Re: A question about mod_jk 1.2.28 configuration
Scroll back to Rainer's message dated 17/11/2009. There is a question there. The answer to that question is what Rainer is waiting for. Ok, here again Rainer's question: I know, that you have seen a problem, the errno=11 thing. I need to know, whether *this* problem (errno=11, which is your original PDF generation problem) also happens, when no socket-timeout and no reply_timeout is set. My answer: I took out the socket_timeout and reply_timeout. Here again my workers.properties: worker.worker_portfolio_son1.connection_pool_timeout=600 worker.worker_portfolio_son1.socket_keepalive=True worker.worker_portfolio_son1.lbfactor=1 worker.worker_portfolio_son1.type=ajp13 worker.worker_portfolio_son1.port=8009 worker.worker_portfolio_son1.host=appl-portfolio-test.mycom.com worker.worker_portfolio_son1.sticky_session=True I can't see the errno=11 in the mod_jk.log now. As I said in my last post, the developer changed the program so it will not return PDF-stream but simply plain text. What I get is posted in my former post. Does Rainer need further info? I will supply him. -- View this message in context: http://old.nabble.com/A-question-about-mod_jk-1.2.28-configuration-tp26264069p26429416.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Importing CERTIFICATE into Java Keystore
Hi again, I got the LDAP connection working on my IDM. Test Connection Succeeded However, when I try to create a new User on the LDAP Resource, I get the following error : javax.naming.CommunicationException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target Do you have an idea what this could mean? Thanks Regards Stephen Date: Thu, 19 Nov 2009 15:22:07 -0500 From: ch...@christopherschultz.net To: marr...@hotmail.com CC: users@tomcat.apache.org Subject: Re: Importing CERTIFICATE into Java Keystore -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Stephen, On 11/19/2009 2:42 AM, Stephen . wrote: My JAVA folder has 3 different locations which contain the command KEYTOOL I don't even know which of them is supposed to hold the certificate. None of those hold any certificates: they are just programs that operate on files called keystores. A keystore is a specially-formatted file that contains one or more certificates and keys. You can create a new one or use an existing one. Typically, your JVM has a system-level keystore installed that contains all of the special top-level certificates from the big guys like VeriSign and Thawte. That allows your JVM to trust certificates signed by those certificate authorities. X.509 (which is what all this stuff is defined as) is built on a tree of trust where a small number of implicitly-trusted entities (VeriSign, Thawte, etc.) are allowed to dictate who is and who is not trusted on the web via these certificates. It's a great racket. Yesterday, just to be on the safe side, I imported my certificate into ALL 3 locations (under 3 different aliases) The real question was which keystore you were operating on. From the 'keytool' manual page: Each keytool command has a -keystore option for specifying the name and location of the persistent keystore file for the keystore managed by keytool. The keystore is by default stored in a file named .keystore in the user's home directory, as determined by the user.home system property. So, do you have a file in ~/.keystore? If so, it's likely to be the place where all the certificates you are (re-)importing are going. You need to configure this keystore to be the one that is used for your JNDI connection. How are you configuring your JNDI resource? Please post the configuration (minus any passwords, of course) and tell us where that configuration appears. Then I found yet another command online which says that, it's not enough to import the certificate into keystore. It needs to be imported directly into the CACERT file. That sounds like malarkey. To make matters even worse, I found yet another advice in Tomcat's documentation, saying : before importing the certificate, you need to first import a so-called TRUST CHAIN. That may be possible. See... the big guys like VeriSign don't have just a single certificate/key that they use to sign your certificate(s): they have dozens. That is, in the tree of trust, there are many branches. There are many reasons for that which I won't go into, here. Basically, VeriSign's top-level cert (and they have more than one) trusts VeriSign's mid-level certs, which in turn trust VeriSign's lowest-level cert, which trusts you. If you want the JVM to trust your certificate, you need to provide your certificate (duh!) plus the 2 intervening (chain) certificates to bridge the chain of trust from your cert to the top-level VeriSign cert that ships with the JVM. In some places, it says you need this trust chain if the certificate was applied for by yourself. That statement is a bit ambiguous. is it: *keytool -import -file tomcatCert.crt -trustcacerts -alias tomcat -keystore c:/apps/jdk/jre/lib/security/cacerts -storepass changeit* or is it : * keytool -import -alias root -keystore your_keystore_filename -trustcacerts -file filename_of_the_chain_certificate* It's both, or neither :) Usually, you don't want to modify the keystore that came with the JVM (that's c:/apps/jdk/jre/lib/security/cacerts). Why? Because if you upgrade your JVM, then you're trusted certs will appear to vanish because the new JVM ships with a new cacerts file which doesn't include your changes. What would be best is something like this (the \s in here are a *NIX-style command continues on the next line convention... they are not intended to be actually entered on the command line, but indicate that you shouldn't press ENTER at the end of each line of text): keytool -import \ -file chain-1-cert.crt \ -trustcacerts\ -alias chain-1 \ -keystore path\to\my\keystore (then enter the password when prompted) This will import one of the chain
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
On Fri, 20 Nov 2009 07:13:44 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi This is not Fun dude... I know how to write a SOCKET Programming for Standalone, How do I write a socket Listener for WEB Application running over TOMCAT when the application is up and running.? Please be serious...I asked for some help or ideas :( Tomcat is a Servlet engine. You can use Tomcat to write/run Servlets. What is your setup? client -A- tomcat -B- 3rd party app? 'A' is handled by a servlet? And you have to write 'B'? Can you provide more information? Ronald. With regards KArthik -Original Message- From: Ronald Klop [mailto:ronald-mailingl...@base.nl] Sent: Thursday, November 19, 2009 9:06 PM To: Tomcat Users List Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On Thu, 19 Nov 2009 14:59:16 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi Can some body provide me a sample code for Socket (TCP / IP ) reading from a war application on Tomcat Can Listeners be made use of for the same? Reason: I need to Accept / Reply a XML File over the socket port from 3rd party application (as Client ) Also the Soap (Approached was not recommended for this existing application ) With regards Karthik See here for some examples: http://tinyurl.com/ylq2zlj -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
On 20.11.2009 09:03, thomas2004 wrote: Scroll back to Rainer's message dated 17/11/2009. There is a question there. The answer to that question is what Rainer is waiting for. Ok, here again Rainer's question: I know, that you have seen a problem, the errno=11 thing. I need to know, whether *this* problem (errno=11, which is your original PDF generation problem) also happens, when no socket-timeout and no reply_timeout is set. My answer: I took out the socket_timeout and reply_timeout. Here again my workers.properties: worker.worker_portfolio_son1.connection_pool_timeout=600 worker.worker_portfolio_son1.socket_keepalive=True worker.worker_portfolio_son1.lbfactor=1 worker.worker_portfolio_son1.type=ajp13 worker.worker_portfolio_son1.port=8009 worker.worker_portfolio_son1.host=appl-portfolio-test.mycom.com worker.worker_portfolio_son1.sticky_session=True I can't see the errno=11 in the mod_jk.log now. As I said in my last post, the developer changed the program so it will not return PDF-stream but simply plain text. What I get is posted in my former post. Does Rainer need further info? I will supply him. Thanks for the info. I though you opened a buzilla issue? Would you mind pasting this into the issue as a new comment? Once we agree, that something looks like a bug and an issue is opened, it's best to collct further info there. Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
cluster deployment by context descriptors
Hi all, I have a cluster with Apache2.2 and three Tomcat 6 instances in load balance and sticky sessions on three different servers. I use another server like webapps repository, so my tomcat's go to applications by context descriptors. But I don't want all three tom go on all apllications, so I replicate same context to only tomcats I want. This doesn't works fine, beacause sometimes the tom that doesn't point to that application receive the request and display a 404 page. How can I solve the problem? Thanks
Logging into clustered enviroment
Hi all, I am preparing myself for my first commercial application in clustered Tomcat environment. One of requests that I have is to allow exposing logs that happened on either TomcatA or TomcatB aggregated in single report. TomcatA and TomcatB are behind Apache Server and load balancing should be used. Until now I developed web applications just for single Tomcat, or in case that Load Balancing is requested no-one asked for such kind of aggregated report. My guess is that some kind of central repository for Logging should be used (TomcatA and TomcatB can access to that central repository and write thier logs there) but I am wondering what about permissions? What is TomcatA is writing to log and TomcatB should log to same log his stuff? Any experience about this matter? Can You point me out some inet address, blog, book ? Thanks in advance ? -- Aleksandar dipl. ing. Stoisavljevic Software Developer mobile: +381 (0) 64 211 50 40 Web: http://www.staleksit.in.rs E-mail:stal...@gmail.com e-mail%3astal...@gmail.com Mail: Branislava Nusica 10, 21000 Novi Sad, Serbia
Re: Tomcat 6 on Windows Vista 64bit
On 20/11/2009 05:25, Tuan Quan wrote: Anyone has succesfully installed Tomcat 64 bit on Windows Vista Business 64bit OS? Thanks. Tuan Yep. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Some advice on apache tomcat
Hassan Schroeder wrote: You do know that every time someone uses content management and WordPress in the same context, God kills a kitten, don't you? Always eager to learn new subtleties of the English language.. What does the above really mean ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Subdomain vs. Subdirectory
picosam wrote: Hello, I have a Tomcat6 server running behind an Apache2 server using JK mod. My Tomcat responds to www.myserver.com and www.myserver.com/api. I would like to make the server not respond to the latter and access the application under /api via api.myserver.com instead. http://wiki.apache.org/tomcat/HowTo # 38 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Grant access to files out of webapp context using SecurityManager
g f wrote: I need to grant mywebapp read,write,execute permissions to these images. I am attempting to configure SecurityManager to allow this but am having some difficulties. Also make sure that, at the OS level, the user-id under which Tomcat runs has the permissions to access these files. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Subdomain vs. Subdirectory
Hassan Schroeder wrote: On Thu, Nov 19, 2009 at 10:07 AM, picosam pico...@gmail.com wrote: I have a Tomcat6 server running behind an Apache2 server using JK mod. My Tomcat responds to www.myserver.com and www.myserver.com/api. I would like to make the server not respond to the latter and access the application under /api via api.myserver.com instead. So you want api.myserver.com to be a virtual host. There's a doc for that. :-) Right, and I missed that the Op also wanted to change the hostname. So you need both the HowTo #38 and what Hassan mentions here. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
On 20/11/2009 06:13, Karthik Nanjangude wrote: Hi This is not Fun dude... I know how to write a SOCKET Programming for Standalone, How do I write a socket Listener for WEB Application running over TOMCAT when the application is up and running.? Please be serious...I asked for some help or ideas :( You mentioned XML - use some existing library that works with XML. Why are you determined to use a Socket? You're making an HTTP connection, if you must do it the hard way, use an appropriate class, e.g. HttpURLConnection. http://lmgtfy.com/?q=java+Socket http://lmgtfy.com/?q=java+HttpURLConnection You're not asking questions that anyone here is likely to want to help you with because: 1. You are not having a problem with a Tomcat installation. 2. You are not being specific about what the real issue is. 3. You are not stating what you've tried. 4. People get paid to write code and solve this type of problem. You've posted on this list before and received help, no? You've read this before, yes? http://catb.org/~esr/faqs/smart-questions.html p With regards KArthik -Original Message- From: Ronald Klop [mailto:ronald-mailingl...@base.nl] Sent: Thursday, November 19, 2009 9:06 PM To: Tomcat Users List Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On Thu, 19 Nov 2009 14:59:16 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi Can some body provide me a sample code for Socket (TCP / IP ) reading from a war application on Tomcat Can Listeners be made use of for the same? Reason: I need to Accept / Reply a XML File over the socket port from 3rd party application (as Client ) Also the Soap (Approached was not recommended for this existing application ) With regards Karthik See here for some examples: http://tinyurl.com/ylq2zlj -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: cluster deployment by context descriptors
On 20/11/2009 09:22, Paolo Santarsiero wrote: Hi all, I have a cluster with Apache2.2 and three Tomcat 6 instances in load balance and sticky sessions on three different servers. I use another server like webapps repository, so my tomcat's go to applications by context descriptors. But I don't want all three tom go on all apllications, so I replicate same context to only tomcats I want. This doesn't works fine, beacause sometimes the tom that doesn't point to that application receive the request and display a 404 page. How can I solve the problem? Thanks Problem: you're sending the traffic to the wrong Tomcats? Solution: don't send the traffic to the wrong Tomcat. Your mod_jk or mod_proxy load balancing config is sending* the traffic to Tomcat instances without the right apps, so you'll have to modify your config to ensure it does not do that. There's no magic fix for undoing something you've told it to do. p * I'm guessing here, because your post is a bit short of actual details. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Performance Problem
Hi all, I am developing a web application using Tomcat 6.0 and MyEclipse IDE. For my requirements i have to store a lot of (100-200) Lists objects in my sessions. And any list may be associated with a lot other objects, because of this the performance of my application have become very slow. As i run through my application its becoming more slow. Please can anybody provide my any suggestion on this issue. Thanks in advance. Regards, div.gcet -- View this message in context: http://old.nabble.com/Performance-Problem-tp26436340p26436340.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Some advice on apache tomcat
On 20/11/2009 09:51, André Warnier wrote: Hassan Schroeder wrote: You do know that every time someone uses content management and WordPress in the same context, God kills a kitten, don't you? Always eager to learn new subtleties of the English language.. What does the above really mean ? The Oxford Phrasesaurus para-phrases it as follows: 1. I think very little of the comparison between ONE and TWO. 2. Many people will think less of you for directly associating item ONE with item TWO. 3. It is a regrettable mistake to compare ONE with TWO in the same sentence, and everyone knows it. You should feel embarrassed. 4. ARSE. (See also Father Jack, a character in 'Father Ted'). (The item is illustrated by the image of a deity applying its wrath to a small, cute, helpless and furry creature, and the implication that it is the addressees fault. It is an unpleasant image.) p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance Problem
On 20/11/2009 10:14, div.gcet wrote: Hi all, I am developing a web application using Tomcat 6.0 and MyEclipse IDE. For my requirements i have to store a lot of (100-200) Lists objects in my sessions. And any list may be associated with a lot other objects, because of this the performance of my application have become very slow. As i run through my application its becoming more slow. Please can anybody provide my any suggestion on this issue. Thanks in advance. Regards, div.gcet 1. Don't store such big lists in the session? 2. Don't store such big objects in the lists? 3. Add a lot more memory to your server? What do your app logs say? If you are doing the above, then you may be running into garbage collection issues*. It sounds like you're trying to put too much data into memory - which is not a infinite resource. Enable the garbage collection log and look for lots of repeated full gc's. Your app architecture probably needs a rethink. p * Of course, I'm just guessing because your post is a bit short of actual info. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Some advice on apache tomcat
Pid wrote: ... (The item is illustrated by the image of a deity applying its wrath to a small, cute, helpless and furry creature, and the implication that it is the addressees fault. It is an unpleasant image.) Thanks. I think I get it now. So, it's kind of like when you or Chuck answer a poor helpless poster complaining about something not working in their Ubuntu Tomcat 4 package running under gcj, right ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Performance Problem
2009/11/20 div.gcet divya.garg...@gmail.com Hi all, I am developing a web application using Tomcat 6.0 and MyEclipse IDE. For my requirements i have to store a lot of (100-200) Lists objects in my sessions. And any list may be associated with a lot other objects, because of this the performance of my application have become very slow. As i run through my application its becoming more slow. Please can anybody provide my any suggestion on this issue. Thanks in advance. Storing large amounts of data in a session is not a good idea, as it leads to the kinds of performance problems you're seeing. I would recommend finding another way of storing your Lists objects, or review for other ways of meeting the requirements. Why are they in the Session rather than anywhere else? Why do they exist at all? - Peter
Re: cluster deployment by context descriptors
So I must configure vhost under apache for a specific webapp and then create context descriptor for specific tomcats under default host (ex. under tom1 and tom2 and not under tom3). Or must I create vhost under specific tomcats too? 2009/11/20 Pid p...@pidster.com On 20/11/2009 09:22, Paolo Santarsiero wrote: Hi all, I have a cluster with Apache2.2 and three Tomcat 6 instances in load balance and sticky sessions on three different servers. I use another server like webapps repository, so my tomcat's go to applications by context descriptors. But I don't want all three tom go on all apllications, so I replicate same context to only tomcats I want. This doesn't works fine, beacause sometimes the tom that doesn't point to that application receive the request and display a 404 page. How can I solve the problem? Thanks Problem: you're sending the traffic to the wrong Tomcats? Solution: don't send the traffic to the wrong Tomcat. Your mod_jk or mod_proxy load balancing config is sending* the traffic to Tomcat instances without the right apps, so you'll have to modify your config to ensure it does not do that. There's no magic fix for undoing something you've told it to do. p * I'm guessing here, because your post is a bit short of actual details. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Logging in Tomcat 5 (SysOut SysErr)
At present, system.out and system.err are printing in the Windows console. How can I redirect output to some file? Or even better would be to have 2 outputs: file and Windows console. I have tried to read Tomcat docs and got lost there. It mentions default catalina.log as output, but I don't have it. Nor logging.properties. Please, can someone give me short guide what I have to do to acomplish logging of system.err and system.out into the file(s)? I can not change the way applications log, apps log to system.out and doesn't use log4j. Thank you, Milan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging in Tomcat 5 (SysOut SysErr)
You will need some kind of logging framework to do this (e.g. Log4J). On Fri, Nov 20, 2009 at 12:26 PM, Milan Tomic tomicmi...@yahoo.com wrote: At present, system.out and system.err are printing in the Windows console. How can I redirect output to some file? Or even better would be to have 2 outputs: file and Windows console. I have tried to read Tomcat docs and got lost there. It mentions default catalina.log as output, but I don't have it. Nor logging.properties. Please, can someone give me short guide what I have to do to acomplish logging of system.err and system.out into the file(s)? I can not change the way applications log, apps log to system.out and doesn't use log4j. Thank you, Milan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Aleksandar dipl. ing. Stoisavljevic Software Developer mobile: +381 (0) 64 211 50 40 Web: http://www.staleksit.in.rs E-mail:stal...@gmail.com e-mail%3astal...@gmail.com Mail: Branislava Nusica 10, 21000 Novi Sad, Serbia
Re: [OT] Some advice on apache tomcat
On 20/11/2009 10:32, André Warnier wrote: Pid wrote: ... (The item is illustrated by the image of a deity applying its wrath to a small, cute, helpless and furry creature, and the implication that it is the addressees fault. It is an unpleasant image.) Thanks. I think I get it now. So, it's kind of like when you or Chuck answer a poor helpless poster complaining about something not working in their Ubuntu Tomcat 4 package running under gcj, right ? I'm not sure I understand what you're saying there. ;) p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat / windows 2008 IIS 7 x64
Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Howto Socket (TCP / IP ) reading from a war application on Tomcat
Hi You mentioned XML - use some existing library that works with XML. A 3rd party Client S/w of C++ sends an XML string over socket This socket is be defined and read by *Process* of web application You are not having a problem with a Tomcat installation. TOMCAT 6.0.2.0 JDK 1.6.0 O/s Linux / Unix / Windows Why are you determined to use a Socket? Soap over HTTP (Approached was not recommended by the existing client s/w You are not stating what you've tried. With a Load on Startup servlet tried to listen to the socket,which does not work People get paid to write code and solve this type of problem I have been using this form since 2000 (almost 10 years) and have giving solutions /ideas to not so smart guys like me This form was created for the same cause, I presume not to make money :( With regards Karthik -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 3:34 PM To: users@tomcat.apache.org Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On 20/11/2009 06:13, Karthik Nanjangude wrote: Hi This is not Fun dude... I know how to write a SOCKET Programming for Standalone, How do I write a socket Listener for WEB Application running over TOMCAT when the application is up and running.? Please be serious...I asked for some help or ideas :( You mentioned XML - use some existing library that works with XML. Why are you determined to use a Socket? You're making an HTTP connection, if you must do it the hard way, use an appropriate class, e.g. HttpURLConnection. http://lmgtfy.com/?q=java+Socket http://lmgtfy.com/?q=java+HttpURLConnection You're not asking questions that anyone here is likely to want to help you with because: 1. You are not having a problem with a Tomcat installation. 2. You are not being specific about what the real issue is. 3. You are not stating what you've tried. 4. People get paid to write code and solve this type of problem. You've posted on this list before and received help, no? You've read this before, yes? http://catb.org/~esr/faqs/smart-questions.html p With regards KArthik -Original Message- From: Ronald Klop [mailto:ronald-mailingl...@base.nl] Sent: Thursday, November 19, 2009 9:06 PM To: Tomcat Users List Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On Thu, 19 Nov 2009 14:59:16 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi Can some body provide me a sample code for Socket (TCP / IP ) reading from a war application on Tomcat Can Listeners be made use of for the same? Reason: I need to Accept / Reply a XML File over the socket port from 3rd party application (as Client ) Also the Soap (Approached was not recommended for this existing application ) With regards Karthik See here for some examples: http://tinyurl.com/ylq2zlj -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat / windows 2008 IIS 7 x64
On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat / windows 2008 IIS 7 x64
1. Tomcat is running on port 8080, at least I am getting to the default web site. 2-3. Don't know what you mean by this? How does one check? Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat / windows 2008 IIS 7 x64
On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
2009/11/20 Karthik Nanjangude karthik.nanjang...@xius-bcgi.com A 3rd party Client S/w of C++ sends an XML string over socket This socket is be defined and read by *Process* of web application OK, so you're trying to get Tomcat to do something it's not designed to do: handle incoming TCP connections that are not HTTP connections. This will be a lot of work. It's like trying to drive a car along a river instead of a road... sure, you can adapt the car to do that, but it might be cheaper to get a boat! In this case, it might be cheaper to get a socket server. What are the goals for performance and response time to the C++ client? Can you use something like Apache MINA (http://mina.apache.org/) to write yourself a small server that accepts the incoming XML from the C++ client, then wraps it in a HTTP request and sends that HTTP request to Tomcat? - Peter
RE: Tomcat / windows 2008 IIS 7 x64
Those steps I was not sure about, can you give me default values or settings, that might be my issue. The jsp is in the default web site, but I would like the whole server to have this ability - meaning more that just the default site, we will probably have a couple of web sites on this server. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:46 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:34, Sabo, Eric wrote: That step did not work, I have one file that has a simple jsp page it will not display it. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:31 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? OK, so: What Connectors and Hosts you have defined in your server.xml? Where did you put the JSP? p p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 on Windows Vista 64bit
Tuan Quan wrote: Anyone has succesfully installed Tomcat 64 bit on Windows Vista Business 64bit OS? Thanks. Tuan First off, there's no such thing as Tomcat 64-bit, just 64-bit JVMs. I haven't used Vista, but no trouble on Win server 2008, which is almost the same thing. Just make sure you get the right JVM. Working on setting up Win 7 x64 right now. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat / windows 2008 IIS 7 x64
On 20/11/2009 12:52, Sabo, Eric wrote: Those steps I was not sure about, can you give me default values or settings, that might be my issue. The default server.xml has some settings that are default. Obviously. Have you changed them, if so, what to? The jsp is in the default web site, but I would like the whole server to have this ability - meaning more that just the default site, we will probably have a couple of web sites on this server. And exactly where is that? You can't just place files in a/the webapps directory. I'm not going to keep guessing what you've done; if you want help you've got to give me the info I asked for. p -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:46 AM To: users@tomcat.apache.org Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:34, Sabo, Eric wrote: That step did not work, I have one file that has a simple jsp page it will not display it. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:31 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:23, Sabo, Eric wrote: 1. Tomcat is running on port 8080, at least I am getting to the default web site. Good start. 2-3. Don't know what you mean by this? How does one check? 2. Your application. JSP != PHP You can't just chuck JSP files into a published directory hope they work*. Do you have an application to deploy to Tomcat already? OK, so: What Connectors and Hosts you have defined in your server.xml? Where did you put the JSP? p p * Probably. Nothing has been written to my log files that I setup in the isap.properties file. I am new to tomcat so please bare with me on this. Thanks for all your help on this issue. -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 7:21 AM To: Tomcat Users List Subject: Re: Tomcat / windows 2008 IIS 7 x64 On 20/11/2009 12:11, Sabo, Eric wrote: Still after trying some more things we are still getting an HTTP Error 404.3 - Not Found - error code of 0x80070032 I followed this steps: http://jspors.blogspot.com/2009/01/setting-up-64-bit-tomcat-6-on-iis7.html Configure Tomcat (this is the part we are not really sure) Start with little steps: 1. Can you get Tomcat running with the default server.xml? 2. Next, can you get Tomcat running your app as a standalone? 3. After that connect IIS to Tomcat. Get back to us at each stage if it's not working. Don't forget to check log files. catalina.out is a good place to start. Set up server.xml Set up context.xml Set up isapi_redirect.properties, workers.properties, and uriworkermap.properties (see http://tomcat.apache.org/connectors-doc/reference/iis.html) Also how do we tell if we got the right executables meaning the right x64 ones? Tomcat won't start. Probably. p Since this is open source, is there anyone that does this setup for consulting fee? -Original Message- From: Sabo, Eric Sent: Thursday, November 19, 2009 11:38 AM To: 'users@tomcat.apache.org' Subject: Tomcat / windows 2008 IIS 7 x64 Is there any official documentation on how to setup Tomcat (ASPX/JSP java interpreter) on a Windows 2008 using IIS 7 (x64 platform) ? Thanks in advance, Eric Sabo Senior Windows Systems Engineer Information Technology Services - Operations California University of Pennsylvania Please note my new email address:eric.s...@calu.edu Notice: California University of Pennsylvania is changing its domain name from CUP.EDU to CALU.EDU, effective Aug. 14. Please make a note that all email addresses will change to use this domain name and record appropriate changes in your contact lists. The CUP.EDU address will continue to work in parallel for a short time and then will be discontinued. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
On Fri, 20 Nov 2009 13:20:04 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi You mentioned XML - use some existing library that works with XML. A 3rd party Client S/w of C++ sends an XML string over socket This socket is be defined and read by *Process* of web application You are not having a problem with a Tomcat installation. TOMCAT 6.0.2.0 JDK 1.6.0 O/s Linux / Unix / Windows Why are you determined to use a Socket? Soap over HTTP (Approached was not recommended by the existing client s/w You are not stating what you've tried. With a Load on Startup servlet tried to listen to the socket,which does not work What went wrong? There is no reason why such a thing should not work. Just instantiate a static class/Thread which listens on a port. I don't understand your problem. It is the same as a standalone program except you are starting your class differently. Ronald. People get paid to write code and solve this type of problem I have been using this form since 2000 (almost 10 years) and have giving solutions /ideas to not so smart guys like me This form was created for the same cause, I presume not to make money :( With regards Karthik -Original Message- From: Pid [mailto:p...@pidster.com] Sent: Friday, November 20, 2009 3:34 PM To: users@tomcat.apache.org Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On 20/11/2009 06:13, Karthik Nanjangude wrote: Hi This is not Fun dude... I know how to write a SOCKET Programming for Standalone, How do I write a socket Listener for WEB Application running over TOMCAT when the application is up and running.? Please be serious...I asked for some help or ideas :( You mentioned XML - use some existing library that works with XML. Why are you determined to use a Socket? You're making an HTTP connection, if you must do it the hard way, use an appropriate class, e.g. HttpURLConnection. http://lmgtfy.com/?q=java+Socket http://lmgtfy.com/?q=java+HttpURLConnection You're not asking questions that anyone here is likely to want to help you with because: 1. You are not having a problem with a Tomcat installation. 2. You are not being specific about what the real issue is. 3. You are not stating what you've tried. 4. People get paid to write code and solve this type of problem. You've posted on this list before and received help, no? You've read this before, yes? http://catb.org/~esr/faqs/smart-questions.html p With regards KArthik -Original Message- From: Ronald Klop [mailto:ronald-mailingl...@base.nl] Sent: Thursday, November 19, 2009 9:06 PM To: Tomcat Users List Subject: Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat On Thu, 19 Nov 2009 14:59:16 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi Can some body provide me a sample code for Socket (TCP / IP ) reading from a war application on Tomcat Can Listeners be made use of for the same? Reason: I need to Accept / Reply a XML File over the socket port from 3rd party application (as Client ) Also the Soap (Approached was not recommended for this existing application ) With regards Karthik See here for some examples: http://tinyurl.com/ylq2zlj -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 on Windows Vista 64bit
as chuck mentioned you need to install 64bit JVM from Sun http://www.java.com/en/download/manual.jsp#win Martin Gainty __ Verzicht und Vertraulichkeitanmerkung/Note de déni et de confidentialité Diese Nachricht ist vertraulich. Sollten Sie nicht der vorgesehene Empfaenger sein, so bitten wir hoeflich um eine Mitteilung. Jede unbefugte Weiterleitung oder Fertigung einer Kopie ist unzulaessig. Diese Nachricht dient lediglich dem Austausch von Informationen und entfaltet keine rechtliche Bindungswirkung. Aufgrund der leichten Manipulierbarkeit von E-Mails koennen wir keine Haftung fuer den Inhalt uebernehmen. Ce message est confidentiel et peut être privilégié. Si vous n'êtes pas le destinataire prévu, nous te demandons avec bonté que pour satisfaire informez l'expéditeur. N'importe quelle diffusion non autorisée ou la copie de ceci est interdite. Ce message sert à l'information seulement et n'aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. Date: Thu, 19 Nov 2009 21:25:10 -0800 From: tuan_q...@yahoo.com Subject: Tomcat 6 on Windows Vista 64bit To: users@tomcat.apache.org Anyone has succesfully installed Tomcat 64 bit on Windows Vista Business 64bit OS? Thanks. Tuan _ Bing brings you maps, menus, and reviews organized in one place. http://www.bing.com/search?q=restaurantsform=MFESRPpubl=WLHMTAGcrea=TEXT_MFESRP_Local_MapsMenu_Resturants_1x1
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
Ronald Klop wrote: On Fri, 20 Nov 2009 13:20:04 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi You mentioned XML - use some existing library that works with XML. A 3rd party Client S/w of C++ sends an XML string over socket This socket is be defined and read by *Process* of web application You are not having a problem with a Tomcat installation. TOMCAT 6.0.2.0 JDK 1.6.0 O/s Linux / Unix / Windows Why are you determined to use a Socket? Soap over HTTP (Approached was not recommended by the existing client s/w You are not stating what you've tried. With a Load on Startup servlet tried to listen to the socket,which does not work What went wrong? There is no reason why such a thing should not work. Just instantiate a static class/Thread which listens on a port. I don't understand your problem. It is the same as a standalone program except you are starting your class differently. Just jumping in here for a minute.. Isn't there some fundamental logical problem here ? Unless I am mistaken, we are talking about a webapp running under Tomcat. This webapp is being run when there is a request (in principle, a HTTP request) received by Tomcat, whose URL matches one that the webapp is mapped to. Now if that webapp gets started, somehow, and even if it starts listening on a socket (separate from the Tomcat Connector listening sockets), isn't that socket not going to be listening anymore when that webapp, somehow, stops running ? I fail to see the inherent logic in running something like this under Tomcat. I mean, even if somehow it works, what is the benefit of running this under a servlet engine ? Should this not be instead a stand-alone application ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat 6 on Windows Vista 64bit
From: Martin Gainty [mailto:mgai...@hotmail.com] Subject: RE: Tomcat 6 on Windows Vista 64bit as chuck mentioned you need to install 64bit JVM from Sun No, you don't *need* to install a 64-bit JVM, but given that it's a 64-bit OS, doing so is sensible. If you install a 64-bit JVM and want to run Tomcat as a Windows service, you will also need the 64-bit service wrapper, available here: http://svn.apache.org/repos/asf/tomcat/tc6.0.x/trunk/res/procrun/amd64/ - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Howto Socket (TCP / IP ) reading from a war application on Tomcat
On Fri, 20 Nov 2009 14:22:57 +0100, André Warnier a...@ice-sa.com wrote: Ronald Klop wrote: On Fri, 20 Nov 2009 13:20:04 +0100, Karthik Nanjangude karthik.nanjang...@xius-bcgi.com wrote: Hi You mentioned XML - use some existing library that works with XML. A 3rd party Client S/w of C++ sends an XML string over socket This socket is be defined and read by *Process* of web application You are not having a problem with a Tomcat installation. TOMCAT 6.0.2.0 JDK 1.6.0 O/s Linux / Unix / Windows Why are you determined to use a Socket? Soap over HTTP (Approached was not recommended by the existing client s/w You are not stating what you've tried. With a Load on Startup servlet tried to listen to the socket,which does not work What went wrong? There is no reason why such a thing should not work. Just instantiate a static class/Thread which listens on a port. I don't understand your problem. It is the same as a standalone program except you are starting your class differently. Just jumping in here for a minute.. Isn't there some fundamental logical problem here ? Unless I am mistaken, we are talking about a webapp running under Tomcat. This webapp is being run when there is a request (in principle, a HTTP request) received by Tomcat, whose URL matches one that the webapp is mapped to. Now if that webapp gets started, somehow, and even if it starts listening on a socket (separate from the Tomcat Connector listening sockets), isn't that socket not going to be listening anymore when that webapp, somehow, stops running ? I fail to see the inherent logic in running something like this under Tomcat. I mean, even if somehow it works, what is the benefit of running this under a servlet engine ? Should this not be instead a stand-alone application ? That is something everybody except the OP is wondering about. :-) Ronald. -- Using Opera's revolutionary e-mail client: http://www.opera.com/mail/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
configure Tomcat to use a http-proxy
Hi all First of all , thanks for answering this mail :) I'm not a developer, just a teleco engineer. In our company we have activated a new http-proxy to gave access to Internet to all our users (until now we gave them direct access by firewall rules). Since we activated it our development team have problems to connect to Internet with the applications. I have being searching in tomcat.apache.orgweb page but I have not found a way to configure Tomcat to force it to use a proxy (with user/pass autentication). I have found manual to configure the tomcat as proxy, some Java classes to act as proxy, etc. but I don't find a way to force Tomcat to use an exitent web-proxy. May can someone give me some ligth? Regards
Re: configure Tomcat to use a http-proxy
On 20/11/2009 14:53, Andreu Adrover wrote: Hi all First of all , thanks for answering this mail :) I'm not a developer, just a teleco engineer. In our company we have activated a new http-proxy to gave access to Internet to all our users (until now we gave them direct access by firewall rules). Since we activated it our development team have problems to connect to Internet with the applications. I have being searching in tomcat.apache.orgweb page but I have not found a way to configure Tomcat to force it to use a proxy (with user/pass autentication). I have found manual to configure the tomcat as proxy, some Java classes to act as proxy, etc. but I don't find a way to force Tomcat to use an exitent web-proxy. May can someone give me some ligth? Regards Tomcat doesn't make outbound requests that would require it to use a proxy. Your application might do so, and so it would be that which needs configuring. http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configure Tomcat to use a http-proxy
Thanks then I'll search on thay way. Regards 2009/11/20 Pid p...@pidster.com On 20/11/2009 14:53, Andreu Adrover wrote: Hi all First of all , thanks for answering this mail :) I'm not a developer, just a teleco engineer. In our company we have activated a new http-proxy to gave access to Internet to all our users (until now we gave them direct access by firewall rules). Since we activated it our development team have problems to connect to Internet with the applications. I have being searching in tomcat.apache.orgweb page but I have not found a way to configure Tomcat to force it to use a proxy (with user/pass autentication). I have found manual to configure the tomcat as proxy, some Java classes to act as proxy, etc. but I don't find a way to force Tomcat to use an exitent web-proxy. May can someone give me some ligth? Regards Tomcat doesn't make outbound requests that would require it to use a proxy. Your application might do so, and so it would be that which needs configuring. http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configure Tomcat to use a http-proxy
Pid wrote: http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html That, however, does not seem to handle the case where the proxy requires an authentication (the type of which was unfortunately not indicated by the OP). Any generic tips in that direction ? - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] Some advice on apache tomcat
Pid wrote: On 20/11/2009 10:32, André Warnier wrote: Pid wrote: ... (The item is illustrated by the image of a deity applying its wrath to a small, cute, helpless and furry creature, and the implication that it is the addressees fault. It is an unpleasant image.) Thanks. I think I get it now. So, it's kind of like when you or Chuck answer a poor helpless poster complaining about something not working in their Ubuntu Tomcat 4 package running under gcj, right ? I'm not sure I understand what you're saying there. ;) Aw, shucks. My incomplete command of the English language again, no doubt. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: configure Tomcat to use a http-proxy
On 20/11/2009 15:57, André Warnier wrote: Pid wrote: http://java.sun.com/javase/6/docs/technotes/guides/net/proxies.html That, however, does not seem to handle the case where the proxy requires an authentication (the type of which was unfortunately not indicated by the OP). Any generic tips in that direction ? You'd probably have to code for that when you make the (a?) URLConnection. Rather depends on how the OP's apps are making the outbound connection. String credential = username + : + password; String encoded = base64Encoder(credential); connection.setRequestProperty(Proxy-Authorization, encoded); YMMV p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
All,
I'm having trouble getting a client certificate chain sent to Tomcat via
mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27.
My httpd configuration looks like this:
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
SSLOptions +ExportCertData
JkOptions +ForwardSSLCertChain
JkMount /cschultz-chadis/*.jsp worker21
JkLogLevel debug
# chain.crt contains all 3 certificates
SSLCACertificateFile /etc/apache2/chadis/chain.crt
SSLVerifyClient optional
SSLVerifyDepth 10
I use a template worker for many workers:
worker.template.type=ajp13
worker.template.host=localhost
worker.template.connection_pool_timeout=60
worker.template.socket_timeout=300
worker.template.max_packet_size=65536
... and here's the real worker:
worker.list=worker21
worker.worker21.reference=worker.template
worker.worker21.port=8215
Note that I've set the max_packet_size to the maximum allowed size. Here
is my Connector in Tomcat:
Connector port=8215
enableLookups=false
redirectPort=8443 protocol=AJP/1.3
URIEncoding=UTF-8 packetSize=65536 /
Note that I've set the maximum packet size to the maximum, here, too.
Apache httpd successfully verifies the client certificate and /does/
send the client certificate to Tomcat. However, I have a certificate
chain that looks like this:
Root Cert - Root Signing Cert - Sub Signing Cert - My Client Cert
In my Java code, I'd like to re-verify the client certificate by loading
only the root certificate and rely on the chain forwarded from Apache
httpd for recursive verification (or I can do that myself, I suppose,
but I'd like to get the whole chain anyway).
I have attached a debug-level mod_jk log file that shows the
conversation for this one request/response (don't worry, the certs are
all test certs). If you skip past all the maintaining worker X lines,
you'll see that 3 certificates are dumped to the log by init_ws_service.
In order from top to bottom, these certs are: client cert, sub-signing
cert, root signing cert (but not the top-level root cert).
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
logs part of the request, so it's possible that more information is
being sent than is being logged, so I can't tell if everything gets sent.
I have a JSP (shown below) that dumps out information about the
certificate being used to verify the client cert, as well as everything
sent by the client.
What I see in my browser when this is run is (roughly):
==
caCert is [ CA cert details ]
fingerprint is: [fingerprint]
sig is: [MD5 hash] (64 bytes)
Client cert is:
[Ljava.security.cert.X509Certificate;@1a8402c([Ljava.security.cert.X509Certificate;)
It's an array of 1 certificates.
1. [ client cert details ]
verification: true
Thanks!
==
If I use the sub-signing certificate (that's the one used to directly
sign the client cert), then I get verification: true. If I use the
root certificate, I get verification: false which makes sense because,
without the certificate chain, these certs have no relationship.
Any help would be greatly appreciated. Specifically, I'd like to know:
1. How to get httpd / mod_jk to send the entire cert chain (I thought
I had configured it appropriately)
2. How to fetch the whole certificate chain from the request
(I had expected an array with more than 1 certificate)
3. How to properly verify the client cert given the root cert on disk
and the chain provided by the client (which ought to be easy if
I simply iterate over the chain provided in the request).
Thanks,
- -chris
ClientCertInfo.jsp:
==
%@ page
pageEncoding=UTF-8
session=false
language=java
import=
java.io.*,
java.util.*,
java.security.cert.*,
java.security.KeyStore,
com.chadis.tools.security.Digester,
com.chadis.tools.security.EncodingUtil
%
%
FileInputStream inStream = null;
X509Certificate caCert = null;
try
{
X509Certificate cert = null;
inStream = new
FileInputStream(/home/cschultz/projects/client-ssl-cert/third/ca.crt.simple);
CertificateFactory cf = CertificateFactory.getInstance(X.509);
caCert = (X509Certificate)cf.generateCertificate(inStream);
}
finally
{
if(null != inStream) try { inStream.close(); }
catch (IOException ioe) { out.print(!-- error closing stream: +
ioe + --); }
}
%
pprecaCert is %= caCert %/prep
pfingerprint is: %=
EncodingUtil.toByteString(Digester.digest(caCert.getEncoded(), SHA-1))
%/p
psig is: %= EncodingUtil.toByteString(caCert.getSignature()) % (%=
caCert.getSignature().length / 2% bytes)/p
%
Object cert = request.getAttribute(javax.servlet.request.X509Certificate);
%
pClient cert is: pre%= (null == cert ?
RE: Logging in Tomcat 5 (SysOut SysErr)
From: Milan Tomic [mailto:tomicmi...@yahoo.com] Subject: Logging in Tomcat 5 (SysOut SysErr) At present, system.out and system.err are printing in the Windows console. How can I redirect output to some file? The first thing you have to tell us is exactly what version of Tomcat you're using; saying Tomcat 5 is highly ambiguous. If it's a 5.0.x, that is no longer supported. Look at the swallowOutput attribute for the Context element: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html If you don't have a logging.properties file in Tomcat's conf directory, your Tomcat installation is corrupt. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/20/2009 11:51 AM, Rainer Jung wrote: On 20.11.2009 17:20, Christopher Schultz wrote: If you continue reading, you can see that mod_jk sends at least part of the first certificate. I seem to recall that mod_jk in debug mode only logs part of the request, so it's possible that more information is being sent than is being logged, so I can't tell if everything gets sent. Quick partial answer before I read and understand everything: mod_jk will log full packets with JkLogLevel trace. Debug truncates the logged data. Okay, that sounded familiar. I'll turn on trace and get my eyes ready for a long day :) In the meantime, it does look like mod_jk intends to send the whole certificate chain over to Tomcat. Am I doing this right? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksGzRQACgkQ9CaO5/Lv0PCWqgCgw4YXPG46G/4bnEmv0ouENUag dzUAoKVdPWUPEMfVPn2DfvHMdPHvgTgs =1SZS -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Putting Docbase on network drive. Is it Possible ?
dear Friends, I have mapped drive e: to \\Dell-1710\RSP_DEV\Appl\Web_Dev\Test_Proj\WebContent there it gets latest compiled application through eclipse. I have created a Test-E.xml in C:\Program Files\Tomcat 6.0\conf\Catalina\localhost the contents are Context path=/Test-E docBase=E:/ antiResourceLocking=false allowLinking=true / If I try with http://localhost:8080/Test-E I wont get Error response. But if I copy all contents of e: to c:\Test-C and create Test-C.xml with contents Context path=/Test-C docBase=C:/test-c antiResourceLocking=false allowLinking=true / http://localhost:8080/Test-C it gives index.html I am newbie to Tomcat and would like to know whether docbase on mapped drives are permitted or Not ? or shall I have to take any further actions to get it working. we are putting all our projects at central server and compiling there only. Every time copying contents of webContents to local c: drive is bit troublesome and debugging is also not possible can some experienced programmer give us a way out.(This is our first web project). Urls to howtos, reading material, suggestion of book will be very useful to us so please help us. Thanks and best regards. Raja. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: A question about mod_jk 1.2.28 configuration
Thanks for the info. I though you opened a buzilla issue? Would you mind pasting this into the issue as a new comment? Once we agree, that something looks like a bug and an issue is opened, it's best to collct further info there. Yes, I opened a buzilla issue. It's called Problem with mod_jk 1.2.28 - Can not render up the page on browser after a long wait . I've pasted this as comment. Many thanks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/A-question-about-mod_jk-1.2.28-configuration-tp26264069p26443598.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Putting Docbase on network drive. Is it Possible ?
From: R. S. Patil [mailto:kpr.rspa...@gmail.com] Subject: Putting Docbase on network drive. Is it Possible ? I have created a Test-E.xml in C:\Program Files\Tomcat 6.0\conf\Catalina\localhost the contents are Context path=/Test-E docBase=E:/ antiResourceLocking=false allowLinking=true / Take out the path attribute (it's not allowed) and the allowLinking attribute (ineffective on Windows). If I try with http://localhost:8080/Test-E I wont get Error response. Not getting an error response is usually a good thing. What do you get? I am newbie to Tomcat and would like to know whether docbase on mapped drives are permitted or Not ? Works fine for me - as long as I'm running Tomcat via the startup.bat script. If you're running Tomcat as a service, the service has no access to any drive mappings you've made under your userid. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
logs part of the request, so it's possible that more information is
being sent than is being logged, so I can't tell if everything gets sent.
Quick partial answer before I read and understand everything: mod_jk
will log full packets with JkLogLevel trace. Debug truncates the logged
data.
Okay, that sounded familiar. I'll turn on trace and get my eyes ready
for a long day :)
In the meantime, it does look like mod_jk intends to send the whole
certificate chain over to Tomcat. Am I doing this right?
I would say yes. What I'm not so sure about is the root certificate. The
root should be owned by the web server, otherwise the whole validation
is useless. So I don't know, whether all certs including the root should
be forwarded, or only all except the root.
The httpd docs page
http://httpd.apache.org/docs/2.2/mod/mod_ssl.html
contains a table of env vars at the beginning, and under the table it
explains how the vars are named in case of a whole cert chain for
clients. You can log those env vars in the access log using the %{xxx}e
notation (xxx being the name of the var) to check, whether httpd shows
all of the chain, or only all except the root. I can try to dig into
httpd code to understand it as well.
In case the root isn't provided and forwarded, we can either check how
to forward it with tricks, or you would need to provide it independently
on Tomcat.
Why you do not get a chain and instead only one cert is still open.
Regards,
Rainer
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
SSLEngine On SSLCertificateFile ... SSLCertificateKeyFile ... SSLOptions +ExportCertData JkOptions +ForwardSSLCertChain JkMount /cschultz-chadis/*.jsp worker21 JkLogLevel debug # chain.crt contains all 3 certificates SSLCACertificateFile /etc/apache2/chadis/chain.crt SSLVerifyClient optional SSLVerifyDepth 10 Hmmm, what about SSLOptions +StdEnvVars Regards, Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: Servlet MessageBrokerServlet is not available on Ubuntu AMD64
Thanks chris, On 11/18/2009 11:07 PM, R. S. Patil wrote: The repository Install of Tomcat has the problem. *Please report this issue to the Ubuntu folks*. I'd really prefer if we didn't always have to tell people having your type of problems that everything will be fine if you uninstall the package-managed version of Tomcat and install a 'real' Tomcat from tomcat.apache.org. It gets kind of tiresome doing that, and also it would be nice if the package-managed versions actually did work properly. The problem is that people come here for help and we don't know all the weird conventions of each package manager's file layout, etc. so we can't give decent help to those who need it. Well, I agree with you. I too read on Apache site the first thing mentioned that do a Official Install then ask question. But the natural tendency is to install from repositories like other packages in minor testing it works fine but with some critical cases it fails then naturally ppl turn to Apache site for help and rush to mailing list for asking question. This is what causes trouble to ppl like you. Later the suffering ppl read the site thoroughly and start feeling guilty that it should have been read earlier. this is what I am facing today. I am going to put this to Kubuntu mailing list but I not confident that they will take it seriously because the person wrote a how for tomcat tar.gz installation on Ubuntu was in 2007 still his observation is valid at end of 2009. well anyhow matter is sorted out and who so ever in my touch would like to install tomcat on ubuntu I will adwise him to do tar.gz installation. Thanks and sorry for trouble. Raja. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
The following line from you mod_jk log really shows what is being forwarded as an attribute to Tomcat. This is logged after retrieving the data from Apache but before sending it over the wire. At least we know we got the data from Apache and because it is three and not four certs it is likely, that the root will not be forwarded. On 20.11.2009 17:20, Christopher Schultz wrote: [Fri Nov 20 15:45:13.878 2009] [7826:3057286032] [debug] init_ws_service::mod_jk.c (867): SSL client certificate (3620 bytes): -BEGIN CERTIFICATE- MIIC+zCCAmSgAwIBAgICFEowDQYJKoZIhvcNAQEFBQAwgYAxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhNYXJ5bGFuZDEhMB8GA1UEChMYVG90YWwgQ2hpbGQgSGVhbHRo LCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMxKjAoBgNVBAMTIUNIQURJUyBDbGllbnQg U2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ5MDVaFw0xMTExMTkyMTQ5 MDVaMIGHMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoT GFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMTEwLwYD VQQDFChDSEFESVMvRnJhbmtsaW4gU3F1YXJlIEhvc3BpdGFsIFdpUGFkICMxMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+TezrUb2Bo889dnSHQ9CSal1Jw0S5 eV/74IlGMNnDS9PYZ8ITtdJXj3h9B1Ob8PjWpsDJQ03rb0oQEfX51nt6tcjQgRoV h1UGPF0uWvyyRqmK3EvmyGdtRCpgEtknf/e7DV84yGyxLD9dS+DzB8NnDoGV+kZf Q+HxIMp7W+NKuwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUL4u3oJ0I19j1 j9FO7PmBZIKVqEwwHwYDVR0jBBgwFoAUqDuUvZYFkbiMwWdfjg2viJUd7f8wDQYJ KoZIhvcNAQEFBQADgYEAFXM0unMuvuf1ablBIhbgY3lJf1Mj3kk91ByUVrUDMZTf CWymm3dM4yoWX3XL67iatYNW5bNBcr+pOtPZB59vIC/kiadZY4jKqNmEeEZ3XHOn sEpUnvgA/a1JGGRRa4r47zepuPCDtg7RVTjiK+MlX8YkSkIuhyc51cApPHgPD8g= -END CERTIFICATE- -BEGIN CERTIFICATE- MIIDbzCCAtigAwIBAgICM0AwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx ETAPBgNVBAgTCE1hcnlsYW5kMSEwHwYDVQQKExhUb3RhbCBDaGlsZCBIZWFsdGgs IEluYy4xDzANBgNVBAsTBkNIQURJUzEoMCYGA1UEAxMfQ0hBRElTIFJvb3QgU2ln bmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ4MzNaFw0xOTExMTcyMTQ4MzNa MIGAMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoTGFRv dGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMSowKAYDVQQD EyFDSEFESVMgQ2xpZW50IFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBALMWXLw/9nmrZwgl34YxKnPkC0lWAxlGAXAIfwOAPvSL NciE1RfDGgdSPIn1zy6xnK00Ul2lzQUIpau2+Cl4IL8YW9uhLbKL3MLWnfEkkb7K R8jFRK6QYzHwvvkD6LaCk0nwePNdsltyCt3o9zq49OKOxuwv9TlZDSCIPb5I0xHt AgMBAAGjgfgwgfUwHQYDVR0OBBYEFKg7lL2WBZG4jMFnX44Nr4iVHe3/MIG4BgNV HSMEgbAwga2AFChNal3wLZ2NXSnmDV20IB7Tks8GoYGQpIGNMIGKMQswCQYDVQQG EwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEhMB8G A1UEChMYVG90YWwgQ2hpbGQgSGVhbHRoLCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMx IDAeBgNVBAMTF0NIQURJUyBSb290IENlcnRpZmljYXRlggIhXjAMBgNVHRMEBTAD AQH/MAsGA1UdDwQEAwIBBjANBgkqhkiG9w0BAQUFAAOBgQBHd+pjS+Yzz0A3lOkR pwTJSssxQ4fJ/52LjEYvtrI5uDGBkF0/yXEaI4PBAzE79NiqhAEzkSApRbVhfNbs Ar6PD0T/COi3gU5dejzoiymZdzAgawagTASkP4UUKQVKBFkQtbmGB5LNNzcXsOea rkFU0ywatgSU5zCheaWkinfVzw== -END CERTIFICATE- -BEGIN CERTIFICATE- MIIDgDCCAumgAwIBAgICIV4wDQYJKoZIhvcNAQEFBQAwgYoxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhNYXJ5bGFuZDESMBAGA1UEBxMJQmFsdGltb3JlMSEwHwYDVQQK ExhUb3RhbCBDaGlsZCBIZWFsdGgsIEluYy4xDzANBgNVBAsTBkNIQURJUzEgMB4G A1UEAxMXQ0hBRElTIFJvb3QgQ2VydGlmaWNhdGUwHhcNMDkxMTE5MjE0NzQ5WhcN MTkxMTE3MjE0NzQ5WjB+MQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQx ITAfBgNVBAoTGFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hB RElTMSgwJgYDVQQDEx9DSEFESVMgUm9vdCBTaWduaW5nIENlcnRpZmljYXRlMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDRH0fCILLYQ6GlYIPLKqSkB088eSOO e3a5WYPsM7+2hxZ/Cfhlo+kWHGTGV/hj5mNTNNOrzlYP/0dj5SPAxWb3rctI/tSv ng1OYHJDbuHPem4AUFu6J8bCWKx1VHRwEI+EOCASHsyTVx6zwzdGceTwdZOLJ0au h+DD504Hr/J0AwIDAQABo4H/MIH8MB0GA1UdDgQWBBQoTWpd8C2djV0p5g1dtCAe 05LPBjCBvwYDVR0jBIG3MIG0gBQ7YcI6LIrWzvdFGyUBmNDqnsj1UqGBkKSBjTCB ijELMAkGA1UEBhMCVVMxETAPBgNVBAgTCE1hcnlsYW5kMRIwEAYDVQQHEwlCYWx0 aW1vcmUxITAfBgNVBAoTGFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UE CxMGQ0hBRElTMSAwHgYDVQQDExdDSEFESVMgUm9vdCBDZXJ0aWZpY2F0ZYIJAN3k WK0VaBELMAwGA1UdEwQFMAMBAf8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUA A4GBAE6nIhSpGR36zuP70sqgOcui+KvtsC2oqJziEENrzSW9aaEdGifDX0/UeMY2 94X9b2DaUY4m1Zbi/ybTzENxkK+qwPZTgfsN5xkXwm8grXz/r8y1zT1Jkdl0EH5G ihpbqb5COIdhUiAq+cdqfa5sRe0CB1olxD8UqVlORDcikydH -END CERTIFICATE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
Thanks Chuck Caldarale Context path=/Test-E docBase=E:/ antiResourceLocking=false allowLinking=true / Take out the path attribute (it's not allowed) and the allowLinking attribute (ineffective on Windows). where can I get more info about attributes and deployment xml file ? If I try with http://localhost:8080/Test-E I wont get Error response. Not getting an error response is usually a good thing. What do you get? sorry it's a typo actually it should be I get error response wont is a extra word I am newbie to Tomcat and would like to know whether docbase on mapped drives are permitted or Not ? Works fine for me - as long as I'm running Tomcat via the startup.bat script. If you're running Tomcat as a service, the service has no access to any drive mappings you've made under your userid. Thanks a nice explanation. I am starting tomcat with tomcat monitor. it seems that it starts tomcat as service. I will try with bat file and let u know. If it does then it will save lot of our time and debugging will also be possible. Thanks and best regards Raja - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Putting Docbase on network drive. Is it Possible ?
From: R. S. Patil [mailto:kpr.rspa...@gmail.com] Subject: Re: Putting Docbase on network drive. Is it Possible ? where can I get more info about attributes and deployment xml file ? In the docs: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
On 20.11.2009 17:20, Christopher Schultz wrote: I'm having trouble getting a client certificate chain sent to Tomcat via mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27. Off by one? https://issues.apache.org/bugzilla/show_bug.cgi?id=39637 indicates you'll need 5.5.28 ... HTH! Rainer - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
Thank You very much Chuck Caldarale In the docs: http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I just read that and its a very valuable resource. Thanks and best regards Raja - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Error - Unable to open the service 'Tomcat6' on Windows 2003
Hi I am sure it is Tomcat6 Can you please explain the registry setting as I could not find auto-run for Apache Software foundation. Thanks On Thu, Nov 12, 2009 at 6:10 PM, Jeffrey Janner jeffrey.jan...@polydyne.com wrote: Are you sure it says Tomcat6 and not Tomcat6w? Here is what's probably happening: Windows is trying to launch the Tomcat6w.exe (aka the Tomcat Monitor system tray object) because it's in the Run section of the registry. Since this tool allows changes to the registry, Windows probably requires Admin rights to run it. I had fits with this on Windows 2008 Server even for someone with admin rights until I lessened the stupid security a bit. You might have to edit your registry and remove the auto-run of Tomcat6w.exe. You can still run it manually if you need it as an admin from the menu. Someone please correct if this is incorrect. -Original Message- From: bhavik shah [mailto:bhavik...@gmail.com] Sent: Wednesday, November 11, 2009 1:53 PM To: Tomcat Users List Subject: Error - Unable to open the service 'Tomcat6' on Windows 2003 Hi, I have installed the Tomcat 6.0.20 on windows 2003 server. Which runs as local system account. Tomcat services run fine. Different user group login to that windows server for different purpose via Remote Desktop. If a user who is not administrator on the box login via Remote Desktop - The user always gets the message that *Application System Error* *Access Denied* *Unable to open the service 'Tomcat6'* ** Which is annoying for the users. Once the user ignore the message user can launch the tomcat home page and also webapp on that tomcat server. Is there any way to avoid the message when login via remote desktop for non administrator user? *** NOTICE * This message is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient or the employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately by reply or by telephone (call us collect at 512-343-9100) and immediately delete this message and all its attachments. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
On 20.11.2009 18:44, Rainer Jung wrote: SSLEngine On SSLCertificateFile ... SSLCertificateKeyFile ... SSLOptions +ExportCertData JkOptions +ForwardSSLCertChain JkMount /cschultz-chadis/*.jsp worker21 JkLogLevel debug # chain.crt contains all 3 certificates SSLCACertificateFile /etc/apache2/chadis/chain.crt SSLVerifyClient optional SSLVerifyDepth 10 Hmmm, what about SSLOptions +StdEnvVars Shouldn't be necessary... - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Error - Unable to open the service 'Tomcat6' on Windows 2003
From: bhavik shah [mailto:bhavik...@gmail.com] Subject: Re: Error - Unable to open the service 'Tomcat6' on Windows 2003 Hi I am sure it is Tomcat6 That's the name of the service, not the name of the program being auto-run. Can you please explain the registry setting as I could not find auto-run for Apache Software foundation. Search the registry for tomcat6w.exe (or just tomcat6). Might also be something in C:\Documents and Settings\All Users\Start Menu\Programs (I think that's the right path for Win2K3, but I don't have one handy). - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
Since certs are public anyhow (not keys), here's the decoding done by openssl -x509 -in ... -text: On 20.11.2009 18:49, Rainer Jung wrote: The following line from you mod_jk log really shows what is being forwarded as an attribute to Tomcat. This is logged after retrieving the data from Apache but before sending it over the wire. At least we know we got the data from Apache and because it is three and not four certs it is likely, that the root will not be forwarded. On 20.11.2009 17:20, Christopher Schultz wrote: [Fri Nov 20 15:45:13.878 2009] [7826:3057286032] [debug] init_ws_service::mod_jk.c (867): SSL client certificate (3620 bytes): -BEGIN CERTIFICATE- MIIC+zCCAmSgAwIBAgICFEowDQYJKoZIhvcNAQEFBQAwgYAxCzAJBgNVBAYTAlVT MREwDwYDVQQIEwhNYXJ5bGFuZDEhMB8GA1UEChMYVG90YWwgQ2hpbGQgSGVhbHRo LCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMxKjAoBgNVBAMTIUNIQURJUyBDbGllbnQg U2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ5MDVaFw0xMTExMTkyMTQ5 MDVaMIGHMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoT GFRvdGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMTEwLwYD VQQDFChDSEFESVMvRnJhbmtsaW4gU3F1YXJlIEhvc3BpdGFsIFdpUGFkICMxMIGf MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC+TezrUb2Bo889dnSHQ9CSal1Jw0S5 eV/74IlGMNnDS9PYZ8ITtdJXj3h9B1Ob8PjWpsDJQ03rb0oQEfX51nt6tcjQgRoV h1UGPF0uWvyyRqmK3EvmyGdtRCpgEtknf/e7DV84yGyxLD9dS+DzB8NnDoGV+kZf Q+HxIMp7W+NKuwIDAQABo3sweTAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1P cGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUL4u3oJ0I19j1 j9FO7PmBZIKVqEwwHwYDVR0jBBgwFoAUqDuUvZYFkbiMwWdfjg2viJUd7f8wDQYJ KoZIhvcNAQEFBQADgYEAFXM0unMuvuf1ablBIhbgY3lJf1Mj3kk91ByUVrUDMZTf CWymm3dM4yoWX3XL67iatYNW5bNBcr+pOtPZB59vIC/kiadZY4jKqNmEeEZ3XHOn sEpUnvgA/a1JGGRRa4r47zepuPCDtg7RVTjiK+MlX8YkSkIuhyc51cApPHgPD8g= -END CERTIFICATE- Certificate: Data: Version: 3 (0x2) Serial Number: 5194 (0x144a) Signature Algorithm: sha1WithRSAEncryption Issuer: C=US, ST=Maryland, O=Total Child Health, Inc., OU=CHADIS, CN=CHADIS Client Signing Certificate Validity Not Before: Nov 19 21:49:05 2009 GMT Not After : Nov 19 21:49:05 2011 GMT Subject: C=US, ST=Maryland, O=Total Child Health, Inc., OU=CHADIS, CN=CHADIS/Franklin Square Hospital WiPad #1 Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (1024 bit) Modulus (1024 bit): 00:be:4d:ec:eb:51:bd:81:a3:cf:3d:76:74:87:43: d0:92:6a:5d:49:c3:44:b9:79:5f:fb:e0:89:46:30: d9:c3:4b:d3:d8:67:c2:13:b5:d2:57:8f:78:7d:07: 53:9b:f0:f8:d6:a6:c0:c9:43:4d:eb:6f:4a:10:11: f5:f9:d6:7b:7a:b5:c8:d0:81:1a:15:87:55:06:3c: 5d:2e:5a:fc:b2:46:a9:8a:dc:4b:e6:c8:67:6d:44: 2a:60:12:d9:27:7f:f7:bb:0d:5f:38:c8:6c:b1:2c: 3f:5d:4b:e0:f3:07:c3:67:0e:81:95:fa:46:5f:43: e1:f1:20:ca:7b:5b:e3:4a:bb Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE Netscape Comment: OpenSSL Generated Certificate X509v3 Subject Key Identifier: 2F:8B:B7:A0:9D:08:D7:D8:F5:8F:D1:4E:EC:F9:81:64:82:95:A8:4C X509v3 Authority Key Identifier: keyid:A8:3B:94:BD:96:05:91:B8:8C:C1:67:5F:8E:0D:AF:88:95:1D:ED:FF Signature Algorithm: sha1WithRSAEncryption 15:73:34:ba:73:2e:be:e7:f5:69:b9:41:22:16:e0:63:79:49: 7f:53:23:de:49:3d:d4:1c:94:56:b5:03:31:94:df:09:6c:a6: 9b:77:4c:e3:2a:16:5f:75:cb:eb:b8:9a:b5:83:56:e5:b3:41: 72:bf:a9:3a:d3:d9:07:9f:6f:20:2f:e4:89:a7:59:63:88:ca: a8:d9:84:78:46:77:5c:73:a7:b0:4a:54:9e:f8:00:fd:ad:49: 18:64:51:6b:8a:f8:ef:37:a9:b8:f0:83:b6:0e:d1:55:38:e2: 2b:e3:25:5f:c6:24:4a:42:2e:87:27:39:d5:c0:29:3c:78:0f: 0f:c8 -BEGIN CERTIFICATE- MIIDbzCCAtigAwIBAgICM0AwDQYJKoZIhvcNAQEFBQAwfjELMAkGA1UEBhMCVVMx ETAPBgNVBAgTCE1hcnlsYW5kMSEwHwYDVQQKExhUb3RhbCBDaGlsZCBIZWFsdGgs IEluYy4xDzANBgNVBAsTBkNIQURJUzEoMCYGA1UEAxMfQ0hBRElTIFJvb3QgU2ln bmluZyBDZXJ0aWZpY2F0ZTAeFw0wOTExMTkyMTQ4MzNaFw0xOTExMTcyMTQ4MzNa MIGAMQswCQYDVQQGEwJVUzERMA8GA1UECBMITWFyeWxhbmQxITAfBgNVBAoTGFRv dGFsIENoaWxkIEhlYWx0aCwgSW5jLjEPMA0GA1UECxMGQ0hBRElTMSowKAYDVQQD EyFDSEFESVMgQ2xpZW50IFNpZ25pbmcgQ2VydGlmaWNhdGUwgZ8wDQYJKoZIhvcN AQEBBQADgY0AMIGJAoGBALMWXLw/9nmrZwgl34YxKnPkC0lWAxlGAXAIfwOAPvSL NciE1RfDGgdSPIn1zy6xnK00Ul2lzQUIpau2+Cl4IL8YW9uhLbKL3MLWnfEkkb7K R8jFRK6QYzHwvvkD6LaCk0nwePNdsltyCt3o9zq49OKOxuwv9TlZDSCIPb5I0xHt AgMBAAGjgfgwgfUwHQYDVR0OBBYEFKg7lL2WBZG4jMFnX44Nr4iVHe3/MIG4BgNV HSMEgbAwga2AFChNal3wLZ2NXSnmDV20IB7Tks8GoYGQpIGNMIGKMQswCQYDVQQG EwJVUzERMA8GA1UECBMITWFyeWxhbmQxEjAQBgNVBAcTCUJhbHRpbW9yZTEhMB8G A1UEChMYVG90YWwgQ2hpbGQgSGVhbHRoLCBJbmMuMQ8wDQYDVQQLEwZDSEFESVMx IDAeBgNVBAMTF0NIQURJUyBSb290IENlcnRpZmljYXRlggIhXjAMBgNVHRMEBTAD
Re: Error - Unable to open the service 'Tomcat6' on Windows 2003
bhavik shah wrote: Hi I am sure it is Tomcat6 Can you please explain the registry setting as I could not find auto-run for Apache Software foundation. I don't really know, but I'll make a guess and suggest that you have a look here : HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run (when you are logged-in as the user in question) Or, if you are logged-in as an Administrator, maybe here : HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run (and for each user under HKEY_USERS/) I also think that when you install Tomcat, it gives you the option to start this monitor or not. If so, de-install, re-install and choose no. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
Hi Chuck Caldarale Works fine for me - as long as I'm running Tomcat via the startup.bat script. If you're running Tomcat as a service, the service has no access to any drive mappings you've made under your userid. Yes it works with startup.bat script. I just tested it and found mapped drives also work. Thanks for tip. BTW I have a small difficulty. I ran the startup script in a terminal window. The terminal window wont come back to prompt as it does on Linux. For shutting down I have to open another window. Is it Normal or it has any other work around ? Suppose if I have to restart tomcat what I have to do ? simply close startup terminal window and in another terminal window fire startup again ? Thanks and best regards. RAJA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
R. S. Patil wrote: Hi Chuck Caldarale Works fine for me - as long as I'm running Tomcat via the startup.bat script. If you're running Tomcat as a service, the service has no access to any drive mappings you've made under your userid. Yes it works with startup.bat script. I just tested it and found mapped drives also work. Thanks for tip. BTW I have a small difficulty. I ran the startup script in a terminal window. The terminal window wont come back to prompt as it does on Linux. For shutting down I have to open another window. Is it Normal or it has any other work around ? Did you try CTRL-C in the command window ? Suppose if I have to restart tomcat what I have to do ? simply close startup terminal window and in another terminal window fire startup again ? Thanks and best regards. RAJA - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Putting Docbase on network drive. Is it Possible ?
From: R. S. Patil [mailto:kpr.rspa...@gmail.com] Subject: Re: Putting Docbase on network drive. Is it Possible ? I ran the startup script in a terminal window. The terminal window wont come back to prompt as it does on Linux. For shutting down I have to open another window. Is it Normal or it has any other work around ? No, that's not normal. The startup.bat script uses the Windows start command to initiate the Tomcat process in a command window separate from the one the script is running in. The original command window should return a prompt almost immediately after displaying four Using xxx lines. If it doesn't do that, someone has modified - and broken - your startup.bat or catalina.bat scripts. Download a fresh copy of Tomcat and compare what you have with the unmodified copy. As André noted, CTRL-C can be used to cleanly terminate the Tomcat process when you've terminated the original command window. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
[SECURITY] CVE-2009-3555 SSL Man-In-The-Middle attack - Status update
Overview The purpose of this update is provide information on the current understanding so users are better informed when making decisions regarding risk mitigation for this issue in their environment. Work on the root cause is progressing but is still in a state of flux. Discussion is focussed on workarounds that could be applied that would allow server initiated renegotiation without exposing the participants to the vulnerability described in CVE-2009-3555. BIO Connector = The HTTP BIO connector that ships with 6.0.20 and 5.5.28 supports client and server initiated negotiation and is vulnerable to CVE-2009-3555. A patch [1],[2] has been applied to trunk, 6.0.x and 5.5.x that provides an option to disable renegotiation. This patch has an issue in that it uses an asynchronous callback to close the connection when a handshake is detected. It is theoretically possible for an attack to complete before the connection is closed. When negotiation is disabled, both server and client initiated attempts to renegotiate are logged. An updated patch [3] has been applied to trunk and proposed for 6.0.x and 5.5.x that resolves the asynchronous concerns but only logs server initiated renegotiation. Users of 6.0.20, 5.5.28 and earlier versions can apply either of the patches. It will be necessary to build Tomcat from source to use these patches. Testing with both these patches has shown that using the connector attributes clientAuth=want and allowUnsafeLegacyRenegotiation=false provides a similar user experience during negotiation to clientAuth=false and allowUnsafeLegacyRenegotiation=true although this may vary by application. It is anticipated that 6.0.21 and 5.5.29 releases will be made once the situation stabilises and the Tomcat development team is confident that further changes will not be required. [1]http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc6.patch [2]http://people.apache.org/~markt/patches/2009-11-10-cve-2009-3555-tc5.patch [3]http://svn.apache.org/viewvc?rev=882320view=rev NIO Connector = The HTTP NIO connector that ships with 6.0.20 does not support client or server initiated renegotiation and is therefore not vulnerable to CVE-2009-3555. As and when negotiation support is added to the NIO connector, it will support the allowUnsafeLegacyRenegotiation connector attribute and behave in a similar manner to the HTTP BIO connector. APR / native Connector == Behaviour of the APR/native connector depends on the version of the APR/native connector and on the version of OpenSSL that the connector is build with. Versions prior to APR/native 1.1.16 are not discussed. The windows binaries available from the ASF have been built with the following OpenSSL versions: APR/native OpenSSL 1.1.16 0.9.8i 1.1.17 0.9.8l 1.1.18 TBD - not yet released Any version of the APR/native connector built with OpenSSl 0.9.8l will not support client or server initiated negotiation and will, therefore, not be vulnerable to CVE-2009-3555. Client initiated negotiation is supported in 1.1.16 and 1.1.17. These versions are, therefore, vulnerable to CVE-2009-3555 unless built with OpenSSL 0.9.8l. Client initiated negotiation has been disabled in 1.1.18. Therefore, this version is not vulnerable to CVE-2009-3555 via client initiated renegotiation although it may still be vulnerable via server initiated renegotiation. Server initiated renegotiation is supported in 1.1.17 onwards. Therefore, 1.1.17 onwards is vulnerable to CVE-2009-3555 via server initiated renegotiation unless the APR/native connector is built with OpenSSL 0.9.8l. Questions / comments Any questions or comments should be directed to the Tomcat users mailing list in the first instance. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rainer,
On 11/20/2009 12:39 PM, Rainer Jung wrote:
On 20.11.2009 18:08, Christopher Schultz wrote:
Rainer,
On 11/20/2009 11:51 AM, Rainer Jung wrote:
On 20.11.2009 17:20, Christopher Schultz wrote:
If you continue reading, you can see that mod_jk sends at least part of
the first certificate. I seem to recall that mod_jk in debug mode only
logs part of the request, so it's possible that more information is
being sent than is being logged, so I can't tell if everything gets sent.
Quick partial answer before I read and understand everything: mod_jk
will log full packets with JkLogLevel trace. Debug truncates the logged
data.
Okay, that sounded familiar. I'll turn on trace and get my eyes ready
for a long day :)
In the meantime, it does look like mod_jk intends to send the whole
certificate chain over to Tomcat. Am I doing this right?
I would say yes.
Okay, good. Thanks for the confirmation that it looks like I'm doing
what I should be doing.
What I'm not so sure about is the root certificate. The
root should be owned by the web server, otherwise the whole validation
is useless.
Absolutely. In my case, the client has been provided with all 4 certs
(Root, Signing Root, Signing Sub, and Client itself). I haven't sniffed
the HTTP stream to see what's being sent by the client. If you have a
suggestion for how to sniff an SSL stream, I'm all ears :)
So I don't know, whether all certs including the root should
be forwarded, or only all except the root.
It appears that mod_jk is prepared to send all but the root certificate.
I can live with that, because I'm expecting to use the root cert on the
server to do the validation :) What I'm /not/ using right now is a
keystore: I just have the bare, PEM-encoded root certificate that's
being read by my test JSP file attached to my original post.
You can log those env vars in the access log using the %{xxx}e
notation (xxx being the name of the var) to check, whether httpd shows
all of the chain, or only all except the root.
I think I'll go ahead and to that. But, I'll read your other 42 posts
before I do :)
I can try to dig into
httpd code to understand it as well.
Thanks for all your help, Rainer.
Why you do not get a chain and instead only one cert is still open.
Yup. This is my only real question.
Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAksHBIkACgkQ9CaO5/Lv0PBP6gCgjlHD1eEU0Axz7+WsRaDc7FSK
4GwAn2955kDkR3eV/bh21AyuB7tIJsSO
=Omi4
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/20/2009 1:51 PM, Rainer Jung wrote: OpenSSL Code looks like only returning the chain provided by the client, and the client should not provide the root. Ok. At the moment I see no way of getting the root CA which verified the client chain from OpenSSL or Apache, so especially no way to forward it. That's okay: I'm prepared to supply the root certificate on the server for verification. What I don't want to do if have to supply a handful of low-level signing certs and loop-through them: I'd prefer to only use the root, and then verify the chain supplied by the client up to the root. This offers my great flexibility in how I do certificate signing: I can use several sub-level keys to sign many client certificates and the server only needs to worry about the root cert. The root should really be available directly to Tomcat in some certificate store and the client side of the chain received via mod_jk and TC 5.5.28 should be verified against that locally available root. Does that make sense? Absolutely. I'm just wondering why it appears that I'm only getting one certificate from the request in Tomcat. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHBa8ACgkQ9CaO5/Lv0PBoNACffJDQg/g70/vQ907AnZR1TZeT 0a0An2Z1WILyK61F/P/Fs6UAowsYMdrO =5Mr2 -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/20/2009 1:09 PM, Rainer Jung wrote: On 20.11.2009 17:20, Christopher Schultz wrote: I'm having trouble getting a client certificate chain sent to Tomcat via mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27. Off by one? https://issues.apache.org/bugzilla/show_bug.cgi?id=39637 indicates you'll need 5.5.28 ... Ugh! I didn't even think that a bug/incomplete feature in Tomcat could be the reason. I just assumed that my configuration was wrong. I'll test in 5.5.28. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHBkMACgkQ9CaO5/Lv0PBLRACfSrHRGFhvyiyqB5BgUnsP7apj 1XMAnj/ngKlJ82zbSWPpjflTl8M7jOIh =jYdV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Client certificate chains with mod_jk
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/20/2009 4:12 PM, Christopher Schultz wrote: Rainer, On 11/20/2009 1:09 PM, Rainer Jung wrote: On 20.11.2009 17:20, Christopher Schultz wrote: I'm having trouble getting a client certificate chain sent to Tomcat via mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27. Off by one? https://issues.apache.org/bugzilla/show_bug.cgi?id=39637 indicates you'll need 5.5.28 ... Ugh! I didn't even think that a bug/incomplete feature in Tomcat could be the reason. I just assumed that my configuration was wrong. I'll test in 5.5.28. Yay! Now, I can see this in my JSP's output: Client cert is: [Ljava.security.cert.X509Certificate;@87d472([Ljava.security.cert.X509Certificate;) It's an array of 3 certificates. This is precisely what I expected. Thanks again for all your help. I'll be documenting all my exploits in an upcoming blog post. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHB7MACgkQ9CaO5/Lv0PDwKgCdH02UxR211Z9OnTRqiRm76CB4 F9kAn20vR6sdVtWXXc469NZig7igrxKU =nWUp -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
On Sat, Nov 21, 2009 at 12:56 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: R. S. Patil [mailto:kpr.rspa...@gmail.com] Subject: Re: Putting Docbase on network drive. Is it Possible ? I ran the startup script in a terminal window. The terminal window wont come back to prompt as it does on Linux. For shutting down I have to open another window. Is it Normal or it has any other work around ? No, that's not normal. The startup.bat script uses the Windows start command to initiate the Tomcat process in a command window separate from the one the script is running in. The original command window should return a prompt almost immediately after displaying four Using xxx lines. If it doesn't do that, someone has modified - and broken - your startup.bat or catalina.bat scripts. Download a fresh copy of Tomcat and compare what you have with the unmodified copy. well the window from which catalina start command has been fired comes to command prompt after showing four lines but it opens another window which shows startup log remains open and if I close that Tomcat terminates. I tried with .zip installation but matter remains the same. Main terminal window comes to prompt and even it is closed tomcat keeps running. But it opens another window which remains open and it contains startup log. If I press ^C in that window tomcat terminates same if I close that window. As André noted, CTRL-C can be used to cleanly terminate the Tomcat process when you've terminated the original command window. raja - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
R. S. Patil wrote: well the window from which catalina start command has been fired comes to command prompt after showing four lines but it opens another window which shows startup log remains open and if I close that Tomcat terminates. In the same window where you entered startup.bat to start Tomcat, enter shutdown.bat to terminate the Tomcat running in the other window. Alternatively, entering CTRL-C in the command window where Tomcat itself is running, also shuts down that Tomcat cleanly. Simply closing the window where Tomcat is running, may not do a clean shutdown. Yet another way to shut down Tomcat : - have a look at the file (tomcat_install_dir)/conf/server.xml - there is a tag in it like this : Server port=8005 shutdown=SHUTDOWN It means that if you open a TCP connection to localhost, port 8005, and send the string SHUTDOWN on that connection, Tomcat will shut down. You can change the port and the string to what you prefer, like Server port=8999 shutdown=stopnow As a security, Tomcat will only accept a connection on that shutdown port, if it originates from localhost (the same machine). - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Putting Docbase on network drive. Is it Possible ?
From: R. S. Patil [mailto:kpr.rspa...@gmail.com] Subject: Re: Putting Docbase on network drive. Is it Possible ? well the window from which catalina start command has been fired comes to command prompt after showing four lines but it opens another window which shows startup log remains open and if I close that Tomcat terminates. Exactly as expected and previously described. Closing the Tomcat process window by any means other than CTRL-C or the shutdown.bat script is not recommended, since that will be an abrupt termination rather than an orderly shutdown. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Putting Docbase on network drive. Is it Possible ?
Thanks André Warnier well the window from which catalina start command has been fired comes to command prompt after showing four lines but it opens another window which shows startup log remains open and if I close that Tomcat terminates. In the same window where you entered startup.bat to start Tomcat, enter shutdown.bat to terminate the Tomcat running in the other window. it seems that when startup.bat or catalina run/start is run a separate window or same window remains open, and its a normal behavior. I have already tried catalina stop in window where catalina start was fired and it closes the window showing startup log after showing closing log. Alternatively, entering CTRL-C in the command window where Tomcat itself is running, also shuts down that Tomcat cleanly. Simply closing the window where Tomcat is running, may not do a clean shutdown. yes I tried ^c also in window showing log it closes after showing closing log. Thanks for tip about closing the log window. Yet another way to shut down Tomcat : - have a look at the file (tomcat_install_dir)/conf/server.xml - there is a tag in it like this : Server port=8005 shutdown=SHUTDOWN It means that if you open a TCP connection to localhost, port 8005, and send the string SHUTDOWN on that connection, Tomcat will shut down. You can change the port and the string to what you prefer, like Server port=8999 shutdown=stopnow As a security, Tomcat will only accept a connection on that shutdown port, if it originates from localhost (the same machine). thanks you for this golden information I will keep in this mind and try this also. After couple of weeks struggling with Tomcat on Linux and Windows, Today I have got lot of knowledge about Tomcat basics by very kind ppl. Thanks a lot for that. You have made my day. i have got eclipse working on Linux and windows. Now I will try with some spring examples from the book. Thanks and best regards Raja. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Logging into clustered enviroment
No, you don't want two -or more processes- writing to the same file. You have several options: a) Aggregate on demand. Keeps the log files independent, but only merge them when needed. b) Send the log records over the network to one or more logging servers This will merge your logs on the fly. For (b), you may use Log4j SocketAppender. Take a look at Apache Hadoop (Chukwa). On Fri, Nov 20, 2009 at 4:39 AM, Aleksandar Stoisavljevic stal...@gmail.com wrote: Hi all, I am preparing myself for my first commercial application in clustered Tomcat environment. One of requests that I have is to allow exposing logs that happened on either TomcatA or TomcatB aggregated in single report. TomcatA and TomcatB are behind Apache Server and load balancing should be used. Until now I developed web applications just for single Tomcat, or in case that Load Balancing is requested no-one asked for such kind of aggregated report. My guess is that some kind of central repository for Logging should be used (TomcatA and TomcatB can access to that central repository and write thier logs there) but I am wondering what about permissions? What is TomcatA is writing to log and TomcatB should log to same log his stuff? Any experience about this matter? Can You point me out some inet address, blog, book ? Thanks in advance ? -- Aleksandar dipl. ing. Stoisavljevic Software Developer mobile: +381 (0) 64 211 50 40 Web: http://www.staleksit.in.rs E-mail:stal...@gmail.com e-mail%3astal...@gmail.com e-mail%3astal...@gmail.com e-mail%253astal...@gmail.com Mail: Branislava Nusica 10, 21000 Novi Sad, Serbia
Re: Client certificate chains with mod_jk
Christopher Schultz ch...@christopherschultz.net wrote in message news:4b070643.1070...@christopherschultz.net... -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Rainer, On 11/20/2009 1:09 PM, Rainer Jung wrote: On 20.11.2009 17:20, Christopher Schultz wrote: I'm having trouble getting a client certificate chain sent to Tomcat via mod_jk. Apache httpd 2.2.9, mod_jk 1.2.28, Tomcat 5.5.27. Off by one? https://issues.apache.org/bugzilla/show_bug.cgi?id=39637 indicates you'll need 5.5.28 ... Ugh! I didn't even think that a bug/incomplete feature in Tomcat could be the reason. I just assumed that my configuration was wrong. I'll test in 5.5.28. Yes, the AJP/1.3 protocol was developed way back in the days of Servlet 2.2. In the 2.2 spec, only the client cert was exposed to the servlet. It wasn't until Servlet 2.3 that the chain was exposed, but it took a long time after that to add it to AJP/1.3. Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAksHBkMACgkQ9CaO5/Lv0PBLRACfSrHRGFhvyiyqB5BgUnsP7apj 1XMAnj/ngKlJ82zbSWPpjflTl8M7jOIh =jYdV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
