Re: Force Tomcat 5.5.16 to close SSL session upon every request
Hi Ben, Do you know why Tomcat take some time to close the connection? Is it predictable? My Java client is authenticate with Tomcat server using USB based security token through client certificate authentication. Even though I removed the token, Java client still able to run until some times, then force authentication will happen. Thank you. On 23 March 2010 10:37, Ben Stringer b...@burbong.com wrote: Hi, Take a look at the documentation for maxKeepAliveRequests on this page: http://tomcat.apache.org/tomcat-5.5-doc/config/http.html If you set this to 1 for your SSL connector, I believe it will do what you want. Cheers, Ben Hi Is it possible Tomcat close SSL session upon every HTTP request? I am running Tomcat 5.5.16 on JDK 1.5.0 update 7 on RedHat Enterprise. Thank you. Regards, SamKong Goo - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Force Tomcat 5.5.16 to close SSL session upon every request
On 23/03/2010 06:58, Goo Sam Kong wrote: Hi Ben, Do you know why Tomcat take some time to close the connection? Is it predictable? Tomcat does close the connection. My Java client is authenticate with Tomcat server using USB based security token through client certificate authentication. Even though I removed the token, Java client still able to run until some times, then force authentication will happen. Closing the connection does not terminate the session. That capability will be available in Tomcat 7. In Tomcat 6 you can control the session timeout. Look for the sessionTimeout connector property. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Force Tomcat 5.5.16 to close SSL session upon every request
Thank you, Mark On 23 March 2010 16:31, Mark Thomas ma...@apache.org wrote: On 23/03/2010 06:58, Goo Sam Kong wrote: Hi Ben, Do you know why Tomcat take some time to close the connection? Is it predictable? Tomcat does close the connection. My Java client is authenticate with Tomcat server using USB based security token through client certificate authentication. Even though I removed the token, Java client still able to run until some times, then force authentication will happen. Closing the connection does not terminate the session. That capability will be available in Tomcat 7. In Tomcat 6 you can control the session timeout. Look for the sessionTimeout connector property. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Session replication: Channel.SEND_OPTIONS_SECURE
Hi, I'm trying to configure a simple clustered environment using the following Cluster definition (all other cluster settings are set to default): Cluster className=org.apache.catalina.ha.tcp.SimpleTcpCluster channelSendOptions=27 There is little documentation about Channel.SEND_OPTIONS_SECURE, so maybe I have mis-understood, but I am still seeing session data being transmitted in plain text. Is secure session replication supported and do I need to enable anything else to do this? Regards, Tom - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
newbie: accessing tomcat admin page from another machine
I installed TC 6.0.26 on one machine in my Windows XP network. It is set up to run as a service. I can access the administrator from that page using http://localhost:8080 or using the machine name, i.e. http://hal9000:8080. I thought I should be able to access the administrator from other machines in my network using the latter, but I cannot. I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. I feel embarrassed because this seems obvious, but I cannot seem to figure out what I am doing wrong. - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28000834.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
On Tue, Mar 23, 2010 at 7:00 PM, bill.turner worldwidewi...@gmail.comwrote: I installed TC 6.0.26 on one machine in my Windows XP network. It is set up to run as a service. I can access the administrator from that page using http://localhost:8080 or using the machine name, i.e. http://hal9000:8080. I thought I should be able to access the administrator from other machines in my network using the latter, but I cannot. Didn't you try using the IP address of the machine where server runs instead of machine name? I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. I feel embarrassed because this seems obvious, but I cannot seem to figure out what I am doing wrong. - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28000834.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: accessing tomcat admin page from another machine
From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
Also, don't forget to check any firewalls on hal9000, because while 8080 may be accessible on the loopback it may be blocked on it's public IP. -Original Message- From: Rajeev Sampath rjvra...@gmail.com To : Tomcat Users List users@tomcat.apache.org Sent: Tue Mar 23 9:38:59 2010 Subject: Re: newbie: accessing tomcat admin page from another machine On Tue, Mar 23, 2010 at 7:00 PM, bill.turner worldwidewi...@gmail.comwrote: I installed TC 6.0.26 on one machine in my Windows XP network. It is set up to run as a service. I can access the administrator from that page using http://localhost:8080 or using the machine name, i.e. http://hal9000:8080. I thought I should be able to access the administrator from other machines in my network using the latter, but I cannot. Didn't you try using the IP address of the machine where server runs instead of machine name? I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. I feel embarrassed because this seems obvious, but I cannot seem to figure out what I am doing wrong. - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28000834.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
Ah... yes. All machines are running DHCP. My network admin tool (DLINK) provides addresses. So, I did try http://192.168.0.198:8080. The response is *The connection has timed out*. On Tue, Mar 23, 2010 at 8:38 AM, Rajeev Sampath rjvra...@gmail.com wrote: On Tue, Mar 23, 2010 at 7:00 PM, bill.turner worldwidewi...@gmail.com wrote: I installed TC 6.0.26 on one machine in my Windows XP network. It is set up to run as a service. I can access the administrator from that page using http://localhost:8080 or using the machine name, i.e. http://hal9000:8080. I thought I should be able to access the administrator from other machines in my network using the latter, but I cannot. Didn't you try using the IP address of the machine where server runs instead of machine name? I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. I feel embarrassed because this seems obvious, but I cannot seem to figure out what I am doing wrong. - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28000834.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? Well, the administrator, which I thought was quite obvious, is the console one sees when you install tomcat, start it up and type in localhost:8080. I don't know how to be clearer than that. See the documentation. What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I thought the URL entered was fairly obvious. But, if not, here it is: http://hal9000:8080. That resulted in *Unable to Connect*. I also tried the ip address with the port number (see one of my other postings). That resulted in a timeout. Sorry for not being clearer. I guess I thought it was all obvious. I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. I realized that. I was just trying to show that I do have network connectivity. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? No. I didn't think of that. :-( I don't have a DNS server running. This is a home network. It just never occurred to me. 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. This just ended up with a timeout. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. I will have to check this. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Session replication: Channel.SEND_OPTIONS_SECURE
From: Tom [mailto:808...@gmail.com] Subject: Session replication: Channel.SEND_OPTIONS_SECURE There is little documentation about Channel.SEND_OPTIONS_SECURE From a brief glance at the code, SEND_OPTIONS_SECURE appears to be defined, but not yet implemented - which would explain the behavior you observe. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: accessing tomcat admin page from another machine
From: bill turner [mailto:worldwidewi...@gmail.com] Subject: Re: newbie: accessing tomcat admin page from another machine Well, the administrator, which I thought was quite obvious, is the console one sees when you install tomcat, start it up and type in localhost:8080. That's not the administrator, that's the default Tomcat home page (webapp). Older versions of Tomcat did include an administrator app, 6.0.x does not. Also, most installations replace the default Tomcat webapp with their own site-specific webapp - which you might have called administrator. 1) Is the name hal9000 known via DNS to the other machines? No. I didn't think of that. :-( I don't have a DNS server running. This is a home network. It just never occurred to me. On XP, you can configure host names in: C:\WINDOWS\system32\drivers\etc\hosts in lieu of a DNS box. 3) Try using the IP address of the target machine. This just ended up with a timeout. Likely a firewall blocking on one or both of the machines blocking the connection. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
On 23/03/2010 13:55, bill turner wrote: On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? Well, the administrator, which I thought was quite obvious, is the console one sees when you install tomcat, start it up and type in localhost:8080. I don't know how to be clearer than that. See the documentation. Perhaps you mean the 'manager' application? The 'admin' application was discontinued in Tomcat 6.0, hence the query. p What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I thought the URL entered was fairly obvious. But, if not, here it is: http://hal9000:8080. That resulted in *Unable to Connect*. I also tried the ip address with the port number (see one of my other postings). That resulted in a timeout. Sorry for not being clearer. I guess I thought it was all obvious. I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. I realized that. I was just trying to show that I do have network connectivity. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? No. I didn't think of that. :-( I don't have a DNS server running. This is a home network. It just never occurred to me. 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. This just ended up with a timeout. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. I will have to check this. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
It does appear that there was a firewall issue. I had to open port 8080. I can now use the ip address: http://192.168.0.198:8080/. I did think that windows would look for specific machine names in the network first. And, that is what I would really like to do. It'd be a lot easier than looking up the ip address every time I want to access tomcat (or any application I have deployed on that machine). I have not been able to find anything, thus far, about setting up my own dns. As all I really want to do is deploy apps to that server and run them from the local network, I am hoping there is an easy solution that I have yet to uncover. On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
Actually, it probably isn't even probably either of them. It is the local tomcat installation home, which has a link to the manager. On Tue, Mar 23, 2010 at 9:07 AM, Pid p...@pidster.com wrote: On 23/03/2010 13:55, bill turner wrote: On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? Well, the administrator, which I thought was quite obvious, is the console one sees when you install tomcat, start it up and type in localhost:8080. I don't know how to be clearer than that. See the documentation. Perhaps you mean the 'manager' application? The 'admin' application was discontinued in Tomcat 6.0, hence the query. p What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I thought the URL entered was fairly obvious. But, if not, here it is: http://hal9000:8080. That resulted in *Unable to Connect*. I also tried the ip address with the port number (see one of my other postings). That resulted in a timeout. Sorry for not being clearer. I guess I thought it was all obvious. I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. I realized that. I was just trying to show that I do have network connectivity. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? No. I didn't think of that. :-( I don't have a DNS server running. This is a home network. It just never occurred to me. 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. This just ended up with a timeout. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. I will have to check this. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: newbie: accessing tomcat admin page from another machine
ahhh! Great! Thanks for the input re: the hosts file. I will have to dig into that! On Tue, Mar 23, 2010 at 9:05 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill turner [mailto:worldwidewi...@gmail.com] Subject: Re: newbie: accessing tomcat admin page from another machine Well, the administrator, which I thought was quite obvious, is the console one sees when you install tomcat, start it up and type in localhost:8080. That's not the administrator, that's the default Tomcat home page (webapp). Older versions of Tomcat did include an administrator app, 6.0.x does not. Also, most installations replace the default Tomcat webapp with their own site-specific webapp - which you might have called administrator. 1) Is the name hal9000 known via DNS to the other machines? No. I didn't think of that. :-( I don't have a DNS server running. This is a home network. It just never occurred to me. On XP, you can configure host names in: C:\WINDOWS\system32\drivers\etc\hosts in lieu of a DNS box. 3) Try using the IP address of the target machine. This just ended up with a timeout. Likely a firewall blocking on one or both of the machines blocking the connection. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to set the port for tomcat manager to 8080 and root port 80???
While you can not define two listening ports for one Tomcat instance, you can put a Apache web server in front of your Tomcat, and define virtual hosts for all applications hosted by your Tomcat except Manager app. Jiansen 2010/3/23 Søren Blidorf so...@nolas.dk Is it possible to set the port for tomcat manager to 8080 and root port 80??? Soren, DK
RE: newbie: accessing tomcat admin page from another machine
From: bill turner [mailto:worldwidewi...@gmail.com] Subject: Re: newbie: accessing tomcat admin page from another machine I did think that windows would look for specific machine names in the network first. Windows networking does (using ancient NetBIOS techniques), but regular TCP/IP traffic can't use those names. I have not been able to find anything, thus far, about setting up my own dns. Many routers will function as DNS boxes - check the config for whatever one you're using. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Is it possible to set the port for tomcat manager to 8080 and root port 80???
On 23/03/2010 14:27, Jiansen Niu wrote: While you can not define two listening ports for one Tomcat instance, Yes you can. Just add another Connector. you can put a Apache web server in front of your Tomcat, and define virtual hosts for all applications hosted by your Tomcat except Manager app. Not sure how that helps TBH. You might use HTTPD to enforce some rules about which apps are available on which port, but the above suggestion is somewhat confusing. 2010/3/23 Søren Blidorfso...@nolas.dk Is it possible to set the port for tomcat manager to 8080 and root port 80??? Connectors are defined above the Host/App level so it isn't possible to tie a specific Host or app to a specific Connector, without defining multiple Services. That probably doesn't help you achieve your probable goal, because the manager app needs to be defined inside each Host where you want to use it. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it possible to set the port for tomcat manager to 8080 and root port 80???
From: Jiansen Niu [mailto:aoesh...@gmail.com] Subject: Re: Is it possible to set the port for tomcat manager to 8080 and root port 80??? While you can not define two listening ports for one Tomcat instance, Of course you can - you can define as many as you want via multiple Connector elements. Please don't propagate misinformation. you can put a Apache web server in front of your Tomcat Now that would be massive overkill. Much easier to define the two Connector elements in Tomcat, and then use the RemoteAddrValve to control what is visible to each port: http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote%20Address%20Filter However, the idea of separation by port is pretty much non-sensical. Virtual hosting would make slightly more sense: http://tomcat.apache.org/tomcat-6.0-doc/virtual-hosting-howto.html Regardless of the ports or virtual hosts, you must use the appropriate security mechanisms to keep unwanted users from accessing the manager app. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Unable to get client authentication working in tomcat 6
I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. I am using the same keystore and truststore files. I am also configuring the SSL port 8443 using what I believe are the same parameters. When trying to access the site, I simply get a continual hourglass until the browser times out. I have included what I think are relevant sections from my server.xml file and log files. Any suggestions are greatly appreciated! These are parts of catalila-xx-xx.log: SEVERE: Error initializing endpoint java.lang.Exception: No Certificate file specified or invalid file format at org.apache.tomcat.jni.SSLContext.setCertificate(Native Method) at org.apache.tomcat.util.net.AprEndpoint.init(AprEndpoint.java:720) at org.apache.coyote.http11.Http11AprProtocol.init(Http11AprProtocol.java:1 07) at org.apache.catalina.connector.Connector.initialize(Connector.java:1007) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load SEVERE: Catalina.start LifecycleException: Protocol handler initialization failed: java.lang.Exception: No Certificate file specified or invalid file format at org.apache.catalina.connector.Connector.initialize(Connector.java:1009) at org.apache.catalina.core.StandardService.initialize(StandardService.java :677) at org.apache.catalina.core.StandardServer.initialize(StandardServer.java:7 95) at org.apache.catalina.startup.Catalina.load(Catalina.java:540) at org.apache.catalina.startup.Catalina.load(Catalina.java:560) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav a:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor Impl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:261) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413) Mar 17, 2010 3:03:29 PM org.apache.catalina.startup.Catalina load This is the section from my server.xml file that sets up the client authentication: Connector port=8443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore truststoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore clientAuth=true sslProtocol=TLS / Thanks much!!! Paul Dobson
RE: Unable to get client authentication working in tomcat 6
From: Dobson, Paul L CTR USAF AFMC 416 SCMS/OBN [mailto:paul.dob...@hill.af.mil] Subject: Unable to get client authentication working in tomcat 6 I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. You appear to have enabled the native APR connector, which uses OpenSSL, not JSSE. This is the section from my server.xml file that sets up the client authentication: Connector port=8443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore truststoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore clientAuth=true sslProtocol=TLS / The above is for the Java-based connector. The easiest thing would be to disable the APR code by deleting or renaming tcnative-1.dll in Tomcat's bin directory. If you decide you want to use the APR SSL code (it's faster), the doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: accessing tomcat admin page from another machine
If you have IIS running on the box, it should be able to do it like you're thinking. I've done that on my network at home. -Original Message- From: bill turner [mailto:worldwidewi...@gmail.com] Sent: Tuesday, March 23, 2010 9:21 AM To: Tomcat Users List Subject: Re: newbie: accessing tomcat admin page from another machine It does appear that there was a firewall issue. I had to open port 8080. I can now use the ip address: http://192.168.0.198:8080/. I did think that windows would look for specific machine names in the network first. And, that is what I would really like to do. It'd be a lot easier than looking up the ip address every time I want to access tomcat (or any application I have deployed on that machine). I have not been able to find anything, thus far, about setting up my own dns. As all I really want to do is deploy apps to that server and run them from the local network, I am hoping there is an easy solution that I have yet to uncover. On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Unable to get client authentication working in tomcat 6
Chuck, you are brilliant! Renamed tcnative-1.dll and it works. Thanks for the info on the APR connector. I'll look into that as well. Paul -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 8:54 AM To: Tomcat Users List Subject: RE: Unable to get client authentication working in tomcat 6 From: Dobson, Paul L CTR USAF AFMC 416 SCMS/OBN [mailto:paul.dob...@hill.af.mil] Subject: Unable to get client authentication working in tomcat 6 I have a tomcat 5 installation that uses client authentication. I am trying to upgrade to Tomcat 6.0.24 and I am not able to get the client authentication to work. You appear to have enabled the native APR connector, which uses OpenSSL, not JSSE. This is the section from my server.xml file that sets up the client authentication: Connector port=8443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\keystore truststoreFile=C:\Progra~1\apache-tomcat-6.0.24\SSL\truststore clientAuth=true sslProtocol=TLS / The above is for the Java-based connector. The easiest thing would be to disable the APR code by deleting or renaming tcnative-1.dll in Tomcat's bin directory. If you decide you want to use the APR SSL code (it's faster), the doc is here: http://tomcat.apache.org/tomcat-6.0-doc/apr.html - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: accessing tomcat admin page from another machine
I have it working. Once the firewall issue was resolved and I was pointed to the hosts file, all is beautiful. I just need to give my server a static ip address, I suppose, so that I do not have to regularly update my hosts file. Propes, Barry L wrote: If you have IIS running on the box, it should be able to do it like you're thinking. I've done that on my network at home. -Original Message- From: bill turner [mailto:worldwidewi...@gmail.com] Sent: Tuesday, March 23, 2010 9:21 AM To: Tomcat Users List Subject: Re: newbie: accessing tomcat admin page from another machine It does appear that there was a firewall issue. I had to open port 8080. I can now use the ip address: http://192.168.0.198:8080/. I did think that windows would look for specific machine names in the network first. And, that is what I would really like to do. It'd be a lot easier than looking up the ip address every time I want to access tomcat (or any application I have deployed on that machine). I have not been able to find anything, thus far, about setting up my own dns. As all I really want to do is deploy apps to that server and run them from the local network, I am hoping there is an easy solution that I have yet to uncover. On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28002751.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Session replication: Channel.SEND_OPTIONS_SECURE
On Tue, Mar 23, 2010 at 1:58 PM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: Tom [mailto:808...@gmail.com] Subject: Session replication: Channel.SEND_OPTIONS_SECURE There is little documentation about Channel.SEND_OPTIONS_SECURE From a brief glance at the code, SEND_OPTIONS_SECURE appears to be defined, but not yet implemented - which would explain the behavior you observe. Thanks, that is what I feared. I think for our needs a crossover cable or tunnel will be sufficient. I am also interested in SEND_OPTIONS_BYTE_MESSAGE. Can anyone elaborate on the pros/cons other than speed? Regards, Tom - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: newbie: accessing tomcat admin page from another machine
Yes, you'd have to. -Original Message- From: bill.turner [mailto:worldwidewi...@gmail.com] Sent: Tuesday, March 23, 2010 10:41 AM To: users@tomcat.apache.org Subject: RE: newbie: accessing tomcat admin page from another machine I have it working. Once the firewall issue was resolved and I was pointed to the hosts file, all is beautiful. I just need to give my server a static ip address, I suppose, so that I do not have to regularly update my hosts file. Propes, Barry L wrote: If you have IIS running on the box, it should be able to do it like you're thinking. I've done that on my network at home. -Original Message- From: bill turner [mailto:worldwidewi...@gmail.com] Sent: Tuesday, March 23, 2010 9:21 AM To: Tomcat Users List Subject: Re: newbie: accessing tomcat admin page from another machine It does appear that there was a firewall issue. I had to open port 8080. I can now use the ip address: http://192.168.0.198:8080/. I did think that windows would look for specific machine names in the network first. And, that is what I would really like to do. It'd be a lot easier than looking up the ip address every time I want to access tomcat (or any application I have deployed on that machine). I have not been able to find anything, thus far, about setting up my own dns. As all I really want to do is deploy apps to that server and run them from the local network, I am hoping there is an easy solution that I have yet to uncover. On Tue, Mar 23, 2010 at 8:40 AM, Caldarale, Charles R chuck.caldar...@unisys.com wrote: From: bill.turner [mailto:worldwidewi...@gmail.com] Subject: newbie: accessing tomcat admin page from another machine I thought I should be able to access the administrator from other machines in my network using the latter but I cannot. What exactly do you mean by administrator? What exact URL are you using from the alternate machines? What exactly happens when you try? (In case you haven't figured it out yet, you need to be specific when you report problems.) I can see various hal9000 shared directories from windows explorer, including the tomcat home on hal9000. Not really relevant; that just shows Windows networking to be functional, which uses different mechanisms to resolve host names. what I am doing wrong. 1) Is the name hal9000 known via DNS to the other machines? 2) Try using the fully qualified DNS name of the target machine. 3) Try using the IP address of the target machine. 4) Insure that firewalls on hal9000 and the other machines are not blocking connections. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - Bill Turner http://www.changent.com Groovy/Grails Talk -- View this message in context: http://old.nabble.com/newbie%3A-accessing-tomcat-admin-page-from-another-machine-tp28000834p28002751.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
apache tomacat 6.0.26
I do not get any errors in the log file, however when I logon to my external site I get a dialog box asking to choose a digital certificate. Any thoughts? Thanks in Advance! Here is my server.xml file ?xml version='1.0' encoding='utf-8'? !-- Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. See the NOTICE file distributed with this work for additional information regarding copyright ownership. The ASF licenses this file to You under the Apache License, Version 2.0 (the License); you may not use this file except in compliance with the License. You may obtain a copy of the License at http://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an AS IS BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. -- !-- Note: A Server is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/server.html -- Server port=8005 shutdown=SHUTDOWN !--APR library loader. Documentation at /docs/apr.html -- Listener className=org.apache.catalina.core.AprLifecycleListener SSLEngine=on / !--Initialize Jasper prior to webapps are loaded. Documentation at /docs/jasper-howto.html -- Listener className=org.apache.catalina.core.JasperListener / !-- Prevent memory leaks due to use of particular java/javax APIs-- Listener className=org.apache.catalina.core.JreMemoryLeakPreventionListener / !-- JMX Support for the Tomcat server. Documentation at /docs/non-existent.html -- Listener className=org.apache.catalina.mbeans.ServerLifecycleListener / Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener / !-- Global JNDI resources Documentation at /docs/jndi-resources-howto.html -- GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- A Service is a collection of one or more Connectors that share a single Container Note: A Service is not itself a Container, so you may not define subcomponents such as Valves at this level. Documentation at /docs/config/service.html -- Service name=Catalina !--The connectors can use a shared executor, you can define one or more named thread pools-- !-- Executor name=tomcatThreadPool namePrefix=catalina-exec- maxThreads=150 minSpareThreads=4/ -- !-- A Connector represents an endpoint by which requests are received and responses are returned. Documentation at : Java HTTP Connector: /docs/config/http.html (blocking non-blocking) Java AJP Connector: /docs/config/ajp.html APR (HTTP/AJP) Connector: /docs/apr.html Define a non-SSL HTTP/1.1 Connector on port 8080 -- Connector port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / !-- A Connector using the shared thread pool-- !-- Connector executor=tomcatThreadPool port=8080 protocol=HTTP/1.1 connectionTimeout=2 redirectPort=443 / -- Connector port=443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\SbsKeyTools\keys\sbs.keystore keystorePass=changeit clientAuth=true sslProtocol=TLS / !-- Define a SSL HTTP/1.1 Connector on port 8443 This connector uses the JSSE configuration, when using APR, the connector should be using the OpenSSL style configuration described in the APR documentation -- !-- Connector port=443 protocol=HTTP/1.1 SSLEnabled=true maxThreads=150 scheme=https secure=true keystoreFile=C:\SbsKeyTools\keys\sbs.keystore keystorePass=changeit clientAuth=false sslProtocol=TLS / -- !-- Define an AJP 1.3 Connector on port 8009 -- !-- Connector port=8009 protocol=AJP/1.3 redirectPort=8443 / -- !-- An Engine represents the entry point (within Catalina) that processes
Newbie: Tomcat Can't Find My App
If anyone can give me a pointer, it would be much appreciated. This is very frustrating. I cannot get this app to run. No servlet in this app will run. Tomcat6 is installed at CATALINA_BASE and the app, sp00 is installed in CATALINA_BASE/webapps. A war file, sp00.war was placed into that directory and deployed. When trying to execute the first servlet */sp00/servlet/LandingPageFront, *an Http 404 page comes back with: HTTP Status 404 - /sp00/servlet/LandingPageFront -- *type* Status report *message* */sp00/servlet/LandingPageFront* *description* *The requested resource (/sp00/servlet/LandingPageFront) is not available.* -- Apache Tomcat/6.0.24 The log file catalina.out doesn't show much: Mar 23, 2010 12:24:57 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Mar 23, 2010 12:24:57 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor sp00.xml The descriptor file sp00.xml in CATALINA_BASE/apache-tomcat-6.0.24/conf/Catalina/localhost is: ?xml version=1.0 encoding=UTF-8? Context path=/application Logger className=org.apache.catalina.logger.FileLogger prefix=6.0_WebApp. suffix=.log timestamp=true/ /Context
Re: Newbie: Tomcat Can't Find My App
I am new to tomcat, too, so I am will not give the best advice. Anyways, I will give it a try: 1) I have another log file localhost.log in the same directory. 2) WEB-INF/web.xml has defines the page which tomcat/the servlet listens, too. You can check there if it really is /sp00/servlet/LandingPageFront (Alternatively, I use the manager that comes with tomcat and it lists all installed servlets.) best maurice On Tue, Mar 23, 2010 at 5:46 PM, Reuven Koblick groovyro...@gmail.com wrote: If anyone can give me a pointer, it would be much appreciated. This is very frustrating. I cannot get this app to run. No servlet in this app will run. Tomcat6 is installed at CATALINA_BASE and the app, sp00 is installed in CATALINA_BASE/webapps. A war file, sp00.war was placed into that directory and deployed. When trying to execute the first servlet */sp00/servlet/LandingPageFront, *an Http 404 page comes back with: HTTP Status 404 - /sp00/servlet/LandingPageFront -- *type* Status report *message* */sp00/servlet/LandingPageFront* *description* *The requested resource (/sp00/servlet/LandingPageFront) is not available.* -- Apache Tomcat/6.0.24 The log file catalina.out doesn't show much: Mar 23, 2010 12:24:57 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Mar 23, 2010 12:24:57 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor sp00.xml The descriptor file sp00.xml in CATALINA_BASE/apache-tomcat-6.0.24/conf/Catalina/localhost is: ?xml version=1.0 encoding=UTF-8? Context path=/application Logger className=org.apache.catalina.logger.FileLogger prefix=6.0_WebApp. suffix=.log timestamp=true/ /Context - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Newbie: Tomcat Can't Find My App
Change Context path=/application in Context path=/sp00 On 23 March 2010 17:46, Reuven Koblick groovyro...@gmail.com wrote: If anyone can give me a pointer, it would be much appreciated. This is very frustrating. I cannot get this app to run. No servlet in this app will run. Tomcat6 is installed at CATALINA_BASE and the app, sp00 is installed in CATALINA_BASE/webapps. A war file, sp00.war was placed into that directory and deployed. When trying to execute the first servlet */sp00/servlet/LandingPageFront, *an Http 404 page comes back with: HTTP Status 404 - /sp00/servlet/LandingPageFront -- *type* Status report *message* */sp00/servlet/LandingPageFront* *description* *The requested resource (/sp00/servlet/LandingPageFront) is not available.* -- Apache Tomcat/6.0.24 The log file catalina.out doesn't show much: Mar 23, 2010 12:24:57 PM org.apache.catalina.core.StandardEngine start INFO: Starting Servlet Engine: Apache Tomcat/6.0.24 Mar 23, 2010 12:24:57 PM org.apache.catalina.startup.HostConfig deployDescriptor INFO: Deploying configuration descriptor sp00.xml The descriptor file sp00.xml in CATALINA_BASE/apache-tomcat-6.0.24/conf/Catalina/localhost is: ?xml version=1.0 encoding=UTF-8? Context path=/application Logger className=org.apache.catalina.logger.FileLogger prefix=6.0_WebApp. suffix=.log timestamp=true/ /Context
RE: Newbie: Tomcat Can't Find My App
From: Reuven Koblick [mailto:groovyro...@gmail.com] Subject: Newbie: Tomcat Can't Find My App When trying to execute the first servlet */sp00/servlet/LandingPageFront, That looks like a usage of the old and never-to-be-used-again invoker servlet: http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q2 http://wiki.apache.org/tomcat/FAQ/Miscellaneous#Q3 Don't even think about enabling it. You should be using proper servlet mapping in the WEB-INF/web.xml file. HTTP Status 404 - /sp00/servlet/LandingPageFront Context path=/application Logger className=org.apache.catalina.logger.FileLogger prefix=6.0_WebApp. suffix=.log timestamp=true/ /Context The path attribute is not allowed here, and the Logger element hasn't been used in many years. You need to read current Tomcat doc, not whatever you've been using. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Newbie: Tomcat Can't Find My App
From: Paolo Santarsiero [mailto:paolo.santarsi...@gmail.com] Subject: Re: Newbie: Tomcat Can't Find My App Change Context path=/application in Context path=/sp00 That will have no effect; the path attribute is not allowed here. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomacat 6.0.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 3/23/2010 12:22 PM, Toman, Chuck [Stock] wrote: I do not get any errors in the log file, however when I logon to my external site I get a dialog box asking to choose a digital certificate. Connector port=443 SSLEnabled=true maxHttpHeaderSize=8192 maxThreads=150 minSpareThreads=25 maxSpareThreads=75 enableLookups=false disableUploadTimeout=true acceptCount=100 scheme=https secure=true keystoreFile=C:\SbsKeyTools\keys\sbs.keystore keystorePass=changeit clientAuth=true sslProtocol=TLS / Setting clientAuth=true indicates that you want a client SSL certificate. Your web browser is asking which one you want to present to the server. So, your options are: 1. Set clientAuth=false in your Connector 2. Set your web browser to not ask which client certificate to present 3. Just manually choose a certificate to present - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuo9HsACgkQ9CaO5/Lv0PCHKwCfbnLLCJYfGXRQV4PM6M8z6DTo 5JQAniHaleH1DOmgMNpmkkbvqzPCLYwk =5ZST -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: apache tomacat 6.0.26
From: Toman, Chuck [Stock] [mailto:chuck.to...@stocksupply.com] Subject: apache tomacat 6.0.26 I do not get any errors in the log file, however when I logon to my external site I get a dialog box asking to choose a digital certificate. You have clientAuth=true in your HTTPS Connector, so that's to be expected. You need to select the appropriate certificate from the ones your browser knows about in order to satisfy the security constraints that your webapp has imposed. Look here for the doc: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL%20Support - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
What should docbase be set to ?
Hello, I am deploying a single app under the ROOT context. My appbase is c:/ comapany/myapps. So my app is in c:/company/myapps/ROOT. My question is for *both* Tomcat 5.5.23 and 6.0.20, in my context.xml what should my docbase be set to ? Right now I have it set to docbase=. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How should autoDeploy be set for an exploded app ?
Hello, I'm deploying a web app which happens to be ROOT. It is not a WAR file but an exploded app. My Host line is as follows : Host name=192.168.20.20 appBase=c:/company/myapps debug=0 unpackWARs=false autoDeploy=true /Host The fact the I'm deploying it as an exploded app what should autoDeploy be set to *ideally*. The reason I write this is because we have made changes to the app and even sometimes deleted the /conf/Catalina/192.168.20.20/ROOT.xml and find out that the ROOT folder off of the appBase has been completely deleted !! I can't reproduce the scenario that causes the deletion but the autoDeploy attribute has piqued my curiosity. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: What should docbase be set to ?
From: Patrick Flaherty [mailto:pflah...@rampageinc.com] Subject: What should docbase be set to ? I am deploying a single app under the ROOT context. My appbase is c:/comapany/myapps. So my app is in c:/company/myapps/ROOT. My question is for *both* Tomcat 5.5.23 and 6.0.20, in my context.xml what should my docbase be set to ? It shouldn't be set at all. Omit the docBase attribute for any webapp located in the Host appBase directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: How should autoDeploy be set for an exploded app ?
From: Patrick Flaherty [mailto:pflah...@rampageinc.com] Subject: Re: How should autoDeploy be set for an exploded app ? It happened with Tomcat 6.0.20. There have been some changes in deployment checking since 6.0.20, but Mark T's memory would probably be a better source for a definitive statement than my wandering through the diffs. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: How should autoDeploy be set for an exploded app ?
On 23/03/2010 18:55, Caldarale, Charles R wrote: From: Patrick Flaherty [mailto:pflah...@rampageinc.com] Subject: Re: How should autoDeploy be set for an exploded app ? It happened with Tomcat 6.0.20. There have been some changes in deployment checking since 6.0.20, but Mark T's memory would probably be a better source for a definitive statement than my wandering through the diffs. I'd expect deleting context.xml to result in deletion of the WAR and directory. That said, I am awae there are some inconsistencies and I have reviewing behaviour vs. docs on my todo list. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: apache tomacat 6.0.26
I changed clientAuth to false now internally I get to web page, however the certification path does not have the VeriSign Public/Secure path. Thanks, Charles G. Toman Trend DBA T: +1 (919) 431 1792 * M: +1 (919) 524 8652 Customer Focused, Associate Driven. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Tuesday, March 23, 2010 1:04 PM To: Tomcat Users List Subject: RE: apache tomacat 6.0.26 From: Toman, Chuck [Stock] [mailto:chuck.to...@stocksupply.com] Subject: apache tomacat 6.0.26 I do not get any errors in the log file, however when I logon to my external site I get a dialog box asking to choose a digital certificate. You have clientAuth=true in your HTTPS Connector, so that's to be expected. You need to select the appropriate certificate from the ones your browser knows about in order to satisfy the security constraints that your webapp has imposed. Look here for the doc: http://tomcat.apache.org/tomcat-6.0-doc/config/http.html#SSL%20Support - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: apache tomacat 6.0.26
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, On 3/23/2010 2:07 PM, Toman, Chuck [Stock] wrote: I changed clientAuth to false now internally I get to web page, however the certification path does not have the VeriSign Public/Secure path. If your web browser doesn't know which certificate to provide to the server (either because you have multiple certs available or you've asked the browser to prompt you every time), it's going to ask you. This is not a bug, it's a feature. Most decent web browsers will allow you to remember the choice you made for a particular web site so it will only ask once. What happens if you just choose a client cert when prompted? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkupG6kACgkQ9CaO5/Lv0PCryQCglwJaY2Bg0DvzTYeXiOddf4Ap yt8An3rORatVKsKlTfPkN0LWNwpzjZ7X =GKbV -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Is it possible to set the port for tomcat manager to 8080 and root port 80???
Hi Is it possible to set the port for tomcat manager to 8080 and root port 80??? Yes. You need to define TWO service / nodes, each with its own connector / (using different ports) an its own engine /, each with its own host /, one with the manager as context /, one with the other web applications. However, I don't know precisely, how clean the manager is implemented and if it can handle this scenario correctly. I am not using the manager at all. Regards Steffen smime.p7s Description: S/MIME cryptographic signature
Re: multiple stateful iframes per page will overwrite JSESSIONID?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nikita, On 3/21/2010 4:34 PM, Nikita Tovstoles wrote: Looking for someone to either confirm or refute my theory that deploying two iframes pointing to two different stateful pages on the same domain can lead to JSESSIONIDs being overwritten. Your JSESSIONID cookies should not interfere with each other. http://www.foo.com/page1 and http://www.foo.com/page2 Are those two separate webapps? If so, they'll have different JSESSIONID cookies (with associated path) from each other. 2. assume www.foo.com is a single host running a Tomcat (6.0.20, fwiw) that uses JSESSIONID for session id's. Do you have anything like SSO enabled? Of course, that would make the question moot, as the cookie paths would both be '/' and the JSESSIONID would be valid for all webapps in the host/cluster. 3. suppose these pages are turned into two iframe widgets to be embedded on 3rd party sites: iframe src= http://www.site.com/page1; / (and /page2 respectively) 4. suppose there a 3rd party site that wishes to place both widgets on the same page at http://www.bar.com/foowidgets.html As far as the server is concerned, the fact that the two iframes are embedded on a single page is irrelevant: the server gets two distinct requests: one for /page1 and one for /page2. Can the following race condition occur? 1. a new visitor goes to http://www.bar.com/foowidgets.html 2. browser starts loading URLs in foowidgets.html including the two iframe 'src' URLs 3. because browsers open multiple concurrent connections against the same host (afaik up to 6 in chrome/ff case) the browser happens to simultaneously issue requests for http://www.foo.com/page1 and http://www.foo.com/page2 Okay. 4. The tomcat @ foo.com receives both requests at about the same time, calls getSession() for the first time (on two different threads) and lazily creates two HttpSessions and, thus, two JSESSIONIDs, with values $Page1 and $Page2. The requests also stuff data into respective sessions (that data will be required to process subsequent requests) Correct, except that I don't think the sessions are created lazily: they should be created when you request them. 5. assume that the browser first receives response to the page1 request. Browser sets cookie JSESSIONID=$Page1 for HOST www.foo.com ...with path=/page1 6. next response to the page2 request is received and the browser overwrites cookie JSESSIONID for HOST www.foo.com with $Page2 ...with path=/page2 7. user clicks on something in 'page1' iframe on foowidgets.html; browser issues 2nd request to http://www.foo.com/page1?action=doSomethingStateful. That request carries JSESSIONID=$Page2 (and not $Page1 - because cookie value was overwritten) No: the cookie value was not overwritten if the webapps are distinct. The URLs /page1 and /page2 are ambiguous with regard to distinct-ness: are they two separate servlets running in a single container (in which case the JSESSIONID should be shared, and overwriting may be a possibility) or are they two different contexts with separate context paths? Can the above happen? I think so, but would appreciate a confirmation. If the above is clearly possible, what are some solutions given that we'd like to support multiple iframes per page? We don't have a firm need for the iframes to share the same HttpSession, though that would be nice. In the event that the solution will still stipulate a separate HttpSession per iframe, it is - of course - mandatory that iframe 1 does not end up referencing httpSession state for iframe 2 instead of own. You can always disable the use of cookies and rely on URL rewriting. off top of my head I can think of: 1. map page1 and page2 to different domains (ops overhead) 2. use URL rewriting and never cookies (messes up analytics) Does it? 3. anything else? Separate the pages into two separate webapps? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkupML8ACgkQ9CaO5/Lv0PCoRgCgglHZz/GI5pcPGKkqy9swrhZl 3HgAnAgR2wbsbS8quSI2AJVODAp/hSm6 =nJVq -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Is it possible to set the port for tomcat manager to 8080 and root port 80???
From: Steffen Heil [mailto:li...@steffen-heil.de] Subject: AW: Is it possible to set the port for tomcat manager to 8080 and root port 80??? Yes. You need to define TWO service / nodes, each with its own connector / (using different ports) an its own engine /, each with its own host /, one with the manager as context /, one with the other web applications. As Pid pointed out, this doesn't work: the scope of the manager webapp is the Host it's deployed under. The whole idea smacks of security through obscurity - which means you've accomplished nothing. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Connecting to a Database
Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm and that can be in an Engine, Host or Context element, but most likely in a context element inside the context.xml under META-INF of my specific webapp. What do most people prefer? JDBCRealm or JNDI DataSourceRealm? One uses a jdbc driver the other uses a JNDI named JDBC DataSource. Does the latter require setting up a System DSN datasource in Windows? Or am I confusing that with something else? Leo Donahue
Re: Connecting to a Database
On 23/03/2010 22:16, Leo Donahue - PLANDEVX wrote: Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm and that can be in an Engine, Host or Context element, but most likely in a context element inside the context.xml under META-INF of my specific webapp. What do most people prefer? JDBCRealm or JNDI DataSourceRealm? DataSourceRealm everytime. JDBCRealm uses a single connection and is heavily synchronized as a result. Does the latter require setting up a System DSN datasource in Windows? No. Or am I confusing that with something else? Yes, ODBC. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Subject: Connecting to a Database Tomcat 6.0.24 Windows Server 2003 R2 SP2 SQL Server 2005 Express Microsoft SQL Server 2005 JDBC Driver 1.2 - October 2007 I know I need to configure a Realm Are you sure? A Realm is used for authentication only, not for a webapp that accesses a database. Do you perhaps mean Resource? JDBCRealm or JNDI DataSourceRealm? If you are in fact storing credentials in SQL Server, use DataSourceRealm - it's much more robust. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Separate port for each deployed Web Service or WAR file?
Hi Mark, I'm looking for a workaround to a problem: I'm using the failover feature of Apache Synapse (there will be several backup/alternate web service with the same interface to a primary web service, if the primiary service fails one of the replacements will be called without the notice of the caller (service consumer)). But there is a catch: in the recent version of Synapse one endpoint to a web service will only be seen as failed if the connection to this port will be refused (mostly due to a transport error). But if I deploy the web service on Tomcat every web services will listen to the one standard port. Any incoming request to the standard port of Tomcat calling a service that is inactive will be accepted and then answer with a http 404 error (like service not found or something). For synapse this is a conform answer and it will forward it to the caller. But this is not really what a failover should do. For now the failover only works if the whole application server (Tomcat) is offline/down and any call to the port is beeing rejected. If you still have doubts about the sense of this scenario, rest assured, there are several other users requesting Synapse failover to treat a http-404 error as a reason to call the secondary services. This feature will probably be implemented in a future version of Synapse. Until then, I want to try a workaround to evaluate such a system. Is there anyway you could help me? Song Thuy Nguyen -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Tuesday, March 23, 2010 11:00 PM To: Tomcat Users List Subject: Re: Separate port for each deployed Web Service or WAR file? On 23/03/2010 21:51, Song Thuy Nguyen wrote: Hello, I would like to configure the listen/connection port for each Web Service or each WAR file I deploy. Why? What are you trying to achieve? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: DB connection error -Tomcat 6 config
I got this again today, and it seems to happen when/if I go into the Tomcat Manager app and either Stop and Start or Reload the app. Should that have a significant bearing on something like a DBCP connection so adversely? I was thinking it was tantamount to shutting down the Tomcat console and restarting itthat not the case? -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 19, 2010 4:47 PM To: Tomcat Users List Subject: RE: DB connection error -Tomcat 6 config From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: DB connection error -Tomcat 6 config Weird, thoughnow I'm getting an IllegalStateException: Timer already cancelled. Wonder what this is? Or what's causing it? Can't say - I have very little experience with Oracle. You might want to turn on traces in the DB (if you're allowed), or use Wireshark to see what's being sent to the DB. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB connection error -Tomcat 6 config
On 23/03/2010 22:39, Propes, Barry L wrote: I got this again today, and it seems to happen when/if I go into the Tomcat Manager app and either Stop and Start or Reload the app. Should that have a significant bearing on something like a DBCP connection so adversely? I was thinking it was tantamount to shutting down the Tomcat console and restarting itthat not the case? No. It just re-loads the app. Sounds like you have hit a bug in commons-pool / Tomcat's memory leak clean-up code. http://wiki.apache.org/tomcat/MemoryLeakProtection search for TimerThread Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: DB connection error -Tomcat 6 config
On 23/03/2010 22:54, Mark Thomas wrote: On 23/03/2010 22:39, Propes, Barry L wrote: I got this again today, and it seems to happen when/if I go into the Tomcat Manager app and either Stop and Start or Reload the app. Should that have a significant bearing on something like a DBCP connection so adversely? I was thinking it was tantamount to shutting down the Tomcat console and restarting itthat not the case? No. It just re-loads the app. Sounds like you have hit a bug in commons-pool / Tomcat's memory leak clean-up code. http://wiki.apache.org/tomcat/MemoryLeakProtection search for TimerThread Mark I've also seen this intermittently with the latest mysql connector/J (.12) but I'm going to start a new thread for this when I can replicate it, because this thread is too big* and it's a slightly different topic. p * and every time i see a new post in this thread, my stomach sinks. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org