Re: problem in loging
pandeyprashant wrote: hi... plz tell me how to solve this problem? There is no problem. when i strat tomcat it shows this massage. Jun 24, 2009 9:45:56 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: ... The message is prefixed with INFO:, so it is just information, it is not an error. See here for more information : http://tomcat.apache.org/tomcat-5.5-doc/apr.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Auth-constraint with Tomcat 6
Hi tomcat users, I am using Tomcat 6.0.20 and have successfully implemented a lockout realm with nested JDBCRealm and JNDIRealm. The security constraint has also been setup in my application WEB-INF/web.xml file: auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint User is now authenticated via JDBCRealm followed by JNDIRealm and would be able to access protected pages with any role. The question I have is how can I deny a group of users with a particular role to all protected pages even if they can provide correct combination of username/password? Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. Please advise. Appreciate it! Regards, Clement - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Adding jar files to stratup sequence of tomcat
Hello *, sory for bother you with this question but I have a little problem. In the last version of the tomcat (3.2.1) which I have been used I've add some classes (connection to the Informix database). Afterwards some applets has been working because of they found connection classes to the relevant database. Is there any way how to add those classes to the tomcat so that I will not add these classes directly to catalina.sh running script (stored in /usr/share/tomcat5/bin/)? Thank you in advance Petr
Bluetooth na noteboocich E8020
Ahoj Jirkove, nevite, jak se da zapnout bluetooth na nasich noteboocich E8020? regards / S pozdravem Ing. Petr Hráček IT Services and Enterprise Communications Developer Bidláky 20, budova Mediahall 639 00 Brno Tel.: +420 533 337 267 Fax.: +420 533 337 252 mailto: petr.hra...@siemens-enterprise.com mailto:petr.hra...@siemens-enterprise.com www.isec-it.com http://www.isec-it.com/ Společnost: iSEC - IT Services and Enterprise Communications s.r.o. Sídlo: Brno, Bidláky 20, 639 00 Obchodní firma je zapsána v obchodním rejstříku u Krajského soudu v Brně v oddílu C, ve složce 54602. IČ: 27721710 POZOR! Tento e-mail může obsahovat obchodní tajemství nebo jiné utajované a důvěrné informace. Pokud jste tento e-mail obdrželi omylem, oznamujeme Vám tímto, že je přísně zakázáno jej jakýmkoli způsobem upravovat, kopírovat nebo šířit. Neprodleně nás prosím informujte a tento e-mail zničte. Děkujeme za spolupráci. Important Note! This e-mail may contain trade secrets or privileged, undisclosed or otherwise confidential information. If you have received this e-mail in error, you are hereby notified that any review, copying or distribution of it is strictly prohibited. Please inform us immediately and destroy the original transmittal. Thank you for your cooperation.
Application Stop responding
Hello, While running some times Tomcat did not respond to the requests for some seconds and I got the following errors in Apache Error log, thanks. [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] (70014)End of file found: proxy: error reading status line from remote server 192.168.0.38 [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] proxy: Error reading from remote server returned by /TestWebService /services/TestWSHandler I am using Tomcat Version jakarta-tomcat-5.5.7 and Apache Version 2.2.11, thanks. Best Regards, Zeeshan Ahmad.
RE: Application Stop responding
Well, I am not proposing a solution. but I have a suggestion for you; Upgrade your tomcat version to latest stable version 6.x Ghufran -Original Message- From: Zeeshan Ahmad [mailto:zah...@i2cinc.com] Sent: Wednesday, June 24, 2009 12:52 PM To: 'Tomcat Users List' Subject: Application Stop responding Importance: High Hello, While running some times Tomcat did not respond to the requests for some seconds and I got the following errors in Apache Error log, thanks. [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] (70014)End of file found: proxy: error reading status line from remote server 192.168.0.38 [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] proxy: Error reading from remote server returned by /TestWebService /services/TestWSHandler I am using Tomcat Version jakarta-tomcat-5.5.7 and Apache Version 2.2.11, thanks. Best Regards, Zeeshan Ahmad. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.12.88/2196 - Release Date: 06/23/09 17:54:00
potential thread? and what should we do?
Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. -- Best regards, Nikolay Diulgerov Network Administrator - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Application Stop responding
We are facing the same issue on 6.x, thanks. Best Regards, Zeeshan Ahmad. -Original Message- From: Ghufran [mailto:ghufra...@vopium.com] Sent: Wednesday, June 24, 2009 3:06 PM To: 'Tomcat Users List' Subject: RE: Application Stop responding Well, I am not proposing a solution. but I have a suggestion for you; Upgrade your tomcat version to latest stable version 6.x Ghufran -Original Message- From: Zeeshan Ahmad [mailto:zah...@i2cinc.com] Sent: Wednesday, June 24, 2009 12:52 PM To: 'Tomcat Users List' Subject: Application Stop responding Importance: High Hello, While running some times Tomcat did not respond to the requests for some seconds and I got the following errors in Apache Error log, thanks. [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] (70014)End of file found: proxy: error reading status line from remote server 192.168.0.38 [Wed Jun 24 00:47:29 2009] [error] [client 192.168.0.186] proxy: Error reading from remote server returned by /TestWebService /services/TestWSHandler I am using Tomcat Version jakarta-tomcat-5.5.7 and Apache Version 2.2.11, thanks. Best Regards, Zeeshan Ahmad. No virus found in this incoming message. Checked by AVG - www.avg.com Version: 8.5.375 / Virus Database: 270.12.88/2196 - Release Date: 06/23/09 17:54:00
Re: potential thread? and what should we do?
The latest version of tomcat is 6.0.20 and its about one month old. http://tomcat.apache.org/download-60.cgi#6.0.20 enjoy :-) Leon On Wed, Jun 24, 2009 at 10:06 AM, Niki Diulgerovndiulge...@imx.fr wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. -- Best regards, Nikolay Diulgerov Network Administrator - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Does this means that 5.5.x is no more developed, and there will be no new versions in the 5.5 branch ? Best regards, Nikolay Diulgerov Network Administrator E-mail: ndiulge...@imx.fr Telephone : +33 4 89 87 77 77 Fax : +33 4 89 87 77 00 Web: http://www.codix-france.com Leon Rosenberg wrote: The latest version of tomcat is 6.0.20 and its about one month old. http://tomcat.apache.org/download-60.cgi#6.0.20 enjoy :-) Leon On Wed, Jun 24, 2009 at 10:06 AM, Niki Diulgerovndiulge...@imx.fr wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. -- Best regards, Nikolay Diulgerov Network Administrator - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
I'm probably the wrong person to answer this, but there will be patches and updates to 5.5.x as there are for even 4.1.x, but the general development is moving along to tomcat 7, so 5.5.x is an outdated model. However, for almost all webapps the migration to 6.0.x is rather smooth (I've had an issue with some unescaped quotes but that was all). regards Leon On Wed, Jun 24, 2009 at 10:20 AM, Niki Diulgerovndiulge...@imx.fr wrote: Does this means that 5.5.x is no more developed, and there will be no new versions in the 5.5 branch ? Best regards, Nikolay Diulgerov Network Administrator E-mail: ndiulge...@imx.fr Telephone : +33 4 89 87 77 77 Fax : +33 4 89 87 77 00 Web: http://www.codix-france.com Leon Rosenberg wrote: The latest version of tomcat is 6.0.20 and its about one month old. http://tomcat.apache.org/download-60.cgi#6.0.20 enjoy :-) Leon On Wed, Jun 24, 2009 at 10:06 AM, Niki Diulgerovndiulge...@imx.fr wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. -- Best regards, Nikolay Diulgerov Network Administrator - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Leon Rosenberg wrote: I'm probably the wrong person to answer this, ... Me too, but a pretty detailed overview of these matters is always available here : http://tomcat.apache.org/whichversion.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
André Warnier wrote: Leon Rosenberg wrote: I'm probably the wrong person to answer this, ... Me too, but a pretty detailed overview of these matters is always available here : http://tomcat.apache.org/whichversion.html and here : http://tomcat.apache.org/security.html All these links are available directly on the Tomcat website home page.. http://tomcat.apache.org I guess what is really missing, is a meta home page, where it would be mentioned that all these links are available on the home page. ;-) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: problem with tomcat-native 1.1.14 and tomcat 6
Opps!!! I forgot to post how i resolved the issue. Actually i haven't installed the libssl-dev libraries. I just gone through the link https://help.ubuntu.com/community/OpenSSL and then i checked whether everything fine about the openssl lib, at that point i realized that i haven't installed libssl-dev libraries. Thank you guys Chears !!! Mladen Turk-3 wrote: Jay M wrote: I am trying to compile the tomcat-native-1.1.14 from Ubuntu, am getting the message Like Charles suggested try with 1.1.16 checking for OpenSSL library... using openssl from /usr/lib and /usr/include checking OpenSSL library version... not compatible checking for OpenSSL DSA support... no This certainly doesn't look good. It seems that openssl is 0.9.8b Regards -- ^(TM) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/problem-with-tomcat-native-1.1.10-and-tomcat-6.0.14-tp15048117p24181290.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help: auth-constraint with Tomcat 6
Do you really want to have allow different passwords for the same user id? Sounds dangerous. For different access control restrictions you needs to set up various roles, which are names chosen by you. Which can be something like - reader, writer - admin, superuser, user - it, sales, marketing, hr Then your role names * would be gone and you would need a security-constraint for each resource category you need to protect. (Google for more details on security-constraint for more help on that) -Tim Clement Chong wrote: Hi tomcat users, I am using Tomcat 6.0.20 and have successfully implemented a lockout realm with nested JDBCRealm and JNDIRealm. The security constraint has also been setup in my application WEB-INF/web.xml file: auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint User is now authenticated via JDBCRealm followed by JNDIRealm and would be able to access protected pages with any role. The question I have is how can I deny a group of users with a particular role to all protected pages even if they can provide correct combination of username/password? Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Best-Choice HowTo Webhosing Apache + Tomcat
Hello, Can somebody provide me a good HowTo to install a commercial hosting server with Apache Webserver and Tomcat App Server and many Applications? Best Choise means the flexibility to add and remove and restart isolated webapps in the Tomcat without interferences the other webapps. Greetings Alexander Diedler smime.p7s Description: S/MIME cryptographic signature
Re: potential thread? and what should we do?
After doing some reading of the documentation I found that these bugs are fixed in the SVN repository. Also checking out the latest source I can see that it is revision (Checked out revision 787991) and tomcat is with version 5.5.28. Following the simple instructions on the site (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build the latest release and get version with these bugs fixed. Best regards, Nikolay Diulgerov Network Administrator David kerber wrote: Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Application Stop responding
From: Zeeshan Ahmad [mailto:zah...@i2cinc.com] Subject: RE: Application Stop responding We are facing the same issue on 6.x, thanks. Then let's discuss what happens on 6.0.20; 5.5.7 is four years old and it's somewhat irresponsible to still be using it. What JVM are you using with 6.0.20? What platform are you running on? What's in the Tomcat logs for the time periods in question? What does a thread dump show during the pauses? What kind of GC activity are you seeing? What else is apparent when using any of the myriad JVM monitoring tools available? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Adding jar files to stratup sequence of tomcat
From: Hracek, Petr [mailto:petr.hra...@siemens-enterprise.com] Subject: Adding jar files to stratup sequence of tomcat Afterwards some applets has been working because of they found connection classes to the relevant database. Applets? Applets run in the client system's JVM, not the JVM Tomcat runs in; do you mean servlets? Is there any way how to add those classes to the tomcat so that I will not add these classes directly to catalina.sh running script (stored in /usr/share/tomcat5/bin/)? If you mean servlets above, then read the doc: http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html JDBC driver classes are normally placed in Tomcat's common/lib or common/classes directory. If you really meant applets, you have to place the library classes where they can be downloaded by the client JVM; they're not used by Tomcat or your webapps, and must be available like any other static resource that the client might access. Anything you knew about configuring Tomcat 3 is pretty much ignorable - read the doc for the level you're using. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Best-Choice HowTo Webhosing Apache + Tomcat
http://tomcat.apache.org/connectors-doc/generic_howto/quick.html Martin Gainty __ Verzicht und Vertraulichkeitanmerkung Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. From: adied...@tecracer.de To: users@tomcat.apache.org Date: Wed, 24 Jun 2009 14:22:57 +0200 Subject: Best-Choice HowTo Webhosing Apache + Tomcat Hello, Can somebody provide me a good HowTo to install a commercial hosting server with Apache Webserver and Tomcat App Server and many Applications? Best Choise means the flexibility to add and remove and restart isolated webapps in the Tomcat without interferences the other webapps. Greetings Alexander Diedler _ Insert movie times and more without leaving Hotmail®. http://windowslive.com/Tutorial/Hotmail/QuickAdd?ocid=TXT_TAGLM_WL_HM_Tutorial_QuickAdd_062009
RE: problem in loging
From: pandeyprashant [mailto:pandeyprash...@live.in] Subject: problem in loging plz tell me how to solve this problem? when i strat tomcat it shows this massage. Jun 24, 2009 9:45:56 AM org.apache.catalina.core.AprLifecycleListener init INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: As André pointed out, it's not a problem, it's just information. If you don't want to use APR, comment out the APR listener in conf/server.xml to make the message go away. If you need maximum performance, then install APR, otherwise don't worry about it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSLImplementation
Thanks for the response. Yes, I think this makes sense. What I worried is if there's any reason for this. For example, is not supported, will be deprecated, has potential problem, and etc. Since this is a feature for advanced users, it is reasonable to not add it to document. It may be a good entry in knowledge base, and it is already there if this group actually services as Tomcat knowledge base. On Tue, Jun 23, 2009 at 9:41 PM, Bill Barker wbar...@wilshire.com wrote: Susumu Sai susumu.sai.2...@gmail.com wrote in message news:7d50e06a0906231422q734e985dybc92648f59fae...@mail.gmail.com... I have confirmed that SSLImplementation attribute works in Connector of server.xml file (Refer to http://mail-archives.apache.org/mod_mbox/tomcat-users/200609.mbox/%3c6244765.p...@talk.nabble.com%3e ). But I just don't understand why SSLImplementation attribute is not included in Tomcat 6.0 document - http://tomcat.apache.org/tomcat-6.0-doc/config/http.html. Mistake or any reason? TC 6.0 only supports one type of SSLImplementation out-of-the-box (JSSE). So anyone that wants to use this attribute has to already know enough about Tomcat internals to write their own SSLImplementation. Including it in the docs would just confuse 99.99% of users. But, yes, the hook is there for anyone that wants to plug in their favorite SSL library. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How does one control what the path is on the JSESSIONID cookie?
John Caron wrote:
Pid wrote:
Filip Hanik - Dev Lists wrote:
John Caron wrote:
Tomcat 6.0.18 automatically adds the session cookie like:
Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds
How can I change the path part of the cookie?
the only thing you can do is set it to empty, by using emptySessionPath.
Or you could change the name of your application. That's unlikely to be
helpful though.
Why does it matter?
p
The client may have more than one session, which must be distinguished
by the path, eg i need:
That sounds alarming. The path for a cookie is used to determine when
to send it for a given web application path.
If the cookie path is modified, as below, then the application won't
receive the path at all initially.
I don't think modifying the path will help you here.
You'd be better turning cookies off altogether and using URL based
session ids. With the session in the URL, you can have multiple
sessions in different windows/tabs.
p
Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds/p1
A previous post had this filter, which im guessing i can modify :
package com.prosc.servlet;
import javax.servlet.*;
import javax.servlet.http.*;
import java.io.IOException;
/**
* This class will set the cookie maxAge to match the session timeout
value. That way, a user who closes their browser and
* re-enters the site will still have the same session if it has not
timed out on the server.
*/
public class SessionCookieExtender implements Filter {
private static final String JSESSIONID = JSESSIONID;
public void init( FilterConfig config ) throws ServletException {}
public void doFilter( ServletRequest _request, ServletResponse
_response, FilterChain chain ) throws IOException, ServletException {
if( _response instanceof HttpServletResponse ) {
HttpServletRequest httpRequest = (HttpServletRequest)_request;
HttpServletResponse httpResponse =
(HttpServletResponse)_response;
HttpSession session = httpRequest.getSession();
if( session != null session.getId() != null ) {
Cookie sessionCookie = new Cookie( JSESSIONID,
session.getId() );
int sessionTimeoutSeconds =
session.getMaxInactiveInterval();
sessionCookie.setMaxAge( sessionTimeoutSeconds );
sessionCookie.setPath( httpRequest.getContextPath() );
httpResponse.addCookie( sessionCookie ); //FIX! This
doesn't actually get rid of the other cookie, but it seems to work OK
}
}
chain.doFilter( _request, _response );
}
public void destroy() {}
}
If there is a better way to do it, Id love to hear!
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
REMOTE_USER with Apache 2.2.9 (Debian) + Tomcat 6.0.18 + mod_auth_kerb
Hello, That's my first post for users@tomcat.apache.org list so I'd like to say hello to everybody. I've got the big problem with forward REMOTE_HOST from Apache to Tomcat. On the Apache side everything works ok. I've tested it with PHP script and it simply works. But on the Tomcat side REMOTE_USER header value is not available. I spend almost all day today to solve it. I've read a lot of articles and it still doesn't work. Please help me :) What I've already done is testing for many different ways: 1) rewriting: http://osdir.com/ml/apache.mod-auth-kerb.general/2005-10/msg9.html 2) tomcatAuthentication set to false I also try that in Tomcat 5 and there I had also problem. If I use JkEnvVar REMOTE_HOST I've got attribute available on the Tomcat side, but I need that value in header (I want to use RequestHeaderPreAuthenticatedProcessingFilter from Spring Security). Any advices? Thank you in advance. Best regards, -- Maciej Matecki skype: m.matecki || www: http://matecki.info/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikolay, On 6/24/2009 4:20 AM, Niki Diulgerov wrote: Does this means that 5.5.x is no more developed, and there will be no new versions in the 5.5 branch ? http://wiki.apache.org/tomcat/TomcatVersions - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCNYEACgkQ9CaO5/Lv0PDgMwCeK9kf1IDxR9FMRV24PITSCwXU 0DYAoIIwqVT4hG073f/acewVXATXXgYZ =IaLY -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSLImplementation
Susumu Sai wrote: Thanks for the response. Yes, I think this makes sense. What I worried is if there's any reason for this. For example, is not supported, will be deprecated, has potential problem, and etc. No plans that I am aware of. There is always a risk we break things by adding something JSSE specific. If we do, feel free to raise a bug and it will get fixed. Since this is a feature for advanced users, it is reasonable to not add it to document. It may be a good entry in knowledge base, and it is already there if this group actually services as Tomcat knowledge base. The archives are once source of knowledge. There is also the wiki that anyone can add entries to. Mark On Tue, Jun 23, 2009 at 9:41 PM, Bill Barker wbar...@wilshire.com wrote: Susumu Sai susumu.sai.2...@gmail.com wrote in message news:7d50e06a0906231422q734e985dybc92648f59fae...@mail.gmail.com... I have confirmed that SSLImplementation attribute works in Connector of server.xml file (Refer to http://mail-archives.apache.org/mod_mbox/tomcat-users/200609.mbox/%3c6244765.p...@talk.nabble.com%3e ). But I just don't understand why SSLImplementation attribute is not included in Tomcat 6.0 document - http://tomcat.apache.org/tomcat-6.0-doc/config/http.html. Mistake or any reason? TC 6.0 only supports one type of SSLImplementation out-of-the-box (JSSE). So anyone that wants to use this attribute has to already know enough about Tomcat internals to write their own SSLImplementation. Including it in the docs would just confuse 99.99% of users. But, yes, the hook is there for anyone that wants to plug in their favorite SSL library. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Niki Diulgerov wrote: After doing some reading of the documentation I found that these bugs are fixed in the SVN repository. Also checking out the latest source I can see that it is revision (Checked out revision 787991) and tomcat is with version 5.5.28. Following the simple instructions on the site (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build the latest release and get version with these bugs fixed. Just be aware that although what you download from svn today may call itself 5.5.28, there may be other changes made before 5.5.28 is tagged. If you want to work with the same source code as we used to build the release, you need to checkout the tag rather than trunk. Mark Best regards, Nikolay Diulgerov Network Administrator David kerber wrote: Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How does one control what the path is on the JSESSIONID cookie?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 John, On 6/23/2009 5:04 PM, John Caron wrote: Pid wrote: Filip Hanik - Dev Lists wrote: John Caron wrote: Tomcat 6.0.18 automatically adds the session cookie like: Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds How can I change the path part of the cookie? the only thing you can do is set it to empty, by using emptySessionPath. Or you could change the name of your application. That's unlikely to be helpful though. Why does it matter? p The client may have more than one session, which must be distinguished by the path, eg i need: Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds/p1 Multiple cookies is not a problem. If Tomcat receives multiple JSESSIONID cookies with a request, it will try all of them until it gets a match for the webapp being used to serve the request. That said, having overlapping webapp URL spaces is asking for trouble. A previous post had this filter, which im guessing i can modify : /** * This class will set the cookie maxAge to match the session timeout value. That way, a user who closes their browser and * re-enters the site will still have the same session if it has not timed out on the server. */ This filter was written for a very different purpose. HttpSession session = httpRequest.getSession(); Note that this filter creates sessions when when one is not necessary. httpResponse.addCookie( sessionCookie ); //FIX! This doesn't actually get rid of the other cookie, but it seems to work OK This comment is telling: yes, the old cookie is not removed, and it really should be. A better solution would be to write a Valve that wraps the response to intercepts addCookie calls and re-write the maxage when the cookie is added. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCN+IACgkQ9CaO5/Lv0PBK5gCeJZQL7x8vEFN2YVNV0+t6OyQM 4SAAn0kB0vy6t5HzJtsmVnhq6BchLqgb =Xwwz -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Sample program for testing http DELETE or PUT method in tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chris, On 6/18/2009 10:35 PM, cleegt wrote: Because of the security reason imposed by my company, I disabled http DELETE, PUT methods from the tomcat based on some suggested method mentioned on the internet. Now, I need to test whether the fix is working or not. So, I am looking for a sample testing program to test the DELETE and PUT methods. Is there anyone know where I can find those programs? How about good old telnet? HTTP is a very readable protocol. Note that PUT and DELETE are disabled by default in a standard Tomcat install. You should have to take action to /enable/ these methods. $ telnet host 80 Trying [ip address]... Connected to host. Escape character is '^]'. DELETE /path/to/resource HTTP1.1 HTTP/1.1 405 Method Not Allowed Date: Wed, 24 Jun 2009 14:35:07 GMT Server: Apache Allow: GET,HEAD,POST,OPTIONS Content-Length: 319 Connection: close Content-Type: text/html; charset=iso-8859-1 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title405 Method Not Allowed/title /headbody h1Method Not Allowed/h1 pThe requested method DELETE is not allowed for the URL /path/to/resource./p hr addressApache Server at [host] Port 80/address /body/html Connection closed by foreign host. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCOgUACgkQ9CaO5/Lv0PB/KQCgoLWibqqELJzBuMKkqRrGIyrd ka0AoL/2mqI+iYfrUf8PnVYuXfFx19j8 =tVZF -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Auth-constraint with Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Clement, On 6/24/2009 2:57 AM, Clement Chong wrote: auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint User is now authenticated via JDBCRealm followed by JNDIRealm and would be able to access protected pages with any role. The question I have is how can I deny a group of users with a particular role to all protected pages even if they can provide correct combination of username/password? Instead of specifying '*' as the allowed role (which means any defined role), you should specify all roles that /should/ have access and omit those that shouldn't. You could also remove your auth-constraint and implement your own authorization in a filter. Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. I'm sure you could do that: you're the author of that realm! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCO/UACgkQ9CaO5/Lv0PAvhQCeKFfpRHbwpnqVywYeQqjZqs5f ksAAnRpi75K66uNf422xWRIBCOdWoGSL =fYkB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Issue with Tomcat 6 on Windows Server 2003 x64
Hi Tomcat Users, I am trying to configure Tomcat 6.0.20 on Windows Server 2003 x64 and find that the installed service abruptly stops during startup. The following errors are logged. [2009-06-23 14:49:46] [info] Procrun (2.0.4.0) started [2009-06-23 14:49:46] [info] Running Service... [2009-06-23 14:49:46] [info] Starting service... [2009-06-23 14:49:46] [174? javajni.c] [error] %1 is not a valid Win32 application. [2009-06-23 14:49:46] [994? prunsrv.c] [error] Failed creating java D:\Java\jdk1.6.0_14\jre\bin\server\jvm.dll [2009-06-23 14:49:46] [1269 prunsrv.c] [error] ServiceStart returned 1 [2009-06-23 14:49:46] [info] Run service finished. [2009-06-23 14:49:46] [info] Procrun finished. [2009-06-23 15:07:48] [info] Procrun (2.0.5.0) started [2009-06-23 15:07:48] [info] Running Service... [2009-06-23 15:07:48] [info] Starting service... [2009-06-23 15:07:49] [info] Service started in 1218 ms. However, I am able to use the startup.bat script successfully. The version of Java is 6.0.14 for x64 Windows and JAVA_HOME is pointed to it (I assume that's why the script works). Has anyone found a fix for the Windows service issue? Regards, Abdul.
Custom Valve
Hello All!I am trying to edit the AccessLogValve and then would rename it to some other Valve. Presently, the AccessLogValve writes logs, but I would like to write the same data in an object as well. Any pointers on how can I achieve this ?? I might be able to add some code where it writes to logs, so that it will also write to some object. But then I have no idea how to Deploy this custom valve. Also, Valve Component specifies that the log pattern supports many things like %h, %l, etc but so far, i could not find how can I include all those(pattern codes) in the log file. Any help would be great! Thanks all, S
Re: Auth-constraint with Tomcat 6
Christopher Schultz wrote: Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. I'm sure you could do that: you're the author of that realm! Actually, that would be me ;) These are new realms shipping with 6.0.20 and later. It would be rather difficult to do this as the Realm interface is designed to return a Principal if you are authenticated and null if not. There is no easy way to tell why the authentication failed. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with Tomcat 6 on Windows Server 2003 x64
From: abmo...@aol.com [mailto:abmo...@aol.com] Subject: Issue with Tomcat 6 on Windows Server 2003 x64 I am trying to configure Tomcat 6.0.20 on Windows Server 2003 x64 and find that the installed service abruptly stops during startup. You need to use the 64-bit versions of tomcat6.exe and tomcat6w.exe; get them from here: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_20/res/procrun/amd64/ Just replace the ones that are in Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help: auth-constraint with Tomcat 6
Hi Tim, Basically the first realm contains list of users we want to deny access. The password would be dynamic, making it difficult to get through. Well, maybe I should really consider working with specific roles. That is, grant users with roles that would allow them access. Then I would probably just need a single realm for authentication. However, this would mean almost all users require such a role granted except for some whom we like deny access. Then every new users would also probably need granted the role. A little extra work there, besides working with IT to get the new role setup.. A black list would work better than a white list in this case. Thanks, Clement On Wed, Jun 24, 2009 at 7:02 PM, Tim Funk funk...@apache.org wrote: Do you really want to have allow different passwords for the same user id? Sounds dangerous. For different access control restrictions you needs to set up various roles, which are names chosen by you. Which can be something like - reader, writer - admin, superuser, user - it, sales, marketing, hr Then your role names * would be gone and you would need a security-constraint for each resource category you need to protect. (Google for more details on security-constraint for more help on that) -Tim Clement Chong wrote: Hi tomcat users, I am using Tomcat 6.0.20 and have successfully implemented a lockout realm with nested JDBCRealm and JNDIRealm. The security constraint has also been setup in my application WEB-INF/web.xml file: auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint User is now authenticated via JDBCRealm followed by JNDIRealm and would be able to access protected pages with any role. The question I have is how can I deny a group of users with a particular role to all protected pages even if they can provide correct combination of username/password? Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with Tomcat 6 on Windows Server 2003 x64
On Wed, Jun 24, 2009 at 4:45 PM, abmo...@aol.com wrote: Hi Tomcat Users, I am trying to configure Tomcat 6.0.20 on Windows Server 2003 x64 and find that the installed service abruptly stops during startup. The following errors are logged. [2009-06-23 14:49:46] [info] Procrun (2.0.4.0) started [2009-06-23 14:49:46] [info] Running Service... [2009-06-23 14:49:46] [info] Starting service... [2009-06-23 14:49:46] [174? javajni.c] [error] %1 is not a valid Win32 application. [2009-06-23 14:49:46] [994? prunsrv.c] [error] Failed creating java D:\Java\jdk1.6.0_14\jre\bin\server\jvm.dll [2009-06-23 14:49:46] [1269 prunsrv.c] [error] ServiceStart returned 1 [2009-06-23 14:49:46] [info] Run service finished. [2009-06-23 14:49:46] [info] Procrun finished. [2009-06-23 15:07:48] [info] Procrun (2.0.5.0) started [2009-06-23 15:07:48] [info] Running Service... [2009-06-23 15:07:48] [info] Starting service... [2009-06-23 15:07:49] [info] Service started in 1218 ms. Hello, I had the same issue sometime ago. I had to copy Program Files\Java\jre1.6.0\bin\msvcr71.dll file to Windows\system32 directory. Maybe it'll works for you? Regards, -- Maciej Matecki skype: m.matecki || www: http://matecki.info/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with Tomcat 6 on Windows Server 2003 x64
Thanks, This fix works for me. Just a quick question though, Did I miss this in any of the documentation or FAQs? I'm sure if it's a binary issue it would have been noted somewhere so the 'community' has direct reference to the issue. Just my thoughts... or should I make an official request to have it posted? -Original Message- From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Wed, Jun 24, 2009 10:58 am Subject: RE: Issue with Tomcat 6 on Windows Server 2003 x64 From: abmo...@aol.com [mailto:abmo...@aol.com] Subject: Issue with Tomcat 6 on Windows Server 2003 x64 I am trying to configure Tomcat 6.0.20 on Windows Server 2003 x64 and find that the installed service abruptly stops during startup. You need to use the 64-bit versions of tomcat6.exe and tomcat6w.exe; get them from here: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/tags/TOMCAT_6_0_20/res/procrun/amd64/ Just replace the ones that are in Tomcat's bin directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Mark, I used the build.xml downloaded from here (http://tomcat.apache.org/tomcat-5.5-doc/build.xml). Looking at it I can see that it checks out http://svn.apache.org/repos/asf/tomcat/current/tc5.5.x (probably the latest available revision). Please advice me does it contain the latest approved patches or also the latest applied (but still not approved) patches. Should I change something in the build.xml script or I should manually checkout from different location (or different revision but not the head one) The idea is to check out the latest 5.5.x version with approved bugfixes and to build tomcat, cause on tomcat.apache.org the binaries are from 2008. Best regards, Nikolay Diulgerov Network Administrator Mark Thomas wrote: Niki Diulgerov wrote: After doing some reading of the documentation I found that these bugs are fixed in the SVN repository. Also checking out the latest source I can see that it is revision (Checked out revision 787991) and tomcat is with version 5.5.28. Following the simple instructions on the site (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build the latest release and get version with these bugs fixed. Just be aware that although what you download from svn today may call itself 5.5.28, there may be other changes made before 5.5.28 is tagged. If you want to work with the same source code as we used to build the release, you need to checkout the tag rather than trunk. Mark Best regards, Nikolay Diulgerov Network Administrator David kerber wrote: Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with Tomcat 6 on Windows Server 2003 x64
From: Maciej Matecki [mailto:mmate...@gmail.com] Subject: Re: Issue with Tomcat 6 on Windows Server 2003 x64 I had the same issue sometime ago. I had to copy Program Files\Java\jre1.6.0\bin\msvcr71.dll file to Windows\system32 directory. Do NOT do that on a 64-bit version of Windows. That's a 32-bit library and cannot be used with a 64-bit launcher and JVM. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
files under web-inf not found
Hello all, i am relativly new to tomcat so please bear with me. I have a servlet under web-inf/classes/com/mysite/myservlet.class, it refernces a class in another package (say com/variation/class1.class) and everything works fine, but another class it references (say com/variation2/class2.class) in a differnt package gives me a classdefnotfounderror at runtime. The relavent *.class files are definatly present and found at the correct paths, are all .class files under web-inf/classes/* not added to the classpath by default and there visable to any instantiated servlets? If not, what should i know regarding this? Thanks for any help, Dori -- View this message in context: http://www.nabble.com/files-under-web-inf-not-found-tp24187136p24187136.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Issue with Tomcat 6 on Windows Server 2003 x64
On Wed, Jun 24, 2009 at 5:28 PM, Caldarale, Charles Rchuck.caldar...@unisys.com wrote: From: Maciej Matecki [mailto:mmate...@gmail.com] Subject: Re: Issue with Tomcat 6 on Windows Server 2003 x64 I had the same issue sometime ago. I had to copy Program Files\Java\jre1.6.0\bin\msvcr71.dll file to Windows\system32 directory. Do NOT do that on a 64-bit version of Windows. That's a 32-bit library and cannot be used with a 64-bit launcher and JVM. - Chuck I did it on 32-bit OS. I didn't know that it's wrong for 64-bit. So Abdul maybe you'll check that another solution from Charles? Regards, -- Maciej Matecki skype: m.matecki || www: http://matecki.info/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: files under web-inf not found
please display contents of /WEB-INF/web.xml Martin __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Date: Wed, 24 Jun 2009 08:30:20 -0700 From: dorian.cus...@googlemail.com To: users@tomcat.apache.org Subject: files under web-inf not found Hello all, i am relativly new to tomcat so please bear with me. I have a servlet under web-inf/classes/com/mysite/myservlet.class, it refernces a class in another package (say com/variation/class1.class) and everything works fine, but another class it references (say com/variation2/class2.class) in a differnt package gives me a classdefnotfounderror at runtime. The relavent *.class files are definatly present and found at the correct paths, are all .class files under web-inf/classes/* not added to the classpath by default and there visable to any instantiated servlets? If not, what should i know regarding this? Thanks for any help, Dori -- View this message in context: http://www.nabble.com/files-under-web-inf-not-found-tp24187136p24187136.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Bing™ brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea=TEXT_MLOGEN_Core_tagline_local_1x1
RE: files under web-inf not found
From: dori [mailto:dorian.cus...@googlemail.com] Subject: files under web-inf not found I have a servlet under web-inf/classes/com/mysite/myservlet.class First: tell us your Tomcat version, the JVM level you're using, and the platform you're running on. Second: the directory name is WEB-INF, not web-inf; case matters. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: files under web-inf not found
Ah solved, the class could be found but it couldnt find other classes, the error message threw me! dori wrote: Hello all, i am relativly new to tomcat so please bear with me. I have a servlet under web-inf/classes/com/mysite/myservlet.class, it refernces a class in another package (say com/variation/class1.class) and everything works fine, but another class it references (say com/variation2/class2.class) in a differnt package gives me a classdefnotfounderror at runtime. The relavent *.class files are definatly present and found at the correct paths, are all .class files under web-inf/classes/* not added to the classpath by default and there visable to any instantiated servlets? If not, what should i know regarding this? Thanks for any help, Dori -- View this message in context: http://www.nabble.com/files-under-web-inf-not-found-tp24187136p24187355.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
A bit of advice... Its much less risky and complicated to take the last 6.0.x version, namely 6.0.20, instead of building what will become your unique personal tomcat version r-something. If your car is broken, do you buy a new one from a vendor, or do you buy a do it yourself manual and separate parts and spend next three years in the garage assembling? .-) Leon On Wed, Jun 24, 2009 at 5:26 PM, Niki Diulgerovndiulge...@imx.fr wrote: Mark, I used the build.xml downloaded from here (http://tomcat.apache.org/tomcat-5.5-doc/build.xml). Looking at it I can see that it checks out http://svn.apache.org/repos/asf/tomcat/current/tc5.5.x (probably the latest available revision). Please advice me does it contain the latest approved patches or also the latest applied (but still not approved) patches. Should I change something in the build.xml script or I should manually checkout from different location (or different revision but not the head one) The idea is to check out the latest 5.5.x version with approved bugfixes and to build tomcat, cause on tomcat.apache.org the binaries are from 2008. Best regards, Nikolay Diulgerov Network Administrator Mark Thomas wrote: Niki Diulgerov wrote: After doing some reading of the documentation I found that these bugs are fixed in the SVN repository. Also checking out the latest source I can see that it is revision (Checked out revision 787991) and tomcat is with version 5.5.28. Following the simple instructions on the site (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build the latest release and get version with these bugs fixed. Just be aware that although what you download from svn today may call itself 5.5.28, there may be other changes made before 5.5.28 is tagged. If you want to work with the same source code as we used to build the release, you need to checkout the tag rather than trunk. Mark Best regards, Nikolay Diulgerov Network Administrator David kerber wrote: Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with Tomcat 6 on Windows Server 2003 x64
From: abmo...@aol.com [mailto:abmo...@aol.com] Subject: Re: Issue with Tomcat 6 on Windows Server 2003 x64 Did I miss this in any of the documentation or FAQs? Not sure if there's any references in the FAQ or doc; the mailing list archives do contain several inquiries about the issue. I believe I remember one of the committers talking about having a 64-bit .exe installer at some point, so the issue may disappear soon. I did notice that the 6.0 trunk did away with the 64-bit version of tomcat6w.exe; a bit of experimentation on my Vista 64 system shows that really only the 64-bit version of tomcat6.exe is needed - the tomcat6w.exe monitor program runs quite happily in 32-bit mode and can start/stop the 64-bit service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: potential thread? and what should we do?
Niki Diulgerov wrote: Mark, I used the build.xml downloaded from here (http://tomcat.apache.org/tomcat-5.5-doc/build.xml). Looking at it I can see that it checks out http://svn.apache.org/repos/asf/tomcat/current/tc5.5.x (probably the latest available revision). Correct, that is the latest version of the 5.5.x branch. Please advice me does it contain the latest approved patches or also the latest applied (but still not approved) patches. That is the latest 5.5.x code and all patches have been voted for by at least 3 committers but that is not the same as an approved ASF release. We run a number of tests, primarily the Servlet and JSP TCKs to ensure spec compatibility. Releases also go through a number of other checks. Should I change something in the build.xml script or I should manually checkout from different location (or different revision but not the head one) The idea is to check out the latest 5.5.x version with approved bugfixes and to build tomcat, cause on tomcat.apache.org the binaries are from 2008. You have: - the latest 5.5.x code - all the recent security fixes - a number of bug fixes - see the change log - *no* guarantee that the build is spec compliant - something that is halfway between 5.5.27 and 5.5.28 Mark Best regards, Nikolay Diulgerov Network Administrator Mark Thomas wrote: Niki Diulgerov wrote: After doing some reading of the documentation I found that these bugs are fixed in the SVN repository. Also checking out the latest source I can see that it is revision (Checked out revision 787991) and tomcat is with version 5.5.28. Following the simple instructions on the site (http://tomcat.apache.org/tomcat-5.5-doc/building.html) anyone can build the latest release and get version with these bugs fixed. Just be aware that although what you download from svn today may call itself 5.5.28, there may be other changes made before 5.5.28 is tagged. If you want to work with the same source code as we used to build the release, you need to checkout the tag rather than trunk. Mark Best regards, Nikolay Diulgerov Network Administrator David kerber wrote: Niki Diulgerov wrote: Hello there, recently I'm reading in the security news channels that there are discovered multiple vulnerabilities in tomcat and almost all versions are affected. For example these news from today: http://www.linuxsecurity.com/content/view/149201?rdf On the other side, I can see that the latest version of tomcat is 5.5.27 and the package is created in 2008 (06-Sep). Are there any fixes, or some new version comes soon? Does someone know something about this. I asked this question a couple of weeks ago, and they said that the fix in the TC6 line is already done in 6.0.20, and the TC5.5 and TC4 lines will have this fixed in the not-too-distant future. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: potential thread? and what should we do?
From: Leon Rosenberg [mailto:rosenberg.l...@googlemail.com] Subject: Re: potential thread? and what should we do? If your car is broken, do you buy a new one from a vendor, or do you buy a do it yourself manual and separate parts and spend next three years in the garage assembling? .-) For Tomcat, I'd get a new one (the price is right). For classic cars, you'll find me in the garage... - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Issue with Tomcat 6 on Windows Server 2003 x64
Does this file: D:\Java\jdk1.6.0_14\jre\bin\server\jvm.dll exist? George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: abmo...@aol.com [mailto:abmo...@aol.com] Sent: Wednesday, June 24, 2009 8:46 AM To: users@tomcat.apache.org Subject: Issue with Tomcat 6 on Windows Server 2003 x64 Hi Tomcat Users, I am trying to configure Tomcat 6.0.20 on Windows Server 2003 x64 and find that the installed service abruptly stops during startup. The following errors are logged. [2009-06-23 14:49:46] [info] Procrun (2.0.4.0) started [2009-06-23 14:49:46] [info] Running Service... [2009-06-23 14:49:46] [info] Starting service... [2009-06-23 14:49:46] [174? javajni.c] [error] %1 is not a valid Win32 application. [2009-06-23 14:49:46] [994? prunsrv.c] [error] Failed creating java D:\Java\jdk1.6.0_14\jre\bin\server\jvm.dll [2009-06-23 14:49:46] [1269 prunsrv.c] [error] ServiceStart returned 1 [2009-06-23 14:49:46] [info] Run service finished. [2009-06-23 14:49:46] [info] Procrun finished. [2009-06-23 15:07:48] [info] Procrun (2.0.5.0) started [2009-06-23 15:07:48] [info] Running Service... [2009-06-23 15:07:48] [info] Starting service... [2009-06-23 15:07:49] [info] Service started in 1218 ms. However, I am able to use the startup.bat script successfully. The version of Java is 6.0.14 for x64 Windows and JAVA_HOME is pointed to it (I assume that's why the script works). Has anyone found a fix for the Windows service issue? Regards, Abdul. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
UDP fails, but doesn't throw a SecurityException
I have a servlet that sends and listens to a local UDP service. To
allow this, I established the following policy:
grant codebase file:${catalina.base}/webapps/modbus/- {
permission java.net.SocketPermission localhost:502, connect;
};
This allowed packets out to the external service, but not responses.
I changed it as follows:
grant codebase file:${catalina.base}/webapps/modbus/- {
permission java.net.SocketPermission localhost:502,
connect,accept,listen;
};
and it started working.
The client library in question creates a DatagramSocket(), then calls
receive() on it with a timeout. Before adding accept,listen t
always timed out.
Version information:
Tomcat/6.0.18
JVM 1.6.0_13-b03Sun Microsystems Inc
O/S Linux 2.6.28-13-serveri386
Here's my question: if this was failing, why didn't it throw a
SecurityException? It would have been less challenging to figure out
what was going on had there been one.
--Chris
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: UDP fails, but doesn't throw a SecurityException
2009/6/24 Christopher Piggott cpigg...@gmail.com:
I have a servlet that sends and listens to a local UDP service. To
allow this, I established the following policy:
grant codebase file:${catalina.base}/webapps/modbus/- {
permission java.net.SocketPermission localhost:502, connect;
};
This allowed packets out to the external service, but not responses.
I changed it as follows:
grant codebase file:${catalina.base}/webapps/modbus/- {
permission java.net.SocketPermission localhost:502,
connect,accept,listen;
};
and it started working.
The client library in question creates a DatagramSocket(), then calls
receive() on it with a timeout. Before adding accept,listen t
always timed out.
Version information:
Tomcat/6.0.18
JVM 1.6.0_13-b03 Sun Microsystems Inc
O/S Linux 2.6.28-13-server i386
Here's my question: if this was failing, why didn't it throw a
SecurityException? It would have been less challenging to figure out
what was going on had there been one.
Ask your Java vendor. :)
There is no Tomcat code there.
Best regards,
Konstantin Kolinko
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Help: auth-constraint with Tomcat 6
Tomcat Realms would 'silo' access based on authentication to role Ralams would also provide the capability to work with whitelist,blacklist scenarios However if you want access to governed Resource based on your authenticated SSO Portlet-level Security check you will need JSR286 Portal in which case i would suggest Jetspeed http://portals.apache.org/jetspeed-2 HTH Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 24 Jun 2009 23:12:35 +0800 Subject: Re: Help: auth-constraint with Tomcat 6 From: ehch...@gmail.com To: users@tomcat.apache.org Hi Tim, Basically the first realm contains list of users we want to deny access. The password would be dynamic, making it difficult to get through. Well, maybe I should really consider working with specific roles. That is, grant users with roles that would allow them access. Then I would probably just need a single realm for authentication. However, this would mean almost all users require such a role granted except for some whom we like deny access. Then every new users would also probably need granted the role. A little extra work there, besides working with IT to get the new role setup.. A black list would work better than a white list in this case. Thanks, Clement On Wed, Jun 24, 2009 at 7:02 PM, Tim Funk funk...@apache.org wrote: Do you really want to have allow different passwords for the same user id? Sounds dangerous. For different access control restrictions you needs to set up various roles, which are names chosen by you. Which can be something like - reader, writer - admin, superuser, user - it, sales, marketing, hr Then your role names * would be gone and you would need a security-constraint for each resource category you need to protect. (Google for more details on security-constraint for more help on that) -Tim Clement Chong wrote: Hi tomcat users, I am using Tomcat 6.0.20 and have successfully implemented a lockout realm with nested JDBCRealm and JNDIRealm. The security constraint has also been setup in my application WEB-INF/web.xml file: auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint User is now authenticated via JDBCRealm followed by JNDIRealm and would be able to access protected pages with any role. The question I have is how can I deny a group of users with a particular role to all protected pages even if they can provide correct combination of username/password? Would it also be possible to change the behavior of the combinedRealm/LockoutRealm such that if username is found in prior realm and password is incorrect, then it skips the other realms? It only look into the other realms if username is not found in prior realms. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Bing™ brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea=TEXT_MLOGEN_Core_tagline_local_1x1
The best place for implementing context specific behavior?
I have a webapp that I would like to behave in a context (actually host)-specific manner. Where is the best place to initialize the context/host specific functionality? Let me demonstrate what I'm talking about. Lets say I have a webapp Fruit located in folder webapps/fruit. I want to define: apples.mysite.com bananas.mysite.com coconuts.mysite.com etc ... all of which point to webapps/fruit (these are hosts with a / context pointing to webapps/fruit as the docBase, to be more precise). When someone visits apples.mysite.com they see an apple, when they visit bananas.mysite.com they see a banana, and so on. Where in the fruit app is the best place for instance of Fruit to introspect itself (basically look for what host name it is defined under) and prepare accordingly? I've looked into using Context Parameters in the server.xml declarations but I would like to avoid this if possible b/c this functionally is more elegantly determined through introspection (the web-app saying what host do i belong to?). Of course I could always call request.getLocalName(), but that would be inefficient as it would have to be invoked on every request. I guess what I'm looking for someplace in the context initialization process where i could hook into and do my stuff and have it apply to the entire context throughout it's lifecycle. Can't seem to find it digging around the javax.servlet.* javadocs. thanks
Re: Issue with Tomcat 6 on Windows Server 2003 x64
Ok then consider this thread closed for me.?Thanks again for the quick turnaround. Best Regards, Abdul. -Original Message- From: Caldarale, Charles R chuck.caldar...@unisys.com To: Tomcat Users List users@tomcat.apache.org Sent: Wed, Jun 24, 2009 11:44 am Subject: RE: Issue with Tomcat 6 on Windows Server 2003 x64 From: abmo...@aol.com [mailto:abmo...@aol.com] Subject: Re: Issue with Tomcat 6 on Windows Server 2003 x64 Did I miss this in any of the documentation or FAQs? Not sure if there's any references in the FAQ or doc; the mailing list archives do contain several inquiries about the issue. I believe I remember one of the committers talking about having a 64-bit .exe installer at some point, so the issue may disappear soon. I did notice that the 6.0 trunk did away with the 64-bit version of tomcat6w.exe; a bit of experimentation on my Vista 64 system shows that really only the 64-bit version of tomcat6.exe is needed - the tomcat6w.exe monitor program runs quite happily in 32-bit mode and can start/stop the 64-bit service. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Best practices for switching back/forth between java 1.5/1.6
Hi all, I failed at searching for this, even though I know it's been answered: Setting: Tomcat 6.0_20; Mac OS X 10.5.7; I've been normally running against java 1.5.0_19, but I tried to install a war which is throwing .UnsupportedClassVersionError: Bad version number in .class file when it tries to load. So clearly I need to run it under java 1.6, which is installed, and I know that moving to 1.6 is a good thing. However, for a while I'm going to need to switch back and forth between 1.5 and 1.6, because at least one customer is stuck at 1.5 for the present. I made a copy of tomcat's bin/startup.sh, renamed it sup16.sh, and added these two lines at the top: JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/Home export JAVA_HOME This appears to work well enough -- the new war starts and does it's basic thing ok, and when I want to switch up to 1.6 in general, I could do the same thing creating a sup15.sh. So I really only have two questions: 1) Are there hidden problems lurking with doing things this way? 2) Is there a better way of being able to switch back forth? Thanks in advance, Ken - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help: auth-constraint with Tomcat 6
If you want a black list - it would probably be easier to write a filter
[programmatic security] instead of declarative security. [At a minimum,
everyone would still need to be authenticated - its the authorization
which is done via the filter (actually the filter will defer to the
realm so there isn't much extra work)]
Ex:
doFilter(req, resp, chain) {
if (req.isUserInRole(blacklist)) {
response.sendError(403);
return;
}
chain.doFilter(...);
}
-Tim
Clement Chong wrote:
Hi Tim,
Basically the first realm contains list of users we want to deny access. The
password would be dynamic, making it difficult to get through. Well, maybe I
should really consider working with specific roles. That is, grant users
with roles that would allow them access. Then I would probably just need a
single realm for authentication.
However, this would mean almost all users require such a role granted except
for some whom we like deny access. Then every new users would also probably
need granted the role. A little extra work there, besides working with IT to
get the new role setup.. A black list would work better than a white list in
this case.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best practices for switching back/forth between java 1.5/1.6
On 24-Jun-2009, at 14:54, Ken Bowen wrote: Hi all, I failed at searching for this, even though I know it's been answered: Setting: Tomcat 6.0_20; Mac OS X 10.5.7; I've been normally running against java 1.5.0_19, but I tried to install a war which is throwing .UnsupportedClassVersionError: Bad version number in .class file when it tries to load. So clearly I need to run it under java 1.6, which is installed, and I know that moving to 1.6 is a good thing. However, for a while I'm going to need to switch back and forth between 1.5 and 1.6, because at least one customer is stuck at 1.5 for the present. I made a copy of tomcat's bin/startup.sh, renamed it sup16.sh, and added these two lines at the top: JAVA_HOME=/System/Library/Frameworks/JavaVM.framework/Versions/1.6/ Home export JAVA_HOME This appears to work well enough -- the new war starts and does it's basic thing ok, and when I want to switch up to 1.6 in general, I could do the same thing creating a sup15.sh. So I really only have two questions: 1) Are there hidden problems lurking with doing things this way? 2) Is there a better way of being able to switch back forth? If this is simply for development purposes, then I would recommend having two installations of Tomcat. One is configured to use JDK 1.5 and the other JDK 1.6. Specify the JAVA_HOME in catalina.sh. There are other solutions, but from experience this is the simplest approach. Andre - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Bizarre NoClassDefFoundError
Hi everyone! I'm running a stock tomcat 6 (6.0.18-0ubuntu6.1) on kubuntu Jaunty amd64 and Sun JDK (1.6.0_13-b03) , with a website consisting of several jsps, some of which make use of a POJO session bean, placed in a jar file under WEB-INF/lib. I'm encountering a very strange error, in the form of a NoClassDefFoundError (pasted fully below). Related scenario: 1. It happens only on one of the pages, which happens to be the main index.jsp. 2. It happens only when this page is the first to be accessed after a restart. If any other page is accessed before it, everything is ok. 3. After the first error shows up, hitting refresh causes the error to repeat, however the stack trace is slightly different: the Caused by section disappears (and the top part remains the same). 4. After the error shows up, if the index_jsp.class file under tomcat's work directory is deleted and the page refreshed - everything is ok. 5. It happens consistently after every restart (either reboot, or /etc/init.d/tomcat6 restart). 6. It happens consistently also after deleting the entire tomcat work folder for this hostname. 7. Nothing else changes between the tests afaik - jsps, configuration etc. remain untouched. Any ideas? The full stacktrace: java.lang.NoClassDefFoundError: web/SessionBean at org.apache.jsp.index_jsp._jspService(index_jsp.java:69) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56) at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:189) at java.security.AccessController.doPrivileged(Native Method) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:568) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619) Caused by: java.lang.ClassNotFoundException: web.SessionBean at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1387) at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1233) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:128) at org.apache.jasper.servlet.JasperLoader.loadClass(JasperLoader.java:66) at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:320) ... 32 more - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How does one control what the path is on the JSESSIONID cookie?
Christopher Schultz wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
John,
On 6/23/2009 5:04 PM, John Caron wrote:
Pid wrote:
Filip Hanik - Dev Lists wrote:
John Caron wrote:
Tomcat 6.0.18 automatically adds the session cookie like:
Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds
How can I change the path part of the cookie?
the only thing you can do is set it to empty, by using emptySessionPath.
Or you could change the name of your application. That's unlikely to be
helpful though.
Why does it matter?
p
The client may have more than one session, which must be distinguished
by the path, eg i need:
Set-Cookie: JSESSIONID=6D839FF3B960947CC6FD41B98CD02E0D; Path=/thredds/p1
Multiple cookies is not a problem. If Tomcat receives multiple
JSESSIONID cookies with a request, it will try all of them until it gets
a match for the webapp being used to serve the request.
That said, having overlapping webapp URL spaces is asking for trouble.
Sorry, I didnt explain much context. This isnt for browsers, its a
specialized web service for specialized clients. I have control of both
the client and the server code. The clients are accessing remote
scientific datasets. In certain circumstances, establishing a session
with them for each dataset that they open solves some hard problems.
A previous post had this filter, which im guessing i can modify :
/**
* This class will set the cookie maxAge to match the session timeout
value. That way, a user who closes their browser and
* re-enters the site will still have the same session if it has not
timed out on the server.
*/
This filter was written for a very different purpose.
HttpSession session = httpRequest.getSession();
Note that this filter creates sessions when when one is not necessary.
thanks for reminding me of that.
httpResponse.addCookie( sessionCookie ); //FIX! This
doesn't actually get rid of the other cookie, but it seems to work OK
This comment is telling: yes, the old cookie is not removed, and it
really should be. A better solution would be to write a Valve that wraps
the response to intercepts addCookie calls and re-write the maxage when
the cookie is added.
Im hoping to not use Valves since that makes my code Tomcat specific. I
am delivering this webapp to some dozens of scientific institutions.
Allowing them to run any servlet container is a big win.
I have rewritten this as follows:
public class CookieFilter implements Filter {
public static final String JSESSIONID = JSESSIONID;
public static final String SESSION_PATH = SESSION_PATH;
public void init(FilterConfig config) throws ServletException {
}
public void doFilter(ServletRequest _request, ServletResponse
_response, FilterChain chain) throws IOException, ServletException {
chain.doFilter(_request, _response);
// examine response after the request is processed
if (_response instanceof HttpServletResponse) {
HttpServletRequest httpRequest = (HttpServletRequest) _request;
HttpServletResponse httpResponse = (HttpServletResponse) _response;
HttpSession session = httpRequest.getSession(false);
if ((session != null) (session.getId() != null)
(session.getAttribute(SESSION_PATH) != null)) {
Cookie sessionCookie = new Cookie(JSESSIONID, session.getId());
sessionCookie.setPath((String) session.getAttribute(SESSION_PATH));
httpResponse.addCookie(sessionCookie);
}
}
}
public void destroy() {
}
}
However, it has no effect, the path stays equal the web context name. Im
guessing there some code that rejects changing the session cookie ( I
havent tracked it yet in the debugger). Is this a security thing or is
there something in the Servlet spec that says what the path has to be?
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bizarre NoClassDefFoundError
You can assume it's placed in a jar file under WEB-INF/lib :-) The thing is, I have a feeling it has nothing to do with the actual class not being found. Because it finds it when another page loads first, or when the jsp's generated class file is deleted and recreated, and nothing in the class/jar/jsp locations changes in the meanwhile. If it really couldn't find it, it wouldn't find it in any of the scenarios where it does work, no? Further, if tomcat follows the javadocs for NoClassDefFoundError, it means The searched-for class definition existed when the currently executing class was compiled, but the definition can no longer be found. So I think it finds it with no problem, compiles the jsp class (the index_jsp.class file is indeed created), but then, and only sometimes, it goes missing again moments later during runtime. Unfortunately I don't know enough about the tomcat compiling and classloading mechanisms to understand what's really going on here... Amichai Martin Gainty wrote: where is the code web.SessionBean.java compiled to? can we assume you compiled it to /WEB-INF/classes/web/SessionBean.class ? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 24 Jun 2009 22:03:13 +0300 From: amich...@amichais.net To: users@tomcat.apache.org Subject: Bizarre NoClassDefFoundError Hi everyone! I'm running a stock tomcat 6 (6.0.18-0ubuntu6.1) on kubuntu Jaunty amd64 and Sun JDK (1.6.0_13-b03) , with a website consisting of several jsps, some of which make use of a POJO session bean, placed in a jar file under WEB-INF/lib. I'm encountering a very strange error, in the form of a NoClassDefFoundError (pasted fully below). Related scenario: 1. It happens only on one of the pages, which happens to be the main index.jsp. 2. It happens only when this page is the first to be accessed after a restart. If any other page is accessed before it, everything is ok. 3. After the first error shows up, hitting refresh causes the error to repeat, however the stack trace is slightly different: the Caused by section disappears (and the top part remains the same). 4. After the error shows up, if the index_jsp.class file under tomcat's work directory is deleted and the page refreshed - everything is ok. 5. It happens consistently after every restart (either reboot, or /etc/init.d/tomcat6 restart). 6. It happens consistently also after deleting the entire tomcat work folder for this hostname. 7. Nothing else changes between the tests afaik - jsps, configuration etc. remain untouched. Any ideas? The full stacktrace: java.lang.NoClassDefFoundError: web/SessionBean at org.apache.jsp.index_jsp._jspService(index_jsp.java:69) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:374) at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:342) at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:267) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:244) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAsPrivileged(Subject.java:517) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:276) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:162) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:283) at
RE: Bizarre NoClassDefFoundError
From: A. Rothman [mailto:amich...@amichais.net] Subject: Bizarre NoClassDefFoundError I'm running a stock tomcat 6 (6.0.18-0ubuntu6.1) Well, that's *not* a stock Tomcat - it's one that's been repackaged by someone at Ubuntu. It would be interesting to try this on a truly stock Tomcat - one downloaded from tomcat.apache.org. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Best practices for switching back/forth between java 1.5/1.6
From: Andre-John Mas [mailto:aj...@sympatico.ca] Subject: Re: Best practices for switching back/forth between java 1.5/1.6 If this is simply for development purposes, then I would recommend having two installations of Tomcat. One is configured to use JDK 1.5 and the other JDK 1.6. Specify the JAVA_HOME in catalina.sh. There are other solutions, but from experience this is the simplest approach. I have to recommend the opposite - use just one Tomcat version, and definitely do NOT modify catalina.sh (ever). Just set JAVA_HOME to point to the appropriate JDK when you want to switch. (If you do want to set any permanent environment variables, do that in setenv.sh, which Tomcat calls automatically at startup if it exists.) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
log4j w/apache
Hello Newbie on ussing log4j and now that I have a simplistic log4j configuration file I am seeing ALL of the apache all from org.apache.commons.digester.Digester or org.apache.commons.digester.Digester.sax. How can I stop that but still keep a simple or reconfigure my log4j.properties? tia.
Re: Bizarre NoClassDefFoundError
(Martin - I hope it's ok with u that I'm replying back to the list - u seem to be sending me personal replies) The bean class is in a jar under WEB-INF/lib. At no point is anything being changed there, and it has no external dependencies. When I was talking about compiling, deleting, etc. I was referring only to the jsp's - index.jsp being generated into index_jsp.java and compiled to index_jsp.class under work/Catalina/Host. The latter is the one that gets compiled ok (i.e. it finds the bean), sometimes works and sometimes not at runtime (as described in the original post), and when it doesn't work, if index_jsp.class is deleted and the browser refreshed (without tomcat restart!) - it recompiles into a new index_jsp.class and this time it does work during runtime and the page displays properly. I'm not sure if I understand u correctly - r u implying that a session bean must be a separate class under WEB-INF/classes and not in a jar under WEB-INF/lib? Amichai Martin Gainty wrote: the class needs to be compiled into one of 2 places: webapp specific WEB-INF/lib/*.jar or WEB-INF/classes system $CATALINA_HOME/common/lib jsp's are compiled to $CATALINA_HOME/work/Container/Host the jsp is jasper-compiled when first referenced e.g. http://localhost:8080/webapp/index.jsp beans should be compiled to /WEB-INF/classes.. here is an example -- in jsp form -- %@ taglib prefix=s uri=/struts-tags % s:bean name=org.apache.struts2.example.counter.SimpleCounter var=counter s:param name=foo value=BAR / The value of foot is : s:property value=foo/, when inside the bean tag br / /s:bean HTH Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Wed, 24 Jun 2009 22:47:28 +0300 From: amich...@amichais.net To: users@tomcat.apache.org Subject: Re: Bizarre NoClassDefFoundError You can assume it's placed in a jar file under WEB-INF/lib :-) The thing is, I have a feeling it has nothing to do with the actual class not being found. Because it finds it when another page loads first, or when the jsp's generated class file is deleted and recreated, and nothing in the class/jar/jsp locations changes in the meanwhile. If it really couldn't find it, it wouldn't find it in any of the scenarios where it does work, no? Further, if tomcat follows the javadocs for NoClassDefFoundError, it means The searched-for class definition existed when the currently executing class was compiled, but the definition can no longer be found. So I think it finds it with no problem, compiles the jsp class (the index_jsp.class file is indeed created), but then, and only sometimes, it goes missing again moments later during runtime. Unfortunately I don't know enough about the tomcat compiling and classloading mechanisms to understand what's really going on here... Amichai Martin Gainty wrote: where is the code web.SessionBean.java compiled to? can we assume you compiled it to /WEB-INF/classes/web/SessionBean.class ? Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à
Re: Bizarre NoClassDefFoundError
You're absolutely right :-) I meant 'stock' as in I used the distro package manager's stock binary and didn't mess with it. I'm trying to find the diff/changelog of how the ubuntu package differs from the original. I thought they only change around distro-related things like paths and split configurations, but it's possible they actually change something meaningful. Amichai Caldarale, Charles R wrote: From: A. Rothman [mailto:amich...@amichais.net] Subject: Bizarre NoClassDefFoundError I'm running a stock tomcat 6 (6.0.18-0ubuntu6.1) Well, that's *not* a stock Tomcat - it's one that's been repackaged by someone at Ubuntu. It would be interesting to try this on a truly stock Tomcat - one downloaded from tomcat.apache.org. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Re: The best place for implementing context specific behavior?
Hi. I am one of the least Tomcat and Java qualified people that regularly lurk on this forum, so don't take my word for any of what follows. Let's say that I am just trying to apply what I think I have learned here. And I am eager for contradiction, because it is said that this is how one learns. Jonathan Mast wrote: I have a webapp that I would like to behave in a context (actually host)-specific manner. Where is the best place to initialize the context/host specific functionality? Let me demonstrate what I'm talking about. Lets say I have a webapp Fruit located in folder webapps/fruit. I want to define: apples.mysite.com bananas.mysite.com coconuts.mysite.com etc ... all of which point to webapps/fruit (these are hosts with a / context pointing to webapps/fruit as the docBase, to be more precise). appBase ? Do you mean all Hosts point to the *same physical* webapps/fruit, or does each Host have its own copy in a separate directory ? When someone visits apples.mysite.com they see an apple, when they visit bananas.mysite.com they see a banana, and so on. Where in the fruit app is the best place for instance of Fruit to introspect itself (basically look for what host name it is defined under) and prepare accordingly? I've looked into using Context Parameters in the server.xml declarations That would probably better be in a /META-INF/context.xml, no ? (at least if these are distinct webapp/fruit) or see here for more complete info : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html but I would like to avoid this if possible b/c this functionally is more elegantly determined through introspection (the web-app saying what host do i belong to?). Of course I could always call request.getLocalName(), I think you want getServerName(), or you'd always get the same DNS name/IP, no matter wich virtual Host is called.. but that would be inefficient as it would have to be invoked on every request. I guess what I'm looking for someplace in the context initialization process where i could hook into and do my stuff and have it apply to the entire context throughout it's lifecycle. Can't seem to find it digging around the javax.servlet.* javadocs. I reason as follows : - a webapp is run by a thread - a thread is started by a Connector - I don't think that a thread is Host-specific, in the sense that it can run one webapp for one Host, and the next instant run another webapp for another Host. What I'm saying is that I am not sure that above the Request level, you will find anything that is Host-persistent to keep your stuff in and retrieve it (I mean for webapps shared by several Hosts, which is probably a bad idea anyway). To this eager student thus, the correct way to do what I understand you want to do, seems to be : - have each Host have its own appBase (webapp dir), with in each a copy of your (identical) webapp code Fruit. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext - which should then be available at each subsequent execution of any servlet composing the webapp Inspired by the Servlet Spec 2.5, section 2.3 Servlet lifecyle, 2.3.2 Initialization. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The best place for implementing context specific behavior?
Jonathan Mast wrote: Andre, its one single, physical app/docBase, mapped to multiple contexts (which happen to located on different virtual hosts). This is a requirement. The /META-INF/context.xml approach is ruled out by this requirement. My goal is to have a layer of code takes a the current host (eg. apples.mysite.com) looks it up in a database where it is linked to host-specific content. After this stage, the showFruit.jsp will display an Apple and so on. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext But where do I find this elusive init() method? Use a context listener. Other tips you might find useful: - make sure each virtual host has its own work directory - rename your app ROOT.war rather than fruit.war (or ROOT rather than fruit if deployed as a dir) to prevent double deployment - turn off unpackWARs for all the hosts if deploying as a WAR Mark On Wed, Jun 24, 2009 at 5:01 PM, André Warnier a...@ice-sa.com wrote: Hi. I am one of the least Tomcat and Java qualified people that regularly lurk on this forum, so don't take my word for any of what follows. Let's say that I am just trying to apply what I think I have learned here. And I am eager for contradiction, because it is said that this is how one learns. Jonathan Mast wrote: I have a webapp that I would like to behave in a context (actually host)-specific manner. Where is the best place to initialize the context/host specific functionality? Let me demonstrate what I'm talking about. Lets say I have a webapp Fruit located in folder webapps/fruit. I want to define: apples.mysite.com bananas.mysite.com coconuts.mysite.com etc ... all of which point to webapps/fruit (these are hosts with a / context pointing to webapps/fruit as the docBase, to be more precise). appBase ? Do you mean all Hosts point to the *same physical* webapps/fruit, or does each Host have its own copy in a separate directory ? When someone visits apples.mysite.com they see an apple, when they visit bananas.mysite.com they see a banana, and so on. Where in the fruit app is the best place for instance of Fruit to introspect itself (basically look for what host name it is defined under) and prepare accordingly? I've looked into using Context Parameters in the server.xml declarations That would probably better be in a /META-INF/context.xml, no ? (at least if these are distinct webapp/fruit) or see here for more complete info : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html but I would like to avoid this if possible b/c this functionally is more elegantly determined through introspection (the web-app saying what host do i belong to?). Of course I could always call request.getLocalName(), I think you want getServerName(), or you'd always get the same DNS name/IP, no matter wich virtual Host is called.. but that would be inefficient as it would have to be invoked on every request. I guess what I'm looking for someplace in the context initialization process where i could hook into and do my stuff and have it apply to the entire context throughout it's lifecycle. Can't seem to find it digging around the javax.servlet.* javadocs. I reason as follows : - a webapp is run by a thread - a thread is started by a Connector - I don't think that a thread is Host-specific, in the sense that it can run one webapp for one Host, and the next instant run another webapp for another Host. What I'm saying is that I am not sure that above the Request level, you will find anything that is Host-persistent to keep your stuff in and retrieve it (I mean for webapps shared by several Hosts, which is probably a bad idea anyway). To this eager student thus, the correct way to do what I understand you want to do, seems to be : - have each Host have its own appBase (webapp dir), with in each a copy of your (identical) webapp code Fruit. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext - which should then be available at each subsequent execution of any servlet composing the webapp Inspired by the Servlet Spec 2.5, section 2.3 Servlet lifecyle, 2.3.2 Initialization. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Custom Valve
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sumit, On 6/24/2009 10:48 AM, Sumit D wrote: Hello All!I am trying to edit the AccessLogValve and then would rename it to some other Valve. Presently, the AccessLogValve writes logs, but I would like to write the same data in an object as well. Any pointers on how can I achieve this ?? I might be able to add some code where it writes to logs, so that it will also write to some object. What do you mean when you say write some data in an object? But then I have no idea how to Deploy this custom valve. Deploying the valve is easy: 1. Compile it to .class file(s) 2. JAR your .class files into a .jar file 3. Put your .jar file into $CATALINA_HOME/lib 4. Add a Valve className=my.Valve element to your Context element in META-INF/context.xml in your webapp Also, Valve Component specifies that the log pattern supports many things like %h, %l, etc but so far, i could not find how can I include all those(pattern codes) in the log file. You'll just have to read the code. Start with the createLogElements method and read everything it calls. It's pretty straightforward. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCnQYACgkQ9CaO5/Lv0PA0nQCfZI5xk3HHQTPMTQCQGdckX6Y7 a7gAn0gSUe1mAmtVQmM5N8JNzaovpUny =68qu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: UDP fails, but doesn't throw a SecurityException
Here's my question: if this was failing, why didn't it throw a SecurityException? It would have been less challenging to figure out what was going on had there been one. Ask your Java vendor. :) There is no Tomcat code there. Really? I guess I didn't realize that. I figured the security was mainly implemented by the classloaders provided by tomcat. Actually, I guess I didn't really think about how it worked. Maybe I should figure that out. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help: auth-constraint with Tomcat 6
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tim, On 6/24/2009 2:59 PM, Tim Funk wrote: If you want a black list - it would probably be easier to write a filter [programmatic security] instead of declarative security. You can even combine declarative + programmatic and read your configuration from web.xml init-param elements for your filter. Of course, you'll have to map the filter to the right URI patterns, so your constraints aren't all in the same place, unfortunately. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCnkoACgkQ9CaO5/Lv0PD5VwCgk2/6LRE1TUoua5R0AyJmqs7g XAcAnj2QlH79Bul7Hf/Dn1gIX4gfb38K =mn2B -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The best place for implementing context specific behavior?
Andre, its one single, physical app/docBase, mapped to multiple contexts (which happen to located on different virtual hosts). This is a requirement. The /META-INF/context.xml approach is ruled out by this requirement. My goal is to have a layer of code takes a the current host (eg. apples.mysite.com) looks it up in a database where it is linked to host-specific content. After this stage, the showFruit.jsp will display an Apple and so on. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext But where do I find this elusive init() method? On Wed, Jun 24, 2009 at 5:01 PM, André Warnier a...@ice-sa.com wrote: Hi. I am one of the least Tomcat and Java qualified people that regularly lurk on this forum, so don't take my word for any of what follows. Let's say that I am just trying to apply what I think I have learned here. And I am eager for contradiction, because it is said that this is how one learns. Jonathan Mast wrote: I have a webapp that I would like to behave in a context (actually host)-specific manner. Where is the best place to initialize the context/host specific functionality? Let me demonstrate what I'm talking about. Lets say I have a webapp Fruit located in folder webapps/fruit. I want to define: apples.mysite.com bananas.mysite.com coconuts.mysite.com etc ... all of which point to webapps/fruit (these are hosts with a / context pointing to webapps/fruit as the docBase, to be more precise). appBase ? Do you mean all Hosts point to the *same physical* webapps/fruit, or does each Host have its own copy in a separate directory ? When someone visits apples.mysite.com they see an apple, when they visit bananas.mysite.com they see a banana, and so on. Where in the fruit app is the best place for instance of Fruit to introspect itself (basically look for what host name it is defined under) and prepare accordingly? I've looked into using Context Parameters in the server.xml declarations That would probably better be in a /META-INF/context.xml, no ? (at least if these are distinct webapp/fruit) or see here for more complete info : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html but I would like to avoid this if possible b/c this functionally is more elegantly determined through introspection (the web-app saying what host do i belong to?). Of course I could always call request.getLocalName(), I think you want getServerName(), or you'd always get the same DNS name/IP, no matter wich virtual Host is called.. but that would be inefficient as it would have to be invoked on every request. I guess what I'm looking for someplace in the context initialization process where i could hook into and do my stuff and have it apply to the entire context throughout it's lifecycle. Can't seem to find it digging around the javax.servlet.* javadocs. I reason as follows : - a webapp is run by a thread - a thread is started by a Connector - I don't think that a thread is Host-specific, in the sense that it can run one webapp for one Host, and the next instant run another webapp for another Host. What I'm saying is that I am not sure that above the Request level, you will find anything that is Host-persistent to keep your stuff in and retrieve it (I mean for webapps shared by several Hosts, which is probably a bad idea anyway). To this eager student thus, the correct way to do what I understand you want to do, seems to be : - have each Host have its own appBase (webapp dir), with in each a copy of your (identical) webapp code Fruit. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext - which should then be available at each subsequent execution of any servlet composing the webapp Inspired by the Servlet Spec 2.5, section 2.3 Servlet lifecyle, 2.3.2 Initialization. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bizarre NoClassDefFoundError
Well I went over the changelog, and there's nothing there that sounds related... it is mostly distro details, plus a few security patches (which look related to request handling and not classloading/compiling)... Any other thoughts? A. Rothman wrote: You're absolutely right :-) I meant 'stock' as in I used the distro package manager's stock binary and didn't mess with it. I'm trying to find the diff/changelog of how the ubuntu package differs from the original. I thought they only change around distro-related things like paths and split configurations, but it's possible they actually change something meaningful. Amichai Caldarale, Charles R wrote: From: A. Rothman [mailto:amich...@amichais.net] Subject: Bizarre NoClassDefFoundError I'm running a stock tomcat 6 (6.0.18-0ubuntu6.1) Well, that's *not* a stock Tomcat - it's one that's been repackaged by someone at Ubuntu. It would be interesting to try this on a truly stock Tomcat - one downloaded from tomcat.apache.org. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Application Stop responding
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 6/24/2009 9:20 AM, Caldarale, Charles R wrote: From: Zeeshan Ahmad [mailto:zah...@i2cinc.com] Subject: RE: Application Stop responding We are facing the same issue on 6.x, thanks. Then let's discuss what happens on 6.0.20; 5.5.7 is four years old and it's somewhat irresponsible to still be using it. What JVM are you using with 6.0.20? What platform are you running on? ...and how are you connecting Apache httpd - Tomcat? mod_jk? mod_proxy_ajp? If mod_jk, please tell us the version you are using. How do you find out the version? Either look in the startup messages from httpd or run this command: $ strings /path/to/mod_jk.so | grep mod_jk/ Output when I run this command: mod_jk/1.2.26 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCnwkACgkQ9CaO5/Lv0PBJ0wCfe1oLbc3rykizKqoId8bMCJ19 WEwAn060XdAC73R+g27Qfw0kiS/7w+ZG =7+tD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Best-Choice HowTo Webhosing Apache + Tomcat
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin, On 6/24/2009 9:32 AM, Martin Gainty wrote: http://tomcat.apache.org/connectors-doc/generic_howto/quick.html +1 You'll want to read up on running under a Security Manager: http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html Also read the Advanced Configuration - Multiple Tomcat Instances section of the RUNNING.txt file that ships with Tomcat if you want to /really/ isolate your webapps from one another by running them in separate JVMs. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCn5oACgkQ9CaO5/Lv0PAPqgCfWvtxsUjaTfjANw8tZqcHxlzH W9UAnA9/6TnK4nE39J5C7jLI/ZBQ7sz0 =OnAE -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: UDP fails, but doesn't throw a SecurityException
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Chris,
On 6/24/2009 5:17 PM, Christopher Piggott wrote:
Here's my question: if this was failing, why didn't it throw a
SecurityException? It would have been less challenging to figure out
what was going on had there been one.
Ask your Java vendor. :)
There is no Tomcat code there.
Really? I guess I didn't realize that. I figured the security was
mainly implemented by the classloaders provided by tomcat.
Nope, the security is generally provided by the component that provides
the service (in your case, UDP sockets).
You can see in the source from Sun (for 1.5.0, at least), the code for
DatagramSocket.receive looks like this:
SecurityManager security = System.getSecurityManager();
if (security != null) {
while(true) {
String peekAd = null;
int peekPort = 0;
// peek at the packet to see who it is from.
if (!oldImpl) {
// We can use the new peekData() API
DatagramPacket peekPacket = new DatagramPacket(new byte[1], 1);
peekPort = getImpl().peekData(peekPacket);
peekAd = peekPacket.getAddress().getHostAddress();
} else {
InetAddress adr = new InetAddress();
peekPort = getImpl().peek(adr);
peekAd = adr.getHostAddress();
}
try {
security.checkAccept(peekAd, peekPort);
// security check succeeded - so now break
// and recv the packet.
break;
} catch (SecurityException se) {
// Throw away the offending packet by consuming
// it in a tmp buffer.
DatagramPacket tmp = new DatagramPacket(new byte[1], 1);
getImpl().receive(tmp);
// silently discard the offending packet
// and continue: unknown/malicious
// entities on nets should not make
// runtime throw security exception and
// disrupt the applet by sending random
// datagram packets.
continue;
}
} // end of while
}
You can see that SecurityExceptions are silently ignored in here.
Perhaps a newer version of the JRE includes a smarter implementation.
shrug
You can always write some code to do the check yourself: the code to do
it is right there in the code above. In your case, though, you would
propagate the exception instead of stupidly swallowing it :)
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkpCoS0ACgkQ9CaO5/Lv0PCPxgCfV3CEboDDt3L7yNSLujYWOPPe
BUEAn2DxoK+KILa8fjvfeCKCqB3VH7cc
=Eixt
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The best place for implementing context specific behavior?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 6/24/2009 5:13 PM, Jonathan Mast wrote: Andre, its one single, physical app/docBase, mapped to multiple contexts (which happen to located on different virtual hosts). This is a requirement. The /META-INF/context.xml approach is ruled out by this requirement. If you need to have only a single deployed webapp to handle requests for all of these different domain names, then your webapp will necessarily have to detect the hostname being used /for each request/. This is not terribly inefficient: it's just grabbing a header value. This kind of thing smells like private-labeling. The best technique I can think of is to sniff the hostname at the beginning of the request (use a filter?) and stuff something into the request attributes that represents the profile for that flavor of fruit (or private label). Then, when rendering your pages, or making database connections or whatever, reference the profile in the request attributes to make decisions as to how things should go. If request attributes aren't your thing (many reasons including my database code doesn't have access to the request, etc.), then you can use ThreadLocal variables. Just remember to catch all exceptions in your filter and /remove that damned profile object from the ThreadLocal/ or you can have security and/or memory problems. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkpCovEACgkQ9CaO5/Lv0PC1+ACfXpjMl3TV7TMCt48/VzjYcngL VRQAoMEiEtjZdGBeKYqxagBW4fyIDz69 =ydr2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: The best place for implementing context specific behavior?
Jonathan Mast wrote: Andre, its one single, physical app/docBase, mapped to multiple contexts (which happen to located on different virtual hosts). This is a requirement. It seems to be a bad requirement then, see http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html I believe (but we need a real expert here) that having multiple Host entries sharing the same appBase is a receipe for problems. If it is really just to have a single copy of the code on disk however, you may be able to get away with having multiple (differently named) appBase attributes, but all symlinked to the same physical location, see below. I must say that I don't really understand the requirement, unless your fruit webapp is really big (in disk size), or you have many different fruit hosts. You can have this : Host nameapples.company.com appBase=webapps-apples Host namepears.company.com appBase=webapps-pears Host namelemons.company.com appBase=webapps-lemons and then have (CATALINA_BASE)/webapps-apples/ROOT/your webapp code (CATALINA_BASE)/webapps-pears/ROOT/your webapp code (CATALINA_BASE)/webapps-lemons/ROOT/your webapp code and still, browsers would access your webapp by URLs like http://apples.company.com http://pears.company.com http://lemons.company.com and they would all get your same webapp The above is if your want to make your fruit webapp be the default webapp. Alternatively, you could have Host nameapples.company.com appBase=webapps-apples Host namepears.company.com appBase=webapps-pears Host namelemons.company.com appBase=webapps-lemons and then have (CATALINA_BASE)/webapps-apples/fruit/your webapp code (CATALINA_BASE)/webapps-pears/fruit/your webapp code (CATALINA_BASE)/webapps-lemons/fruit/your webapp code and browsers would access your webapp by URLs like http://apples.company.com/fruit http://pears.company.com/fruit http://lemons.company.com/fruit and they would all get your same webapp but in each case, during the deployment and initialisation of your webapp, each of the fruit instances, during it's own init(), could through getServerName() get its own Host's name, and initialise accordingly. So, as per your requirement http://apples.company.com/fruit would get an apple http://pears.company.com/fruit would get a pear If you absolutely want to save disk space, the each of webapps-apples, webapps-pears and webapps-lemons, could be a symlink to webapps-00common, and the code could really be stored there. Like : (CATALINA_BASE)/webapps-00common/fruit/your webapp code (CATALINA_BASE)/webapps-apples (link to 00common) (CATALINA_BASE)/webapps-pears (link to 00common) (CATALINA_BASE)/webapps-lemoms (link to 00common) But I have no idea how Tomcat would react if, for instance, you did a new deployment of your webapp (replace the files). That's what I mean by receipe for problems above. I think unless you really have many fruit, it's better to avoid that. All of the above is predicated on the asumption that you really need to do this specific per-host initialisation ahead of time. If you don't, then you could use a single Host entry, pick up the hostname at request processing time, and do away with all the setup above. Don't forget the maxim : Premature optimisation is the root of much evil. How many fruit are we really talking about ? The /META-INF/context.xml approach is ruled out by this requirement. There are alternatives to that, see here : http://tomcat.apache.org/tomcat-6.0-doc/config/context.html My goal is to have a layer of code takes a the current host (eg. apples.mysite.com) looks it up in a database where it is linked to host-specific content. After this stage, the showFruit.jsp will display an Apple and so on. - have your webapp (actually I guess, the first servlet) in it's init() code, get the hostname from getServerName() and perform whatever setup it needs to. Then save this in an attribute of the ServletContext But where do I find this elusive init() method? javax.servlet.Servlet inherited by HttpServlet. Here is an example : http://java.sun.com/products/servlet/articles/tutorial/ On Wed, Jun 24, 2009 at 5:01 PM, André Warnier a...@ice-sa.com wrote: Hi. I am one of the least Tomcat and Java qualified people that regularly lurk on this forum, so don't take my word for any of what follows. Let's say that I am just trying to apply what I think I have learned here. And I am eager for contradiction, because it is said that this is how one learns. Jonathan Mast wrote: I have a webapp that I would like to behave in a context (actually host)-specific manner. Where is the best place to initialize the context/host specific functionality? Let me demonstrate what I'm talking about. Lets say I have a webapp Fruit located in folder webapps/fruit. I want to define: apples.mysite.com bananas.mysite.com coconuts.mysite.com etc ... all of which point to webapps/fruit (these are hosts with a / context pointing to webapps/fruit as the docBase, to be more
Tomcat 5.5, getting exception while creating database driver instance
Hello all, I'm running Tomcat 5.5 on a linux (CentOS) box and attempting to implement a set of web services (.jws). I'm getting an exception thrown when trying to instantiate a mysql database driver using the line of code: Class.forName(com.mysql.jdbc.Driver).newInstance(); I am using the mysql connector mysql-connector-java-3.1.8-bin-g.jar and it is in the CATALINA_HOME/common/lib directory with full permissions. I've done untold amounts of google searches and putting the jar in the right place solved 90%+ of peoples' problems, but those that still had the issue didn't get replies (this was on various message boards). Has anyone else encountered this and what was the solution? If any other information is necessary please let me know. I don't know what all is pertinent and I didn't want to just fill this question with junk to be sifted through. Thanks, --Kyle - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: The best place for implementing context specific behavior?
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: The best place for implementing context specific behavior? I believe (but we need a real expert here) that having multiple Host entries sharing the same appBase is a receipe for problems. It seems to work for most usages. As Mark pointed out, each Host or Context should have separate work directories to avoid conflicts with temp files, JSPs, etc. If it is really just to have a single copy of the code on disk however, you may be able to get away with having multiple (differently named) appBase attributes, but all symlinked to the same physical location That will make no difference, since the underlying location is the same for all. I must say that I don't really understand the requirement, unless your fruit webapp is really big (in disk size), or you have many different fruit hosts. It's not clear to me that the OP wants separate instances of one webapp (one per host), or if he wants one instance of one webapp that services all hosts. We really need that clarified before any further suggestions can be made. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Bizarre NoClassDefFoundError
From: A. Rothman [mailto:amich...@amichais.net] Subject: Re: Bizarre NoClassDefFoundError Any other thoughts? You could actually try a real Tomcat, rather than just browsing someone's likely incomplete list of what has been changes. Have you compared the failing generated .java file with the one that works? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: Tomcat 5.5, getting exception while creating database driver instance
From: Kyle Bahr [mailto:kb...@rogue-engr.com] Subject: Tomcat 5.5, getting exception while creating database driver instance I'm getting an exception thrown when trying to instantiate a mysql database driver using the line of code: Would you mind telling us the exception (and providing a stack trace), or is that a security risk? What exact Tomcat level are you using? What JVM version are you using? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5, getting exception while creating database driver instance
Thanks for getting back to me so quickly: The exact exception is java.lang.reflect.InvocationTargetException, but sadly I don't have a stack trace available. I'm getting that except back as the web service faultstring and the stack trace isn't being logged to the catalina.log. I've tried changing the log4j.properties to capture the error, but still nothing is getting logged. I don't know where to find the exact level of Tomcat. I'm using java 1.6.0. Caldarale, Charles R wrote: From: Kyle Bahr [mailto:kb...@rogue-engr.com] Subject: Tomcat 5.5, getting exception while creating database driver instance I'm getting an exception thrown when trying to instantiate a mysql database driver using the line of code: Would you mind telling us the exception (and providing a stack trace), or is that a security risk? What exact Tomcat level are you using? What JVM version are you using? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bizarre NoClassDefFoundError
Yes, I've compared both the generated java files and corresponding compiled class files from when it works and when it doesn't work - they are identical. I think the problem is not with the bean sources, jsps, configuration, permissions, file locations, classpaths, etc. - because all of these remain constant, and as such do not explain why it would work ok in the cases where it does. You're right about having to set up tomcat from scratch from the official sources to be certain it's not the distro's fault - but here too the chances of a distro's repackaging of tomcat causing a bizarre edge case in classloading during initialization seem slim. I'm inclined to think this may actually be a tomcat bug - since the errors are influenced by which jsp is the first one loaded by tomcat (a user-generated race condition of sorts), and not by their content or configuration. To be certain, I'd have to set it up for a debug, which I'll do (along with running it from the original sources first, of course) if there is no other choice, as it can be very time consuming. I just thought I'd run it by the experts here to see if there's some known issue, or something about the tomcat internals which I'm unaware of, or just something obvious and silly I've missed. I appreciate the help and suggestions from everyone here - thanks :-) Amichai Caldarale, Charles R wrote: From: A. Rothman [mailto:amich...@amichais.net] Subject: Re: Bizarre NoClassDefFoundError Any other thoughts? You could actually try a real Tomcat, rather than just browsing someone's likely incomplete list of what has been changes. Have you compared the failing generated .java file with the one that works? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
Help with Layer 7 LB and Tomcat
Hello there! We are adding a new server to our park, and now we are going to use LB for both machines. We are using an Alteon 180e layer 7 switch to perform LB. So far everything was fine. But we decided to let the router do all the SSL part this way we would have something like this: [internet] --SSL:443--- [router] ---http:80--- [tomcat] The first problem we faced was within some applications that were using the transport-guaranteeconfidential /transport-guarantee directive, and so tomcat was redirecting them to the 8443 connector which was disabled. We removed this directive, and configure a rule on the router that would accomplish the same thing, whenever an user tried to access a page using http it would be redirected to https. Now we are facing a problem with the redirect of some struts apps. Instead of redirecting to the https they redirect to the http (I can understand why, since the app is really being accessed by http port not https), I know this might be a struts/app design problem. I just would like to hear from you guys, if we are moving toward the right way by leaving all the SSL part on the router. I could not find one single doc about layer 7 LBs and tomcat around the web. Does any one have a good tutorial/starting point? Best Regards - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 6.0 and JULI issue.
Hi all: I hit this issue while trying to move my application from Tomcat 5.5.9 to Tomcat 6.0.18. The application runs fine in Tomcat 5.5.9 but is getting the following exception with Tomcat 6.0.18. Any help with this is much appreciated!. My CATALINA_HOME/conf/logging.properties is as follows: handlers = 1catalina.com.mycompany.logger.JavaLoggingHandler .handlers = 1catalina.com.mycompany.logger.JavaLoggingHandler other properties here The error I am getting is a ClassNotFoundException for com.mycompany.logger.JavaLoggingHandler. The Jar that contains this class is CATALINA_HOME/lib/MyAppFramework.jar. java.lang.ClassNotFoundException: com.mycompany.logger.JavaLoggingHandler at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:268) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:404) at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:348) at org.apache.juli.ClassLoaderLogManager.readConfiguration(ClassLoaderLogManager.java:239) at java.util.logging.LogManager$2.run(LogManager.java:254) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:252) at java.util.logging.LogManager.getLogManager(LogManager.java:235) at java.util.logging.Logger.init(Logger.java:201) at java.util.logging.LogManager$RootLogger.init(LogManager.java:969) at java.util.logging.LogManager$RootLogger.init(LogManager.java:966) at java.util.logging.LogManager$1.run(LogManager.java:179) at java.security.AccessController.doPrivileged(Native Method) at java.util.logging.LogManager.clinit(LogManager.java:156) at java.util.logging.Logger.getLogger(Logger.java:254) at org.apache.juli.logging.DirectJDKLog.init(DirectJDKLog.java:71) at org.apache.juli.logging.DirectJDKLog.getInstance(DirectJDKLog.java:178) at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:170) at org.apache.juli.logging.LogFactory.getInstance(LogFactory.java:241) at org.apache.juli.logging.LogFactory.getLog(LogFactory.java:296) at org.apache.catalina.startup.Bootstrap.clinit(Bootstrap.java:54) Thanks, Suresh
Re: Bizarre NoClassDefFoundError
A. Rothman amich...@amichais.net wrote in message news:965599.49.1245887723160.javamail.sys...@endor... Yes, I've compared both the generated java files and corresponding compiled class files from when it works and when it doesn't work - they are identical. I think the problem is not with the bean sources, jsps, configuration, permissions, file locations, classpaths, etc. - because all of these remain constant, and as such do not explain why it would work ok in the cases where it does. You're right about having to set up tomcat from scratch from the official sources to be certain it's not the distro's fault - but here too the chances of a distro's repackaging of tomcat causing a bizarre edge case in classloading during initialization seem slim. I'm inclined to think this may actually be a tomcat bug - since the errors are influenced by which jsp is the first one loaded by tomcat (a user-generated race condition of sorts), and not by their content or configuration. To be certain, I'd have to set it up for a debug, which I'll do (along with running it from the original sources first, of course) if there is no other choice, as it can be very time consuming. I just thought I'd run it by the experts here to see if there's some known issue, or something about the tomcat internals which I'm unaware of, or just something obvious and silly I've missed. It actually looks a lot like a permissions issue, since the Bean class will be loaded in trusted (Tomcat) code when the page recompiles and will then be available for everyone else to use. You could try setting up a copy of your Tomcat (on, say a developement box) that doesn't use a SecurityManager and see if you can reproduce the problem there. You might also get some more information by setting: org.apache.catalina.loader.level=FINEST in your conf/logging.properties file on a system using a SecurityManager (very much not recommended for an active production system). I appreciate the help and suggestions from everyone here - thanks :-) Amichai Caldarale, Charles R wrote: From: A. Rothman [mailto:amich...@amichais.net] Subject: Re: Bizarre NoClassDefFoundError Any other thoughts? You could actually try a real Tomcat, rather than just browsing someone's likely incomplete list of what has been changes. Have you compared the failing generated .java file with the one that works? - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Help: auth-constraint with Tomcat 6
Hi Tim,
Good suggestion! I'll look into it. I am in a situation where I'll prefer to
work on my own than to bother IT with LDAP role setup and subsequent access
granting to users. By having a JDBC Realm with a blacklist of users, I can
easily control the access.
I'll probably dig into the filter but I don't know java.. Any sample working
code with comments to modify would be great!
Thanks,
Clement
On Thu, Jun 25, 2009 at 2:59 AM, Tim Funk funk...@apache.org wrote:
If you want a black list - it would probably be easier to write a filter
[programmatic security] instead of declarative security. [At a minimum,
everyone would still need to be authenticated - its the authorization which
is done via the filter (actually the filter will defer to the realm so there
isn't much extra work)]
Ex:
doFilter(req, resp, chain) {
if (req.isUserInRole(blacklist)) {
response.sendError(403);
return;
}
chain.doFilter(...);
}
-Tim
Clement Chong wrote:
Hi Tim,
Basically the first realm contains list of users we want to deny access.
The
password would be dynamic, making it difficult to get through. Well, maybe
I
should really consider working with specific roles. That is, grant users
with roles that would allow them access. Then I would probably just need a
single realm for authentication.
However, this would mean almost all users require such a role granted
except
for some whom we like deny access. Then every new users would also
probably
need granted the role. A little extra work there, besides working with IT
to
get the new role setup.. A black list would work better than a white list
in
this case.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk MAX WORKERS
Hi, we have noticed when we get close to 150 workers/2000bytes defined in our worker.list - mod_jk 1.2.20 starts to break (could not find worker for worker name=xyz) Looking at the code - cause the release notes /changelog don't seem to mention this - looks like 1.2.28 has a new formula for defining JK_SHM_DEF_SIZE - need more digging to get an absolute on this: 1.2.20: ../../tomcat-connectors-1.2.20-src/native/common/jk_shm.h:#define JK_SHM_WORKER_SIZE JK_SHM_ALIGN(sizeof(jk_shm_worker_t)) ../../tomcat-connectors-1.2.20-src/native/common/jk_shm.h:#define JK_SHM_DEF_SIZE (JK_SHM_MAX_WORKERS * JK_SHM_WORKER_SIZE) 1.2.28 ./common/jk_shm.h:#define JK_SHM_MAX_WORKERS64 ./common/jk_shm.h:#define JK_SHM_DEF_SIZE JK_SHM_AJP_SIZE(JK_SHM_MAX_WORKERS) + JK_SHM_LB_SUB_SIZE(JK_SHM_MAX_WORKERS) + JK_SHM_LB_SIZE(JK_SHM_MAX_WORKERS) Anyone know what the limits are on 1.2.28 in terms of workers? thanks! - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
