Re: Changing defaultHost from localhost to a FQDN
On 27/10/06, Caldarale, Charles R [EMAIL PROTECTED] wrote: The 5.0 and 5.5 docs are mild upgrades of the 4.1 versions, and some areas did not get revised as much as they should have. 5.5 especially seems to be stricter on use of unnecessary attributes when the Context element is not in server.xml; what I posted has been gleaned from experience. Thanks ;-) For compatibility, you can still place Context elements in server.xml, but it's strongly discouraged, since it requires a Tomcat restart to make any changes. So how *should* I do what I want, i.e. deploy the app in a directory called meshcms under webapps, or am I forced to name it ROOT if I want it to be the default application? The current philosophy is that the default app must be named ROOT. Ah, that's not entirely clear from the docs. I can live with that, my initianl assumption (wrong) was that the name didn't actually matter. There are three ways to achieve this: 1) Deploy the app in the ROOT subdirectory of the Host's appBase directory, removing any ROOT.war file if it exists. 2) Deploy the packaged app as ROOT.war in the Host's appBase directory, removing the ROOT subdirectory if it exists. 3) Deploy the app outside of the Host's appBase directory, and place a ROOT.xml file in conf/[engine]/[host]. The ROOT.xml file must contain a Context element with a docBase attribute pointing to the location of the app. Note that in the first two cases, you often do not need any Context element for the app. If you do require one (e.g., to configure the app as privileged), place the element and attributes in META-INF/context.xml inside the app directory structure. Alternatively, you may place the Context element in conf/[engine]/[host]/[appname].xml, but without the docBase attribute. If you place a Context element with a docBase attribute in conf/[engine]/[host]/[somefile].xml and put the app under the Host's appBase directory using a name other than [somefile], you will get the app deployed twice - once as the .xml file name, once as the subdirectory or .war file name under appBase. That's an excellent, clear, summary - I haven't been able to find anything else that explains the three cases you outline above. Hopefully it might make its way into the official documentation at some point ;-) Many thanks! -- Alan Burlison -- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CSS not being used when a Servlet is involved
Caldarale, Charles R wrote: From: Robbert [mailto:[EMAIL PROTECTED] Subject: RE: CSS not being used when a Servlet is involved Hm, alright. Should all else fail, is it possible to let a Servlet handle the CSS? Some servlet must handle everything; static content (including .css files) is normally handled by Tomcat's DefaultServlet. Ah, and because I called a different Servlet in my JSP, any and all requests went to that Servlet and since that Servlet couldn't handle them, it just showed text. Caldarale, Charles R wrote: I have four JSP pages (index, profile, statistics and gallery) that must invoke the StatistiekServlet. The page is simply a normal, static HTML page that calls the Servlet. By definition, a JSP page isn't static, but that's probably irrelevant. Yeah, I actually meant that it outputs static HTML, mostly. Caldarale, Charles R wrote: That works! Thank you very much! If you have not redefined the servlet-name default within your webapp, you can simplify what I gave you before. Leave out the servlet declaration for tcdefault, and change the *.css mapping to use just default. As someone else pointed out, default is already declared in conf/web.xml to use the proper servlet class, and conf/web.xml is automatically included in for every webapp. Ah, I see. It's all starting to make sense now. I'm so glad I posted this here 'cause no one else knew an answer. It does sound like a neatier solution. Caldarale, Charles R wrote: Are there any drawbacks to this method? None that I can think of. - Chuck Good. I owe you one. Thanks! Robbert -- View this message in context: http://www.nabble.com/CSS-not-being-used-when-a-Servlet-is-involved-tf2521410.html#a7060454 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Security
Maurice, Maurice Yarrow wrote: So what I would like to know how to do is how to programmatically bypass web.xml-based authorization and impose this authorization on a access-case-by-case but take advantage of applying the induced security contraint to any URL pattern desired (Chuck's wording) ? IIRC, web.xml-based authentication is pretty much all-or-nothing. You can protect /some/ pages using that mechanism (say, those that allow your users to administer their own galleries), and then leave the browsing capabilities completely open according to web.xml, but then use your own servlet(s) to impose further restrictions. -chris signature.asc Description: OpenPGP digital signature
Re: mod_jk and apache problem
Tom, Tom Miller wrote: The following said that if client click on links that including *.jsp then forward the requested to tomcat using worker2. But where will it go when the traffic forward to tomcat. If one have more than one context under Tomcat. How does it know which one to go from the three. Each worker you have points to an instance of Tomcat (it can be more complicated than that, but this is generally true). Based upon the /path/ of the URI, Tomcat will choose the correct webapp. JkMount /*.jsp worker2 If you have a webapp deployed into '/foo' and you access '/foo/bar.jsp', then you will be sent to the 'foo' webapp. Per your and other suggestion, I did this and it will give me error via the apache log. *** modified httpd.conf file JkMount /tticket/*.jsp worker2 So, you are expecting either a webapp called 'tticket' or you are using the ROOT webapp and have a directory called 'tticket' in there. Can you give us more details about your deployment? -chris signature.asc Description: OpenPGP digital signature
Re: CSS not being used when a Servlet is involved
Christopher Schultz-2 wrote: Robbert, Hm, alright. Should all else fail, is it possible to let a Servlet handle the CSS? You don't really want to do this. No, especially since it's not needed anymore. Christopher Schultz-2 wrote: I have four JSP pages (index, profile, statistics and gallery) that must invoke the StatistiekServlet. The page is simply a normal, static HTML page that calls the Servlet. Then the Servlet catches certain HTTP Headers and query strings and does stuff depending on the values. When the Servlet's finished, the JSP continues spitting out HTML code. And if I do that, it says Resource not available: /StatistiekServlet for whatever reason. Since you mentioned that you aren't very familiar with servlets, I'll go ahead and say the following. Sorry if it sounds patronizing. It's alright. I'm here to learn. Christopher Schultz-2 wrote: You have your process turned upside down, here. You are using a JSP as the target of the URL, then invoking a servlet from there to do your dirty work, and then going back. This is the wrong way to do things. What you really want to do is map /index to your StatistiekServlet, do whatever you need to do, and then do a forward (using the RequestDispatcher) to your JSP in order to generate the outgoing content. Why is the process turned upside down, exactly? Or rather, is there any benefit in mapping /index to a Servlet and then forwarding to a JSP instead of going to JSP pages which invoke my Servlet? This probably boils down to the following question: When do you use a JSP and when do you use a Servlet? Christopher Schultz-2 wrote: I'm guessing that you have this separate servlet for several reasons: 1. You have shared code to execute. 2. Someone (correctly) told you that JSPs with tons of logic and Java code are ... icky? 3. You weren't sure how to re-use your servlet code and not have to inspect the URL to figure out to which JSP you should forward afterward. If you want to use shared code in a JSP (#1), you can simply put it in a utility class/method that takes the appropriate methods. You don't have to use the servlet mechanism and actually use a servlet to do this stuff. Number 1 is correct and 3 is partially correct. The fourth, invisible, option you didn't mention (and which you didn't know) is as follows: The assignment requires the use of a StatistiekServlet which was a Servlet acting behind the scenes. The way I did it seemed the easiest way since JSP's can contain snippets of Java code: Kinda like how you can embed snippets of PHP in a PHP file. Christopher Schultz-2 wrote: The easiest way I can think of to invert your process (i.e. start with the servlet, /then/ forward to the JSP based upon the URL being used) is to use an application framework that helps you by mapping URLs to code and then lets you define forwards for that URL mapping. Struts is such a framework. You can set up mappings like this: action path=/index type=your.shared.code.class forward name=success path=/index.jsp / /action action path=/profile type=your.shared.code.class forward name=success path=/profile.jsp / /action action path=/statistics type=your.shared.code.class forward name=success path=/statistics.jsp / /action action path=/gallery type=your.shared.code.class forward name=success path=/gallery.jsp / /action Note that the code invoked is the same every time; only the success page changes. Your servlet code will have to turn into an Action (no big deal) and have a bit of code at the end to tell Struts to use the success forward (also not a big deal). But, if you really want to have a nicely separated MVC application, Struts can help tremendously. It looks like you have tried to take some of these steps yourself, but have gotten confused somewhere along the way -- ending up with your JSPs invoking your servlet, which feels /very/ weird to me. -chris Struts sounds like a good framework. I'm not too experienced with those but I take it that won't be hard to use. It's just how we were learned to code. So it never seemed to me as if the process was reversed. -- View this message in context: http://www.nabble.com/CSS-not-being-used-when-a-Servlet-is-involved-tf2521410.html#a7060632 Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CSS not being used when a Servlet is involved
Robbert, Christopher Schultz-2 wrote: You have your process turned upside down, here. Why is the process turned upside down, exactly? Or rather, is there any benefit in mapping /index to a Servlet and then forwarding to a JSP instead of going to JSP pages which invoke my Servlet? This probably boils down to the following question: When do you use a JSP and when do you use a Servlet? Well, that's a somewhat philosophical and often religious argument. I think that one ought to use JSPs for quick-and-dirty hacked logic, /or/ for display purposes only. Your real work ought to be done in servlets. I find the error handling more straightforward and less messy than in JSPs (although a JSP does get translated into a servlet before execution, so really they are exactly the same thing). At any rate, what you are trying to do is: 1) Perform some logic in your servlet. 2) Emit some output to the client. Since you want to do those 2 things, in that order, why invoke #2 first, which calls-back to #1, and then emits the output? It's far more natural to invoke the servlet and then have it forward to the JSP. Note that this is an internal forward, so the browser has no idea that control has been transferred from the servlet to the JSP. Of course, you could also use an HTTP FORWARD if that's what you really wanted to do. Struts sounds like a good framework. I'm not too experienced with those but I take it that won't be hard to use. It's just how we were learned to code. So it never seemed to me as if the process was reversed. Whether or not you use struts, I highly recommend that you avoid tricks like calling a servlet from a JSP in order to execute your business logic. If you have a waterfall-style logical flow (i.e. execute servlet first, then JSP), it's only natural to have the flow actually do that. It's okay if you application isn't 100% pull-based ;) -chris signature.asc Description: OpenPGP digital signature
Fw: problem with getcontext and context.xml
Hi, i am new to tomcat and i have two problem : first one in a tomcat 5.5.9 when i use the request.getServletPath() and request.getContextPath() i get different answer than a tomcat 5.5.19 (or 20), has this function change in the new tomcat? Second question and the more important is how to use the server.xml and context.xml to work together here is my problem : i would like to setup a virtual host on tomcat, so i put on my server.xml file this : Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount/ unpackWARs=true autoDeploy=true /Host and on /usr/local/tomcat/webapps/myaccount/META-INF/context.xml : Context path= docBase= override=true /Context I have try many different things (docBase=myaccount etc) but i always get the same answer : Alert!: HTTP/1.1 400 No Host matches server name vhost1.mydomain.com does anybody can help ? Regards - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: BRUN Sébastien [mailto:[EMAIL PROTECTED] Subject: Fw: problem with getcontext and context.xml i would like to setup a virtual host on tomcat If you only have one host to worry about, you don't need to use virtual hosts. You can also use the alias attribute if you have multiple domains to support with identical apps. Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount/ The above is incorrect. The appBase parameter should point to the directory in which your webapps are deployed, not to a specific webapp. /usr/local/tomcat/webapps/myaccount/META-INF/context.xml : Context path= docBase= override=true /Context When the Context element is in META-INF/context.xml, the path and docBase attributes must not be used, since they are derivable from the location of the app. If you want myaccount to be the default webapp for the Host, change its name (subdirectory) to ROOT (case sensitive). Read some of this weekend's messages for more detail, especially this one: http://marc.theaimsgroup.com/?l=tomcat-userm=116198740004759w=2 Alert!: HTTP/1.1 400 No Host matches server name vhost1.mydomain.com What is the defaultHost attribute set to in your Engine? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Yes but i have multiple vhost for different webapps. I have try to put Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/ like you suggest but when i launch tomcat it seem that i only get the ROOT webapps, and how can the server know that vhost1.mydomain.com is for /usr/local/tomcat/webapps/myaccount for exemple and vhost2.mydomain.com to myaccount2 if i only write appbase to where my webapps are deployed? Ok for the path and docBase so the context.xml is somethink like : Context reloadable=true / only ? the defaultHost attribute is default.mydomain.com only. I have read the http://marc.theaimsgroup.com/?l=tomcat-userm=116198740004759w=2 and i have deploy a default website in ROOT (with a META-INF/context.xml) but none of my websites work. So i have in the server.xml : Engine name=Catalina defaultHost=default.mydomain.com Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/ unpackWARs=true autoDeploy=true /Host Host name=vhost2.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/ unpackWARs=true autoDeploy=true /Host and in /usr/local/tomcat/webapps/ROOT/META-INF/context.xml /usr/local/tomcat/webapps/myaccount1//META-INF/context.xml /usr/local/tomcat/webapps/myaccount2//META-INF/context.xml Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource (taken from internet don t know if it s necessary) And nothing works , for default.mydomain.com i get : HTTP/1.1 400 No Host matches server name default.mydomain.com for vhost1.mydomain.com i get only a 404 error What i am doing wrong ? and in this configuration how can the server know that vhost2 is for myaccount2 and vhost1 for myaccount1 for example ? thanks for your help - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 4:27 PM Subject: RE: problem with getcontext and context.xml From: BRUN Sébastien [mailto:[EMAIL PROTECTED] Subject: Fw: problem with getcontext and context.xml i would like to setup a virtual host on tomcat If you only have one host to worry about, you don't need to use virtual hosts. You can also use the alias attribute if you have multiple domains to support with identical apps. Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount/ The above is incorrect. The appBase parameter should point to the directory in which your webapps are deployed, not to a specific webapp. /usr/local/tomcat/webapps/myaccount/META-INF/context.xml : Context path= docBase= override=true /Context When the Context element is in META-INF/context.xml, the path and docBase attributes must not be used, since they are derivable from the location of the app. If you want myaccount to be the default webapp for the Host, change its name (subdirectory) to ROOT (case sensitive). Read some of this weekend's messages for more detail, especially this one: http://marc.theaimsgroup.com/?l=tomcat-userm=116198740004759w=2 Alert!: HTTP/1.1 400 No Host matches server name vhost1.mydomain.com What is the defaultHost attribute set to in your Engine? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Performance throttling
Thanks Chuck. ThreadMXBean (JMX) must be used to determine CPU time used by this thread to change thread priority dynamically. Saturday, October 28, 2006, 9:56:38 PM, you wrote: From: Dima Retov [mailto:[EMAIL PROTECTED] Subject: Performance throttling Is that possible to do performance throttling (or shaping) in tomcat on per context base? CCR No direct mechanism that I'm aware of (although others might). I CCR suppose you could segregate apps under different Engines, and you can CCR set thread priority for each Connector associated with an Engine. CCR - Chuck CCR THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY CCR MATERIAL and is thus for use only by the intended recipient. If you CCR received this in error, please contact the sender and delete the e-mail CCR and its attachments from all computers. CCR - CCR To start a new topic, e-mail: users@tomcat.apache.org CCR To unsubscribe, e-mail: [EMAIL PROTECTED] CCR For additional commands, e-mail: [EMAIL PROTECTED] -- Best regards, Dimamailto:[EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Yes but i have multiple vhost for different webapps. how can the server know that vhost1.mydomain.com is for /usr/local/tomcat/webapps/myaccount for exemple and vhost2.mydomain.com to myaccount2 If you want different default apps for each host, you need to have different appBase settings for each, and each appBase would have its own ROOT subdirectory (or .war file). Alternatively, you could put separate ROOT.xml files in conf/[engine]/[host] for each host, each ROOT.xml pointing to the proper default app via the docBase attribute. You would probably want to turn off autoDeploy and deployOnStartup in this case. Ok for the path and docBase so the context.xml is somethink like : Context reloadable=true / only ? Correct. the defaultHost attribute is default.mydomain.com only. Then where is the Host entry for default.mydomain.com? If it's missing, it's surprising Tomcat does anything. And nothing works , for default.mydomain.com i get : HTTP/1.1 400 No Host matches server name default.mydomain.com for vhost1.mydomain.com i get only a 404 error Which is what you should get, since you don't have a Host entry for it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount1 unpackWARs=true autoDeploy=true Context path= docBase= debug=1 reloadable=true / /Host Host name=vhost2.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount2 unpackWARs=true autoDeploy=true Context path= docBase= debug=1 reloadable=true / /Host But since the Context is in server.xml, you can't change anything without restarting Tomcat. This is why doing so is strongly discouraged. Even the above is not correct, since appBase is pointing to a specific webapp, rather than the default location for all webapps for the Host. When you violate the intent of the configuration settings, you're at risk of your settings failing miserably at any time. now you told me to have multiple appbase ? so it s not the same things as : appBase=/usr/local/tomcat/webapps/myaccount1 ? and appbase appBase=/usr/local/tomcat/webapps/myaccount2 for the two context ? and to have a hierarchy like this : /usr/local/tomcat/webapps/myaccount1/ROOT/ (where to put my website?) /usr/local/tomcat/webapps/myaccount2/ROOT/ ? You could do that, but it's an extra directory layer that you don't really need. I'd suggest this instead: appBase=/usr/local/tomcat/webapps1 appBase=/usr/local/tomcat/webapps2 and put your default app for each host in: /usr/local/tomcat/webapps1/ROOT /usr/local/tomcat/webapps2/ROOT where one Host's appBase points to webapps1, and the other to webapps2. Note that the names myaccount1 and myaccount2 serve no purpose and have been removed. it seem much more complicated than to have the context in the server.xml file no ? No, because it makes the app deployment independent of the Tomcat configuration. i would prefer in the META-INF for each user to manage it s own context.xml Agreed, that is the more desirable setup. it s there : Engine name=Catalina defaultHost=default.mydomain.com no ? No; you're missing the Host name=default.mydomain.com ... entry in your server.xml. Read the doc: Exactly one of the Hosts associated with each Engine MUST have a name matching the defaultHost attribute of that Engine. http://tomcat.apache.org/tomcat-5.5-doc/config/host.html Right now my hierarchy is like this : /usr/local/tomcat/webapps/myaccount1/META-INF/context.xml usr/local/tomcat/webapps/myaccount1/WEB-INF/web.xml /usr/local/tomcat/webapps/myaccount2/META-INF/context.xml usr/local/tomcat/webapps/myaccount2/WEB-INF/web.xml Again, you should separate the webapps of the two hosts, and use ROOT for the default app for each: /usr/local/tomcat/webapps1/ROOT/META-INF/context.xml /usr/local/tomcat/webapps1/ROOT/WEB-INF/web.xml /usr/local/tomcat/webapps2/ROOT/META-INF/context.xml /usr/local/tomcat/webapps2/ROOT/WEB-INF/web.xml The appBase attributes for the two Host elements should point to /usr/local/tomcat/webapps1 and /usr/local/tomcat/webapps2, respectively. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Hmm i think i understand a little so each context need to have it's own ROOT directory (it would be much simplier without it :) ) for the Host name=default.mydomain.com ... i forget it yes. So i have create like you told two things : Host name=default.mydomain.com and Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount1 and i have /usr/local/tomcat/webapps/ROOT/META-INF/context.xml and /usr/local/tomcat/webapps/test/ROOT/META-INF/context.xml i am write? well the problem now is that i always get : Status report message / description The requested resource (/) is not available. my website is in the directory ROOT on both case (with a ROOT/META-INF and a ROOT/WEB-INF for both), what i am doingt wrong this time? thx
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Hmm i think i understand a little so each context need to have it's own ROOT directory No; perhaps you don't understand that context is synonomous with webapp, not host. Each Host should have its own appBase and ROOT context, unless you want the same apps running on both Hosts. ROOT is simply the default context; there can be many contexts (webapps) for each Host. So i have create like you told two things : Host name=default.mydomain.com and Host name=vhost1.mydomain.com debug=0 appBase=/usr/local/tomcat/webapps/myaccount1 and i have /usr/local/tomcat/webapps/ROOT/META-INF/context.xml and /usr/local/tomcat/webapps/test/ROOT/META-INF/context.xml No, you're not paying attention to what's in the messages. To repeat from the last time: You could do that, but it's an extra directory layer that you don't really need. I'd suggest this instead: appBase=/usr/local/tomcat/webapps1 appBase=/usr/local/tomcat/webapps2 and put your default app for each host in: /usr/local/tomcat/webapps1/ROOT /usr/local/tomcat/webapps2/ROOT where one Host's appBase points to webapps1, and the other to webapps2. Note that the names myaccount1 and myaccount2 serve no purpose and have been removed. By the way, you don't need a Host entry for default.mydomain.com, unless you have a separate set of apps for default.mydomain.com; you could simply declare vhost1.mydomain.com or vhost2.mydomain.com as the defaultHost for your engine. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Well each one of my host have their own appBase and ROOT context in each host i haveappBase=/usr/local/tomcat/webapps1 and appBase=/usr/local/tomcat/webapps2 and i have put my website in : /usr/local/tomcat/webapps1/ROOT/myfile (and same for webapps2) anything wrong on this ? i despair to make it work - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Well each one of my host have their own appBase and ROOT context in each host i haveappBase=/usr/local/tomcat/webapps1 and appBase=/usr/local/tomcat/webapps2 That's good. and i have put my website in : /usr/local/tomcat/webapps1/ROOT/myfile (and same for webapps2) Take out the myfile - your default app is ROOT. Stop adding unnecessary directories. The WEB-INF and META-INF directories should be immediately under each ROOT directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
when i say myfile i mean file like index.jsp it their i should put them no ? actually the META inf and WEB inf are immediately under the ROOT directory but that don t work - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 8:19 PM Subject: RE: problem with getcontext and context.xml From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Well each one of my host have their own appBase and ROOT context in each host i haveappBase=/usr/local/tomcat/webapps1 and appBase=/usr/local/tomcat/webapps2 That's good. and i have put my website in : /usr/local/tomcat/webapps1/ROOT/myfile (and same for webapps2) Take out the myfile - your default app is ROOT. Stop adding unnecessary directories. The WEB-INF and META-INF directories should be immediately under each ROOT directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml when i say myfile i mean file like index.jsp it their i should put them no ? Yes, that's where the public .jsp files should go. but that don t work What do you mean by don't work? What happens when you enter http://vhost1.mydomain.com or http://vhost2.mydomain.com in a browser? What's in the Tomcat logs? Post your server.xml and each ROOT's context.xml if the logs don't help. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Well there is nothing on the log. Here is my server.xml : Server port=8005 shutdown=SHUTDOWN !-- Global JNDI resources -- GlobalNamingResources !-- Test entry for demonstration purposes -- Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=9570 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=myvhost1.althosting.net appBase=webapps/mydomain1 Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=myvhost2.mydomain.com appBase=webapps/mydomain2 unpackWARs=true autoDeploy=true / /Engine /Service /Server the context.xml : /usr/local/tomcat/webapps/ROOT/META-INF/context.xml Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource /usr/local/tomcat/webapps1/ROOT/META-INF/context.xml Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource for myvhost2 i get error 404 for myvhost1 i get No Host matches server name - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 8:29 PM Subject: RE: problem with getcontext and context.xml From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml when i say myfile i mean file like index.jsp it their i should put them no ? Yes, that's where the public .jsp files should go. but that don t work What do you mean by don't work? What happens when you enter http://vhost1.mydomain.com or http://vhost2.mydomain.com in a browser? What's in the Tomcat logs? Post your server.xml and each ROOT's context.xml if the logs don't help. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
permission on server.xml
Hi, one question i think exemple we run java with user and group www server.xml need to be readable for tomcat to work, but each user that have access to a tomcat account can also read it with a simple jsp code how can we prevent that ? (or tomcat-user.xml)
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Connector port=9570 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / This would indicate you're front-ending Tomcat with something else, such as httpd. Add a Connector for a different port and protocol=HTTP/1.1, then see what happens when you contact Tomcat directly via that port. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: permission on server.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: permission on server.xml Hi, one question i think exemple we run java with user and group www server.xml need to be readable for tomcat to work, but each user that have access to a tomcat account can also read it with a simple jsp code how can we prevent that ? (or tomcat-user.xml) How would that simple jsp code get into your webapps? Do you allow any user to dump arbitrary code into your system? BTW, tomcat-users.xml must also be writeable by Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Yes that s the case i use apache , i have try with http/1.1 and another port but i get exactly the same problem for the two hosts - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 9:10 PM Subject: RE: problem with getcontext and context.xml From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Connector port=9570 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / This would indicate you're front-ending Tomcat with something else, such as httpd. Add a Connector for a different port and protocol=HTTP/1.1, then see what happens when you contact Tomcat directly via that port. - Chuck - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml i have try with http/1.1 and another port but i get exactly the same problem for the two hosts Do you have DNS entries for both host names? What IP address does each evaluate to? (Hint: they must be different.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Well i have DNS entrie for both but i have only 1 IP so it s the same entries , both vhost have the same IP (that s why their are vhost :) ) - Original Message - From: Caldarale, Charles R [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 9:23 PM Subject: RE: problem with getcontext and context.xml From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml i have try with http/1.1 and another port but i get exactly the same problem for the two hosts Do you have DNS entries for both host names? What IP address does each evaluate to? (Hint: they must be different.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: permission on server.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: permission on server.xml I mean with a jsp code you can see/write file can a user write outside the webapps defined in the server.xml? Certainly code in a .jsp or servlet can read or write anywhere that Tomcat's userid is allowed to (subject to JVM security policies, of course). Anyone stupid enough to put code in a webapp that allows end users to read or write in arbitrary locations deserves what they get. i ask this because i have already a server with customer that with a simple jsp code write file into the conf or bin directory (and the user was under a webapps) That's an error on the part of the Tomcat administrator for deploying such a horrendous webapp. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
there is one error i hadn't notice : SEVERE: Parse Fatal Error at line 2 column 2: The markup in the document following the root element must be well-formed. org.xml.sax.SAXParseException: The markup in the document following the root element must be well-formed. Oct 29, 2006 9:34:17 PM org.apache.catalina.startup.ContextConfig processContextConfig SEVERE: Parse error in default web.xml org.xml.sax.SAXParseException: The markup in the document following the root element must be well-formed. but that s the default web.xml that come with tomcat - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
if i delete the context.xml file it seem to work is there anything wrong in : Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
mast wrote: if i delete the context.xml file it seem to work is there anything wrong in : Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource Yes. It should be: Context reloadable=true WatchedResourceWEB-INF/web.xml/WatchedResource /Context Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: problem with getcontext and context.xml
From: mast [mailto:[EMAIL PROTECTED] Subject: Re: problem with getcontext and context.xml Well i have DNS entrie for both but i have only 1 IP so it s the same entries , both vhost have the same IP (that s why their are vhost :) ) Yes, that should work - I've just verified it with my 5.5.20 installation. Here's my server.xml, with most of the comments stripped out: Server port=8005 shutdown=SHUTDOWN Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / Listener className=org.apache.catalina.storeconfig.StoreConfigLifecycleListener / GlobalNamingResources Environment name=simpleValue type=java.lang.Integer value=30/ Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources Service name=Catalina Connector port=8080 maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false redirectPort=8443 acceptCount=100 connectionTimeout=2 disableUploadTimeout=true / Connector port=8009 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Engine name=Catalina defaultHost=myhost1.com Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ Host name=myhost1.com appBase=webapps1 unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.FastCommonAccessLogValve directory=logs prefix=myhost1.com_access_log. suffix=.log pattern=common resolveHosts=false/ /Host Host name=myhost2.com appBase=webapps2 unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false Valve className=org.apache.catalina.valves.FastCommonAccessLogValve directory=logs prefix=myhost2.com_access_log. suffix=.log pattern=common resolveHosts=false/ /Host /Engine /Service /Server All servlet and JSP examples work properly, and differentiate properly between myhost1 and myhost2. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem with getcontext and context.xml
Hmm yes in fact that work better with the /Context thanks for the help to both of you it works now - Original Message - From: Mark Thomas [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Sunday, October 29, 2006 10:05 PM Subject: Re: problem with getcontext and context.xml mast wrote: if i delete the context.xml file it seem to work is there anything wrong in : Context reloadable=true / WatchedResourceWEB-INF/web.xml/WatchedResource Yes. It should be: Context reloadable=true WatchedResourceWEB-INF/web.xml/WatchedResource /Context Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Security
Chris, Chuck (Yeah, uh, pretty much what you are saying below, Chris) Yes, I looked at the how-to for realm-based authentication and also several of the org.apache.catalina.realm.*, and in particular at org.apache.cataline.real.JDBCRealm api's. The realm authentication and authorization mechanism can be adapted for my purposes but only up to a point. For example, I can treat galleries as if they were users, and then associate a role (private, pub, passwd) and a password or null password, depending, The JDBCRealm could be used to constantly update the associated permissions for galleries, as required, etc. BUT: the finest granularity for what can be accessed in this mechanism is by servlet, not by the path info (getPathInfo()) of the URI. (Remember, realm based authentic. allows access control based on the enclosing Engine, Host, Context, or Wrapper, a Wrapper being a servlet.) So, for my purpose, this is not satisfactory, and would still require at least the second half of the mechanism I have already built for specifying what can be accessed and where and how access must be prevented, when that is required. Nevertheless, I appreciate you gentlemen having pointed me to this possibility. It was enlightening. Maurice Yarrow Christopher Schultz wrote: Maurice, Maurice Yarrow wrote: So what I would like to know how to do is how to programmatically bypass web.xml-based authorization and impose this authorization on a access-case-by-case but take advantage of applying the induced security contraint to any URL pattern desired (Chuck's wording) ? IIRC, web.xml-based authentication is pretty much all-or-nothing. You can protect /some/ pages using that mechanism (say, those that allow your users to administer their own galleries), and then leave the browsing capabilities completely open according to web.xml, but then use your own servlet(s) to impose further restrictions. -chris - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getContextPath
i return with my first problem :=20 in a tomcat 5.5.9 when i use the request.getServletPath() and=20 request.getContextPath() i get different answer than a tomcat 5.5.19 (or 20), has this function=20 change in the new tomcat? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: mod_jk and apache problem
-Original Message- From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: Saturday, October 28, 2006 3:49 PM To: Tomcat Users List Subject: mod_jk and apache problem The following said that if client click on links that including *.jsp then forward the requested to tomcat using worker2. But where will it go when the traffic forward to tomcat. If one have more than one context under Tomcat. How does it know which one to go from the three. for example: of multiple context under Tomcat. /app/webapps/ROOT/ /app/webapps/monpop/ /app/webapps/tticket/ ***httpd.conf file JkMount /*.jsp worker2 Per your and other sugguestion, I did this and it will give me error via the apache log. *** modified httpd.conf file JkMount /tticket/*.jsp worker2 It said File does not exist: /www/tticket/js/new_menu_settings1.js. I agreed with the error. It doesn't make sense to me either. I need to define or point /app/webapps/tticket/ to worker2 somehow. I don't know how.. I missed something here but I don't know what. Tom - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] You have configured mod_jk connector to serve jsp files and nothing else. Darek Czarkowki - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getContextPath
mast wrote: i return with my first problem :=20 in a tomcat 5.5.9 when i use the request.getServletPath() and=20 request.getContextPath() i get different answer than a tomcat 5.5.19 (or 20), has this function=20 change in the new tomcat? Examples please. I suspect it is as a result of the configuration changes you have been making. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getContextPath
Examples please. I suspect it is as a result of the configuration changes you have been making. Mark with two server.xml identical with a test.jsp on a directory test on 5.5.9 TranslatedPath: null ContextPath: ServletPath: /test/test.jsp PathInfo: null RequestURI: /test/test.jsp QueryString: null on 5.5.20 ContextPath: /test ServletPath: /test.jsp PathInfo: null RequestURI: /test/test.jsp QueryString: null like you can see the servletpath and contextpath is different - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk and apache problem
Darek- You forgot to Add VirtualHost documentRoot=PointToPhysicalLocationOfFile then JkMount /*.jsp ajp13 in worker.properties file follow these instructions in detail http://mail-archives.apache.org/mod_mbox/tomcat-users/200101.mbox/[EMAIL PROTECTED] Martin -- This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents - Original Message - From: Darek Czarkowski [EMAIL PROTECTED] To: 'Tomcat Users List' users@tomcat.apache.org; [EMAIL PROTECTED] Sent: Sunday, October 29, 2006 4:28 PM Subject: RE: mod_jk and apache problem -Original Message- From: Tom Miller [mailto:[EMAIL PROTECTED] Sent: Saturday, October 28, 2006 3:49 PM To: Tomcat Users List Subject: mod_jk and apache problem The following said that if client click on links that including *.jsp then forward the requested to tomcat using worker2. But where will it go when the traffic forward to tomcat. If one have more than one context under Tomcat. How does it know which one to go from the three. for example: of multiple context under Tomcat. /app/webapps/ROOT/ /app/webapps/monpop/ /app/webapps/tticket/ ***httpd.conf file JkMount /*.jsp worker2 Per your and other sugguestion, I did this and it will give me error via the apache log. *** modified httpd.conf file JkMount /tticket/*.jsp worker2 It said File does not exist: /www/tticket/js/new_menu_settings1.js. I agreed with the error. It doesn't make sense to me either. I need to define or point /app/webapps/tticket/ to worker2 somehow. I don't know how.. I missed something here but I don't know what. Tom - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] You have configured mod_jk connector to serve jsp files and nothing else. Darek Czarkowki - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: permission on server.xml
On Sun, Oct 29, 2006 at 02:33:31PM -0600, Caldarale, Charles R wrote: I mean with a jsp code you can see/write file can a user write outside the webapps defined in the server.xml? Certainly code in a .jsp or servlet can read or write anywhere that Tomcat's userid is allowed to (subject to JVM security policies, of course). Anyone stupid enough to put code in a webapp that allows end users to read or write in arbitrary locations deserves what they get. Charles, you're missing his point. His user is not a website user, it's a _tomcat_ user. I.e. someone that is allowed to deploy an application on the app server. From: mast [mailto:[EMAIL PROTECTED] Subject: Re: permission on server.xml i ask this because i have already a server with customer that with a simple jsp code write file into the conf or bin directory (and the user was under a webapps) You probably need to run a separate tomcat instance for each customer. eric - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getContextPath
mast wrote: with two server.xml identical with a test.jsp on a directory test on 5.5.9 TranslatedPath: null ContextPath: ServletPath: /test/test.jsp PathInfo: null RequestURI: /test/test.jsp QueryString: null on 5.5.20 ContextPath: /test ServletPath: /test.jsp PathInfo: null RequestURI: /test/test.jsp QueryString: null There was a change at some point that resulted in any directory under the webapps directory being deployed as an application. You would see this behaviour if you had configured a host appBase to be the same as a context docBase - a configuration that is invalid. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getContextPath
There was a change at some point that resulted in any directory under the webapps directory being deployed as an application. You would see this behaviour if you had configured a host appBase to be the same as a context docBase - a configuration that is invalid. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Hmm i understand but this configuration was invalid in 5.5.9 too so they did some change no ? - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getContextPath
mast wrote: Hmm i understand but this configuration was invalid in 5.5.9 too so they did some change no ? This configuration has always been invalid but if you use it then you will see different behaviour as a side-effect of adding the deploy any directory in appBase feature which is new. Mark - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk and apache problem
Chris, Thanks much fo respond to my issues. My problem occured when I tried to access Tomcat using more than two context. The traffic for port 80 will forward to Tomcat fine if I use only the ROOT context. In another word, it will only worked with ROOT and not with any other new context that I created. I want to mention that it worked with port 8080 for all three new instances. For instance: http://www.tticket.com:8080/tticket/index.jsp http://www.popmon.com:8080/tom/index.jsp http://www.tom.com:8080/popmon/index.jsp However, it will not work when I run these http://www.tticket.com/index.jsp http://www.popmon.com/index.jsp http://www.tom.com/index.jsp Again, it will work if I just use the default ROOT context. So, I know the mod_jk is working fine but only with the default ROOT context. Here are what I have under tomcat home directory: /app/webapps/tticket /app/webapps/popmon /app/webapps/tom The Apache doc home is under /www/tticket /www/popmon /www/tom Here are the files that I am currently using httpd.conf file ** VirtualHost 192.168.0.227:80 ServerAdmin [EMAIL PROTECTED] ServerName www.tticket.com DocumentRoot /www/tticket ErrorLog /www/tticket/logs/error_log CustomLog /www/tticket/logs/access_log common JkMount /tticket/*.jsp worker1 JkMount /tticket/*.jspx worker1 JkMount /tticket/*.servlet worker1 JkMount /tticket/login* worker1 JkMount /tticket/servlet/* worker1 # Deny direct access to WEB-INF LocationMatch .*WEB-INF.* AllowOverride None deny from all /LocationMatch /VirtualHost #NameVirtualHost 192.168.0.228:80 VirtualHost 192.168.0.228:80 ServerAdmin [EMAIL PROTECTED] ServerName support.popmon.com DocumentRoot /www/popmon ErrorLog /www/popmon/logs/error_log CustomLog /www/popmon/logs/access_log common JkMount /popmon/*.jsp worker2 JkMount /popmon/*.jspx worker2 JkMount /popmon/*.servlet worker2 JkMount /popmon/login* worker2 JkMount /popmon/servlet/* worker2 # Deny direct access to WEB-INF LocationMatch .*WEB-INF.* AllowOverride None deny from all /LocationMatch /VirtualHost VirtualHost 192.168.0.229:80 ServerAdmin [EMAIL PROTECTED] ServerName www.tom.com DocumentRoot /www/tom ErrorLog /www/tom/logs/error_log CustomLog /www/tom/logs/access_log common JkMount /tom/*.jsp worker3 JkMount /tom/*.jspx worker3 JkMount /tom/*.servlet worker3 JkMount /tom/login* worker3 JkMount /tom/servlet/* worker3 # Deny direct access to WEB-INF LocationMatch .*WEB-INF.* AllowOverride None deny from all /LocationMatch /VirtualHost # Include conf/mod_jk.conf end of httpd.conf file * mod_jk.conf file * # Load mod_jk module LoadModulejk_module modules/mod_jk.so # Where to find workers.properties JkWorkersFile conf/workers.properties # Where to put jk logs JkLogFile logs/mod_jk.log # Set the jk log level [debug/error/info] #JkLogLevelinfo JkLogLeveldebug # Select the log format JkLogStampFormat [%a %b %d %H:%M:%S %Y] # JkOptions indicate to send SSL KEY SIZE, JkOptions +ForwardKeySize +ForwardURICompat - ForwardDirectories # JkRequestLogFormat set the request format JkRequestLogFormat %w %V %T # Send servlet for context /examples to worker named worker1 # JkMount /examples/servlet/* router # Send JSPs for context /examples to worker named worker1 # JkMount /examples/*.jsp router #JkMount /cluster-test/* router * end of mod_jk.conf file *** workers.properties file # workers.tomcat_home=/app/webapps # # workers.java_home should point to your Java installation. Normally # you should have a bin and lib directories beneath it. # workers.java_home=/usr/java/jdk1.5.0_07 # # You should configure your environment slash... ps=\ on NT and / on UNIX # and maybe something different elsewhere. # ps=/ #** # List workers worker.list=worker1,worker2,worker3 # # Define worker1 # workers.properties - ajp13 worker.worker1.port=8110 worker.worker1.host=192.168.0.227 worker.worker1.type=ajp13 worker.worker1.cachesize=100 worker.worker1.cache_timeout=60 worker.worker1.socket_keepalive=1 worker.worker1.socket_timeout=5 worker.worker1.recycle_timeout=30 # # Define worker2 # workers.properties - ajp13 worker.worker2.port=8111 worker.worker2.host=192.168.0.228 worker.worker2.type=ajp13 worker.worker2.cachesize=100 worker.worker2.cache_timeout=60 worker.worker2.socket_keepalive=1 worker.worker2.socket_timeout=5 worker.worker2.recycle_timeout=30 # # Define worker3 # workers.properties - ajp13 worker.worker3.port=8112 worker.worker3.host=192.168.0.229
RE: permission on server.xml
From: Eric Haszlakiewicz [mailto:[EMAIL PROTECTED] Subject: Re: permission on server.xml Charles, you're missing his point. Wouldn't be the first time. His user is not a website user, it's a _tomcat_ user. I.e. someone that is allowed to deploy an application on the app server. You probably need to run a separate tomcat instance for each customer. Given that definition of user, I would agree. You can limit the capabilities of webapps by using a Security Manager, but ill-behaved apps can still impact others in the same JVM. Nevertheless, the Tomcat administrator is still responsible for insuring that rogue apps are not deployed. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat Security
From: Maurice Yarrow [mailto:[EMAIL PROTECTED] Subject: Re: Tomcat Security BUT: the finest granularity for what can be accessed in this mechanism is by servlet, not by the path info (getPathInfo()) of the URI. Not true - security constraints apply to paths, not servlets. If you want to see an example of multi-path constraints, download Lambda Probe and look at its web.xml file. (Remember, realm based authentic. allows access control based on the enclosing Engine, Host, Context, or Wrapper, a Wrapper being a servlet.) A realm is merely an authentication credential repository, not an access control mechanism. The servlet spec allows one to use the security-constraint settings to define access controls. However, the real mismatch here is the dynamic nature of your environment. Since the accessiblity of a given path can change at any moment, this doesn't fit with the essentially static nature of standard servlet security. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
George Azzopardi is out of the office.
I will be out of the office starting 30-10-2006 and will not return until 06-11-2006. I will respond to your message when I return. *** Internet Email Notice *** The information contained in this message or any of its attachments may be privileged and confidential and intended for the exclusive use of the addressee. If you are not the addressee, any disclosure, reproduction, distribution or other dissemination or use of this message is strictly prohibited. Opinions or views expressed in this message belong to the author only, except where the message states otherwise and the sender is authorised to state them to be the views of Bank of Valletta plc or any of its subsidiaries. If you have received this message in error, please inform the author immediately, delete the message forthwith, and destroy any hardcopies. Thank You. Website: http://www.bov.com/ * - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JDK
I recently upgraded to jdk1.5.0_09, now when I start tomcat I get this in the error log and can't run my webapps, java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:243) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:408) Caused by: javax.xml.parsers.FactoryConfigurationError: Provider org.apache.xerces.jaxp.SAXParserFactoryImpl not found at javax.xml.parsers.SAXParserFactory.newInstance(Unknown Source) at org.apache.tomcat.util.digester.Digester.getFactory(Digester.java:486) at org.apache.tomcat.util.digester.Digester.getParser(Digester.java:691) at org.apache.tomcat.util.digester.Digester.getXMLReader(Digester.java:899) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561) at org.apache.catalina.startup.Catalina.load(Catalina.java:473) at org.apache.catalina.startup.Catalina.load(Catalina.java:509) ... 6 more What can I do to get it to work? Jim _ Try Search Survival Kits: Fix up your home and better handle your cash with Live Search! http://imagine-windowslive.com/search/kits/default.aspx?kit=improvelocale=en-USsource=hmtagline - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: JDK
From: Jim Weir [mailto:[EMAIL PROTECTED] Subject: JDK I recently upgraded to jdk1.5.0_09, now when I start tomcat I get this in the error log and can't run my webapps, You don't say what version of Tomcat you're using, but if it's 5.5.x, you must remove the 1.4 Compatibility Package when running on a 1.5 JRE or JDK. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]