Apache Tomcat, IIS, ISAPI
Hi, i've got an Problem. We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI 1.2.28. (AMD64). The Website use Integrated Windows Authentication. The SourceCode Files on the server are protected by ActiveDirectory Groups. All works fine. But now the problem. If a user request a html File then the IIS check the NTFS Filesystempermissions. That means, only users have access, which are in the security group on the file system. But, if the same user request a jsp File, then there is no check on the Filesystempermissons. That is not OK. I'ld like to protect my JSP Files with NTFS Rights. Can anybody help me? Thank you in advice Jörg - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat hangs on Startup
bluezman wrote: Path perhaps ? What's defined for java_home ? JAVA_HOME is set. Mind you, if it was a path error, I would expect either Tomcat to not start at all or a ClassNotFoundException to be thrown at the very least. Sorry about the duplicate message, I'd been having problems with Nabble blocking messages and as things sorted themselves out, duplicates have been arriving in other lists as well :( Apologies Regards -- View this message in context: http://www.nabble.com/Tomcat-hangs-on-Startup-tp25530995p25607109.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Clustering Question...
Thanks for the suggestions Chris. Unfortunately, the memory that was exhausted was the OldGen heap area, not PermGen, which doesn't show up in the Catalina log. The heap allocation is quite hefty as this is a 64-bit environment...we need to get our developers to look into the application behaviour, but in the meantime I was looking for a way of dealing with the problem. -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 September 2009 19:59 To: Tomcat Users List Subject: Re: Clustering Question... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Darren, On 9/24/2009 10:21 AM, Darren Kukulka wrote: In a 2-node scenario, where both nodes are configured identically and load balanced via Apache based on availability, how can we configure the cluster to deal with situations where one node has exhausted its Old Gen heap allocation. Hmm... this is a situations that is difficult to detect using remote code (like mod_jk). In such situations we've observed that the application being served by the cluster slow down considerably. I can understand why this would be the case for sessions on the degraded node, but why would sessions on the good node suffer? Are you using session replication? If so, the good Tomcat may be slowing down attempting to replicate session changes to the damaged Tomcat that is either not responding, or responding slowly, or responding in confusing ways. How can we modify our configuration to deal with such occurrences more effectively? After we had some trouble with OOMEs in production (legit ones, actually: we just needed more heap), I implemented a quick-and-dirty OOME checker. All it does is grep OutOfMemoryError catalina.out and, if found, sends an email to someone. Instead of emailing, you could have your OOME checker actually shut down (or forceably terminate) the damaged Tomcat, and then the cluster should stabilize. With only two nodes, this might be a problem, as the good Tomcat will take over and might, under the new load of 100% of your traffic, experience its own pergmen exhaustion and also be shut down. You should consider adjusting your pergmen allocation (duh!) as well as perhaps your heap allocation as well. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq7wXcACgkQ9CaO5/Lv0PDVxACfT6X4tsFOEZ0nRWpYOIfLr7lX XMIAoJUEs5uW3tTLqeRB5wCf1bo0oi4Q =4LWQ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546
Re: Apache Tomcat, IIS, ISAPI
On 25.09.2009 08:06, Buchner, Joerg [T0I] (VW Sachsen) wrote: Hi, i've got an Problem. We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI 1.2.28. (AMD64). The Website use Integrated Windows Authentication. The SourceCode Files on the server are protected by ActiveDirectory Groups. All works fine. But now the problem. If a user request a html File then the IIS check the NTFS Filesystempermissions. That means, only users have access, which are in the security group on the file system. But, if the same user request a jsp File, then there is no check on the Filesystempermissons. That is not OK. I'ld like to protect my JSP Files with NTFS Rights. Can anybody help me? The JSPs should be served by Tomcat, right? So IIS doesn't need to be able to see them or allowed to actually read them. So do you want to protect them in Tomcat? Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Clustering Question...
On 25.09.2009 09:01, Darren Kukulka wrote: Thanks for the suggestions Chris. Unfortunately, the memory that was exhausted was the OldGen heap area, not PermGen, which doesn't show up in the Catalina log. The heap allocation is quite hefty as this is a 64-bit environment...we need to get our developers to look into the application behaviour, but in the meantime I was looking for a way of dealing with the problem. So did you get an OutOfMemoryError, or was there only a shortage of memory resulting in more or less continuous garbage collection runs? Regards, Rainer -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 September 2009 19:59 To: Tomcat Users List Subject: Re: Clustering Question... Darren, On 9/24/2009 10:21 AM, Darren Kukulka wrote: In a 2-node scenario, where both nodes are configured identically and load balanced via Apache based on availability, how can we configure the cluster to deal with situations where one node has exhausted its Old Gen heap allocation. Hmm... this is a situations that is difficult to detect using remote code (like mod_jk). In such situations we've observed that the application being served by the cluster slow down considerably. I can understand why this would be the case for sessions on the degraded node, but why would sessions on the good node suffer? Are you using session replication? If so, the good Tomcat may be slowing down attempting to replicate session changes to the damaged Tomcat that is either not responding, or responding slowly, or responding in confusing ways. How can we modify our configuration to deal with such occurrences more effectively? After we had some trouble with OOMEs in production (legit ones, actually: we just needed more heap), I implemented a quick-and-dirty OOME checker. All it does is grep OutOfMemoryError catalina.out and, if found, sends an email to someone. Instead of emailing, you could have your OOME checker actually shut down (or forceably terminate) the damaged Tomcat, and then the cluster should stabilize. With only two nodes, this might be a problem, as the good Tomcat will take over and might, under the new load of 100% of your traffic, experience its own pergmen exhaustion and also be shut down. You should consider adjusting your pergmen allocation (duh!) as well as perhaps your heap allocation as well. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Clustering Question...
There are no OOME messages in the logs...the application still runs, albeit very slowly...GC is not kicking in any more frequently...I was under the impression that GC doesn't touch OldGen though...? -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: 25 September 2009 08:09 To: Tomcat Users List Subject: Re: Clustering Question... On 25.09.2009 09:01, Darren Kukulka wrote: Thanks for the suggestions Chris. Unfortunately, the memory that was exhausted was the OldGen heap area, not PermGen, which doesn't show up in the Catalina log. The heap allocation is quite hefty as this is a 64-bit environment...we need to get our developers to look into the application behaviour, but in the meantime I was looking for a way of dealing with the problem. So did you get an OutOfMemoryError, or was there only a shortage of memory resulting in more or less continuous garbage collection runs? Regards, Rainer -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 September 2009 19:59 To: Tomcat Users List Subject: Re: Clustering Question... Darren, On 9/24/2009 10:21 AM, Darren Kukulka wrote: In a 2-node scenario, where both nodes are configured identically and load balanced via Apache based on availability, how can we configure the cluster to deal with situations where one node has exhausted its Old Gen heap allocation. Hmm... this is a situations that is difficult to detect using remote code (like mod_jk). In such situations we've observed that the application being served by the cluster slow down considerably. I can understand why this would be the case for sessions on the degraded node, but why would sessions on the good node suffer? Are you using session replication? If so, the good Tomcat may be slowing down attempting to replicate session changes to the damaged Tomcat that is either not responding, or responding slowly, or responding in confusing ways. How can we modify our configuration to deal with such occurrences more effectively? After we had some trouble with OOMEs in production (legit ones, actually: we just needed more heap), I implemented a quick-and-dirty OOME checker. All it does is grep OutOfMemoryError catalina.out and, if found, sends an email to someone. Instead of emailing, you could have your OOME checker actually shut down (or forceably terminate) the damaged Tomcat, and then the cluster should stabilize. With only two nodes, this might be a problem, as the good Tomcat will take over and might, under the new load of 100% of your traffic, experience its own pergmen exhaustion and also be shut down. You should consider adjusting your pergmen allocation (duh!) as well as perhaps your heap allocation as well. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Clustering Question...
On 25.09.2009 09:12, Darren Kukulka wrote: There are no OOME messages in the logs...the application still runs, albeit very slowly...GC is not kicking in any more frequently...I was under the impression that GC doesn't touch OldGen though...? It does. So it's strange you know your memory is exhausted and that's the reason for the slowness, although if it were exhausted, you would either get an OutOfMemoryError or GC has to kick in. The picture is not complete here. Regards, Rainer -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: 25 September 2009 08:09 To: Tomcat Users List Subject: Re: Clustering Question... On 25.09.2009 09:01, Darren Kukulka wrote: Thanks for the suggestions Chris. Unfortunately, the memory that was exhausted was the OldGen heap area, not PermGen, which doesn't show up in the Catalina log. The heap allocation is quite hefty as this is a 64-bit environment...we need to get our developers to look into the application behaviour, but in the meantime I was looking for a way of dealing with the problem. So did you get an OutOfMemoryError, or was there only a shortage of memory resulting in more or less continuous garbage collection runs? Regards, Rainer -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 September 2009 19:59 To: Tomcat Users List Subject: Re: Clustering Question... Darren, On 9/24/2009 10:21 AM, Darren Kukulka wrote: In a 2-node scenario, where both nodes are configured identically and load balanced via Apache based on availability, how can we configure the cluster to deal with situations where one node has exhausted its Old Gen heap allocation. Hmm... this is a situations that is difficult to detect using remote code (like mod_jk). In such situations we've observed that the application being served by the cluster slow down considerably. I can understand why this would be the case for sessions on the degraded node, but why would sessions on the good node suffer? Are you using session replication? If so, the good Tomcat may be slowing down attempting to replicate session changes to the damaged Tomcat that is either not responding, or responding slowly, or responding in confusing ways. How can we modify our configuration to deal with such occurrences more effectively? After we had some trouble with OOMEs in production (legit ones, actually: we just needed more heap), I implemented a quick-and-dirty OOME checker. All it does is grep OutOfMemoryError catalina.out and, if found, sends an email to someone. Instead of emailing, you could have your OOME checker actually shut down (or forceably terminate) the damaged Tomcat, and then the cluster should stabilize. With only two nodes, this might be a problem, as the good Tomcat will take over and might, under the new load of 100% of your traffic, experience its own pergmen exhaustion and also be shut down. You should consider adjusting your pergmen allocation (duh!) as well as perhaps your heap allocation as well. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual host configuration - best practise?
awarnier wrote: hepabolu wrote: ... However, from the Tomcat docs I understand that any change to server.xml requires a restart of Tomcat which would mean that the existing (non-dummy) hosts which are already in production, i.e. up and running, will also be taken offline. This is the heart of the problem... Just as another look on the issue. skip/ This may be one case where the added complication of having an Apache httpd in front of Tomcat is justified. I'm not sure if this will not result in unwanted side-effects. Each webapp should store/retrieve information from a MySQL database (one per host/client). There should be absolutely no possibility of a mix of information of clients. Each webapp serves as a webservice to an external webapp/webservice. They communicate using the predefined domainname. I don't think it's a good idea to have one webapp handle all requests based on parameters alone. There are already a lot of parameters to handle a single request, figuring out which 'client' should respond makes it all the more complicated. I could look into the 'multiple webapps in a single domain' setup. I just wonder if there's (a) extra processing time due to the apache + mod_jk configuration and (b) added complexity to figure out which webapp is the culprit in case of troubles. I'll take (b) for granted if (a) is almost nothing as I'm already having troubles with timeout deadlines. Do you have any info on processing times using apache + mod_jk? Thanks. Bye, Helma -- View this message in context: http://www.nabble.com/Virtual-host-configuration---best-practise--tp25512289p25530061.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Clustering Question...
Not sure what to tell you... When OldGen becomes full, the system basically slows down to the point of becoming non-responsive...but it does not report any OOME. GC appears to have no affect, whether instigated by the JVM or manually kicked off in JConsole...it will clear down other heap areas, but not OldGen -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: 25 September 2009 08:20 To: Tomcat Users List Subject: Re: Clustering Question... On 25.09.2009 09:12, Darren Kukulka wrote: There are no OOME messages in the logs...the application still runs, albeit very slowly...GC is not kicking in any more frequently...I was under the impression that GC doesn't touch OldGen though...? It does. So it's strange you know your memory is exhausted and that's the reason for the slowness, although if it were exhausted, you would either get an OutOfMemoryError or GC has to kick in. The picture is not complete here. Regards, Rainer -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: 25 September 2009 08:09 To: Tomcat Users List Subject: Re: Clustering Question... On 25.09.2009 09:01, Darren Kukulka wrote: Thanks for the suggestions Chris. Unfortunately, the memory that was exhausted was the OldGen heap area, not PermGen, which doesn't show up in the Catalina log. The heap allocation is quite hefty as this is a 64-bit environment...we need to get our developers to look into the application behaviour, but in the meantime I was looking for a way of dealing with the problem. So did you get an OutOfMemoryError, or was there only a shortage of memory resulting in more or less continuous garbage collection runs? Regards, Rainer -Original Message- From: Christopher Schultz [mailto:ch...@christopherschultz.net] Sent: 24 September 2009 19:59 To: Tomcat Users List Subject: Re: Clustering Question... Darren, On 9/24/2009 10:21 AM, Darren Kukulka wrote: In a 2-node scenario, where both nodes are configured identically and load balanced via Apache based on availability, how can we configure the cluster to deal with situations where one node has exhausted its Old Gen heap allocation. Hmm... this is a situations that is difficult to detect using remote code (like mod_jk). In such situations we've observed that the application being served by the cluster slow down considerably. I can understand why this would be the case for sessions on the degraded node, but why would sessions on the good node suffer? Are you using session replication? If so, the good Tomcat may be slowing down attempting to replicate session changes to the damaged Tomcat that is either not responding, or responding slowly, or responding in confusing ways. How can we modify our configuration to deal with such occurrences more effectively? After we had some trouble with OOMEs in production (legit ones, actually: we just needed more heap), I implemented a quick-and-dirty OOME checker. All it does is grep OutOfMemoryError catalina.out and, if found, sends an email to someone. Instead of emailing, you could have your OOME checker actually shut down (or forceably terminate) the damaged Tomcat, and then the cluster should stabilize. With only two nodes, this might be a problem, as the good Tomcat will take over and might, under the new load of 100% of your traffic, experience its own pergmen exhaustion and also be shut down. You should consider adjusting your pergmen allocation (duh!) as well as perhaps your heap allocation as well. -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Apache Tomcat, IIS, ISAPI
Hi Rainer, yes, the JSP's should be served by Tomcat! But Tomcat should not work as WebService, Tomcat is only an Engine behind IIS. The protection of the JSP Files should be realized in the NTFS ACL's... Regards, Jörg -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Freitag, 25. September 2009 09:07 An: Tomcat Users List Betreff: Re: Apache Tomcat, IIS, ISAPI On 25.09.2009 08:06, Buchner, Joerg [T0I] (VW Sachsen) wrote: Hi, i've got an Problem. We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI 1.2.28. (AMD64). The Website use Integrated Windows Authentication. The SourceCode Files on the server are protected by ActiveDirectory Groups. All works fine. But now the problem. If a user request a html File then the IIS check the NTFS Filesystempermissions. That means, only users have access, which are in the security group on the file system. But, if the same user request a jsp File, then there is no check on the Filesystempermissons. That is not OK. I'ld like to protect my JSP Files with NTFS Rights. Can anybody help me? The JSPs should be served by Tomcat, right? So IIS doesn't need to be able to see them or allowed to actually read them. So do you want to protect them in Tomcat? Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual host configuration - best practise?
On 25/09/2009 08:26, hepabolu wrote: awarnier wrote: hepabolu wrote: ... However, from the Tomcat docs I understand that any change to server.xml requires a restart of Tomcat which would mean that the existing (non-dummy) hosts which are already in production, i.e. up and running, will also be taken offline. This is the heart of the problem... Just as another look on the issue. skip/ This may be one case where the added complication of having an Apache httpd in front of Tomcat is justified. Do you have any info on processing times using apache + mod_jk? Your app will be the defining factor in terms of responsivity, there is an overhead when using HTTPD in front of Tomcat but it's usually negligible compared to the time spent in your application. OP: Chris asked you if you were using session replication, I'd also ask if so, which type? If your interest is in load balancing, you are using sticky sessions and you are not too bothered about forcing re-login or session re-initialisation when the client shifts node, you could disable session replication. A positive change in performance would confirm that session replication is causing the slow down in the one node. You didn't specify (did you?) which algorithm you are using to load balance, have you experimented with the various options available? p Thanks. Bye, Helma - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Clustering Question...
From: Darren Kukulka [mailto:darren.kuku...@connaught.plc.uk] Subject: RE: Clustering Question... When OldGen becomes full, the system basically slows down to the point of becoming non-responsive...but it does not report any OOME. Then a major GC likely is running almost continuously, which will suspend the application threads. What are your heap-related commmand line settings? If you have artificially constrained the size of the OldGen, you could easily have a self-induced problem. Setting -XX:NewRatio or any of several other options will prevent HotSpot from dynamically adjusting the balance between NewGen and OldGen. Or, you may simply be out of heap space, in which case you'll need to fix your application so that it's not so greedy. Excessive caching without employing a SoftReference technique is a frequent cause. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: php 5 and tomcat 6
Chris, I think you're right about it being a PHP question, I was just inquiring if someone here had the PECL dll files that I need. Here is what I was looking at: http://tojackwu.blogspot.com/2008/10/php-5-on-tomcat-6-installation.html Ziggy - I'm aware of liferay. Off the top of your head do you know if it is DLL based or is it via CGI? If you don't it's not big deal, don't look it up, I just wondered if you had a quick and dirty answer. Tom, as for why would I not install httpd? Had it, configured it, had it running, and then... removed it. It is nothing more than another layer in the mix. I have SSH configured correctly via my tomcat installation, everything is customized to where I need it to be, and my tomcat is ironclad as of now. My attitude is the old KISS mentality. Why would I want to add another possible issue or layer in the mix? Then I'd have 2 web servers running, and the list of what issues could possibly happen more than doubles. Tomcat's performance is just as good as httpd, why would I run and have to cross configure 2 webservers when 1 will do just fine? Security? Not worried, this is a pet project of mine. If I can get a drupal installation running via a tomcat / php port, I'll be happy. If someone hacks it, i'm not worried. Ken - Thanks for the heads up on the other org. I'll look into that as well. - Josh On Thu, Sep 24, 2009 at 6:53 PM, Ken Bowen kbo...@als.com wrote: Argh. Sorry for the list spam. Was sending this to someone interested. On Sep 24, 2009, at 5:28 PM, Ken Bowen wrote: Sorry for dropping the link. The reference showed up in this: http://quercus.caucho.com/casestudies/Caucho_LiveProcess_casestudy.pdf The company is: http://www.liveprocess.com/ On Sep 24, 2009, at 1:36 PM, Hassan Schroeder wrote: On Thu, Sep 24, 2009 at 8:40 AM, Tommy Pham tommy...@yahoo.com wrote: Only way to get PHP running in Tomcat is through CGI. Not true: http://quercus.caucho.com/ -- Hassan Schroeder hassan.schroe...@gmail.com twitter: @hassan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Apache Tomcat, IIS, ISAPI
Joerg, If you want your JSP's protected you can configure that in your web.xml file. I can't fully remember (someone jump in here) but I used role's in tomcat and put the jsp files in a seperate directory, then I added declarations in my web.xml file for it. Here is the snippets from my web.xml: (If you look down through the role-name tags certain roles can access certain JSP's. All the JSP's are locked from the gen-public inside of a Private folder. !--Constraints to control access to an entire namespace of urls-- security-constraint!--/admin/* limits access to those in admin role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/admin/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nameadmin/role-name /auth-constraint /security-constraint security-constraint!--/trainer/* limits access to those in trainer role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/trainer/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name /auth-constraint /security-constraint security-constraint!--/Private/* completely blocks access except by the webserver itself.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/Private/*/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-name/role-name /auth-constraint /security-constraint !--Constraints to limit access to individual urls which are not limited by any namespace in their url-- security-constraint!--/Main.jsp requires login, but then is available to everybody who can login.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/Main.jsp/url-pattern url-pattern/AutocompleteQuery/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name role-namemanager/role-name role-nameadmin/role-name role-nameuser/role-name /auth-constraint /security-constraint security-constraint!--/CompanyOverview.jsp requires login, in any non-user role.-- web-resource-collection web-resource-nameCompanySecret/web-resource-name url-pattern/CompanyOverview.jsp/url-pattern http-methodDELETE/http-method http-methodGET/http-method http-methodPOST/http-method http-methodPUT/http-method /web-resource-collection auth-constraint role-nametrainer/role-name role-namemanager/role-name role-nameadmin/role-name /auth-constraint /security-constraint Hope this helps you. - Josh On Fri, Sep 25, 2009 at 5:46 AM, Buchner, Joerg [T0I] (VW Sachsen) joerg.buch...@volkswagen.de wrote: Hi Rainer, yes, the JSP's should be served by Tomcat! But Tomcat should not work as WebService, Tomcat is only an Engine behind IIS. The protection of the JSP Files should be realized in the NTFS ACL's... Regards, Jörg -Ursprüngliche Nachricht- Von: Rainer Jung [mailto:rainer.j...@kippdata.de] Gesendet: Freitag, 25. September 2009 09:07 An: Tomcat Users List Betreff: Re: Apache Tomcat, IIS, ISAPI On 25.09.2009 08:06, Buchner, Joerg [T0I] (VW Sachsen) wrote: Hi, i've got an Problem. We have an Microsoft IIS 6.0 with an Apache Tomcat 5.5.27 with IIS ISAPI 1.2.28. (AMD64). The Website use Integrated Windows Authentication. The SourceCode Files on the server are protected by ActiveDirectory Groups. All works fine. But now the problem. If a user request a html File then the IIS check the NTFS Filesystempermissions. That means, only users have access, which are in the security group on the file system. But, if the same user request a jsp File, then there is no check on the Filesystempermissons. That is not OK. I'ld like to protect my JSP Files with NTFS Rights. Can anybody help me? The JSPs should be served by Tomcat, right? So IIS doesn't need to be able to see them or allowed to actually read them. So do you
RE: Clustering Question...
Thanks Chuck. I'll relay your feedback to our development team. To answer your question, the startup parameters are as follows; -Xms4800m -Xmx4800m -XX:NewSize=900m -XX:MaxNewSize=900m -XX:PermSize=480m -XX:MaxPermSize=480m -XX:+UseParallelGC -XX:ParallelGCThreads=3 -XX:+UseParallelOldGC -XX:GCTimeRatio=11 -XX:+UseAdaptiveSizePolicy -XX:ReservedCodeCacheSize=96m -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: 25 September 2009 14:23 To: Tomcat Users List Subject: RE: Clustering Question... From: Darren Kukulka [mailto:darren.kuku...@connaught.plc.uk] Subject: RE: Clustering Question... When OldGen becomes full, the system basically slows down to the point of becoming non-responsive...but it does not report any OOME. Then a major GC likely is running almost continuously, which will suspend the application threads. What are your heap-related commmand line settings? If you have artificially constrained the size of the OldGen, you could easily have a self-induced problem. Setting -XX:NewRatio or any of several other options will prevent HotSpot from dynamically adjusting the balance between NewGen and OldGen. Or, you may simply be out of heap space, in which case you'll need to fix your application so that it's not so greedy. Excessive caching without employing a SoftReference technique is a frequent cause. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Connaught plc is a FTSE 250 company. We are the UK's leading provider of integrated services operating in the compliance, social housing and public sector markets. Please visit our website to see a full list of Connaught's Registered Companies www.connaught.plc.uk/group/aboutconnaught/registeredcompanies Disclaimer: The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete this message. Connaught plc, Head Office 01392 444546 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Has anyone been successful building mod_jk on AIX 6.1 ?
I ran the find commands and did not find any of these files. I ran the build with the new tools and this is what I got. Could this one be my shared object module? 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a bash-3.00# pwd /home/strickll/tomcat-connectors-1.2.28-new_autotools-src bash-3.00# find . -name \*mod_jk\* -ls 176652 109 -rw--- 1 51 develope111577 Mar 19 2009 ./native/apache-1.3/mod_jk.c 1766538 -rw--- 1 51 develope 7824 Jun 17 2007 ./native/apache-1.3/mod_jk.dsp 1766551 -rw--- 1 51 develope11 Sep 6 2002 ./native/apache-1.3/mod_jk.exp 177030 126 -rw--- 1 51 develope128597 Mar 19 2009 ./native/apache-2.0/mod_jk.c 1770318 -rw--- 1 51 develope 7757 Jun 17 2007 ./native/apache-2.0/mod_jk.dsp 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a 1802261 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.lai 1802271 lrwxrwxrwx 1 root system 12 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.la - ../mod_jk.la 1770541 -rw-r--r-- 1 root system 765 Sep 25 08:17 ./native/apache-2.0/mod_jk.la. 177077 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/libmod_jk.a 177073 155 -rw-r--r-- 1 root system 158506 Sep 25 08:40 ./native/apache-2.0/mod_jk.o 1770721 -rw-r--r-- 1 root system 297 Sep 25 08:40 ./native/apache-2.0/mod_jk.lo 1770741 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/mod_jk.la bash-3.00# ./buildconf.sh bash-3.00# pwd bash-3.00# -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thursday, September 24, 2009 6:06 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? On 25.09.2009 00:55, Strickland, Lawrence P wrote: If the shared object module in not called mod_jk.so then what is it called? Is it mod_jk.o? And, if that is the case where does it need to be? In the apache/modules directory? See the below find command. It could be mod_jk.so, mod_jk.a or mod_jk.so.0. But please note what I also wrote below. If you use the standard src download, even if the build works, it might not be a really good binary, because the platform detection doesn't work with the old config.guess and configure. And yes: once you've got a good shared object file for AIX, you can put it into the modules folder of httpd. Actually you can put it anywhere you like, but if you use the relative path modules/... in the LoadModule directive, then it has to be in the modules directory of httpd. Regards, Rainer From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thu 9/24/2009 4:24 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? Hi Lawrence, On 24.09.2009 22:48, Strickland, Lawrence P wrote: This is the output of my build run. So apparently I am building version 1.2.28 with XLC 10.1 and Apache 2.2.13 #./httpd -v Server version: Apache/2.2.13 (Unix) Server built: Sep 22 2009 13:27:47 # gmake -v GNU Make 3.80 /home/strickll/tomcat-connectors-1.2.28-src/native bash-3.00# CC=cc_r -qlanglvl=extc89 ./configure --with-apxs=/usr/local/apache2/bin/apxs ... Do the following commands find a build result: find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.a -ls find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.so.* -ls I once did build for AIX but using an own toolchain based on gcc. One of the things I had to fix, was that config.guess (and also configure etc.) was to old to detect AIX 6. I checked 1.2.28 and unfortunately we didn't use the updated autotools when doing the release. I ran buildconf.sh once more with newer autotools, so you might want to check whether the archive at http://people.apache.org/~rjung/mod_jk-dev/source/jk-1.2.28-aix/tomcat-c onnectors-1.2.28-new_autotools-src.tar.gz works better for you. But I vaguely also remember that there was also a problem with libtool. I don't really remember precisely, but on AIX it wanted to build shared libs as .a file instead of .so. It worked when applying the following ksh snipppet: for f in `find . -type f -name libtool` do echo Fixing $f... cp -p $f $f.aix_orig sed -e 's#hardcode_action=immediate#hardcode_action=relink#' \ -e 's#hardcode_direct=yes#hardcode_direct=no#' \ -e 's#hardcode_minus_L=no#hardcode_minus_L=yes#' \ $f.aix_orig $f done but maybe you won't need it using XLC. Concerning make install: don't really use it. You can copy over the mod_jk.so (or however the shared object file is called on AIX) to the modules directory. Let us know your
RE: Clustering Question...
From: Darren Kukulka [mailto:darren.kuku...@connaught.plc.uk] Subject: RE: Clustering Question... To answer your question, the startup parameters are as follows; -Xms4800m -Xmx4800m -XX:NewSize=900m -XX:MaxNewSize=900m -XX:PermSize=480m -XX:MaxPermSize=480m -XX:+UseParallelGC -XX:ParallelGCThreads=3 -XX:+UseParallelOldGC -XX:GCTimeRatio=11 -XX:+UseAdaptiveSizePolicy -XX:ReservedCodeCacheSize=96m You might want to try removing the NewSize and MaxNewSize options. The GCTimeRatio seems a bit low - the default is 99; the value of 11 will reduce the time available for the application threads. UseAdaptiveSizePolicy is on by default in JRE/JDK 6 (but you didn't tell us what JVM you're using). Do you have enough RAM to support that heap size without paging? How many cores do you have? Turning on PrintGC, PrintGCDetails, and PrintHeapAtGC might provide some useful info; use -Xloggc to direct the output to the file of choice. Running a profiler (jmap or jhat would suffice) to find out what's actually taking up all of OldGen would help. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtual host configuration - best practise?
On 25/09/2009 14:03, Pid wrote: On 25/09/2009 08:26, hepabolu wrote: awarnier wrote: hepabolu wrote: ... However, from the Tomcat docs I understand that any change to server.xml requires a restart of Tomcat which would mean that the existing (non-dummy) hosts which are already in production, i.e. up and running, will also be taken offline. This is the heart of the problem... Just as another look on the issue. skip/ This may be one case where the added complication of having an Apache httpd in front of Tomcat is justified. Do you have any info on processing times using apache + mod_jk? Your app will be the defining factor in terms of responsivity, there is an overhead when using HTTPD in front of Tomcat but it's usually negligible compared to the time spent in your application. Ignore this below, it's an answer to another thread. Teach me to rush some replies out... Doh. p OP: Chris asked you if you were using session replication, I'd also ask if so, which type? If your interest is in load balancing, you are using sticky sessions and you are not too bothered about forcing re-login or session re-initialisation when the client shifts node, you could disable session replication. A positive change in performance would confirm that session replication is causing the slow down in the one node. You didn't specify (did you?) which algorithm you are using to load balance, have you experimented with the various options available? p Thanks. Bye, Helma - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any way to filter URL's with a dot in the directory name?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Scott, On 9/24/2009 4:19 PM, Scott Dunbar wrote: No, I specified /* as my url-pattern: filter-mapping filter-nameFileFilter/filter-name url-pattern/*/url-pattern /filter-mapping and my filter is not called when the URL is http://www.hostname.tld/.svn/entries The servlet spec is weird here and the url-pattern in a web-resource-collection. The . has special meaning that seems to indicate a file extension, not a directory. The . only has special meaning when the URL pattern looks like this: *.[anything] All other uses of a period should be literal. If you set up a mapping for /.svn then the matching should be exact. Since I guess you want to protect /*/.svn then your approach of mapping to /* and then just checking for the directory name is probably the right one. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq82ksACgkQ9CaO5/Lv0PAiGwCcC1wf++l16QB23G/a6QLqHvlj yUkAnRATnhqF0cFxzO+DWso8L1uOjFpf =4dkJ -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat and Outgoing SSL
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Steve, On 9/23/2009 11:49 PM, Steve Cohen wrote: I have an backend application that runs under Tomcat. It does not serve Web pages. It depends on various services that use SSL in one way or another: 1) It connects with a vendor's Web Service over https:, which depends on one of the certificates in the default cacerts file 2) It connects with another vendor's Web Service over https: but this one depends on a CA certificate issued by the vendor. 3) It makes SSL-encrypted connections to a MySQL database using a self-generated SSL certificate. I can get this to work by using keytool and importing the entire cacerts keystore, the self-generated CA cert for mysql, and the second vendor's ca cert into a single truststore, then Setting system properties to point at this at app startup. But this feels like a real hack. So, you basically copy the system cacerts file and merge-in the two other certificates? That doesn't sound too bad to me. Another option is to simply modify the system cacerts file. I thought that the JVM would load the system cacerts file plus ~/.cacerts or something similar automatically. Have you looked at the documentation for SocketFactory and friends? Another option is to simply turn-off certificate checking for SSL connections, but I really don't recommend this except for testing environments. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq83xAACgkQ9CaO5/Lv0PBetgCfQKIyryVLRtOu3Mcr6Z2/Stnr W5UAoLLPqNnbfHl9ZfcPwpDf2oLwEIWC =SaIR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
custom error page during client ssl
Is there a way to throw a custom error page/msg when the user cancels the certificate pop-up on the browser during client SSL ? Right now the browser just shows default network error. Any prompt help is appreciated. Thanks
Re: Has anyone been successful building mod_jk on AIX 6.1 ?
On 25.09.2009 15:46, Strickland, Lawrence P wrote: I ran the find commands and did not find any of these files. I ran the build with the new tools and this is what I got. Could this one be my shared object module? 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a Yes, this could be it. It could either be a static library (not good) or a shared library (good). Most platforms use *.a for static libs, but I vaguely remember that AIX used it for shared. You could try file native/apache-2.0/.libs/libmod_jk.a to see what AIX says which type of file it is. Did you try loading it into the web server with LoadModule? For the build, did you use the new tarball and additionally the fixed libtool, or only the new tarball? Regards, Rainer bash-3.00# pwd /home/strickll/tomcat-connectors-1.2.28-new_autotools-src bash-3.00# find . -name \*mod_jk\* -ls 176652 109 -rw--- 1 51 develope111577 Mar 19 2009 ./native/apache-1.3/mod_jk.c 1766538 -rw--- 1 51 develope 7824 Jun 17 2007 ./native/apache-1.3/mod_jk.dsp 1766551 -rw--- 1 51 develope11 Sep 6 2002 ./native/apache-1.3/mod_jk.exp 177030 126 -rw--- 1 51 develope128597 Mar 19 2009 ./native/apache-2.0/mod_jk.c 1770318 -rw--- 1 51 develope 7757 Jun 17 2007 ./native/apache-2.0/mod_jk.dsp 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a 1802261 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.lai 1802271 lrwxrwxrwx 1 root system 12 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.la - ../mod_jk.la 1770541 -rw-r--r-- 1 root system 765 Sep 25 08:17 ./native/apache-2.0/mod_jk.la. 177077 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/libmod_jk.a 177073 155 -rw-r--r-- 1 root system 158506 Sep 25 08:40 ./native/apache-2.0/mod_jk.o 1770721 -rw-r--r-- 1 root system 297 Sep 25 08:40 ./native/apache-2.0/mod_jk.lo 1770741 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/mod_jk.la bash-3.00# ./buildconf.sh bash-3.00# pwd bash-3.00# -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thursday, September 24, 2009 6:06 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? On 25.09.2009 00:55, Strickland, Lawrence P wrote: If the shared object module in not called mod_jk.so then what is it called? Is it mod_jk.o? And, if that is the case where does it need to be? In the apache/modules directory? See the below find command. It could be mod_jk.so, mod_jk.a or mod_jk.so.0. But please note what I also wrote below. If you use the standard src download, even if the build works, it might not be a really good binary, because the platform detection doesn't work with the old config.guess and configure. And yes: once you've got a good shared object file for AIX, you can put it into the modules folder of httpd. Actually you can put it anywhere you like, but if you use the relative path modules/... in the LoadModule directive, then it has to be in the modules directory of httpd. Regards, Rainer From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thu 9/24/2009 4:24 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? Hi Lawrence, On 24.09.2009 22:48, Strickland, Lawrence P wrote: This is the output of my build run. So apparently I am building version 1.2.28 with XLC 10.1 and Apache 2.2.13 #./httpd -v Server version: Apache/2.2.13 (Unix) Server built: Sep 22 2009 13:27:47 # gmake -v GNU Make 3.80 /home/strickll/tomcat-connectors-1.2.28-src/native bash-3.00# CC=cc_r -qlanglvl=extc89 ./configure --with-apxs=/usr/local/apache2/bin/apxs ... Do the following commands find a build result: find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.a -ls find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.so.* -ls I once did build for AIX but using an own toolchain based on gcc. One of the things I had to fix, was that config.guess (and also configure etc.) was to old to detect AIX 6. I checked 1.2.28 and unfortunately we didn't use the updated autotools when doing the release. I ran buildconf.sh once more with newer autotools, so you might want to check whether the archive at http://people.apache.org/~rjung/mod_jk-dev/source/jk-1.2.28-aix/tomcat-c onnectors-1.2.28-new_autotools-src.tar.gz works better for you. But I vaguely also remember that there was also a problem with libtool. I don't really remember precisely, but on AIX it wanted to build shared libs as .a file instead of .so. It worked when applying the following ksh snipppet:
RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003
Chris, All, Thanks for your message. Yes, we have been using Tomcat for years now but this version of tomcat always gives error when we stop it. The process actually stops tomcat but the error message pops-up. If we start/stop service from tomcat5w.exe it works fine. Its only when the service is stopped from windows service, it always ends up in error message. Even if we run it from DOS-prompt, it works fine. The client wants it to be stopped from services only and didn't accept any other solution. My guess is something in registry that needs to be fixed. This happens on all/several installations that use tomcat 5.5.17. I think, probably, I should install another version of tomcat and then compare registry to fix the issue. Please let me know if you have any other ideas. Thanks again. Regards, Deepti Date: Thu, 24 Sep 2009 12:59:35 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Deepti, On 9/24/2009 12:03 PM, Deepti Nigudkar wrote: We are using Tomcat 5.5.17 and everytime we try to stop the service from windows server 2003 we get error 1053 (It seems Microsoft uses this code if the service start/stop timeout) That error code is unlikely to be useful... as you suggest, it may just mean service failed to start. Have you used Tomcat in the past and now it suddenly does not work? Or, is this the first time you are attempting to deploy it as a Microsoft Windows service? I have tried to look for the solution to this as our software use Apache tomcat 5.5.17. I have even tried editing catalina.bat to have conditional statement to exclude JAVA_OPTS while stopping but it didn't help. This was one of the solution I found when I was searching on google. If you have any log files in \path\to\tomcat\logs, delete them (or move them somewhere else if you want to keep them) and try to start the service again. Any log files in that directory should be examined. IF you see anything out of the ordinary, investigate. If you need help, post the relevant sections of the log files (or the whole thing if you're not sure) to the list and we'll try to help. What happens if you try to start Tomcat from the command-line, like this: C:\ cd \path\to\tomcat C:\path\to\tomcat bin\catalina.bat run [output goes here] Does anything happen? If you get any output at all, please post that back to the list and we can maybe help figure out what's going wrong. We cannot upgrade to other tomcat versions as our software was developed on this version. Tomcat 5.5.x versions are all very compatible with a few exceptions. IF you read the changelog, you can see any changes that might break your application. Some significant bugs and security problems have been fixed between 5.5.17 and 5.5.28 (the current version of 5.5.x). You should seriously consider upgrading no matter what else you do. I am sure there is fix for this but I was unable to find it. The fix depends on the problem. get back to us after you've tried my suggestions above and we'll see what's going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq7pXcACgkQ9CaO5/Lv0PBG2wCgnXUP4IlbQFyInr3JTizShreO /XcAn2xURKdrju3laS4jWavXQQhdDd+a =GWj3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ Bing™ brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea=TEXT_MLOGEN_Core_tagline_local_1x1
RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003
One option would be to replace the tomcat.exe/tomcatw.exe with the current version from 5.5.28. This wouldn't affect your application since it would only replace the service interface, not the actual tomcat java class files. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Deepti Nigudkar [mailto:deepti_...@hotmail.com] Sent: Friday, September 25, 2009 12:32 PM To: Apache Tomcat Users Subject: RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 Chris, All, Thanks for your message. Yes, we have been using Tomcat for years now but this version of tomcat always gives error when we stop it. The process actually stops tomcat but the error message pops-up. If we start/stop service from tomcat5w.exe it works fine. Its only when the service is stopped from windows service, it always ends up in error message. Even if we run it from DOS-prompt, it works fine. The client wants it to be stopped from services only and didn't accept any other solution. My guess is something in registry that needs to be fixed. This happens on all/several installations that use tomcat 5.5.17. I think, probably, I should install another version of tomcat and then compare registry to fix the issue. Please let me know if you have any other ideas. Thanks again. Regards, Deepti Date: Thu, 24 Sep 2009 12:59:35 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Deepti, On 9/24/2009 12:03 PM, Deepti Nigudkar wrote: We are using Tomcat 5.5.17 and everytime we try to stop the service from windows server 2003 we get error 1053 (It seems Microsoft uses this code if the service start/stop timeout) That error code is unlikely to be useful... as you suggest, it may just mean service failed to start. Have you used Tomcat in the past and now it suddenly does not work? Or, is this the first time you are attempting to deploy it as a Microsoft Windows service? I have tried to look for the solution to this as our software use Apache tomcat 5.5.17. I have even tried editing catalina.bat to have conditional statement to exclude JAVA_OPTS while stopping but it didn't help. This was one of the solution I found when I was searching on google. If you have any log files in \path\to\tomcat\logs, delete them (or move them somewhere else if you want to keep them) and try to start the service again. Any log files in that directory should be examined. IF you see anything out of the ordinary, investigate. If you need help, post the relevant sections of the log files (or the whole thing if you're not sure) to the list and we'll try to help. What happens if you try to start Tomcat from the command-line, like this: C:\ cd \path\to\tomcat C:\path\to\tomcat bin\catalina.bat run [output goes here] Does anything happen? If you get any output at all, please post that back to the list and we can maybe help figure out what's going wrong. We cannot upgrade to other tomcat versions as our software was developed on this version. Tomcat 5.5.x versions are all very compatible with a few exceptions. IF you read the changelog, you can see any changes that might break your application. Some significant bugs and security problems have been fixed between 5.5.17 and 5.5.28 (the current version of 5.5.x). You should seriously consider upgrading no matter what else you do. I am sure there is fix for this but I was unable to find it. The fix depends on the problem. get back to us after you've tried my suggestions above and we'll see what's going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq7pXcACgkQ9CaO5/Lv0PBG2wCgnXUP4IlbQFyInr3JTizShreO /XcAn2xURKdrju3laS4jWavXQQhdDd+a =GWj3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ BingT brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea= TEXT_MLOGEN_Core_tagline_local_1x1 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Using administration url in application
Hello, I have configured a Tomcat 5.5 server on and deployed my application onto in the root context. The application works successfully, except when I try to use anything with that starts with the /admin url pattern. My guess is that Tomcat thinks I am trying to reach the Web Administration module and it throws up a 404 error. I would like to tell tomcat to use a different url for its web administration module so I can use it on my application. I have tried going into my admin.xml file and modifying the Context entry to use a different path: Context path=/admin1 docBase=/usr/share/tomcat5.5/server/webapps/admin debug=0 privileged=true allowLinking=true I have also tried totally removing the admin.xml file. Neither has worked. Any help would be appreciated Michael
RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003
Thanks George. I will try that on out testing environment. Regards, Deepti From: geor...@mhsoftware.com To: users@tomcat.apache.org Subject: RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 Date: Fri, 25 Sep 2009 12:40:19 -0600 One option would be to replace the tomcat.exe/tomcatw.exe with the current version from 5.5.28. This wouldn't affect your application since it would only replace the service interface, not the actual tomcat java class files. George Sexton MH Software, Inc. http://www.mhsoftware.com/ Voice: 303 438 9585 -Original Message- From: Deepti Nigudkar [mailto:deepti_...@hotmail.com] Sent: Friday, September 25, 2009 12:32 PM To: Apache Tomcat Users Subject: RE: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 Chris, All, Thanks for your message. Yes, we have been using Tomcat for years now but this version of tomcat always gives error when we stop it. The process actually stops tomcat but the error message pops-up. If we start/stop service from tomcat5w.exe it works fine. Its only when the service is stopped from windows service, it always ends up in error message. Even if we run it from DOS-prompt, it works fine. The client wants it to be stopped from services only and didn't accept any other solution. My guess is something in registry that needs to be fixed. This happens on all/several installations that use tomcat 5.5.17. I think, probably, I should install another version of tomcat and then compare registry to fix the issue. Please let me know if you have any other ideas. Thanks again. Regards, Deepti Date: Thu, 24 Sep 2009 12:59:35 -0400 From: ch...@christopherschultz.net To: users@tomcat.apache.org Subject: Re: Tomcat 5.5.17 stop service fails resulting error 1053 on win server 2003 -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Deepti, On 9/24/2009 12:03 PM, Deepti Nigudkar wrote: We are using Tomcat 5.5.17 and everytime we try to stop the service from windows server 2003 we get error 1053 (It seems Microsoft uses this code if the service start/stop timeout) That error code is unlikely to be useful... as you suggest, it may just mean service failed to start. Have you used Tomcat in the past and now it suddenly does not work? Or, is this the first time you are attempting to deploy it as a Microsoft Windows service? I have tried to look for the solution to this as our software use Apache tomcat 5.5.17. I have even tried editing catalina.bat to have conditional statement to exclude JAVA_OPTS while stopping but it didn't help. This was one of the solution I found when I was searching on google. If you have any log files in \path\to\tomcat\logs, delete them (or move them somewhere else if you want to keep them) and try to start the service again. Any log files in that directory should be examined. IF you see anything out of the ordinary, investigate. If you need help, post the relevant sections of the log files (or the whole thing if you're not sure) to the list and we'll try to help. What happens if you try to start Tomcat from the command-line, like this: C:\ cd \path\to\tomcat C:\path\to\tomcat bin\catalina.bat run [output goes here] Does anything happen? If you get any output at all, please post that back to the list and we can maybe help figure out what's going wrong. We cannot upgrade to other tomcat versions as our software was developed on this version. Tomcat 5.5.x versions are all very compatible with a few exceptions. IF you read the changelog, you can see any changes that might break your application. Some significant bugs and security problems have been fixed between 5.5.17 and 5.5.28 (the current version of 5.5.x). You should seriously consider upgrading no matter what else you do. I am sure there is fix for this but I was unable to find it. The fix depends on the problem. get back to us after you've tried my suggestions above and we'll see what's going on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq7pXcACgkQ9CaO5/Lv0PBG2wCgnXUP4IlbQFyInr3JTizShreO /XcAn2xURKdrju3laS4jWavXQQhdDd+a =GWj3 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org _ BingT brings you maps, menus, and reviews organized in one place. Try it now. http://www.bing.com/search?q=restaurantsform=MLOGENpubl=WLHMTAGcrea=
RE: Using administration url in application
From: Zeitlin, Michael (USAEO) [mailto:michael.zeit...@usdoj.gov] Subject: Using administration url in application I have configured a Tomcat 5.5 server on and deployed my application onto in the root context. Exactly how did you do this? The proper way is to remove the existing webapps/ROOT directory, and install your webapp in its place. Any other procedure is probably wrong. I have tried going into my admin.xml file and modifying the Context entry to use a different path: Context path=/admin1 docBase=/usr/share/tomcat5.5/server/webapps/admin debug=0 privileged=true allowLinking=true Pointless, since the path attribute is not allowed here. You need to rename admin.xml to [somethingElse].xml if you want to use admin inside your default webapp. I have also tried totally removing the admin.xml file. This makes me think you have not installed your default webapp properly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: custom error page during client ssl
Which web browser in particular are you asking about, and what's the network error it's saying? And, what did the pop-up say? My guess is that this is all client-side, and browser specific, so there is likely no way to customize the message. -- Jason Brittain On Fri, Sep 25, 2009 at 8:58 AM, iam techat...@yahoo.com wrote: Is there a way to throw a custom error page/msg when the user cancels the certificate pop-up on the browser during client SSL ? Right now the browser just shows default network error. Any prompt help is appreciated. Thanks
Re: JNDI authentication
We are having the same exact issue you are speaking of. We've gone through logs as well. I'd love to get some insight on this also. We are using tomcat with basic authentication. daniel steel wrote: All, we are using jndi authentication for authenticating the user against active directory. the user is hitting the load balancer and then the request is forwarded to the tomcat. at times we are seeing slowness and on analyzing the access log, the jsps having high execution duration do not have any remoteusername associated with that call and has http response 401 - unauthorised access. the question is what stripping the remote username ? 1. the load balancer is off loading the SSL. 2. we are using basic authentication schema tied into JNDI - LDAP authentication. thanks dan -- View this message in context: http://www.nabble.com/JNDI-authentication-tp25588982p25617863.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Has anyone been successful building mod_jk on AIX 6.1 ?
bash-3.00# file libmod_jk.a libmod_jk.a: archive (big format) What is this file? What am I looking for? For the build, did you use the new tarball and additionally the fixed libtool, or only the new tarball? Yes to both of these questions. I used the new tarball and I ran the fixed libtool. -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Friday, September 25, 2009 1:07 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? On 25.09.2009 15:46, Strickland, Lawrence P wrote: I ran the find commands and did not find any of these files. I ran the build with the new tools and this is what I got. Could this one be my shared object module? 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a Yes, this could be it. It could either be a static library (not good) or a shared library (good). Most platforms use *.a for static libs, but I vaguely remember that AIX used it for shared. You could try file native/apache-2.0/.libs/libmod_jk.a to see what AIX says which type of file it is. Did you try loading it into the web server with LoadModule? For the build, did you use the new tarball and additionally the fixed libtool, or only the new tarball? Regards, Rainer bash-3.00# pwd /home/strickll/tomcat-connectors-1.2.28-new_autotools-src bash-3.00# find . -name \*mod_jk\* -ls 176652 109 -rw--- 1 51 develope111577 Mar 19 2009 ./native/apache-1.3/mod_jk.c 1766538 -rw--- 1 51 develope 7824 Jun 17 2007 ./native/apache-1.3/mod_jk.dsp 1766551 -rw--- 1 51 develope11 Sep 6 2002 ./native/apache-1.3/mod_jk.exp 177030 126 -rw--- 1 51 develope128597 Mar 19 2009 ./native/apache-2.0/mod_jk.c 1770318 -rw--- 1 51 develope 7757 Jun 17 2007 ./native/apache-2.0/mod_jk.dsp 180225 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/.libs/libmod_jk.a 1802261 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.lai 1802271 lrwxrwxrwx 1 root system 12 Sep 25 08:40 ./native/apache-2.0/.libs/mod_jk.la - ../mod_jk.la 1770541 -rw-r--r-- 1 root system 765 Sep 25 08:17 ./native/apache-2.0/mod_jk.la. 177077 1053 -rw-r--r-- 1 root system 1077292 Sep 25 08:40 ./native/apache-2.0/libmod_jk.a 177073 155 -rw-r--r-- 1 root system 158506 Sep 25 08:40 ./native/apache-2.0/mod_jk.o 1770721 -rw-r--r-- 1 root system 297 Sep 25 08:40 ./native/apache-2.0/mod_jk.lo 1770741 -rw-r--r-- 1 root system 756 Sep 25 08:40 ./native/apache-2.0/mod_jk.la bash-3.00# ./buildconf.sh bash-3.00# pwd bash-3.00# -Original Message- From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thursday, September 24, 2009 6:06 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? On 25.09.2009 00:55, Strickland, Lawrence P wrote: If the shared object module in not called mod_jk.so then what is it called? Is it mod_jk.o? And, if that is the case where does it need to be? In the apache/modules directory? See the below find command. It could be mod_jk.so, mod_jk.a or mod_jk.so.0. But please note what I also wrote below. If you use the standard src download, even if the build works, it might not be a really good binary, because the platform detection doesn't work with the old config.guess and configure. And yes: once you've got a good shared object file for AIX, you can put it into the modules folder of httpd. Actually you can put it anywhere you like, but if you use the relative path modules/... in the LoadModule directive, then it has to be in the modules directory of httpd. Regards, Rainer From: Rainer Jung [mailto:rainer.j...@kippdata.de] Sent: Thu 9/24/2009 4:24 PM To: Tomcat Users List Subject: Re: Has anyone been successful building mod_jk on AIX 6.1 ? Hi Lawrence, On 24.09.2009 22:48, Strickland, Lawrence P wrote: This is the output of my build run. So apparently I am building version 1.2.28 with XLC 10.1 and Apache 2.2.13 #./httpd -v Server version: Apache/2.2.13 (Unix) Server built: Sep 22 2009 13:27:47 # gmake -v GNU Make 3.80 /home/strickll/tomcat-connectors-1.2.28-src/native bash-3.00# CC=cc_r -qlanglvl=extc89 ./configure --with-apxs=/usr/local/apache2/bin/apxs ... Do the following commands find a build result: find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.a -ls find /home/strickll/tomcat-connectors-1.2.28-src -name mod_jk.so.* -ls I once did build for AIX but using an own toolchain based on gcc. One of the things I had to fix, was that config.guess (and also configure etc.) was to old to detect AIX 6. I checked 1.2.28 and unfortunately we didn't use the updated
RE: Using administration url in application
Sorry, I should have been more clear. I did remove my existing ROOT directory and replaced it with my application. If the path parameter in the Context is not useful, how does Tomcat know what url to use for the administration app? Will renaming the admin.xml to [somethingElse].xml now display the admin application at the /[somethingElse] url? -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, September 25, 2009 3:10 PM To: Tomcat Users List Subject: RE: Using administration url in application From: Zeitlin, Michael (USAEO) [mailto:michael.zeit...@usdoj.gov] Subject: Using administration url in application I have configured a Tomcat 5.5 server on and deployed my application onto in the root context. Exactly how did you do this? The proper way is to remove the existing webapps/ROOT directory, and install your webapp in its place. Any other procedure is probably wrong. I have tried going into my admin.xml file and modifying the Context entry to use a different path: Context path=/admin1 docBase=/usr/share/tomcat5.5/server/webapps/admin debug=0 privileged=true allowLinking=true Pointless, since the path attribute is not allowed here. You need to rename admin.xml to [somethingElse].xml if you want to use admin inside your default webapp. I have also tried totally removing the admin.xml file. This makes me think you have not installed your default webapp properly. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Using administration url in application
From: Zeitlin, Michael (USAEO) [mailto:michael.zeit...@usdoj.gov] Subject: RE: Using administration url in application I did remove my existing ROOT directory and replaced it with my application. Did you also remove the admin directory underneath the original ROOT? (You should have.) If the path parameter in the Context is not useful, how does Tomcat know what url to use for the administration app? Read the doc: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html In individual files (with a '.xml' extension) in the $CATALINA_HOME/conf/[enginename]/[hostname]/ directory. The name of the file (less the .xml) extension will be used as the context path. Will renaming the admin.xml to [somethingElse].xml now display the admin application at the /[somethingElse] url? Yes. You will likely need to restart Tomcat to make such a change effective. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Using administration url in application
one possible solution $CATALINA_HOME/conf/[enginename]/[hostname]/ROOT.xml where Context docBase=”/my-path/applicationName.war ” / /*docBase is an absolute pathname for this directory or WAR file, or a pathname that is relative to the appBase directory of the owning Host.*/ the reference for Context element and attribute documentation at http://tomcat.apache.org/tomcat-5.5-doc/config/context.html an example of configuring ROOT.xml is available at http://benhutchison.wordpress.com/2008/07/30/how-to-configure-tomcat-root-context/ the manager webappmyust be loaded before ROOT.war manager must be working first use manager to upload ROOT.war a howto on howto use Manager webapp to upload ROOT.war is available at http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html#Configuring%20Manager%20Application%20Access this is only one proposal feel free to solicit other solutions fromlist hth Martin Gainty __ Do not alter/modify or disrupt this transmission. Thank You Subject: Using administration url in application Date: Fri, 25 Sep 2009 15:00:33 -0400 From: michael.zeit...@usdoj.gov To: users@tomcat.apache.org Hello, I have configured a Tomcat 5.5 server on and deployed my application onto in the root context. The application works successfully, except when I try to use anything with that starts with the /admin url pattern. My guess is that Tomcat thinks I am trying to reach the Web Administration module and it throws up a 404 error. I would like to tell tomcat to use a different url for its web administration module so I can use it on my application. I have tried going into my admin.xml file and modifying the Context entry to use a different path: Context path=/admin1 docBase=/usr/share/tomcat5.5/server/webapps/admin debug=0 privileged=true allowLinking=true I have also tried totally removing the admin.xml file. Neither has worked. Any help would be appreciated Michael _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009
RE: Using administration url in application
you mentioned admin? ..for the most part i would suggest using JMXBean instead with JMX you are installing a listener on a different port so there is no 'conflict' with default webapp of Tomcat ROOT..you can pretty much view available TC parameters with this tool If you dont see a specific or group of parameters that you need to see let us know more information is available at http://tomcat.apache.org/tomcat-6.0-doc/monitoring.html hth Martin Gainty __ Please do not alter/modify or disrupt this transmission. Thank You From: mgai...@hotmail.com To: users@tomcat.apache.org Subject: RE: Using administration url in application Date: Fri, 25 Sep 2009 16:05:56 -0400 one possible solution $CATALINA_HOME/conf/[enginename]/[hostname]/ROOT.xml where Context docBase=”/my-path/applicationName.war ” / /*docBase is an absolute pathname for this directory or WAR file, or a pathname that is relative to the appBase directory of the owning Host.*/ the reference for Context element and attribute documentation at http://tomcat.apache.org/tomcat-5.5-doc/config/context.html an example of configuring ROOT.xml is available at http://benhutchison.wordpress.com/2008/07/30/how-to-configure-tomcat-root-context/ the manager webappmyust be loaded before ROOT.war manager must be working first use manager to upload ROOT.war a howto on howto use Manager webapp to upload ROOT.war is available at http://tomcat.apache.org/tomcat-5.5-doc/manager-howto.html#Configuring%20Manager%20Application%20Access this is only one proposal feel free to solicit other solutions fromlist hth Martin Gainty __ Do not alter/modify or disrupt this transmission. Thank You Subject: Using administration url in application Date: Fri, 25 Sep 2009 15:00:33 -0400 From: michael.zeit...@usdoj.gov To: users@tomcat.apache.org Hello, I have configured a Tomcat 5.5 server on and deployed my application onto in the root context. The application works successfully, except when I try to use anything with that starts with the /admin url pattern. My guess is that Tomcat thinks I am trying to reach the Web Administration module and it throws up a 404 error. I would like to tell tomcat to use a different url for its web administration module so I can use it on my application. I have tried going into my admin.xml file and modifying the Context entry to use a different path: Context path=/admin1 docBase=/usr/share/tomcat5.5/server/webapps/admin debug=0 privileged=true allowLinking=true I have also tried totally removing the admin.xml file. Neither has worked. Any help would be appreciated Michael _ Hotmail® has ever-growing storage! Don’t worry about storage limits. http://windowslive.com/Tutorial/Hotmail/Storage?ocid=TXT_TAGLM_WL_HM_Tutorial_Storage_062009 _ Lauren found her dream laptop. Find the PC that’s right for you. http://www.microsoft.com/windows/choosepc/?ocid=ftp_val_wl_290
Re: JNDI authentication
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dan, On 9/23/2009 11:51 PM, daniel steel wrote: we are using jndi authentication for authenticating the user against active directory. the user is hitting the load balancer and then the request is forwarded to the tomcat. at times we are seeing slowness and on analyzing the access log, the jsps having high execution duration do not have any remoteusername associated with that call and has http response 401 - unauthorised access. the question is what stripping the remote username ? 1. the load balancer is off loading the SSL. 2. we are using basic authentication schema tied into JNDI - LDAP authentication. Since your load balancer is handling SSL for you, it should be trivial to set up a packet sniffer and watch the HTTP traffic going to Tomcat. If you can find a remote client that loses its authentication information, you ought to be able to look for a set of matching packets in your log and see the headers (including any authentication information included). If you're talking about using request.getRemoteUser(), I believe the SSL (or mod_jk if using httpd/mod_jk) connector is supposed to supply that information to the request. If you are stripping-off SSL information at the load-balancer, how is the remote user information being delivered to Tomcat? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkq9MNUACgkQ9CaO5/Lv0PDQ9QCfeYCiYQsejhzV9JXFiEEvlpHY yS8AnRyafIhfBQEBZy6CvPd71d3vwENh =qKbR -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org