RE: [tomcat-users] Re: getting web application version string?

[Jason Pyeron]

> -Original Message-
> From: Michael Osipov
> Sent: Sunday, August 16, 2020 1:27 PM
> 
> Am 2020-08-16 um 18:16 schrieb Jason Pyeron:
> > Is there a better way than this?
> >
> > Specifically - detect running Tomcat, then if under Tomcat (today only 
> > interested in v7 and v9)
> obtain the version string as described [1] and shown on the Manager web 
> application.
> 
> At least for the version, you can use my listener, it will expose all
> all context-related information via JNDI. Give it a try:
> http://mo-tomcat-ext.sourceforge.net/user-guide.html#ContextNamingInfoListener

Cute. I like how you use org.apache.catalina.LifecycleListener to have 
legitimate access to the org.apache.catalina.Context.

The only gotcha I have is it requires advanced knowledge that you are on 
Tomcat. Specifically, it requires Operations to configure the context.xml for 
the web application.

v/r,

Jason




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

getting web application version string?

[Jason Pyeron]

Is there a better way than this?

Specifically - detect running Tomcat, then if under Tomcat (today only 
interested in v7 and v9) obtain the version string as described [1] and shown 
on the Manager web application.

import org.apache.catalina.core.*;
//...
public void init(ServletConfig config) throws ServletException
{
//java.util.logging...
log.log(Level.INFO, "config={0}", config);
ServletContext sc = config.getServletContext();
log.log(Level.INFO, "ServletContext={0}", sc);
if (sc instanceof ApplicationContextFacade)
{
try
{
ApplicationContextFacade acf = (ApplicationContextFacade) sc;
Field applicationContextField = 
ApplicationContextFacade.class.getDeclaredField("context");
applicationContextField.setAccessible(true);
ApplicationContext applicationContext = (ApplicationContext) 
applicationContextField.get(acf);
Field standardContextField = 
ApplicationContext.class.getDeclaredField("context");
standardContextField.setAccessible(true);
StandardContext standardContext = (StandardContext) 
standardContextField.get(applicationContext);
log.log(Level.INFO, "version={0}", 
standardContext.getWebappVersion());
}
catch (RuntimeException | NoSuchFieldException | 
IllegalAccessException e)
{
log.log(Level.WARNING, "unable", e);
}
}
}

1: https://tomcat.apache.org/tomcat-9.0-doc/config/context.html#Naming

--
Jason Pyeron  | Architect
PD Inc|
10 w 24th St  |
Baltimore, MD |
 
.mil: jason.j.pyeron@mail.mil
.com: jpye...@pdinc.us
tel : 202-741-9397




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

If you deploy your application against a fresh extract of 
https://archive.apache.org/dist/tomcat/tomcat-6/v6.0.35/bin/apache-tomcat-6.0.35.tar.gz,
 without ANY customizations you do not get the problem?

 

If you have to make customizations to get it to run, what are they? (e.g. 
context.xml changes, lib/ JARs, startup parameters, etc)

 

Based on the limited information you have provided (e.g. no test case I can 
run) I do not see any relevant issues in the following guides.

 

https://tomcat.apache.org/migration-7.html

http://tomcat.apache.org/migration-8.html

http://tomcat.apache.org/migration-85.html

 

Since the JVM (indicated) and WAR (implied) is the same version in your two 
installs, then it is a configuration issue.

 

CLASSPATH ?

System properties?

 

Please provide details to reproduce here.

 

-Jason 

 

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 11:14 AM
To: Tomcat Users List 
Cc: 'RUBIN, JACOB' ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

HI Jason,

 

Below are the details for the Tomcat 6 version, that we used before, 

Server version: Apache Tomcat/6.0.35

Server number:  6.0.35.0

OS Name:SunOS

OS Version: 5.10

Architecture:   sparcv9

JVM Version:1.8.0_101-b13

JVM Vendor: Oracle Corporation

 

We don’t face any issue on the other test environment that we are facing on 
updating to 8.5.5.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 7:33 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

What I see here is that there is a bit of custom code that is “causing” the 
issue.

 

at 
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)

at javax.xml.ws.Service.(Service.java:77)

Above here are JARs / runtime in the classpath

at com.att.lsrv.preorder.PreOrderService.(Unknown Source)

at porequest.control.LviCsClient.getLviCsClientProxy(Unknown Source)

at porequest.control.LviCsClient.getCSRResponse(Unknown Source)

at porequest.control.MainControllerServlet.CsrqResponse(Unknown Source)

at porequest.control.MainControllerServlet.doPost(Unknown Source)

Below here is tomcat..

at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

 

You indicate that this was on Tomcat 6.0.35, but you did not confirm the JVM it 
was running on. I am skeptical since the Tomcat version you indicated was 
released before Java 8 (2012 vs 2014) – but I am more skeptical that 6.0.35 was 
not customized. Have you deployed the application to an “out of the box” 6.0.35 
on the same JVM as 8.5.5?

 

Have you reached out to your developer of the com.att.lsrv and 
porequest.control code? You should have a test case to prove the issue out.

 

-Jason

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 9:29 AM
To: Jason Pyeron mailto:jpye...@pdinc.us> >; 'Tomcat Users 
List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Hi Jason,

 

We have updated the xercesImpl from version 2.6.2 to 2.12.0 for the migration 
and no new jars were added for the new environment.

 

We didn’t use Woodstox StAX jar with tomcat 6.0.35 and did not face any such 
issue.

 

PFA the complete Stack Trace for the Issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 6:15 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you test this before you migrated causing this “urgent” issue? What is 
diffe

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

A quick brief on etiquette.

 

1.   Please do not harvest emails and send linked in requests

2.   Do not mark questions as urgent and do provide sufficient details to 
reproduce the problem

 

What I see here is that there is a bit of custom code that is “causing” the 
issue.

 

at 
com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:104)

at javax.xml.ws.Service.(Service.java:77)

Above here are JARs / runtime in the classpath

at com.att.lsrv.preorder.PreOrderService.(Unknown Source)

at porequest.control.LviCsClient.getLviCsClientProxy(Unknown Source)

at porequest.control.LviCsClient.getCSRResponse(Unknown Source)

at porequest.control.MainControllerServlet.CsrqResponse(Unknown Source)

at porequest.control.MainControllerServlet.doPost(Unknown Source)

Below here is tomcat..

at javax.servlet.http.HttpServlet.service(HttpServlet.java:648)

 

You indicate that this was on Tomcat 6.0.35, but you did not confirm the JVM it 
was running on. I am skeptical since the Tomcat version you indicated was 
released before Java 8 (2012 vs 2014) – but I am more skeptical that 6.0.35 was 
not customized. Have you deployed the application to an “out of the box” 6.0.35 
on the same JVM as 8.5.5?

 

Have you reached out to your developer of the com.att.lsrv and 
porequest.control code? You should have a test case to prove the issue out.

 

-Jason

 

From: Lavitesh Verma  
Sent: Monday, June 15, 2020 9:29 AM
To: Jason Pyeron ; 'Tomcat Users List' 

Cc: 'RUBIN, JACOB' ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Hi Jason,

 

We have updated the xercesImpl from version 2.6.2 to 2.12.0 for the migration 
and no new jars were added for the new environment.

 

We didn’t use Woodstox StAX jar with tomcat 6.0.35 and did not face any such 
issue.

 

PFA the complete Stack Trace for the Issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

From: Jason Pyeron mailto:jpye...@pdinc.us> > 
Sent: Monday, June 15, 2020 6:15 PM
To: 'Tomcat Users List' mailto:users@tomcat.apache.org> >
Cc: 'RUBIN, JACOB' mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: RE: [tomcat-users] Issue found during migration of Tomcat version 
6.0.35 to 8.5.5

 

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you test this before you migrated causing this “urgent” issue? What is 
different between your test and this urgent outage’s configuration.

 

-Jason

 

From: Lavitesh Verma [mailto:lavitesh.ve...@amdocs.com] 
Sent: Monday, June 15, 2020 8:16 AM
To: users@tomcat.apache.org <mailto:users@tomcat.apache.org> 
Cc: RUBIN, JACOB mailto:jr2...@att.com> >; 
lsrv...@list.att.com <mailto:lsrv...@list.att.com> ; Vasudev Wadhawan 
mailto:vasudev.wadha...@amdocs.com> >
Subject: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 
to 8.5.5
Importance: High

 

Hi Team,

 

Below are the details of the system and tomcat version 

Old tomcat version: Apache Tomcat/6.0.35

New tomcat version: Apache Tomcat/8.5.5

Operating System: SunOS 

OS Version: 5.10 

Architecture: sparcv9

JVM Version: 1.8.0_101-b13

Vendor: Oracle Corporation

 

We are trying to migrate Apache Tomcat version 6.0.35 to 8.5.5.

 

We found the issue javax.xml.stream.FactoryConfigurationError: Provider 
com.ctc.wstx.stax.WstxInputFactory not found in localhost logs.

 



 

Could you please assist on how we could resolve the issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at 
https://www.amdocs.com/about/email-terms-of-service

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at  
<https://www.amdocs.com/about/email-terms-of-service> 
https://www.amdocs.com/about/email-terms-of-service

RE: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 to 8.5.5

[Jason Pyeron]

Sounds like you have added Jars to the old environment that are not in the new 
environment.

 

What is the offending code that causes the error?

 

What were your customizations against the 6.0.35 environment?

 

Is the Woodstox StAX jar in the web application or Tomcat lib directory? Where 
was it previously?

 

Did you test this before you migrated causing this “urgent” issue? What is 
different between your test and this urgent outage’s configuration.

 

-Jason

 

From: Lavitesh Verma [mailto:lavitesh.ve...@amdocs.com] 
Sent: Monday, June 15, 2020 8:16 AM
To: users@tomcat.apache.org
Cc: RUBIN, JACOB ; lsrv...@list.att.com; Vasudev Wadhawan 

Subject: [tomcat-users] Issue found during migration of Tomcat version 6.0.35 
to 8.5.5
Importance: High

 

Hi Team,

 

Below are the details of the system and tomcat version 

Old tomcat version: Apache Tomcat/6.0.35

New tomcat version: Apache Tomcat/8.5.5

Operating System: SunOS 

OS Version: 5.10 

Architecture: sparcv9

JVM Version: 1.8.0_101-b13

Vendor: Oracle Corporation

 

We are trying to migrate Apache Tomcat version 6.0.35 to 8.5.5.

 

We found the issue javax.xml.stream.FactoryConfigurationError: Provider 
com.ctc.wstx.stax.WstxInputFactory not found in localhost logs.

 



 

Could you please assist on how we could resolve the issue.

 

Thanks & Regards

Lavitesh Verma

Software Engineering Associate

Amdocs Global SmartOps

+91.9810157771 

OOO – 06/16 – 06/19



 

This email and the information contained herein is proprietary and confidential 
and subject to the Amdocs Email Terms of Service, which you may review at  
 
https://www.amdocs.com/about/email-terms-of-service

RE: [tomcat-users] Password encryption in Tomcat 8.5.35

[Jason Pyeron]

While there is no real value in doing so - you can provide your own datasource 
factory class.

This class should extend the provided datasource, and would use a "method" to 
decrypt the password field.

Keep in mind as you have described, the decryption mechanism(s) would be just 
as available to the attacker as the context.xml. We frequently have to reverse 
engineer such passwords for our customers.

Now, if the decryption method obtains information from a "password oracle 
source", you could end up with your implied security goals. We strive to obtain 
such keys from TPMs, Smart Cards, networked sources, etc.

v/r,

Jason Pyeron

> -Original Message-
> From: Mohan T 
> Sent: Monday, September 16, 2019 12:05 AM
> To: users@tomcat.apache.org
> Subject: [tomcat-users] Password encryption in Tomcat 8.5.35
> 
> Hi,
> 
> We are using tomcat 8.5.35, on Red Hat Enterprise Linux Server release 7.4.
> 
> Is it possible to encrypt or mask passwords that is being used in the 
> datasource for connecting to
> database. I am mentioning the credentials in server.xml
> 
> Thanks
> 
> Mohan
> DISCLAIMER: This communication contains information which is confidential and 
> the copyright of Ramco
> Systems Ltd, its subsidiaries or a third party ("Ramco"). This email may also 
> contain legally
> privileged information. Confidentiality and legal privilege attached to this 
> communication are not
> waived or lost by reason of mistaken delivery to you.This email is intended 
> to be read or used by the
> addressee only. If you are not the intended recipient, any use, distribution, 
> disclosure or copying of
> this email is strictly prohibited without the express written approval of 
> Ramco. Please delete and
> destroy all copies and email Ramco at le...@ramco.com immediately. Any views 
> expressed in this
> communication are those of the individual sender, except where the sender 
> specifically states them to
> be the views of Ramco. Except as required by law, Ramco does not represent, 
> warrant and/or guarantee
> that the integrity of this communication has been maintained nor that the 
> communication is free of
> errors, virus, interception or interference. If you do not wish to receive 
> such communications, please
> forward this communication to market...@ramco.com and express your wish not 
> to receive such
> communications henceforth.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] Re: SSLVerifyClient="optionalNoCA" stops working in tomcat 8.0.32?

[Jason Pyeron]

> -Original Message-
> From: Mark Thomas 
> Sent: Thursday, June 16, 2016 14:39
> To: Tomcat Users List
> Subject: [tomcat-users] Re: SSLVerifyClient="optionalNoCA" 
> stops working in tomcat 8.0.32?
> 
> On 16/06/2016 11:29, Florian Kleedorfer wrote:
> > Hi!
> > 
> > There was no response to my request on this list, so I filed a bug:
> > 
> > https://bz.apache.org/bugzilla/show_bug.cgi?id=59616
> > 
> > However, this bug does not seem to get handled by the dev team.
> 
> If you want a guaranteed response time, you'll need to pay the going
> rate for commercial support.
> 
> > My problem is that our application stopped working with more recent
> > tomcat versions. We can deal with it for now, but we need a 
> solution at
> > some point.
> > 
> > What is the recommended course of action in this case?
> 

1. Disable native io first, try again.
2. make a reproducible test case.

-Jason


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [tomcat-users] How to force Tomcat to use the system clock?

[Jason Pyeron]

 -Original Message-
 From: Salisbury, Richard W DLA CTR INFORMATION OPERATIONS 
 Sent: Friday, March 06, 2015 16:29
 
 Greetings,
 
 We have found a need to stop and start Tomcat once in a while to allow

How long is a while?

 Tomcat to connect via HTTPS with some other servers.  We think the
 restart may be synchronizing the time Tomcat uses with the server OS
 system time, and we are looking for ways to prevent having to 
 stop/start
 Tomcat.

I want to start with, I am very skeptical to your observations. 

 
 Details:
 Our instance of Tomcat 6.0.36 runs on HP-UX B11.31 ia64 with 
 JVM Version

JVM vendor?

 1.7.0.08.  It hosts a custom servlet which, when invoked, 
 connects with
 a remote server via HTTPS to retrieve some data.  However, 

The webapp make an outbound HTTPS connection or a client makes a HTTPS 
connection to the webapp?

 after about a
 month the timestamp Tomcat sends in the SSL handshake appears to drift
 enough for the remote server's time to start rejecting 
 requests because
 the timestamp is too far off (according to our partner's remote
 application logs).  

How far off?

 
 We have confirmed that our server clock is set correctly and 
 synced with
 NTP, and matches the system clock on the remote server, which 
 also uses
 NTP.  So one thing we thought might be happening is that 

What are the NTP stats? In otherwords, how stable is the system clock.

 Tomcat (or the
 Java that Tomcat runs on) may be keeping an internal clock, perhaps

It all boils down to: 

public static native long currentTimeMillis();

Even new java.util.Date() -

public Date() {
this(System.currentTimeMillis());
}

That means all the time source in Java, and Tomcat come from the OS.

 using a separate thread as a way to speed up the retrieval of time so
 that it does not have to go to the OS system clock every time it needs
 the current time.  And maybe this internal clock is not 
 synced with the
 server time until Tomcat (or the JVM) is restarted.
   
 If this is the case, would anyone have an idea of how to force Tomcat
 (or Java) to use the server's system clock every time instead of using
 its own internal clock?   We do not care about the performance hit on
 this because this is a low-volume application.  Or, if we are
 misunderstanding Tomcat and it actually uses the system clock 
 every time
 it needs to get the current time, is there something else we should be
 looking at?

Lets start withm can you add a simple JSP to your web app?

%=System.currentTimeMillis()%

Then periodically:

date  date -d @$(curl -s http://127.0.0.1:8080/date.jsp)  date

   
 We have researched on the web, checked the Apache mail archives, read
 the Tomcat configuration guide, looked up the Java system options, but
 have not studied the Tomcat source code yet.  We did find 
 that there is
 a Java Wrapper product out there by Tanuki Software that provides an
 option to use system time or a background thread, which is what caused
 us to wonder if Tomcat might be doing something similar.
 
 For more information on what the Tanuki wrapper does, here is 
 an excerpt
 we found on their website
 http://wrapper.tanukisoftware.com/doc/english/prop-use-system-
 time.html:
 As of Wrapper version 3.1.0, a new timer mechanism was added to the
 Wrapper. This new timer was made the default in Wrapper version 3.2.0.
 Rather than keeping time by querying the system clock, the Wrapper
 creates a background thread which enters a light weight loop and
 increments an internal tick counter.  Internally all timekeeping has
 been modified to be based on these ticks. (If the system 
 time is being
 used, then the tick count at any particular moment is calculated from
 the system time rather than from the counter.) 
 
 Thanks in advance for any ideas that are shared. 
 Richard

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00. 


smime.p7s
Description: S/MIME cryptographic signature

RE: [tomcat-users] DISA compliance tomcat 7.0.53

[Jason Pyeron]

 -Original Message-
 From: Jason Ricles 
 Sent: Thursday, July 10, 2014 15:28
 
 Where can I find a checklist so that I may make my tomcat server DISA
 compliant?

I think the term you are looking for is STIG compliant.

Please let us know more about the context, can you view the IASE
(http://iase.disa.mil/( site?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Is there a method to submit a useful tidbit of knowledge?

[Jason Pyeron]

Well documented.

http://wiki.apache.org/tomcat/FAQ/Linux_Unix

IPv6 and the -Djava.net.preferIPv4Stack=true into JAVA_OPTS is a solution to a
common problem, even outside of the Tomcat world.

 -Original Message-
 From: Bill Miller [mailto:millebi.subscripti...@gmail.com] 
 Sent: Thursday, May 12, 2011 17:22
 To: 'Tomcat Users List'
 Subject: RE: Is there a method to submit a useful tidbit of knowledge?
 
 Thanks Chuck! Update now in FAQ under Linux/Unix.
 
 Bill
 -Original Message-
 From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com]
 Sent: May 12, 2011 2:24 PM
 To: Tomcat Users List
 Subject: RE: Is there a method to submit a useful tidbit of knowledge?
 
  From: Bill Miller [mailto:millebi.subscripti...@gmail.com]
  Subject: Is there a method to submit a useful tidbit of knowledge?
 
  Is there a Wiki/FAQ submission method where I could submit 
 the problem 
  and the solution?
 
 It's all DIY:
 
 http://wiki.apache.org/tomcat/FAQ
 
 Just register and have at it.
 
  - Chuck

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat6 still deleting XML files from Catalina/localhost when the system is booted [OT]

[Jason Pyeron]

 -Original Message-
 From: Jeffrey Janner 
 Sent: Thursday, March 24, 2011 17:56
 To: 'Tomcat Users List'
 Subject: RE: tomcat6 still deleting XML files from 
 Catalina/localhost when the system is booted
 
  -Original Message-
  From: Robinson, Eric [mailto:eric.robin...@psmnv.com] The idea of 
  having a loop in the script that waits for the directory to 
 be mounted 
  sounds problematic to me. We have 75 instances of tomcat, so
  75 startup scripts. Even though they all start with S96, I 
 assume the 
  system picks one to start with, so that's the one that would spin 
  waiting for the NFS mount. Then the others would run quickly after 
  that.
 
 Init will run the S96 scripts in alphabetical order, if 
 that helps you pick which one script to modify.
 
 Q: What happens to those 75 instances when the NFS directory 
 goes off-line during production?

It triggers a stock option liquidation script.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: tomcat6 still deleting XML files from Catalina/localhost when the system is booted

[Jason Pyeron]

 -Original Message-
 From: Robinson, Eric [mailto:eric.robin...@psmnv.com] 
 Sent: Tuesday, March 22, 2011 13:30
 To: Tomcat Users List
 Subject: RE: tomcat6 still deleting XML files from 
 Catalina/localhost when the system is booted
 
 
  --
   On 22/03/2011 17:04, Robinson, Eric wrote:
Context docBase=/ha_ftp.nfs/site001/mobiledoc
 debug=1 reloadable=false
/Context
  
   So are nfs mounts being used? If so, my guess is that the
  mount isn't
   available when Tomcat starts which triggers the undeploy.
  
   Mark
  
  
  That certainly seems to make sense. Would undeploy actually 
 delete the 
  XML file? And would that happen even if autoDeploy=false?
  
 
 [Nick]
 
  Yes, for sure, to deleting the .XML file. I'm reasonably confident 
  autoDeploy=false doesn't affect undeploys. Even if it does, 
  autoDeploy=false only matters when the server is already 
 running. It 
  does NOT matter when the server is started (i.e., even with 
  autoDeploy=false, a WAR file would get auto-deployed when 
 the server 
  was started, just not if it was added when the server was already 
  running).
  
  N
  
 
 Good grief, thanks Mark and Nick. I am confident that we 
 found our culprit! Now I just need to figure out how to make 
 sure the tomcat scripts don't run until after the NFS mount 
 is available. I can't wait to implement these changes. Thanks again!

#!/bin/bash
#
# httpdStartup script for the Apache HTTP Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server.  It is used to serve \
#  HTML files and CGI.
# processname: httpd
# config: /etc/httpd/conf/httpd.conf
# config: /etc/sysconfig/httpd
# pidfile: /var/run/httpd.pid

See the line with chkconfig - S## E##?

Put those in your config before doing a chkconfig add, and it will cause them to
start in that order. Make sure they start after nfs and die before nfs and you
should be golden.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Populating Oracle v$session.program from Tomcat Context.xml

[Jason Pyeron]

 

 -Original Message-
 From: Dan
 Sent: Wednesday, March 16, 2011 14:34
 To: Tomcat Users List
 Subject: Re: Populating Oracle v$session.program from Tomcat 
 Context.xml
 
 We'd like to be able to tell apart database sessions from the 
 15 or so tomcat applications we have running on our 
 web-servers. Most of them use similar logins, so we can't 
 query the username from gv$session. We were hoping to instead 
 query to program field to tell them apart.
 
 We were able to make this functionality work with the thin 
 client, but we'd rather use the OCI client because it allows 
 our web-apps to reconnect to the database service after a 
 loss of connectivity (say during a cluster node reboot).

I want to put a fram of reference on this.

Remember the OCI client uses OS resources to connect, as such it is going to
pull the process name from the OS and java applications are not OS level
precesses, you do not see them in the output of /bin/ps or taskmgr.exe.

 
 So far though we've had no luck in getting it to work with 
 OCI. Most of the suggestions and info out on the web imply 
 that the best way to do it with OCI is programmatically from 
 the java app. That's the dilemma. Do we have to take the time 
 to change our apps to populate the program field, or can we 
 do it from the context.xml file from our app?
 
 On Tue, Mar 15, 2011 at 8:23 PM, Jorge Medina 
 cerebrotecnolog...@gmail.com wrote:
  What is the problem that you are trying to solve?
 
  On Mon, Mar 14, 2011 at 4:25 PM, Dan random.da...@gmail.com wrote:
  On Mon, Mar 14, 2011 at 11:25 AM, Dan 
 random.da...@gmail.com wrote:
  On Mon, Mar 14, 2011 at 10:57 AM, chris derham 
 ch...@derham.me.uk wrote:
  We have some working tomcat 6 instances that we'd like 
 to identify
 
 
  Can you use the combination of machine and schema name 
 to identify 
  the instance? You didn't detail your environment, but if 
 you have a 
  cluster, then the machine name would uniquely identify the 
  instance. If you have multiple different instances on the same 
  machine, then surely the schema name would allow you to identify 
  which user it is? This covers all possibilities unless you have 
  different apps on the same machine in different tomcat 
 instances talking to the same schema.
 
  Chris
 
 
  We are running all of our web-applications from two machines, and 
  they all use the same schema/username, so unfortunately I 
 need the 
  program, client_info, module, etc field to identify them.
 
  We are running a RAC, and I'm querying gv$session which 
 should get 
  me all cluster member connections.
 
  As David said, this does work with the thin driver, but I 
 need the 
  service/load balancing functionality from OCI. Any more 
 suggestions 
  are welcome!
 
 
  Does anyone else have any additional thoughts on this? I'd sure 
  appreciate more input.
 
  TIA,
 
  Dan

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Populating Oracle v$session.program from Tomcat Context.xml

[Jason Pyeron]

 -Original Message-
 From: chris derham
 Sent: Wednesday, March 16, 2011 15:41
 To: Tomcat Users List
 Subject: Re: Populating Oracle v$session.program from Tomcat 
 Context.xml
 
  We'd like to be able to tell apart database sessions from 
 the 15 or so 
  tomcat applications we have running on our web-servers. 
 Most of them 
  use similar logins, so we can't query the username from 
 gv$session. We 
  were hoping to instead query to program field to tell them apart.
 
  We were able to make this functionality work with the thin 
 client, but 
  we'd rather use the OCI client because it allows our web-apps to 
  reconnect to the database service after a loss of connectivity (say 
  during a cluster node reboot).
 
  You seem to be restating the original question. Did you try 
 using dbcp
 connection pool, and executing a Oracle command as the 
 connection is created to specify some context parameter? 
 Without any feedback, its kind of hard to help further. I 
 assume that it didn't work as you have seem to have asked the 
 original question again. So what problems did you encounter?


The problem he appears to be encountering is that he is unable to customize the
value in v$session.program. The reason for the problem is that he does not know
how to do it either when using the OCI jdbc driver (it is likely not possible).


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 -Original Message-
 From: Mladen Turk [mailto:mt...@apache.org] 
 Sent: Wednesday, February 23, 2011 3:01
 To: users@tomcat.apache.org
 Subject: Re: Secure AJP over ssl
 
 On 02/22/2011 11:23 PM, Jason Pyeron wrote:
  -Original Message-
 
  That is a naive view. [Please forgive the wording.]
 
 
 None taken.
 
  Given:
 
  1) The Apache box is secure and login is restricted to the 
 minimum set 
  of persons with a kneed to know.
  2) The Tomcat box is secure and login is restricted to the 
 minimum set 
  of persons with a kneed to know.
 
  There is no reason to allow the set of persons capable (and 
 sometimes
  authorized) to inspect the data on a network (network 
 operations) to 
  be able to inspect the unsecured contents of the data stream. That 
  would be a briech of security and law.
 
 
 I just waited you mention that :)
 What do you think happens when encrypted data from client 
 comes in and is encrypted again and send to the client?
 It's unencrypted in the memory and anyone with access to the 
 box can just inspect the content of the httpd process in the 
 same way it can read the data on the socket.
 So since persons which are authorized to login to the Apache 
 and Tomcat box have the option to view the data, your entire 
 security is still human based. That's why I see no point of 

Yes, the list includes 4 people.

 encrypting the data transfer between those boxes cause you 
 can just as well make sure the proper persons have the network access.
 

That list includes 78 people.

 However I can live with the 'law' reason, but that doesn't 
 mean it's a secure just because the 'law' says it is.

I see it as there is no excuse not to encrypt it when it crosses security domain
boundaries.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 -Original Message-
 From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
 Sent: Wednesday, February 23, 2011 10:38
 To: Tomcat Users List
 Subject: Re: Secure AJP over ssl
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Mark,
 
 On 2/23/2011 10:36 AM, Mark Thomas wrote:
  On 23/02/2011 15:32, Christopher Schultz wrote:
  Mladen,
 
  On 2/23/2011 3:00 AM, Mladen Turk wrote:
  What do you think happens when encrypted data from client 
 comes in 
  and is encrypted again and send to the client?
  It's unencrypted in the memory and anyone with access to 
 the box can 
  just inspect the content of the httpd process in the same 
 way it can 
  read the data on the socket.
  So since persons which are authorized to login to the Apache and 
  Tomcat box have the option to view the data, your entire 
 security is 
  still human based.
 
  I think he's talking about network sniffing (like another 
 node on the 
  network operating in promiscuous mode), not an untrusted 
 box administrator.
 
  That's why I see no point of encrypting the data transfer between 
  those boxes cause you can just as well make sure the 
 proper persons 
  have the network access.
 
  I certainly agree with this.
 
  Anyhow, to answer the OP's question, there are really 
 three options:
 
  1. SSH tunnel

I think I am going to use stunnel in xinetd.

 
  2. Encrypted VPN (OpenVPN is quite good and will auto-reconnect if
 necessary while ssh generally won't).
 
  3. Switch to mod_proxy_http and use an https:// URL with Mark's
 indicated settings.

I am glad to have this cleared up.

 
  These options are roughly in order of performance from 
 best to worst:
  setting up an HTTPS connection is expensive and I'm not 
 entirely sure 
  how mod_proxy_http does connections, but I suspect it creates and 
  tears-down for each request (i.e. no keepalives, or at 
 least limited ones).
 
  Encrypted VPNs are simply more complicated than an SSH tunnel and 
  require slightly more overhead. An SSH tunnel is dead 
 simple and only 
  negotiates a symmetric key once at connect time (okay, and then 
  re-negotiates at intervals) but lacks the robustness of a VPN.
  
  I disagree with that assessment. mod_proxy_http is by far 
 the simplest 
  way to go and it does use keep-alive.
 
 Good to know that mod_proxy_http uses keepalive. I was 
 recommending the others since the OP seems wedded to AJP. 
 Also, if there is any other traffic to encrypt (JDBC, etc.) 
 the VPN would handle that, too.

It is not that I am wedded to any particular implementation, it is just each
change requires board approval.

A change for reconfiguring the enabled modules in apache. [we can skip this if
we stay with mod_proxy_ajp, as it was already approved]
A change for opening up a port on the apache box








--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 -Original Message-
 From: Mladen Turk [mailto:mt...@apache.org] 
 Sent: Tuesday, February 22, 2011 1:20
 To: users@tomcat.apache.org
 Subject: Re: Secure AJP over ssl
 
 On 02/21/2011 10:31 PM, Jason Pyeron wrote:
  Does (or could) tomcat 5.5 support encrypted AJP? The 
 frontend apache 
  will be on a different host than the tomcat server. It is required 
  that the communications are encrypted.
 
 
 I would suggest you reconsider your security requirements.

Cordially, no.

 Unless your frontend and backend are on different continents 
 the best way to fight wire tapping (only reason why would you 

Yes. You hit the nail on the head, besides being required by law.

 secure the communication at the first place) is much better 
 done with securing your infrastructure.

That is a naive view. [Please forgive the wording.]

Given:

1) The Apache box is secure and login is restricted to the minimum set of
persons with a kneed to know. 
2) The Tomcat box is secure and login is restricted to the minimum set of
persons with a kneed to know. 

There is no reason to allow the set of persons capable (and sometimes
authorized) to inspect the data on a network (network operations) to be able to
inspect the unsecured contents of the data stream. That would be a briech of
security and law.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Secure AJP over ssl

[Jason Pyeron]

Does (or could) tomcat 5.5 support encrypted AJP? The frontend apache will be on
a different host than the tomcat server. It is required that the communications
are encrypted.

Would I be best off using stunnel?

My googleing has led me astray to
http://download.oracle.com/docs/cd/E13789_01/bh.100/e13791/ajp.htm 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 

 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org] 
 Sent: Monday, February 21, 2011 17:26
 To: Tomcat Users List
 Subject: Re: Secure AJP over ssl
 
 On 21/02/2011 22:19, Jason Pyeron wrote:
  -Original Message-
  From: Mark Thomas
  Sent: Monday, February 21, 2011 17:15
  To: Tomcat Users List
  Subject: Re: Secure AJP over ssl
 
  On 21/02/2011 21:31, Jason Pyeron wrote:
  Does (or could) tomcat 5.5 support encrypted AJP?
 
  No.
 
  Would I be best off using stunnel?
 
  Also, no.
 
  Use mod_proxy_http and proxy over https.
  
  Then we would loose the is_secure handling of AJP, as well as the 
  client certificates of the web application clients. That is the 
  purpose of mod_proxy_ajp, among others.
 
 No you wouldn't. That all works (with a little more 
 configuration) with mod_proxy_http.
 

Where are the docs for certificate chaining with mod_proxy? I have not found
any.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Secure AJP over ssl

[Jason Pyeron]

 -Original Message-
 From: Mark Thomas 
 Sent: Monday, February 21, 2011 17:15
 To: Tomcat Users List
 Subject: Re: Secure AJP over ssl
 
 On 21/02/2011 21:31, Jason Pyeron wrote:
  Does (or could) tomcat 5.5 support encrypted AJP?
 
 No.
 
  Would I be best off using stunnel?
 
 Also, no.
 
 Use mod_proxy_http and proxy over https.

Then we would loose the is_secure handling of AJP, as well as the client
certificates of the web application clients. That is the purpose of
mod_proxy_ajp, among others.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat in CentOS 5.5

[Jason Pyeron]

 -Original Message-
 From: Christian Garling 
 Sent: Monday, January 31, 2011 10:37
 To: Tomcat Users List
 Subject: Tomcat in CentOS 5.5
 
 Hi there,
 
 I am new on this list, so first I want to say hello to you. 
 But now to my problem.
 
 We develop software for the touristical branch which runs 
 mainly under CentOS. Our customers are big companies. Of 
 course they have SLAs with their server providers, so they 
 cant use any software version they want. 

Centos 5.5 is not covered by an SLA, you should use RHEL 5 (and I belive the
current patch version is 5.6)

 CentOS 5.5 ships Tomcat 6.0.18, so this version is available 
 at customers site. The developer who writes the java parts of 
 our application told me, that we cant use the Tomcat version 
 shipped with CentOS, because it has too many bugs. But if we 
 use another one, we break with customers SLAs. I might be 
 true, that there are bugs in Tomcat 6.0.18, but CentOS is an 
 enterprise operating system. I can not believe that these 

Yes the upsream provider Red Hat may provide fixes, you should look at the
src.rpm files for tomcat to see.

 bugs are not fixed with patches there. Can somebody shed some 
 light into this?
 

In you situation we would install a version of Tomcat suited to the
Customer/Task in /var/opt/apache/tomcat/version and create a SysV init script
and plug it into the vendors mod_ajp facility.

 Best regards, Christian
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Setup Advice Needed: dev vs. test vs. production

[Jason Pyeron]

 -Original Message-
 From: Susan G. Conger 
 Sent: Friday, January 21, 2011 13:30
 To: 'Tomcat Users List'
 Subject: RE: Setup Advice Needed: dev vs. test vs. production
 
 I hear you.  But in our environment it just isn't feasible to 
 install three different tomcats on the customer's system.  So 

You are telling all there is about your situation, how about you explain your
constraints, and why they are so.

 I was trying to come up with a way to do this without having 
 to rename a bunch of stuff.  If it was running on a different 
 virtual host for each environment or different ports.

I am not sure I am following you on this statement.

 Can Tomcat be setup so 3 VM instances are ran under one 
 tomcat installation?

Do you mean one TOMCAT_HOME?

 With the constraint that only one tomcat can be installed on 
 the system what is the best way to run 3 separate environments?

The answer is don't. If you cannot have more than 1 tomcat in the enterprise,
then you should schedule downtime for the production system, to do your testing.
Undeploy the prod.war and deploy the test.war or dev.war. When done, undeploy
then deploy the prod.war.

 
 Thanks,
 Susan
 
 -Original Message-
 From: Caldarale, Charles R 
 Sent: Friday, January 21, 2011 1:15 PM
 To: Tomcat Users List
 Subject: RE: Setup Advice Needed: dev vs. test vs. production
 
  From: Susan G. Conger [mailto:cong...@yoeric.com]
  Subject: Setup Advice Needed: dev vs. test vs. production
 
  I don't want to install 3 instances of tomcat on the 
 customers machine 
  for running the different environments.
 
 I strongly suggest you rethink that, and use at least three 
 separate Tomcat instances.  Trying to run everything in one 
 instance puts production at a severe risk of failure should 
 anything in the dev or test environment have a problem (e.g., 
 infinite loop, heap overflow).  Given the extremely low cost 
 of hardware (or VMs) these days, I'd have the test and prod 
 systems on different boxes or VMs, and let each developer run 
 their own Tomcat instance on their own workstation.
 


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

 -Original Message-
 From: Yuesong Wang 
 Sent: Thursday, January 20, 2011 10:41
 To: Tomcat Users List
 Subject: Re: Request Line Truncated and Caused 501
 
 Thanks. I tried 6.0.30, but under heavy load in our 
 production environment, its memory usage shot up in a matter 
 of minutes and we had to bring it down. We did not see that in 6.0.29.

The patch should easily back port.

 On Jan 19, 2011, at 5:59 PM, Mark Thomas wrote:
 
snip/
  
  Known issue. Fixed in 6.0.30.
  http://issues.apache.org/bugzilla/show_bug.cgi?id=50072
  

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

 -Original Message-
 From: Yuesong Wang  Sent: Wednesday, January 19, 2011 14:55
 To: users@tomcat.apache.org
 Subject: Request Line Truncated and Caused 501
 
 Hi,
 
 I have tomcat 6.0.29 configured using the NIO connector 
 running on linux. My access log shows strange 501 errors like this:
 

Does the NIO think it is on windows?

 86.24.156.114 - - [19/Jan/2011:14:41:28 -0500] eferer: 
 /static/r07/sh30.html  501 1235 - -
 41.203.64.251 - - [19/Jan/2011:14:39:18 -0500] ET actual 
 url HTTP/1.1 501 1220 actual referrer Mozilla/4.0 
 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; 
 GTB6.6; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET 
 CLR 3.0.30729; Media Center PC 6.0; CPNTDF; .NET4.0C)
 

If chomping off the 0x0A when there is none, you could get this.

 It seems something went wrong while reading the request, and 
 a rather random chunk is treated as the request uri. I 
 thought it had to do with the maxHttpHeaderSize being too 
 small, and tried to reproduce it but couldn't. I suspect the 
 http request itself is malformed, but can't be sure because I 
 can't get to the raw request (RequestDumperValve happens 
 after the raw request is parsed I think).
 
 Any idea what the problem may be or how to go about 
 investigating this?

Try using a low level tool like curl to reproduce problems.





--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

 -Original Message-
 From: Christopher Schultz 
 Sent: Wednesday, January 19, 2011 17:50
 To: Tomcat Users List
 Subject: Re: Request Line Truncated and Caused 501
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Jason,
 
 On 1/19/2011 3:05 PM, Jason Pyeron wrote:
  -Original Message-
  From: Yuesong Wang  Sent: Wednesday, January 19, 2011 14:55
  To: users@tomcat.apache.org
  Subject: Request Line Truncated and Caused 501
 
  Hi,
 
  I have tomcat 6.0.29 configured using the NIO connector running on 
  linux. My access log shows strange 501 errors like this:
 
  
  Does the NIO think it is on windows?
 
 Why would that matter?

Seen problems like this in perl, oracle, and may other things written for
windows run on non-windows.

 
  86.24.156.114 - - [19/Jan/2011:14:41:28 -0500] eferer: 
  /static/r07/sh30.html  501 1235 - -
  41.203.64.251 - - [19/Jan/2011:14:39:18 -0500] ET actual
  url HTTP/1.1 501 1220 actual referrer Mozilla/4.0
  (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; GTB6.6; 
  SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; 
  Media Center PC 6.0; CPNTDF; .NET4.0C)
 
  
  If chomping off the 0x0A when there is none, you could get this.
 
 HTTP protocol says lines end with CR LF.
 

Then is the client not sending it and the tomcat code skipping... (I did see the
no leading CRLF below)

 Perhaps the client is broken? It says MSIE, so it probably is. :)
 
 The first line of the request shouldn't contain a leading CR 
 or LF and should start with an HTTP verb (like GET). It looks 
 like GET is being truncated to ET at some point.

Good point.

 
  I
  thought it had to do with the maxHttpHeaderSize being too 
 small, and 
  tried to reproduce it but couldn't. I suspect the http 
 request itself 
  is malformed, but can't be sure because I can't get to the raw 
  request (RequestDumperValve happens after the raw request 
 is parsed I 
  think).
 
  Any idea what the problem may be or how to go about investigating 
  this?
 
 Can you search your access log for requests that don't start 
 with valid HTTP verbs? That might help you narrow down what 
 conditions cause the requests to get mangled. Maybe there 
 really is some broken client out there.
 
 What % of requests does this represent? What opportunities do 
 you have to reconfigure the server and continue to collect data?
 

And can this be reproduced?


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Request Line Truncated and Caused 501

[Jason Pyeron]

 -Original Message-
 From: Mark Thomas [mailto:ma...@apache.org] 
 Sent: Wednesday, January 19, 2011 17:59
 To: Tomcat Users List
 Subject: Re: Request Line Truncated and Caused 501
 
 On 19/01/2011 19:54, Yuesong Wang wrote:
  Hi,
  
  I have tomcat 6.0.29 configured using the NIO connector 
 running on linux. My access log shows strange 501 errors like this:
 
 Known issue. Fixed in 6.0.30.
 http://issues.apache.org/bugzilla/show_bug.cgi?id=50072

Very nice, good memory on the bug, just read the patch.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Intercept Tomcat log

[Jason Pyeron]

 -Original Message-
 From: Igor Simões [mailto:igor.americ...@gmail.com] 
 Sent: Friday, December 31, 2010 4:51
 To: Tomcat Users List
 Subject: Re: Intercept Tomcat log
 
 The offline processing of tomcat log files is the first 
 option, but we were looking for something that could allow us 
 to do on-line processing, or processing with short delay time.
 
 Unhappily the corporation I work don't have pearl on the list 
 of languages with official production environment setup.
 

Please do not top post.

 Thanks!
 
 2010/12/30 André Warnier a...@ice-sa.com
 
  Mikolaj Rydzewski wrote:
 
 
  On Thu, 30 Dec 2010 13:28:02 -0200, Igor Simões 
  igor.americ...@gmail.com
  wrote:
 
   Is there any way to intercept log entries?
 

I am going to answer this with a java.util.logging point of view.

You can install multiple handlers
(http://download.oracle.com/javase/6/docs/api/java/util/logging/Handler.html),
even dynamically.

You can attach this to the root logger  or a specific level com.ice-sa etc.

Following a pattern like the MemoryHandler you can even report back logs upon a
triggering condition.

-Jason 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Intercept Tomcat log [OT]

[Jason Pyeron]

 -Original Message-
 From: André Warnier
 Sent: Friday, December 31, 2010 11:03
 To: Tomcat Users List
 Subject: Re: Intercept Tomcat log
 
 ;-)
 
 I agree. But then why did you start bottom-posting after the 
 previous person top-posted ? 
 That was confusing too.
 
   Yes they do, when they start top-posting after someone 
 else bottom-posted, it gets confusing.
 
 Nobody forces you to.
 
   But I don't.
 
 Yes, but some people prefer it this way.
 
   Because it ruins the logical flow of the conversation.
 
 Why not ?
 
 Jason Pyeron wrote:
  
  Please do not top post.
  

I am dizzy.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

 -Original Message-
 From: Konstantin Kolinko 
 Sent: Wednesday, December 08, 2010 0:29
 To: Tomcat Users List
 Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
 
 2010/12/7 Jason Pyeron jpye...@pdinc.us:
 
  The permissions on /usr/share/tomcat5/conf/ are 775 and 
 owned by root.tomcat.
 
 It is a bad idea to have the configuration files world-readable.
 
 Especially tomcat-uses.xml and server.xml.
 
 

That is a valid point but not the issue at hand.

  java.io.IOException: IOException writing to 
  /usr/share/tomcat5/conf/tomcat-users.xml.new
 
 What you do not understand in the above message?
 Tomcat saves the file to a new name, then renames it.
 

I understand the message, it says tomcat cannot write that file. What I do not
understand is how it cannot write that file.

 BTW, it is possible to set readonly=true on the 
 UserDatabase entry in server.xml and Tomcat won't try to 
 write that file. (In Tomcat 6+ readonly flag is true by default).
 
  cat /etc/tomcat5/tomcat-users.xml
 
 This file is not in /usr/share/tomcat5/conf/
 

Right, that is a symlink to /etc/tomcat5, which has all the properties as
decribed for /usr/share/tomcat5/conf/ (if I had tested /usr/share/tomcat5/conf
then the information provided would have been for the symlink and not the
target)


So the question remains, what could have changed on the RHEL 5.5 system between
last week and present to make tomcat complain. Unfortunatly the backups of the
system were only on /usr/local and /home so theyt were of no help and the rpm
log only indicates a kerbos update.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

 -Original Message-
 From: Konstantin Kolinko 
 Sent: Wednesday, December 08, 2010 9:35
 To: Tomcat Users List
 Subject: Re: Issues on startup for tomcat 5.5 on RHEL 5.5
 
 2010/12/8 Jason Pyeron jpye...@pdinc.us:
   java.io.IOException: IOException writing to 
   /usr/share/tomcat5/conf/tomcat-users.xml.new
 
  What you do not understand in the above message?
  Tomcat saves the file to a new name, then renames it.
 
 
  I understand the message, it says tomcat cannot write that 
 file. What 
  I do not understand is how it cannot write that file.
 
 
 Try to create that file. Maybe that'd give you some additional clue.
 Maybe the file is already there, or maybe Tomcat runs not 
 under the user that you are expecting (or that user is non a 
 member of the tomcat group).

Maybe I forgot to mention in my original post, that the tomcat user can create
and modify files in that directory, further that I checked the selinux log file
while the error was happening and there was no relevant output. 

 
 Anyway, I certainly recommend you to set readonly=true. [1]
 

It is set to readonly now. But there was some change on the system, which caused
it to stop working in readwrite mode. Tomcat had been installed and functioning
every week for many months now.

  BTW, it is possible to set readonly=true on the 
 UserDatabase entry 
  in server.xml and Tomcat won't try to write that file. (In 
 Tomcat 6+ 
  readonly flag is true by default).
 
 
 [1] 
 http://tomcat.apache.org/tomcat-5.5-doc/jndi-resources-howto.h
tml#UserDatabase_Resources

I do not have any use for built in user authentication. I will eventually try to
disable it entirely.


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Issues on startup for tomcat 5.5 on RHEL 5.5

[Jason Pyeron]

I am not sure what happened but something changed in the last week and now
tomcat does not want to start up. All my googling points to a selinux or
permission problem. I have reviewed audit.log and verified that the tomcat user
can write, modify and delete file in the directoy. Any suggestion would be
appreciated.

The permissions on /usr/share/tomcat5/conf/ are 775 and owned by root.tomcat.

cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.5 (Tikanga)

cat /var/log/tomcat5/catalina.out
Using CATALINA_BASE:   /usr/share/tomcat5
Using CATALINA_HOME:   /usr/share/tomcat5
Using CATALINA_TMPDIR: /usr/share/tomcat5/temp Using JRE_HOME:
Dec 7, 2010 10:13:35 AM org.apache.catalina.core.AprLifecycleListener
lifecycleEvent
INFO: The Apache Tomcat Native library which allows optimal performance in
production environments was not found on the java.library.path:
/usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64/server:/usr/lib/jvm
/java-1.6.0-openjdk-1.6.0.0.x86_64/jre/lib/amd64:/usr/lib/jvm/java-1.6.0-openjdk
-1.6.0.0.x86_64/jre/../lib/amd64:/usr/java/packages/lib/amd64:/usr/lib64:/lib64:
/lib:/usr/lib
Dec 7, 2010 10:13:35 AM org.apache.coyote.http11.Http11BaseProtocol init
INFO: Initializing Coyote HTTP/1.1 on http-8080 Dec 7, 2010 10:13:35 AM
org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 502 ms Dec 7, 2010 10:13:35 AM
org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.io.IOException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at
org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:554)
at
org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUser
DatabaseFactory.java:104)
at
org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java
:140)
at
javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
at org.apache.naming.NamingContext.lookup(NamingContext.java:793)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Dec 7, 2010 10:13:35 AM
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans
SEVERE: Exception processing Global JNDI Resources
javax.naming.NamingException: IOException writing to
/usr/share/tomcat5/conf/tomcat-users.xml.new
at org.apache.naming.NamingContext.lookup(NamingContext.java:805)
at org.apache.naming.NamingContext.lookup(NamingContext.java:140)
at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingCon
textBindingsEnumeration.java:113)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnu
meration.java:71)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:137)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalR
esourcesLifecycleListener.java:109)
at
org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(Globa
lResourcesLifecycleListener.java:81)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.ja
va:120)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:693)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.jav
a:43)
at 

Modifying logging levels logged in catalina.out at runtime

[Jason Pyeron]

This may be slightly off-topic.

I'll start off with I know how to do this from inside the webapp's code and how
to do it by modifing properties files on the system at tomcat startup. But how
can it be done from outside the webapp with out restarting tomcat?

We are using java.util.logging on tomcat 5.5.23 using jdk 1.6.0_17.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Modifying logging levels logged in catalina.out at runtime

[Jason Pyeron]

 

 -Original Message-
 From: Mark Eggers [mailto:its_toas...@yahoo.com] 
 Sent: Wednesday, December 01, 2010 15:20
 To: Tomcat Users List
 Subject: Re: Modifying logging levels logged in catalina.out 
 at runtime
 
 Hopefully you're not creating custom logging levels. Creating 

Nope, plain jane.

 custom logging levels is the classic way to create 
 classloader leaks. See the following as an
 example:
 
 http://blogs.sun.com/fkieviet/entry/classloader_leaks_the_dreaded_java
 
 You can create a logging.properties file and place it in 
 WEB-INF/classes. You can then change this file, rebuild your 
 application, and redeploy it without taking down Tomcat.

Good idea, whould still like to do it without taking down the webapp (that was
the intention behind not restarting tomcat)

 
 You could also add a WatchedResource element to your Context 
 and point it at WEB-INF/classes/logging.properties. When that 
 file is changed, Tomcat will reload the application.
 
 See: http://tomcat.apache.org/tomcat-5.5-doc/config/context.html
 
 I'm not really sure you want to do the WatchedResource 
 configuration in a production environment though . . .
 
 . . . . just my two cents.

Our new applications are putting in a management console to adjust the logging
setting, but legacy applications sometimes need to be debugged with out
restarting them. Think about leaks where the problem shows up only after 3
months of running.

 - Original Message 
 From: Jason Pyeron jpye...@pdinc.us
 To: Tomcat Users List users@tomcat.apache.org
 Sent: Wed, December 1, 2010 11:59:28 AM
 Subject: Modifying logging levels logged in catalina.out at runtime
 
 This may be slightly off-topic.
 
 I'll start off with I know how to do this from inside the 
 webapp's code and how to do it by modifing properties files 
 on the system at tomcat startup. But how can it be done from 
 outside the webapp with out restarting tomcat?
 
 We are using java.util.logging on tomcat 5.5.23 using jdk 1.6.0_17.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: How to source jobs/talent was RE: Tomcat Consultant

[Jason Pyeron]

 -Original Message-
 From: André Warnier [mailto:a...@ice-sa.com] 
 Sent: Friday, November 19, 2010 2:37
 To: Tomcat Users List
 Subject: Re: How to source jobs/talent was RE: Tomcat Consultant
 
 Jason Pyeron wrote:
 ...
  
  Disclaimer: We perform many types J2EE consulting.
  
 proofreading ?

It should have read: Disclaimer: We perform many types of J2EE consulting.

Touché. One should not write emails while eating dinner. But I think the message
was clearly constructive. 

I did notice that the FAQ (http://wiki.apache.org/tomcat/FAQ) does not mention
how to request consulting services or post jobs. But there is a page
(http://www.apache.org/info/support.cgi) dedicated to commercial support of
Apache products. 

I have always liked the way Bugzilla organizes their site, so any user looking
for the mailing list (http://www.bugzilla.org/support/) also found the link to
the consulting registry (http://www.bugzilla.org/support/consulting.html).

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

How to source jobs/talent was RE: Tomcat Consultant

[Jason Pyeron]

There are going to be a lot of nit picks in this message.

 -Original Message-
 From: tdelesio [mailto:tdele...@gmail.com] 

Use a company email, this just looks unprofessional. I would never reply to it
to negotiate a contract or ask for a job.

 Sent: Friday, September 24, 2010 13:25
 To: users@tomcat.apache.org
 Subject: Tomcat Consultant
 
 
 My fortune 500 company is testing a pilot for switching over 

Again don't be anonymous.

 a J2EE web app over from Web Sphere application server to 

What WS specific APIs are used in the application?

 Tomcat and we are looking for a consultant to setup a crusted 

Proof read your postings.

 production instance of tomcat.  Does anyone have any 

What area of the world? What size is the project? Timeframe?

 recommendations for a top notch consulting firm that could 
 provide these services?

Did you do a google search for tomcat consultants?

-Jason Pyeron

Disclaimer: We perform many types J2EE consulting.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Ya gotta love it... [OT]

[Jason Pyeron]

 -Original Message-
 From: David kerber [mailto:dcker...@verizon.net] 
 Sent: Friday, October 01, 2010 14:32
 To: Tomcat Users List
 Subject: Ya gotta love it...
 
 When you can fix a long standing bug simply by deleting 60 or 
 80 lines of code and modifying 6 other lines.

?

 
 Of course, it's kind of embarrassing that I allowed that bug 
 to creep in in the first place...

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Calling a CGI script from Servlet

[Jason Pyeron]

 

 -Original Message-
 From: troylparr...@aol.com [mailto:troylparr...@aol.com] 
 Sent: Sunday, August 01, 2010 8:19
 To: users@tomcat.apache.org
 Subject: Re: Calling a CGI script from Servlet
 
 
 
 
 Mark,
 
 Thanks for the reply. I am using Tomcat 6.0.20.  The script 
 is located in WEB-INF/cgi and in the call I am using an absolute path:
 
 //System Call
 String[cmd] = {python, 
 'home/troy/NetBeansProjects/GSMFilter/web/WEB-INF/cgi/helloWor

Do you mean /home?

 ld.py, -c}; Runtime rt = Runtime.getRuntime(); Process proc = 
rt.exec(cmd); int exitVal = proc.waitFor();
 
 //Write exit value to file - Get value of zero 
 toFile.write( + exitVal);
 
 MY ORIGINAL POST: 
 
 I am new to configuring tomcat (I have run it for a few years 
 as it is packaged with Netbeans) and new to linux and I am 
 stuck on a particular problem.
 
 I have a project in which I am trying to call a python code 
 from a servlet.  I am using tomcat6 on Ubuntu 10.04.  I have 
 used both Runtime.exec() as well as ProcessBuilder to make 
 the call.  I have completely copied the code from the 
 JavaWorld article When Runtime.exec() won't 
 (http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.h
tml). ; I have granted full permissions on all the files (read,  write and
execute).  When I get an exit value on the 
 execution of the script I get a value of 0 (zero).  I am able 
 to execute the script from a simple java program in this 
 environment (tomcat and Ubuntu) using the same syntax but not 
 in the servlet.  I am able to execute the script from the 
 servlet in Ubuntu 10.04 from glassfish and I am able to 
 execute the script from the servlet in tomcat6 in a windows 
 environment.  However, when I try to execute the script from 
 the servlet in tomcat6 and Ubuntu 10.04 - nothing - even 
 though I get the exit value of zero, I get the zero value 
 returned but no action from the script (all it does is open 
 the default browser).
 
 I have made the following changes in my tomcat installation:
 
 Uncommented the following in the web.xml:
 
  servlet
 servlet-namecgi/servlet-name
 
 servlet-classorg.apache.catalina.servlets.CGIServlet/servlet-class
 init-param
   param-namedebug/param-name
   param-value0/param-value
 /init-param
 init-param
   param-namecgiPathPrefix/param-name
   param-valueWEB-INF/cgi/param-value
 /init-param
  load-on-startup5/load-on-startup
 /servlet
 
 servlet-mapping
 servlet-namecgi/servlet-name
 url-pattern/cgi-bin/*/url-pattern
 /servlet-mapping
 
 My tomcat-users:
 
 tomcat-users
 
   role rolename=tomcat/
   role rolename=role1/
   role rolename=manager/
   user username=tomcat password=tomcat roles=tomcat/
   user username=both password=tomcat roles=tomcat,role1/
   user username=role1 password=tomcat roles=role1/
   user username=tomcat password=tomcat roles=manager/  
 
 /tomcat-users
 
 Change made in context.xml:
 Context reloadable=true privileged=true
 
 Added to system.policy:
 // Grant WebApps All Permission
 grant codeBase file:/var/lib/tomcat6/webapps/- {
 permission java.security.AllPermission; };
 
 Added to catalina.policy:
 grant codeBase file:${catalina.home}/webapps/GSMFilter/-  {
 java.io.FilePermission 
 /var/libs/tomcat6/webapps/GSMFilter/WEB-INF/storage/ALL 
 FILES, read,write,execute,delete; };
 
 grant codeBase file:${catalina.home}/webapps/GSMFilter/-{
 permission java.security.AllPermission; };
 
 grant codeBase file:${catalina.home}/webapps/GSMFilter/-{
  permission java.lang.RuntimePermission 
 /home/troy/NetBeansProjects/GSMFilter/web/WEB-INF/storage/A
LL FILES, read,write,execute,delete;
 
  


--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat NTLM authentication

[Jason Pyeron]

 -Original Message-
 From: dB. 
 Sent: Thursday, May 20, 2010 8:42
 Subject: Tomcat NTLM authentication
 
 Forgive me for shameless advertising. This should be useful 
 to lots of people.
 
 We've published a free Tomcat 6 Negotiate authenticator based 

Apache License?


 on JNA  that supports the Negotiate protocol, including 
 Kerberos and the much requested NTLM. This is equivalent to 
 checking the Integrated Authentication box in IIS, enabling 
 single sign-on for windows servers that are both joined or 
 not to an Active Directory domain. The authenticator is part 
 of project Waffle.
 
 Tutorial: http://code.dblock.org/ShowPost.aspx?id=103
 Download Waffle: http://waffle.codeplex.com/
 
 Hope this helps, your feedback is much appreciated,
 
 -dB.
 dB. @ dblock.orghttp://www.dblock.org/
 Moscow|Geneva|Seattle|New York
 
 
 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: how to return a zipped file so that the browser will unzip it ? [OT]

[Jason Pyeron]

Read the HTTP rfc, more details inline...

 -Original Message-
 From: André Warnier
 Sent: Thursday, May 20, 2010 16:04
 Subject: how to return a zipped file so that the browser will 
 unzip it ?
 
 Hi.
 This is not really a Tomcat question, rather something one 
 should be able to do with Tomcat, but I-don't-know-how kind of thing.
 It was inspired by this servlet :
 http://www.javaside.com/u_zipservlet.html
 
 The question is :
 Suppose that to gain space on my Tomcat server and to speed 
 up content delivery, I have a whole bunch of files in one of 
 my Tomcat contexts, which have been pre-zipped.
 That is, I have for example a.txt, b.txt, c.txt etc... but 
 all these huge text files have already been pre-zipped, and 
 they are really on my server as (catalina_base)/webapps/mywebapp/
   a.txt.zip
   b.txt.zip
   c.txt.zip
   etc...

First of all I don’t think zip is a supported HTTP transport encoding, I could
be wrong.

 
 Now I would like the user to be able to request the URL 
 http://hostname/mywebapp/a.txt and obtain this file, as a 
 text, displayed in the browser window.
 Of course I do not want Tomcat to retrieve the file a.zip, 
 unzip it, and send it back unzipped as a.txt. I want it to 
 remain zipped during transmission, to use less bandwidth.
 And I also do not want to leave my files on disk as a.txt, 
 b.txt, etc.. 

Using an http compression method compress your files.

 and ask Tomcat to compress them on-the-fly just before 
 sending them to the browser. The files are already 

When the browser says it accepts the same compression method as you used, send
the file indicating that is is compressed per http rfc.

 compressed, so that would be a waste of CPU cycles.

Otherwise you will have to decompress it and send it per the browsers requested
transmission method.

 
 Thus I want my Tomcat webapp to
 - receive a request for /a.txt
 - see that there is aready, on disk, a file a.txt.zip
 - consequently, read a.txt.zip, and send this as is back to 
 the browser, but telling the browser that this has only be 
 zipped for transmission, but that it is really a.txt, and ask 
 the browser to unzip it and display it as text.
 (If it makes it easier to conceive the difference or benefit, 
 you can also think that instead of text files, these are 
 originally very large PDF files (say a.pdf), which have been 
 zipped (as a.pdf.zip), but which I want to display as PDF in 
 the browser (as a.pdf))
 
 How would you do that ?
 
 I can think of creating a special servlet that would do that, 
 by playing with the Content-transfer-encoding header.
 But considering that the default servlet must be already 
 doing more than that (when it actually compresses content 
 before returning it), and is probably much better written and 
 optimised than what I could come up with myself, isn't there 
 a smarter way to do this without writing a special servlet to do it ?
 
 You see, we perl programmers are lazy; and you Java/Tomcat 
 guys are smart.  There should be some synergy there.
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: please hwlp with hibernate strategy

[Jason Pyeron]

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 

 -Original Message-
 From: Yucca Nel [mailto:yucca...@live.co.za] 
 Sent: Saturday, May 01, 2010 13:38
 To: Tomcat Users List
 Subject: please hwlp with hibernate strategy
 
 I am planning on using hibernate (1st time) in tomcat webapp. 
 It would appear that it is common to use hibernate util class 
 to load the session factory but I have yet to see this done 
 using Servlet ContextListener. I have also only seen very bad 

We load a helper class, which is the sessions factory with the webapp.

From web.xml:

listenerlistener-classus.pdinc.client.mil.navy.servlet.support.RequestScopeH
ibernateSession/listener-class/listener


public class RequestScopeHibernateSession implements ServletRequestListener 
{
public static final String PREFIX;
public final String KEY;
/** This method will fetch a hibernate session from request scope,
stored under KEY **/
public static Session getSession(ServletRequest request);
/** This method will close the session and execute the needed rollback
if there is a dirty transaction **/
public void requestDestroyed(ServletRequestEvent arg0);
/** This method will register this object into the request scope, under
KEY. **/
public void requestInitialized(ServletRequestEvent arg0);
}

 example where someone used hibernate directly in their model 
 instead of using it as part of a DAO  façade. The following 

While what you saw may indeed be very bad, DAO is not always an answer either.

 example is half finished from netbeans 
 too:http://netbeans.org/kb/docs/web/hibernate-webapp.html Can 
 someon point met to full MVC example with hibernate. I am 

Its not full, but it might get the point across.
http://stackoverflow.com/questions/786840/annotation-support-in-struts-2/791164#
791164

 only interested in seeing the bsckend examples really and 
 would any of you recommend using hibernate directly in a 
 model business class?
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Client cert authentication

[Jason Pyeron]

 

 -Original Message-
 From: acastanheira2001
 Sent: Monday, April 26, 2010 8:35
 Subject: Re: Client cert authentication
 
 
 Thanks again Mark,
 
 I think it will be difficult to move to Tomcat 6 soon. If I 
 change mod_proxy to mod_jk, does mod_jk passes the client 
 cert to Tomcat 5.5?

mod_proxy_ajp works perfectly. It will set request.isSecure() and fills in all
the certs in the chain not trusted by apache httpd.

 
 Thank you,
 Andre
  
 
 
 Mark Thomas wrote:
  
  On 22/04/2010 20:00, acastanheira2001 wrote:
  
  Thanks Mark,
  
  I use mod_proxy (ProxyPass and ProxyReverse) to connect Apache 
  (2.2.3) to Tomcat(5.5)/Jboss (4.2). Can mod_proxy pass 
 client cert to Tomcat?
  
  With 5.5.x, not with out some custom code. With 6.0.x, yes.
  
  You'd need to port this to Tomcat 5:
  
 http://svn.apache.org/viewvc/tomcat/tc6.0.x/trunk/java/org/apache/cata
  lina/valves/SSLValve.java?view=annotate
  
  Mark
  
  

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Multiple SSL certificates on same server

[Jason Pyeron]

 

 -Original Message-
 From: Richard Huntrods [mailto:huntr...@nucleus.com] 
 Sent: Monday, March 08, 2010 18:46
 To: users@tomcat.apache.org
 Subject: Multiple SSL certificates on same server
 
 Does anyone know if it is possible, or has anyone done this:
 
 I have two applications running on a single server. The 
 applications use different domains and URLs, so the single 
 Tomcat instance can easily tell them apart. (Note: this part 
 is currently working just fine).
 
 https://domain1/application1
 https://domain2/application2

No. 

The certificate is sent and SSL negotiated prior to the server receiving the
Host header.

 
 Again, both domains point to the same static IP, and yes, it 
 is possible for someone to access either application from 
 either domain. Normally, that is not an issue with the clients.
 
 However, I currently have only one SSL certificate on the 
 server - this is for domain1. So if you use domain1 to access 
 application1, it's all fine. The security cert comes up green 
 and all that.
 
 BUT - if you try and access application2 via domain2, you get 
 the red security cert (wrong domain / server name). I would 
 like to purchase a second certificate for the second domain, 
 and am wondering if this can be done, and how one would tell 
 Tomcat (in server.xml) to acknowledge the second certificate.
 
 Currently the stuff in server.xml looks like this:
 
Connector port=443 protocol=HTTP/1.1 SSLEnabled=true
maxThreads=150 enableLookups=false scheme=https 
 secure=true
keystoreFile=./keys/.keystore 
 keystorePass=myPassword
clientAuth=false sslProtocol=TLS /
 
 
 I have a bad feeling it's not possible, but wanted to ask anyway.
 
 Thanks in advance.
 
 -R
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Moving the webapps context root or adding a prefix

[Jason Pyeron]

We are installing TC behind a proxy. The proxy will map all requests of form
http(s)://host/prefix/* to tomcat.

Is there a config option to change the context root?

i.e.:

webapps/ROOT = http://localhost/prefix/
webapps/manager = http://localhost/prefix/manager/
webapps/examples = http://localhost/prefix/examples/

Sorry, my choice of keywords have not resulted any fruitful searches.

-Jason Pyeron

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

 

 -Original Message-
 From: David Smith [mailto:d...@cornell.edu] 
 Sent: Monday, November 23, 2009 7:51
 To: Tomcat Users List
 Subject: Re: Moving the webapps context root or adding a prefix
 
 The super simple answer is deploy your 'ROOT' webapp as 
 'prefix' instead.

But that won't deploy each new war file in webapps under prefix/context

 
 --David
 
 Jason Pyeron wrote:
  We are installing TC behind a proxy. The proxy will map all 
 requests 
  of form
  http(s)://host/prefix/* to tomcat.
 
  Is there a config option to change the context root?
 
  i.e.:
 
  webapps/ROOT = http://localhost/prefix/ webapps/manager = 
  http://localhost/prefix/manager/ webapps/examples = 
  http://localhost/prefix/examples/
 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

 -Original Message-
 From: Mark Thomas 
 Sent: Monday, November 23, 2009 8:41
 To: Tomcat Users List
 Subject: Re: Moving the webapps context root or adding a prefix
 
 Jason Pyeron wrote:
   
  
  -Original Message-
  From: David Smith   Sent: Monday, November 23, 2009 7:51
  To: Tomcat Users List
  Subject: Re: Moving the webapps context root or adding a prefix
 
  The super simple answer is deploy your 'ROOT' webapp as 'prefix' 
  instead.
  
  But that won't deploy each new war file in webapps under 
  prefix/context
 
 So name then prefix#manager, prefix#examples etc. as per the 
 docs for multi-level contexts (assuming you are using 6.0.20)
 

Nice, I like it. Is there any methods to do this in Tomcat 5.5?



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Moving the webapps context root or adding a prefix

[Jason Pyeron]

 

 -Original Message-
 From: Jason Pyeron 
 Sent: Monday, November 23, 2009 9:09
 To: 'Tomcat Users List'
 Subject: RE: Moving the webapps context root or adding a prefix
 
 
  -Original Message-
  From: Mark Thomas
  Sent: Monday, November 23, 2009 8:41
  To: Tomcat Users List
  Subject: Re: Moving the webapps context root or adding a prefix
  
  Jason Pyeron wrote:

   
   -Original Message-
   From: David Smith   Sent: Monday, November 23, 2009 7:51
   To: Tomcat Users List
   Subject: Re: Moving the webapps context root or adding a prefix
  
   The super simple answer is deploy your 'ROOT' webapp as 'prefix' 
   instead.
   
   But that won't deploy each new war file in webapps under 
   prefix/context
  
  So name then prefix#manager, prefix#examples etc. as per 
 the docs for 
  multi-level contexts (assuming you are using 6.0.20)
  
 
 Nice, I like it. Is there any methods to do this in Tomcat 5.5?
 

Yes, is the answer to my own question.

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

 

 -Original Message-
 From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
 Sent: Tuesday, October 20, 2009 5:10
 To: 'Tomcat Users List'
 Subject: R: clent authentication using a smard card
 
 
 
  -Messaggio originale-
  Da: Jason Pyeron [mailto:jpye...@pdinc.us]
  Inviato: lunedì 19 ottobre 2009 20.21
  A: 'Tomcat Users List'
  Oggetto: RE: clent authentication using a smard card
  
 cut
  
  
  
  Do you have access to IE on windows for this? If you do, it will be 
  much quicker, and easier.
  
  I am just trying to get a baseline established, so I can 
 plow throught 
  with my ten steps.
  
 
 Ok.
 I made the same thing with IE and in the debug it says null 
 cert chain
 during the client authentication handshake.
 Now I am confused...
 

Lets step back and look.

Can you provide the smart card and server certificate chain (no keys please)?

 M
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

 -Original Message-
 From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
  Da: Jason Pyeron [mailto:jpye...@pdinc.us]
   From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
Da: Jason Pyeron [mailto:jpye...@pdinc.us]
  
   Ok.
   I made the same thing with IE and in the debug it says null cert 
   chain
   during the client authentication handshake.
   Now I am confused...
  
  
  Lets step back and look.
  
  Can you provide the smart card and server certificate chain 
 (no keys 
  please)?
 
 Hang on a second...
 The server certificate is an self signed certificate I made 
 with keytool.
 The smart card certificate, instead, is a real one, I use to 
 legally sign electronic documents; the issuer is an Italian CA.
 
 Do you expect the issuer of the smart card certificate to be 
 the same as the server one?

Not always.

Lets take for example:


https://mail.pdinc.us -PD Inc Public CA-PD Inc Root CA

 and 

MySmartCard - DOD EMAIL CA-15 - DoD Root CA-2

The smime cert used on this email

I can use my smart card to auth againstthe server. But the server must know
about DoD Root CA-2.

 
 How can I print out the certificate chain?
 Thanks again
 M



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


mail.pdinc.us.cer
Description: application/x509-ca-cert


PDIncPublicCA.cer
Description: application/x509-ca-cert


PDIncRoot.cer
Description: application/x509-ca-cert


smartcard.cer
Description: application/x509-ca-cert


dodemailca-15.cer
Description: application/x509-ca-cert


DoDRootCA-2.cer
Description: application/x509-ca-cert


smime.p7s
Description: S/MIME cryptographic signature

RE: clent authentication using a smard card

[Jason Pyeron]

 -Original Message-
 From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
  -Messaggio originale-
  Da: Jason Pyeron [mailto:jpye...@pdinc.us]
   -Original Message-
   From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
Da: Jason Pyeron [mailto:jpye...@pdinc.us]
 From: Marcello Marangio [mailto:m.maran...@innova.puglia.it]
  Da: Jason Pyeron [mailto:jpye...@pdinc.us]

 Ok.
 I made the same thing with IE and in the debug it says null 
 cert chain
 during the client authentication handshake.
 Now I am confused...

   
Lets step back and look.
   
Can you provide the smart card and server certificate chain
   (no keys
please)?
  
   Hang on a second...
   The server certificate is an self signed certificate I made with 
   keytool.
   The smart card certificate, instead, is a real one, I use 
 to legally 
   sign electronic documents; the issuer is an Italian CA.
  
   Do you expect the issuer of the smart card certificate to be the 
   same as the server one?
  
  Not always.
  
  Lets take for example:
  
  
  https://mail.pdinc.us -PD Inc Public CA-PD Inc Root CA
  
   and
  
  MySmartCard - DOD EMAIL CA-15 - DoD Root CA-2
  
  The smime cert used on this email
  
  I can use my smart card to auth againstthe server. But the 
 server must 
  know about DoD Root CA-2.
  
 
 
 Ok. In my case:
 
 
 https://localhost - self signed certificate
 and
 Mysmartcard - my certificate - infocamere root CA
 
 And in my trusted certificates keystore there is infocamere root CA.


As a point of note, we always avoid using self signed certs for any purpose
other than a CA.

Lets take 1st few steps on making this more proper.

1. Create a self signed CA cert.
2. Create your web server cert and sign it with the CA.
3. install it (and the chain) in the web server.
4. install the CA into your browser 
4a. for IE, it would be the Trusted Root Certification Authorities, 
4b. you can do this by browsing to the web server, 
4c. ignoring the errors, 
4d. viewing the certs (click on the padlock)
4e. look at the chain, (there is a heiarchy right?)
4f. Select and open the root ot the heiarchy
4g. Install cert
4g1. select where to place
4g2. select Trusted Root Certification Authorities (if for all users select all
users physical store for TRCA)
5. exit browser (all of the windows, verify iexplore.exe is not running), and
revisit server, confirming no security prompts.

Let me know if/where you get stuck.

 
 Please find in attachment a signed text file you can read my 
 cert info from.
 
 Thanks
 Marcello
 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

 -Original Message-
 From: Marcello Marangio [mailto:m.maran...@innova.puglia.it] 
 Sent: Monday, October 19, 2009 8:30
 To: users@tomcat.apache.org
 Subject: clent authentication using a smard card
 
 Hi all
 
 This is my very first message in the list.
 
 I am trying to use the ssl and client authentication feature 
 in tomcat 6, using a pkcs11 compliant smart card reader and a 
 real authentication smart card (Italian CNS). 
 
 In the browser (firefox) I obtain a 

First, make sure your browser knows about the certificate and smart card reader.
We have been having with recent firefox releases on this. The debuging steps I
would take are 1) Use Windows / IE, if the server requires or requests a client
cert it will pop up a selection window even if IE does not know how to fulfil
the request. Thi will indicate if Tomcat is or is not requesting client certs.
2) Verify IE know about the smart card cert, user the certmgr.msc to see if the
smartcard certificate is installed, as well as the trust chain.
3) Verify IE prompts for the smartcard cert in the client cert popup selection
dialog.
4) Verify Tomcat - IE talk over SSL.


 ssl_error_certificate_unknown_alert or a 
 ssl_error_bad_certificate_alert.
 
  
 
 SSL without client authentication works perfectly.
 
  
 
 This is my server configuration:
 
  
 
 Connector port=8443 protocol=HTTP/1.1 SSLEnabled=true
 
maxThreads=150 scheme=https secure=true
 
clientAuth=true sslProtocol=TLS 
 

 keystoreFile=C:\apache-tomcat-6.0.20\conf\tomcat.keystore
 
 keystorePass=tomcat keyAlias=tomcat 
 
 truststoreFile =C:\apache-tomcat-6.0.20\conf\cacerts
 
 truststorePass=changeit/
 
  
 
 tomcat.keystore contains the self signed x509 certificate I 
 use to perform the server ssl handshake.
 
 cacerts contains the root certificate of my signature and non 
 repudiation certificate contained in my smartcard.
 
  
 
 From tomcat's log I obtained setting up
 JAVA_OPTS=-Djavax.net.debug=ssl,handshake I am sure that:
 
 1)   the root certificate is trusted (imported In cacerts 
 with keytool
 -import -trustcacert .)
 
  
 
 adding as trusted cert:
 
   Subject: CN=InfoCamere Firma Qualificata, OU=Certificatore 
 Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
 
  O=InfoCamere SCpA, C=IT
 
   Issuer:  CN=InfoCamere Firma Qualificata, OU=Certificatore 
 Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
 
  O=InfoCamere SCpA, C=IT
 
   Algorithm: RSA; Serial number: 0x1
 
   Valid from Wed Mar 24 16:48:50 CET 2004 until Thu Mar 24 
 16:47:52 CET 2016
 
  
 
 2)   The client certificate is taken from the smartcard 
 and It's given
 to the server; furthermore, the issuer is exactly tue trusted one:
 
  
 
 *** Certificate chain
 
 chain [0] = [
 
 [
 
   Version: V3
 
   Subject: CN=Marcello Marangio, DNQ=20071112354269, 
 SERIALNUMBER=IT:MRNMCL70C21A662D, GIVENNAME=MARCELLO, SURNAME=MARAN
 
 GIO, O=NON PRESENTE, C=IT
 
   Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
 
   Validity: [From: Wed Nov 21 12:11:08 CET 2007,
 
To: Sun Nov 21 01:00:00 CET 2010]
 
   Issuer: CN=InfoCamere Firma Qualificata, OU=Certificatore 
 Accreditato del Sistema Camerale, SERIALNUMBER=02313821007,
 
 O=InfoCamere SCpA, C=IT
 
   SerialNumber: [131b58]
 
  
 
 3)   the browser (firefox) picks up the correct non repudiation
 certificate from the smartcard and sends it to the server:
 
  
 
 [9]: ObjectId: 2.5.29.15 Criticality=true
 
 KeyUsage [
 
   Non_repudiation
 
 ]
 

 
  
 
 The problem seems to be that tomcat is looking for the 
 digital signature certificate and not the non_repudiation one.
 
  
 
 http-8443-1, SEND TLSv1 ALERT:  fatal, description = 
 certificate_unknown
 
 http-8443-1, WRITE: TLSv1 Alert, length = 2
 
 http-8443-1, called closeSocket()
 
 http-8443-1, handling exception: javax.net.ssl.SSLHandshakeException:
 sun.security.validator.ValidatorException: KeyUsage does not 
 allow digital signatures
 
  
 
 Is tomcat's behavoir correct or is it a bug?
 

The above steps will allow a more quickly diagnosis.

  
 
 Thanks a million
 
 Marcello
 
  
 
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: clent authentication using a smard card

[Jason Pyeron]

 -Original Message-
 From: Marcello Marangio 
snip/
 
 It seems that firefox behaves: if the smartcard is in firefox 
 asks the PIN of the smartcard. 
 I am pretty sure it can read my smartcard, because I can use 
 mod_ssl with Apache 2.2 

Apache 2.x can be forgiving about the chain, and may be presenting different
information.

 and I can read the certificate's 
 information with a perl routine.
 
 Furthermore, from the debug logs it is clear that there is an 
 ssl handshaking going on.

Can you verify that the browser knows the servers chain? And can you verify that
the server is providing an acceptible chain for the cert that firefox knows
about?

 Any clue?
 Thanks
 M
 
 

Do you have access to IE on windows for this? If you do, it will be much
quicker, and easier.

I am just trying to get a baseline established, so I can plow throught with my
ten steps.

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Using multiple DataSource's for fail-over.

[Jason Pyeron]

 -Original Message-
 From: Bill Davidson [mailto:bill...@gmail.com] 
 Sent: Tuesday, September 01, 2009 20:18
 To: 'Tomcat Users List'
 Subject: Using multiple DataSource's for fail-over.
 
 Tomcat 6.0.20 using DBCP DataSource
 Java 1.6.0_16
 Oracle 10g with RAC.
 
 I've got two Oracle RAC nodes, mirroring each other.  My 
 current fail-over method if the primary node fails is to shut 
 down the web servers, reconfigure them to use the secondary 
 node and restart the web servers.  Not pleasant.
 
 I'm thinking I can make a FailOverDataSource that 
 implements DataSource and wraps around DataSource's for each 
 of the two nodes.  Its
 getConnection()
 method would try to use the getConnection() from the primary 
 node, and if that fails, it would try the secondary node.  
 Repeat logic for other DataSource methods.  Instant automagic 
 fail-over.  I've actually written it, and it seems to get a 
 hold of both DataSource's fine.  I can't kill the primary on 
 an active busy system to do a real test though.

Try a software firewall like iptables (linux) or the windows firewall. This way
you can simulate an in communication break, just like swithcing off the server. 

 
 I'm thinking I can't be the first person to think of this.  
 Are there any obvious problems with this idea?
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Custom 404 page when webapp stopped

[Jason Pyeron]

 

 -Original Message-
 From: Serge Fonville [mailto:serge.fonvi...@gmail.com] 
 Sent: Thursday, August 20, 2009 9:35
 To: Tomcat Users List
 Subject: Re: Custom 404 page when webapp stopped
 
 Hi,
 
 Likely someone has a better idea...
 
 You could create a general error page that redirect 
 (transparently) to a page of the webapp when available, if 
 not, display another If this is the default page for all 
 webapps, it should be solved.
 You will probably need to create a valve of some sort.
 Don't ask me for details I honestly don't know.
 
 Hopefully someone else can be more helpful, it's just a suggestion
 
 HTH
 
 Regards,
 
 Serge Fonville
 
 On Thu, Aug 20, 2009 at 3:25 PM, llgl...@portaildulibre.fr wrote:
  Hi,
 
   I have a webapp that needs to be down if we are doing some 
  maintenance. I use the manager to make the application 
 unavailable but 
  in this case the 404 customized error-page is not displayed.
 
  I modified the default web.xml (in conf/) to add the 
 error-page 404,  
  but it doesn't seems to be resolved when the context is stopped.
 
  If I type an URL that doesn't exists, that doesn't map to 
 any context, 
  I get the right error page. But if it match a context path 
 of a webapp 
  that is stopped, I have the Tomcat default error page. Is 
 there a way to fix this?

We avoid all of this by replacing the webapp with a maintenance app. The app
indicates the period of downtime, who to call, etc for all urls. When we are
done, we deploy the application back. Also as prt of this all of our
applications use a common login/header facility which ckecks to see if a
maintenance event is near to 1. warn users to save and log out, 2. prevent new
logins, 3. disable the app until event is over (or replaced by maintenance app).

 
  Thanks
 
  Tomcat 6.0.20
 
 
  
 -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 
 



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: running servlets as fileowner

[Jason Pyeron]

 

 -Original Message-
 From: Jan-Florian Hilgenberg 
 Sent: Thursday, July 16, 2009 12:10
 Subject: running servlets as fileowner
 
 hi mailinglist,
 
 is there a way to run servlets as the fileowner of the 
 servlet - like suphp on lamp environments.
 thank you for your help

The first issue you are going to run into is that Java does not support setting
the uid/gid, and you would have to modify the jvm to support uid/gid per thread.
Now apache/php works differently: apache launches a child process (php) each
process can have different uid/gid.

To do this you would have to do a RMI type thing, have a master service running
as root, accepting connections, then launching subordinate processes as the
desired uid/gid to execute the code (of course this is all happening in a
different JVM)

-Jason



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: [OT] Ignore or Trust any certificate

[Jason Pyeron]

 for all SSL 
  connections, and not just those for which validation should 
 be skipped.
  Actually, you can modify this technique for use on a per-connection 
  basis if you have access to the HttpURLConnection object 
 used for the 
  connection itself.
  
  This code was written and tested on JDK 1.4.2_09.
  
  You need to execute this code before you attempt to make an SSL 
  connection.
  
  import java.security.KeyManagementException;
  import java.security.NoSuchAlgorithmException;
  import javax.net.ssl.SSLContext;
  import javax.net.ssl.TrustManager;
  import javax.net.ssl.X509TrustManager;
  import javax.net.ssl.HttpsURLConnection;
  
  public static void disableSSLCertificateChecking()
  {
  TrustManager[] trustAllCerts = new TrustManager[] {
  new X509TrustManager() {
  public X509Certificate[] getAcceptedIssuers() {
  return null;
  }
  public void 
 checkClientTrusted(X509Certificate[] certs,
 String authType) {
  }
  public void 
 checkServerTrusted(X509Certificate[] certs,
 String authType) {
  }
  }
  };
  
  try
  {
  SSLContext sc = SSLContext.getInstance(SSL);
  
  sc.init(null, trustAllCerts, new 
  java.security.SecureRandom());
  
  
  
 HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
  }
  catch (KeyManagementException kme)
  {
  kme.printStackTrace();
  }
  catch (NoSuchAlgorithmException nsae)
  {
  nsae.printStackTrace();
  }
  }
  
  
  If you have access to the individial HttpURLConnection objects that 
  will be used to make SSL connections, you can disable them on a 
  per-instance basis by using 
  HttpURLConnection.setSocketFactory(sc.getSocketFactory())
  instead of using HttpURLConnection.setDefaultSSLSocketFactory and 
  changing the socket factory globally.
  -BEGIN PGP SIGNATURE-
  Version: GnuPG v1.4.9 (MingW32)
  Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
  
  iEYEARECAAYFAkpY8aIACgkQ9CaO5/Lv0PBmpQCePjKef1z15yIKnKvO+1L6KEAK
  WZoAn10b6D3/+tBS7tGGGPK45rvAT5XM
  =HLH5
  -END PGP SIGNATURE-
  
  
 -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
  
  
  
 
 --
 View this message in context: 
 http://www.nabble.com/Ignore--or-Trust-any-certificate-tp24432
691p2084.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Ignore or Trust any certificate

[Jason Pyeron]

 

 -Original Message-
 From: kareem_s_m 
 Sent: Friday, July 10, 2009 14:47
 
 
 Hi There,
 
 Is there a way in tomcat to ignore or trust any SSL 
 certificate when connecting to a site through https? I know 
 there is some JAVA code for it.
 But can we do it through tomcat or JVM settings too?

Are you talking about client or server certs?  From the user's browser or by the
user's browser?

 
 Regards,
 Kareem
 --
 View this message in context: 

http://www.nabble.com/Ignore--or-Trust-any-certificate-tp24432691p24432691.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.
 
 




--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat startup as service on CentOS 5.3

[Jason Pyeron]

 -Original Message-
 From: tomcatastrophe 
 Sent: Thursday, June 25, 2009 9:47
 Subject: Tomcat startup as service on CentOS 5.3
 
 
 I have found and tried some startup scripts online and added 
 them to /etc/init.d as tomcat, so /etc/init.d/tomcat
 
 I ran chmod a+x tomcat on the script and then chkconfig --add tomcat
 
 chkconfig --list shows tomcat in the list
 
 I have modified the script to have the proper location for my 
 tomcat installation.
 
 When I try to run /etc/init.d/tomcat restart or /sbin/service 
 tomcat restart (or stop or start) I get this error:
 
 -bash: /etc/init.d/tomcat: /bin/bash^M: bad interpreter: No 
 such file or directory

Edit in nano

Then save / write output

When it asks for the name esc-d I think to save as unix line ending.


 
 Any help would be great! I just need this to start as a service.
 
 Here is the script I've been trying:
 
 #!/bin/bash
 #
 # Init file for SixSigns Tomcat server
 #
 # chkconfig: 2345 55 25
 # description: SixSigns Tomcat server
 #
 
 # Source function library.
 . /etc/init.d/functions
 
 RUN_AS_USER=root # Adjust run user here
 CATALINA_HOME=/work/tomcat/apache-tomcat-6.0.20
 
 start() {
 echo Starting Tomcat: 
 if [ x$USER != x$RUN_AS_USER ]; then
   su - $RUN_AS_USER -c $CATALINA_HOME/bin/startup.sh
 else
   $CATALINA_HOME/bin/startup.sh
 fi
 echo done.
 }
 stop() {
 echo Shutting down Tomcat: 
 if [ x$USER != x$RUN_AS_USER ]; then
   su - $RUN_AS_USER -c $CATALINA_HOME/bin/shutdown.sh
 else
   $CATALINA_HOME/bin/shutdown.sh
 fi
 echo done.
 }
 
 case $1 in
   start)
 start
 ;;
   stop)
 stop
 ;;
   restart)
 stop
 sleep 10
 #echo Hard killing any remaining threads..
 #kill -9 `cat $CATALINA_HOME/work/catalina.pid`
 start
 ;;
   *)
 echo Usage: $0 {start|stop|restart}
 esac
 
 exit 0
 --
 View this message in context: 
 http://www.nabble.com/Tomcat-startup-as-service-on-CentOS-5.3-
 tp24203574p24203574.html
 Sent from the Tomcat - User mailing list archive at Nabble.com.
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org
 

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.

 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Hibernate

[Jason Pyeron]

Mail the hibernate users list, and I will help there.

https://lists.jboss.org/mailman/listinfo/hibernate-users

 

 -Original Message-
 From: Chris Lenart [mailto:clen...@comcast.net] 
 Sent: Friday, June 05, 2009 14:13
 To: users@tomcat.apache.org
 Subject: Hibernate
 
 I am learning Hibernate and doing examples from a book. I 
 have all of  the jars the book has, but can't import 
 perstistence.*. It will HSQL too. Which jar ha S  this?
 
  
 
 Thanks
 
 Chris Lenart
 
 


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

very off topic marketing question

[Jason Pyeron]

I have a client that is confused why we are giving them a J2EE product and they
are concerned with performance and scalability.

(IE/Tomcat 5.5/struts 2.1/hibernate 3.x/oracle 10g)

Note the system will never see more than 50 users/sessions with 7500 hits per
day on a lan. As such we don't see any relevance as to the performance and
scalability issues for either PHP or J2EE.

They have quoted to us:

PHP by itself is very fast. Much faster than ASP or JSP running on the same
type of server. This is because it has very little overhead compared to its
competitors and it pre-compiles all of its code before it runs each script

How would others respond to this?

-Jason

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Tomcat support for RedHat Linux 5.0

[Jason Pyeron]

RHEL 5 or Very, Very, Very old RH 5 (circa 1990's) ?

--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you 
is prohibited. 

 -Original Message-
 From: Jandhyam, Venugopal [mailto:[EMAIL PROTECTED] 
 Sent: Tuesday, July 01, 2008 8:56 AM
 To: Tomcat Users List
 Subject: Tomcat support for RedHat Linux 5.0
 
 Hi All,
 
 Can you please let me know which version of the Tomcat 
 support RedHat Linux 5.0??
 
 Thanks for your time,
 -Venugopal
 
 -
 To start a new topic, e-mail: users@tomcat.apache.org To 
 unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Support and development of versions

[Jason Pyeron]

 

 -Original Message-
 From: Mark Thomas [mailto:[EMAIL PROTECTED] 
 
 Current status is available from:
 
 http://wiki.apache.org/tomcat/TomcatVersions
 


What does RTC, for the process field stand for?


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Support and development of versions

[Jason Pyeron]

 

 -Original Message-
 From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] 
 Sent: Thursday, February 28, 2008 16:12
 To: Tomcat Users List
 Subject: RE: Support and development of versions
 
  From: Stephen Nelson-Smith [mailto:[EMAIL PROTECTED] 
  Subject: Re: Support and development of versions
  
  Could someone help me  understand the differences between 
 the servlet
  and JSP versions?
 
 The servlet and JSP specs are the place to look.  Each 
 document includes
 a section on what's changed from earlier versions.
 http://jcp.org/aboutJava/communityprocess/mrel/jsr154/index2.html
 http://jcp.org/aboutJava/communityprocess/final/jsr245/index.html
 
  Do the numbers imply no backward and/or forward
  compatibility?
 
 Newer versions of Tomcat should run webapps based on older
 specifications without any real difficulty.  Problems arise 
 when webapps
 do something container specific, such as depend on bugs fixed in later
 versions.  Tomcat configuration has changed significantly, as might be
 expected, so don't just blindly copy over your old server.xml and
 Context elements when moving up.  Read the Tomcat docs, and 
 modify the
 various .xml files that come with the version of Tomcat you're moving
 to.
 
  I've been told it needs a specific Java version (1.4.2_11)
 
 The above is highly likely to be pure BS.  

It might not be, but it should not be.

http://java.sun.com/j2se/1.5.0/compatibility.html
and
http://java.sun.com/javase/6/webnotes/compatibility.html




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Session expiration and AJAX issues

[Jason Pyeron]

 

 -Original Message-
 From: Adam Gordon [mailto:[EMAIL PROTECTED] 
 Sent: Monday, February 25, 2008 13:11
 To: Tomcat Users List
 Subject: Re: Session expiration and AJAX issues
 
 Martin-
 
 We are using Struts, however, version 1.2.9.  But, after 
 looking at the 
 link, I'm not sure this will help as it doesn't really address the 
 problem.  Storing the date/time a user logs in on the session is 
 probably useful, but our problem is that we want to 
 forcefully log the 
 user out if there's no human present at the computer and the 
 AJAX tasks 
 keep a user's session active indefinitely, whether or not 
 they mean it to.





Can url patterns be excluded from session prolonging magic?





 
 Additionally, assuming we didn't have the AJAX tasks, we'd 
 have to check 
 the logged in time from the session on every request and 
 that's just not 
 realistic when you have hundreds of Struts actions, even with 
 a unique 
 parent Action class.  That said, I'm beginning to suspect 
 that this may 
 be the only way to go, i.e., have  base Action for Struts actions and 
 base action for AJAX actions.  My only issue with this is 
 that then the 
 onus is on the developer to use the right Action and if they don't, a 
 session could inadvertently be left open which is a security risk.
 
 Alternatively, we could simply force the logout on the user after 12 
 hours period...which would kind of suck for the user if they 
 were in the 
 middle of something and so I can almost guarantee that our product 
 management team wouldn't go for it since it's not really creating a 
 positive user experience.
 
 --adam
 
 Martin Gainty wrote:
  Hi Adam-
 
  You can try this with Struts..
  http://struts.apache.org/2.x/docs/simplelogin-with-session.html
  insert the starting-date-time intio Session variable
  and then in the logoutAction.execute method do some quick 
 math on the
  time-delta to determine if you want to quiesce the session
 
  HTH
  M-
 
  - Original Message -
  From: Adam Gordon [EMAIL PROTECTED]
  To: Tomcat Users List users@tomcat.apache.org
  Sent: Monday, February 25, 2008 11:04 AM
  Subject: Session expiration and AJAX issues
 
 

  A couple of issues:
 
  We've set our session expiration to 12 hours (I know it's long) and
  we're seeing behavior where certain browsers (namely IE) apparently
  can't count that high (we set the meta Refresh header but the page
  doesn't reload after the allotted time, session expiration 
 time + 20
  minutes).
 
  Since this issue was discovered, we've added background 
 AJAX timers on
  some of our web pages that refresh (authenticated) 
 content.  While this
  happily works, unfortunately, if the user chooses to 
 remain on one of
  these pages, and then goes on vacation, the session stays 
 active because
  the AJAX calls keep the session alive.
 
  Our first attempt at a solution was to have a JavaScript 
 counter that,
  after every 20 minutes, incremented a counter and if that 
 counter ever
  got to 37, we knew that the user hadn't changed web pages 
 and we could
  log them out (window.location = logout URL.  The problem 
 is that this
  doesn't appear to work either and additionally, it relies 
 on JavaScript
  bypassing Tomcat's built-in features.  User's cannot log 
 in w/o having
  JavaScript enabled, so it's not a matter of a user 
 potentially disabling
  it, rather it puts the onus on the browser to inform the 
 server that the
  user's session needs to be expired.
 
  Does anyone have experience in this area and if so, how 
 have you solved
  this problem?  I know Google uses AJAX with their Gmail 
 webapp, but they
  don't seem to care about not expiring the user's session.  Any help
  would be appreciated.
 
  Thanks,
 
  --adam
 
  
 -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
  
 

 
 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Principal Consultant  10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited

RE: Is Tomcat FIPS compliant

[Jason Pyeron]

Under proper configuration and installation, yes it can be compliant, we
routinely set it up to handle CAC.

 -Original Message-
 From: Mark H. Wood,UL 0115A,+1 317 274 0749, 
 [mailto:[EMAIL PROTECTED] On Behalf Of Mark H. Wood
 Sent: Monday, January 14, 2008 10:00
 To: users@tomcat.apache.org
 Subject: Re: Is Tomcat FIPS compliant
 
 That probably depends on which FIPS you mean.  There are at least 201
 different U.S. Federal Information Processing Standards.
 
 -- 
 Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
 Typically when a software vendor says that a product is intuitive he
 means the exact opposite.
 
 



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Is Tomcat FIPS compliant

[Jason Pyeron]

Martin,

I am including my reply on list to help others too.

When our customers request a compliance with (insert any term or misuse of
term), they are requesting that their web applications are to authenticate
against an established Public Key Infrastructure (PKI). It is typically a
client certificate on a smart card, in the DoD the Common Access Card (CAC).
These smart cards are to comply with HSPD-12. To properly use the client
certificate the system must check it revocation status too. Further the
server too needs a certificate, and the authentication must be reliable,
(don't use a cookie as the authorization).

Please if you would like any information, please email us. If you are
looking for non-consulting advice and help email on list, if you are looking
for professional consulting services email off list.

We are glad to help, FOSS, 501(c)3, .GOV, and .com.

Jason Pyeron


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 

 

 -Original Message-
 From: Martin Gainty [mailto:[EMAIL PROTECTED] 
 Sent: Monday, January 14, 2008 11:33
 To: [EMAIL PROTECTED]
 Subject: Re: Is Tomcat FIPS compliant
 
 Hi Jason
 
 If I can ask a Dumb question as I am unfamiliar with the acronyms
 How does cac make any system FIPS compliant?
 Is there any documentation specifying a CAC will enable an 
 entire or some
 part of a system to be FIPS compliant?
 
 Thanks
 Martin
 - Original Message -
 From: Jason Pyeron [EMAIL PROTECTED]
 To: 'Tomcat Users List' users@tomcat.apache.org
 Sent: Monday, January 14, 2008 10:33 AM
 Subject: RE: Is Tomcat FIPS compliant
 
 
  Under proper configuration and installation, yes it can be 
 compliant, we
  routinely set it up to handle CAC.
 
   -Original Message-
   From: Mark H. Wood,UL 0115A,+1 317 274 0749,
   [mailto:[EMAIL PROTECTED] On Behalf Of Mark H. Wood
   Sent: Monday, January 14, 2008 10:00
   To: users@tomcat.apache.org
   Subject: Re: Is Tomcat FIPS compliant
  
   That probably depends on which FIPS you mean.  There are 
 at least 201
   different U.S. Federal Information Processing Standards.
  
   --
   Mark H. Wood, Lead System Programmer   [EMAIL PROTECTED]
   Typically when a software vendor says that a product is 
 intuitive he
   means the exact opposite.
  
  
 
 
 
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
  -   -
  - Jason Pyeron  PD Inc. http://www.pdinc.us -
  - Sr. Consultant10 West 24th Street #100-
  - +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
  -   -
  -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 
  This message is for the designated recipient only and may contain
  privileged, proprietary, or otherwise private information. If you
  have received it in error, purge the message from your system and
  notify the sender immediately.  Any other use of the email by you
  is prohibited.
 
 
 
  
 -
  To start a new topic, e-mail: users@tomcat.apache.org
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Anyone know of an up-to-date packager?

[Jason Pyeron]

We do this inhouse for our own applications.

Here is how we did it:

Google a bit on yum repositories, 
Looked at how the centos repository was laid out.

Pointed yum at our repository based on our examination of others.




-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: gb1071nx [mailto:[EMAIL PROTECTED] 
Sent: Thursday, March 22, 2007 15:42
To: Tomcat Users List
Subject: Anyone know of an up-to-date packager?

So, 

We (the developers) have been in control of the servers. We download
exactly what we want, install it where we need it, and life is good. 

But our ops guy is making noise about wanting to manage everything
through something called yum. 

Noodling around just a little bit, I see that our yum only has up to TC
5.5.17 available. 

As I understand it, you can tell yum to get these packages from some
other sites, so I guess I'll ask tomcat-user if anyone knows of a
super-up-to-date package site?  

Or... What community would it be better to ask this in?  

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[OT] RE: Found a product for running Tomcat off CDROM -have anybody tried it?

[Jason Pyeron]

But it could be a useful spam. As I read it and said to myself, oh, maybe
we could use that here and then discovered that it does not allow use to
use MySQL w/JDK and did not mention which version of tomcat it was.

Then the costs, we don't mind paying costs, but not 3/4k$ to a fly by night.

Oh well, but it was good spam.

-Jason


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: news [mailto:[EMAIL PROTECTED] On Behalf Of Stephen Souness
Sent: Tuesday, February 20, 2007 15:33
To: users@tomcat.apache.org
Subject: Re: Found a product for running Tomcat off CDROM -have anybody
tried it?

Interesting that the Stunnix website appears to make no mention of who 
is actually behind it the product.

Also interesting that you have posted a very similar message to a python 
mailing list, subject: Found a product for running Python-based 
websites off CDROM -have anybody tried it?

--
Stephen


David Wishnie wrote:
 Hello,
 
 I've found a product on freshmeat.net that allows to run tomcat-based
 websites off cdrom, allowing to produce
 CDs that work on Windows, MacOS X and Linux at the same time (also it
seems
 to support perl,
 python, php  mysql). Apache is used for serving static content, and it
has
 a nice support
 for stopping everything and releasing the media.
 
http://www.stunnix.com/prod/aws/overview.shtml
 
 Have anybody tried it?
 
 Seems useful..
 
 Thanks for your input!
  David
 


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: PermGen space [ot]

[Jason Pyeron]

So how should one write their singleton? 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Leon Rosenberg [mailto:[EMAIL PROTECTED] 
Sent: Friday, February 16, 2007 11:33
To: Tomcat Users List
Subject: Re: PermGen space

something like this:

public class ASingletonImpl{
   private static ASingletonImpl instance;
   public synchronized AsingletonImpl getInstance(){
  if (instance==null){
 instance = new ASingletonImpl();
  }
  return instance;
   }

   ///real code here
}

The problem is the cyclic dependence between the Class object, the
ASingletonImpl object and the according ClassLoader. This way nothing
can be freed by the gc.

regards
Leon


On 2/16/07, Jiang, Peiyun [EMAIL PROTECTED] wrote:
 Just curious, can you elaborate on badly programmed singletons?

 Thanks.

 Peiyun

 -Original Message-
 From: Leon Rosenberg [mailto:[EMAIL PROTECTED]
 Sent: February 16, 2007 11:08 AM
 To: Tomcat Users List
 Subject: Re: PermGen space


 The typical problem here are badly programmed singletons. Do you have any?

 regards
 Leon

 On 2/16/07, Davide Romanini [EMAIL PROTECTED] wrote:
  I'm too have this problem, it arises because for some reason the Tomcat
  WebAppClassloader cannot be garbage collected after undeploy. I made a
  lot of tests and didn't find any solution, also very simple and small
  webapps, when loaded/unloaded frequently, caused the problem... :-(
 

 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]


 -
 To start a new topic, e-mail: users@tomcat.apache.org
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat load up error, w/ Oracle

[Jason Pyeron]

Are you able to connect to the Oracle box using sqlplus from the tomcat box?



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 11:43
To: Tomcat Users List
Subject: Tomcat load up error, w/ Oracle

Hi folks, I've been having some issues anyway with Oracle in my Java app the
last week or so.
Originally, I thought it was due to some references where I was using the
old sun.jdbc.odbc.JdbcOdbcDriver rather than the thin Oracle driver.

So in any reference I had this, I've switched it to the Oracle thin like so:

Class.forName(oracle.jdbc.driver.OracleDriver);
   String dbURL = jdbc:oracle:thin:@192.xxx.xx.xxx:1521:SID;

My error is listed below. I guess my question is, do any of you think this
is mainly with Oracle, or perhaps the driver in the Tomcat lib directory got
corrupt? Or is this a Tomcat issue at all even? I'm inclined to think the
driver (jar file) might have gotten corrupt possibly, but that would be
unlikely and that it's more of an issue with Oracle.

I welcome any feedback.

Thanks,

Barry



Catalina.start: LifecycleException:  Exception opening database connection:
jav
a.sql.SQLException: Io exception: The Network Adapter could not establish
the co
nnection
LifecycleException:  Exception opening database connection:
java.sql.SQLExcepti
on: Io exception: The Network Adapter could not establish the connection
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)

at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307
)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
- Root Cause -
java.sql.SQLException: Io exception: The Network Adapter could not establish
the
 connection
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334)
at
oracle.jdbc.driver.OracleConnection.init(OracleConnection.java:418)

at
oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.ja
va:521)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:325)

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Tomcat load up error, w/ Oracle

[Jason Pyeron]

The I would suggest you contact you NOC/NOG to get your connectivity
resolved, as it did/does not look like a Java/Tomcat based issue. 

If I was abetting type, I would say that there is a faulty switch on the
net.

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 12:44
To: Tomcat Users List
Subject: RE: Tomcat load up error, w/ Oracle

only periodically.


-Original Message-
From: Jason Pyeron [mailto:[EMAIL PROTECTED]
Sent: Monday, February 12, 2007 1:35 PM
To: 'Tomcat Users List'
Subject: RE: Tomcat load up error, w/ Oracle


Are you able to connect to the Oracle box using sqlplus from the tomcat box?



-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited. 


-Original Message-
From: Propes, Barry L [GCG-NAOT] [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, February 13, 2007 11:43
To: Tomcat Users List
Subject: Tomcat load up error, w/ Oracle

Hi folks, I've been having some issues anyway with Oracle in my Java app the
last week or so.
Originally, I thought it was due to some references where I was using the
old sun.jdbc.odbc.JdbcOdbcDriver rather than the thin Oracle driver.

So in any reference I had this, I've switched it to the Oracle thin like so:

Class.forName(oracle.jdbc.driver.OracleDriver);
   String dbURL = jdbc:oracle:thin:@192.xxx.xx.xxx:1521:SID;

My error is listed below. I guess my question is, do any of you think this
is mainly with Oracle, or perhaps the driver in the Tomcat lib directory got
corrupt? Or is this a Tomcat issue at all even? I'm inclined to think the
driver (jar file) might have gotten corrupt possibly, but that would be
unlikely and that it's more of an issue with Oracle.

I welcome any feedback.

Thanks,

Barry



Catalina.start: LifecycleException:  Exception opening database connection:
jav
a.sql.SQLException: Io exception: The Network Adapter could not establish
the co
nnection
LifecycleException:  Exception opening database connection:
java.sql.SQLExcepti
on: Io exception: The Network Adapter could not establish the connection
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)

at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:307
)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:505
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:776)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
- Root Cause -
java.sql.SQLException: Io exception: The Network Adapter could not establish
the
 connection
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:134)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:179)
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:334)
at
oracle.jdbc.driver.OracleConnection.init(OracleConnection.java:418

RE: Apache module to accept encrypted query string.

[Jason Pyeron]

Explain encrpyted query string please?

And why are you not using post w/ ssl? 


-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-   -
- Jason Pyeron  PD Inc. http://www.pdinc.us -
- Sr. Consultant10 West 24th Street #100-
- +1 (443) 269-1555 x333Baltimore, Maryland 21218   -
-   -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

This message is for the designated recipient only and may contain
privileged, proprietary, or otherwise private information. If you
have received it in error, purge the message from your system and
notify the sender immediately.  Any other use of the email by you
is prohibited.
-Original Message-
From: Shekar Tippur [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, January 30, 2007 15:31
To: Tomcat Users List
Subject: Apache module to accept encrypted query string.

Hi Folks,

I was wondering if there is any module in Apache that will accept an
encrypted query string.

I appreciate any inputs.Thanks,

Shekar


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Oracle OHS and Tomcat

[Jason Pyeron]

Too many acronyms in my life. OHS? 

-Original Message-
From: BATCHELOR, SCOTT (CONTRACTOR) [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, January 23, 2007 14:52
To: users@tomcat.apache.org
Subject: Oracle OHS and Tomcat

Just curious if anyone is fronting Tomcat with the standalone OHS
product.  And if this is even viable.

Thanks

SB




-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]