AW: Recognize shutdown event in tomcats Realm instance
> Over-ride RealmBase.stopInternal() and don't forget to call > super.stopInternal() when you do. Thanks a lot Mark for the fast answer! I have overlooked that, sorry. - Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Recognize shutdown event in tomcats Realm instance
Hi all, we use our own Realm implementation in our webapps. If tomcat shuts down, we have to do some clean up in this instance to speed up the shutdown. In our web application we do this in the ServletContextListener instance in 'contextDestroyed(...)' method. What is the right place to do this in tomcat's Realm instance? Do I have to implement some notification code or does it work over a RealmBase method? I found nothing about that in the documentation. Best regards - Arno _ Vorsitzender des Aufsichtsrats: Lothar Pauly Vorstand: Diederik Vos (CEO) ? Ralph Gillessen (COO) ? René Gawron (CFO) Martin Hodgson (Executive Director Management Consulting) SQS AG ? Stollwerckstraße 11 ? 51149 Köln Sitz der Gesellschaft: Köln ? Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
AW: UNC access to an tomcat webdav server
> In the "any hints" category : > - in Windows (disk) Explorer, go to "Netzwerkumgebung" > - select "Netzwerkumgebung hinzufügen" > - click "Weiter" (2 X) > - in "Internet- oder Netzwerkadresse", enter your > "https://webserver:port/webdav; >and click "Weiter". Depending on how you set this up in your webserver, > you may have to login. > When you are done, you should have a new link under "Netzwerkumgebung", > without a drive letter. Under that link, > what appears is the content of the > webserver's DAV directories. > You can then drag/drop files to/from there, using Windows Explorer. Yes, thank you very much, that is exactly what I looked and searched for. In the properties of the link I see also the resulting UNC path. I have never recognized this content in the context menu of the 'computer'. It seem s also not possible to get this result with the 'net use' command. Best regards Arno
UNC access to an tomcat webdav server
I have configured a tomcat (7.0.54) webdav server and try to access via a windows UNC path. If I run WebDAV in an IIS environment I can access this server automaticly from all clients via an UNC path like '\\webserver[@port]\webdav\' if the server side mapping is 'https://webserver[:port]/webdav'. For this I have done nothing. (Windows >= version 7) So it is possible to use this dynamicly in every client website, where I need it. What is to do to get this also on the tomcat server? Is it done with some kind of server configuration or is it a client side action. Til now I mapped the webdav address to a windows drive letter, but this I want to avoid. Any hints are welcome :-) Thanks Arno _ Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) │ Ralph Gillessen (COO) │ René Gawron (CFO) Martin Hodgson (Executive Director Management Consulting) SQS AG │ Stollwerckstraße 11 │ 51149 Köln Sitz der Gesellschaft: Köln │ Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
AW: Mounting WebDAV in Tomcat 7.0.45
So, many thanks for your comments, > The general recommendation is to use a 3rd party WebDAV client. Check > the archives details (I think it is Chris that uses one). At least I found a product, what we actually use in our company and what I can take also for our project. The WebDAV Client is based on AJAX and JQuery and it should be possible to integrate this in our web application. Because the actual project didn't use AJAX and JQuery can you give me a short hint, what are the requirements to use it and where are the pitfalls, when I use it. Thanks Arno
AW: Mounting WebDAV in Tomcat 7.0.45
> Some versions of the Windows WebDAV client refuse to connect if the server > root is not WebDAV enabled. > There is also this code that you might find helpful - although it hasn't been > updated in a while: > http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/filters/WebdavFixFilter.java?view=annotate Thanks for the fast answer, I will try it tomorrow. Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Mounting WebDAV in Tomcat 7.0.45
Hi all, I have activate WebDAV in our web application, as it is in tomcat. A filter control the access to exactly one folder inside the web application. This application is used only internal in the intra-net and so it run just over HTTP without any user permission. Open and save Office documents on this WebDAV URI work fine. What I have to do, that I can mount this one directory to the normal explorer. If I do it, like you see in the Attachment, I get the message, that Windows has no access. Do I have something to configure in the server, that directories can be mounted or does the standard WebDAV servlet do not have this feature? Best regards Arno _ Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) │ Ralph Gillessen (COO) │ René Gawron (CFO) Martin Hodgson (Executive Director Management Consulting) SQS AG │ Stollwerckstraße 11 │ 51149 Köln Sitz der Gesellschaft: Köln │ Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Using WebDAV in Tomcat 7.0.45
Hi Mark, thank you for your fast answer. Also André has answered and I know now what I will do. Best regards Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: AW: Using WebDAV in Tomcat 7.0.45
Hi André, many thanks for your thought's, but my requirement is not so complex and difficult like it could be. > DAV (or WebDAV), in itself, stands for Distributed Authoring and Versioning. > It was originally designed mainly > as a tool to help people to remotely edit the HTML pages of a website, and be > able to do so using the same > HTTP connection which is already used by the website itself (thus avoiding > separate connections via FTP, SFTP, > SCP etc. and the corresponding user access and permissions setup). > But in itself, DAV does not have all the features which are needed to do this > in a safe, multi-user scenario. It is a big internal and 15 year old webserver, where I want to implement exactly this purpose, what you are talking about. DAV should be used instead of share's, like it is today. This service is only used internally and will never become a public service, so from the security site I have no such strange requirements. Parallel access for writing will be solved with a simple locking mechanism, because it is relatively seldom, that more than one person work on the same item and then it is acceptable, that the first owner blocks the file til he is ready. At least I have tried a little bit around to make our client (written in Java) able to send DAV request, but this failed til now, because it seems, that I have to write my own ' DavURLConnection', because the 'HttpURLConnection' can't handle the additional requests. Do you know, if some Java library for DAV clients exist. I haven't found any lightweight solution til now. To get the data and edit them, it is very strait forward and works fine for me :-) Many thanks for your patience Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Using WebDAV in Tomcat 7.0.45
Hi André, you are right, I have missed this part of the puzzle. Thanks for that explanation, so it is clear for me now, what I have to do. If I use the actual Word or Libre Office with a docx file from the webda URI from our server it works :-), so I have to change My 'save document' code in our client only. The permissions, what files are accessible, I want to decide in my special filter for the WebDAV request or is that a bad choice? My client site is only Windows, so I know that my special client, what open this web file, is registered for our own extension. So can I use this, to open our client directly from the browser? Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Using WebDAV in Tomcat 7.0.45
Hi all, I have activated WebDAV in my web app to be able to show some log files directly in the browser and to edit some special XML files in a special editor. In my first attempt I can read all this files and show it in the editor and in the browser, but I failed to save them, after I have changed them. Can someone provide me a good tutorial or a short example, what I have to do, to get it running. I am using the standard WebdavServlet from the catalina.jar and the WebdavFixFilter for now. From the documentation I do not understand, how I have to request the single methods of the implemented interfaces. Do I have to implement my own servlet or filter to handle all interfaces what I need for saving files? Also an example of a possible HTTP save requests would be very helpfull. Thanks in advance, best regards Arno _ Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) ? Ralph Gillessen (COO) ? René Gawron (CFO) Martin Hodgson (Executive Director Management Consulting) SQS AG ? Stollwerckstraße 11 ? 51149 Köln Sitz der Gesellschaft: Köln ? Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
Re: JSESSIONID changed without notice
Hi Felix, thank you very much for that hint. > When a session gets 'authenticated' its id will change to prevent > session fixation attacks. If you are interested in the events telling > you the change you have two possibilities: ok, that explain, what I see :-) > 1. Use servlet api 3.1 and use a HttpSessionIdListener (which means > upgrading to tomcat 8 or newer) That's an option for the next release, not for now. > 2. Use a ContainerListener. I took the 'org.apache.catalina.ContainerListener' and implement the interface in my own SessionListener, but I got no container event there. Is this the interface and the right place for the implementation? best regards Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
JSESSIONID changed without notice
Hi all, I have the following Problem: we have a very old, some kind of complex webapp, that run under tomcat 7.0.54 on Windows. I have to maintain some functionality and came to a point, what I can't understand. Some requests have to have an authentification and this is bound at the JSESSIONID. So the idea is, to canalize these request to a filter and handle the necessary things, when a new session is created or destroyed. So during a create event I put the ID in a map and do some things and after the destroy I remove it from the map. So far, so boring. After I recognize, that the map wouldn't become empty, if also the session timeout was over, I look a little bit deeper in that and I found out, that the ID of one session changed during startup one or two times, depending on the situation, without activating the sessions listener. So only the first ID was put in the map, but was never get the destroy event, because the value of the ID was changed in between and the destroy event goes to the new ID! I make some output in our session filter, who get all requests, what should illustrate my problem. Here it is: : === : Start Tomcat in debug mode on port '8000'... : === Using CATALINA_BASE: "C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\108000_BL13" Using CATALINA_HOME: "C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\tomcat" Using CATALINA_TMPDIR: "C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\108000_BL13\temp" Using JRE_HOME:"C:\SQSPRO~1\103299~1.000\jre\x64\1.8.0" Using CLASSPATH: "C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\tomcat\bin\bootstrap.jar; C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\tomcat\bin\tomcat-juli.jar;C:\SQSProfessional\ 10.8.000_BL13\corba\asp\6.3\lib\tomcat-corba.jar;C:\SQSProfessional\10.8.000_BL13\nl\10.8.0\ bin\PPMClient.jar;C:\SQSProfessional\10.8.000_BL13\wl\10.8.0\tomcat\bin\bootstrap.jar;C:\ SQSProfessional\10.8.000_BL13\wl\10.8.0\tomcat\bin\tomcat-juli.jar" : Apr 07, 2016 4:25:22 PM org.apache.catalina.startup.Catalina start INFORMATION: Server startup in 8439 ms : # This is the output from my session filter, who show you the JSESSIONID from every incomming request, # the servlet path and if the session is new or old # this protocol is only from one request to 'http://n61l44x1:9452/ppm/index.jsp' waiting a while and close # the browsers tab and wait again for the session timeout. # Session: 'UNKNOWN' in servlet path '/index.jsp' Session: 'D815B22EC5680EE5F3760D58E33BBF39' created (MaxInactiveInterval = 60)<-- output from the 'create' event from the listener after my 'getSession()' Session: 'D815B22EC5680EE5F3760D58E33BBF39' in servlet path '/index.jsp' was created. (NEW) Session: 'D815B22EC5680EE5F3760D58E33BBF39' in servlet path '/index.jsp' was authenticated by 'sra' (NEW) Apr 07, 2016 4:26:18 PM de.sqs.tomcat.realm.BITRealm authenticate<-- here are two calls to our realm for our authentification in the tomcat, why??? INFORMATION: (tomcat): Try authentification of 'sra'... Apr 07, 2016 4:26:18 PM de.sqs.tomcat.realm.BITRealm authenticate INFORMATION: (tomcat): Try authentification of 'sra'... Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/applet.jsp' (OLD)<-- now you see here in output that the JSESSIONID is changed, but no call to destroy/create was made Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/selectworkspace.jsp' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/alive' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/selectWorkspaceAction.do' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/alive' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/up.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/folder.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/project.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/filterreset.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/doc.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/filteredit.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/clock.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/backupws.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/plugin.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/job.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/activity.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/right.gif' (OLD) Session: 'F742E60445E91DED73C64FD6D9A8E38A' in servlet path '/images/icons/report.gif' (OLD)
AW: AW: Problems to configure tomcat as windows service
Aurélien, > still investigating for you in the documentation ( > http://commons.apache.org/proper/commons-daemon/procrun.html ), can you try > again with --ServiceUser & --ServicePassword instead of --User & --Password ? thanks for that hint. I try it and it works now. :-) I miss the point, that my start mode 'jvm' was excluded, but no alternative is described in the tomcat documentation. Perhaps it will be a good idea to integrate a link to the original procrun documentation, when it is more up to date and complete. I didn't recognize til today, that this is a separate project. Thanks for your patience, best regards Arno
AW: AW: Problems to configure tomcat as windows service
Hi Aurélien, > Arno, can you try with these parameters : --StdOutput out.txt --StdError > err.txt > and check if this writes anything to these files (I don't bet a pence on this > but let's try) ? That isn't the point. My problem is, that I can't configure a different service user as the local system account with this utility. 'tomcat7.exe' configure all other parameter as you can see afterwards in the 'serverconsole' utility except the '--User' and '--Password' on Windows 8.1 64 bit with no error message. It only ignores these both values. The service is running in all cases under the local system account and I can manualy change to an other user and it still works. So, do you know, what is the normal process to report a bug to the development? I have to revert my statement from the mail before: It didn't work also with tomcat6 on Windows 8.1 64 Bit > Taken from the doc : > http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html I know this document very well ;-) regards Arno
Problems to configure tomcat as windows service
Hi all, using tomcat 7.0.54 on Windows 8.1 64 Bit system, I encounter the problem, that I can not configure a user/password with the tomcat7.exe utility. I run this as a local administrator in a DOS box with a valid user and password it returned with errorlevel 0, but the user was not set in the service settings. What can be the reason for this? The same solution run before in a tomcat 6 environment with no problems and I recognize no changes in the documentation in this area. best regard Arno _ Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) ? Ralph Gillessen (COO) ? René Gawron (CFO) SQS AG ? Stollwerckstraße 11 ? 51149 Köln Sitz der Gesellschaft: Köln ? Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
AW: Problems to configure tomcat as windows service
Thanks for the hint Aurélien, > there *maybe is* documentation about this, see question & comments from > Konstantin Kolinko in > http://tomcat.apache.org/tomcat-7.0-doc/windows-service-howto.html but I asked this question, because I recognize, that it didn't worked like it is described, but in version 6 the description was the same and it has worked. Regards Arno
AW: AW: Problems to configure tomcat as windows service
André, > Maybe it is not only the version of Tomcat that has changed, but also the > machine/OS on which > you do this ? Maybe the user under which you execute this command does not > have the > required > privileges, at OS level on this machine, to do this ? On the same machine/OS it work's with tomcat 6. > Maybe the user-id *to* which you are trying to set the Tomcat service, does > not have enough > privileges to "run as a Service" ? > (In the services.msc applet, it would ask you interactively to grant these > privileges first, but > maybe the command-line tool cannot do that). Like I said in my first mail, I install it as an local administrator and the service was registered and I am able to run it under the local system account. And also if I fill in the user data manually, what I used in the tomcat7.exe call, I am able to start and run the tomcat server, so missing privileges shouldn't be the problem. Regards Arno
AW: Problems to configure tomcat as windows service
Hi Andre, > What exactly /is/ the problem ? 'XXX' is not configured and doesn't exist. if I then call 'tomcat7 //IS//XXX --User="domain\user" --Password="xx" the call return with exitcode 0 and if I look in the services.msc the service XXX is installed, but run as local system account. The --User and --Password was ignored. All other parameters was accepted. I have also double checked it with the serverconsole.bat. Regards Arno - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to authenticate our webapp against our own relm only
Hi all, I am using Tomcat 7.0.54 with java 1.7 and 1.8 on a Windows 8.1 System, maintaining our webapp with around 1000 JSP pages and I am NOT a web developer. I have inherited this application and all of the previous owners are no longer available. So the last 2months I do a lot of reading and debugging the whole bunch of java and jsp code and I think, that I have a basic understanding what the software is doing and how it is implemented at least. The last days I found a lot of configuration issues and I was able to get the whole stuff running in a very downsized environment build on a standard tomcat Installation. I got rid of all special configuration inside the server.xml, so that I was able to fix some things and do it, like it was described in the beautiful tomcat documentation and available wiki's. That's only for some explanations, before the stupid questions may follow: I have to use basic authentication without an own login form. The behavior I see, is that if the webapp is starting a realm instance is correctly created and initialized in my webapp, but if the first request arrive, also the tomcat itself instantiate one object of this class and took the credentials from the automatically upcoming login form (here IExplorer 11). My understanding from reading the documentation is, that, if I configure my own realm in my context.xml (what I have done), that the webapp will use it. That seems to be ok, but why also tomcat itself instantiate an object of my custom realm and take the first request when I want to access my webapp. Therefore I have no own control about my JSessions and so my session management leaks, because I didn't got the info's from the logins, what the tomcat is doing now. What is wrong in my configuration or in my understanding? I want be the only one, that got the requests for the authentication for my webapp. Here are my server.xml, it only contain one Realm line of our realm in the 'Host' section (I strip the comments and the header lines, which are unchanged): GlobalNamingResources Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml/ /GlobalNamingResources Service name=Catalina Connector acceptCount=100 connectionTimeout=20 maxThreads=150 port=9150 protocol=HTTP/1.1 redirectPort=8443/ Connector port=8009 protocol=AJP/1.3 redirectPort=8443/ Engine defaultHost=localhost name=Catalina [Realm className=org.apache.catalina.realm.UserDatabaseRealm/] Host appBase=webapps autoDeploy=true name=localhost unpackWARs=true xmlNamespaceAware=false xmlValidation=false [Realm className=de.myproject.tomcat.realm.BITRealm domainName=dom1 .../] /Host /Engine /Service The lines in brackets I have switched on and off in several attempts without the wished result. Without a realm definition in server.xml and only in the context.xml I have had equal results and one combination I have had one time, was that I have to authenticate twice and the first time with the data of tomcat-users.xml and the second time with my own one. Is it possible that there is some more configured in some of the web.xml's or other directories in WEB-INF, what cause this behavior? I have searched there for some words like security, realm, userdatabase and so on, but have found nothing. Hopefully I have explained my problem as good as I know and somebody see my point :) Thanks in advance, best regards, mit freundlichen Grüßen Arno _ SQS hat bei den AIM Awards 2014 zum zweiten Mal die begehrte Auszeichnung International Company of the Year erhalten. http://www.sqs.com/portal/news/de/pressemitteilungen-aim-awards-international-company-of-the-year.php Vorsitzender des Aufsichtsrats: David Bellin Vorstand: Diederik Vos (CEO) ? Ralph Gillessen (COO) ? René Gawron (CFO) SQS AG ? Stollwerckstraße 11 ? 51149 Köln Sitz der Gesellschaft: Köln ? Amtsgericht Köln, HRB 12764 This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorised copying, disclosure or distribution of the material in this e-mail is strictly forbidden.