Running tomcat as limited user (MS Windows)
I must have had this problem before but can't remember how I solved it. I normally run as a limited user. I installed tomcat okay (simply switching to an administrator account to do so) but trying to start the server results in java.util.logging.ErrorManager: 4 java.io.FileNotFoundException: C:\Programme\Develop\CC_EnterpriseClient\server\t omcat\logs\catalina.2009-08-23.log (Zugriff verweigert) at java.io.FileOutputStream.openAppend(Native Method) at java.io.FileOutputStream.init(Unknown Source) at java.io.FileOutputStream.init(Unknown Source) at java.io.FileWriter.init(Unknown Source) at org.apache.juli.FileHandler.open(FileHandler.java:259) at org.apache.juli.FileHandler.init(FileHandler.java:59) at org.apache.juli.FileHandler.init(FileHandler.java:50 Basically, the user I am logged in as does not have permission to write to the logs directory, and I would assume the same problem will occur with the webapps directory when I try to deploy what I am developing. Any ideas how to solve this? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat as limited user (MS Windows)
2009/8/24 Gary workinginb...@gmail.com I normally run as a limited user. i.e. non-Administrator? java.io.FileNotFoundException: C:\Programme\Develop\CC_EnterpriseClient\server\t omcat\logs\catalina.2009-08-23.log (Zugriff verweigert) at java.io.FileOutputStream.openAppend(Native Method) at java.io.FileOutputStream.init(Unknown Source) at java.io.FileOutputStream.init(Unknown Source) at java.io.FileWriter.init(Unknown Source) at org.apache.juli.FileHandler.open(FileHandler.java:259) at org.apache.juli.FileHandler.init(FileHandler.java:59) at org.apache.juli.FileHandler.init(FileHandler.java:50 Basically, the user I am logged in as does not have permission to write to the logs directory, and I would assume the same problem will occur with the webapps directory when I try to deploy what I am developing. Any ideas how to solve this? Add write permission on those directories for the account under which you're running Tomcat? - Peter
RE: Connector set up
Hi, I need the intercept the calls (/*) to all webapps since these are actually wap apps; many handsets cannot process properly the 302 redirect code, so I need to deliver the final result of forward redirects to clients. I'm already able to process all follow redirects, I just need to put the proxy in front of the web-apps. I cannot add Apache either, all I can do is to fix it from Tomcat Thanks a lot. Date: Sun, 23 Aug 2009 23:45:58 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: Connector set up Gerardo Corro wrote: Hi, The purpose is to set-up an independent web-app as a proxy for other webapps. I cannot touch the 6 original webapps, but I can do whatever I want with the proxy one. How can I get all requests to any of these webapps be intercepted by the proxy one? There may be a way to do that, but it sounds quite complicated, and we do not understand your purpose in wanting to do that. Maybe if you explained exactly /why/ (*) you want to intercept the calls to those webapps, someone may be able to help. (*) meaning : to do what before you forward the call ? If it is just to change the URL, then again, look at the urlrewrite filter. Or use an Apache httpd in front of your Tomcat, with mod_rewrite and (mod_proxy or mod_jk). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Share your memories online with anyone you want. http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1
Re: Running tomcat as limited user (MS Windows)
On 24/08/2009, Peter Crowther peter.crowt...@melandra.com wrote: 2009/8/24 Gary workinginb...@gmail.com I normally run as a limited user. i.e. non-Administrator? Yes, exactly. [...] Basically, the user I am logged in as does not have permission to write to the logs directory, and I would assume the same problem will occur with the webapps directory when I try to deploy what I am developing. Any ideas how to solve this? Add write permission on those directories for the account under which you're running Tomcat? Is that even possible on Windows? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat as limited user (MS Windows)
On 24/08/2009, Gary workinginb...@gmail.com wrote: On 24/08/2009, Peter Crowther peter.crowt...@melandra.com wrote: 2009/8/24 Gary workinginb...@gmail.com I normally run as a limited user. i.e. non-Administrator? Yes, exactly. [...] Add write permission on those directories for the account under which you're running Tomcat? Is that even possible on Windows? Ah... Yes. After quite a bit of f..iddling about, I see it is. That works fine. Thanks, Peter. Clue for anyone else who comes across this: you have to switch off file sharing to be able to even see the place you need to make the changes - http://support.microsoft.com/kb/308419. FFS, MS... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat as limited user (MS Windows)
2009/8/24 Gary workinginb...@gmail.com Clue for anyone else who comes across this: you have to switch off file sharing to be able to even see the place you need to make the changes - http://support.microsoft.com/kb/308419. FFS, MS... Ah - you hadn't said Windows XP, so I'd assumed a server-class OS! Yes, XP comes with brain-damaged simple file sharing turned on by default, which both hides and breaks the normal Windows file permissions model. Glad you found it. - Peter
Re: Updating Roles for a logged-in user while using SingleSignOn
On 23/08/2009 22:22, nkrasnov wrote: Thank you very much for your response. Yes, I did want to dynamically update the roles. The reason I was hoping to do it without making the user re-enter the credentials is because due to some peculiarities of the application this may happen quite often (several times within a user's session), and is likely to get annoying. Really?! Is a role really the appropriate thing for whatever your problem is then? I hear you about tinkering with the insides of Tomcat, though... I was hoping that I was missing something and there was a way to do it without overwriting SSO valve's behavior. There is no way to force re-authentication but make SSO use the cached credentials to re-authenticate and create a new GenericPrincipal object, is there? There isn't any way in the current Servlet Spec to do what you ask. The next version includes programmatic authentication, I think, but there's no containers out there supporting it yet. Investigate how the FormAuthenticator works in concert with the Realm and you may find a way to do what you need. You might investigate whether the following can provide you with better functionality: http://securityfilter.sourceforge.net/ p Pid-6 wrote: On 21/08/2009 19:31, nkrasnov wrote: Hi, I have several Tomcat webapps which use SSO and the same Realm for authentication. All is working as expected, except that I now need to update roles for the user that's already been authenticated in the past. I seem to be able to do it successfully for a given request (by calling LoginContect.login and switching the principals in the subject), but for all subsequent requests isUserInRole returns false for new roles. The way I understand it, this is happening because a GenericPrincipal object, which JAASRealm created in the initial authenticate call, holds a copy of the original role list, and so on all subsequent calls SSO valve puts that GenericPrincipal into request and its getRoles, which is called by isUserInRole, accordingly, always returns the original list of roles. Is there any way for me to get around this? I don't seem to have any ability to update the roles in this GenericPrincipal object once it's put into SSO cache... Or, if there is no way to update the roles, can I force re-authentication without making the user re-enter userid/password (we do have those stored in SSO cache, I believe)? So you want to dynamically update the user roles? Is there a reason why you can't get the user to log out and back in? I'd guess that the effort of sending a message to the user suggesting that they log out, will be less than tinkering with the insides of Tomcat - things that could change with each release. Or you could use a servlet Filter to monitor a flag set in the session, which then forces the session to invalidate log the user out. p Any help would be greatly appreciated. Thank you very much for your time, Natasha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: wrong jspInit handling
Stefano Nichele wrote: Am I missing something ? Yes (well your question is anyway). Most importantly: the Tomcat version you are using. Less important but usually worth mentioning: the JDK and OS you are using. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connector set up
On 24/08/2009 08:03, Gerardo Corro wrote: Hi, I need the intercept the calls (/*) to all webapps since these are actually wap apps; many handsets cannot process properly the 302 redirect code, so I need to deliver the final result of forward redirects to clients. I'm already able to process all follow redirects, I just need to put the proxy in front of the web-apps. If you can alter the webapps at a little, e.g. by adding a Servlet Filter, you could intercept and process the calls to each webapp. Otherwise you'd need to run a separate Tomcat and place it in front of the other Tomcats so it can intercept the calls. http://tomcatproxy/ -- http://appserver1:8080/webapp1 p I cannot add Apache either, all I can do is to fix it from Tomcat Thanks a lot. Date: Sun, 23 Aug 2009 23:45:58 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: Connector set up Gerardo Corro wrote: Hi, The purpose is to set-up an independent web-app as a proxy for other webapps. I cannot touch the 6 original webapps, but I can do whatever I want with the proxy one. How can I get all requests to any of these webapps be intercepted by the proxy one? There may be a way to do that, but it sounds quite complicated, and we do not understand your purpose in wanting to do that. Maybe if you explained exactly /why/ (*) you want to intercept the calls to those webapps, someone may be able to help. (*) meaning : to do what before you forward the call ? If it is just to change the URL, then again, look at the urlrewrite filter. Or use an Apache httpd in front of your Tomcat, with mod_rewrite and (mod_proxy or mod_jk). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Share your memories online with anyone you want. http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: wrong jspInit handling
You are right, sorry. Apache Tomcat 6.0.13 jdk1.6.0_10 Windows XP SP3 but I was able to reproduce it with: Apache Tomcat 6.0.13 jdk1.6.0_07 CentOS release 5.2 Cheers, ste Mark Thomas wrote: Stefano Nichele wrote: Am I missing something ? Yes (well your question is anyway). Most importantly: the Tomcat version you are using. Less important but usually worth mentioning: the JDK and OS you are using. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running tomcat as limited user (MS Windows)
Clue for anyone else who comes across this: you have to switch off file sharing to be able to even see the place you need to make the changes - http://support.microsoft.com/kb/308419. FFS, MS... Ah - you hadn't said Windows XP, so I'd assumed a server-class OS! Yes, XP comes with brain-damaged simple file sharing turned on by default, which both hides and breaks the normal Windows file permissions model. If your not running professional but home edition. You will probably need cacls and net to perform the required operations. cacls to change permissions and net to alter groups and users. To take ownership, this can only easily be done through the gui (the security tab and click away...windows style ;-)) HTH Regards, Serge Fonville On Mon, Aug 24, 2009 at 9:34 AM, Peter Crowtherpeter.crowt...@melandra.com wrote: 2009/8/24 Gary workinginb...@gmail.com Clue for anyone else who comes across this: you have to switch off file sharing to be able to even see the place you need to make the changes - http://support.microsoft.com/kb/308419. FFS, MS... Ah - you hadn't said Windows XP, so I'd assumed a server-class OS! Yes, XP comes with brain-damaged simple file sharing turned on by default, which both hides and breaks the normal Windows file permissions model. Glad you found it. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connector set up
which method does the request use? HTTP 302 method: GET method: HEAD The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s). method:PUT method:POST If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. From: rob_gar_...@hotmail.com To: users@tomcat.apache.org Subject: RE: Connector set up Date: Mon, 24 Aug 2009 02:03:08 -0500 Hi, I need the intercept the calls (/*) to all webapps since these are actually wap apps; many handsets cannot process properly the 302 redirect code, so I need to deliver the final result of forward redirects to clients. I'm already able to process all follow redirects, I just need to put the proxy in front of the web-apps. I cannot add Apache either, all I can do is to fix it from Tomcat Thanks a lot. Date: Sun, 23 Aug 2009 23:45:58 +0200 From: a...@ice-sa.com To: users@tomcat.apache.org Subject: Re: Connector set up Gerardo Corro wrote: Hi, The purpose is to set-up an independent web-app as a proxy for other webapps. I cannot touch the 6 original webapps, but I can do whatever I want with the proxy one. How can I get all requests to any of these webapps be intercepted by the proxy one? There may be a way to do that, but it sounds quite complicated, and we do not understand your purpose in wanting to do that. Maybe if you explained exactly /why/ (*) you want to intercept the calls to those webapps, someone may be able to help. (*) meaning : to do what before you forward the call ? If it is just to change the URL, then again, look at the urlrewrite filter. Or use an Apache httpd in front of your Tomcat, with mod_rewrite and (mod_proxy or mod_jk). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Share your memories online with anyone you want. http://www.microsoft.com/middleeast/windows/windowslive/products/photos-share.aspx?tab=1 _ With Windows Live, you can organize, edit, and share your photos. http://www.windowslive.com/Desktop/PhotoGallery
Re: Updating Roles for a logged-in user while using SingleSignOn
Pid-6 wrote: Really?! Is a role really the appropriate thing for whatever your problem is then? This is what I am trying to decide. If it was possible to update roles, then role would be the appropriate thing, as it would allow me not to have to implement my own resource/servlet hiding. If what you are saying is that role set is something that by definition shouldn't change within a session and therefore this functionality should not be supported, then it probably isn't. There isn't any way in the current Servlet Spec to do what you ask. The next version includes programmatic authentication, I think, but there's no containers out there supporting it yet. Investigate how the FormAuthenticator works in concert with the Realm and you may find a way to do what you need. You might investigate whether the following can provide you with better functionality: http://securityfilter.sourceforge.net/ Thanks a lot for the reference. I'll investigate using security filter. Pid-6 wrote: On 21/08/2009 19:31, nkrasnov wrote: Hi, I have several Tomcat webapps which use SSO and the same Realm for authentication. All is working as expected, except that I now need to update roles for the user that's already been authenticated in the past. I seem to be able to do it successfully for a given request (by calling LoginContect.login and switching the principals in the subject), but for all subsequent requests isUserInRole returns false for new roles. The way I understand it, this is happening because a GenericPrincipal object, which JAASRealm created in the initial authenticate call, holds a copy of the original role list, and so on all subsequent calls SSO valve puts that GenericPrincipal into request and its getRoles, which is called by isUserInRole, accordingly, always returns the original list of roles. Is there any way for me to get around this? I don't seem to have any ability to update the roles in this GenericPrincipal object once it's put into SSO cache... Or, if there is no way to update the roles, can I force re-authentication without making the user re-enter userid/password (we do have those stored in SSO cache, I believe)? So you want to dynamically update the user roles? Is there a reason why you can't get the user to log out and back in? I'd guess that the effort of sending a message to the user suggesting that they log out, will be less than tinkering with the insides of Tomcat - things that could change with each release. Or you could use a servlet Filter to monitor a flag set in the session, which then forces the session to invalidate log the user out. p Any help would be greatly appreciated. Thank you very much for your time, Natasha - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://www.nabble.com/Updating-Roles-for-a-logged-in-user-while-using-SingleSignOn-tp25085139p25116530.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problem closing datasource when used as JNDI resource
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammed, On 8/24/2009 12:49 AM, Mohammed Bin Mahmood wrote: Hi Chris, 3. There is a published filter that can close the DataSource for you. Do you have any idea about the filter that can close the Datasource? What? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSoSIACgkQ9CaO5/Lv0PDwcgCgrUL+GQZ4w1NOf3EZNrNeJnJl lj8AoJkZ1ztu+y2oLV8/Y0WP3YNCeiek =xGeI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 4 start up as (/sbin/service)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/24/2009 12:52 AM, sunil chandran wrote: I see that old version was started as /sbin/service tomcat4 stop /sbin/service tomcat4 start Now i have installed tomcat 4.1.40 in same machine (after removing tomcat 4..1.24) 1. How can i set it the same as above? Does /etc/init.d/tomcat4 still exist? If so, it will probably still run properly, as nothing structural should have changed between your patch versions. 2. If i install this tomcat 4.1.40 in a new machine, how can i set it as above? Er... copy the startup scripts? Tomcat does not maintain startup scripts for any version of any OS IIRC. These are the responsibility of the system administrators who maintain the servers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSob8ACgkQ9CaO5/Lv0PAdsACfTWY85d10S2ZLjQazV06aZ9V3 LNwAoKdZtnCisQ5ukHXDDCwZo3qWhNFs =ii8f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connector set up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 André, On 8/23/2009 7:23 AM, André Warnier wrote: That seems (to me) a quite complicated setup for something that looks essentially like URL rewriting. Have you looked at the urlrewrite filter ? http://www.tuckey.org/urlrewrite/ It looks more like port forwarding to me. Why not just change port 8080 to port 80 and be done with it? There does not appear to be any URL mangling going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSouQACgkQ9CaO5/Lv0PBT0QCfd10jTHj+uEjENsv0jvQN2dnl SmYAnAj4Myu3vxAw8lyAc3gzhh4DO2mY =4f20 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Connector set up
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 8/24/2009 4:19 AM, Pid wrote: Otherwise you'd need to run a separate Tomcat and place it in front of the other Tomcats so it can intercept the calls. http://tomcatproxy/ -- http://appserver1:8080/webapp1 That's essentially what's going on, now, whether they are running in the same Tomcat or separate ones. Gerardo, if your previous explanation is complete, I'm not sure there is a more elegant way to do this than the way it's already being done! - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSo3wACgkQ9CaO5/Lv0PDSKQCeNiuHxtMNiiHp29T5j8tTmYOi 44cAn3ckBYpRXGHmpQbDQOSYT8jmEoys =gAbM -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Updating Roles for a logged-in user while using SingleSignOn
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Pid, On 8/24/2009 4:10 AM, Pid wrote: You might investigate whether the following can provide you with better functionality: http://securityfilter.sourceforge.net/ Unfortunately, there's no SSO in securityfilter. But, if you can get over that, you can write your own Realm which uses your own Principal. You can also just stuff a new Principal into the session at any point and boom! -- new roles. I've never used it, but IIRC JAASRealm allows you to write some components yourself. You might be able to modify /those/ while the session is still valid. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSpLEACgkQ9CaO5/Lv0PAXqQCghK6zEoOe/yiOmpzRqSx6Yrf7 t1YAnRC1BrflD05vsGcpqm4VeNHAEZT4 =2u1H -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Newbie question
Hello all, I've just installed Tomcat 6.0.20. Home page loads successfully at http://myserver:8008/ (Yes, I changed the port to 8008). I'm using Core Servlets by Marty Hall as a guide. I put a couple of Hello.html, Hello.jsp pages into my .../install_dir/webapps/ROOT. Both the pages load fine into the browser at http://myserver:8008/Hello.html and Hello.jsp. (These are simple html and jsp pages that say hello). I've created a servlet, HelloServlet. Well, it just says hello. I've compiled it and put the class file into .../install_dir/webapps/ROOT/WEB-INF/classes/. I've enabled the invoker servlet by uncommenting it in .../install_dir/conf/web.xml. I've enabled the servlet reloading in .../install_dir/conf/context.xml. However, I can't see the servlet in http://myhost:8008/servlet/HelloServlet. What am I missing? Thanks, Sashi - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How do you handle 'rewrite queries' ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul, Sorry, I just saw this message from while ago... On 8/13/2009 8:02 AM, Paul Taylor wrote: Hi, yes I do need rewrite because I need to be able to change a query like http://localhost:8080/ws/1/release/?query=fredfmt=xml to http://localhost:8080/type=releasequery=fredfmt=xml Release can also be artist,title ectera, the thing is it needs to be converted to the value of a parameter called type. But I create this rule in urlrewrite.xml: rule from^/ws/1/(.*)/(.*)$/from to type=redirect/type=$1amp;$2/to /rule it converts the query to http://localhost:8080/type=release; Right: your path stops after /ws/1/release/. You'll have to take additional steps if you want to incorporate the query string (everything after the ?) into the new URL. Check out the use-query-string setting. So, does anyone know why the ? causing an issue It splits the URI into path and query string (which is not part of the path). I think use-query-string will do what you want. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSpbcACgkQ9CaO5/Lv0PAdPwCgwuHzqdHNGfgt2Em18OdnM9AN y8gAnjJzk8TEdMosC/7aR2n/63xWyPVS =ffuG -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How to set Realm digest for base64 password
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Lin, On 8/13/2009 5:37 AM, Lin Chun wrote: I am using the JDBCRealm , but the password of user is not pure text, but stored in base64 encoding As Mark says, you'll have the best luck writing a custom Realm. I have a couple of other suggestions that might also work: 1. Write your own crypto provider that provides a Base64 digest (base64 is NOT NOT NOT NOT NOT NOT NOT a digest, it's a human-readable byte encoding, so this is a HUGE HACK THAT COULD REALLY BITE YOU IN THE ASS) and use that as your digest=Base64 in the Realm. 2. Re-write your entire database with /properly/-digested passwords by performing the following operation on all passwords: a. Read the password from the database. b. Decode the password from Base64 into text (kinda silly to base64 encode the passwords... why are you doing this?) c. Hash the password using something like SHA-256 (MD5 and SHA-1 are considered cryptographically weak these days). d. Write the hashed password back to the database. Then you can use a stock Realm. Mark also mentions that JDBCRealm is not recommended for production use. I completely agree. DataSourceRealm allows multiple simultaneous authentications and the use of a connection pool instead of a private connection. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSpw4ACgkQ9CaO5/Lv0PBYlgCgwA4e7nKIja+lhxtKXCvSYKoD 3vIAnjquCto1/oGEQb9gFbKnQ5zKG7yc =W0EH -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: SSL with multiple Tomcat instances
These are standalone Tomcat instances (Tomcat is the web server, no Apache) running on Red Hat. Each instance has it's own IP address (verified via netstat) and each address has a separate DNS entry (webadvisor.ashland.edu and webui.ashland.edu), each which resolve correctly. Each certificate is generated using the DNS name for the service it is intended for. As far as I can tell, the certificate store is valid. When I use the keytool command to list the original keystore (the one with both certificates loaded in the same keystore), I get the attached listing. When I look at the new one (separate keystores, each with only one certificate) it looks the same except that it is missing the tomcat (the first instance) certificate and only has the webui certificate. The commands I used to create the keystore were: keytool -genkey -alias webui -keyalg RSA -keystore webui.keystore keytool -certreq -alias webui -keystore webui.keystore keytool -import -trustcacerts -alias IPSROOT -file IPSServidores.crt -keystore webui.keystore keytool -import -trustcacerts -alias IPSCAA1 -file IPSCACLASEA1.crt -keystore webui.keystore keytool -import -trustcacerts -alias webui -file webui.crt -keystore webui.keystore The IPSServidores.crt is the IPS root certificate, IPSCACLASEA1.crt is the intermediate certificate, and webui.crt is the certificate reply from IPS. These are the same steps I followed for the webadvisor instance and it is working properly. The only things that I can think are different between these two tomcat instances are: a) The webadvisor instance is visible through our firewall from off campus, and the webui instance is not (I am connecting from on campus) b) The webadvisor instance is using the network device eth0, and webui is using eth0:0 Don -- Don Prezioso Director of Administrative I.T. Ashland University Ashland, Ohio -Original Message- From: Crypto Sal [mailto:crypto@gmail.com] Sent: Thursday, August 20, 2009 8:00 PM To: Tomcat Users List Subject: Re: SSL with multiple Tomcat instances Hi Don, Is this Tomcat for Windows or Tomcat for a UNIX variant? Have you verified the keystore as correct via * keytool -v -list -keystore KEYSTORE_PATH/FILE* ? (Redirect that text to a file if need be!) Did you use the *-trustcacerts* flag upon importing the certificates or was this omitted? Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries Alias name: webui Creation date: Aug 10, 2009 Entry type: keyEntry Certificate chain length: 3 Certificate[1]: Owner: CN=webui.ashland.edu, OU=Administrative IT, O=Ashland University, L=Ashland, ST=Ohio, C=US Issuer: emailaddress=gene...@ipsca.com, CN=ipsCA CLASEA1 Certification Authority, OU=ipsCA CLASEA1 Certification Authority, O=gene...@ipsca.com C.I.F. B-B62210695, O=IPS Certification Authority s.l., L=Barcelona, ST=Barcelona, C=ES Serial number: 131938 Valid from: Mon Aug 10 16:25:00 EDT 2009 until: Wed Aug 10 16:25:00 EDT 2011 Certificate fingerprints: MD5: 2D:97:A3:54:26:FE:8F:A6:09:09:DB:BA:A4:E5:A2:7D SHA1: 28:CD:12:8D:D6:42:CC:FA:A4:20:56:04:E4:E3:08:C6:BE:EA:EA:02 Certificate[2]: Owner: emailaddress=gene...@ipsca.com, CN=ipsCA CLASEA1 Certification Authority, OU=ipsCA CLASEA1 Certification Authority, O=gene...@ipsca.com C.I.F. B-B62210695, O=IPS Certification Authority s.l., L=Barcelona, ST=Barcelona, C=ES Issuer: emailaddress=...@mail.ips.es, CN=IPS SERVIDORES, OU=Certificaciones, O=IPS Seguridad CA, L=BARCELONA, ST=BARCELONA, C=ES Serial number: 9018 Valid from: Sun Dec 30 08:36:11 EST 2001 until: Mon Dec 29 08:36:11 EST 2025 Certificate fingerprints: MD5: BB:3A:D2:38:EB:40:C2:EA:BA:F2:CE:62:2E:33:C8:BB SHA1: BD:B7:46:A9:82:7E:9E:19:DD:43:C1:B8:48:10:55:22:D0:13:E7:EC Certificate[3]: Owner: emailaddress=...@mail.ips.es, CN=IPS SERVIDORES, OU=Certificaciones, O=IPS Seguridad CA, L=BARCELONA, ST=BARCELONA, C=ES Issuer: emailaddress=...@mail.ips.es, CN=IPS SERVIDORES, OU=Certificaciones, O=IPS Seguridad CA, L=BARCELONA, ST=BARCELONA, C=ES Serial number: 0 Valid from: Thu Jan 01 18:21:07 EST 1998 until: Tue Dec 29 18:21:07 EST 2009 Certificate fingerprints: MD5: 7B:B5:08:99:9A:8C:18:BF:85:27:7D:0E:AE:DA:B2:AB SHA1: 24:BA:6D:6C:8A:5B:58:37:A4:8D:B5:FA:E9:19:EA:67:5C:94:D2:17 *** *** Alias name: ipscaa1 Creation date: Jan 9, 2008 Entry type: trustedCertEntry Owner: emailaddress=gene...@ipsca.com, CN=ipsCA CLASEA1 Certification Authority, OU=ipsCA CLASEA1 Certification Authority, O=gene...@ipsca.com C.I.F. B-B62210695, O=IPS Certification Authority s.l., L=Barcelona, ST=Barcelona, C=ES Issuer: emailaddress=...@mail.ips.es, CN=IPS SERVIDORES, OU=Certificaciones, O=IPS Seguridad CA, L=BARCELONA, ST=BARCELONA, C=ES Serial number: 9018 Valid from: Sun Dec 30 08:36:11 EST 2001 until: Mon Dec 29 08:36:11 EST 2025 Certificate fingerprints: MD5:
Re: JSESSIONID cookie permanent?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mitch, On 8/12/2009 7:08 PM, Mitch Claborn wrote: The answer is: yes, there are times when the response is already committed, so the valve is not a foolproof solution. If the Valve wraps the request with an object that intercepts the addCookie method, then the solution is more viable. Just make sure your Valve gets called before the authenticator code :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSqdIACgkQ9CaO5/Lv0PAFEQCeMT5h9HsghZKMJSlHsIBLyXWy 7M0An1GJvkssFntQjtIRDbWt1mDG4CCO =0/4N -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
Hello all, I searched the tc website and google and havent had much luck finding info on minor upgrades...most posts pertain to major (5.5 to 6.0 etc.) I was wondering if it was possible to just overwrite the bin and the lib directory in order to accomplish this upgrade? Thanks in advance!
Re: Clearing the catalina.out file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George, On 8/14/2009 2:42 PM, George Sexton wrote: Sure it will. Check the copytruncate option. That's an interesting option. It seems fraught with danger, but I tested it and it does work. Yes, it is fraught with danger. But, if you want to use stdout/stderr and refuse to take other steps, it's basically what you're left with. What part of that doesn't work? The part about new data appearing. On one of my production servers, I erased catalina.out. Note that truncation and deletion are not the same. I then invoked a JSP that generated output to system.out. The file catalina.out did not magically appear. Of course not: you're writing to a valid file handle whose directory entry has been unlinked. Why would the file magically reappear? No data was magically written to the file. I went into proc for the PID for JSVC, and looked at the File Descriptors. Sure enough, if I look in the FD directory, FD 1 shows deleted. If I examine the contents of the file descriptor, the test data is appended to the end of the file. Sounds right to me. It doesn't work. What you tried doesn't work. I didn't suggest what you tried. I make these statements because I know what I observe. I've also been using Linux since something like 1997 so I've got a fair amount of experience there too. So, your straw man has a big swingin' tool, too? Perhaps we observe different results because I'm using JSVC. No, we observe different results because we're doing different things. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSqzwACgkQ9CaO5/Lv0PB7YQCfXhUbusH1dEzxDFZmkR25jL4b ceQAn1OEw4YX7YPCEbxaXuEWdZiEsZL/ =p3xw -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: caching query
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeffrey, On 8/14/2009 1:43 PM, Jeffrey Janner wrote: Just a word of warning: your mileage might vary with SSL/APR. We deployed our app using tomcat 5.5 with the following valve implemented in the context: Valve className=org.apache.catalina.authenticator.SSLAuthenticator securePagesWithPragma=false / and found that every page was being marked no-cache. That's a good observation to note. I serve static files using Apache httpd, so no such headers are being sent. I hadn't considered that when I made my comments. Thanks for the extra info. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSqDkACgkQ9CaO5/Lv0PBE8QCgiYkyk1vhm0AyRCMx5T5VFi9d OFwAnA2wWGFw5deg/NnrUmEtVhksPhNd =ciwL -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat Custom Authenticator
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Daniel, On 8/14/2009 2:24 PM, Daniel Stephens wrote: For Security reasons, We need to do logging for IP,username, etc(AUDIT). We need to log success and failed attempts. We don't want to modify the internal classes(unless it's impossible). Tomcat cannot do this out of the box, which is why we switched to securityfilter (http://securityfilter.sourceforge.net/). If you write your own Realm, you can do anything you want with the database. If you get the current CVS head, you can also get access to the request that performs the authentication, so you can write things like error messages (or tokens) into the request attributes for later display. Yes, the CVS head is safe to use :) - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSqSEACgkQ9CaO5/Lv0PAHawCfbLq1ZZVOgK/8QcH4Vfx4ZFjc Z24An2YhOhbEs8mENrLwzeusIuYmmNUo =DXsR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Clearing the catalina.out file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George, On 8/14/2009 3:21 PM, George Sexton wrote: Here's what I originally wrote and Chris responded to: In Unix, if you erase a file that's still open, that file will be removed from the directory but it will exist and consume space until the application closes it. The holding application can continue to put data in it. So, if you want to reset catalina.out you need to re-start tomcat. You'll note that what I wrote about erasing files is exactly in line with what you just wrote. Chris responded with: So, if you want to reset catalina.out you need to re-start tomcat. No, you don't. Why do people make statements like this? You can try it yourself. It takes like 5 seconds: Yes, I did say that. I was taking issue with the statement that catalina.out could not be reset (which, in this context, means remove the old log entries) without restarting Tomcat. I called BS and showed you a way to demonstrate that your statement was not accurate. You're right: I could have explained the cute shell tricks, but that would have dragged-out an already long discussion that apparently I'm continuing to drag-out (apologies to all). Truncating a file is easy from certain shells (bash, in my case), and a C-based example would have been even more esoteric. I suppose Java would have worked, too. His exasperation clearly comes through and the explanation of why I need to try it isn't present. I hope that Chris can answer lots of questions, because quite frankly with his approach no one's going to want to participate after the 2nd or 3rd time they get their crap jumped in like this. I tried to illustrate with as little irritation to readers as possible what could be done, here. Without having to install logrorate, configure it, and wait around for the interval to pass by to see that, in fact, the file would be truncated and rotated. In the future, I'll endeavor to avoid jumping into your crap. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSrOkACgkQ9CaO5/Lv0PDHMgCguWjo6sxdlBuhh9L69uloSEHG RikAn18N0Pa2TsM8egBcI9kN5TH2Zj+B =YXYy -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Virtual Hosts and manager application.
Hi, I'm using the following configuration. *VERSION*: Tomcat 6.0.20* OS*: Fedora core 9 *uname -a*: Linux attacker.myriad.local 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux *install path*: /home/servers/apache-tomcat-6.0.20 On *another* machine (windows and my desktop). I'm running Apache HTTP which is connected via AJP. I don't think thats relevant to my query but you seem to want all the details one can give. Basically my problem is I have added hosts to the server as follows in server.xml (please note I've removed comments for brevity and everything before service.) Service name=Catalina Connector port=8180 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8543 / Connector port=8109 protocol=AJP/1.3 redirectPort=8543 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=applications.westest.example.com appbase=/home/servers/applications.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=cashier.westest.example.com appbase=/home/servers/cashier.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=communication.westest.example.com appbase=/home/servers/communication.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service Now to try to add the manager application to each domain following the instructions found at http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html i've added a manager.xml to each of my hosts. For example /home/servers/apache-tomcat-6.0.20/conf/Catalina/ cashier.westest.example.com/manager.xml the contents of this file are as follows. ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context However whenever I alter this file (or restart) I get the following in catalina.out Aug 24, 2009 5:04:14 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/manager] Aug 24, 2009 5:04:14 PM org.apache.catalina.startup.HostConfig deployDescriptor WARNING: A docBase /home/servers/apache-tomcat-6.0.20/webapps/manager inside the host appBase has been specified, and will be ignored Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext resourcesStart SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:142) at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4048) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4217) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1274) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:296) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590) at java.lang.Thread.run(Thread.java:619) Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext start SEVERE: Error in resourceStart() Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext start SEVERE: Error getConfigured Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext start SEVERE: Context [/manager] startup failed due to previous errors Aug 24, 2009
Re: Virtual Hosts and manager application.
Thanks Jonathan. I've tried but I get the same or a similar result. See its right when the WARNING is issued but wrong two lines down. * manager.xml* ?xml version=1.0 encoding=UTF-8? Context docBase=/home/servers/apache-tomcat-6.0.20/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context *catalinia.out* * *Aug 24, 2009 5:17:25 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/manager] Aug 24, 2009 5:17:25 PM org.apache.catalina.startup.HostConfig deployDescriptor WARNING: A docBase /home/servers/apache-tomcat-6.0.20/webapps/manager inside the host appBase has been specified, and will be ignored Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext resourcesStart SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:142) at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4048) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4217) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1274) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:296) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590) at java.lang.Thread.run(Thread.java:619) Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Error in resourceStart() Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Error getConfigured Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Context [/manager] startup failed due to previous errors Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext stop INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[ cashier.westest.myriadpayments.com].[/manager] has not been started cat manager.xml* * On Mon, Aug 24, 2009 at 5:13 PM, Jonathan Mast jhmast.develo...@gmail.comwrote: Try placing the literal path to the manager in there instead of the ${catalina.home} variable. On Mon, Aug 24, 2009 at 11:09 AM, Wesley Acheson wesley.ache...@gmail.comwrote: Hi, I'm using the following configuration. *VERSION*: Tomcat 6.0.20* OS*: Fedora core 9 *uname -a*: Linux attacker.myriad.local 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux *install path*: /home/servers/apache-tomcat-6.0.20 On *another* machine (windows and my desktop). I'm running Apache HTTP which is connected via AJP. I don't think thats relevant to my query but you seem to want all the details one can give. Basically my problem is I have added hosts to the server as follows in server.xml (please note I've removed comments for brevity and everything before service.) Service name=Catalina Connector port=8180 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8543 / Connector port=8109 protocol=AJP/1.3 redirectPort=8543 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=applications.westest.example.com appbase=/home/servers/applications.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=cashier.westest.example.com appbase=/home/servers/cashier.westest unpackWARs=true autoDeploy=true
Re: Virtual Hosts and manager application.
Try placing the literal path to the manager in there instead of the ${catalina.home} variable. On Mon, Aug 24, 2009 at 11:09 AM, Wesley Acheson wesley.ache...@gmail.comwrote: Hi, I'm using the following configuration. *VERSION*: Tomcat 6.0.20* OS*: Fedora core 9 *uname -a*: Linux attacker.myriad.local 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux *install path*: /home/servers/apache-tomcat-6.0.20 On *another* machine (windows and my desktop). I'm running Apache HTTP which is connected via AJP. I don't think thats relevant to my query but you seem to want all the details one can give. Basically my problem is I have added hosts to the server as follows in server.xml (please note I've removed comments for brevity and everything before service.) Service name=Catalina Connector port=8180 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8543 / Connector port=8109 protocol=AJP/1.3 redirectPort=8543 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=applications.westest.example.com appbase=/home/servers/applications.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=cashier.westest.example.com appbase=/home/servers/cashier.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Host name=communication.westest.example.com appbase=/home/servers/communication.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host /Engine /Service Now to try to add the manager application to each domain following the instructions found at http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html i've added a manager.xml to each of my hosts. For example /home/servers/apache-tomcat-6.0.20/conf/Catalina/ cashier.westest.example.com/manager.xml the contents of this file are as follows. ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context However whenever I alter this file (or restart) I get the following in catalina.out Aug 24, 2009 5:04:14 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/manager] Aug 24, 2009 5:04:14 PM org.apache.catalina.startup.HostConfig deployDescriptor WARNING: A docBase /home/servers/apache-tomcat-6.0.20/webapps/manager inside the host appBase has been specified, and will be ignored Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext resourcesStart SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:142) at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4048) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4217) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1274) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:296) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590) at java.lang.Thread.run(Thread.java:619) Aug 24, 2009 5:04:14 PM org.apache.catalina.core.StandardContext start SEVERE: Error in resourceStart() Aug
Re: Virtual Hosts and manager application.
You need to specify the path attribute in the Context tag. I would recommend something other than just manager as I've see malicious bots looking for it. I would also remove the anitResourceLocking and antiJARLocking attrs, why do you think you need them? On Mon, Aug 24, 2009 at 11:21 AM, Wesley Acheson wesley.ache...@gmail.comwrote: Thanks Jonathan. I've tried but I get the same or a similar result. See its right when the WARNING is issued but wrong two lines down. * manager.xml* ?xml version=1.0 encoding=UTF-8? Context docBase=/home/servers/apache-tomcat-6.0.20/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context *catalinia.out* * *Aug 24, 2009 5:17:25 PM org.apache.catalina.startup.HostConfig checkResources INFO: Undeploying context [/manager] Aug 24, 2009 5:17:25 PM org.apache.catalina.startup.HostConfig deployDescriptor WARNING: A docBase /home/servers/apache-tomcat-6.0.20/webapps/manager inside the host appBase has been specified, and will be ignored Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext resourcesStart SEVERE: Error starting static Resources java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory at org.apache.naming.resources.FileDirContext.setDocBase(FileDirContext.java:142) at org.apache.catalina.core.StandardContext.resourcesStart(StandardContext.java:4048) at org.apache.catalina.core.StandardContext.start(StandardContext.java:4217) at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791) at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771) at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526) at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:630) at org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:556) at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:491) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1274) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:296) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1337) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1601) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1610) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1590) at java.lang.Thread.run(Thread.java:619) Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Error in resourceStart() Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Error getConfigured Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext start SEVERE: Context [/manager] startup failed due to previous errors Aug 24, 2009 5:17:25 PM org.apache.catalina.core.StandardContext stop INFO: Container org.apache.catalina.core.ContainerBase.[Catalina].[ cashier.westest.myriadpayments.com].[/manager] has not been started cat manager.xml* * On Mon, Aug 24, 2009 at 5:13 PM, Jonathan Mast jhmast.develo...@gmail.comwrote: Try placing the literal path to the manager in there instead of the ${catalina.home} variable. On Mon, Aug 24, 2009 at 11:09 AM, Wesley Acheson wesley.ache...@gmail.comwrote: Hi, I'm using the following configuration. *VERSION*: Tomcat 6.0.20* OS*: Fedora core 9 *uname -a*: Linux attacker.myriad.local 2.6.27.25-78.2.56.fc9.i686 #1 SMP Thu Jun 18 12:47:50 EDT 2009 i686 i686 i386 GNU/Linux *install path*: /home/servers/apache-tomcat-6.0.20 On *another* machine (windows and my desktop). I'm running Apache HTTP which is connected via AJP. I don't think thats relevant to my query but you seem to want all the details one can give. Basically my problem is I have added hosts to the server as follows in server.xml (please note I've removed comments for brevity and everything before service.) Service name=Catalina Connector port=8180 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=8543 / Connector port=8109 protocol=AJP/1.3 redirectPort=8543 / Engine name=Catalina defaultHost=localhost Realm className=org.apache.catalina.realm.UserDatabaseRealm resourceName=UserDatabase/ !-- Define the default virtual host Note: XML Schema validation will not work with Xerces 2.2. -- Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true
Re: Clearing the catalina.out file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tsirkin, On 8/16/2009 3:19 AM, Tsirkin Evgeny wrote: echo -n catalina.out This is not a truncation: this is a file replacement. In bash, the command '' truncates a file, it doesn't redirect nothing to it. It's a special case of the IO redirection. This works in other shells, too, though I'm not sure of exactly which shells support it. Since there seems to be some confusion between deleting, replacing, and truncating files, let me spell it out for everyone. The following C code will truncate a file and leave all existing writers unaffected: #include stdlib.h #include stdio.h #include string.h #include sys/types.h #include sys/stat.h #include fcntl.h #include unistd.h int main(int argc, char *argv[]) { int fd; char *msg; int size; if(argc 2) { printf(Usage: %s filename\n, argv[0]); return 1; } fd = open(argv[1], O_WRONLY | O_TRUNC); if(-1 == fd) { size = 7 + strlen(argv[1]); msg = malloc(size * sizeof(char)); snprintf(msg, size, open: %s, argv[1]); perror(msg); free(msg); return 2; } if(close(fd)) { perror(close); return 2; } return 0; } Or, if you prefer Java to C, you can do it this way: import java.io.IOException; import java.io.File; import java.io.RandomAccessFile; public class Truncate { public static void main(String[] args) throws Exception { if (args.length != 1) { System.err.println(Usage: + Truncate.class.getName() + filename); System.exit(1); } File f = new File(args[0]); if(!f.exists()) { System.err.println(args[0] + : no such file or directory); System.exit(2); } try { new RandomAccessFile(f, rw).setLength(0); } catch (IOException ioe) { ioe.printStackTrace(); System.exit(2); } System.exit(0); } } The Java version is somewhat more complicated than necessary, but I wanted both versions to act the same. These source files do not erase the files, nor do they delete them. They open them for writing and explicitly truncate the existing contents. The directory entry remains in-tact. Any live file descriptors pointing to the existing file will continue to work. I encourage the curious to simply try it: these sources will truncate your catalina.out and Tomcat will be perfectly content to continue to log to that file, and you can see the messages and everything. Hopefully, we can put this issue to bed, now. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSteAACgkQ9CaO5/Lv0PCKrQCdHiwA09L85cQ419EIj6sGF8TJ YiQAn3913vjUQ9BLjXOCO9+fh0QR9yig =BzfB -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Newbie question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Malladi, On 8/24/2009 10:36 AM, Malladi, Sasikanth wrote: I'm using Core Servlets by Marty Hall as a guide. Which edition? It may be out of date. I've created a servlet, HelloServlet. Well, it just says hello. Can you post the code? I've compiled it and put the class file into .../install_dir/webapps/ROOT/WEB-INF/classes/. I've enabled the invoker servlet by uncommenting it in .../install_dir/conf/web.xml. This is fine for testing purposes, but you really should not use the invoker servlet. Instead, it's easy to enable your servlet in your own webapp's web.xml: servlet servlet-nameHello/servlet-name servlet-classHelloServlet/servlet-class /servlet servlet-mapping servlet-nameHello/servlet-name url-pattern/HelloServlet/url-pattern /servlet-mapping I've enabled the servlet reloading in .../install_dir/conf/context.xml. You should probably not be modifying CATALINA_HOME/conf/context.xml. Instead, create a file in webapps/ROOT/META-INF/context.xml and put your configuration there. Remember not to set the docBase or path attributes in your Context element. However, I can't see the servlet in http://myhost:8008/servlet/HelloServlet. What am I missing? I suspect you have a package/class name mismatch with your .class file and the URL you're using to access the servlet. Disable the invoker servlet, write a proper web.xml file, and post your code. That will help a lot. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSt3gACgkQ9CaO5/Lv0PAKEACgqqCK2g+WQoJuEgtHpmwhzvUb S94AoLvUqwmqs7U7B0fFdbtmkeOVIbXK =x+CO -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lowercase g, On 8/24/2009 10:59 AM, g f wrote: I searched the tc website and google and havent had much luck finding info on minor upgrades...most posts pertain to major (5.5 to 6.0 etc.) I was wondering if it was possible to just overwrite the bin and the lib directory in order to accomplish this upgrade? Tomcat doesn't really support upgrades per-se... you have to do a new install. How much configuration and webapps are we talking about? Tomcat comes with only a few webapps configured out-of-the box. You should be able to do the following with little trouble: 1. Install Tomcat 6.0.20 2. Delete everything in (new) webapps 3. Copy (or move) everything from your old webapps to the new webapps 4. Examine the differences between old server.xml and new server.xml 5. MERGE the changes between the server.xml files 6. Repeat #4/#5 with conf/context.xml and conf/web.xml if you have customized them at all 7. Repeat #6 with the lib/ directory's libraries. Make sure anything you put in there gets copied to the new install. I highly recommend doing a MERGE rather than a simple replacement just in case something has changed. These files are generally not that long and involved (unless you added a ton of stuff to them, but the marge will still not be too bad), so I think it's worth it. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSuIkACgkQ9CaO5/Lv0PCGAQCfZ1CHWKIZ031YXxTKmWV8CCXs fqkAoIJWI62hooDNaQFWqOjISpoLLeJn =rMuu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Hosts and manager application.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 8/24/2009 11:39 AM, Jonathan Mast wrote: You need to specify the path attribute in the Context tag. Er, no. The name of the file specifies the context path. No path attribute is necessary. In fact, it will likely confuse things. java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory Wes, Are you sure you're looking at the right file? How many managers are you trying to deploy? One for each Host? How about starting with just a single one to get it working. It looks like you may have several of them configured, and maybe are confusing the warnings with each other. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSuasACgkQ9CaO5/Lv0PDp3wCgmKFvVz+H5XaCoihnzc20iFqA 74AAoK6zRaq82xZgj5DtlM9gPg8r5OkH =vI3M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Hosts and manager application.
Hi All, Comments below. The one thing that may be unusual about my server.xml (see initial email) is the fact that server.xml is specifying docRoots that are parellel with my tomcat installation not in a sub folder. I've a sneaking suspicion that this would fix the problem but I don't want to do that. On Mon, Aug 24, 2009 at 5:39 PM, Jonathan Mast jhmast.develo...@gmail.comwrote: You need to specify the path attribute in the Context tag. I would recommend something other than just manager as I've see malicious bots looking for it. True but for the moment on our internal network on a developer server I just want to get something working. I'll configure more things later. I would also remove the anitResourceLocking and antiJARLocking attrs, why do you think you need them? Honestly my first version of the manager.xml was a simple copy out of a host created with host manager. I thought this was the easiest way to get a working config, without being limited to the limitations of host-manager (Hosts not persisted after restart). It had those attributes so my file does. On Mon, Aug 24, 2009 at 6:02 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jonathan, On 8/24/2009 11:39 AM, Jonathan Mast wrote: You need to specify the path attribute in the Context tag. Er, no. The name of the file specifies the context path. No path attribute is necessary. In fact, it will likely confuse things. I previously tried with the path before my initial email. I didn't list all the steps I had gone through to try to fix it. java.lang.IllegalArgumentException: Document base /home/servers/apache-tomcat-6.0.20/./manager does not exist or is not a readable directory Wes, Are you sure you're looking at the right file? How many managers are you trying to deploy? One for each Host? How about starting with just a single one to get it working. It looks like you may have several of them configured, and maybe are confusing the warnings with each other. - -chris I'm trying to deploy 3 managers but I focused on 1, cashier.westest.example.com I'm pretty sure its this one because I get the logged messages when I change the manager.xml Its the only one being reloaded in that instance. Or am I wrong with that? I'm also getting 404 errors when I hit http://cashier.westest.example.com/manager/html so I know the changes haven't fixed this one. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSuasACgkQ9CaO5/Lv0PDp3wCgmKFvVz+H5XaCoihnzc20iFqA 74AAoK6zRaq82xZgj5DtlM9gPg8r5OkH =vI3M -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
The way I do this is by using a CATALINA_HOME/CATALINA_BASE structure. The tomcat distribution is the CATALINA_HOME directory. You create another directory structure that becomes CATALINA_BASE. In this directory structure, you would create: temp work conf conf/EngineName/HostName logs webapps I also use a shared/lib directory to hold jar files that I want shared across all of my contexts. In 6.0.20 I had to add this to the catalina.properties file. Now, Copy the CATALINA_HOME/conf files to CATALINA_BASE/conf and modify them as desired. Before you invoke the startup script, you export the variables so the startup script sees them. On my system it's something like: CATALINA_HOME=/usr/local/apache-tomcat-6.0.20 CATALINA_BASE=/srv/tomcat Now, upgrading to a new version is somewhat simpler because you only have to change the version # for CATALINA_HOME If you're using log4j, it gets a little sticky because you have to put some property files in the common/classes directory and put log4j.jar in common/lib (at least in 5.5.27). I think you might be able to get around this by doing some edit to the common loader entry in catalina.properties, but I haven't had a chance to test it. At any rate, I like this approach because you don't have to worry about finding and disabling all sample installations, admin apps, etc. If you have to revert to a previous version after making some changes, you don't have to worry about finding the edits and migrating them back to a previous version. This is also a good solution if you want to have multiple tomcats on one machine. You have one CATALINA_HOME directory and as many CATALINA_BASE directories as you need. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, August 24, 2009 9:58 AM To: Tomcat Users List Subject: Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps. -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 lowercase g, On 8/24/2009 10:59 AM, g f wrote: I searched the tc website and google and havent had much luck finding info on minor upgrades...most posts pertain to major (5.5 to 6.0 etc.) I was wondering if it was possible to just overwrite the bin and the lib directory in order to accomplish this upgrade? Tomcat doesn't really support upgrades per-se... you have to do a new install. How much configuration and webapps are we talking about? Tomcat comes with only a few webapps configured out-of-the box. You should be able to do the following with little trouble: 1. Install Tomcat 6.0.20 2. Delete everything in (new) webapps 3. Copy (or move) everything from your old webapps to the new webapps 4. Examine the differences between old server.xml and new server.xml 5. MERGE the changes between the server.xml files 6. Repeat #4/#5 with conf/context.xml and conf/web.xml if you have customized them at all 7. Repeat #6 with the lib/ directory's libraries. Make sure anything you put in there gets copied to the new install. I highly recommend doing a MERGE rather than a simple replacement just in case something has changed. These files are generally not that long and involved (unless you added a ton of stuff to them, but the marge will still not be too bad), so I think it's worth it. Good luck, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSuIkACgkQ9CaO5/Lv0PCGAQCfZ1CHWKIZ031YXxTKmWV8CCXs fqkAoIJWI62hooDNaQFWqOjISpoLLeJn =rMuu -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 George, On 8/24/2009 1:13 PM, George Sexton wrote: The way I do this is by using a CATALINA_HOME/CATALINA_BASE structure. +1 This is a great idea that I didn't even realize I have been doing for years. We adopt this strategy because we have multiple applications running in separate JVM/Tomcat instances, and it also really helps for development, too. The fact that upgrades are fairly painless hadn't really even occurred to me. Each separate Tomcat has its own conf/server.xml, though, so you'll still have to merge those together when you upgrade. It should be relatively easy to do, though. If you're using log4j, it gets a little sticky because you have to put some property files in the common/classes directory and put log4j.jar in common/lib (at least in 5.5.27). I think you might be able to get around this by doing some edit to the common loader entry in catalina.properties, but I haven't had a chance to test it. I think the same is true with shared JDBC libraries. I haven't bothered to check if the CATALINA_BASE/common/lib (and friends) are actually merged-together with the CATALINA_HOME/common/lib (and friends) because the JDBC library is the only case where we have to deal with this. If they /are/ automatically merged, then you can probably just make sure they stay with the individual /instance/ of Tomcat and not have to mess with the /shared/ one at all. At any rate, I like this approach because you don't have to worry about finding and disabling all sample installations, admin apps, etc. +1 - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqS0nsACgkQ9CaO5/Lv0PCpHgCgpVFHyIjjEAJlkW6lXI2ndexL oagAn3fos7afr2Qirc5X8ak8sKa/aUbZ =AsEh -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
-Original Message- From: David kerber [mailto:dcker...@verizon.net] Sent: Monday, August 24, 2009 12:24 PM To: Tomcat Users List Subject: Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps. George Sexton wrote: The way I do this is by using a CATALINA_HOME/CATALINA_BASE structure. The tomcat distribution is the CATALINA_HOME directory. You create another directory structure that becomes CATALINA_BASE. In this directory structure, you would create: temp work conf conf/EngineName/HostName logs webapps I also use a shared/lib directory to hold jar files that I want shared across all of my contexts. In 6.0.20 I had to add this to the catalina.properties file. Now, Copy the CATALINA_HOME/conf files to CATALINA_BASE/conf and modify them as desired. Before you invoke the startup script, you export the variables so the startup script sees them. On my system it's something like: CATALINA_HOME=/usr/local/apache-tomcat-6.0.20 CATALINA_BASE=/srv/tomcat Now, upgrading to a new version is somewhat simpler because you only have to change the version # for CATALINA_HOME If you're using log4j, it gets a little sticky because you have to put some property files in the common/classes directory and put log4j.jar in common/lib (at least in 5.5.27). I think you might be able to get around this by doing some edit to the common loader entry in catalina.properties, but I haven't had a chance to test it. At any rate, I like this approach because you don't have to worry about finding and disabling all sample installations, admin apps, etc. If you have to revert to a previous version after making some changes, you don't have to worry about finding the edits and migrating them back to a previous version. This is also a good solution if you want to have multiple tomcats on one machine. You have one CATALINA_HOME directory and as many CATALINA_BASE directories as you need. Don't you mean the other way around? Multiple CATALINA_HOME directories, one for each TC installation, and a single CATALINA_BASE for the apps? If not, then your description lost me. Dave I meant multiple instances of one version of tomcat. I.E. multiple instances running apache-tomcat-6.0.20. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
George Sexton wrote: The way I do this is by using a CATALINA_HOME/CATALINA_BASE structure. The tomcat distribution is the CATALINA_HOME directory. You create another directory structure that becomes CATALINA_BASE. In this directory structure, you would create: temp work conf conf/EngineName/HostName logs webapps I also use a shared/lib directory to hold jar files that I want shared across all of my contexts. In 6.0.20 I had to add this to the catalina.properties file. Now, Copy the CATALINA_HOME/conf files to CATALINA_BASE/conf and modify them as desired. Before you invoke the startup script, you export the variables so the startup script sees them. On my system it's something like: CATALINA_HOME=/usr/local/apache-tomcat-6.0.20 CATALINA_BASE=/srv/tomcat Now, upgrading to a new version is somewhat simpler because you only have to change the version # for CATALINA_HOME If you're using log4j, it gets a little sticky because you have to put some property files in the common/classes directory and put log4j.jar in common/lib (at least in 5.5.27). I think you might be able to get around this by doing some edit to the common loader entry in catalina.properties, but I haven't had a chance to test it. At any rate, I like this approach because you don't have to worry about finding and disabling all sample installations, admin apps, etc. If you have to revert to a previous version after making some changes, you don't have to worry about finding the edits and migrating them back to a previous version. This is also a good solution if you want to have multiple tomcats on one machine. You have one CATALINA_HOME directory and as many CATALINA_BASE directories as you need. Don't you mean the other way around? Multiple CATALINA_HOME directories, one for each TC installation, and a single CATALINA_BASE for the apps? If not, then your description lost me. Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: JSESSIONID cookie permanent?
I played a bit with that approach, but couldn't figure out how to get my valve early enough in the chain. Mitch Christopher Schultz wrote: Mitch, On 8/12/2009 7:08 PM, Mitch Claborn wrote: The answer is: yes, there are times when the response is already committed, so the valve is not a foolproof solution. If the Valve wraps the request with an object that intercepts the addCookie method, then the solution is more viable. Just make sure your Valve gets called before the authenticator code :) -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: upgrade from 6.0.10 to 6.0.20 and retain conf and webapps.
George Sexton wrote: ... This is also a good solution if you want to have multiple tomcats on one machine. You have one CATALINA_HOME directory and as many CATALINA_BASE directories as you need. Don't you mean the other way around? Multiple CATALINA_HOME directories, one for each TC installation, and a single CATALINA_BASE for the apps? If not, then your description lost me. Dave I meant multiple instances of one version of tomcat. I.E. multiple instances running apache-tomcat-6.0.20. Ah, makes sense now. Thanks! D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
mod_jk connector runtime error on OS X Server
environment: Tomcat 6.0.18 under apache2 on Mac OS X Server 10.5 (Leopard). I am using a mod_jk connector with JBoss. I am having trouble getting context urls of the form website.my.com/ myapplication honoured. (Safari:File not found).I have googled the error message below but can't find anything applicable to my setup. The quick start guide at http://tomcat.apache.org/connectors-doc/generic_howto/quick.html gives a simple proof of concept for a connector setup (/examples). However, this does not work, though I have followed the editing of the configuration files exactly. I get an error in mod_jk.log (set to debug level): (601)Attempting to map context URI '/examples/*=JBoss1' source JkMount Any help on how to diagnose what the seeming error is pointing to would be much appreciated. Dennis Christopher
Re: Virtual Hosts and manager application.
On 24/08/2009 16:09, Wesley Acheson wrote: Hi, Host name=applications.westest.example.com appbase=/home/servers/applications.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Assuming that you've copied and pasted, set appBase not appbase p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie question
Malladi, On 8/24/2009 10:36 AM, Malladi, Sasikanth wrote: I'm using Core Servlets by Marty Hall as a guide. Which edition? It may be out of date. I've created a servlet, HelloServlet. Well, it just says hello. Can you post the code? I've compiled it and put the class file into .../install_dir/webapps/ROOT/WEB-INF/classes/. I've enabled the invoker servlet by uncommenting it in .../install_dir/conf/web.xml. This is fine for testing purposes, but you really should not use the invoker servlet. Instead, it's easy to enable your servlet in your own webapp's web.xml: servlet servlet-nameHello/servlet-name servlet-classHelloServlet/servlet-class /servlet servlet-mapping servlet-nameHello/servlet-name url-pattern/HelloServlet/url-pattern /servlet-mapping I've enabled the servlet reloading in .../install_dir/conf/context.xml. You should probably not be modifying CATALINA_HOME/conf/context.xml. Instead, create a file in webapps/ROOT/META-INF/context.xml and put your configuration there. Remember not to set the docBase or path attributes in your Context element. However, I can't see the servlet in http://myhost:8008/servlet/HelloServlet. What am I missing? I suspect you have a package/class name mismatch with your .class file and the URL you're using to access the servlet. Disable the invoker servlet, write a proper web.xml file, and post your code. That will help a lot. - -chris Chris, I'm using an earlier version, but I'm also following www.coreservlets.com to make note of updates. However, I've updated the web.xml per your suggestion and it worked like a charm. Thanks for your help, Sashi
Re: Virtual Hosts and manager application.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wes, On 8/24/2009 12:18 PM, Wesley Acheson wrote: Comments below. The one thing that may be unusual about my server.xml (see initial email) is the fact that server.xml is specifying docRoots that are parellel with my tomcat installation not in a sub folder. I've a sneaking suspicion that this would fix the problem but I don't want to do that. Aah, yes. This: Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Plus this: ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context Will lead to confusion. Your apps will be deployed at least twice, maybe more. Why don't you use just use the manager webapp from where it gets installed by default (in CATALINA_HOME/server/webapps/manager)? Honestly my first version of the manager.xml was a simple copy out of a host created with host manager. I thought this was the easiest way to get a working config, without being limited to the limitations of host-manager (Hosts not persisted after restart). It had those attributes so my file does. I would use the manager.xml file unchanged, except for its path (and possibly file name), of course. I'm trying to deploy 3 managers but I focused on 1, cashier.westest.example.com Okay. I so you should have (as you already do): Host name=cashier.westest.example.com appbase=/home/servers/cashier.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Then, copy the stock manager.xml into CATALINA_BASE/conf/Catalina/cashier.westest.example.com/ Wouldn't that do it? I'm pretty sure its this one because I get the logged messages when I change the manager.xml Its the only one being reloaded in that instance. Or am I wrong with that? It's probably being loaded twice because autoDeploy=true for your localhost Host. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqS5zgACgkQ9CaO5/Lv0PCmZgCfa4Tc4eoiebsvWAKvo11v0SzX 92IAnAp/RoGEJs7y19STKxJxrWPzPqc8 =ZSwD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual Hosts and manager application.
I'm back to work on thursday so I won't be able to try any suggested fixes till then. I'll let you know. Off topic is it wrong to reply to two emails like this in one mail (for threading purposes?) On Mon, Aug 24, 2009 at 9:10 PM, Pid p...@pidster.com wrote: On 24/08/2009 16:09, Wesley Acheson wrote: Hi, Host name=applications.westest.example.com appbase=/home/servers/applications.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Assuming that you've copied and pasted, set appBase not appbase p Wow good spot. I wouldn't have noticed maybe this is causing the problem. On Mon, Aug 24, 2009 at 9:17 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Wes, On 8/24/2009 12:18 PM, Wesley Acheson wrote: Comments below. The one thing that may be unusual about my server.xml (see initial email) is the fact that server.xml is specifying docRoots that are parellel with my tomcat installation not in a sub folder. I've a sneaking suspicion that this would fix the problem but I don't want to do that. Aah, yes. This: Host name=localhost appBase=webapps unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Plus this: ?xml version=1.0 encoding=UTF-8? Context docBase=${catalina.home}/webapps/manager privileged=true antiResourceLocking=false antiJARLocking=false /Context Will lead to confusion. Your apps will be deployed at least twice, maybe more. Why don't you use just use the manager webapp from where it gets installed by default (in CATALINA_HOME/server/webapps/manager)? Its being deployed once per host. I need more than one because the standard manager install only works for one host. This is similar to the instructions at http://tomcat.apache.org/tomcat-6.0-doc/manager-howto.html A default Tomcat installation includes the manager. To add an instance of the Manager web application Context to a new host install the manager.xmlcontext configuration file in the $CATALINA_BASE/conf/[enginename]/[hostname] folder. Here is an example: Context path=/manager debug=0 privileged=true docBase=/usr/local/kinetic/tomcat6/server/webapps/manager /Context If you have Tomcat configured to support multiple virtual hosts (websites) you would need to configure a Manager for each. Honestly my first version of the manager.xml was a simple copy out of a host created with host manager. I thought this was the easiest way to get a working config, without being limited to the limitations of host-manager (Hosts not persisted after restart). It had those attributes so my file does. I would use the manager.xml file unchanged, except for its path (and possibly file name), of course. Thats what I did a direct copy. I only started changing it after I ran into the problem even then I don't think I changed it much. I'm trying to deploy 3 managers but I focused on 1, cashier.westest.example.com Okay. I so you should have (as you already do): Host name=cashier.westest.example.com appbase=/home/servers/cashier.westest unpackWARs=true autoDeploy=true xmlValidation=false xmlNamespaceAware=false /Host Then, copy the stock manager.xml into CATALINA_BASE/conf/Catalina/cashier.westest.example.com/ Wouldn't that do it? Thats where I ran into problems I'm pretty sure its this one because I get the logged messages when I change the manager.xml Its the only one being reloaded in that instance. Or am I wrong with that? It's probably being loaded twice because autoDeploy=true for your localhost Host. Sorry this is a miss-communication on my behalf. What I meant was not that its being deployed twice but that I was sure that tc only reloaded the context that had been altered. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqS5zgACgkQ9CaO5/Lv0PCmZgCfa4Tc4eoiebsvWAKvo11v0SzX 92IAnAp/RoGEJs7y19STKxJxrWPzPqc8 =ZSwD -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: SSL with multiple Tomcat instances
Hi Don, A few questions: 1) Does server.xml reference the appropriate IP and keystore for webui? 2) What's the output of: [ openssl s_client -connect webui.ashland.edu:443 ] from the box, more specifically just the top area that mentions the certificate chain. It should look something like this... --- Certificate chain 0 s:/C=US/ST=Ohio/L=Ashland/O=Ashland University/OU=Administrative IT/CN=webui.ashland.edu i:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Certification Authority s.l./o=gene...@ipsca.com C.I.F. B-B62210695/OU=ipsCA CLASEA1 Certification Authority/CN=ipsCA CLASEA1 Certification Authority/emailaddress=gene...@ipsca.com 1 s:/C=ES/ST=Barcelona/L=Barcelona/O=IPS Certification Authority s.l./o=gene...@ipsca.com C.I.F. B-B62210695/OU=ipsCA CLASEA1 Certification Authority/CN=ipsCA CLASEA1 Certification Authority/emailaddress=gene...@ipsca.com i:/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailaddress=...@mail.ips.es 2 s:/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailaddress=...@mail.ips.es i:/C=ES/ST=BARCELONA/L=BARCELONA/O=IPS Seguridad CA/OU=Certificaciones/CN=IPS SERVIDORES/emailaddress=...@mail.ips.es --- 3) Have you stopped and started the instance in question each time you made a change to the certificates(keystore) or the server.xml file? I don't see any issues with the way you generated the keystore, CSR or how you imported the certificates as that's how I would do it. It's pretty much the way Comodo, Verisign, Thawte, and DigiCert suggest you do so. Without knowing what the server is presenting, it is hard for me to tell you exactly what's wrong. As per RFC2246(TLS protocol), in a chained certificate environment the server must present the full chain (just Intermediates, Root is optional.) so that all RFC compliant clients (Chrome, Firefox, Opera, Safari, etc), can connect easily. (Internet Explorer actually tries to go behind the scenes and grab the intermediates from WindowsUpdate) Using OpenSSL's s_client command, should open things up a bit more and provide us with good information to use. --Sal On 08/24/2009 10:47 AM, Don Prezioso wrote: These are standalone Tomcat instances (Tomcat is the web server, no Apache) running on Red Hat. Each instance has it's own IP address (verified via netstat) and each address has a separate DNS entry (webadvisor.ashland.edu and webui.ashland.edu), each which resolve correctly. Each certificate is generated using the DNS name for the service it is intended for. As far as I can tell, the certificate store is valid. When I use the keytool command to list the original keystore (the one with both certificates loaded in the same keystore), I get the attached listing. When I look at the new one (separate keystores, each with only one certificate) it looks the same except that it is missing the tomcat (the first instance) certificate and only has the webui certificate. The commands I used to create the keystore were: keytool -genkey -alias webui -keyalg RSA -keystore webui.keystore keytool -certreq -alias webui -keystore webui.keystore keytool -import -trustcacerts -alias IPSROOT -file IPSServidores.crt -keystore webui.keystore keytool -import -trustcacerts -alias IPSCAA1 -file IPSCACLASEA1.crt -keystore webui.keystore keytool -import -trustcacerts -alias webui -file webui.crt -keystore webui.keystore The IPSServidores.crt is the IPS root certificate, IPSCACLASEA1.crt is the intermediate certificate, and webui.crt is the certificate reply from IPS. These are the same steps I followed for the webadvisor instance and it is working properly. The only things that I can think are different between these two tomcat instances are: a) The webadvisor instance is visible through our firewall from off campus, and the webui instance is not (I am connecting from on campus) b) The webadvisor instance is using the network device eth0, and webui is using eth0:0 Don -- Don Prezioso Director of Administrative I.T. Ashland University Ashland, Ohio -Original Message- From: Crypto Sal [mailto:crypto@gmail.com] Sent: Thursday, August 20, 2009 8:00 PM To: Tomcat Users List Subject: Re: SSL with multiple Tomcat instances Hi Don, Is this Tomcat for Windows or Tomcat for a UNIX variant? Have you verified the keystore as correct via * keytool -v -list -keystore KEYSTORE_PATH/FILE* ? (Redirect that text to a file if need be!) Did you use the *-trustcacerts* flag upon importing the certificates or was this omitted? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Problem closing datasource when used as JNDI resource
Hi Chris, You mentioned about the published filter that can close datasource. I wonder if you have any idea about that. Is it provided by tomcat or some other Thanks, Mohammed. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: Monday, August 24, 2009 7:48 PM To: Tomcat Users List Subject: Re: Problem closing datasource when used as JNDI resource -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mohammed, On 8/24/2009 12:49 AM, Mohammed Bin Mahmood wrote: Hi Chris, 3. There is a published filter that can close the DataSource for you. Do you have any idea about the filter that can close the Datasource? What? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSoSIACgkQ9CaO5/Lv0PDwcgCgrUL+GQZ4w1NOf3EZNrNeJnJl lj8AoJkZ1ztu+y2oLV8/Y0WP3YNCeiek =xGeI -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 4 start up as (/sbin/service)
Hello ,Thank you for the response. Now can i stop tomcat service and take a backup of tomcat 4 directory. Then install the new tomcat4.1.40 in the same location. That way i need not change the directory location in any files too. right? so once i install tomcat4.1.40 in the same location (where previous tomcat4 was running) the script/etc/init.d/tomcat4 will run the new tomcat4.1.40? regardsSunil C --- On Mon, 24/8/09, Christopher Schultz ch...@christopherschultz.net wrote: From: Christopher Schultz ch...@christopherschultz.net Subject: Re: Tomcat 4 start up as (/sbin/service) To: Tomcat Users List users@tomcat.apache.org Date: Monday, 24 August, 2009, 7:50 PM -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sunil, On 8/24/2009 12:52 AM, sunil chandran wrote: I see that old version was started as /sbin/service tomcat4 stop /sbin/service tomcat4 start Now i have installed tomcat 4.1.40 in same machine (after removing tomcat 4..1.24) 1. How can i set it the same as above? Does /etc/init.d/tomcat4 still exist? If so, it will probably still run properly, as nothing structural should have changed between your patch versions. 2. If i install this tomcat 4.1.40 in a new machine, how can i set it as above? Er... copy the startup scripts? Tomcat does not maintain startup scripts for any version of any OS IIRC. These are the responsibility of the system administrators who maintain the servers. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkqSob8ACgkQ9CaO5/Lv0PAdsACfTWY85d10S2ZLjQazV06aZ9V3 LNwAoKdZtnCisQ5ukHXDDCwZo3qWhNFs =ii8f -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com