any entries on the server itself? I expect other companies provide the same services as ZoneEdit -- Reinhardt --- This email is free from viruses and malware because avast! Antivirus protection is active. http://www.avast.com - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirection of mycompany.com to www.mycompany.com
On 12/16/13 9:37 AM, pierre posset wrote: My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I could be way off-base here (it wouldn't be the first time!), but: It could also be that your browser thinks it's smarter than you are. I've seen browsers apparently redirect themselves (without any redirect having been set up) to variations on a URL, and/or to whatever is set as their default search engine, but so far as I know, that usually only happens if the browser can't resolve the URL as entered, or if the user didn't explicitly type the protocol prefix on the URL. Does it happen with other browsers? Does it happen if you try it from someplace with a completely different web connection? Have you tried explicitly typing the http:// or the https:// at the beginning of the URL? -- JHHL - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 EL Parser and nested JSF ui:repeat
On 16/12/2013 18:15, Paul KHodchenkov wrote: Hi folks, Its seems there is an issue with EL parser in tomcat 7.0.47. It was traced down by https://java.net/jira/browse/JAVASERVERFACES-3096 I have attached maven project which works fine on tomcat8-RC5, but fails on tomcat 7.0.47. Please open a bugzilla issue for this bug report. Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 EL Parser and nested JSF ui:repeat
Done, https://issues.apache.org/bugzilla/show_bug.cgi?id=55891 2013/12/16 Mark Thomas ma...@apache.org On 16/12/2013 18:15, Paul KHodchenkov wrote: Hi folks, Its seems there is an issue with EL parser in tomcat 7.0.47. It was traced down by https://java.net/jira/browse/JAVASERVERFACES-3096 I have attached maven project which works fine on tomcat8-RC5, but fails on tomcat 7.0.47. Please open a bugzilla issue for this bug report. Thanks, Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat JBDCRealm with Oracle DB
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Арсений, On 12/16/13, 7:17 AM, Арсений Зинченко wrote: server.xml config: !-- Realm className=org.apache.catalina.realm.JDBCRealm driverName=org.gjt.mm.mysql.Driver That driver name is *SUPER* old. Are you using a really old driver, or just the old name? Current driver version is 5.1.27. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSr1K3AAoJEBzwKT+lPKRYeDgQAKYqIQsZdII0FG3MDdl7TRkm QT0TUaZmCdtY4vM2GYJVZRtwZz+ypIYumKBO2RmzJtnj3IZm8gkU5/8WY1sv4IyI Nb+f823E+sc3E+wilA5+vRH1RzOYMJ5jtqvq+23feH1AYBMAkVxIkvaGbcq4SZYs /Fxpaxn+vNTY1H2bmyVCM3srr4HXPkxM2v8u02rZQY+4SVdqzfuqeC4gxQvI3M50 1DQTbJudPGtapCA31dmB9+2QncVVNy6g1S3GDY4RPwTcau0s1zvq9i66I9daA/30 XPgF7r7+lXyERRcfr9N8PhnhC5LwoNKUb4bGkkohErruaWTqa8Oz5DoYVATx6cOO R/pC5cL7kZOR3AdpDMZrYaLM075QF1UVe0ox5fNQvYVrqO+s049KXhXLWxed59xk 5qBL+AABd96UEaUhJbzm9AoFnWPzvxaafxVnezlNEwweB7KrjpQwDfwDK7r3svsm Q2v4Qmwj/iFWD6RS+KQuTsu8AsFnFrdszvfTpIz8umFaykNQhniQe9Ptgggk526Z O5s/g+Z0FwIYZBISfXdQlos5L3GsewKL3uhZNcHgy1t5dOW0QDqL1/9AB1t2ZrlQ ozPcVxAzDvv8GA8wO+xsME2gBwX4x53M4K2F5cThhyZ8xT2ayw9JEFuEr8m4tjfa tH0rEvwIQ0ZQuq9SjbZ/ =WnX0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirection of mycompany.com to www.mycompany.com
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Pierre, On 12/16/13, 12:23 PM, pierre posset wrote: I am using tomcat7 on a debian. My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I am using the node host with some nodes alias. I have searched in many configuration file and also on google but I do not find any answer to my behavior, is there someone who can help me? What is your setup and configuration? Have you used an HTTP protocol analyzer to see if the server is in fact redirecting the client? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSr1P0AAoJEBzwKT+lPKRY4KIP/1IlGMF3NCKIYqoHIchoeM+c 4gn4BSyaQj/hStYmf9T9l/ZIZMbjpcwZj79UHZry32IDO1E4VqiBRJ1MIB45SZg3 hYmzsXY7ULt3cRpCOu00uRArjT5LjTFkaLXTjzSBaCVODdElkFsJ4KS+B0S17ONq yUTs0ONbqFgIeVSGAZcHDErM/7OCIRo4Gg6YlUnfKU6JU+TXREXLuyih4vQpgZ2f GpDAw98h6C6Bzfs6NpE/5Zt6akRoNI5GhvwAw4/cCpfpTe6pijCeAkP3knt6M9yN u+DlKoPKRpM6Ezxe83OeW2D9mqcOo21+xyv0k9Nu8eevKw7YSNqF7VqWC01hflvA ERnTaQ+6NwIBcr2ZmfPtA37J1113YgF9IU5HIvlFyKF3x8MF/D80Pdhm9Ri4fZCq tflITS9JlVUa1G7vgyj9+auLRiikqdwHF4fRNkc9cwr6ipucWEYa8Mw+OYcOGxlB 85KZChesp5sX5ggHWOV7jSSA4kiIj7Cp1QB0ypXTc2MlpVWqWiDjvNpkln6nCN8P XL/Pasyi39auxRiZU1KwW5Db1SRgmNjY60bjoq5vpdxDpuIdhmkZp6USAEwg5P8Z RZQpaYKDXNiywsWDX9FoyES11KJKHGX3v3XEfxX3p4RYg/xsVpFYKaNR4ZoOsaom UbJutrtROwVEXNaODWl0 =jciL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Tomcat JBDCRealm with Oracle DB
16.12.2013 21:21, Christopher Schultz пишет: Name=org.gjt.mm.mysql.Driver That driver name is *SUPER* old. Are you using a really old driver, or just the old name? Current driver version is 5.1.27. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSr1K3AAoJEBzwKT+lPKRYeDgQAKYqIQsZdII0FG3MDdl7TRkm QT0TUaZmCdtY4vM2GYJVZRtwZz+ypIYumKBO2RmzJtnj3IZm8gkU5/8WY1sv4IyI Nb+f823E+sc3E+wilA5+vRH1RzOYMJ5jtqvq+23feH1AYBMAkVxIkvaGbcq4SZYs /Fxpaxn+vNTY1H2bmyVCM3srr4HXPkxM2v8u02rZQY+4SVdqzfuqeC4gxQvI3M50 1DQTbJudPGtapCA31dmB9+2QncVVNy6g1S3GDY4RPwTcau0s1zvq9i66I9daA/30 XPgF7r7+lXyERRcfr9N8PhnhC5LwoNKUb4bGkkohErruaWTqa8Oz5DoYVATx6cOO R/pC5cL7kZOR3AdpDMZrYaLM075QF1UVe0ox5fNQvYVrqO+s049KXhXLWxed59xk 5qBL+AABd96UEaUhJbzm9AoFnWPzvxaafxVnezlNEwweB7KrjpQwDfwDK7r3svsm Q2v4Qmwj/iFWD6RS+KQuTsu8AsFnFrdszvfTpIz8umFaykNQhniQe9Ptgggk526Z O5s/g+Z0FwIYZBISfXdQlos5L3GsewKL3uhZNcHgy1t5dOW0QDqL1/9AB1t2ZrlQ ozPcVxAzDvv8GA8wO+xsME2gBwX4x53M4K2F5cThhyZ8xT2ayw9JEFuEr8m4tjfa tH0rEvwIQ0ZQuq9SjbZ/ =WnX0 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org We using Tomcat 5.5.36 (don't ask why :-)), and this driver name was included to server.xml by default, so I doesn't change it. But - real driver, which placed to [...]server/lib/somethinghere.jar - was downloaded from MySQL website and have version 5.1.27. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Redirection of mycompany.com to www.mycompany.com
2013/12/16 James H. H. Lampert jam...@touchtonecorp.com: On 12/16/13 9:37 AM, pierre posset wrote: My problem is that when in a browser I am writing mycompany.com I am redirected with to www.mycompany.com. I could be way off-base here (it wouldn't be the first time!), but: It could also be that your browser thinks it's smarter than you are. I've seen browsers apparently redirect themselves (without any redirect having been set up) to variations on a URL, and/or to whatever is set as their default search engine, but so far as I know, that usually only happens if the browser can't resolve the URL as entered, or if the user didn't explicitly type the protocol prefix on the URL. By the way, the setting name in Mozilla Firefox is browser.fixup.alternate.enabled I usually explicitly change this and keyword.enabled settings to the value of false. http://www.mozilla.org/docs/end-user/domain-guessing.html http://kb.mozillazine.org/Keyword.enabled Does it happen with other browsers? Does it happen if you try it from someplace with a completely different web connection? Have you tried explicitly typing the http:// or the https:// at the beginning of the URL? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: linking (limiting???)
I have been trying three scenarios. So far one works (least security and not good for all OS versions). Again thanks to both Marks for the pointers, but I am afraid they are not working yet. My goal is to enable one directory to be used which is outside the application (and tomcat too) .../webapps/mywebapp hierarchy which mywebapp.war will replace with a new release use 1: to store/retrieve images locally to a machine under application control (db stores names of files) use 2: to store a static movie - demo (no update - this is the simple test case I try) The goal is to get this stuff out of the war file (leaving nothing, an empty dir, or a link as needed - see below). All of the below require apache/tomcat to be down when you make the changes, then restart to test a) IF you have linux (or unix) or osx - you can do symbolic linking simply move the directory and link (my case below): cd /webapps/mywebapp; mv images /opt; ln -s /opt/images and to enable symbolic linking to other directories on your machine (all of them) create a /webapps/mywebapp/META-INF/context.xml file (or edit the one you have) ?xml version=1.0 encoding=UTF-8? Context allowLinking=true /Context advantages for this method: works simply faults: MS os's don't do symbolic; also opens up ALL linking (security issues? probably) BUT THERE ARE 2 other SAFER more restrictive ways below, both also done in the same context.xml file (if I can get either of them to work - the examples often say the server.xml file, but there is only one of them in the top tomcat conf directory, which has NO context references - but if they go there, then path= probably needs to be specified.) b) ?xml version=1.0 encoding=UTF-8? Context aliases=/images=/opt/images / /Context c) ?xml version=1.0 encoding=UTF-8? Context Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/images=/opt/images / /Context - These are both more security conscious and might should work for MS (with MS correct paths such as d:\images) Which of these is simpler and/or better - I have no idea. Net comparisons don't say. but the VirtualDirContext.html pages say: DO NOT USE FOR PRODUCTION of course- they don't say why NOT Why both require the escaped greater than sign, beats me too. / I would have thought it would be simply on the 2nd and 3rd lines resp. (b and c) NEITHER OF THESE WORKED FOR ME! (so far and I have tried many variants) Do I have to have the symbolic link (in Linux - I did for a) obviously) or should this be a plain empty directories (like Linux/Unix mount points) or should there be no ../webapps/myapp/images anything at all? In the manual version there are more parameters, but most folks say to drop path=mywebapp and the rest seem to not be relevant to what I am doing so I cut them out. Maybe that is the problem. Here is the example I found under VirtualDirContext online Context path=/mywebapp docBase=/Users/theuser/mywebapp/src/main/webapp Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/pictures=/Users/theuser/mypictures,/movies=/Users/theuser/mymovies / Loader className=org.apache.catalina.loader.VirtualWebappLoader virtualClasspath=/Users/theuser/mywebapp/target/classes / JarScanner scanAllDirectories=true / /Context On Sunday, December 15, 2013 7:39 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Martin, On 12/15/13, 4:52 PM, Martin Gainty wrote: Mark I assume you're referring to Virtual DirContext...? Context path=/mywebapp docBase=/Users/theuser/mywebapp/src/main/webapp You shouldn't use the path attribute, here. You should know this. Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/WEB-INF/classes=/Users/theuser/mywebapp/target/classes,/pictures=/Users/theuser/mypictures,/movies=/Users/theuser/mymovies/ VirtualDirContext is not necessary, but it is one option. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSrkvIAAoJEBzwKT+lPKRYZ4cP/1SvH4mwBFUIjmtiGnBfa3vU IHwSsyfHaoyO55p1/1AasP6avv8rjpMl9i8d+kmYolIiYMF461UCGTuE44SzHP1Y O1/VayieLS3A/pn2YS86LqfXTuuKD4pWQ93TDEihchpXpJ+/B3sMfJeCzvRRYue7 PZ32luoXvsHEgA2nt7Qpp88Nz+9RggYAw5KlnTrnndqyMl8FyWLkTccpaqTthOnW LcZgieAW7ySWZRbyAiXNEsk6kVDTat9z/EAeDmMWqN43LJikxLh4Glez3jv80mhy cNtZ43mqroyCRF82nSO6eHxeSxIh70kdVaz6/x7QaBNAWIe96DHlQFTZwBnClzwY T5uHYEBwSTfZ7GFlT/z+zGWxhX0fme9q9auZyXnufEHqPadKWkGdbjFN4dgifYm6 Js/O5o2TsCK9RKYbNomPygZ+fek6AqtFtEOvimyFd0Udml4hoQKzTOc81Rb/Dhx9 J/u47Oj754kTL18mv0Ci1ZOB4IQ1jO8YZDz35RU/9MZeoQ+LKkSxZHZTL1/PaH0u h15XSAWv5MVHelPJM7WZWfrQdGAuYKUR+QOB1T4zoW+HKkcjsY7pilO3FJvrv84Y
Re: Proposal to contribute a SyslogAccessLogValve to the Tomcat project
Dear all, I submitted Bug 55893 - Split AccessLogValve and extract the formatting logic in an AbstractAccessLogValve. If this split is accepted, I will then propose a SyslogAccessLogValve. https://issues.apache.org/bugzilla/show_bug.cgi?id=55893 Cyrille On Thu, Dec 12, 2013 at 5:41 PM, Cyrille Le Clerc clecl...@cloudbees.com wrote: Hi Christopher, Changing the existing AccessLogValve to use a logger would have an impact on performances with the creation of intermediate String objects and keeping backward compatibility on the access logs files management (naming, rotation, ...) with a new LogFactory.getLogger() approach would require substantial efforts. Cyrille On Thu, Dec 12, 2013 at 2:56 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Cyrille, On 12/12/13, 3:56 AM, Cyrille Le Clerc wrote: Hello Christopher, Delegating to log4j/logback/java.util.logging could be an option but it would still greatly benefit of a refactoring to split the existing AccessLogValve into an AbstractAccessLogValve with the formatting logic and an AccessLogValve that would keep the logic to write in the file. With this split, the MyLoggingFrameworkAccessLogValve would extend the AbstractAccessLogValve. I'm not sure that's even necessary (since the current class could be merely changed-over to use a logger directly), although the AccessLogValve was designed to be fast which I believe it why it does not use a regular logger but rather its own write-to-disk logger. Regarding the existing Syslog implementations in Log4j and Logback, they don't yet allow user to customise the syslog header fields but I plan to propose to contribute these enhancements. Great! Finally, regarding the idea of injecting a logging framework jar in Tomcat classloader, I feel it makes things pretty difficult to understand with the risk of collision of the jars. I'm not sure that's much of a problem. First, Tomcat uses commons-logging and (modified) java.logging out of the box so they don't need to be added... just the logger that knows how to contact connect to syslog. Tomcat also supports using log4j which has a syslog appender already in it. As a conclusion, I would be very happy to contribute to the Tomcat project either the full SyslogAccessLogValve or just the split of the existing AccessLogValve into an AbstractAccessLogValve with the formatting logic and a AccessLogValve with the logic to write in files. I'll let others comment, of course. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.15 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBCAAGBQJSqcChAAoJEBzwKT+lPKRYK/kQAJ3EXU+AzaPFOFptiR4ORDad ouNxYec6VMQcsTbOUdQVvjPWFdXsXP370qLINR5rfXNabkrZH+xIgDiPqbwM1Uwd IritRUNeXdh6hSOPdXK1MDJx8lYfbopjYNC9DfP46lsOQZlU491RLN/eNW+UGkWA BsEu9Hk2LPwsIzdgpz7RCbuzgJmURitcpyAGtyHxkw6e/20lhvZo/SjkCGcGK3tS qqqWYPzoJBoWrkJYnaVi1eREcNW5mdx8kssFkdeNHSHLYyDzsb6LyrNWSDWqUYFC Hn0ej/NNFyJjW/I2X4MIvU30ZuhYw80Oa/ybYyP2Jss+l7gnLltS1ijeXmCoN7pn 2JfPqHtpxNp4czQB9WfmgdUvHoYn2uMKt0lQJ13EHU/L6ATHW6zhdzGOJ1LSMfrz hPPS4VCxq8miE9gt+j+Q4MgguJxSTHcjlLuObWZifCqh8plWSKlyE8o50nzxn0NQ KtwUpsQUUlwha1PNJKWhX/XTBPYbRu0OG+aA+xrFPdJU//68ApXTICcPife05Bc0 Et/VGgLtJt/q4KnQuIVK7uPD9dOOndMkKAhDSGCZ56TxdxWO0juR1j1lgCi+kC2C n0EfsuCe+JUvd5MWmBalcFno09w1tpbTSfxpspmIzwJ8Cx181P5ffDOG9lGlV2nN N8H6Bd+kajS9EH3BchTs =VgKF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: linking (limiting???)
Replies inline. Note, people on this mailing list frown on top-posting (see items 6 and 7 here: http://tomcat.apache.org/lists.html). It does make the reply and response difficult to follow without rereading the entire thread. Please either reply inline or at the end, so people late to the party (or those of us with short / fragmented memory :-p) can remember what's going on. On 12/16/2013 1:00 PM, Ray Holme wrote: I have been trying three scenarios. So far one works (least security and not good for all OS versions). Again thanks to both Marks for the pointers, but I am afraid they are not working yet. My goal is to enable one directory to be used which is outside the application (and tomcat too) .../webapps/mywebapp hierarchy which mywebapp.war will replace with a new release use 1: to store/retrieve images locally to a machine under application control (db stores names of files) use 2: to store a static movie - demo (no update - this is the simple test case I try) The goal is to get this stuff out of the war file (leaving nothing, an empty dir, or a link as needed - see below). All of the below require apache/tomcat to be down when you make the changes, then restart to test a) IF you have linux (or unix) or osx - you can do symbolic linking simply move the directory and link (my case below): cd /webapps/mywebapp; mv images /opt; ln -s /opt/images and to enable symbolic linking to other directories on your machine (all of them) create a /webapps/mywebapp/META-INF/context.xml file (or edit the one you have) ?xml version=1.0 encoding=UTF-8? Context allowLinking=true /Context advantages for this method: works simply faults:MS os's don't do symbolic; also opens up ALL linking (security issues? probably) BUT THERE ARE 2 other SAFER more restrictive ways below, both also done in the same context.xml file (if I can get either of them to work - the examples often say the server.xml file, but there is only one of them in the top tomcat conf directory, which has NO context references - but if they go there, then path= probably needs to be specified.) b) ?xml version=1.0 encoding=UTF-8? Context aliases=/images=/opt/images / /Context c) ?xml version=1.0 encoding=UTF-8? Context Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/images=/opt/images / /Context I hope that you meant: Context Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/images=/opt/images / /Context - These are both more security conscious and might should work for MS (with MS correct paths such as d:\images) Which of these is simpler and/or better - I have no idea. Net comparisons don't say. but the VirtualDirContext.html pages say: DO NOT USE FOR PRODUCTION of course- they don't say why NOT I'm not sure that this is valid any more. Why both require the escaped greater than sign, beats me too. / It's not an escaped greater than sign. It's how one closes an empty tag in XML. You could also have written it the following way: Context Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/images=/opt/images /Resources /Context I would have thought it would be simply on the 2nd and 3rd lines resp. (b and c) NEITHER OF THESE WORKED FOR ME! (so far and I have tried many variants) Do I have to have the symbolic link (in Linux - I did for a) obviously) or should this be a plain empty directories (like Linux/Unix mount points) or should there be no ../webapps/myapp/images anything at all? There should be nothing in your web application at all. However, according to the documentation, the alias path (and by extension, the VirtualDirContext) are searched first, so it shouldn't matter as long as the target directory exists. In the manual version there are more parameters, but most folks say to drop path=mywebapp and the rest seem to not be relevant to what I am doing so I cut them out. Maybe that is the problem. Here is the example I found under VirtualDirContext online Context path=/mywebapp docBase=/Users/theuser/mywebapp/src/main/webapp Resources className=org.apache.naming.resources.VirtualDirContext extraResourcePaths=/pictures=/Users/theuser/mypictures,/movies=/Users/theuser/mymovies / Loader className=org.apache.catalina.loader.VirtualWebappLoader virtualClasspath=/Users/theuser/mywebapp/target/classes / JarScanner scanAllDirectories=true / /Context The example you quoted was for the directory structure listed above the example. Do not use path if you're deploying in the appBase directory defined in server.xml ($CATALINA_BASE/webapps by default), which you are. Do not use docBase at all - this is for locating an application outside of the appBase directory defined in server.xml. Now
Setting log file permissions upon creation?
Hi, I’m wondering if there is a way to force Tomcat to set permissions on log files when they’re created? It seems as though this would be something defined in the logging.properties file, but it doesn’t seem like it’s an option. I want the permissions of all log files created (on server startup/log rollover) to be 640. The only way I can think of doing this is either adding the command to the startup script, or by running a cron job every hour or so. However, if there is a way to make sure the log files are never more permissive than 640, that would be greatly preferable. Thank you, Chris
Re: Setting log file permissions upon creation?
On 12/16/2013 4:04 PM, Chris Wise wrote: Hi, I’m wondering if there is a way to force Tomcat to set permissions on log files when they’re created? It seems as though this would be something defined in the logging.properties file, but it doesn’t seem like it’s an option. I want the permissions of all log files created (on server startup/log rollover) to be 640. The only way I can think of doing this is either adding the command to the startup script, or by running a cron job every hour or so. However, if there is a way to make sure the log files are never more permissive than 640, that would be greatly preferable. Thank you, Chris 1. Create a setenv.sh file in $CATALINA_BASE/bin. 2. Add the following: #!/bin/bash umask 0026 Seems to work for me - quickly tested on Fedora 19, Tomcat 7.0.42, JRE 1.7.0_45. . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting log file permissions upon creation?
Hey Mark, Thanks for the response :) Just a quick question - won't this make ALL files Tomcat creates the same permissive...ness? Instead of just the log files? Thanks again! On Mon, Dec 16, 2013 at 7:25 PM, Mark Eggers its_toas...@yahoo.com wrote: On 12/16/2013 4:04 PM, Chris Wise wrote: Hi, I’m wondering if there is a way to force Tomcat to set permissions on log files when they’re created? It seems as though this would be something defined in the logging.properties file, but it doesn’t seem like it’s an option. I want the permissions of all log files created (on server startup/log rollover) to be 640. The only way I can think of doing this is either adding the command to the startup script, or by running a cron job every hour or so. However, if there is a way to make sure the log files are never more permissive than 640, that would be greatly preferable. Thank you, Chris 1. Create a setenv.sh file in $CATALINA_BASE/bin. 2. Add the following: #!/bin/bash umask 0026 Seems to work for me - quickly tested on Fedora 19, Tomcat 7.0.42, JRE 1.7.0_45. . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Setting log file permissions upon creation?
Inline response: On 12/16/2013 6:06 PM, Chris Wise wrote: Hey Mark, Thanks for the response :) Just a quick question - won't this make ALL files Tomcat creates the same permissive...ness? Instead of just the log files? This is true, but shouldn't be a problem. If you're running on a system that has ACL, then you could try the following: cd $CATALINA_BASE setfacl -n -d -m u::rwx,g::rx,o::- logs Read the setfacl / getfacl manual pages for more info. To restore (remove the access control lists), run the following: cd $CATALINA_BASE setfacl -b logs . . . just my two cents /mde/ Thanks again! On Mon, Dec 16, 2013 at 7:25 PM, Mark Eggers its_toas...@yahoo.com wrote: On 12/16/2013 4:04 PM, Chris Wise wrote: Hi, I’m wondering if there is a way to force Tomcat to set permissions on log files when they’re created? It seems as though this would be something defined in the logging.properties file, but it doesn’t seem like it’s an option. I want the permissions of all log files created (on server startup/log rollover) to be 640. The only way I can think of doing this is either adding the command to the startup script, or by running a cron job every hour or so. However, if there is a way to make sure the log files are never more permissive than 640, that would be greatly preferable. Thank you, Chris 1. Create a setenv.sh file in $CATALINA_BASE/bin. 2. Add the following: #!/bin/bash umask 0026 Seems to work for me - quickly tested on Fedora 19, Tomcat 7.0.42, JRE 1.7.0_45. . . . just my two cents /mde/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat unexpected shutdown
Hello, I'm operating some services under this environment. OS : RHEL 6.2 JVM : 1.6.0_34 WEB : httpd 2.2.22 WAS : tomcat 6.0.35(EWS 2.0) but I'm wondering if there is a way to shutdown tomcat unexpectly?? Catalina.out logs seems to be shutdown normally, but nobody can shutdown tomcat process I searched some similar this case, there is some way to find the app source thesystem.exit() method but there is no System.exit() method. How Can I solve this problem? I attach Catalina.out log and App logs, it seems to normally shutdown tomcat process Catalina.out 2013. 11. 3 ?ㅼ?? 2:19:32 org.apache.coyote.http11.Http11AprProtocol pause ?~U蹂? Pausing Coyote HTTP/1.1 on http-8080 2013. 11. 3 ?ㅼ?? 2:19:32 org.apache.coyote.ajp.AjpAprProtocol pause ?~U蹂? Pausing Coyote AJP/1.3 on ajp-8009 2013. 11. 3 ?ㅼ?? 2:19:33 org.apache.catalina.core.StandardService stop ?~U蹂? Stopping service Catalina = APP.log, it seems to normally undeploy the context. [2013-11-03 02:19:34,015][INFO][?:?] Closing org.springframework.web.context.support.XmlWebApplicationContext@61233fe3: display name [WebApplicationContext for namespace 'dispatcher-servlet']; startup date [Wed Oct 30 21:10:23 KST 2013]; parent: org.springframework.web.context.support.XmlWebApplicationContext@4d5fc672 [2013-11-03 02:19:34,015][INFO][?:?] Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@4838ddcc: defining beans []; parent: org.springframework.beans.factory.support.DefaultListableBeanFactory@7f0eeb26 [2013-11-03 02:19:34,138][INFO][?:?] Close Application Context [2013-11-03 02:19:34,139][INFO][?:?] Closing org.springframework.web.context.support.XmlWebApplicationContext@4d5fc672: display name [Root WebApplicationContext]; startup date [Wed Oct 30 21:10:12 KST 2013]; root of context hierarchy ===