Increasing Tomcat/Java memory
Hello everybody. How can I increase the memory Tomcat/Java is using? I tried setting CATALINA_OPTS with -server -Xms256m -Xmx512m but runtime.totalMemory always seems to return a value around 60MB. And there are some operations (exporting several thousand database records to an Excel file) where we receive out of memory errors. Unfortunately I don't yet know the exact error text and where it is displayed... Yet, if the server (including database) is rebootet it works, so it seems to be a problem with Tomcat (oracle doesn't seem to have a problem, because the data is already dispalyed in a table genereated by tomcat (JSP). Only if I try to export this data to an exel file, the problem arised. This is on Windows XP Pro SP2. Anybody got an idea? Can this be due to Tomcat memory management? How to change it correctly on windows ? Somewhere I saw -ms and -mx insead of -Xms and -Xmx Any help appreciated! With kind regards, Harald Henkel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Increasing Tomcat/Java memory
These settings are stored in the r egistry if you are running Tomcat as windows service. Usually you have a small applet installed that allows you to edit the setttings. If do not see the applet, try to execute Tomcat\bin\tomcat5w.exe //ES//TomcatServiceName where TomcatServiceName is your Windows Servicename for Tomcat. Harald Henkel wrote: Hello everybody. How can I increase the memory Tomcat/Java is using? I tried setting CATALINA_OPTS with -server -Xms256m -Xmx512m but runtime.totalMemory always seems to return a value around 60MB. And there are some operations (exporting several thousand database records to an Excel file) where we receive out of memory errors. Unfortunately I don't yet know the exact error text and where it is displayed... Yet, if the server (including database) is rebootet it works, so it seems to be a problem with Tomcat (oracle doesn't seem to have a problem, because the data is already dispalyed in a table genereated by tomcat (JSP). Only if I try to export this data to an exel file, the problem arised. This is on Windows XP Pro SP2. Anybody got an idea? Can this be due to Tomcat memory management? How to change it correctly on windows ? Somewhere I saw -ms and -mx insead of -Xms and -Xmx Any help appreciated! With kind regards, Harald Henkel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Increasing Tomcat/Java memory
Thanks a lot for your reply. I set the values directly in my registry, restarted Tomcat and voilá: runtime.totalMemory now gives the increased -Xms value after startup. With kind regards, Harald Henkel Jost Richstein schrieb: These settings are stored in the r egistry if you are running Tomcat as windows service. Usually you have a small applet installed that allows you to edit the setttings. If do not see the applet, try to execute Tomcat\bin\tomcat5w.exe //ES//TomcatServiceName where TomcatServiceName is your Windows Servicename for Tomcat. Harald Henkel wrote: Hello everybody. How can I increase the memory Tomcat/Java is using? I tried setting CATALINA_OPTS with -server -Xms256m -Xmx512m but runtime.totalMemory always seems to return a value around 60MB. And there are some operations (exporting several thousand database records to an Excel file) where we receive out of memory errors. Unfortunately I don't yet know the exact error text and where it is displayed... Yet, if the server (including database) is rebootet it works, so it seems to be a problem with Tomcat (oracle doesn't seem to have a problem, because the data is already dispalyed in a table genereated by tomcat (JSP). Only if I try to export this data to an exel file, the problem arised. This is on Windows XP Pro SP2. Anybody got an idea? Can this be due to Tomcat memory management? How to change it correctly on windows ? Somewhere I saw -ms and -mx insead of -Xms and -Xmx Any help appreciated! With kind regards, Harald Henkel - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom realm extending JDBCRealm
HI!! Just solved. I was using tomcat 5.5.0. I was looking at sources of 5.5.16. I suppose that the authenticate method of 5.5.0 doesn't use getPassord method. I tried it in 5.5.16 and everything works fine Thanks for attention Alessandro On 3/24/06, Alessandro Colantoni [EMAIL PROTECTED] wrote: Hi all! For some reasons I had to extend JDBCRealm to overwrite the method getPassword. This is myRealm: public class ManoloJDBCRealm extends JDBCRealm{ private static Log log = LogFactory.getLog(ManoloJDBCRealm.class); protected String getPassword(String username) { System.out.println(username= +username); String password=super.getPassword(username); log.info(password=+password); String hexpassword=HexUtils.convert(password.getBytes()); log.info(hexpassword=+hexpassword); return hexpassword; } } I wrote the file mbeans-descriptors.xml ?xml version=1.0? mbeans-descriptors mbean name=ManoloJDBCRealm description=Implementation of Realm that works with any JDBC supported database domain=Catalina group=Realm type= com.steria.tc.realm.ManoloJDBCRealm attribute name=className description=Fully qualified class name of the managed object type=java.lang.String writeable=false / attribute name=connectionName description=The connection username to use when trying to connect to the database type= java.lang.String / attribute name=connectionPassword description=The connection URL to use when trying to connect to the database type= java.lang.String / attribute name=connectionURL description=The connection URL to use when trying to connect to the database type=java.lang.String / attribute name=digest description=Digest algorithm used in storing passwords in a non-plaintext format type= java.lang.String / attribute name=driverName description=The JDBC driver to use type=java.lang.String / attribute name=roleNameCol description=The column in the user role table that names a role type= java.lang.String / attribute name=userCredCol description=The column in the user table that holds the user's credentials type=java.lang.String / attribute name=userNameCol description=The column in the user table that holds the user's username type= java.lang.String / attribute name=userRoleTable description=The table that holds the relation between user's and roles type=java.lang.String / attribute name=userTable description=The table that holds user data type= java.lang.String / operation name=start description=Start impact=ACTION returnType=void / operation name=stop description=Stop impact=ACTION returnType=void / operation name=init description=Init impact=ACTION returnType=void / operation name=destroy description=Destroy impact=ACTION returnType=void / /mbean /mbeans-descriptors I just copied it form the JDBCRealm and change the type. This file is in the same package of ManoloJDBCRealm. In server.xml I put Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 descriptors=/com/steria/tc/realm/mbeans-descriptors.xml/ I've done a jar with in com/steria/tc/realm/mbeans-descriptors.xml, ManoloJDBCRealm.class and I put it in server/lib In my context.xml I put Realm className = com.steria.tc.realm.ManoloJDBCRealm../ I start tomcat, I get no error, but when i authenticate I don't get one of the message of my custom getPassword(String username). The behavior is as if tomcat utilize the JDBCREalm method Thanks in advance Alessandro
Re: return (HexUtils.convert(md.digest())) in RealmBase
I solved the last problem passing to tomcat 5.5.16 . At the end everything work as i desired (well i didn't do many tests so that's what I hope). Thanks your help and your patience Alessandro On 3/24/06, Alessandro Colantoni [EMAIL PROTECTED] wrote: Hi! One day after i understood what you explained me. HexUtils.convert just do an hex representation in a string format of the binary number represented by the array of byte. I taught that a solution to my problem could be implement a custom realm, that extends JDBCrealm and overwrite the method getPassword in such a way protected String getPassword(String username) { System.out.println(username= +username); String password=super.getPassword(username); log.info(password=+password); String hexpassword=HexUtils.convert(password.getBytes()); log.info(hexpassword=+hexpassword); return hexpassword; } In theory should work , but I don't know why tomcat still uses the getPassword of the JDBCrealm , cause I don't see messages printed. But this is an other problem, and that's better I open another thread. I hope I'm following the rigtht way On 3/23/06, Alessandro Colantoni [EMAIL PROTECTED] wrote: Hi ! I'm lost. Sorry. I don't understand when you say I can guarantee that MessageDigest.digest(), which returns an array of bytes, will NOT return an array of bytes every time that can be transmitted on a URL i.e. is a printable string. I will try to explain better what I have done I have an algorithm called manolo (from the name of the manager of the other application that passed it to me). I wrote a class public class ManoloMessageDigestSpi extends MessageDigestSpi implements Cloneable I have in this class the field private byte[] digest = null; I implemented the method engineDigest: protected byte[] engineDigest(){ byte[] completedDigest=this.digest; engineReset(); return completedDigest; } in the engineUpdate(byte input) I just set the field digest with the encrypted value of input using the manolo algorithm. I wrote a Provider called ManoloProvider public final class ManoloProvider extends Provider{ public ManoloProvider() { super(manolo, 1.0, algoritmo pasado por Manolo el 21-03-2006); put (MessageDigest.manolo, com.steria.tc.security.ManoloMessageDigestSpi ); } } Then in a servlet that load on startup I do something like that Security.addProvider(new ManoloProvider) In the context.xml of my application I put Realm className = org.apache.catalina.realm.JDBCRealm digest=manolo . / When The other application(developed in power builder) store a password use the manolo algorithm to encrypt it. So what it stores is the same value of MessageDigest.update(cleartext); MessageDigest.digest().toString(). So let's call: cleartext : password in cleartext digested : password encrypted converted: digested converted with HexUtils.convert At the end, when Tomcat authenticates it will compare converted with digested and always fail. Everything work fine if was my application to store password, storing RealmBase.Digest(cleartext,manolo) Thanks for attention Alessandro On 3/22/06, Jay Burgess [EMAIL PROTECTED] wrote: Then maybe I'm misunderstanding something. But I can guarantee that MessageDigest.digest(), which returns an array of bytes, will NOT return an array of bytes every time that can be transmitted on a URL i.e. is a printable string. That's why it has to be encoded in some form, and two hex chars/bytes is the way this gets encoded. However, if you really do want to undo the encoding, simply reverse the logic of the encode() method in the MD5Encoder.java file. Alternatively, if you are just trying to authenticate something in your code, it may work to just run through the digest and encode steps yourself, then compare your end result with what the user sent. If they're the same, then they're authenticated, without you needing to undo anything. Jay -Original Message- From: Alessandro Colantoni [mailto: [EMAIL PROTECTED] Sent: Wednesday, March 22, 2006 12:37 PM To: Tomcat Users List Subject: Re: return (HexUtils.convert(md.digest())) in RealmBase Thanks for answer. I'm sure that the byte representation is printable, because that's a very easy algorithm, and it is working since some year storing correct encrypted password with the other application. What i should need is an inverse operation of the HexUtils.convert. Is there such an algorithm? I 'll explain better. Lets call this inverse operation convert_inv. It should be so that HexUtils.convert
Tuning tomcat : Modifing apache config : RedirectMacth directive
Hi List, I have a specific question about apache _expression matching. I have a apache tomcat server setup . While tuning tomcat i needed to achieve some tweaking to the apache _expression matching , or atleast that i felt . The site have all incoming urls (www.subdomain.domain.com type) are redirected to (https://domain.com/subdomain/index.jsp) . The possible input urls are: www.aaa.domain.com ( mostly ) aaa.domain.com http://aaa.domain.com www.domain.com/aaa/ And the redirecting url are : https://www.domain.com/aaa/index.jsp (mostly ) or https://www.domain.com/aaa/ The above redirection is working and valid for the following apache directive : VirtualHost * ServerName aaa.domain.com RedirectMatch (.*)\ .*$ https://www.domain.com/aaa$1 --x--- Now for load balancing i needed to change certain directives related to Mod_JK . The modifications at (httpd.conf) needed as below : original : JkMount /* my_workers Modified to : JkMount /*.jsp my_workers x- The change really worked .., the site started operating with tomcat serving its content alright . The subdomain functioning just stopped. The scenario here : at the ServerRoot ( /ust/local/domain/ ) the index.jsp resides . At that index.jsp a mapping is confirmed , which gurantees that the http get request ( when someone tyies to connect www.aaa.domain.com ) with aaa subdomain is served as index.jsp with the specific dynamic content part defined for aaa subdomain . This way multiple subdomains are entertained . So there is no aaa directory or aaa filename at ServerRoot . The related jsp for aaa is placed somewhere else as per index.jsp Let me know how exactly to overcome the situation . Because after modifing the httpd.conf entry as above i started getting errors : error.log : Files does not exist 404 /usr/local/domain/aaa access.log : [aa.dd.bb.cc] - - [22/Mar/2006] GET /aaa HTTP/1.1 404 346 - Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; PCQuest) Let me know where i am mistaking .. I felt that matching the expression in a new way would do the trick and still trying on this . Any clue what could be the solution . Regards.. Regards.. -- Sanjay Saha System Administrator http://www.sanjaysaha.in
Re: Check if file exists in WEB-INF folder
Hello, be careful using filesystem directly. This piece of code will not work if the unpackWARs=no. Use getServletContext().getResource(/WEB-INF/jsp/test.jsp) == null instead. This will work for both options: for unpacked WARs and packed WARs. PETR On 3/23/06, Rapthor [EMAIL PROTECTED] wrote: It works! Thanks. -- View this message in context: http://www.nabble.com/Check-if-file-exists-in-WEB-INF-folder-t1329073.html#a3549945 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat, Security and RMI
Hi, Environment: OS: Solaris 10 on client and server Java: java full version 1.5.0_06-b04 Tomcat: 5.5.15 I'm trying make one of my servlets act as an RMI client with an RMI server running on a different host. I have a problem though and I can't seem to make much progress, so maybe someone can help me. If I invoke Tomcat with the following additional options, I can make my servlet/RMI client deploy: -Djava.rmi.server.codebase=http://webserver/builds2/garypen/jars/jscmc.jar http://webserver/builds2/garypen/jars/jscma.jar; The application executes fine until it tries to make an RMI call to the server which involves transferring an object from the client to the server. At this point, if I make sure that the client jar file is in my server's class path then everything works fine, since the server loads the local class definition. However, this is not ideal and I don't want to have to load client jar files on my server. Rather, I would like to use the RMI capability to load the class definition from my client. This is the problem I'm trying to solve. I modified my catalina policy file so that: //Gary's nasty hack to get round all security :) grant codeBase file:${catalina.home}/webapps/repository/- { permission java.security.AllPermission; }; You'll note that I'm trying to give every permisssion to my servlets. I'll fix this later and only give specific permissions. I'm just using this whilst I figure out what is going on. I start up my server with the -security option to make sure the policy file is used to set the security environment. However, when the call to the server is made, I get the following errors: Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is: java.lang.ClassNotFoundException: access to class loader denied blah, bla, blah... Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /home/garypen/dev/dist/apache-tomcat-5.5.15/webapps/repository/WEB-INF/classes/- read) (This is just a snippet of the full trace log, the rest appears to be fairly unhelpful detail.) So, this is a big puzzle to me. I'm giving everything under blah/webapps/repository all permissions and yet Tomcat is failing to load the class that I want to send to my RMI server because of a permissions problem. Has anyone got any idea what the problem could be? On a related note. When you modify a policy file and use the '-' sign to indicate all jars and classes under this codebase have the policies applied. Does this include jar files with different extensions, e.g. .war or .ear? It doesn't seem that it does at the moment, so I'm unpacking my .war files. Again, this is a bit unsatisfactory, so I'd rather not do this. How do I set policy against .war files? Thanks for any pointers, Gary -- Gary Pennington Solaris Kernel Development, Sun Microsystems [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5 DataSourceRealm
Hi All, I've failed miserably in configuring a DataSourceRealm for a web application. I've scoured Google (50/50), mailing list archives (ask a friend), and not to much avail. I've also liased with the Tomcat 5.5 documentation as far as I can tell. So I turn to ask the audience ;) I am using the Realm method described in the docu as Inside a Context element - This Realm will be used ONLY for THIS web application. Before this I tried out my security web.xml declarations with the simple tomcat-users UserDatabase and this worked fine. Now I want to get it working with database tables. I configure my web app Context a la META-INF/context.xml My DataSources are working fine and have been for a good while. The main one, inside the context.xml is Resource name=jdbc/web auth=Container driverClass=net.sourceforge.jtds.jdbc.Driver minPoolSize=5 maxPoolSize=10 acquireIncrement=1 user=user password=pass factory=org.apache.naming.factory.BeanFactory type=com.mchange.v2.c3p0.ComboPooledDataSource jdbcUrl=jdbc:jtds:sqlserver://intratest:1433/dbWeb;charset=Cp1252 / And I have my web.xml resource-ref descriptionWeb Database/description res-ref-namejdbc/web/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref So, I've created my Realm tables and so on in my database (the same one pointed to by the above Resource). I declare in the context.xml file Realm className=org.apache.catalina.realm.DataSourceRealm dataSourceName=jdbc/web userTable=tblUsers userRoleTable=tblUserRoles userNameCol=user_name userCredCol=user_pass roleNameCol=role_name / I fire up Tomcat and it does not seem to have too much trouble until I try and login. 2006-03-24 11:43:07,578 - ERROR (org.apache.catalina.realm.DataSourceRealm:405) - Exception performing authentication javax.naming.NameNotFoundException: Name jdbc is not bound in this Context at org.apache.naming.NamingContext.lookup(NamingContext.java:769) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.realm.DataSourceRealm.open(DataSourceRealm.java:401) I recognise the Name jdbc is not bound in this Context from the days of migrating from Tomcat 5.0 to 5.5 due to the new format for defining Resource elements. However, that's an old story that I figured out eons ago, my DataSource Resources are proven and work. I therefore do not believe this to be a DataSource config or driver problem. It seems to me like the datasources are simply _not ready_ by the time the Realm element is processed? Could this be the case? Or am I simply not seeing something obvious (quite possible :)) Your help appreciated, Allistair FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLACK Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, Security and RMI
Gary Pennington wrote: If I invoke Tomcat with the following additional options, I can make my servlet/RMI client deploy: -Djava.rmi.server.codebase=http://webserver/builds2/garypen/jars/jscmc.jar http://webserver/builds2/garypen/jars/jscma.jar; The application executes fine until it tries to make an RMI call to the server which involves transferring an object from the client to the server. At this point, if I make sure that the client jar file is in my server's class path then everything works fine, since the server loads the local class definition. However, this is not ideal and I don't want to have to load client jar files on my server. Rather, I would like to use the RMI capability to load the class definition from my client. This is the problem I'm trying to solve. I modified my catalina policy file so that: //Gary's nasty hack to get round all security :) grant codeBase file:${catalina.home}/webapps/repository/- { permission java.security.AllPermission; }; [...] Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is: java.lang.ClassNotFoundException: access to class loader denied blah, bla, blah... Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /home/garypen/dev/dist/apache-tomcat-5.5.15/webapps/repository/WEB-INF/clas ses/- read) I don't have much experience regarding RMI so I won't be of much help if it's a RMI-specific problem. But two points come to my mind: 1. You did make sure everything works as expected if you start Tomcat without security manager? 2. Do CATALINE_HOME and CATALINA_BASE point to the same directory? If not, the setting above may be without effect. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
how to get value of select
Hello all, can some one tell me how to get value of select if it is multipal selected. like this select name=txtrole size=2 multiple=multiple -- Cup of Java + Suger of XML = Secure WebApp
Re: Classloader question
Yes, quite correct on your statement regarding using Application as the definition. The essence of what we are looking for is a similar behavior with Tomcat. Our over arching goal is to minimize or eliminate the need to have jars that are to be shared by more than one applicaiton (WAR) be copied into each applicaiton. We would like to have them in one place where they can be accessed by all applicaitons. We've achieved this somewhat by placing the jar in the shared jars folder. However, the delegation model prohibits instantiating classes that belong to an application from any entity in the shared jars folder. If Tomcat does not have a similar facility as mentioned regarding WebSphere, what is considered to be the best practices approach as far as Tomcat is concerned? -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3570566 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to get value of select
Hi use request.getParameterValues(String paramName) HTH Vinu Prashant Saraf wrote: Hello all, can some one tell me how to get value of select if it is multipal selected. like this select name=txtrole size=2 multiple=multiple -- Cup of Java + Suger of XML = Secure WebApp -- Vinu Varghese [EMAIL PROTECTED] www.x-minds.org
Re: Run Tomcat in W2k3 as service
On Thu, 2006-03-23 at 20:51 +, Nic Daniau wrote: You may need to reconfigure the service. Have a look to my post from a few min ago on *running two instances of tomcat* you can also update the service using e.g. %CATALINA_HOME%\bin\tomcat5.exe //US//Tomcat5 --Description My updated description Referencing your other post, you're saying I can do something like the following? %CATALINA_HOME%\bin\tomcat5.exe //US/Tomcat5 --JvmOptions -security Will that work to get the security manager working while running as a service? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run Tomcat in W2k3 as service
On Fri, 2006-03-24 at 13:38 +, Nic Daniau wrote: I wouldn't think so, these options are called when the service is launched so you would have to restart the service for this to be picked up. Right, I understand that I'll have to restart the service. But is that the way to get the service to recognize the fact that I want the security manager running? %CATALINA_HOME%\bin\tomcat5.exe //US/Tomcat5 --JvmOptions -security - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run Tomcat in W2k3 as service
On Fri, 2006-03-24 at 13:55 +, Nic Daniau wrote: Not sure, TFM is a bit vague on this, it does not talk of the windows service. This must be one of the options, but which one?... StartMode? JvmOptions? I've never really spent a lot of time on the security manager, but I'm definitively interested in an answer on this. I have an opportunity to take the site down in a few minutes. I'll quickly try setting that and post what I find. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Increasing Tomcat/Java memory
From: David Delbecq [mailto:[EMAIL PROTECTED] Subject: Re: Increasing Tomcat/Java memory 4) More funny, a java.lang.OutOfMemoryError can also occur when you run out of process threads An OOME is really a catch-all for exhaustion of any system resource. One other common cause is running out of file descriptors. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Run Tomcat in W2k3 as service
On Fri, 2006-03-24 at 08:58 -0500, Ryan Daly wrote: I have an opportunity to take the site down in a few minutes. I'll quickly try setting that and post what I find. No good. If anyone comes across the proper options to do this, please post it to the list. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat session handling
Hi people, I have two web applications (appA and appB) running on Tomcat 5.0.28. appA is a single signon web application in which the user is automatically authenticated against the domain using NTLM. From this application the user clicks on a link in order to enter to appB. Today I came across a strange problem in which at some stage the system could not find ABC.css file even though it was in the proper directory. Furthermore, even the images could not be found as they were not loaded in the web application. Incidentally, some minutes before this issue, the same user reported that she has been authenticated as a different user on appA. This means that appA authenticated a different user in the same domain rather than the actual user that loaded the application. It seems that the problem is related to session handling. This problem has been reported only once and no changes have been done to both systems. Do you have any ideas please. This is really freaky!!! Regards, George Azzopardi *** Internet Email Notice *** The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this message is strictly prohibited. Opinions or views expressed in this message belong to the author only, except where the message states otherwise and the sender is authorised to state them to be the views of Bank of Valletta plc or any of its subsidiaries. If you have received this message in error, please delete it forthwith, destroy any hardcopies, and kindly inform the author immediately. Thank You. Website: http://www.bov.com/ * - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run Tomcat in W2k3 as service
I'm not sure about Windows services specifically, but you can start the JVM with a security manager generically by using the -Djava.security.manager and -Djava.security.policy=YOUR POLICY FILE URL java startup options. You can append these to $JAVA_OPTS on Unix systems to get a security manager (it's effectively what the catalina startup script does), so I'd try using those as the --JvmOptions values. Benjamin J. Armintor Operating Systems Specialist ITS-Systems: Mainframe Group University of Texas - Austin tele: (512) 232-6562 email: [EMAIL PROTECTED] -Original Message- From: Ryan Daly [mailto:[EMAIL PROTECTED] Sent: Friday, March 24, 2006 8:14 AM To: Nic Daniau Cc: Tomcat Users List Subject: Re: Run Tomcat in W2k3 as service On Fri, 2006-03-24 at 08:58 -0500, Ryan Daly wrote: I have an opportunity to take the site down in a few minutes. I'll quickly try setting that and post what I find. No good. If anyone comes across the proper options to do this, please post it to the list. Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
Hello, Von: Fran Varin [EMAIL PROTECTED] Yes, quite correct on your statement regarding using Application as the definition. The essence of what we are looking for is a similar behavior with Tomcat. Our over arching goal is to minimize or eliminate the need to have jars that are to be shared by more than one applicaiton (WAR) be copied into each applicaiton. You are following the wrong approach in my oppinion. The goal of the Classloaders is to have every application as independent as possible and to offer an isolated context where possible. The pro side of the shared classloader is to have the chance to have a single point of change for the JARs for all applications. I understand the approach but I (and I think others at the list too) think it is the wrong approach because it has disadvantages for static variables, logging etc. We would like to have them in one place where they can be accessed by all applicaitons. We've achieved this somewhat by placing the jar in the shared jars folder. However, the delegation model prohibits instantiating classes that belong to an application from any entity in the shared jars folder. If Tomcat does not have a similar facility as mentioned regarding WebSphere, what is considered to be the best practices approach as far as Tomcat is concerned? Best practise (not only for Tomcat) is elimante the need for shareds jars. To the mailing-list: If you have an library which has not the explicit recommendation to put it in common/shared lib path (i.E. a special JDBC driver where the vendor recommends one to put it into shared) what do you prefer - the single point of change in shared or the isolated point of view with WEB-INF/lib? Regards Boris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL incoming request filtering (before authentification via client cert)
Is there any way to control the client certificate authentication? That is I would like to have the certs in some other repository than tomcat's default(java keystore). And I need the users to authenticate with their certs. So is there a way to filter a connector? Or any other way to get the cert that the client sends to the connector and force the container(tomcat) to set the appropriate role? smime.p7s Description: S/MIME Cryptographic Signature
SSL incoming request filtering (before authentification via client cert)
Is there any way to control the client certificate authentication? That is I would like to have the certs in some other repository than tomcat's default(java keystore). And I need the users to authenticate with their certs. So is there a way to filter a connector? Or any other way to get the cert that the client sends to the connector and force the container(tomcat) to set the appropriate role? smime.p7s Description: S/MIME Cryptographic Signature
Re: Tomcat, Security and RMI
On Fri, Mar 24, 2006 at 01:10:40PM +0100, Markus Sch?nhaber wrote: Gary Pennington wrote: If I invoke Tomcat with the following additional options, I can make my servlet/RMI client deploy: -Djava.rmi.server.codebase=http://webserver/builds2/garypen/jars/jscmc.jar http://webserver/builds2/garypen/jars/jscma.jar; The application executes fine until it tries to make an RMI call to the server which involves transferring an object from the client to the server. At this point, if I make sure that the client jar file is in my server's class path then everything works fine, since the server loads the local class definition. However, this is not ideal and I don't want to have to load client jar files on my server. Rather, I would like to use the RMI capability to load the class definition from my client. This is the problem I'm trying to solve. I modified my catalina policy file so that: //Gary's nasty hack to get round all security :) grant codeBase file:${catalina.home}/webapps/repository/- { permission java.security.AllPermission; }; [...] Caused by: java.rmi.UnmarshalException: error unmarshalling arguments; nested exception is: java.lang.ClassNotFoundException: access to class loader denied blah, bla, blah... Caused by: java.security.AccessControlException: access denied (java.io.FilePermission /home/garypen/dev/dist/apache-tomcat-5.5.15/webapps/repository/WEB-INF/clas ses/- read) I don't have much experience regarding RMI so I won't be of much help if it's a RMI-specific problem. But two points come to my mind: 1. You did make sure everything works as expected if you start Tomcat without security manager? Without a security manager, I still get problems. But they are different problems. e.g. Caused by: java.security.AccessControlException: access denied (java.util.logging.LoggingPermission control) ... Exception in thread ContainerBackgroundProcessor[StandardEngine[Catalina]] java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) I'm not sure what is triggering this exception. But it's by-passed if I set a security policy. 2. Do CATALINE_HOME and CATALINA_BASE point to the same directory? If not, the setting above may be without effect. I haven't changed either of these variables. They are both at default. Thanks, Gary Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Gary Pennington Solaris Kernel Development, Sun Microsystems [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run Tomcat in W2k3 as service
On Fri, 2006-03-24 at 08:27 -0600, Benjamin Armintor wrote: I'm not sure about Windows services specifically, but you can start the JVM with a security manager generically by using the -Djava.security.manager and -Djava.security.policy=YOUR POLICY FILE URL java startup options. You can append these to $JAVA_OPTS on Unix systems to get a security manager (it's effectively what the catalina startup script does), so I'd try using those as the --JvmOptions values. I was actually just taking a look at that. I'll give that a try and see how it goes... Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run Tomcat in W2k3 as service
Yes indeed and its quite easy! If you're running it as a service (either installed the exe or ran the service install ... from the zip version) you will have a [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters] in your registry (where Tomcat5 is the name given to your Tomcat service - ie. you may have multiple if you having a horizontal cluster or just different versions). In this you will have a Java key specifying several Java parameters such as classpath, jvm, xms, xm and general options. You should be able to edit this reg file and use it: Change Tomcat and Jvm path beforehand - change Jvm and other options afterwards... - - - Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters] [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java] Jvm=C:\\App\\Java\\jdk1.5.0_06\\jre\\bin\\server\\jvm.dll Classpath=C:\\App\\Tomcat5\\bin\\bootstrap.jar Options=hex(7):2d,00,44,00,63,00,61,00,74,00,61,00,6c,00,69,00,6e,00,6 1,00,\ 2e,00,68,00,6f,00,6d,00,65,00,3d,00,43,00,3a,00,5c,00,41,00,70,00,70,00, 5c,\ 00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00,00,00,2d,00,44,00,63,00,61, 00,\ 74,00,61,00,6c,00,69,00,6e,00,61,00,2e,00,62,00,61,00,73,00,65,00,3d,00, 43,\ 00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74, 00,\ 35,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,65,00,6e,00,64,00, 6f,\ 00,72,00,73,00,65,00,64,00,2e,00,64,00,69,00,72,00,73,00,3d,00,43,00,3a, 00,\ 5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00, 5c,\ 00,63,00,6f,00,6d,00,6d,00,6f,00,6e,00,5c,00,65,00,6e,00,64,00,6f,00,72, 00,\ 73,00,65,00,64,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,69,00, 6f,\ 00,2e,00,74,00,6d,00,70,00,64,00,69,00,72,00,3d,00,43,00,3a,00,5c,00,41, 00,\ 70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00,5c,00,74,00, 65,\ 00,6d,00,70,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,75,00,74, 00,\ 69,00,6c,00,2e,00,6c,00,6f,00,67,00,67,00,69,00,6e,00,67,00,2e,00,6d,00, 61,\ 00,6e,00,61,00,67,00,65,00,72,00,3d,00,6f,00,72,00,67,00,2e,00,61,00,70, 00,\ 61,00,63,00,68,00,65,00,2e,00,6a,00,75,00,6c,00,69,00,2e,00,43,00,6c,00, 61,\ 00,73,00,73,00,4c,00,6f,00,61,00,64,00,65,00,72,00,4c,00,6f,00,67,00,4d, 00,\ 61,00,6e,00,61,00,67,00,65,00,72,00,00,00,2d,00,44,00,6a,00,61,00,76,00, 61,\ 00,2e,00,75,00,74,00,69,00,6c,00,2e,00,6c,00,6f,00,67,00,67,00,69,00,6e, 00,\ 67,00,2e,00,63,00,6f,00,6e,00,66,00,69,00,67,00,2e,00,66,00,69,00,6c,00, 65,\ 00,3d,00,43,00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63, 00,\ 61,00,74,00,35,00,5c,00,63,00,6f,00,6e,00,66,00,5c,00,6c,00,6f,00,67,00, 67,\ 00,69,00,6e,00,67,00,2e,00,70,00,72,00,6f,00,70,00,65,00,72,00,74,00,69, 00,\ 65,00,73,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,73,00,65,00, 63,\ 00,75,00,72,00,69,00,74,00,79,00,2e,00,6d,00,61,00,6e,00,61,00,67,00,65, 00,\ 72,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,73,00,65,00,63,00, 75,\ 00,72,00,69,00,74,00,79,00,2e,00,70,00,6f,00,6c,00,69,00,63,00,79,00,3d, 00,\ 43,00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00, 74,\ 00,35,00,5c,00,63,00,6f,00,6e,00,66,00,5c,00,63,00,61,00,74,00,61,00,6c, 00,\ 69,00,6e,00,61,00,2e,00,70,00,6f,00,6c,00,69,00,63,00,79,00,00,00,2d,00, 44,\ 00,6a,00,61,00,76,00,61,00,2e,00,61,00,77,00,74,00,2e,00,68,00,65,00,61, 00,\ 64,00,6c,00,65,00,73,00,73,00,3d,00,74,00,72,00,75,00,65,00,00,00,00,00 JvmMs=dword:0100 JvmMx=dword:0200 JvmSs=dword:0080 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Log] Path=C:\\App\\Tomcat5\\logs StdError=auto StdOutput=auto Level=Error [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Start] WorkingPath=C:\\App\\Tomcat5 Class=org.apache.catalina.startup.Bootstrap Params=hex(7):73,00,74,00,61,00,72,00,74,00,00,00,00,00 Mode=jvm [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Stop] WorkingPath=C:\\App\\Tomcat5 Class=org.apache.catalina.startup.Bootstrap Params=hex(7):73,00,74,00,6f,00,70,00,00,00,00,00 Mode=jvm - - - Best regards Thomas -Original Message- From: Ryan Daly [mailto:[EMAIL PROTECTED] Sent: 22. marts 2006 22:26 To: Tomcat Users List Subject: Run Tomcat in W2k3 as service Has anyone successfully set environment variables for the Tomcat process when it's running as a service? Is it possible to start the service with the -security option, as in Linux? Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, Security and RMI
Gary Pennington wrote: On Fri, Mar 24, 2006 at 01:10:40PM +0100, Markus Schönhaber wrote: I don't have much experience regarding RMI so I won't be of much help if it's a RMI-specific problem. But two points come to my mind: 1. You did make sure everything works as expected if you start Tomcat without security manager? Without a security manager, I still get problems. But they are different problems. e.g. Caused by: java.security.AccessControlException: access denied (java.util.logging.LoggingPermission control) ... Exception in thread ContainerBackgroundProcessor[StandardEngine[Catalina]] java.security.AccessControlException: access denied (java.lang.RuntimePermission setContextClassLoader) Haven't seen something like this before. If you'd shown me this without further comment, I'd propably would have bet quite a few $ that there's a security manager involved. I'm not sure what is triggering this exception. But it's by-passed if I set a security policy. 2. Do CATALINE_HOME and CATALINA_BASE point to the same directory? If not, the setting above may be without effect. I haven't changed either of these variables. They are both at default. I'm out of ideas, sorry. Hopefully, someone else can provide some helpful tips. Regards mks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Run Tomcat in W2k3 as service
Oups in case you're running a script to start Tomcat you may use for instance (taken from my TC4 script): set JAVA_HOME=C:\App\Java\jdk1.4.2_05 set CATALINA_HOME=C:\App\Tomcat4 set CATALINA_OPTS=-server -Xms512m -Xmx1024m -XX:NewSize=64m -XX:MaxNewSize=64m -XX:MaxPermSize=128m -Xss128k -XX:+UseConcMarkSweepGC -XX:+UseCMSCompactAtFullCollection -XX:CMSFullGCsBeforeCompaction=0 -XX:+DisableExplicitGC -Djava.awt.headless=true call %CATALINA_HOME%\bin\catalina.bat run -security -Original Message- From: Thomas Bolding [mailto:[EMAIL PROTECTED] Sent: 24. marts 2006 15:49 To: Tomcat Users List Subject: RE: Run Tomcat in W2k3 as service Yes indeed and its quite easy! If you're running it as a service (either installed the exe or ran the service install ... from the zip version) you will have a [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters] in your registry (where Tomcat5 is the name given to your Tomcat service - ie. you may have multiple if you having a horizontal cluster or just different versions). In this you will have a Java key specifying several Java parameters such as classpath, jvm, xms, xm and general options. You should be able to edit this reg file and use it: Change Tomcat and Jvm path beforehand - change Jvm and other options afterwards... - - - Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters] [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Java] Jvm=C:\\App\\Java\\jdk1.5.0_06\\jre\\bin\\server\\jvm.dll Classpath=C:\\App\\Tomcat5\\bin\\bootstrap.jar Options=hex(7):2d,00,44,00,63,00,61,00,74,00,61,00,6c,00,69,00,6e,00,6 1,00,\ 2e,00,68,00,6f,00,6d,00,65,00,3d,00,43,00,3a,00,5c,00,41,00,70,00,70,00, 5c,\ 00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00,00,00,2d,00,44,00,63,00,61, 00,\ 74,00,61,00,6c,00,69,00,6e,00,61,00,2e,00,62,00,61,00,73,00,65,00,3d,00, 43,\ 00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74, 00,\ 35,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,65,00,6e,00,64,00, 6f,\ 00,72,00,73,00,65,00,64,00,2e,00,64,00,69,00,72,00,73,00,3d,00,43,00,3a, 00,\ 5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00, 5c,\ 00,63,00,6f,00,6d,00,6d,00,6f,00,6e,00,5c,00,65,00,6e,00,64,00,6f,00,72, 00,\ 73,00,65,00,64,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,69,00, 6f,\ 00,2e,00,74,00,6d,00,70,00,64,00,69,00,72,00,3d,00,43,00,3a,00,5c,00,41, 00,\ 70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00,74,00,35,00,5c,00,74,00, 65,\ 00,6d,00,70,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,75,00,74, 00,\ 69,00,6c,00,2e,00,6c,00,6f,00,67,00,67,00,69,00,6e,00,67,00,2e,00,6d,00, 61,\ 00,6e,00,61,00,67,00,65,00,72,00,3d,00,6f,00,72,00,67,00,2e,00,61,00,70, 00,\ 61,00,63,00,68,00,65,00,2e,00,6a,00,75,00,6c,00,69,00,2e,00,43,00,6c,00, 61,\ 00,73,00,73,00,4c,00,6f,00,61,00,64,00,65,00,72,00,4c,00,6f,00,67,00,4d, 00,\ 61,00,6e,00,61,00,67,00,65,00,72,00,00,00,2d,00,44,00,6a,00,61,00,76,00, 61,\ 00,2e,00,75,00,74,00,69,00,6c,00,2e,00,6c,00,6f,00,67,00,67,00,69,00,6e, 00,\ 67,00,2e,00,63,00,6f,00,6e,00,66,00,69,00,67,00,2e,00,66,00,69,00,6c,00, 65,\ 00,3d,00,43,00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63, 00,\ 61,00,74,00,35,00,5c,00,63,00,6f,00,6e,00,66,00,5c,00,6c,00,6f,00,67,00, 67,\ 00,69,00,6e,00,67,00,2e,00,70,00,72,00,6f,00,70,00,65,00,72,00,74,00,69, 00,\ 65,00,73,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,73,00,65,00, 63,\ 00,75,00,72,00,69,00,74,00,79,00,2e,00,6d,00,61,00,6e,00,61,00,67,00,65, 00,\ 72,00,00,00,2d,00,44,00,6a,00,61,00,76,00,61,00,2e,00,73,00,65,00,63,00, 75,\ 00,72,00,69,00,74,00,79,00,2e,00,70,00,6f,00,6c,00,69,00,63,00,79,00,3d, 00,\ 43,00,3a,00,5c,00,41,00,70,00,70,00,5c,00,54,00,6f,00,6d,00,63,00,61,00, 74,\ 00,35,00,5c,00,63,00,6f,00,6e,00,66,00,5c,00,63,00,61,00,74,00,61,00,6c, 00,\ 69,00,6e,00,61,00,2e,00,70,00,6f,00,6c,00,69,00,63,00,79,00,00,00,2d,00, 44,\ 00,6a,00,61,00,76,00,61,00,2e,00,61,00,77,00,74,00,2e,00,68,00,65,00,61, 00,\ 64,00,6c,00,65,00,73,00,73,00,3d,00,74,00,72,00,75,00,65,00,00,00,00,00 JvmMs=dword:0100 JvmMx=dword:0200 JvmSs=dword:0080 [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Log] Path=C:\\App\\Tomcat5\\logs StdError=auto StdOutput=auto Level=Error [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Start] WorkingPath=C:\\App\\Tomcat5 Class=org.apache.catalina.startup.Bootstrap Params=hex(7):73,00,74,00,61,00,72,00,74,00,00,00,00,00 Mode=jvm [HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\Procrun 2.0\Tomcat5\Parameters\Stop] WorkingPath=C:\\App\\Tomcat5 Class=org.apache.catalina.startup.Bootstrap Params=hex(7):73,00,74,00,6f,00,70,00,00,00,00,00 Mode=jvm - - - Best regards Thomas -Original Message- From: Ryan Daly [mailto:[EMAIL PROTECTED]
Re: Classloader question
Hello Dave, Von: David Kerber [EMAIL PROTECTED] I understand the arguments on both sides, but tend to prefer the ease of maintenance of what you call the single point of change in shared/lib. Is it possible to make this configurable, so both sides can be happy? Or is that too complex? As far as I know this is possible with WebSphere where you have a concept for shared libraries (not only a shared classpath) but not with Tomcat. You can imagine them as symbolic links: You declare them once and tell WebSphere which applications uses them. For Tomcat it would be possible to have them once in the filesystem and symbolic link them into WEB-INF/lib. This should be scripted in the deployment to avoid tomcat deleting the symbolic links. I would consider this as a workaround... It is not so nice as simply putting them as shared library or shared classpath and reduces the ease of maintenance again. Regards Boris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Classloader question
From: Boris Unckel [mailto:[EMAIL PROTECTED] Subject: Re: Classloader question To the mailing-list: If you have an library which has not the explicit recommendation to put it in common/shared lib path (i.E. a special JDBC driver where the vendor recommends one to put it into shared) what do you prefer - the single point of change in shared or the isolated point of view with WEB-INF/lib? Usually, you would have a single copy of the source of the commonly used classes/jars, and have your packaging/deployment mechanism place that copy in each webapp. (Disk is cheap.) This also reduces versioning dependencies, allowing you to upgrade the apps one at a time when changes are made to the commonly used classes/jars. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
Boris Unckel wrote: Hello, Von: Fran Varin [EMAIL PROTECTED] Yes, quite correct on your statement regarding using Application as the definition. The essence of what we are looking for is a similar behavior with Tomcat. Our over arching goal is to minimize or eliminate the need to have jars that are to be shared by more than one applicaiton (WAR) be copied into each applicaiton. You are following the wrong approach in my oppinion. The goal of the Classloaders is to have every application as independent as possible and to offer an isolated context where possible. The pro side of the shared classloader is to have the chance to have a single point of change for the JARs for all applications. I understand the approach but I (and I think others at the list too) think it is the wrong approach because it has disadvantages for static variables, logging etc. We would like to have them in one place where they can be accessed by all applicaitons. We've achieved this somewhat by placing the jar in the shared jars folder. However, the delegation model prohibits instantiating classes that belong to an application from any entity in the shared jars folder. If Tomcat does not have a similar facility as mentioned regarding WebSphere, what is considered to be the best practices approach as far as Tomcat is concerned? Best practise (not only for Tomcat) is elimante the need for shareds jars. To the mailing-list: If you have an library which has not the explicit recommendation to put it in common/shared lib path (i.E. a special JDBC driver where the vendor recommends one to put it into shared) what do you prefer - the single point of change in shared or the isolated point of view with WEB-INF/lib? Regards Boris IMHO, the better approach is to manage common classes and jars in the build or source repository system rather than the servlet container. Versioning gets easier as refactoring is no longer an all or nothing project. Plus the individual webapps no longer need to even be on the same server and can be moved with a minimum of dependency issues. --David - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Accessing Roles from the Principle
Hi All, Whilst I await *hopefully* a reply to my last post on why the data source realm does not operate correctly, I am using the standard user database that ships with TC to move on, but damn, I'm bloody stuck again! I would like to obtain a reference to the various role names that the principle has attached, as I would then use these to go off and tie up further application-related permissions. I cannot find a standard way to do this, although I did try this very naughty bit of code but it means I have to store catalina.jar - obviously a *bad* thing to do, in my lib! MemoryUser principle = (MemoryUser) httpRequest.getUserPrincipal(); SetRole roles = (SetRole) principle.getRoles(); for (Role role : roles) { logger.debug(Role is + role.getName()); } BUT it does have what I need. Does Tomcat offer a nice way to get at its internally cached UserDatabase using standard interfaces? Kindest, Allistair. FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLACK Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: running two instances of tomcat
There might definetely be an easier way but I did just that: i) installed the exe ii) unzipped a number of Tomcat into other folders iii) copied exe and dll into those folders iv) modified ports for the zipped versions of server.xml and ran service install ... The original exe you can either remove or disable its service - I'm using is as the load balancer whereas the zipped TCs handle the requests. Please note that doing it this way you will have to change the registry settings as the tomcat_home will point to the exe installation. Regards Thomas -Original Message- From: David Rush [mailto:[EMAIL PROTECTED] Sent: 24. marts 2006 16:06 To: Tomcat Users List Subject: Re: running two instances of tomcat I'm confused. I first installed 5.5.15 using the exe (testing on a WinXP machine right now), and got it working. But to run multiple instances, it looks as though I need the service.bat script, which is not included in the .exe. So I de-installed Tomcat, downloaded the .zip, and expanded it. Now I have service.bat, but I no longer have tomcat5.exe in the bin directory (or anywhere else). So I need to do one .exe install, then use the .zip for the 2nd, 3rd, etc. installs, or what? I see that Nic has posted a rather detailed howto... is that with the .exe installation? David David Kerber wrote: I got it working no problem on Windows, running 5.5.12. Just had to mess with the service installation scripts a bit to give each of them different names. A little hassle, but not a big one. Nic Daniau wrote: That was the case in 4.1 yes, but it doesn't work with 5.5 on Windows platform, because of the way the service is set up from the nsi scrip (that you can read from tomcat source). I've written down a procedure to overcome this and I will post it tomorrow (its on my laptop which I left at the office tonight). I've tested it on live servers it works fine. Ideally I hope the guys who write the windows deployer will one day allow the installer to ask for 1) the name of the servive and not force it to Tomcat5 (whic is the main issue) 2) use that service name for setting up the reg keys (and not use constants) 3) let the user choose the name of the Program menu it's copying the shortucut to If I have the time I will post a feature request on bugzilla... Will definitively post my step-by-step procedure tomorrow Nic On 22/03/06, David Kerber [EMAIL PROTECTED] wrote: Jim the Standing Bear wrote: Hi, Is there a way to run two instances of tomcat 5.5 on the same machine? Because me and a coworker were developing some webapps using the same node, but under two different tomcat instances. We just learned a painful lesson that as soon as the second instance of tomcat is launched, the first one dies. Is there a way to get around the problem? Thank you. -- Jim I'm running about 4 instances of tomcat on a single machine, so yes it's no problem. But they need to all be listening on different ports, and might need to be supporting different contexts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
AJP connector required?
If I'm not using the apache HTTPD in front of tomcat, do I need the ajp connector activated in the server.xml? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
Hi, Von: Fran Varin [EMAIL PROTECTED] This approach sounds promising...would you mind elaborating just a little on what you're thinking? I'm not sure I follow when you mention using a symbolic link into WEB-INF/lib. it would require UNIX or LINUX system. A simple symbolic link: ln -s /opt/libs/java/shared/myjar.jar myjar.jar run in WEB-INF/lib Again: consider that after each deployment the link has to be set again. Regards Boris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: AJP connector required?
no -Original Message- From: David Kerber [mailto:[EMAIL PROTECTED] Sent: 24 March 2006 15:43 To: Tomcat Users List Subject: AJP connector required? If I'm not using the apache HTTPD in front of tomcat, do I need the ajp connector activated in the server.xml? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLACK Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
aah...now I understand the reason it sounded foreign to me. We are a Windows shop so, I'm not sure we have the same capability. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3573581 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
SHORTCUT! Fran Varin wrote: aah...now I understand the reason it sounded foreign to me. We are a Windows shop so, I'm not sure we have the same capability. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3573581 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mike Sabroff Web Services Developer [EMAIL PROTECTED] 920-568-8379 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk failover loadbalancing doesn't recognize hung tomcat
The directive : disabled - If set to True or 1 the worker will be disabled if member of load balancer. This flag can be changed at runtime using status worker. Can I change the disabled property at runtime and will the loadbalancer be able to read this? I tried changing it in worker.properties but that din't seem to work Help please... -- View this message in context: http://www.nabble.com/question%3A-mod_jk-failover-loadbalancing-doesn%27t-recognize-hung-tomcat-t1328176.html#a3573905 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
...as in Windows shortcut...I'll have to look into that possibility. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3573968 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Connection Pool Woes
Configuration: - Tomcat (1) 5.0.27 in dmz - Tomcat (2) 5.0.27 inside domain - Using JayBird DB Driver - IIS 6 - Interbase 7.5 DB server inside domain Tomcat (1) is currently having some serious issues with pooled connections to the db server. These applicaitons have been running for years and now all of a sudden there is a problem. Nothing has change on any servers. Tomcat(2) is setup exactly like Tomcat(1) except it is not configured to work with IIS 6...it's standalone. Tomcat(2) does not exibit this problem. The problem is this: my initial connection will work without any problems. If I wait about an hour the connection to the database seems to be null but the connection instance I have is not. It's not until I attempt to get another new connection that the call will go through. What I've tried: 1. Modifying pool parameters 2. Changing db driver 3. Testing if the connection is null before I use it. Any help would be greatly appreciated. Thanks in advance.
Re: Classloader question
I run cygwin (a linux like application/environment) on my windows box at home. When I create a symbolic link in that system and look at it frm the windows side of it, it IS a shortcut. try itI think it may work, but I am not sure that tomcat will see it as cygwin does. Curious. Fran Varin wrote: ...as in Windows shortcut...I'll have to look into that possibility. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3573968 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mike Sabroff Web Services Developer [EMAIL PROTECTED] 920-568-8379 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
I tend to agree with your postion. I'm not sure that Tomcat will see the native Windows shortcut. I'll see if we can figure out how to do it. If you have any ideas I'm all ears. It sure would be nice if Tomcat had the ability to have the shared lib see down the hierarchy or be able to put jars somewhere where all the apps could have access in the manner I've described. There is a good reason why app servers like WAS allow this...it makes maintenance and deployment much easier. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3575029 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5.5.16 Virtual Hosting Bug ?
Hi all: This is third time I am posting the same question. I tried everything I could, including re-installing Tomcat from scratch. But, the problem still remains. Please help !! I am using Tomcat 5.5.16 (stand-alone) with JDK 5.0 on Windows XP and trying to setup virtual hosting (to start with two test hosts + localhost). There is a single ROOT context for each of my test hosts test1.mymachine.com and test2.mymachine.com as shown below. The root context is defined in a file named ROOT.xml which is present in $CATALINA_HOME/conf/[engine_name]/test1.mymachine.com/ROOT.xml $CATALINA_HOME/conf/[engine_name]/test2.mymachine.com/ROOT.xml Once I start the tomcat server, three host folders are being created inside the work directory. As expected the localhost host has all the webapps that come with tomcat 5.5.16 installation like examples, etc. The work directory also has two other host folders test1.mymachine.com and test2.mymachine.com. PROBLEM: In test1.mymachine.com and test2.mymachine.com along with the root context all folders present in $CATALINA_HOME are being deployed as contexts. I can see folders being created in work directory of test1 and test2 which are exaclty the foldes present in $CATALINA_HOME Is this is BUG in tomcat 5.5.16 or is there something wrong with my setup. Any help is appreciated. Thanks in advance. ROOT.xml file for test1.mymachine.com Context path= docBase=c:\websites\test1\webapps\test1 debug=5 reloadable=true crossContext=true DB resources /Context ROOT.xml file test2.mymachine.com Context path= docBase=c:\websites\test2\webapps\test2 debug=5 reloadable=true crossContext=true DB resources /Context Following is the engine tag of my server.xml file Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=test1.mymachine.com debug=0 appbase=c:\websites\test1\webapps unpackWARs=true Aliastest1.mymachine.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=c:\websites\test1\webapps\logs prefix=test1_access_log. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=c:\websites\test1\webapps\logs prefix=test1_catalina_log. suffix=.txt timestamp=true/ /Host Host name=test2.mymachine.com debug=0 appbase=c:\websites\test2\webapps unpackWARs=true Aliastest2.mymachine.com/Alias Valve className= org.apache.catalina.valves.AccessLogValve directory=c:\websites\test2\webapps\logs prefix=test2_access_log. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=c:\websites\test2\webapps\logs prefix=test2_catalina_log. suffix=.txt timestamp=true/ /Host /Engine Vamsi.
Re: Classloader question
Hi, this sounds like repackage would be a huge job. If yes, I would suggest: learn ant If not: You have to reload the apps anyway. So what do you achieve? just my 2 cents. R. Am Freitag, 24. März 2006 16:19 schrieb Fran Varin: Yes, that is the exact situation we are attempting to avoid in Tomcat. In our WSA implementation we can simply replace the effected JARS in one location and it is implemented against all WARs running in that server's context. In the illustration you provided below we would need to repackage, or at the very least, redistribute the shared jar files that have changes to each WAR. In our situation, we would not be distributing the WARs across running server instances...the application is self-contained and runs as a unit anyway. It's packaged software that requires customization. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3573057 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: running two instances of tomcat
Hello Nic, and Thomas, Thank you for taking the time and give out the detailed instructions on how to run two instances of tomcat 5.5 on windows. In the future we will most likely to use a few windows boxes and your instructions will certainly be of great value. Currently, our development platform is still running Linux. We initially thought running the two tomcats there would just as easy as 1-2-3; but it certainly proved to be not quite the case. In any regards, we appreciate everyone's help on this issue. -- Jim On 3/24/06, Thomas Bolding [EMAIL PROTECTED] wrote: There might definetely be an easier way but I did just that: i) installed the exe ii) unzipped a number of Tomcat into other folders iii) copied exe and dll into those folders iv) modified ports for the zipped versions of server.xml and ran service install ... The original exe you can either remove or disable its service - I'm using is as the load balancer whereas the zipped TCs handle the requests. Please note that doing it this way you will have to change the registry settings as the tomcat_home will point to the exe installation. Regards Thomas -Original Message- From: David Rush [mailto:[EMAIL PROTECTED] Sent: 24. marts 2006 16:06 To: Tomcat Users List Subject: Re: running two instances of tomcat I'm confused. I first installed 5.5.15 using the exe (testing on a WinXP machine right now), and got it working. But to run multiple instances, it looks as though I need the service.bat script, which is not included in the .exe. So I de-installed Tomcat, downloaded the .zip, and expanded it. Now I have service.bat, but I no longer have tomcat5.exe in the bin directory (or anywhere else). So I need to do one .exe install, then use the .zip for the 2nd, 3rd, etc. installs, or what? I see that Nic has posted a rather detailed howto... is that with the .exe installation? David David Kerber wrote: I got it working no problem on Windows, running 5.5.12. Just had to mess with the service installation scripts a bit to give each of them different names. A little hassle, but not a big one. Nic Daniau wrote: That was the case in 4.1 yes, but it doesn't work with 5.5 on Windows platform, because of the way the service is set up from the nsi scrip (that you can read from tomcat source). I've written down a procedure to overcome this and I will post it tomorrow (its on my laptop which I left at the office tonight). I've tested it on live servers it works fine. Ideally I hope the guys who write the windows deployer will one day allow the installer to ask for 1) the name of the servive and not force it to Tomcat5 (whic is the main issue) 2) use that service name for setting up the reg keys (and not use constants) 3) let the user choose the name of the Program menu it's copying the shortucut to If I have the time I will post a feature request on bugzilla... Will definitively post my step-by-step procedure tomorrow Nic On 22/03/06, David Kerber [EMAIL PROTECTED] wrote: Jim the Standing Bear wrote: Hi, Is there a way to run two instances of tomcat 5.5 on the same machine? Because me and a coworker were developing some webapps using the same node, but under two different tomcat instances. We just learned a painful lesson that as soon as the second instance of tomcat is launched, the first one dies. Is there a way to get around the problem? Thank you. -- Jim I'm running about 4 instances of tomcat on a single machine, so yes it's no problem. But they need to all be listening on different ports, and might need to be supporting different contexts. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- Standing Bear Has Spoken --
Re: Classloader question
The beauty of our WAS solution is that we can hot deploy various pieces like the jars without having to do anything with the WARs and since we do not have the jars contained in each WAR it makes maintenance much simpler. Depending on the application, this approach makes a lot of sense. We do use ANT for our builds and such but, the point is to try and simplify the implementation as much as possible. -- View this message in context: http://www.nabble.com/Classloader-question-t1332679.html#a3576644 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL incoming request filtering (before authentification via client cert)
Alexander Panzhin wrote: Is there any way to control the client certificate authentication? That is I would like to have the certs in some other repository than tomcat's default(java keystore). And I need the users to authenticate with their certs. So is there a way to filter a connector? Or any other way to get the cert that the client sends to the connector and force the container(tomcat) to set the appropriate role? When starting a new thread (ie sending a message to the list about a new topic) please do not reply to an existing message and change the subject line. To many of the list archiving services and mail clients used by list subscribers this makes your new message appear as part of the old thread. This makes it harder for other users to find relevant information when searching the lists. This is known as thread hijacking and is behaviour that is frowned upon on this list. Frequent offenders will be removed from the list. It should also be noted that many list subscribers automatically ignore any messages that hijack another thread. The correct procedure is to create a new message with a new subject. This will start a new thread. Mark tomcat-user-owner - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: AJP connector required?
Thanks. Allistair Crossley wrote: no -Original Message- From: David Kerber [mailto:[EMAIL PROTECTED] Sent: 24 March 2006 15:43 To: Tomcat Users List Subject: AJP connector required? If I'm not using the apache HTTPD in front of tomcat, do I need the ajp connector activated in the server.xml? Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLACK Disclaimer: The information contained within this e-mail is confidential and may be privileged. This email is intended solely for the named recipient only; if you are not authorised you must not disclose, copy, distribute, or retain this message or any part of it. If you have received this message in error please contact the sender at once so that we may take the appropriate action and avoid troubling you further. Any views expressed in this message are those of the individual sender. QAS Limited has the right lawfully to record, monitor and inspect messages between its employees and any third party. Your messages shall be subject to such lawful supervision as QAS Limited deems to be necessary in order to protect its information, its interests and its reputation. Whilst all efforts are made to safeguard Inbound and Outbound emails, QAS Limited cannot guarantee that attachments are virus free or compatible with your systems and does not accept any liability in respect of viruses or computer problems experienced. /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Building mod_jk.so on AIX
I'm trying to build mod_jk.so on an AIX 5.3 server. I compiled and installed Apache 2.2.0. I run... ./configure --with-apxs=/usr/local/apache-2.2.0/bin/apxs ...but it fails with the error... could not find /usr/local/apache-2.2.0/bin/apxs configure: error: You must specify a valid --with-apxs path ...but I know the path is correct... ls -l /usr/local/apache-2.2.0/bin/apxs 22455 Mar 24 11:46 /usr/local/apache-2.2.0/bin/apxs ...so maybe the configure script is not recognizing the apxs script? Is there a workaround? Thanks, Bernie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Building mod_jk.so on AIX
This doesn't answer your question, but is there a specific reason you don't just user mod_proxy_ajp with Apache 2.2.0? You wouldn't have to build mod_jk then. , Josh. -Original Message- From: Bernie Durfee [mailto:[EMAIL PROTECTED] Sent: Friday, March 24, 2006 12:41 PM To: Tomcat Users List Subject: Building mod_jk.so on AIX I'm trying to build mod_jk.so on an AIX 5.3 server. I compiled and installed Apache 2.2.0. I run... ./configure --with-apxs=/usr/local/apache-2.2.0/bin/apxs ...but it fails with the error... could not find /usr/local/apache-2.2.0/bin/apxs configure: error: You must specify a valid --with-apxs path ...but I know the path is correct... ls -l /usr/local/apache-2.2.0/bin/apxs 22455 Mar 24 11:46 /usr/local/apache-2.2.0/bin/apxs ...so maybe the configure script is not recognizing the apxs script? Is there a workaround? Thanks, Bernie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Classloader question
Hello, Fran Varin wrote: The beauty of our WAS solution is that we can hot deploy various pieces like the jars without having to do anything with the WARs and since we do not have the jars contained in each WAR it makes maintenance much simpler. Depending on the application, this approach makes a lot of sense. We do use ANT for our builds and such but, the point is to try and simplify the implementation as much as possible. There are two points: HotDeploy is something most useful in development and test environments. For a production environment it may make sense but is not so important. Before you are looking for a solution to reduce the points of change for jar consider: - the shared code (jar) is made and tested for use in shared use - there is no third party code used by the homegrown shared code were you just consider it to be made for shared use, but you do not know it, and it is not a feature guaranteed by the producer of the third party lib. - it is _really_ a headache for you to use ant for deployment in the test environment and keep control of the jars used by more than one application. - you are _sure_ that the time saved by sharing one or more jar(s) by all applications is not consumed by looking for errors caused by sharing the jar(s) Have a look at: http://wiki.apache.org/jakarta-commons/Logging/UndeployMemoryLeak Chapter: Keep component libs in components Regards Boris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat and FileUpload, is upload cached before FileUpload parses it?
Hello After posting this question to the Commons mailing list, I have been advised to ask the tomcat folks. I am using Commons FileUpload 1.1 to manage HTTP POST uploads with Tomcat running as a JkMount'ed service of Apache I am trying to analyze the strain on memory when many large files are being uploaded from different clients simultaneously I have two questions: 1) Before a POST'ed file upload reaches FileUpload, is all or part of it already cached somewhere on the server's drive space or memory, or does it arrive from the network directly to FileUpload for parsing? The latter would be desirable, as each uploaded file would get written directly to the temp directory as it arrives over the network, with no additional overhead. I do see my temp file growing steadily as the upload proceeds. Is this the only place on the server where resources are being allocated for this file upload? Can someone verify/amend/ provide more details? 2) I tried uploading a file whose size exceeds the max file size I set in my test JSP page. The JSP handles the upload with FileUpload, and writes a log file of activity with time-stamps. Checking the log, I see that my page throws the SizeLimitExceededException almost immediately after the client's POST reaches the server. Yet the client browser sits there and waits for roughly the amount of time a full upload would take, and only then does the browser display the SizeLimitExceededException. The wait is longer for larger files. Can someone explain exactly what is happening during this time interval between the exception being thrown on the server and the exception appearing on the client? Is the file actually being uploaded somewhere to the server after the SizeLimitExceededException is thrown? If so, where is the upload going and whose memory or disk resources are being utilized? Note that FileUpload's temp directory does not show any temp file growing when this exception is thrown. Yet there does seem to be some network activity between the client and the server, but I am baffled as to what it could be and what its implications might be. Thank-you Nick Didkovsky - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Apache binding url to servlet
Hi, I created my site in tomcat context /xxx/* Now I want to bind this context to URL www.mysite.com/ in apache How can I do this? Apache directive JkMount /xxx/* ajp13 not working properly. Thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
system.out
How to redirect system.out and system.err to a file to a specific location and with a specific name ?
Re: system.out
That's a parameter of the Tomcat launcher, or the service on Windows. If you use the monitor (tomcat5w) you can configure this on one of the tabs. or you can use tomcat5 //US//Tomcat5 --StdOutput ... --StdError ... http://tomcat.apache.org/tomcat-5.5-doc/setup.html On 24/03/06, Gilbert, Antoine [EMAIL PROTECTED] wrote: How to redirect system.out and system.err to a file to a specific location and with a specific name ?
[5.5] path specified in context.xml not being used
Hi, all, Hopefully a pretty simple question: I am attempting to deploy a warfile with an embedded META-INF/context.xml. The contents of the context.xml file looks like this: Context path=/idb debug=99 reloadable=true crossContext=false override=true ... /Context The warfile is named idb-0.8.2-SNAPSHOT.war Everything is working fine EXCEPT that the context path that it is deployed under is /idb-0.8.2-SNAPSHOT instead of /idb - how can I get it to deploy under a path different from the warfile name? Thanks, Kris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
BrowserMatch in Tomcat 5.5 +APR
I'm looking for a way to duplicate the Apache BrowserMatch while only running Tomcat and APR. I'd like the server to check which browser is connecting and adjust some setting, like nokeepalive, base on that. Does anyone know how to do this, I have been unable to find any leads? Thanks
Re: Tomcat 5.5.16 Bug? messes up when a class has the same name as a package
Paul Hamer wrote: Hi Shankar and others, I've filed it in Bugzilla... it has become Bug 39093. The test case you provided made it very easy to check this and the bug is not valid. The test case works fine for me with 5.5.15 and the current HEAD. My environment is not identical but close enough. You need to look again at your setup. Something isn't right. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Setting the context path for expanded WARs
Trying to figure out how to change the context path for a WAR file install in the webapps dir (Tomcat 5.5.16); for example: webapps/foo-1.2.0.war ...is expanded into a folder of the same name (minus the .war). So far, so good - this is as expected. However, the context path is now set to /foo- 1.2.0 - how can I setup Tomcat so the context path for this application is '/foo', regardless of the WAR name? I've tried the META-INF/context.xml - setting path=/foo, with no luck - the only URL that works is /foo- 1.2.0. Thanks, Chris.
RE: [5.5] path specified in context.xml not being used
The path is ignored when you deploy webapps this way. Tomcat will use the basename of the war file as the context path. If you want to use something different than that, you can create a context.xml and put in under the virtual host's conf direction (e.g. CATALINA_HOME/conf/Catalina/localhost). In this context.xml, you can specify the context path and docBase. Hansen -Original Message- From: Kris Nuttycombe [mailto:[EMAIL PROTECTED] Sent: Friday, March 24, 2006 2:34 PM To: users@tomcat.apache.org Subject: [5.5] path specified in context.xml not being used Hi, all, Hopefully a pretty simple question: I am attempting to deploy a warfile with an embedded META-INF/context.xml. The contents of the context.xml file looks like this: Context path=/idb debug=99 reloadable=true crossContext=false override=true ... /Context The warfile is named idb-0.8.2-SNAPSHOT.war Everything is working fine EXCEPT that the context path that it is deployed under is /idb-0.8.2-SNAPSHOT instead of /idb - how can I get it to deploy under a path different from the warfile name? Thanks, Kris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.16 Virtual Hosting Bug ?
Since no one has tackled this yet, I will give you my take on it. I think that you have an issue in using the same domain name on the virtual host. What you may want to do is try it with two different domain names. test1.myserver1.com test2.myserver2.com See if you get the same results. If yes, then I suspect an issue with your config as this setup is used by quite a few folks. If no, then you may have run across something that Tomcat doesn't do. Weather or not it is a bug I will not say because I am not familiar enough with the spec to make that call. What may work is to setup two dummy domains www.localhost1.com and www.localhost2.com and then use the alias attribute in the Host element to repoint the test1.mydomain.com to www.localhost1.com and so on. Doug - Original Message - From: Vamsidhar [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 24, 2006 12:07 PM Subject: Tomcat 5.5.16 Virtual Hosting Bug ? Hi all: This is third time I am posting the same question. I tried everything I could, including re-installing Tomcat from scratch. But, the problem still remains. Please help !! I am using Tomcat 5.5.16 (stand-alone) with JDK 5.0 on Windows XP and trying to setup virtual hosting (to start with two test hosts + localhost). There is a single ROOT context for each of my test hosts test1.mymachine.com and test2.mymachine.com as shown below. The root context is defined in a file named ROOT.xml which is present in $CATALINA_HOME/conf/[engine_name]/test1.mymachine.com/ROOT.xml $CATALINA_HOME/conf/[engine_name]/test2.mymachine.com/ROOT.xml Once I start the tomcat server, three host folders are being created inside the work directory. As expected the localhost host has all the webapps that come with tomcat 5.5.16 installation like examples, etc. The work directory also has two other host folders test1.mymachine.com and test2.mymachine.com. PROBLEM: In test1.mymachine.com and test2.mymachine.com along with the root context all folders present in $CATALINA_HOME are being deployed as contexts. I can see folders being created in work directory of test1 and test2 which are exaclty the foldes present in $CATALINA_HOME Is this is BUG in tomcat 5.5.16 or is there something wrong with my setup. Any help is appreciated. Thanks in advance. ROOT.xml file for test1.mymachine.com Context path= docBase=c:\websites\test1\webapps\test1 debug=5 reloadable=true crossContext=true DB resources /Context ROOT.xml file test2.mymachine.com Context path= docBase=c:\websites\test2\webapps\test2 debug=5 reloadable=true crossContext=true DB resources /Context Following is the engine tag of my server.xml file Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=test1.mymachine.com debug=0 appbase=c:\websites\test1\webapps unpackWARs=true Aliastest1.mymachine.com/Alias Valve className=org.apache.catalina.valves.AccessLogValve directory=c:\websites\test1\webapps\logs prefix=test1_access_log. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=c:\websites\test1\webapps\logs prefix=test1_catalina_log. suffix=.txt timestamp=true/ /Host Host name=test2.mymachine.com debug=0 appbase=c:\websites\test2\webapps unpackWARs=true Aliastest2.mymachine.com/Alias Valve className= org.apache.catalina.valves.AccessLogValve directory=c:\websites\test2\webapps\logs prefix=test2_access_log. suffix=.txt pattern=common resolveHosts=false/ Logger className=org.apache.catalina.logger.FileLogger directory=c:\websites\test2\webapps\logs prefix=test2_catalina_log. suffix=.txt timestamp=true/ /Host /Engine Vamsi. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Web Application doesn't recognize domains using tomcat
Hi! I working with tomcat 5.5.9, I have a domain name 'www.myproject.com http://www.myproject.com/ ' , an I can get into the server using it, but once I try to navigate inside the application I need to use IP direction. The domain is on the dns server. I'm using jre1.5.0_04 In my server.xml file have host name = localhost and the domain like an alias. I have other server with the same configuration and works properly. The only diference is that on this server I was using apache on 80 port. Now I shutdown apache and I'm try to use tomcat in that port. Is there any interference between apache and tomcat? I hope someone can help me. Lety B.
Re: system.out
http://logging.apache.org/log4j/docs/download.html - Original Message - From: Gilbert, Antoine [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 24, 2006 2:51 PM Subject: system.out How to redirect system.out and system.err to a file to a specific location and with a specific name ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SocketException: socket write error on 101st POST on Tomcat 5.5.16
Hi All, I am in a bit of a fix following an upgrade to Java 5.0 update 6 and Tomcat 5.5.16. One of the tasks that our application does is to send out a serialized object to a servlet, which then populates it and sends it back. The communication from the client side is maintained via a raw socket (I didn't do it!!). The servlet responds as a regular web service would, it gets an HTTP request and sends back a HTTP response. The problem does not happen when compiled with Java 1.4.2 and Tomcat 4.1.29. I have managed to implement a servlet and client in a minimal way so as to be able reproduce the problem. The client creates an object with an integer id and a string name and sends it to the servlet via a POST which populates the name with a random string and sends it back. The 101st POST request fails with the following errors: (while the client is writing to the socket) java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:124) at TestSocket.write(TestSocket.java:42) at TestSocket.main(TestSocket.java:140) Ocassionally I might even get a : (while the client is reading from the socket) java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) To downloaded the zipped source and config files goto: http://am90007.tripod.com/sv.zip (Sorry! Couldn't find any other way to deliver sources) To reproduce the problem: 1. In build.xml: replace global property catalina_home with tomcat install base. 2. run ant build: ant clean compile deploy 3. in sv: java -cp build TestSocket 200 where 200 is the number of requests that are made to the servlet. The servlet logs messages to stdout_mmdd.log The problem seems to occur even if you set the Container attributes in server.xml to allow a higher connect count and timeouts. Any help would be greatly appreciated. Thanks. Aseem - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SocketException: socket write error on 101st POST on Tomcat 5.5.16
By default, the HTTP/1.1 Connector only allows 100 keep-alive requests on a single Socket connection. You can set maxKeepAliveRequests=-1 to allow an arbitrary number of keep-alive requests, or any positive value to stop it at that many. Of course, for the robustness of your application, your client should be checking for a 'Connection: close' response header, and close it's Socket and re-connect on a new one when it see it. The HTTP/1.1 protocol allows the server to send this with any response to tell the client that it is going to close it's side of the connection. Mohanty, Aseem [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I am in a bit of a fix following an upgrade to Java 5.0 update 6 and Tomcat 5.5.16. One of the tasks that our application does is to send out a serialized object to a servlet, which then populates it and sends it back. The communication from the client side is maintained via a raw socket (I didn't do it!!). The servlet responds as a regular web service would, it gets an HTTP request and sends back a HTTP response. The problem does not happen when compiled with Java 1.4.2 and Tomcat 4.1.29. I have managed to implement a servlet and client in a minimal way so as to be able reproduce the problem. The client creates an object with an integer id and a string name and sends it to the servlet via a POST which populates the name with a random string and sends it back. The 101st POST request fails with the following errors: (while the client is writing to the socket) java.net.SocketException: Software caused connection abort: socket write error at java.net.SocketOutputStream.socketWrite0(Native Method) at java.net.SocketOutputStream.socketWrite(SocketOutputStream.java:92) at java.net.SocketOutputStream.write(SocketOutputStream.java:124) at TestSocket.write(TestSocket.java:42) at TestSocket.main(TestSocket.java:140) Ocassionally I might even get a : (while the client is reading from the socket) java.net.SocketException: Software caused connection abort: recv failed at java.net.SocketInputStream.socketRead0(Native Method) at java.net.SocketInputStream.read(SocketInputStream.java:129) To downloaded the zipped source and config files goto: http://am90007.tripod.com/sv.zip (Sorry! Couldn't find any other way to deliver sources) To reproduce the problem: 1. In build.xml: replace global property catalina_home with tomcat install base. 2. run ant build: ant clean compile deploy 3. in sv: java -cp build TestSocket 200 where 200 is the number of requests that are made to the servlet. The servlet logs messages to stdout_mmdd.log The problem seems to occur even if you set the Container attributes in server.xml to allow a higher connect count and timeouts. Any help would be greatly appreciated. Thanks. Aseem - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: BrowserMatch in Tomcat 5.5 +APR
What is available is restrictedUserAgents=comma separated list of regex patterns (which forces all connections from those browsers to assume HTTP/1.0, which in particular, disables keep-alive), and noCompressionUserAgents=comma separated list of regex patterns which will disable compression for those browsers. Josh Colbeck [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm looking for a way to duplicate the Apache BrowserMatch while only running Tomcat and APR. I'd like the server to check which browser is connecting and adjust some setting, like nokeepalive, base on that. Does anyone know how to do this, I have been unable to find any leads? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problems with Tomcat and mod_proxy_ajp
Debra Bartling [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm having problems with Tomcat 5.5.x, Apache 2.2.0, and mod_proxy_ajp and resources that are protected with a security-constraint. (This is after updating from Apache 2.0.54, Tomcat 5.0.27, and mod_jk2, where the same configuration worked fine.) The issues are different depending on the version of Tomcat. In Tomcat 5.5.12, POST requests fail if a client does not have a session established (for example, the session has timed out) and the auth-method is FORM. The client is presented with the login form via j_security_check and passed to the correct servlet, but there are no request headers and no form data in the request. (My servlet tries to log them -- nothing there.) This can be reproduced in Firefox and Internet Explorer, so I don't think it's the browser. If I change the configuration to BASIC authentication, it works correctly. If the client has a session established, either method works OK. This problem seems to be resolved in Tomcat 5.5.16. Without looking at the changelog, I do believe that there were problems with this in 5.5.12. BUT ... In Tomcat 5.5.16, if the client tries to retrieve a PDF document protected by a security-constraint and does not have a session established, an error is reported. (Once logged in, there is no problem.) If the auth-method is FORM, the document is retrieved but Acrobat reports: Acrobat could not open 'abc.pdf' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded). If the auth-method is BASIC, the login box is never displayed at all. This problem did not occur with Tomcat 5.5.12 (using the same PDFs and browser). Are you using the APR or the Java AJP/1.3 Connector? Whichever one it is, is it possible for you to test using the other one? Another test would be to see if it works with Apache 2.0.54+mod_jk(2). Of course, if you can help to pin this down so it can be fixed, that would be great. If you can't, well, I don't expect to be able to write a check against your time ;-). Does anyone have a similar configuration working? Recommendations? Debra Bartling Earthquake Engineering Research Center University of California, Berkeley - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and FileUpload, is upload cached before FileUpload parses it?
Nick Didkovsky [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello After posting this question to the Commons mailing list, I have been advised to ask the tomcat folks. I am using Commons FileUpload 1.1 to manage HTTP POST uploads with Tomcat running as a JkMount'ed service of Apache I am trying to analyze the strain on memory when many large files are being uploaded from different clients simultaneously I have two questions: 1) Before a POST'ed file upload reaches FileUpload, is all or part of it already cached somewhere on the server's drive space or memory, or does it arrive from the network directly to FileUpload for parsing? The latter would be desirable, as each uploaded file would get written directly to the temp directory as it arrives over the network, with no additional overhead. I do see my temp file growing steadily as the upload proceeds. Is this the only place on the server where resources are being allocated for this file upload? Can someone verify/amend/ provide more details? Assuming that you are using Httpd 2.x, and that I understand the Httpd API enough :), then it will get read in ~8kb chunks and passed to Tomcat the same way. This is all transparent to the InputStream that FileUpload sees. Of course, Httpd has to read it from the network in order to pass it to Tomcat, but for most cases doing 8kb in memory at a time shouldn't hurt much. 2) I tried uploading a file whose size exceeds the max file size I set in my test JSP page. The JSP handles the upload with FileUpload, and writes a log file of activity with time-stamps. Checking the log, I see that my page throws the SizeLimitExceededException almost immediately after the client's POST reaches the server. Yet the client browser sits there and waits for roughly the amount of time a full upload would take, and only then does the browser display the SizeLimitExceededException. The wait is longer for larger files. Can someone explain exactly what is happening during this time interval between the exception being thrown on the server and the exception appearing on the client? Is the file actually being uploaded somewhere to the server after the SizeLimitExceededException is thrown? If so, where is the upload going and whose memory or disk resources are being utilized? Note that FileUpload's temp directory does not show any temp file growing when this exception is thrown. Yet there does seem to be some network activity between the client and the server, but I am baffled as to what it could be and what its implications might be. Presumably, you are catching the Exception instead of just allowing it to be thrown out of your JSP (or, wrapping it in a ServletException or otherwise :). If your JSP handles this case by doing: % reponse.sendError(HttpServletResponse.SC_REQUEST_ENTITY_TOO_LARGE); return; % then Httpd *should* just close the connection to the client, allowing for a fast recycle. Thank-you Nick Didkovsky - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL incoming request filtering (before authentification via client cert)
Alexander Panzhin [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there any way to control the client certificate authentication? That is I would like to have the certs in some other repository than tomcat's default(java keystore). truststoreFile=/path/to/my/trusted/ca/keystore And I need the users to authenticate with their certs. So is there a way to filter a connector? You can plug in your own TrustManager, using the standard JSSE mechanism, but otherwise, no. This all happens deep within JSSE, with minimal Tomcat involvement. Or any other way to get the cert that the client sends to the connector and force the container(tomcat) to set the appropriate role? The cert is available progamatically from: 509Certificate [] certs = (X509Certificate [])request.getAttribute(javax.servlet.request..X509Certificate); Setting the Roles is done by including in your web.xml file: login-config auth-methodCLIENT-CERT/auth-method /login-config Note, not all of the Realms that ship with Tomcat support CLIENT-CERT. smime.p7s Description: S/MIME cryptographic signature
Re: how to get value of select
ok thanks On 3/24/06, Alexander Panzhin [EMAIL PROTECTED] wrote: But note that it returns an array. Hi use request.getParameterValues(String paramName) HTH Vinu Prashant Saraf wrote: Hello all, can some one tell me how to get value of select if it is multipal selected. like this select name=txtrole size=2 multiple=multiple -- Cup of Java + Suger of XML = Secure WebApp -- Su pagarba, Aleksandr Panzin IT sistemu architektas. With best regards, Alexander Panzhin IT systems architect -- Cup of Java + Suger of XML = Secure WebApp
unable to find package
Hello all, I have a Apache web server Install on my server with jk_mod my web application give following error java.lang.NoClassDefFoundError: Publish/Connect (wrong name: Publish/Publish/Connect) I had a package call Publish which is jar file , i coppied that file in mywebapp/WEB-IN/lib and WEB-INF/classes why this is o plz help me. -- Cup of Java + Suger of XML = Secure WebApp
Re: mod_jk failover loadbalancing doesn't recognize hung tomcat
hi we has similar issue we did not mess with prepost values but changed locking method to pesimistic, and set socket_timeout to 60sec, recycle_time to 600sec and reply_timeout to 18(ms) these were recommended by Mladen Turk and now Busy connections are distributed among all nodes equally. -- View this message in context: http://www.nabble.com/question%3A-mod_jk-failover-loadbalancing-doesn%27t-recognize-hung-tomcat-t1328176.html#a3584689 Sent from the Tomcat - User forum at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Recommended Specs for Oracle 10g db server
We have 12 jboss nodes using a single oracle 10g db server with following specs... 4GB RAM Dual CPU HT 3.2GHz Intel RHEL 4 smp We see load average going to 10 on a very regular basis and 30-90 during peak hours and see the database as the bottleneck to our application performance. We also had issue with c3p0 connections from nodes having issues and upgraded it. Can someone recommend machine (HW) specs for a oracle 10g database under these conditions please. regards mohan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]