Re: tomcat 7 eliminate connection
See the JavaDoc for java.util.regex.Pattern in your JDK for the syntax. Note the examples for the RemoteHostValve in the docs mentioned by Serge below. 2011/3/28 Henry Lu : > Can we have multiple "allow" and multiple "deny" value tags? > > what if I want to allow 123.11.22.33 and 212.22.11.33? > > -Henry > > On 3/27/2011 4:04 PM, Serge Fonville wrote: >> >> Hi, >> >> >> http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Request_Filters >> >> I found deny="192\.168\.1\.\d+" would cover it. >> >> If not, please clarify further >> >> HTH >> Kind regards/met vriendelijke groet, >> >> Serge Fonville >> >> http://www.sergefonville.nl >> >> Convince Google!! >> They need to add GAL support on Android >> http://code.google.com/p/android/issues/detail?id=4602 >> >> >> 2011/3/27 Henry Lu >> >>> based upon the documentation, in the>> like the following: >>> >>> >> allow="127\.0\.0\.1"/> >>> >>> to only allow local access. Can we using wild card or a set of url/ip >>> addrss access? Could someone give me some examples for allowing: >>> >>> 123.122.* >>> 111.* >>> 101.202.1.* >>> >>> -Henry >>> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mac and Google Authentication Issue
what is "dlb" ? it is not initialized in your fragment of code. gets initialized in another jsp. What happens if the email is not found. would be caught earlier and you are certainly missing closing ">" from the tag Yup, I mistakenly deleted it trying to clean up the email Here's the access log the entries at 15;34 are using Firefox, the ones at 15:42 are Google's browser 69.207.4.57 - - [27/Mar/2011:15:34:16 -0700] "GET /Dynacorn/catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] "POST /Dynacorn/catalog/authControl.jsp HTTP/1.1" 302 - 69.207.4.57 - - [27/Mar/2011:15:34:27 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1893 69.207.4.57 - - [27/Mar/2011:15:34:30 -0700] "POST /Dynacorn/catalog/dealer/j_security_check HTTP/1.1" 302 - 69.207.4.57 - s...@sor.com [27/Mar/2011:15:34:30 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1" 500 2158 69.207.4.57 - - [27/Mar/2011:15:42:14 -0700] "GET /Dynacorn/catalog/dealerwelcome.jsp HTTP/1.1" 200 1870 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] "POST /Dynacorn/catalog/authControl.jsp HTTP/1.1" 302 - 69.207.4.57 - - [27/Mar/2011:15:42:20 -0700] "GET /Dynacorn/catalog/dealer/dealerwelcome.jsp HTTP/1.1" 200 1893 69.207.4.57 - - [27/Mar/2011:15:42:23 -0700] "POST /Dynacorn/catalog/dealer/j_security_check HTTP/1.1" 200 676 there are no more entries Again, Firefox works fine, Google doesn't. Thanks for your help, Dick From: Konstantin Kolinko To: Tomcat Users List Sent: Sunday, March 27, 2011 5:16 PM Subject: Re: Mac and Google Authentication Issue 2011/3/28 Dick Eastlake : > name="j_username" value=" > <% > out.print(dlb.getEmail() + "\""); > %> > 1) what is "dlb" ? it is not initialized in your fragment of code. What happens if the email is not found. 2) you might be missing " (depends on your actual code) and you are certainly missing closing ">" from the tag 3) it could be written as > I get only two relevant (but not particularly helpful) entries in the logs: There are certainly other ("non relevant" as you think) entries there, aren't they? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7.0.11: bug with manager application when undeploying
2011/3/25 Francis GALIEGUE : > Scenario: > > * tomcat starts, as user u1, with only the manager application in place; > * it is configured as to not deploy automatically; > * user u1 copies a webapp tree into $CATALINA_HOME/webapps, which it > can since it has write/execute access to this directory; > * the manager webapp is called to deploy that new web application; > * [in between, credentials on the deployed webapp directory are > changed so that user u1 cannot remove the webapp at all] > * the manager webapp is called to undeploy that application, BUG: it > answers OK, but it is not. > >(..) Please file an issue in Bugzilla. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Mac and Google Authentication Issue
2011/3/28 Dick Eastlake : > name="j_username" value=" > <% > out.print(dlb.getEmail() + "\""); > %> > 1) what is "dlb" ? it is not initialized in your fragment of code. What happens if the email is not found. 2) you might be missing " (depends on your actual code) and you are certainly missing closing ">" from the tag 3) it could be written as > I get only two relevant (but not particularly helpful) entries in the logs: There are certainly other ("non relevant" as you think) entries there, aren't they? Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Lack of shutdown port (port="-1") behavior does not appear to match documentation
2011/3/26 Steven Schlansker : > Hi everyone, > I'm running Tomcat 6.0.32 on Linux and am encountering a pretty confusing > mismatch between documentation and reality. Hoping you can verify that this > is a problem or point out where I'm doing things wrong. > > We are running multiple tomcats on the same server (to provide additional > levels of isolation between different webapps) but the shutdown port is > inconvenient to manage when you are dealing with flexible deploys. In > particular the different tomcats will attempt to bind to the same loopback > port, causing problems. > > The documentation states: > > port > > The TCP/IP port number on which this server waits for a shutdown command. > This connection must be initiated from the same server computer that is > running this instance of Tomcat. Set to -1 to disable the shutdown port. > Note: Disabling the shutdown port will prevent shutdown.bat and catalina.bat > from stopping the Tomcat process on Windows operating systems. Operating > systems that use the *.sh scripts will not be affected by disabling the > shutdown port. > > > However, the shell scripts do not appear to actually shut down the Tomcat > correctly. They invoke Bootstrap stop, which gives up thusly: > (...) > The end result is that shutdown.sh hangs for the "timeout" period and then > sends a kill -9 to the tomcat. Not the most graceful shutdown! kill -9 is sent only of you add "-force" to the shutdown command. It does not do so by default. > I would expect that the script would attempt to send a kill -TERM to tomcat > if Bootstrap shutdown fails, but it does not appear to do that. The script does not know why shutdown fails. It does not read server.xml to note this configuration, nor it parses the log messages (which might be i18n'ed). It might be a bad idea to use System.exit() in Bootstrap to explicitly return a non-zero result code, because "Bootstrap stop" might be called from jsvc or in another embedded scenarios and thus it should not forcibly terminate the JVM. If you have ideas/patch on how it can be implemented, please file an enhancement request. You are right that the documentation was incorrect there. I updated it, http://svn.apache.org/viewvc?rev=1086036&view=rev Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 eliminate connection
Can we have multiple "allow" and multiple "deny" value tags? what if I want to allow 123.11.22.33 and 212.22.11.33? -Henry On 3/27/2011 4:04 PM, Serge Fonville wrote: Hi, http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Request_Filters I found deny="192\.168\.1\.\d+" would cover it. If not, please clarify further HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Google!! They need to add GAL support on Android http://code.google.com/p/android/issues/detail?id=4602 2011/3/27 Henry Lu based upon the documentation, in the to only allow local access. Can we using wild card or a set of url/ip addrss access? Could someone give me some examples for allowing: 123.122.* 111.* 101.202.1.* -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Mac and Google Authentication Issue
Users can authenticate to the secured area of my Website using IE and Firefox; no problem Wouldn't you know, some pesky users want to use their Macs and some are trying with Google and neither of these work. Goes straight to the not_auth.html. Please help! I'm using a simple form-based authentication method. Here's my WEB.XML (from inside the webapp, not the conf): http://java.sun.com/xml/ns/j2ee"; xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"; version="2.4"> Progressive Commerce Inc Progressive Website Progressive Security Constraint Dealer Area /catalog/dealer/* dealer dealer Joe Parts Security Constraint Joe Parts Area /joeparts/admin/* joe joe FORM Progressive Form-Based Authentication Area /catalog/dealer_door.jsp /not_auth.html jdbc/progressive jdbc/progressive javax.sql.DataSource Container Shareable index.html Here's the code from my jsp "> Email Address: Password: I get only two relevant (but not particularly helpful) entries in the logs: 2011-03-27 10:17:18 Commons Daemon procrun stdout initializedDealer authControl from the stdout 69.207.4.57 - - [27/Mar/2011:10:18:40 -0700] "POST /Progressive/catalog/dealer/j_security_check HTTP/1.1" 200 676 from the localhost access log
Re: tomcat 7 eliminate connection
Hi, http://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Request_Filters I found deny="192\.168\.1\.\d+" would cover it. If not, please clarify further HTH Kind regards/met vriendelijke groet, Serge Fonville http://www.sergefonville.nl Convince Google!! They need to add GAL support on Android http://code.google.com/p/android/issues/detail?id=4602 2011/3/27 Henry Lu > based upon the documentation, in the like the following: > > allow="127\.0\.0\.1"/> > > to only allow local access. Can we using wild card or a set of url/ip > addrss access? Could someone give me some examples for allowing: > > 123.122.* > 111.* > 101.202.1.* > > -Henry > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
tomcat 7 eliminate connection
based upon the documentation, in the like the following: to only allow local access. Can we using wild card or a set of url/ip addrss access? Could someone give me some examples for allowing: 123.122.* 111.* 101.202.1.* -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
2011/3/27 Henry Lu : >What I understand is that if > I put the db resource in the GlobalNamingResources, every app can access it. Yes, but additional configuration is required in each of those applications that want to a access it. Search GlobalNamingResources and ResourceLink in the docs. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
I found the errors. The problem is in the server.xml. in 7.0.8, I set as following: in the 7.0.11, it didn't work. I have to set a context for my app and add the database resource config into the context. What I understand is that if I put the db resource in the GlobalNamingResources, every app can access it. Am I right? If i wnat to do so, how do I do? -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
2011/3/27 Henry Lu : > I did downloaded tomcat 7.0.11 and tried it with same settings and apps as > 7.0.8 this time I got the following errors which I didn't get at all: > > INFO: Deploying web application directory cppclient > log4j:ERROR Error occured while sending e-mail notification. > javax.mail.MessagingException: Could not connect to SMTP host: localhost, > port: > 25; >(...) > I do have send email setting in my log4j.properties file but I didn't send > any email at the starting time. And of cause, I don't have mail server > running on my pc. How do I fix it? What do you expect? Either change your log4j configuration or run a mail server. Either way, it tried to report an error. > org.apache.commons.logging.impl.Log4JLogger.error(Log4JLogger.java:193) > org.springframework.web.context.ContextLoader.initWebApplicationConte xt(ContextLoader.java:220) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
I did downloaded tomcat 7.0.11 and tried it with same settings and apps as 7.0.8 this time I got the following errors which I didn't get at all: INFO: Deploying web application directory cppclient log4j:ERROR Error occured while sending e-mail notification. javax.mail.MessagingException: Could not connect to SMTP host: localhost, port: 25; nested exception is: java.net.ConnectException: Connection refused: connect at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1282) at com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:37 0) at javax.mail.Service.connect(Service.java:275) at javax.mail.Service.connect(Service.java:156) at javax.mail.Service.connect(Service.java:105) at javax.mail.Transport.send0(Transport.java:168) at javax.mail.Transport.send(Transport.java:98) at org.apache.log4j.net.SMTPAppender.sendBuffer(SMTPAppender.java:330) at org.apache.log4j.net.SMTPAppender.append(SMTPAppender.java:215) at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:251) at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders (AppenderAttachableImpl.java:66) at org.apache.log4j.Category.callAppenders(Category.java:206) at org.apache.log4j.Category.forcedLog(Category.java:391) at org.apache.log4j.Category.log(Category.java:856) at org.apache.commons.logging.impl.Log4JLogger.error(Log4JLogger.java:19 3) at org.springframework.web.context.ContextLoader.initWebApplicationConte xt(ContextLoader.java:220) at org.springframework.web.context.ContextLoaderListener.contextInitiali zed(ContextLoaderListener.java:47) at org.apache.catalina.core.StandardContext.listenerStart(StandardContex t.java:4681) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java: 5184) at org.apache.catalina.core.StandardContext$1.call(StandardContext.java: 5179) at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) at java.util.concurrent.FutureTask.run(FutureTask.java:138) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExec utor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor .java:908) at java.lang.Thread.run(Thread.java:619) Caused by: java.net.ConnectException: Connection refused: connect at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:333) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:195) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:182) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:366) at java.net.Socket.connect(Socket.java:519) at java.net.Socket.connect(Socket.java:469) at com.sun.mail.util.SocketFetcher.createSocket(SocketFetcher.java:232) at com.sun.mail.util.SocketFetcher.getSocket(SocketFetcher.java:189) at com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:1250) ... 24 more Mar 27, 2011 3:01:27 PM org.apache.catalina.core.StandardContext startInternal SEVERE: Error listenerStart I do have send email setting in my log4j.properties file but I didn't send any email at the starting time. And of cause, I don't have mail server running on my pc. How do I fix it? -Henry - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Windows Authentication: Issue 49318 vs 47679
Hello everybody, as many others before we wanted to do single-sign-on for intranet web applications using integrated windows authentication (negotiate because IE sometimes tries NTLM instead of using plain kerberos - breaking all our kerberos-only experiments). We thought that IIS would be the best choice for integrated windows authentication and we could pass the user via AJP (using mod_jk) to our tomcat instances. Our setup: - Windows 2008 R2 using IIS 7.5 (64bit) - mod_jk 1.2.31 - Oracle Java 1.6 U24 - Tomcat 6.0.32 At first glance using tomcatAuthentication=false worked as expected. We got the remote user and started deploying an application. End of happiness - the application complained about a missing user-agent. That header was not passed to tomcat when authentication was enabled on IIS. Some research revealed Bug 47679 - Not all headers get passed to Tomcat server from isapi_redirect.dll (https://issues.apache.org/bugzilla/show_bug.cgi?id=47679) Today I've found Bug 49318 - add a Negotiate (Kerberos/NTLM) authenticator / integrate Waffle (https://issues.apache.org/bugzilla/show_bug.cgi?id=49318). The last comment links a new Windows Authentication How-To from Mark Thomas. Looks like we have already tried almost all proposed solutions: - IIS + mod_jk: tried but stuck in Bug 47679. Also tried ARR to pass the user name as a request header from IIS to Tomcat without success - Apache mod_ntlm: used it and we replaced it by the much more stable mod_auth_ntlm_winbind. NTLMv1 is also disabled on Windows 7 (default) - Apache mod_auth_ntlm: in heavy use but stuck to Apache 2.0 and 32bit plattform - we couldn't get stability problems solved on Apache 2.2 and 64bit Linux. No ongoing development. - Apache mod_auth_sspi: till now in internal use for a very small project (works just fine), not sure about the future. Although there seems to be some new activity on 1.0.5 beta - Waffle: found it on thursday and it is on my our todo-list for testing it next week Any chances to get Bug 47679 solved? How can we help (we are admins, no devs)? What solutions have you deployed? Recommendations? Thank you, Stefan Mayr - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
It works! Thank you very much! -Henry On 3/27/2011 2:15 PM, Konstantin Kolinko wrote: 2011/3/27 Henry Lu: On 3/27/2011 2:01 PM, Konstantin Kolinko wrote: the suffix is exactly "*.jar". No other patterns are recognized. Thank you very much for you info. here was what I did: the suffix is exactly "*.jar". No other patterns are recognized. common.loader=...,${catalina.base}/lib/my_lib/*.jar and even I tried : common.loader=...,c:/apps/apache-tomcat-7.0.8/lib/my_lib/*.jar none of them worked. Could you send me a line of configuration to point to my ${catalina.base}/lib/my_lib where I keep 20+ jar files. How do you start Tomcat? Why aren't you using 7.0.11. (Though the version should not matter here). Where your webapps are? Try to add org.apache.catalina.startup.level=FINE to conf/logging.properties and tell us what will be in the logs. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
2011/3/27 Henry Lu : > On 3/27/2011 2:01 PM, Konstantin Kolinko wrote: >> >> the suffix is exactly "*.jar". No other patterns are recognized. > > Thank you very much for you info. here was what I did: > >>> the suffix is exactly "*.jar". No other patterns are recognized. > > common.loader=...,${catalina.base}/lib/my_lib/*.jar > > and even I tried : > > common.loader=...,c:/apps/apache-tomcat-7.0.8/lib/my_lib/*.jar > > none of them worked. > > Could you send me a line of configuration to point to my > ${catalina.base}/lib/my_lib where I keep 20+ jar files. > How do you start Tomcat? Why aren't you using 7.0.11. (Though the version should not matter here). Where your webapps are? Try to add org.apache.catalina.startup.level=FINE to conf/logging.properties and tell us what will be in the logs. Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: tomcat 7 lib
On 3/27/2011 2:01 PM, Konstantin Kolinko wrote: the suffix is exactly "*.jar". No other patterns are recognized. Thank you very much for you info. here was what I did: the suffix is exactly "*.jar". No other patterns are recognized. common.loader=...,${catalina.base}/lib/my_lib/*.jar and even I tried : common.loader=...,c:/apps/apache-tomcat-7.0.8/lib/my_lib/*.jar none of them worked. Could you send me a line of configuration to point to my ${catalina.base}/lib/my_lib where I keep 20+ jar files. -Henry
Re: tomcat 7 lib
2011/3/27 Henry Lu : > Can some one tell me how to add a sub folder under ${catalina.base}/lib > something like ${catalina.base}/lib/my_lib so that all my apps will share > these jar files under my_lib? I tried to edit the catalina.properties file > and add > > ${catalina.base}/lib/my_lib/*.jar > > to common.loader=, server.loader=, and shared.loader= > > but none of these work. > It sure does work. Though note that 1) the suffix is exactly "*.jar". No other patterns are recognized. Check that you do not have extra whitespace at the end of that line. 2) usually you add it only to "common.loader". Do not add to three at once. 3) do not confuse ${catalina.base} with ${catalina.home} and vice versa. 4) do not forget to restart Tomcat 5) if you are still confused, you may want to enable logging for org.apache.catalina.startup package Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat 7 lib
Can some one tell me how to add a sub folder under ${catalina.base}/lib something like ${catalina.base}/lib/my_lib so that all my apps will share these jar files under my_lib? I tried to edit the catalina.properties file and add ${catalina.base}/lib/my_lib/*.jar to common.loader=, server.loader=, and shared.loader= but none of these work. Please help! -Henry