Hello,
it is my understanding that tomcat uses a valve to detect Throwables
from webapp and redirect to error page. However, in some case, it seems
impossible to redirect to error page:
68937425 [http-8081-Processor14] ERROR
StandardWrapper[/intranet:webdav] - Servlet.service() for servlet
Is it possible encrypt password on Resource setup?
Resource name=app auth=Container type=
oracle.jdbc.pool.OracleDataSource
factory=oracle.jdbc.pool.OracleDataSourceFactory
driverClassName=oracle.jdbc.OracleDriver
url=jdbc:oracle:thin:@DATABASE_IP:1521:DATABASE_NAME user=username
Chuck,
then the docs are quite misleading.
In the 5.5-docs
(http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html) is
said:
quote
n a J2SE 2 (that is, J2SE 1.2 or later) environment, class loaders are
arranged in a parent-child tree. Normally, when a class loader is
asked to load a
If I remember that correctly:
- if you include it in LD_LIBRARY_PATH, the JVM will add it to
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for the
runtime linker to find the tcnative dependencies apr and openssl
Anyone: correct me if I'm
Nope.
You could write your own db pool init code in a ServletContextListener
and then do anything you want as far as how to store the pool
configuration if you really need to encrypt the password. The standard
tomcat configuration files don't offer any facility for encrypting
passwords
Hi ,
I tried to install jakarta-tomcat-5.0.28 in Suse Linux Enterprise Server
10 and when I run the command
/usr/java/jakarta-tomcat-5.0.28/bin/jsvc-src # ./configure
I am getting the following error :
*** Current host ***
checking build system type...
1) use another achitecture (x86 instead of x86_64)
2) download a more recent tomcat (5.0.28 is 3 years old release)
3) download a more recent jsvc (http://commons.apache.org/daemon/jsvc.html)
to your choice
En l'instant précis du 17/08/07 12:10, Potri Raaja s'exprimait en ces
termes:
Hi ,
I
Hi,
I've written a webapp for a portlet container. Within this webapp /
the portlet I can call a link to a servlet. The servlet gets the
session from the portlet container (resp. Tomcat) and do its work.
(Session-sharing between portlets and servlets is working)
This works great when I use the
Thanks for all your advice,
Problem sorted now.
I moved the ojdbc14.jar into common/lib only, and set-up a context in the
appname/META-INF/contex.xml. Tomcat still
wouldn't start after renaming ResourceParams to Resource even after I had
validated the xml with an xml validator
tool. In the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark and Joe,
Mark Thomas wrote:
Joseph Shraibman wrote:
Mark Thomas wrote:
request.setCharacterEncoding(UTF-8);
Is this always safe? For responses I can (and do) check the
accept-charset request [header], but I can't figure out how to
Hi I'm getting the following exception in tomcat 5.5.23:
Aug 17, 2007 3:31:20 PM org.apache.coyote.http11.Http11Processor process
SEVERE: Error finishing request
java.lang.ArrayIndexOutOfBoundsException: -45
at
Hi,
I have installed Tomcat 5.5.23_1 on FreeBSD 6.2. I have used Servlets a
lot in the past but have not used ant. I am now trying to get this
development environment to work. Following the basic portinstall of
Tomcat on FreeBSD I did the following:
1. sudo cp
Just curious why it requires a filter to be used to set character
encoding when it is set at the app server and form level as UTF8? What
I noticed is it gets translated incorrectly from the form to the
servlet. Is that correct? Is it a low level API that causes this?
Thanks,
Joe
Dear Tomcat users,
I'm very new to the Tomcat application and am trying to understand why
my context files are being ignored on deployment. I've had a search in
the mailing archives and read (and tried) the documentation on the
Tomcat site.
I'm trying to get a calendaring system (which also
From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED]
Subject: Re: Register url in ROOT application
I want to be able to register a servlet in the ROOT application
that will handle request to /app1. Note that the name space
/app1 is already taken up by my app1 application.
I don't see
On 8/17/07, David Delbecq [EMAIL PROTECTED] wrote:
2) download a more recent tomcat (5.0.28 is 3 years old release)
I can confirm that the jsvc packaged with 5.5.23 configures and
builds on a x86_64 SuSE 10.0 system.
HTH,
--
Hassan Schroeder [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Matt,
Matthew Kerle wrote:
I'm changing jobs soon and the new company uses JBoss (:-), so
it may take a while to convince them how good tomcat is ;-p!
IIRC, JBoss used to use Tomcat as its servlet container. Maybe that's no
longer the case.
But
Christopher Schultz wrote:
Setting the encoding of the response is sometimes necessary when the
browser (stupidly, IMO) elects not to send the charset being used to the
server.
It isn't the browser's fault, its the spec's fault. See
https://bugzilla.mozilla.org/show_bug.cgi?id=289060#c8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gregor,
Gregor Schneider wrote:
Chuck,
then the docs are quite misleading.
Nope. Read them again.
quote
When a request to load a class
from the web application's WebappX class loader is processed, this
class loader will look in the local
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Andrew,
Andrew Hole wrote:
Is it possible encrypt password on Resource setup?
No (still).
- -chris
PS Yes, you can write your own data source manager that decrypts the
credentials or whatever, but then you have to store /that/ password
somewhere.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chuck and Thomas,
Caldarale, Charles R wrote:
From: Thomas Kwan (eTechFocus) [mailto:[EMAIL PROTECTED]
Subject: Re: Register url in ROOT application
I want to be able to register a servlet in the ROOT application
that will handle request to
Hi Iain,
From a previous question I asked on the list:
If you use auto-deploy and you have a WAR file or directory in the
webapps directory, then any path attribute you have in your
Context element will be ignored (or, worse, confused and used ion some
weird way). Perhaps this is a problem with
From: Emsley, I (Iain) [mailto:[EMAIL PROTECTED]
Subject: context.xml not being copied across on deployment
When I check the xml files in
\apache-tomcat-5.5.17\conf\Catalina\localhost, I'm still getting the
context for Hypersonic rather than MySQL.
A Context element in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Joe,
Joseph S wrote:
Christopher Schultz wrote:
Setting the encoding of the response is sometimes necessary when the
browser (stupidly, IMO) elects not to send the charset being used to the
server.
It isn't the browser's fault, its the spec's
1) Real round robin
If you really want to distribute requests fully via round robin, you
need to set
worker.loadbalancer.sticky_session=False
2) Session stickyness
But usually, this is *not* what you want. Usually, you want requests,
that belong to a user session to go to the same Tomcat
Not sure that I understand your problem: is a jk load balancer involved
and your request gets send to the wrong instance? If so, we can explain,
how the decision is made.
If you are only using a single node, I don't understand the problem. You
write you correctly get an exception. If it's
Greetings!
I have been given the task of setting up a basic local server to test
out Java servlets and evaluate some web technologies for my company. I
am using Windows XP SP2, Java 1.6, Eclipse 3.2, and Apache 2.2.4. I am
following the directions in the O'Reilly Eclipse Cookbook, and I
I do not know the answer. A similar behaviour happened with our servers
when finilizer dead-locked. In your case Finilizer did not dead-lock,
but it fails with exception and I do not know if it recovers after that.
Try checking stack trace several times in a row and see what the
finilizer
Hello everyone!
Is there a way to make the context.xml file more secure? I mean, inside
this file we have database users and passwords in plain form, and this
seems to be a severe security issue... How do you guys usually protect
these informations (using context.xml file) in your projects?
everything seems to be blocked on this one
TP-Processor62 daemon prio=1 tid=0x081ef7e0 nid=0x6971 runnable
[0x94f12000..0x94f130a0]
at java.lang.String.intern(Native Method)
at javax.management.ObjectName.setCanonicalName(ObjectName.java:733)
at
On 8/17/07, Lizard Lizard [EMAIL PROTECTED] wrote:
I am sure more information is needed to diagnose this problem, and I
will happily provide it.
Thank you for any support you can offer.
2 things to check.
1. Do the tomcat logs tell you anything? Located in Tomcat install
directory/logs
I read this just after I sent the same question... Take alook at the
following article:
http://wldj.sys-con.com/read/393364.htm
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 17 de agosto de 2007 11:46
Para: Tomcat Users List
Assunto: Re:
Regarding that, I came across an implementation suggestion which seems
to be valid, but still seems to have security issues. What do you think?
Take a look at http://wldj.sys-con.com/read/393364.htm
-Mensagem original-
De: Milanez, Marcus [mailto:[EMAIL PROTECTED]
Enviada em:
Thank you for the tip on netstat. (Dammit, Jim, I'm a database
developer, not a network admin!) (Yes, I know, it's important to learn
all relevant skills and I'm not claiming ignorance is justifiable...)
It did lead me to discover that a)Nothing is listening on 8080, and,
b)Despite windows
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
Regarding that, I came across an implementation suggestion which seems
to be valid, but still seems to have security issues. What do you think?
Take a look at http://wldj.sys-con.com/read/393364.htm
Wow, what a
I know.. This is quite difficult to address...
Have your company adhered to SOX already?
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em: sexta-feira, 17 de agosto de 2007 15:17
Para: Tomcat Users List
Assunto: Re: RES: Context.xml file
-BEGIN PGP
Rainer Jung wrote:
If I remember that correctly:
- if you include it in LD_LIBRARY_PATH, the JVM will add it to
java.library.path automatically
- if you only add it to java.library.path, it will not be enough for
the runtime linker to find the tcnative dependencies apr and openssl
Anyone:
Chris,
Microsoft seems to have a good solution for that. The 'keys' are
associated with na specific domain account... What do you think:
http://msdn2.microsoft.com/en-us/library/ms995355.aspx
Thank you!
-Mensagem original-
De: Christopher Schultz [mailto:[EMAIL PROTECTED]
Enviada em:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vigorito,
Vigorito, Nicholas E. wrote:
This is off topic but I cannot seem to find the answers to the following
for Linux. Anyone know the answers to the following:
- If the suid bit is set for the owner of a directory (looks like drws
when
The this is that there are serious security concerns regarding SOX
audits... Are there preventative measures about cleartext pass? No, but
SOX auditors could easily point out all these stuff as 'unsafe
environments'...
Anyway, I'm just trying to enforce security as much as I can in my
Thanks Chris!
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
rg] On Behalf Of Christopher Schultz
Sent: Friday, August 17, 2007 3:52 PM
To: Tomcat Users List
Subject: Re: Off-Topic - Linux questions
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Vigorito,
All the solutions I ever heard of boil down to two approaches:
1) The secrets are stored in the computer, and protected by filesystem
permissions. This is what you have now. Ensure that the
filemode/ACL/whatever is correct to prevent unauthorized access to
the files containing the
I found the problem. Something else was listening on port 8005. I
changed it to 8006 in the XML config file and all worked smoothly from
then on. Thank you for your help; without netstat, I'd never have
managed to puzzle this out.
--
===
Blog: www.xanga.com/lizard_sf
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Marcus,
Milanez, Marcus wrote:
Microsoft seems to have a good solution for that. The 'keys' are
associated with na specific domain account... What do you think:
http://msdn2.microsoft.com/en-us/library/ms995355.aspx
I don't see this as a
This is off topic but I cannot seem to find the answers to the following
for Linux. Anyone know the answers to the following:
- If the suid bit is set for the owner of a directory (looks like drws
when shown via ls -l) what does that mean? I can find what it means for
a file but not a directory.
On 8/17/07, Lizard Lizard [EMAIL PROTECTED] wrote:
SEVERE: StandardServer.await: create[8005]:
java.net.BindException: Address already in use: JVM_Bind
It claims the address is already in use, but netstat shows nothing on
that address. Stopping the apache server itself did not change this.
On 8/17/07, Vigorito, Nicholas E. [EMAIL PROTECTED] wrote:
- If the suid bit is set for the owner of a directory (looks like drws
when shown via ls -l) what does that mean? I can find what it means for
a file but not a directory.
Here is a much better explanation then I would be able to
On 8/17/07, Lizard Lizard [EMAIL PROTECTED] wrote:
I found the problem. Something else was listening on port 8005. I
changed it to 8006 in the XML config file and all worked smoothly from
then on. Thank you for your help; without netstat, I'd never have
managed to puzzle this out.
Ok, great
but an XML validator tool will only validate whether the XML is malformed or
not, right? Not whether it touches parameters that exist in Tomcat. Right?
Glad to hear you got it working.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, August 17, 2007 7:56
Hi,
To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:
1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.
2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
What do these file do?
fredk2 wrote:
Hi,
To use log4j the documentation
http://tomcat.apache.org/tomcat-6.0-doc/logging.html
suggest that we need to:
1. Replace $CATALINA_HOME/bin/tomcat-juli.jar with the
output/extras/tomcat-juli.jar.
2. Place output/extras/tomcat-juli-adapters.jar in $CATALINA_HOME/lib.
What do
David Delbecq [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
Hello,
it is my understanding that tomcat uses a valve to detect Throwables
from webapp and redirect to error page. However, in some case, it seems
impossible to redirect to error page:
68937425
Brian Munroe [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
This is more of a Servlet API question, but pertains to Tomcat
nonetheless. I am using Tomcat 5.5.23 with JDK 1.6.
I am having a problem with Generics and request.getParameterNames().
I keep getting a unchecked cast
Christopher Schultz wrote:
Andrew,
Andrew Hole wrote:
Is it possible encrypt password on Resource setup?
No (still).
And for good reason.
First off all, why does the resource password need to be encrypted?
The threat is that an attacker gains unauthorised access to the box
locally or
54 matches
Mail list logo