Re: renewing an ssl certificate
On 6 April 2017 at 14:18, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Lyllax, > > On 4/6/17 5:52 AM, Lyallex wrote: >> I get a zipped archive from Comodo containing individual files but >> I'll look into pem files > > Oh, those individual files *are* the PEM files. Er AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt www_mydomain_com.crt > LE is the answer. I run a commercial site and getting security warn offs because a CA is not recognised by the browser/user agent is not an option. I run about 20 different browsers/versions on several platforms which is about the limit for us (Americans would call us a 'mom and pop shop') I'll read up on LE and find out what they call themselves (the 'CA name' I guess) then check to see how many of my browsers know about them. Primitave maybe but it's what I got. Thanks for the info Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: renewing an ssl certificate
On 6 April 2017 at 00:42, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Lyllax, > > On 4/4/17 3:11 PM, Lyallex wrote: >> After some sterling support from this list a while ago which >> included a code change I have been successfully running Apache >> Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for a >> year now without problems, it just works, it never falls over and >> it has withstood some concerted attacks by all sorts of scallywags. >> Impressive. > > Great! Time to upgrade to Tomcat 8! It's really not bad at all. If you > have a testing environment, I think you'll be able to do it in about > 30 minutes. After you do it once, it'll take you more like 5 minutes. Already runnung on my dev and stage boxes > It should be that simple every time. Again, always keep a backup... All I do is create a brand new keystore in a new location and do everything from there When I'm happy I simply change the location of the keystore in the relevant connector in conf/server.xml and restart tomcat. If it all goes belly up I simply change the config to point to the old keystore. Of course this only works if you don't leave everything to the last minute and the old cert times out :-) > > When you are using PEM files, it's very clear what everything is, and, > if you have a one-PEM-file-to-rule-them-all, then you can at least see > everything labelled appropriately with a simple text editor. You can > also get your private key out of the bundle without resorting to > chicanery. I get a zipped archive from Comodo containing individual files but I'll look into pem files > Come to this year's ApacheCon NA in Miami. There will be a few talks > about TLS, including one on the basics and another one on using Let's > Encrypt to get free automated certs so you never have to manually do > this process ever again -- unless you want an EV cert ;) Love to, but I'm in the UK. I delegate payment to a service provider, the only external resource I use, so I don't store users financial data, just makes life simpler.and means I don't really need an EV cert. Despite their vehement denial, https is a ranking signal to Google, maybe it would be nice if they offered a free basic ssl cert so small businesses like mine don't have to pay over GBP 100 inc VAT every year. I won't hold my breath. Thanks for taling the time to reply Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: renewing an ssl certificate
Drat ... missed the list Martin Thank you for your comprehensive reply ... actually all I was asking was 'is it possible to use an existing keystore (and therefor an existing private key)' to install a new certification chain' In the end I created a brand new keystore, generated a new private key and CSR, submitted the CSR to Comodo then installed the new chain when it arrived. Then I simply switched the server (../conf/server.xml) to look at the new keystore and it just worked. Result. Ii was under the impression the certs were 'installed' in the keystore but I don't think this is right so now I have to figure out where they are as I'd like to remove the old ones. Every time I mess about with this SSL/TLS stuff I age several years :-) Thanks again On 4 April 2017 at 22:21, Martin Gainty wrote: > I dont know who from the list said you could replace a valid SSL > Certificate (that has since expired) > > with a self-signed but they are wrong > > > you are MUCH better off by purchasing a valid Thawte/Verisign Certificate > with public keys signed by a Certificate Authority which will be recognised by > ALL browsers > > > Mucking around with create-your-own self-signed certs will lead you to > justifiable grief and aggravation > > First step is to create a CSR for X509 (named)certs embedded in pfx > > https://en.wikipedia.org/wiki/X.509 > X.509 - Wikipedia <https://en.wikipedia.org/wiki/X.509> > en.wikipedia.org > In cryptography, X.509 is a standard that defines the format of public key > certificates. X.509 certificates are used in many Internet protocols, > including TLS/SSL ... > > the pfx will contain Asymmetric private/public keys: > > https://www.ciphercloud.com/blog/cloud-information- > protection-symmetric-vs-asymmetric-encryption/ > > <https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/> > Symmetric vs. Asymmetric Encryption | CipherCloud > <https://www.ciphercloud.com/blog/cloud-information-protection-symmetric-vs-asymmetric-encryption/> > www.ciphercloud.com > One of the basic questions in considering encryption is to understand the > differences between symmetric and asymmetric encryption methods, and where > to apply each ... > > first step is to send the CSR to your CA provider Verisign or Thawte > > https://knowledge.symantec.com/support/ssl-certificates- > support/index?page=content&actp=CROSSLINK&id=INFO227 > Certificate Signing Request (CSR) Generation Instructions ... > <https://knowledge.symantec.com/support/ssl-certificates-support/index?page=content&actp=CROSSLINK&id=INFO227> > knowledge.symantec.com > To generate a CSR, you will need to create a key pair for your server. > These two items are a digital certificate key pair and cannot be separated. > > > > yes you can create self-signed certs but CHROME stops transmission when > they do not recognise certifying authority > https://www.ibm.com/support/knowledgecenter/SSCP65_5.0.0/ > com.ibm.rational.rrdi.admin.doc/topics/t_browser_ss_cert.html > Configuring a browser to work with self-signed certificates > <https://www.ibm.com/support/knowledgecenter/SSCP65_5.0.0/com.ibm.rational.rrdi.admin.doc/topics/t_browser_ss_cert.html> > www.ibm.com > When self-signed certificates are installed on the server, configure > Internet Explorer or Mozilla Firefox to work with these self-signed > certificates. > > > Let me know if you need further assistance > > Martin > __ > > _ _ _ _ _ ___ _ > _ _ _ _ |_ _| |_ ___ | _ |___ > ___ ___| |_ ___ | __|___| _| |_ _ _ _ ___ ___ ___ | __|___ _ _ ___ > _| |___| |_|_|___ ___| | | | -_| | | . | .'| _| | -_| |__ | > . | _| _| | | | .'| _| -_| | __| . | | | | . | .'| _| | . | | > |_| |_|_|___| |__|__| _|__,|___|_|_|___| |_|___|_| |_| |_|__,|_| > |___| |__| |___|___|_|_|___|__,|_| |_|___|_|_||_| > > > > > -- > *From:* Lyallex > *Sent:* Tuesday, April 4, 2017 3:11 PM > *To:* Tomcat Users List > *Subject:* renewing an ssl certificate > > Tomcatters > > After some sterling support from this list a while ago which included > a code change I have been successfully running > Apache Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for > a year now without problems, it just works, it never falls over > and it has withstood some concerted attacks by all sorts of > scallywags. Impressive. > > It is now time to renew my ssl certificate and
renewing an ssl certificate
Tomcatters After some sterling support from this list a while ago which included a code change I have been successfully running Apache Tomcat 7.0.70 stand alone (no httpd front end) with SSL/TLS for a year now without problems, it just works, it never falls over and it has withstood some concerted attacks by all sorts of scallywags. Impressive. It is now time to renew my ssl certificate and I'm getting a bit jumpy. I managed to get everything working first time around following the docs at http://tomcat.apache.org/tomcat-7.0-doc/ssl-howto.html#General_Tips_on_Running_SSL According to my service provider (comodo) I have to submit a new certificate signing request which (I think) means creating a self signed certificate. Will this mess up me existing cert, it still has 10 days to go? Is the process the same as installing first time or are there some gotchas I need to be aware of Thanks, nervously Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 25 June 2016 at 07:38, Lyallex wrote: > On 24 June 2016 at 21:50, Christopher Schultz > wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA256 >> >> Lyallax, >> >> Okay, one last time before I start ignoring you. We really are trying >> to be helpful. But nobody knows why who are so exercised about this. >> >> You haven't: >> >> a) Clearly explained what you want to do (redirect which requests? >> with what response code? in what cases?) > > Thank you for your very reasonable response > > https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 > > Explains the problem that has been fixed in 7.0.70 Tomcat 7.0.70, stand alone production server, live. curl -D /tmp/headers.txt -s http://www.mysite.com/ HTTP/1.1 301 Moved Permanently ... Fantastic Thank You Lyallex > > My 'issue' was with the design decision, not the fix. > Software design is an obsession of mine, sometimes it overflows my > brain and spills out on the pavement so to speak. > > I don't think this forum is the right place to discuss such issues. > Many thanks for everyones patience. > > Lyallex > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 24 June 2016 at 21:50, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Lyallax, > > Okay, one last time before I start ignoring you. We really are trying > to be helpful. But nobody knows why who are so exercised about this. > > You haven't: > > a) Clearly explained what you want to do (redirect which requests? > with what response code? in what cases?) Thank you for your very reasonable response https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 Explains the problem that has been fixed in 7.0.70 My 'issue' was with the design decision, not the fix. Software design is an obsession of mine, sometimes it overflows my brain and spills out on the pavement so to speak. I don't think this forum is the right place to discuss such issues. Many thanks for everyones patience. Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 24 June 2016 at 15:37, Mark Thomas wrote: > On 24 June 2016 11:51:25 BST, Lyallex wrote: > > > >>However I can't get my head around your assertion that forcing the use >>of TLS is a 'user data constraint' > > Have a look in the Servlet specification for that phrase. I don't have a copy > to hand right now but it will be in the security section. OK. I'll concede that point, thank you for making that clear In web.xml a security-constraint can contain an and or a It makes sense to me that auth-constraint is associated with a Realm given that a Realm is a database of users It still doesn't make sense to me that a user-data-constraint, which is 'all about the scheme' should be managed/configured/maintained (use whatever word feels right) in a component that is 'all about a database'. That's all I'm saying, it just doesn't 'feel right' that's all. As for an alternative solution, well until I can get enough time together to get a build system together I haven't got one, that doesn't mean that there isn't one. Building Tomcat is now working it's way up my todo list. I'll get back to you. Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 24 June 2016 at 16:45, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > 3. You can redirect anything yourself if you want to. The only reason > for the Realm option was because Tomcat itself is issuing this > particular redirect based upon an authentication situation (as defined > by the servlet specification). > > 4. If you want "easy" redirection from http -> https and you don't > want to write the 5-line Filter to do it for you, use url-rewrite and > set up a rule that redirects all http:// requests to https:// URLs. If you really understood the issue you wouldn't make such a lame observation it has nothing to do with not being able to redirect, it is to do with the *response code* returned by tomcat when the redirect occurs. I have tried a number of things to try and solve this issue using Servlet Filters but I just can't seem to get the timing right. The Tuckey UrlRewriteFilter does not make the slightest bit of difference. I know this because I tried it. Did you? > And seriously, calm down. And seriously, try to understand the issue before criticizing. You really are a delicate lot aren't you, the slightest suggestion that you might not be the geniuses you obviously think you and your fragile egos crumple and you get all defensive. I've seen it so many times in 20+ years as a developer/software engineer that I shouldn't be surprised but I still am. . > You completely lost your mind over a new > configuration option that you misunderstood. Oh the irony - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: I don't understand a recent change released in Tomcat 7.0.70
On 24 June 2016 at 10:01, Mark Thomas wrote: > On 24/06/2016 06:30, Lyallex wrote: > > > >> I think the current solution to 59399 need rethinking >> >> My commercial site has been up for years, there are links dating back >> years that refer to the old http scheme >> I have no control over this, now, whenever I get a hit from an 'old' >> link I need to force the switch to https, lots of sites have this >> probem and need a solution, it has nothing whatsoever to do with >> dabases in any way shape or form. >> >> So, >> >> https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 >> >> What has the status code returned when switching from http -> https >> got to do with a Realm? > > It is the Realm that enforces the security constraints defined in > web.xml. This includes both authorisation constraints and user data > constraints. Forcing the use of TLS is a user data constraint. Hence the > ability to configure the redirect was added to the Realm implementations. > > > >> Which Realm(s)? only JDBCDatabaseRealm has the attribute but your >> comment seems to imply that all Realms >> have it (transportGuaranteeRedirectStatus) > > It is supported for any Realm that extends org.apache.catalina.RealmBase > which is all the Realms that ship with Tomcat and, I should think, a > reasonable proportion of the custom Realm implementations as well. > > That it was only documented for one Realm was an oversight that I'll > correct shortly. (Along with the typo in the text.) > > > >> In the 'good old days' it was common practice to only switch to https >> during or after signing in to an application, networks were slow and >> encryption takes time, now networks are faster and the overhead isn't >> such an issue. Entire sites now use the https scheme, I know mine >> does. I can see a situation where, because the mighty Google says it >> must be so, even an entirely static site with no database and no >> manager will be served up under https. How is such a site suppose to >> implement https? > > I assume the question here is how to configure the redirect status to > use when a web application does not configure a Realm. > > Whether an application configures a Realm or not, it will have one. If a > web application does not have a specific Realm configured Tomcat looks > at the Host and then the Engine. If a Realm is not configured for either > of these then the Engine will be configured with the NullRealm. > > Much like the way Tomcat automatically adds an Authenticator when > required but the user has to add it explicitly if they want to change > the default configuration for that Authenticator, the user has to > explicitly add the NullRealm and configure it if they want to change the > redirect status when no other Realm is defined. > > The NullRealm is currently undocumented. I'll fix that as well. > >> FYI I have it in black and white, from a Google webaster forum >> responder that, in the event of a tie between two pages in a ranking >> calculation, the https scheme would produce a ranking signal that >> would elevate the https page above the non https page in the resulting >> rankings. >> >> Once again this is not intended as criticsm of a dedicated and >> prolific committer > > You stated you think the current solution needs rethinking. You haven't > proposed an alternative and explained why the alternative is better. Because I don't presume to have the knowledge of the Tomcat source code required to make such a statement. I do have explicit knowledge of a problem that I experienced while using open source software that you (and others) have written. I didn't understand the solution due to (apparently) incomplete documentation. What *exactly* is one supposed to do in this situation. I may not have the time to contribute source code but it took me a while to figure out exactly was going on and write a bug report, I consider this contributing to the project, maybe you don't. As it happens I did have a possible solution that maintained your abstraction (Realm) even though the connection between realm and redirect is *in my opinion* not intuitive and somewhat opaque and that was to add the required functionality to the Realm base class (if such an entity exists). Then, by way of an attribute expose that functionality in your chosen Realm. This sounds remarkably like the solution you have come up with ... However I can't get my head around your assertion that forcing the use of TLS is a 'user data constraint' but it appears that any attempted discussion of d
Re: I don't understand a recent change released in Tomcat 7.0.70
On 23 June 2016 at 19:43, Mark Thomas wrote: > On 23/06/2016 17:56, Lyallex wrote: >> I'm trying to understand why a recent change in 7.0.70 has been done >> the way it has. >> The change makes absolutely no sense to me and I need to ask the >> implementer why in the name of sanity he did what he did. >> I'm talking to you markt whoever you are :-) >> >> Where should I ask the question? dev list? >> >> I couldn't care less how much shouting ensues, I just need to get some sleep. > > How about you cut the attitude and just ask your question? OK, I will. To give this some context and with the greatest respect to a dedicated committer none of what follows is intended as criticism it's just that I think the current solution to 59399 need rethinking My commercial site has been up for years, there are links dating back years that refer to the old http scheme I have no control over this, now, whenever I get a hit from an 'old' link I need to force the switch to https, lots of sites have this probem and need a solution, it has nothing whatsoever to do with dabases in any way shape or form. So, https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 What has the status code returned when switching from http -> https got to do with a Realm? http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html "A Realm is a "database" of usernames and passwords that identify valid users of a web application .. " Or: What has the status code returned when switching from http -> https got to do with a database of usernames and passwords? https://tomcat.apache.org/tomcat-7.0-doc/config/realm.html JDBCDatabaseRealm attrbute: transportGuaranteeRedirectStatus The HTTP status code to use when the container needs to issue an HTTP redirect to meet the requirements of a configured transport guarantee. The prpvoded status code is not validated. If not specified, the default value of 302 is used. I just don't get why this is here furthermore https://bz.apache.org/bugzilla/show_bug.cgi?id=59399 Mark Thomas 2016-06-15 11:12:11 UTC This has been implemented as a new option in the Realm and will has implemented in: - 9.0.x for 9.0.0.M9 onwards - 8.5.x for 8.5.4 onwards - 8.0.x for 8.0.37 onwards - 7.0.x for 7.0.70 onwards Which Realm(s)? only JDBCDatabaseRealm has the attribute but your comment seems to imply that all Realms have it (transportGuaranteeRedirectStatus) In which case surely it should be a common attribute and (I'm guessing here) the functionality be included in the base class for Realm What happens if I don't use JDBCDatabaseRealm, does that mean I can't configure the switchover status code. What happens if I write my own Realm? In the 'good old days' it was common practice to only switch to https during or after signing in to an application, networks were slow and encryption takes time, now networks are faster and the overhead isn't such an issue. Entire sites now use the https scheme, I know mine does. I can see a situation where, because the mighty Google says it must be so, even an entirely static site with no database and no manager will be served up under https. How is such a site suppose to implement https? FYI I have it in black and white, from a Google webaster forum responder that, in the event of a tie between two pages in a ranking calculation, the https scheme would produce a ranking signal that would elevate the https page above the non https page in the resulting rankings. Once again this is not intended as criticsm of a dedicated and prolific committer With respect Lyallex > > If you are ever unsure where to ask, use the users list. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
I don't understand a recent change released in Tomcat 7.0.70
I'm trying to understand why a recent change in 7.0.70 has been done the way it has. The change makes absolutely no sense to me and I need to ask the implementer why in the name of sanity he did what he did. I'm talking to you markt whoever you are :-) Where should I ask the question? dev list? I couldn't care less how much shouting ensues, I just need to get some sleep. Thanks Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Bug 59399 fixed, great, now what happens
On 16 June 2016 at 19:04, Mark Thomas wrote: > On 16/06/2016 18:26, Lyallex wrote: >> A while ago I posted a bug >> >> Yesterday I got a message saying it had been fixed. nice :-) >> However I am in the process of trying to get a development environment >> up so that I could try and figure this one out for myself. It's no big >> deal, I'll proceed with the project but for future reference how do I >> know that someone has picked up one of 'my' bugs and is currently >> working on it. > > I'll turn that around. How was anyone meant to know that you were > working on it? OK, fair point. >> I subscribed to bugzilla emails for the bug but this is >> the first I've heard > > To provide a little background, the ASF Bugzilla instances are patched > to hard-code the 'Assigned to' field to the appropriate dev list. This > is to ensure that the dev list always receives e-mails for every bug change. > > Generally, the Tomcat committers will comment on a bug as they make > progress on it. If, like 59399, the fix is simple, it is likely that the > first you will see of this is a comment to say it is fixed. If it is > more complicated, then you are likely to see additional comments either > reporting progress or asking for more information. It is also possible > that there may be some additional discussion on the dev list. If you are > interested in working on Tomcat then it is worth subscribing to the dev > list. Done I have have also subscribed to announce so I know when it's been released Thanks for the info Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Bug 59399 fixed, great, now what happens
Before anyone gets over excited I have no idea how this works so save your breath if you want to shout at me. A while ago I posted a bug Yesterday I got a message saying it had been fixed. nice :-) However I am in the process of trying to get a development environment up so that I could try and figure this one out for myself. It's no big deal, I'll proceed with the project but for future reference how do I know that someone has picked up one of 'my' bugs and is currently working on it. I subscribed to bugzilla emails for the bug but this is the first I've heard Thanks Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Request for documentation
On 16 May 2016 at 07:49, Violeta Georgieva wrote: > Hi, > > 2016-05-14 15:06 GMT+03:00 Lyallex : >> >> I'm trying to find some documentation that details the request lifecycle >> I've looked in the obvious places ... and some not so obvious ones >> >> That is: NOT the servlet lifecycle documentation, this is a different >> thing entirely. >> >> I need some documentation that details exactly what happens when the >> fist bit of a request arrives at the server all the way through to >> when the last bit of the response leaves the server. Does any such >> documentation exit? > > Check this one > http://tomcat.apache.org/tomcat-8.0-doc/architecture/requestProcess/request-process.png Excellent, a UML sequence diagram. By far the most useful UML model type.. Thanks, that's exactly what I was looking for. +1 as they say on the trendy (but largely useless) web forums. lyallex > > > Regards, > Violeta > >> Presumably the version of Tomcat is important >> >> 7.0.42 >> >> >> Thanks in advance >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Request for documentation
I'm trying to find some documentation that details the request lifecycle I've looked in the obvious places ... and some not so obvious ones That is: NOT the servlet lifecycle documentation, this is a different thing entirely. I need some documentation that details exactly what happens when the fist bit of a request arrives at the server all the way through to when the last bit of the response leaves the server. Does any such documentation exit? Presumably the version of Tomcat is important 7.0.42 Thanks in advance - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
snip > Unfortunately, it looks like Tomcat doesn't support setting the response > code for the redirect. That sounds like it would be a nice thing to be > able to configure. Care to file a bug? Done Bug 59399 - Tomcat doesn't support setting the response code for http -> https redirect > You could even submit a patch for > it -- it shouldn't be too terribly difficult to code that up. That might take a little longer, working on it lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
On 29 April 2016 at 19:49, Christopher Schultz wrote: > Lyallex, > > On 4/29/16 12:50 AM, Lyallex wrote: >> On 28 April 2016 at 23:04, Christopher Schultz >> wrote: snip > 1. You want to redirect requests to hostnames not on your whitelist to > HTTPS (url-rewrite) > 2. You want to redirect everybody to HTTPS (CONFIDENTIAL) > > Which of those is most important? > > If you need the CONFIDENTIAL setting (which is generally a good idea), > then forget about url-rewrite and just use CONFIDENTIAL instead. Yep, you're correct. UrlRewrite is not the answer, it's out of the picture. it's just CONFIDENTIAL and the standard port 80/443 connectors that I have to deal with > Unfortunately, it looks like Tomcat doesn't support setting the response > code for the redirect. That sounds like it would be a nice thing to be > able to configure. Care to file a bug? Well I wouldn't call it a bug really, more of a missing feature that would be nice to have I've never submitted a bug before I don't really know where to start ... Ah ... http://tomcat.apache.org/bugreport.html I wouldn't call it a bug, more of an 'enhancement'. I'll give it a go, after all I can only get shouted at :-) >You could even submit a patch for > it -- it shouldn't be too terribly difficult to code that up. As it happens I'm currently setting up a mirror of my new live CentOS systemd server as my new dev box (currently on Ubuntu) The first thing I was going to do was get the source of Tomcat 7 and try to build it Jeez, contribute to Tomcat eh, that would be something wouldn't it? Anyway thanks to all for all the help and for your patience, I'll figure out how the bug report thing works and submit an enhancement lyallex > > -chris > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
On 29 April 2016 at 14:57, André Warnier (tomcat) wrote: > On 29.04.2016 12:52, Lyallex wrote: >> >> On 29 April 2016 at 08:44, André Warnier (tomcat) wrote: >>> >>> On 29.04.2016 08:59, Lyallex wrote: >>>> >>>> >>>> The problem is despite setting the to-type to permanent-redirect I'm >>>>>> >>>>>> >>>>>> actually getting a 302 temporary-redirect. >>>>>> >>>>>> I know this is probably off topic but if anyone has any experience of >>>>>> this I'd be gratefull to hear how you solved it >>>>>> >>> >>> If this was Apache httpd, a simple solution would be to create 2 >>> VirtualHost's, >>> - one of which listens only to port 80, and always returns a 301 to HTTPS >>> - the other one listening only to port 443, and holding your application >>> There should be a way to do the same with Tomcat. I am but a humble code monkey and certainly no Tomcat guru but I think I understand where you are coming from I commented out the relevant constraint in web.xml commented out the standard port 80/443 setup in server.xml commented out the redirect rule in urlrewrite.xml I added the following to server.xml and started tomcat I checked out the logs and couldn't see any problems, tomcat was apparently listening on 2 ports Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["http-bio-443"] Apr 29, 2016 4:10:37 PM org.apache.coyote.AbstractProtocol start INFO: Starting ProtocolHandler ["ajp-bio-8009"] Apr 29, 2016 4:10:37 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 2167 ms I fired up frefox, cleared the caches and entered https;//localhost and the site was visible ... I haven't tested it extensively but it seems to work fine Of course the problems start when I try http://localhost given that there's nothing listening on port 80 I think this is where your second instance comes in ... I'll go and do some gardening and let my tired old brain process what you said and see if I can make it work. Do any of the gurus want to jump in here what do you think of this solution Is it madness, what haven't I seen Thanks for your time snip - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
On 29 April 2016 at 08:44, André Warnier (tomcat) wrote: > On 29.04.2016 08:59, Lyallex wrote: >> >> The problem is despite setting the to-type to permanent-redirect I'm >>>> >>>> actually getting a 302 temporary-redirect. >>>> >>>> I know this is probably off topic but if anyone has any experience of >>>> this I'd be gratefull to hear how you solved it >>>> > > If this was Apache httpd, a simple solution would be to create 2 > VirtualHost's, > - one of which listens only to port 80, and always returns a 301 to HTTPS > - the other one listening only to port 443, and holding your application > There should be a way to do the same with Tomcat. > > If not, then thinking a bit laterally : > - set up Tomcat with only a HTTPS Connector and your apps. > - set up Apache httpd with only a HTTP VirtualHost, to return the 301. > The overhead should be negligible, because the Apache httpd could be > minimally configured, if that is the only thing it ever has to do. > And since with a 301, browsers (and Google) should update their links/cache, > it would only catch the first attempts of each client. > And it saves quite a bit of overhead at the Tomcat level, which no longer > has to deal at all with catching HTTP and redirecting it. Hi, thanks for the suggestion however I'm running tomcat as a standalone web server Is there any similar trickery I can do in server.xml (for example). thanks lyallex > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
On 28 April 2016 at 18:21, jieryn wrote: > You can get the same effect using standard web.xml fragment and > without a 3rd party dependency: > > > > > > /* > > > CONFIDENTIAL > > Hi, and thanks for taking the time to reply. Unfortunately, rather than solving the problem it *is* the problem (as far as I can figure out anyway) If I take the rewrite filter out of the picture the configuration I have is as follows web.xml /* CONFIDENTIAL server.xml stop tomcat clear out all the logs start tomcat rebuild and redeploy the web app root@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml root@sandbox:/tmp# cat headers.txt HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Cache-Control: private Expires: Thu, 01 Jan 1970 01:00:00 GMT Location: https://localhost/sitemap.xml Content-Length: 0 Date: Fri, 29 Apr 2016 06:55:39 GMT Remember, the filter is out of the picture yet still I get a 302 If I can't solve this it will be a show stopper and I'll have to go back to straight http which will push my link further down the Google search results. Thanks lyallex > > > On Thu, Apr 28, 2016 at 1:12 PM, Lyallex wrote: >> apache-tomcat-7.0.42 >> jdk1.8.0_77 >> CentOS Linux 7.2.1511 >> urlrewritefilter-4.0.3.jar >> >> I'm using the rewrite filter from http://tuckey.org/urlrewrite/ >> >> I have a rule, it's supposed to 301 perm-redirect from http to https >> >> >>seo redirect >>> operator="notequal">^www.example.com >>^localhost >>^/(.*) >>> last="true">https://www.example.com/$1 >> >> >> The problem is despite setting the to-type to permanent-redirect I'm >> actually getting a 302 temporary-redirect. >> >> I know this is probably off topic but if anyone has any experience of >> this I'd be gratefull to hear how you solved it >> >> Thanks >> >> lyallex >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Any experience with Tuckey UrlRewrite servlet filter?
On 28 April 2016 at 23:04, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Lyallex, > > On 4/28/16 1:12 PM, Lyallex wrote: >> apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511 >> urlrewritefilter-4.0.3.jar >> >> I'm using the rewrite filter from http://tuckey.org/urlrewrite/ >> >> I have a rule, it's supposed to 301 perm-redirect from http to >> https >> >> seo redirect > operator="notequal">^www.example.com > name="host" operator="notequal">^localhost >> ^/(.*) > last="true">https://www.example.com/$1 >> >> The problem is despite setting the to-type to permanent-redirect >> I'm actually getting a 302 temporary-redirect. >> >> I know this is probably off topic but if anyone has any experience >> of this I'd be gratefull to hear how you solved it > > - From the documentation for "condition": > > " > notequal Not equal to. (i.e. request value != condition value). > Note, this operator *only work with numeric rule types*. > " > (emphasis mine) > > Then again, there is immediately following it an example of where a > regular expression is almost certainly being used: > > " > Mozilla/[1-4] n> > " > > You might want to post a question to the Google Group for url-rewrite. > This might be a bug (at least in their documentation). I have turned on debug logging for the filter and everything looks OK, the rule loads with no errors however I think you are right about the filter not doing the redirect, or rather the filter redirects but then something redirects again. This could be a problem as GoogleGod demands a 301 redirect not a 302. Please see below > As for the incorrect redirect status, are you sure it's the rewrite > filter redirecting you? Jieryn points-out in a separate reply that if > you are using a user-data-constraint, you may already be redirected by > Tomcat before url-rewrite gets to look at the request. First I commented out both the filter and the entire CONFIDENTIAL security constraint, rebuilt and redeployed the war. root@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml root@sandbox:/tmp# cat headers.txt HTTP/1.1 200 OK Server: Apache-Coyote/1.1 Vary: User-Agent Content-Type: text/xml;charset=UTF-8 Transfer-Encoding: chunked Date: Fri, 29 Apr 2016 04:28:30 GMT Then I enabled the security constraint but left the filter commented out rebuilt and redeployed then I ran exactly the same command root@sandbox:/tmp# curl -D /tmp/headers.txt -s http://localhost/sitemap.xml root@sandbox:/tmp# cat headers.txt HTTP/1.1 302 Found Server: Apache-Coyote/1.1 Cache-Control: private Expires: Thu, 01 Jan 1970 01:00:00 GMT Location: https://localhost/sitemap.xml Content-Length: 0 Date: Fri, 29 Apr 2016 04:32:20 GMT So, the filter isn't in the picture and I'm getting a 302 The only thing I can find that's might be doing the redirect is the following root@sandbox:/tmp# cat /opt/apache-tomcat-7.0.42/conf/server.xml <<<=== 302 redirect ? If this happens after the filter (which is not enabled at the moment) then I could be in trouble. I can't believe no one has had this problem before. Thanks lyallex > > - -chris > -BEGIN PGP SIGNATURE- > Comment: GPGTools - http://gpgtools.org > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iEYEARECAAYFAlciiPQACgkQ9CaO5/Lv0PDusQCcDrmV6fZlQWUsjvyVowD6bgvu > BG4An1R9lKLudJlTa0yM7yMKUrrmEjvi > =3AxZ > -END PGP SIGNATURE- > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Any experience with Tuckey UrlRewrite servlet filter?
apache-tomcat-7.0.42 jdk1.8.0_77 CentOS Linux 7.2.1511 urlrewritefilter-4.0.3.jar I'm using the rewrite filter from http://tuckey.org/urlrewrite/ I have a rule, it's supposed to 301 perm-redirect from http to https seo redirect ^www.example.com ^localhost ^/(.*) https://www.example.com/$1 The problem is despite setting the to-type to permanent-redirect I'm actually getting a 302 temporary-redirect. I know this is probably off topic but if anyone has any experience of this I'd be gratefull to hear how you solved it Thanks lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Obsolete cypher suit
On 13 April 2016 at 12:50, Mark Thomas wrote: > On 13/04/2016 12:43, Lyallex wrote: >> On 12 April 2016 at 19:26, Mark Thomas wrote: >>> On 12/04/2016 19:11, Lyallex wrote: >>>> On 12 April 2016 at 18:06, Lyallex wrote: >>>>> apache-tomcat-7.0.42 as standalone web server >>>>> jdk1.7.0_45 >>>>> Ubuntu 12.10 >>>>> >>>>> Greetings >>>>> >>>>> I'm sure this is an old chestnut but it's got me stumped >>>>> >>>>> I just purchased and installed my first ever ssl certificate >>>>> I had it installed and apparently running in no time. I should of >>>>> course have been suspicious that it all went so smoothly >>>>> but I though it was about time I got a break ... no such luck. >>>>> >>>>> Clicking the padlock in chrome I get >>>>> >>>>> Your connection to 192.168.1.68 is encrypted using an obsolete cipher >>>>> suit. >>>>> >>>>> The connection uses TLS 1.2. >>>>> >>>>> The connection is encrypted using AES_128_CBC with HMAC-SHA1 for >>>>> message authentication and ECDHE_RSA as the key exchange mechanism. >>>> >>>> jdk1.8.0.77 fixed it >>>> >>>> Should have know it was a Java (as opposed to Tomcat) problem >>>> >>>> as you were >>> >>> As of the next Tomcat 7 release, the SSL defaults have been improved so >>> a default configuration should not report any issues. >>> >>> Mark >> >> Now I'm confused, I thought Tomcat relied on the JSSE implementation >> in whatever version of Java that was used to start Tomcat >> to provide it's cipher suits. If this is correct how will a different >> version of Tomcat make a difference given that it's started with the >> same version of Java. If it's incorrect please forgive my boundlesss >> ignorance and stupidity. > > Happy to clarify. > > Tomcat is able to select which TLS versions and cipher suites are > enabled by default. The latest Tomcat version enables fewer cipher > suites by default (some less secure ones are removed) so the default > configuration is better. > > Users remain free to explicitly configure any cipher suite they wish > from those supported by the JSSE implementation provided by the JRE. > > Mark Good morning After a long night trying to figure out why Tomcat would not run with Java 1.8 on centOS I've finally got it working (wrong processor architecture, rookie mistake, tired) ssllabs now gives my server a B which is way better that an F There is one thing outstanding that I'm just too tired to figure out at the moment and I'm hoping someone will put me out of my misery. The one thing failing is the key exchage My tomcat server uses RSA as the key exchange mechanism when it needs to be using ECDHE_RSA When I start reading documentation on cipher suites my head starts spinning Does anyone feel like letting me know how to get tomcat to use ECDHE_RSA for the key exchange? Thanks I gotta get some sleep TTFN - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Obsolete cypher suit
On 12 April 2016 at 19:26, Mark Thomas wrote: > On 12/04/2016 19:11, Lyallex wrote: >> On 12 April 2016 at 18:06, Lyallex wrote: >>> apache-tomcat-7.0.42 as standalone web server >>> jdk1.7.0_45 >>> Ubuntu 12.10 >>> >>> Greetings >>> >>> I'm sure this is an old chestnut but it's got me stumped >>> >>> I just purchased and installed my first ever ssl certificate >>> I had it installed and apparently running in no time. I should of >>> course have been suspicious that it all went so smoothly >>> but I though it was about time I got a break ... no such luck. >>> >>> Clicking the padlock in chrome I get >>> >>> Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit. >>> >>> The connection uses TLS 1.2. >>> >>> The connection is encrypted using AES_128_CBC with HMAC-SHA1 for >>> message authentication and ECDHE_RSA as the key exchange mechanism. >> >> jdk1.8.0.77 fixed it >> >> Should have know it was a Java (as opposed to Tomcat) problem >> >> as you were > > As of the next Tomcat 7 release, the SSL defaults have been improved so > a default configuration should not report any issues. > > Mark Now I'm confused, I thought Tomcat relied on the JSSE implementation in whatever version of Java that was used to start Tomcat to provide it's cipher suits. If this is correct how will a different version of Tomcat make a difference given that it's started with the same version of Java. If it's incorrect please forgive my boundlesss ignorance and stupidity. lyallex > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Java 8 cipher suite required. CentOS says no
This is kind of connected to an earlier post but I didn't want to get
shouted at for hijacking so I started new one, hope this is OK
apache-tomcat-7.0.42 standalone web server
CentOS Linux release 7.2.1511
jdk1.7.0_45 and jdk1.8.0_77
It's a bit complicated I'll try to be brief
On discovering that browsers complained that I was using obsolete
cyphers over https I discovered that running the server against java
1.8 solved the problem.
I'm using a tried and tested init.d script
on my test machine, (Ubuntu Linux 12.10) in the script,
/etc/rc.d/init.d/tomcat7 I changed
JAVA_HOME=/opt/jdk1.7.0_45
to
JAVA_HOME=/opt/jdk1.8.0_77
saved the script and started tomcat under jsvc
The server came up straight away and browsers informed me that I was
using modern up to date ciphers ... hooray, change one line and
everything hums.
So, on the CentOS box I had exactly the same script in exactly the
same place pointing to exactly the same jdk (/opt/jdk1.7.0_45)
I realise that this CentOS release uses systemd init but if I shut
down tomcat with
# systemctl stop tomcat.service
I can start it manually with the old init.d script. it's quicker and
I don't have to keep reloading services. It works, Tomcat starts up
and ssllabs give me a big fat F for fail as expected but
I'm running fine with https. browsers still complain (as expected) but
it proves that my SSL config is correct (or as correct as can be
expected given the circumstances).
So, # /etc/rc.d/init.d/tomcat7 stop
change
JAVA_HOME=/opt/jdk1.7.0_45
to
JAVA_HOME=/opt/jdk1.8.0_77
/etc/rc.d/init.d/tomcat7 start ... epic fail
With the messages
Cannot find any VM in Java Home /opt/jdk1.8.0_77
Cannot locate JVM library file
in the tomcat logs
I have set everything I can think of including JAVA_HOME in .bash_profile
[root@vps logs]# java -version
java version "1.8.0_77"
Java(TM) SE Runtime Environment (build 1.8.0_77-b03)
Java HotSpot(TM) 64-Bit Server VM (build 25.77-b03, mixed mode)
[root@vps logs]# echo $PATH
/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin:/home/lyallex/.local/bin:/home/lyallex/bin:/opt/jdk1.8.0_77/bin
but nothing I do changes anything.
I have copied the start script below fYI
Has anyone seen anything like this before?
Thanks
lyallex
= /etc/rc.d/init.d/tomcat7
[root@vps logs]# cat /etc/rc.d/init.d/tomcat7
# chkconfig: - 71 19
# description: Start up the Tomcat servlet engine.
# use java 7
# JAVA_HOME=/opt/jdk1.7.0_45
# java 8, works on Ubuntu, fails on CentOS
JAVA_HOME=/opt/jdk1.8.0_77
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid
RC=0
case "$1" in
start)
$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
-pidfile '/var/run/tc7/jsvc.pid' \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
RC=$?
[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;
stop)
PID=`cat /var/run/tc7/jsvc.pid`
kill $PID
RC=$?
[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC
[root@vps logs]#
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Obsolete cypher suit
On 12 April 2016 at 18:06, Lyallex wrote: > apache-tomcat-7.0.42 as standalone web server > jdk1.7.0_45 > Ubuntu 12.10 > > Greetings > > I'm sure this is an old chestnut but it's got me stumped > > I just purchased and installed my first ever ssl certificate > I had it installed and apparently running in no time. I should of > course have been suspicious that it all went so smoothly > but I though it was about time I got a break ... no such luck. > > Clicking the padlock in chrome I get > > Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit. > > The connection uses TLS 1.2. > > The connection is encrypted using AES_128_CBC with HMAC-SHA1 for > message authentication and ECDHE_RSA as the key exchange mechanism. jdk1.8.0.77 fixed it Should have know it was a Java (as opposed to Tomcat) problem as you were snip lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Obsolete cypher suit
apache-tomcat-7.0.42 as standalone web server jdk1.7.0_45 Ubuntu 12.10 Greetings I'm sure this is an old chestnut but it's got me stumped I just purchased and installed my first ever ssl certificate I had it installed and apparently running in no time. I should of course have been suspicious that it all went so smoothly but I though it was about time I got a break ... no such luck. Clicking the padlock in chrome I get Your connection to 192.168.1.68 is encrypted using an obsolete cipher suit. The connection uses TLS 1.2. The connection is encrypted using AES_128_CBC with HMAC-SHA1 for message authentication and ECDHE_RSA as the key exchange mechanism. I followed the instructions here https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2-in-tomcat.html and passed then following when starting tomcat -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 \ No luck so far here is server.xml Any pointers to useful resources much appreciated TIA Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error
On 8 April 2016 at 13:12, Mark Thomas wrote: > On 8 April 2016 12:43:56 BST, Lyallex wrote: >>On 8 April 2016 at 12:31, Violeta Georgieva wrote: >>> Hi, > > Jasper is configured to default to the minimum Java version required by the > version of the JSP specification it implements. Thank you > Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error
On 8 April 2016 at 12:31, Violeta Georgieva wrote: > Hi, > > 2016-04-08 14:28 GMT+03:00 Lyallex : >> >> Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45 >> on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse >> JUNO set to 1.7 compliance >> >> Please don't moan at me for using JSP scriptlets, I'm just doing some >> throwaway prototyping so save the bandwidth. Thank You >> >> I have been switching on Strings in 1.7 projects for a while now, I >> use it in application classes running on the above with no problems at >> all. >> >> This morning I tried switching on Strings in jsp and got the following >> compiler error >> >> org.apache.jasper.JasperException Unable to compile class for JSP >> etc etc >> Cannot switch on a value of type String for source level below 1.7 ... >> >> Hmm, interesting >> >> Configured Jasper to compile against 1.7 and it all worked fine >> >> It seems a little strange that running Tomcat against 1.7 wouldn't >> automatically configure Jasper to compile against 1.7 ... doesn't it ? >> >> Or does it? >> >> I'm sure there is a good reason, I just can't think of it :-( >> > > This behavior is correct. Check this > http://tomcat.apache.org/tomcat-7.0-doc/jasper-howto.html > > compilerSourceVM - What JDK version are the source files compatible with? > (Default value: 1.6) > compilerTargetVM - What JDK version are the generated files compatible > with? (Default value: 1.6) > > Regards, > Violeta Well I'm sure it is ... but you miss the point entirely I'm afraid I'll try again I said " It seems a little strange that running Tomcat against 1.7 wouldn't automatically configure Jasper to compile against 1.7 ... doesn't it" I'm not sure how you interpret this statement as an assertion that the behavior is incorrect. Once again. Why is it that when Tomcat is run against Java 1.7 and obviously interprets classes written in 1.7 correctly Jasper isn't configure to compile at 1.7 compliance level. It's just a question, I found it interesting. Is that OK Lyallex >> > >> Lyallex >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat running against Java 1.7 barfs with Java < 1.7 Jasper error
Apache Tomcat 7.0.42 running under jsvc against jdk1.7.0.45 on 64 bit Ubuntu Linux 12.10 built and deployed with Ant in Eclipse JUNO set to 1.7 compliance Please don't moan at me for using JSP scriptlets, I'm just doing some throwaway prototyping so save the bandwidth. Thank You I have been switching on Strings in 1.7 projects for a while now, I use it in application classes running on the above with no problems at all. This morning I tried switching on Strings in jsp and got the following compiler error org.apache.jasper.JasperException Unable to compile class for JSP etc etc Cannot switch on a value of type String for source level below 1.7 ... Hmm, interesting Configured Jasper to compile against 1.7 and it all worked fine It seems a little strange that running Tomcat against 1.7 wouldn't automatically configure Jasper to compile against 1.7 ... doesn't it ? Or does it? I'm sure there is a good reason, I just can't think of it :-( Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to start Tomcat as a standalone web server using the systemd init system
Apache-tomcat-7.0.42
Java 1.7.0_45-b18
CentOS Linux release 7.2.1511
I have been using various releases of Apache Tomcat as a standalone
web server and servlet container
to serve a commercial web-app written entirely in Java for the past 4
years. Recently my server host informed me that I needed to
move to their 'cloud'.
This meant moving from a CentOS release 5.2 system that used a
SysV-style init script in /etc/rc.d/init.d with symbolic links in
rc2.d, rc3.d, rc4.d and rc5.d
to a CentOS Linux release 7.2.1511 system that used a systemd init system
The init.d script was called tomcat7 and is listed at the end of this message.
Tomcat is employed as a stand alone web server binding to the default
port for inbound non-encrypted http traffic which is port 80.
Due to the restricions placed on privileged ports (< 1024) by UNIX
like systems this required the use of an additional component.
The component chosen was jsvc
(http://commons.apache.org/proper/commons-daemon/jsvc.html)
Tomcat documentation re jsvc
(https://tomcat.apache.org/tomcat-7.0-doc/setup.html)
The first attempt at getting Tomcat to start after a system reboot
consisted of calling the original inid.d script.
# touch /etc/systemd/system/tomcat.service
tomcat.service began life as follows
[Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop
[Install]
WantedBy=multi-user.target
This and many other versions that called the original init.d script
failed with various systemd error codes
The reason(s) are as yet not fully understood.
The final solution shows the invocation arguments passed to jsvc in
longhand, this is the only way we could get it to work.
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
User=root
ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap
ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
[Install]
WantedBy=multi-user.target
This works fine and Tomcat starts as expected when the system reboots.
Hope this saves someone some aggravation. There is still much that is
not understood and experimentation is ongoing as time allows.
Lyallex
=== /etc/rc.d/init.d/tomcat7 ===
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid
RC=0
case "$1" in
start)
$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
-pidfile '/var/run/tc7/jsvc.pid' \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
RC=$?
[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;
stop)
PID=`cat /var/run/tc7/jsvc.pid`
kill $PID
RC=$?
[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19 March 2016 at 21:02, André Warnier (tomcat) wrote: > Daniel, > > first of all, stop top-posting (this applies to both of you). This is not > the style of posting desired on this list. > See http://tomcat.apache.org/lists.html#tomcat-users, #6. > > Secondly, > the original poster (lyallex) wants to run Tomcat under Linux, without a > front-end, as a webserver, listening on port 80, but running as a user which > is not root. > This is a legitimate way of running Tomcat, and it is not for you to tell > him to run it otherwise. Presumably, he knows what he is doing, under his > circumstances. > > Tomcat by itself cannot do that, because it cannot by itself start as root, > bind to port 80, and then switch users. > The jsvc program (a "wrapper" for the JVM which runs Tomcat) allows this, > which is why the OP wants to use it. > But he has problems configuring this to run under systemd. > And this was his question : how to run Tomcat as non-root under a JVM under > jsvc under systemd, listening on port 80. > > I have not yet tried it myself, so I cannot really help. I have it working now, I'd be glad to advise if required > But I have a feeling that the information that you have provided earlier, > can be extrapolated to the configuration which lyallex wants. > So thank you for providing that information, and let's leave it at that. > There is no need and no point in transforming this conversation into a flame > now. > +1 > > > On 19.03.2016 21:33, Daniel Savard wrote: >> >> I still don't see how the number of concurrent sessions is related to >> the port number. >> >> The default ports for Tomcat are 8080 and 8443. >> >> For huge websites, usually you have a load balancer as a front-end >> anyway. You then get the capability to distribute the workload on more >> than one instance of Tomcat and/or servers, so, sticking on a single >> port isn't desirable since many instances on a single server cannot >> run on the same port. You get the capability to eliminate any >> single-point of failure as well as getting the capability to implement >> a non-stop environment making a Tomcat cluster. >> - >> Daniel Savard >> >> >> 2016-03-19 15:40 GMT-04:00 Lyallex : >>> >>> >>> >>> On 19 March 2016 at 19:19, Daniel Savard wrote: >>>> >>>> I see what you were trying to achieve, however I don't see much >>>> interest in that. >>> >>> >>> Really, I've been running a successful commercial web site for the >>> last 4 years using Tomcat as a standalone web server >>> and servlet container using exactly this solution. 1000 concurrent >>> sessions pose no problem >>> I mentioned this in my first post, sorry if you missed it. >>> >>>> 1) Obviously, if you were expecting systemd to solve that problem, you >>>> were wrong and it is a sane behavir of systemd to not allow that >>>> neither >>> >>> >>> No, you misunderstood. I was trying to start jsvc from a systemd service >>> file >>> Please read more carefully.I never suggested that systemd would solve >>> the problem >>> >>>> 2) Your solution to your problem is lying on jsvc alone. >>>> 3) I believe is bad security practice to insist to bind on privileged >>>> ports for process that don't need that level of privilege. >>>> >>>> Btw, even if you switch to another user to run the code, you actually >>>> are binding to port 80 as root. >>>> >>>> Maybe you can explain us why you want to do such a thing and using any >>>> other unprivileged port isn't a solution to your problem. >>> >>> >>> What is the default port for non.-encrypted http traffic to a web server? >>> >>> Anyway, I see no reason to start a slanging match, I have better things >>> to do. >>> It's all working quite nicely now anyway, thank you for your input. >>> >>> To learn about jsvc see >>> http://commons.apache.org/proper/commons-daemon/jsvc.html >>> You'll need an up to date ANSI C compiler (I use gcc) >>> >>> Lyallex >>> >>> >>>> >>>> Regards, >>>> - >>>> Daniel Savard >>>> >>>> >>>> 2016-03-19 12:10 GMT-04:00 Lyallex : >>>>> >>>>> It's the simplest way to find out which port you have Tomcat listening >>>>
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
On 19 March 2016 at 19:19, Daniel Savard wrote: > I see what you were trying to achieve, however I don't see much > interest in that. Really, I've been running a successful commercial web site for the last 4 years using Tomcat as a standalone web server and servlet container using exactly this solution. 1000 concurrent sessions pose no problem I mentioned this in my first post, sorry if you missed it. > 1) Obviously, if you were expecting systemd to solve that problem, you > were wrong and it is a sane behavir of systemd to not allow that > neither No, you misunderstood. I was trying to start jsvc from a systemd service file Please read more carefully.I never suggested that systemd would solve the problem > 2) Your solution to your problem is lying on jsvc alone. > 3) I believe is bad security practice to insist to bind on privileged > ports for process that don't need that level of privilege. > > Btw, even if you switch to another user to run the code, you actually > are binding to port 80 as root. > > Maybe you can explain us why you want to do such a thing and using any > other unprivileged port isn't a solution to your problem. What is the default port for non.-encrypted http traffic to a web server? Anyway, I see no reason to start a slanging match, I have better things to do. It's all working quite nicely now anyway, thank you for your input. To learn about jsvc see http://commons.apache.org/proper/commons-daemon/jsvc.html You'll need an up to date ANSI C compiler (I use gcc) Lyallex > > Regards, > - > Daniel Savard > > > 2016-03-19 12:10 GMT-04:00 Lyallex : >> It's the simplest way to find out which port you have Tomcat listening on >> >> *NIX based systems don't allow non root uses bind to ports < 1024 >> >> jsvc >> http://commons.apache.org/proper/commons-daemon/jsvc.html >> >> solves this problem, nobody seems to have grasped that this is what I >> was asking about. >> I know of no way to start the container, on port 80 using either >> startup.sh or catalina.sh using start, run or anything else. >> If I'm wrong then I would love to see how it's done. >> >> CentOS Linux release 7.2.1511 (Core) >> >> >> On 19 March 2016 at 13:46, Daniel Savard wrote: >>> Why? What is the point? The server.xml has nothing to do with >>> integration with systemd. >>> - >>> Daniel Savard >>> >>> >>> 2016-03-19 1:40 GMT-04:00 Lyallex : >>>> Would you mind posting your server.xml, here is the relevant bit from mine. >>>> >>>> >>>> >>>> >>>connectionTimeout="2" >>>>redirectPort="8443" /> >>>> >>>> >>>> >>>> >>>> >>>> >>> resourceName="UserDatabase"/> >>>> >>>> >>>> >>>> >>> autoDeploy="true"> >>>> >>>> >>> directory="logs" >>>>prefix="localhost_access_log" suffix=".txt" >>>>rotatable="false" pattern="combined" /> >>>> >>>> >>>> >>>> >>>> >>>> On 18 March 2016 at 23:35, Daniel Savard wrote: >>>>> I believe all distros have over engineered the scripts to start >>>>> Tomcat. Forget all the scripts from your distro, learn the >>>>> signification of the environment variables from the catalina.sh script >>>>> shipped with the default Tomcat version. Define your variables in a >>>>> file, this file is not a script, so you cannot reuse a previously >>>>> defined variable, feed your systemd service definition file with this >>>>> file in the service section as EnvironmentFile=/path/name/to/your/file >>>>> ExecStart=/path/to/catalina.sh start >>>>> ExecStop=/path/to/catalina.sh stop >>>>> >>>>> and you are done. You control everything from the environment file, >>>>> you can easily manage the environment variables without editing the >>>>> systemd's service file. >>>>> >>>>> It is much simpler than the OpenRC set of scripts at my humble >>>>> opinion. I am running Gentoo at home and RHEL at work and both distros >>>>> wrapped Tomcat into too many layers of scripts in order to make
Re: systemd tomcat script for Linux EL7
Do you have the answer to my question? CentOS Linux release 7.2.1511 I think it actually boils down to 'how do you start start Tomcat as a daemon (using jsvc) on a privileged port (<1024) switching to a no login user (tomcat) on a system that uses a systemd init process. The rant you refer to doesn't explicitly (or implicitly) answer this question. The same startup script that starts Tomcat as above on CentOS release 5.2 which uses the 'old' SysV (I think) init processes using init.d, rc3.d etc and has done for a number of years fails in systemd (all details posted earlier) Has anyone actually got this working or do you all hide behind httpd :-) TIA Lyallex On 17 March 2016 at 00:57, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > jieryn, > > On 3/16/16 1:36 PM, jieryn wrote: >> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house > - -of-horror/tomcat.html > > Wow, >> > lots of ranting about environment variables and little-used PID > files. > > If the author only understood the reasons behind the way catalina.sh > works, he might not have embarrassed himself. > > It must be hard being so smart and important that you have to quit the > Internet for good[1]. > > - -chris > > [1] > http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth > or.html#SMTP > >> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex >> wrote: >>> Apologies for dredging this up but I'm having some problems with >>> this. Any ideas much appreciated. >>> >>> Ii have been forced to move from a version of centOS the used the >>> old /etc/rc.d/init.d way of doing things to a new version of >>> CentOS that uses systemd. The hosts can't or won't help because >>> I'm using a 'non-standard setup' Basically I'm using tomcat >>> standalone on port 80 to serve up my site. I use jsvc with a >>> start/stop script in /etc/rc.d/init.d with symbolic links in >>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly >>> for nearly 4 years. >>> >>> I have installed Tomcat, Java and all required resources on the >>> new server, I have dulpicated the configuration in /etc but >>> needless to say when I restart the server Tomcat doesn't start >>> >>> Starting from the command line as root with >>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts >>> tomcat as root then switches to an unprivileged, no login user >>> (tomcat) >>> >>> I followed your instructions and came up with the following >>> >>> # touch /etc/systemd/system/tomcat.service # nano >>> /etc/systemd/system/tomcat.service >>> >>> tomcat.service looks like this >>> >>> [Unit] Description=The Jakarta Apache/Tomcat Server >>> After=network.target >>> >>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start >>> ExecStop=/etc/rc.d/init.d/tomcat7 stop >>> >>> [Install] WantedBy=multi-user.target >>> >>> # chmod 664 /etc/systemd/system/tomcat.service >>> >>> [root@vps init.d]# systemctl daemon-reload >>> >>> [root@vps init.d]# systemctl start tomcat.service Job for >>> tomcat.service failed because the control process exited with >>> error code. See "systemctl status tomcat.service" and "journalctl >>> -xe" for details. >>> >>> [root@vps init.d]# systemctl status tomcat.service tomcat.service >>> - The Jakarta Apache/Tomcat Server Loaded: loaded >>> (/etc/systemd/system/tomcat.service; disabled; vendor preset: >>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16 >>> 16:40:55 GMT; 18s ago Process: 4596 >>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited, >>> status=203/EXEC) >>> >>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta >>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com >>> systemd[1]: tomcat.service: control process exited, code=exited >>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to >>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55 >>> vps.example.com systemd[1]: Unit tomcat.service entered failed >>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service >>> failed. >>> >>> tomcat7 fwiw >>> >>> >>> # chkconfig: - 71 19 # description: Start up the Tomcat servlet >>> engine. # this is the startup file for the new version
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
It's the simplest way to find out which port you have Tomcat listening on *NIX based systems don't allow non root uses bind to ports < 1024 jsvc http://commons.apache.org/proper/commons-daemon/jsvc.html solves this problem, nobody seems to have grasped that this is what I was asking about. I know of no way to start the container, on port 80 using either startup.sh or catalina.sh using start, run or anything else. If I'm wrong then I would love to see how it's done. CentOS Linux release 7.2.1511 (Core) On 19 March 2016 at 13:46, Daniel Savard wrote: > Why? What is the point? The server.xml has nothing to do with > integration with systemd. > - > Daniel Savard > > > 2016-03-19 1:40 GMT-04:00 Lyallex : >> Would you mind posting your server.xml, here is the relevant bit from mine. >> >> >> >> >connectionTimeout="2" >>redirectPort="8443" /> >> >> >> >> >> >> > resourceName="UserDatabase"/> >> >> >> >> > autoDeploy="true"> >> >> > directory="logs" >>prefix="localhost_access_log" suffix=".txt" >>rotatable="false" pattern="combined" /> >> >> >> >> >> >> On 18 March 2016 at 23:35, Daniel Savard wrote: >>> I believe all distros have over engineered the scripts to start >>> Tomcat. Forget all the scripts from your distro, learn the >>> signification of the environment variables from the catalina.sh script >>> shipped with the default Tomcat version. Define your variables in a >>> file, this file is not a script, so you cannot reuse a previously >>> defined variable, feed your systemd service definition file with this >>> file in the service section as EnvironmentFile=/path/name/to/your/file >>> ExecStart=/path/to/catalina.sh start >>> ExecStop=/path/to/catalina.sh stop >>> >>> and you are done. You control everything from the environment file, >>> you can easily manage the environment variables without editing the >>> systemd's service file. >>> >>> It is much simpler than the OpenRC set of scripts at my humble >>> opinion. I am running Gentoo at home and RHEL at work and both distros >>> wrapped Tomcat into too many layers of scripts in order to make it >>> working with OpenRC while none of these are required to run and manage >>> Tomcat with systemd. >>> >>> In particular with Gentoo, I no longer use the Tomcat distro packaged >>> with Gentoo because they separated the servlet api from Tomcat and you >>> need to wrap things into layers of scripts to define the classpath >>> properly taking this into account, the vanilla classpath.sh file >>> distributed with Tomcat doesn't work and so one. Really, they did a >>> very bad job at integrating Tomcat. >>> >>> Here is my service file: >>> >>> [Unit] >>> Description=Tomcat 8 (Dev) >>> After=syslog.target >>> After=network.target >>> >>> [Service] >>> EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env >>> Type=forking >>> User=tomcat >>> Group=tomcat >>> ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start >>> ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop >>> >>> [Install] >>> WantedBy=multi-user.target >>> >>> >>> And here is the content of my EnvironmentFile: >>> >>> CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" >>> CATALINA_BASE="/tomcat/tomcat-8-dev" >>> CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" >>> JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" >>> CATALINA_PID="/var/run/tomcat-8-dev.pid" >>> >>> >>> - >>> Daniel Savard >>> >>> >>> 2016-03-18 13:31 GMT-04:00 Lyallex : >>>> I thought you might be interested in the resolution to this. >>>> >>>> It turns out that we needed to reproduce the environment in tomcat.service >>>> >>>> For some reason >>>> >>>> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >>>> (file shown at the end of this message) >>>> >>>> Instead, in /etc/systemd/system/tomcat.service
Re: systemd tomcat script for Linux EL7
Apologies for dredging this up but I'm having some problems with this.
Any ideas much appreciated.
Ii have been forced to move from a version of centOS the used the old
/etc/rc.d/init.d
way of doing things to a new version of CentOS that uses systemd. The
hosts can't or won't help because I'm using a 'non-standard setup'
Basically I'm using tomcat standalone on port 80 to serve up my site.
I use jsvc with a start/stop script in /etc/rc.d/init.d with symbolic
links in rc2.d, rc3.d. rc4.d and rc5.d This has been working
faultlessly for nearly 4 years.
I have installed Tomcat, Java and all required resources on the new
server, I have dulpicated the configuration in /etc but needless to
say when I restart the server Tomcat doesn't start
Starting from the command line as root with /etc/rc.d/init.d/tomcat7
works as it has always done and starts tomcat as root then switches to
an unprivileged, no login user (tomcat)
I followed your instructions and came up with the following
# touch /etc/systemd/system/tomcat.service
# nano /etc/systemd/system/tomcat.service
tomcat.service looks like this
[Unit]
Description=The Jakarta Apache/Tomcat Server
After=network.target
[Service]
Type=forking
ExecStart=/etc/rc.d/init.d/tomcat7 start
ExecStop=/etc/rc.d/init.d/tomcat7 stop
[Install]
WantedBy=multi-user.target
# chmod 664 /etc/systemd/system/tomcat.service
[root@vps init.d]# systemctl daemon-reload
[root@vps init.d]# systemctl start tomcat.service
Job for tomcat.service failed because the control process exited with
error code. See "systemctl status tomcat.service" and "journalctl -xe"
for details.
[root@vps init.d]# systemctl status tomcat.service
tomcat.service - The Jakarta Apache/Tomcat Server
Loaded: loaded (/etc/systemd/system/tomcat.service; disabled;
vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2016-03-16 16:40:55 GMT; 18s ago
Process: 4596 ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited,
status=203/EXEC)
Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta
Apache/Tomcat Server...
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service: control
process exited, code=exited status=203
Mar 16 16:40:55 vps.example.com systemd[1]: Failed to start The
Jakarta Apache/Tomcat Server.
Mar 16 16:40:55 vps.example.com systemd[1]: Unit tomcat.service
entered failed state.
Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service failed.
tomcat7 fwiw
# chkconfig: - 71 19
# description: Start up the Tomcat servlet engine.
# this is the startup file for the new version
# 24/10/2013 by lyallex
# use java 7
# JAVA_HOME=/usr/local/java/jdk1.6.0_07
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid
RC=0
case "$1" in
start)
$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
-pidfile '/var/run/tc7/jsvc.pid' \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
RC=$?
[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;
stop)
PID=`cat /var/run/tc7/jsvc.pid`
kill $PID
RC=$?
[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC
TIA
Lyallex
On 5 June 2015 at 13:37, Ray Holme wrote:
> That looks OK, but I would suggest the following.
> Put all the real stuff in a standard bash script with 3 parameters start,
> stop, restart- pretty much like the OLD system 5 way fo doing things.This has
> the advantage of allowing you to add other things you might want to add AND
> executing the script as root is pretty obvious. (I needed to add starting an
> LibreOffice server and a few other daemons to get that going).
Re: systemd tomcat script for Linux EL7
But that doesn't work for ports < 1024 On 17 March 2016 at 01:47, jieryn wrote: > Meh. It's short and sweet and working systemd unit file. > > [Unit] > Description=Apache Tomcat Web Application Container > [Service] > User=tomcat > Group=tomcat > ExecStart=/usr/share/tomcat/bin/catalina.sh run > [Install] > WantedBy=multi-user.target > > > On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz > wrote: >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1 >> >> jieryn, >> >> On 3/16/16 1:36 PM, jieryn wrote: >>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house >> - -of-horror/tomcat.html >> >> Wow, >>> >> lots of ranting about environment variables and little-used PID >> files. >> >> If the author only understood the reasons behind the way catalina.sh >> works, he might not have embarrassed himself. >> >> It must be hard being so smart and important that you have to quit the >> Internet for good[1]. >> >> - -chris >> >> [1] >> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth >> or.html#SMTP >> >>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex >>> wrote: >>>> Apologies for dredging this up but I'm having some problems with >>>> this. Any ideas much appreciated. >>>> >>>> Ii have been forced to move from a version of centOS the used the >>>> old /etc/rc.d/init.d way of doing things to a new version of >>>> CentOS that uses systemd. The hosts can't or won't help because >>>> I'm using a 'non-standard setup' Basically I'm using tomcat >>>> standalone on port 80 to serve up my site. I use jsvc with a >>>> start/stop script in /etc/rc.d/init.d with symbolic links in >>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly >>>> for nearly 4 years. >>>> >>>> I have installed Tomcat, Java and all required resources on the >>>> new server, I have dulpicated the configuration in /etc but >>>> needless to say when I restart the server Tomcat doesn't start >>>> >>>> Starting from the command line as root with >>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts >>>> tomcat as root then switches to an unprivileged, no login user >>>> (tomcat) >>>> >>>> I followed your instructions and came up with the following >>>> >>>> # touch /etc/systemd/system/tomcat.service # nano >>>> /etc/systemd/system/tomcat.service >>>> >>>> tomcat.service looks like this >>>> >>>> [Unit] Description=The Jakarta Apache/Tomcat Server >>>> After=network.target >>>> >>>> [Service] Type=forking ExecStart=/etc/rc.d/init.d/tomcat7 start >>>> ExecStop=/etc/rc.d/init.d/tomcat7 stop >>>> >>>> [Install] WantedBy=multi-user.target >>>> >>>> # chmod 664 /etc/systemd/system/tomcat.service >>>> >>>> [root@vps init.d]# systemctl daemon-reload >>>> >>>> [root@vps init.d]# systemctl start tomcat.service Job for >>>> tomcat.service failed because the control process exited with >>>> error code. See "systemctl status tomcat.service" and "journalctl >>>> -xe" for details. >>>> >>>> [root@vps init.d]# systemctl status tomcat.service tomcat.service >>>> - The Jakarta Apache/Tomcat Server Loaded: loaded >>>> (/etc/systemd/system/tomcat.service; disabled; vendor preset: >>>> disabled) Active: failed (Result: exit-code) since Wed 2016-03-16 >>>> 16:40:55 GMT; 18s ago Process: 4596 >>>> ExecStart=/etc/rc.d/init.d/tomcat7 start (code=exited, >>>> status=203/EXEC) >>>> >>>> Mar 16 16:40:55 vps.example.com systemd[1]: Starting The Jakarta >>>> Apache/Tomcat Server... Mar 16 16:40:55 vps.example.com >>>> systemd[1]: tomcat.service: control process exited, code=exited >>>> status=203 Mar 16 16:40:55 vps.example.com systemd[1]: Failed to >>>> start The Jakarta Apache/Tomcat Server. Mar 16 16:40:55 >>>> vps.example.com systemd[1]: Unit tomcat.service entered failed >>>> state. Mar 16 16:40:55 vps.example.com systemd[1]: tomcat.service >>>> failed. >>>> >>>> tomcat7 fwiw >>>> >>>> >>>> # chkconfig: - 71 19 # description: Start up the T
porting jsvc startup script from init.d to systemd tomcat.service, resolved
I thought you might be interested in the resolution to this.
It turns out that we needed to reproduce the environment in tomcat.service
For some reason
ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work
(file shown at the end of this message)
Instead, in /etc/systemd/system/tomcat.service
we have had to reproduce the environment in longhand to get it to work.
It appears that systemd doesn't expand variables so I really need to
investigate the systemd Environment thing a bit more.
Anyway, when I shutdown -r now the server comes back up and tomcat is
running at the unprivileged tomcat user on port 80 so that's a result
== /etc/systemd/system/tomcat.service
[Unit]
Description=Apache Tomcat Web Application Container
After=network.target
[Service]
Type=forking
User=root
ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \
-user tomcat \
-home /opt/jdk1.7.0_45 \
-Dcatalina.home=/opt/apache-tomcat-7.0.42 \
-Dcatalina.base=/opt/apache-tomcat-7.0.42 \
-Djava.io.tmpdir=/var/tmp \
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \
-errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \
-pidfile /var/run/tc7/jsvc.pid \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties
\
-cp
/opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar
\
org.apache.catalina.startup.Bootstrap
ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid
ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
[Install]
WantedBy=multi-user.target
Oh happy day
Thanks again to all responders
Lyallex
= /etc/rc.d/init.d/tomcat7 =
JAVA_HOME=/opt/jdk1.7.0_45
CATALINA_HOME=/opt/apache-tomcat-7.0.42
export JAVA_HOME CATALINA_HOME
CLASSPATH=$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar:$JAVA_HOME/lib/tools.jar:$CATALINA_HOME/bin/tomcat-juli.jar
TOMCAT_USER=tomcat
TMPDIR=/var/tmp
PIDFILE=/var/run/tc7/jsvc.pid
RC=0
case "$1" in
start)
$CATALINA_HOME/bin/jsvc -user $TOMCAT_USER -home $JAVA_HOME
-Dcatalina.home=/opt/apache-tomcat-7.0.42
-Dcatalina.base=$CATALINA_HOME -Djava.io.tmpdir=$TMPDIR
-Djava.awt.headless=true \
-Xms512m \
-Xmx1024m \
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
-pidfile '/var/run/tc7/jsvc.pid' \
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \
-Djava.util.logging.config.file=$CATALINA_HOME/conf/logging.properties \
-cp $CLASSPATH \
org.apache.catalina.startup.Bootstrap
RC=$?
[ $RC = 0 ] && touch /var/tc7lock/subsys/tomcat
echo "starting tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat started"
;;
stop)
PID=`cat /var/run/tc7/jsvc.pid`
kill $PID
RC=$?
[ $RC = 0 ] && rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid
echo "stopping tomcat7 on darkstar with:"
echo "JAVA_HOME=$JAVA_HOME"
echo "CATALINA_HOME=$CATALINA_HOME"
echo "CLASSPATH=$CLASSPATH"
echo "tomcat stopped"
;;
*)
echo "Usage: $0 {start|stop}"
exit 1
esac
exit $RC
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: systemd tomcat script for Linux EL7
Firstly apologies to anyone I have sent an unsolicited reply to personally, Stupid, tired, It won't happen again Thanks to all for the responses so far The problem with using the startup and shutdown scripts is that the process ends up running as root. As any server admin worth his salt will tell you, running a 'public facing' service as root is a bad idea. The whole point of using jsvc is that you can start the container as root and switch to a non-privileged user later on. Thanks to those who have offered systemd type solutions, unfortunately none of them work on CentOS Linux release 7.2.1511. I now face the prospect of having to wade through the systemd docs and spend as much as needed experimenting to get this to work as required, still, I have nothing better to do ! Thanks again Lyallex On 17 March 2016 at 11:41, jieryn wrote: > ExecStartPre=/usr/sbin/setcap 'cap_net_bind_service=+ep' > /usr/share/tomcat/bin/catalina.sh > > I see a lot of advice for start/stop instead of run within systemd > unit files, both here and in the wild. The gem in the rant I linked is > about start vs run. Sorry if you didn't see it. > > On Thu, Mar 17, 2016 at 1:42 AM, Lyallex wrote: >> But that doesn't work for ports < 1024 >> >> >> On 17 March 2016 at 01:47, jieryn wrote: >>> Meh. It's short and sweet and working systemd unit file. >>> >>> [Unit] >>> Description=Apache Tomcat Web Application Container >>> [Service] >>> User=tomcat >>> Group=tomcat >>> ExecStart=/usr/share/tomcat/bin/catalina.sh run >>> [Install] >>> WantedBy=multi-user.target >>> >>> >>> On Wed, Mar 16, 2016 at 8:57 PM, Christopher Schultz >>> wrote: >>>> -BEGIN PGP SIGNED MESSAGE- >>>> Hash: SHA1 >>>> >>>> jieryn, >>>> >>>> On 3/16/16 1:36 PM, jieryn wrote: >>>>> http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/systemd-house >>>> - -of-horror/tomcat.html >>>> >>>> Wow, >>>>> >>>> lots of ranting about environment variables and little-used PID >>>> files. >>>> >>>> If the author only understood the reasons behind the way catalina.sh >>>> works, he might not have embarrassed himself. >>>> >>>> It must be hard being so smart and important that you have to quit the >>>> Internet for good[1]. >>>> >>>> - -chris >>>> >>>> [1] >>>> http://homepage.ntlworld.com/jonathan.deboynepollard/contacting-the-auth >>>> or.html#SMTP >>>> >>>>> On Wed, Mar 16, 2016 at 1:01 PM, Lyallex >>>>> wrote: >>>>>> Apologies for dredging this up but I'm having some problems with >>>>>> this. Any ideas much appreciated. >>>>>> >>>>>> Ii have been forced to move from a version of centOS the used the >>>>>> old /etc/rc.d/init.d way of doing things to a new version of >>>>>> CentOS that uses systemd. The hosts can't or won't help because >>>>>> I'm using a 'non-standard setup' Basically I'm using tomcat >>>>>> standalone on port 80 to serve up my site. I use jsvc with a >>>>>> start/stop script in /etc/rc.d/init.d with symbolic links in >>>>>> rc2.d, rc3.d. rc4.d and rc5.d This has been working faultlessly >>>>>> for nearly 4 years. >>>>>> >>>>>> I have installed Tomcat, Java and all required resources on the >>>>>> new server, I have dulpicated the configuration in /etc but >>>>>> needless to say when I restart the server Tomcat doesn't start >>>>>> >>>>>> Starting from the command line as root with >>>>>> /etc/rc.d/init.d/tomcat7 works as it has always done and starts >>>>>> tomcat as root then switches to an unprivileged, no login user >>>>>> (tomcat) >>>>>> >>>>>> I followed your instructions and came up with the following >>>>>> >>>>>> # touch /etc/systemd/system/tomcat.service # nano >>>>>> /etc/systemd/system/tomcat.service >>>>>> >>>>>> tomcat.service looks like this >>>>>> >>>>>> [Unit] Description=The Jakarta Apache/Tomcat Server >>>>>> After=network.target >>>>>> >>>>>> [Service] Type=fo
Re: porting jsvc startup script from init.d to systemd tomcat.service, resolved
Would you mind posting your server.xml, here is the relevant bit from mine. On 18 March 2016 at 23:35, Daniel Savard wrote: > I believe all distros have over engineered the scripts to start > Tomcat. Forget all the scripts from your distro, learn the > signification of the environment variables from the catalina.sh script > shipped with the default Tomcat version. Define your variables in a > file, this file is not a script, so you cannot reuse a previously > defined variable, feed your systemd service definition file with this > file in the service section as EnvironmentFile=/path/name/to/your/file > ExecStart=/path/to/catalina.sh start > ExecStop=/path/to/catalina.sh stop > > and you are done. You control everything from the environment file, > you can easily manage the environment variables without editing the > systemd's service file. > > It is much simpler than the OpenRC set of scripts at my humble > opinion. I am running Gentoo at home and RHEL at work and both distros > wrapped Tomcat into too many layers of scripts in order to make it > working with OpenRC while none of these are required to run and manage > Tomcat with systemd. > > In particular with Gentoo, I no longer use the Tomcat distro packaged > with Gentoo because they separated the servlet api from Tomcat and you > need to wrap things into layers of scripts to define the classpath > properly taking this into account, the vanilla classpath.sh file > distributed with Tomcat doesn't work and so one. Really, they did a > very bad job at integrating Tomcat. > > Here is my service file: > > [Unit] > Description=Tomcat 8 (Dev) > After=syslog.target > After=network.target > > [Service] > EnvironmentFile=/tomcat/tomcat-8-dev/bin/tomcat-8-dev.env > Type=forking > User=tomcat > Group=tomcat > ExecStart=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh start > ExecStop=/opt/apache-tomcat/apache-tomcat-8.0.32_ds/bin/catalina.sh stop > > [Install] > WantedBy=multi-user.target > > > And here is the content of my EnvironmentFile: > > CATALINA_HOME="/opt/apache-tomcat/apache-tomcat-8.0.32_ds" > CATALINA_BASE="/tomcat/tomcat-8-dev" > CATALINA_OUT="/var/log/tomcat-8-dev/catalina.out" > JAVA_HOME="/opt/oracle-jdk-bin-1.8.0.74" > CATALINA_PID="/var/run/tomcat-8-dev.pid" > > > - > Daniel Savard > > > 2016-03-18 13:31 GMT-04:00 Lyallex : >> I thought you might be interested in the resolution to this. >> >> It turns out that we needed to reproduce the environment in tomcat.service >> >> For some reason >> >> ExecStart=/etc/rc.d/init.d/tomcat7 doesn't work >> (file shown at the end of this message) >> >> Instead, in /etc/systemd/system/tomcat.service >> we have had to reproduce the environment in longhand to get it to work. >> It appears that systemd doesn't expand variables so I really need to >> investigate the systemd Environment thing a bit more. >> Anyway, when I shutdown -r now the server comes back up and tomcat is >> running at the unprivileged tomcat user on port 80 so that's a result >> >> == /etc/systemd/system/tomcat.service >> [Unit] >> Description=Apache Tomcat Web Application Container >> After=network.target >> >> [Service] >> Type=forking >> User=root >> >> ExecStart=/opt/apache-tomcat-7.0.42/bin/jsvc \ >> -user tomcat \ >> -home /opt/jdk1.7.0_45 \ >> -Dcatalina.home=/opt/apache-tomcat-7.0.42 \ >> -Dcatalina.base=/opt/apache-tomcat-7.0.42 \ >> -Djava.io.tmpdir=/var/tmp \ >> -Djava.awt.headless=true \ >> -Xms512m \ >> -Xmx1024m \ >> -outfile /opt/apache-tomcat-7.0.42/logs/catalina.out \ >> -errfile /opt/apache-tomcat-7.0.42/logs/catalina.err \ >> -pidfile /var/run/tc7/jsvc.pid \ >> -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager \ >> -Djava.util.logging.config.file=/opt/apache-tomcat-7.0.42/conf/logging.properties >> \ >> -cp >> /opt/apache-tomcat-7.0.42/bin/bootstrap.jar:/opt/apache-tomcat-7.0.42/bin/commons-daemon.jar:/opt/jdk1.7.0_45/lib/tools.jar:/opt/apache-tomcat-7.0.42/bin/tomcat-juli.jar >> \ >> org.apache.catalina.startup.Bootstrap >> >> ExecStop=/bin/kill -9 /var/run/tc7/jsvc.pid >> ExecStopPost=/bin/rm -f /var/tc7lock/subsys/tomcat /var/run/tc7/jsvc.pid >> >> [Install] >> WantedBy=multi-user.target >> >> >> Oh happy day >> Thanks again to all responders >> >> Lyallex >> >> = /etc/rc.d
Re: How to comply with http://www.sitemaps.org/protocol.html#location
Oh ... well ... how smart is that, works like a dream, nice one Thanks Lyallex On 14 March 2016 at 10:34, Terence M. Bandoian wrote: > On 3/13/2016 10:23 AM, Lyallex wrote: >> >> CentOS 5.2 >> jdk1.7.0_45 >> apache-tomcat-7.0.42 >> no httpd, tomcat only, one webapp ROOT.war >> >> According to the documentation at >> >> http://www.sitemaps.org/protocol.html#location >> >> An xml sitemap should appear in the context root, if it dosn't it can >> only contain a limited set of urls. >> >> Currently, whenever I add a new product for sale I auto generate >> sitemap.xml and write it to a remote context called sitemap giving me >> the sitemap URL >> >> www.mysite.com/sitemap/sitemap.xml which I detail in robots.txt >> >> However this is apparently incorrect and sitemap.xml should live at >> www.mysite.com/sitemap.xml. Unfortunately it is not possible to write >> to the root of my web app on the fly so how do people deal with this ? >> >> Thanks >> Lyallex >> > > > One solution might be to write a servlet mapped to /sitemap.xml that reads > sitemap.xml from an alternate location and sends the contents as a response > to any requests for /sitemap.xml > > -Terence Bandoian > http://www.tmbsw.com/ > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
How to comply with http://www.sitemaps.org/protocol.html#location
CentOS 5.2 jdk1.7.0_45 apache-tomcat-7.0.42 no httpd, tomcat only, one webapp ROOT.war According to the documentation at http://www.sitemaps.org/protocol.html#location An xml sitemap should appear in the context root, if it dosn't it can only contain a limited set of urls. Currently, whenever I add a new product for sale I auto generate sitemap.xml and write it to a remote context called sitemap giving me the sitemap URL www.mysite.com/sitemap/sitemap.xml which I detail in robots.txt However this is apparently incorrect and sitemap.xml should live at www.mysite.com/sitemap.xml. Unfortunately it is not possible to write to the root of my web app on the fly so how do people deal with this ? Thanks Lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 ssl by default
On 18 December 2014 at 14:06, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Duncan, > > On 12/18/14 4:18 AM, Lyallex wrote: >> On 17 December 2014 at 22:37, Christopher Schultz >> wrote: Duncan, >> >> On 12/17/14 12:32 PM, Lyallex wrote: >>>>> Yea I thought of this, the problem is I currently have a user >>>>> area that requires a login and all this is currently >>>>> configured in web.xml and I'm not sure how all this will fit >>>>> together. I'll try a few things out and see what happens. >> >> You can have multiple, overlapping security-constraints. One of >> them (which covers the whole site) will require HTTPS, the other >> (existing one) will require authentication and authorization, but >> only for certain (again, existing) URL patterns. >> >> Should be no problem. >> >>> You are correct, I followed Marks instructions, set up a new >>> security constraint and restarted the server now when I access >>> localhost I get 'redirected' to https://localhost which is what I >>> wanted, it was the whole overlapping security-constraint thing >>> that was vexing me somewhat. >> >>> I can also log into my user and admin areas as normal which is a >>> relief but I'm getting some problems with AJAX not updating the >>> live areas of my site so I'll have to look into that. >> >>> Now I know this is probably OT but I'm in the UK and was >>> wondering if anyone has found a UK certification co that has >>> decent customer support as I now have to figure out how to buy >>> and install a certificate with the right params in a standalone >>> Tomcat instance. My server hosts don't offer support in this area >>> as they seem to be obsessed with Apache httpd :-( > > You can use keytool to create your CSR and give it to the CA, and when > they give you back a PEM-encoded .crt file, you can import it back > into keytool, you just need to know the magic words to do it. So it > doesn't matter what the CA says they officially support; you should be > able to handle whatever they give you, since it's all X.509 no matter > what. I have the keytool stuff working now, I can create keystores and CSRs and what have you and access my site on staging (with the obvious warnings etc) Actually some of the CAs have tools on their websites example: https://www.digicert.com/csr-creation.htm I use the tool then take the resulting command string to bits so I can figure out what's going on, great fun. (I really must get a life). > If you want to get a free certificate, try StartCom (startssl.com). > They are trusted by most browsers and offer no-cost standard SSL > certificates. You have to pay if you want EV certs, or if you want to > revoke a cert you've requested in the past. They can also do > code-signing certs and other things, for a fee. OK, thanks for the heads up. Obviously the cert I end up with needs to be as widely recognized as possible so I'm currently looking at all the browsers I have here (on laptops, tablets, smart phones, whatever gizmo) to see which CAs appear most frequently. Thanks to all for the advice, I'll probably be back when it all goes horribly wrong :-) Duncan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 7 ssl by default
On 17 December 2014 at 22:37, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Duncan, > > On 12/17/14 12:32 PM, Lyallex wrote: >> Yea I thought of this, the problem is I currently have a user area >> that requires a login and all this is currently configured in >> web.xml and I'm not sure how all this will fit together. I'll try a >> few things out and see what happens. > > You can have multiple, overlapping security-constraints. One of them > (which covers the whole site) will require HTTPS, the other (existing > one) will require authentication and authorization, but only for > certain (again, existing) URL patterns. > > Should be no problem. You are correct, I followed Marks instructions, set up a new security constraint and restarted the server now when I access localhost I get 'redirected' to https://localhost which is what I wanted, it was the whole overlapping security-constraint thing that was vexing me somewhat. I can also log into my user and admin areas as normal which is a relief but I'm getting some problems with AJAX not updating the live areas of my site so I'll have to look into that. Now I know this is probably OT but I'm in the UK and was wondering if anyone has found a UK certification co that has decent customer support as I now have to figure out how to buy and install a certificate with the right params in a standalone Tomcat instance. My server hosts don't offer support in this area as they seem to be obsessed with Apache httpd :-( Many thanks Duncan > > - -chris > >> On 17 December 2014 at 17:20, Mark Thomas >> wrote: >>> On 17/12/2014 17:10, Lyallex wrote: >>>> Tomcat 7.0.42 jdk1.7.0_51 Ubuntu 12.04/CentOS dev/deploy >>>> >>>> I have been reading more and more about Google and the like >>>> prioritising sites that employ https/ssl by default. Currently >>>> my site does not use https but delegates payment to a secure >>>> payment provider who does, thusly I have avoided going through >>>> the pain of certification etc, now it appears I have little >>>> option but to implement https site wide. I have managed to get >>>> a keystore going and have configured tomcat to serve a self >>>> signed certificate when accessing the site by https (default >>>> port 443) >>>> >>>> so http://localhost accesses the home page and >>>> https://localhost pops up a warning in Firefox regarding an >>>> unknown certification authority. This is all good and I'm >>>> pretty sure I understand so far. >>>> >>>> I have noticed that if I type http://www.google.co.uk in to a >>>> browser the address is automatically changed (redirected) to >>>> https://www.google.co.uk and I would like the same to happen to >>>> my site. >>>> >>>> Here is the question. Is this 'redirection' something I need to >>>> configure myself , (can it be done in server.xml for example) >>>> or is this something the people I rent my server from need to >>>> do at their end. >>> >>> It depends on exactly how things are set up. >>> >>> The first thing I would try is adding something like the >>> following to your web.xml: >>> >>> >>> Everything >>> /* >>> >>> CONFIDENTIAL >>> >>> >>> If I have remembered my syntax correctly, that should route >>> every request to https if it isn't already. >>> >>> Mark >>> >>> >>> - >>> >>> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >>> For additional commands, e-mail: users-h...@tomcat.apache.org >>> >> >> - >> >> > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> > -BEGIN PGP SIGNATURE- > Version: GnuPG v1 > Comment: GPGTools - http://gpgtools.org > > iQIcBAEBCAAGBQJUkgWTAAoJEBzwKT+lPKRYVgYP/0MIsch7SiF2bcMqJtDG7Ovn > OFSRej7i+6Mjd0efs6h7QKUqAep8C0QKufOFH7Isn2aZa2TYLQXWIKVJtDqbAqz+ > 92K/gpWtZ2FGkB/Qg0GNPWNg/em5u/XWJeFjqMPfufZIk/yIZkMByFzDjXiuS/0n > rIdadWqzjvkMJcKAfRzO5CuVPcennzovSLB2/ReGA4lYLzc7b81Stxe+6pE0JBg/ > XVzu0BFLuBfKHL0KYL/7TFaYQOpbkSc0ROS3UtzNVNyquXMwYjqCDImpcElvnYYZ > XX1eMNFnOf6M+sPItHllJiWHzaQYd3vA9axHeE5/F5XiXruYr8V714jRdQH+XCwX > FxcalpMw3wb
Re: Tomcat 7 ssl by default
Yea I thought of this, the problem is I currently have a user area that requires a login and all this is currently configured in web.xml and I'm not sure how all this will fit together. I'll try a few things out and see what happens. Thanks for taking the time to respond Duncan On 17 December 2014 at 17:20, Mark Thomas wrote: > On 17/12/2014 17:10, Lyallex wrote: >> Tomcat 7.0.42 >> jdk1.7.0_51 >> Ubuntu 12.04/CentOS dev/deploy >> >> I have been reading more and more about Google and the like >> prioritising sites that employ https/ssl by default. Currently my site >> does not use https but delegates payment to a secure payment provider >> who does, thusly I have avoided going through the pain of >> certification etc, now it appears I have little option but to >> implement https site wide. I have managed to get a keystore going and >> have configured tomcat to serve a self signed certificate when >> accessing the site by https (default port 443) >> >> so http://localhost accesses the home page >> and https://localhost pops up a warning in Firefox regarding an >> unknown certification authority. This is all good and I'm pretty sure >> I understand so far. >> >> I have noticed that if I type http://www.google.co.uk in to a browser >> the address is automatically changed (redirected) to >> https://www.google.co.uk and I would like the same to happen to my >> site. >> >> Here is the question. >> Is this 'redirection' something I need to configure myself , (can it >> be done in server.xml for example) or is this something the people I >> rent my server from need to do at their end. > > It depends on exactly how things are set up. > > The first thing I would try is adding something like the following to > your web.xml: > > > > Everything > /* > > > CONFIDENTIAL > > > > If I have remembered my syntax correctly, that should route every > request to https if it isn't already. > > Mark > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 ssl by default
Tomcat 7.0.42 jdk1.7.0_51 Ubuntu 12.04/CentOS dev/deploy I have been reading more and more about Google and the like prioritising sites that employ https/ssl by default. Currently my site does not use https but delegates payment to a secure payment provider who does, thusly I have avoided going through the pain of certification etc, now it appears I have little option but to implement https site wide. I have managed to get a keystore going and have configured tomcat to serve a self signed certificate when accessing the site by https (default port 443) so http://localhost accesses the home page and https://localhost pops up a warning in Firefox regarding an unknown certification authority. This is all good and I'm pretty sure I understand so far. I have noticed that if I type http://www.google.co.uk in to a browser the address is automatically changed (redirected) to https://www.google.co.uk and I would like the same to happen to my site. Here is the question. Is this 'redirection' something I need to configure myself , (can it be done in server.xml for example) or is this something the people I rent my server from need to do at their end. TIA Duncan - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Running Tomcat under jsvc - logging problems
On 4 December 2012 21:18, Konstantin Kolinko wrote: > 2012/12/5 Lyallex : > > On 4 December 2012 19:41, Konstantin Kolinko > wrote: > > > >> 2012/12/4 Lyallex : > >> > On 4 December 2012 18:50, Konstantin Kolinko > >> wrote: > > [snip] > Moreover, I think it should run just fine with an older jsvc. > > OK, thanks for your assistance, it seems fairly obvious then that there is some aspect of the logging config that I've missed. I've never really got my head around logging, It's a bit like a washing machine, I don't know or care how it works, it just does. I suppose I'll have to start reading ... I've just got so many more interesting things to be getting on with. Ho Hum Thanks again Lyallex
Re: Running Tomcat under jsvc - logging problems
On 4 December 2012 19:41, Konstantin Kolinko wrote: > 2012/12/4 Lyallex : > > On 4 December 2012 18:50, Konstantin Kolinko > wrote: > >> > [snip] > > > > I do not know why it worked in 6.0.18. > No, nor do I but I've (apparently) reproduced the 0.18 config for the 0.36 instance and the logging works in the former and not in the latter I just need to get something straight, maybe you can help me. I say that Tomcat 6.0.36 binary distribution should run under jsvc without needing a recompile. Is this correct (I hope it is because it's running fine right now out of the box except for the logging) Thanks for taking the time to reply Lyallex > > Best regards, > Konstantin Kolinko > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Running Tomcat under jsvc - logging problems
On 4 December 2012 18:50, Konstantin Kolinko wrote:
> [snip]
> >
> > Any advice on how I can get the logging working will be much appreciated
> >
> >
> > Lyallex
> >
> >
> >
> > handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
> >
> >
> > # Handler specific properties.
> > # Describes specific configuration info for Handlers.
> >
> >
> > org.apache.juli.FileHandler.level = ALL
> > org.apache.juli.FileHandler.directory = ${catalina.base}/logs
> > org.apache.juli.FileHandler.prefix = MyApp.
> >
> > java.util.logging.ConsoleHandler.level = ALL
> > java.util.logging.ConsoleHandler.formatter =
> > java.util.logging.SimpleFormatter
>
>
>
> 1. "java.util.logging.ConsoleHandler" prints to System.err.
>
> Some other "console logging" implementations log to System.out.
>
> Do you need a ConsoleHandler at all? (You are effectively printing the
> same log messages into two places a) ConsoleHandler, b) FileHandler ).
>
Well possibly not but it's irrelevant as logging.properties is being
ignored
so I don't get the output anyway, particularly I get no log file named
MyApp ...
>
> 2. To initialize logging properly you need to configure system
> properties "java.util.logging.config.file" and
> "java.util.logging.manager"
> the same way as they are set by catalina.sh file.
>
> Have you specified the "java.util.logging.manager" property in your
> arguments to jsvc?
>
Well no but then I never had it with 6.0.18 and that logged perfectly,
also catalina.sh is not executed when running under jsvc but I think you may
just be using that as an example ... I hope
sigh
I'll look into it
Thanks
Lyallex
>
> Best regards,
> Konstantin Kolinko
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Running Tomcat under jsvc - logging problems
Hi
apache-tomcat-6.0.36
CentOS
uname -m = i686
uname -r = 2.6.18-028stab070.14-ent
uname -s = Linux :-)
jdk1.6.0_07
I have recently upgraded my production server from apache-tomcat-6.0.18 to
6.0.36 so that my live and dev
env's are as similar as possible
6.0.18 runs fine and logs as expected, this version was already installed
when I
started renting the server from the hosting company, it runs as user tomcat
under jsvc.
I compiled jsvc from the source included in the 6.0.36 distro
following the instructions in the tomcat docs and copied
/etc/init.d/tomcat6 (the old start/stop script) to
/etc/init.d/tomcat. I modified the file to point to the new version and
started the server
/etc/init.d/tomcat has been pasted at http://pastebin.com/ihGDJb1C for your
perusal should you wish.
Actually Tomcat runs fine, it serves my site and carries a good load (200+
sessions concurrently with no apparent degradation)
there is no Apache front end, Tomcat runs standalone. The problem is with
the logging
/etc/init.d/tomcat has the following two lines
-outfile $CATALINA_HOME/logs/catalina.out \
-errfile $CATALINA_HOME/logs/catalina.err \
And here's the problem. Most of the logging output ends up in catalina.err
even though there are no errors in the logs
occasionally a few lines from my application loggers end up in
catalina.out. I also have logging.properties
in WEB-INF/classes. This has been around ever since I deployed the first
version of my app a couple of years ago
and has always produced the expected output. Now I get nothing.
The hosting companies preferred solution is to recompile tomcat 'for a one
off fee' (I kid you not). I'm pretty sure that Tomcat doesn't need
rebuilding to run under jsvc
and if it does I'm quite capable of building it myself, so no help there
then ...
logging.properties reproduced below just FYI if you want it.
Any advice on how I can get the logging working will be much appreciated
Lyallex
handlers = org.apache.juli.FileHandler, java.util.logging.ConsoleHandler
# Handler specific properties.
# Describes specific configuration info for Handlers.
org.apache.juli.FileHandler.level = ALL
org.apache.juli.FileHandler.directory = ${catalina.base}/logs
org.apache.juli.FileHandler.prefix = MyApp.
java.util.logging.ConsoleHandler.level = ALL
java.util.logging.ConsoleHandler.formatter =
java.util.logging.SimpleFormatter
Re: This is just plain ... odd.
Don't shout at me for top posting
In this instance it's justified
Thanks for your continued work on this. I have to get some lines of code
down
as release date is fast approaching but I will try your code as soon as I
have time
Thanks for you continued work on this
Lyallex
On 9 November 2012 05:08, Christopher Schultz
wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Russ,
>
> On 11/8/12 6:05 PM, Russ Kepler wrote:
> > On Thursday, November 08, 2012 07:36:20 PM Lyallex wrote:
> >
> >> The only difference between the two executions is the fact that
> >> the test code executes in it's own instance of the JVM whereas
> >> the other execution runs in an instance shared with the
> >> container.
> >>
> >> I accept that the behaviour may be undefined even though it is
> >> consistently repeatable in both environments but surely given
> >> everything else being equal the results should be the same ... or
> >> maybe I'm just losing the plot.
> >
> > No, you're right but just missing some small difference in the
> > environments.
> >
> > I'd verify that you get the same input data in the same order in
> > both cases, and that you're starting with the same size container
> > [...]
>
> After writing a bench test that I couldn't get to fail, your comment
> here tripped a thought in my brain: the "container" size. So, I added
> an element to my list of Strings and boom: failure. It turns out that
> the collection size doesn't matter: I just hadn't been iterating
> enough, so I added a loop that will run until the initial sorted order
> doesn't match the re-sorted order (with shuffles in between).
>
> Lyallex, see the code below: it will fail after a few iterations to
> produce the same element ordering. Switch from BrokenSorter to
> WorkingSorter and you'll find that it runs forever.
>
> Are you *sure* that your database always returns the items in the same
> order? If you plan on sorting alphabetically later, why bother sorting
> by id when fetching? Unless you are really sorting by id when
> fetching, the data can come back in any order. It may *often* be in
> entry-sequenced order, but it is certainly not guaranteed to be.
>
> The code below shows that, without any funny business, the sort can
> work sometimes and not in others.
>
> Enjoy,
> - -chris
>
> import java.util.ArrayList;
> import java.util.Arrays;
> import java.util.Collections;
> import java.util.Comparator;
> import java.util.List;
>
> public class SortTest
> {
> public static void main(String[] args)
> {
> String[] fruits = new String[] {
> "Apples",
> "Bananas",
> "Coconuts",
> "Dates",
> "Eggplants",
> "Figs",
> "Grapefruits",
> "Honeydews",
> "Ilamas",
> "Jambolans",
> "Kepels",
> "Lemons",
> "Miscellaneous",
> "Nectarines"
> };
>
> List fruitList = Arrays.asList(fruits);
>
> Comparator sorter = new BrokenSorter();
>
> System.out.println("Initial order: " + fruitList);
>
> Collections.sort(fruitList, sorter);
> System.out.println("Sort 1: " + fruitList);
>
> List saved = new ArrayList(fruitList);
>
> int i = 1;
> do
> {
> Collections.shuffle(fruitList);
> Collections.sort(fruitList, sorter);
> System.out.println("Sort " + (++i) + ": " + fruitList);
> }
> while(fruitList.equals(saved));
> System.out.println("Stopped after " + i + " iterations because
> the list did not sort the same way.");
> }
>
> static class BrokenSorter
> implements Comparator
> {
> @Override
> public int compare(String a, String b)
> {
> if(a.equals("Miscellaneous"))
> return 1;
> return a.compareTo(b);
> }
> }
> static class WorkingSorter
> implements Comparator
> {
> @Override
> public int compare(String a, String b)
> {
> if(a.equals("Miscellaneous"))
> return 1;
>
> if(b.equals("Miscellaneous"))
> return -1;
>
> return a.compareTo(b);
> }
> }
> }
> -BEGIN PGP SIGNATURE-
> Version: GnuPG/MacGPG2 v2.0.17 (Darwin)
> Comment: GPGTools - http://gpgtools.org
> Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
>
> iEYEARECAAYFAlCcj7cACgkQ9CaO5/Lv0PBpawCeORBT62XWcjyw+SruT6Bhkh50
> sDEAn1ZjSiPR70+DV/QVBFOjXKjH498o
> =F3QS
> -END PGP SIGNATURE-
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
Re: This is just plain ... odd.
> > I have a facade that publishes a method that contracts to return a
> > list of categories ordered alphabetically
>
> All problems in computer science can be solved by another layer of
> abstraction. Sure you can't fit a Proxy to a Service in there?
>
>
Hmm an oldie but goodie we can discuss software analysis and design if you
like
but it's a bit OT.
> [snip]
>
> What does that "custom tag" do? A beer says it sorts something. Or,
> maybe you have some silly client-side process that sorts the entries
> after they are loaded into the browser.
>
Well I quite like Wadworth 6X I'll give you my paypal account address and
you can deposit £3.30 :-))
I can assure you I'm quite familiar with my own code and no secondary sort
is going on.
As succinctly as possible
MySQL returns results sorted by primary key by default AFAIAA
no explicit sorting is done in the database access code
/* Category server (database access) */
public List getCategories(Connection conn) throws
CategoryServerException{
String sql = "select * from Category";
populate list then return it NO SORTING
/* facade deals with transactional connections etc*/
public List getAllCategories() throws CategoryException
CategoryServer categories = new CategoryServer();
allcats = categories.getCategories(conn);
Collections.sort(allcats);
/* Initialization servlet */
CategoryFacade cats = new CategoryFacade();
List categories = cats.getAllCategories();
getServletContext().setAttribute(WebConstants.ALPHACATS, categories);
/* CategoryWriter custom tag */
List cats =(List)
pageContext.getServletContext().getAttribute(WebConstants.ALPHACATS);
Iterator iter = cats.iterator();
Category c = null;
StringBuffer buf = new StringBuffer();
while(iter.hasNext()){
//build the output
//output it
That's it, really, there is no more
I need to get to the bottom of this as it's bugging the hell out of me
a pound to a penny says it's something simple/stupid. I'll try what you
suggest re wrapping the collection
Thanks
Lyallex
Re: This is just plain ... odd.
> [snip] > > You got the same (wrongish) results since you gave the sort the same order > in > the list. I can't recall how merge sort can freak out when given > conflicting > compares, I seem to recall that you might get an endless loop under some > circumstances as it orders and reorders the same group of objects. > This is all very interesting, no really it is, but it doesn't really answer the original question which is that given the same initial data in the same initial order and executing exactly the same code in the same release of Java produces different results. The only difference between the two executions is the fact that the test code executes in it's own instance of the JVM whereas the other execution runs in an instance shared with the container. I accept that the behaviour may be undefined even though it is consistently repeatable in both environments but surely given everything else being equal the results should be the same ... or maybe I'm just losing the plot. Lyallex
Re: This is just plain ... odd.
> I'm not sure that you can ever get consistent results if the input order is > random. Well perhaps 'random' was a bit 'random' the select returns the data in the same order it was entered, ordered by id. Not necessarily the same as alpha as I'm sure you appreciate. the fact is that the data was always returned in the same order by the database, just not the order I wanted. This is why I was particularly confused. Whatever, your code works, now I just gotta figure out why Thanks Lyallex
This is just plain ... odd.
Java 1.6
Tomcat 6.0.35
Ubuntu Linux 12.04
I thought about posting this to a Java list but I can't
reproduce it 'standalone' so I thought I'd have a go here.
It's quite long and involved...
I have a web application that lists items for sale by category
I have a facade that publishes a method that contracts to return
a list of categories ordered alphabetically
The category 'Miscellaneous' is required to be appended to the end of the
list.
My facade calls out to a database server that returns a List
in random order. I then call collections.sort on the list and return the
result.
I've been messing around with various things and I have come up against a
very
strange problem.
One way of satisfying the contract is to write the Category class as follows
I'm not suggesting this is in any way acceptable industrial strength
code, I'm doing it to illustrate a point.
public class Category implements Comparable{
private Integer categoryId = 0;
private String category = "";
@Override
public int compareTo(Category c) {
if(category.equals("Miscellaneous")){
return 1;
}
else{
return category.compareTo(c.category);
}
}
etc
If I test this by running a client of the facade
I get the expected results, the list is ordered as required with
"Miscellaneous" on the end
However, and here's the thing, When my app starts
an initialisation servlet runs, calls the facade method
and puts the resulting List on the application context.
When I render the list via a custom tag the list has
in some way been altered so that the String
"Miscellaneous" is in it's 'natural' position
not what I want at all.
I have tried everything I can think of to reproduce this behaviour
in a standalone Java program but the list is always returned
as required. When I call the method from a servlet the list is always
returned
in it's natural order, I know collections.sort is being executed as
the list is in alpha order, it's almost as if the comparator is being
replaced in some way
I have no servlet filters or any other code 'in the way' between the facade
and the initialization servlet.
Any ideas ?
TIA
Lyallex
Re: Redirecting from unprotected resource to a protected one
On 2 November 2012 16:21, Christopher Schultz wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Lyallex, > > On 11/2/12 9:43 AM, Lyallex wrote: > > When I have validated the data I want to forward to a protected > > resource like this > > > > forwardTarget = "/account/accountView.jsp"; > > > The problem is that you are doing a forward and not a redirect. > Yea, well, that was easy wasn't it ;-) Thanks for taking the time to reply Much appreciated Lyallex
Re: Getting hold of an IP address
On 8 December 2010 10:04, Konstantin Kolinko wrote: > ServletRequest.getRemoteAddr() > > (In a Filter. There is no request in HttpSessionListener). > > Best regards, > Konstantin Kolinko > ahem ... yes, well that was easy wasn't it In my (weak) defense it's been a long while since I did any coding Thank you - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Getting hold of an IP address
Hi apache-tomcat-6.0.16 jdk1.6.0_03 My application contains instances of javax.servlet.http.HttpSessionListener and javax.servlet.Filter (among other classes of course) My question is, is it possible to obtain the originating IP address of a request from either of these classes I've had a good look around with no luck so far. Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading dynamically created content: An old chestnut but still a problem.
2009/6/11 Caldarale, Charles R : >> From: Christopher Schultz [mailto:ch...@christopherschultz.net] >> Subject: Re: Loading dynamically created content: An old chestnut but >> stilla problem. >> >> I suspect that Hassan and Chuck are nto using anti-resource-locking >> while Lyallex is. > > Correct; as stated, both Hassan and I are using stock Tomcat 6.0.20 downloads. > > If the external webapp approach I suggested is used, the antiResourceLocking > attribute should be set to false for that . > > - Chuck > > I have this working now. I removed the locking attributes from the context as explained in the other thread. Thanks to all those who took the time to reply, it's much appreciated. lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamic Resources: getRealPath() returns the 'wrong' path
2009/6/11 Mark Thomas :
> Lyallex wrote:
>> 2009/6/11 Caldarale, Charles R :
>>
>>> Writing to the webapp's deployment location is a bad idea - you again have
>>> no guarantee that it's allowed, and you're at the whims of the container
>>> and execution environment controlling the actual location. Much better to
>>> write your files outside of Tomcat's directory space, using a path defined
>>> by system property, environment variable, or webapp property.
>>>
>>> - Chuck
>>
>> Yep, I tried this. I set up the following in context.xml
>>
>> > type="java.lang.String" override="false"/>
>>
>> When the app starts I look up the value for the imagecache path
>>
>> imageCache = (String)ctx.lookup("java:comp/env/imagecache");
>>
>> then store it in my config server.
>>
>> When I want to write a file I get the path from the config server,
>> create a java.io.File and write the data. If I look in the blackhole
>> there are the files (images) I know it works b'cos I can open them in
>> an image editor.
>>
>> Works perfectly ... except I just cannot get he DefaultServlet to
>> serve any images that are written to any directory anywhere on the
>> filesystem after the server has started ... apologies for letting this
>> leak into this thread but I though I might need to use some Servlet
>> spec type API to write files so that the DefaultServlet could 'see'
>> them ... hence the use of getRealPath grasping at straws ? You
>> bet.
>
> If you use getRealPath and write them to the path it returns - ie the
> one with n-ROOT in it - then the DefaultServlet should serve them.
> You'll need to write them to the 'proper' ROOT context as well or you'll
> lose them on reload.
>
> Alternatively, you could fix whatever problem caused you to use
> anti-resource/jar locking in the first place.
>
> Mark
OK, well thanks for this it seems to be working now.
I have removed the locking attributes from the context and the images load now.
These attributes were a legacy of problems I was having with the
tomcat ant deploy task not deleting some jars. Not sure why this is no
longer an issue really. Nothing has changed in my build script ...
Still, fingers crossed it all works as planned. I still have some
tests to do, if I have more problems I'll be back .
Thanks to all those who took the time to reply, it's much appreciated
lyallex
>
>
>
> -
> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
>
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading dynamically created content: An old chestnut but still a problem.
2009/6/11 Caldarale, Charles R : >> From: Hassan Schroeder [mailto:hassan.schroe...@gmail.com] >> Subject: Re: Loading dynamically created content: An old chestnut but >> still a problem. >> >> Then I copied a random example.gif image to the ROOT directory >> and entered http://localhost:8080/example.gif in my address bar. >> And there it is in my browser. > > Just to confirm that there's no long-term caching, I extended the above by > starting Tomcat, loaded the home page in Firefox, replaced tomcat.gif by one > of Bill the Cat with the name tomcat.gif, refreshed the page with F5, and got > the revised, much uglier image in the upper left corner. > > - Chuck OK, all very nice ... I just tried this. The server was running and my application was up and working. I copied an image into the ROOT directory then tried to access it like so http://localhost/main.jpg and got a 404 not found. I stopped and restarted the server (very important this) and tried the same request again and the image loaded. I'm not imagining this. It is a fact. On my setup (tomcat 6.0.16. jdk1.6.0_03, Windows XP SP 2) I cannot load images that have been written to disk after the server starts ... sorry if this offends you in some way, it's driving ME nuts especially as you all seem to have no trouble with this. I'm almost tempted to load the app onto the live server and see if it works there. .. no, that way lies madness. lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamic Resources: getRealPath() returns the 'wrong' path
2009/6/11 Caldarale, Charles R :
> Writing to the webapp's deployment location is a bad idea - you again have no
> guarantee that it's allowed, and you're at the whims of the container and
> execution environment controlling the actual location. Much better to write
> your files outside of Tomcat's directory space, using a path defined by
> system property, environment variable, or webapp property.
>
> - Chuck
Yep, I tried this. I set up the following in context.xml
When the app starts I look up the value for the imagecache path
imageCache = (String)ctx.lookup("java:comp/env/imagecache");
then store it in my config server.
When I want to write a file I get the path from the config server,
create a java.io.File and write the data. If I look in the blackhole
there are the files (images) I know it works b'cos I can open them in
an image editor.
Works perfectly ... except I just cannot get he DefaultServlet to
serve any images that are written to any directory anywhere on the
filesystem after the server has started ... apologies for letting this
leak into this thread but I though I might need to use some Servlet
spec type API to write files so that the DefaultServlet could 'see'
them ... hence the use of getRealPath grasping at straws ? You
bet.
Anyway, thanks for taking the time to reply
lyallex
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Dynamic Resources: getRealPath() returns the 'wrong' path
2009/6/11 Mark Thomas : > Lyallex wrote: >> The logging output gives the following >> >> INFO: The path to the image cache is >> C:\servers\tomcat\apache-tomcat-6.0.16\temp\1-ROOT\imagecache > > This is a side effect of using the anti-locking attributes on your context. Er, OK ... thanks. > > Mark > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading dynamically created content: An old chestnut but still a problem.
2009/6/10 Jonathan Mast : > Ok, so this approach of writing to disk after reading the database is not > working at all. I thought you were saying previously that was working up to > a point, but then failing for new products. > > I know its completely possible to add images the root of a Web-App folder > after deployment and have Tomcat "see" them. Great, any idea how ? Others here seem to think that the DefaultServlet will not serve content that is uploaded after the server starts and this is the behaviour I'm seeing I'd be really interested to know how it's done > Are you by chance running Tomcat behind Apache Httpd or some other server? Nope, Tomcat runs standalone on port 80 and serves all content thanks lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Dynamic Resources: getRealPath() returns the 'wrong' path
Hi
apache-tomcat-6.0.16
jdk1.6.0_03
Dev box : Windows
Deployment box: Linux
I have my server installed at
C:\servers\tomcat\apache-tomcat-6.0.16\
My application is installed at
C:\servers\tomcat\apache-tomcat-6.0.16\webapps\ROOT
I have an image cache available at
C:\servers\tomcat\apache-tomcat-6.0.16\webapps\ROOT\imagecache
In a servlet I do the following
String pathToImagecache = getServletContext().getRealPath("imagecache");
logger.log(Level.INFO, "The path to the image cache is " + pathToImagecache);
The logging output gives the following
INFO: The path to the image cache is
C:\servers\tomcat\apache-tomcat-6.0.16\temp\1-ROOT\imagecache
I need to get hold of the imagecache directory to write images to it
but I have no idea what this \temp\1-ROOT\ bit of the path all about
???
The only way I can get the correct path at the moment is to set up an
EV in context.xml then do a JNDI lookup in my site cooker and save the
value to my config server... I'd much rather use getRealPath as I
don't have to change the config when I deploy to live.
I'm confused, any help much appreciated
lyallex
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading dynamically created content: An old chestnut but still a problem.
Christopher > Multiple posts to this list seem to contradict Hassan's assertion that > this should work: the DefaultServlet appears to ignore files that are > created post deployment (or at least, post directory-read). This is exactly what is happening, the DefautServlet Ignores any file that appears in the application space after the server is started Others who have replied to my original post appear to have no problem serving up images that have been uploaded after server startup ... I appear to have multiple issues here. Rather that 'hijack' my own thread, I'll start a new one for each issue then return here when I know exactly what the problem is. I hope this doesn't upset too many people. Rgds lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Loading dynamically created content: An old chestnut but still a problem.
Hi I'll try to explain in as few words as possible. When I upload a new product I store the image data and the text in the database. I did this to try and separate the data from the application with the intention of eventually having the data reside on a separate device optimised for serving data ... well that was my original thinking anyway. At the moment, when I load an image I use a proxy servlet and extract the imageid from the 'Product' (p below) _thumb.jpg" ...' etc/> In other words, as opposed to getting an anonymous byte stream and displaying it in the browser I'm now accessing a named image and the browser caches it. It all works beautifully apart from the fact that it appears the DefaultServlet will not load resources that have been written to disk after the server has been started. If I restart the server I can see my images, but only the ones loaded thus far ... Anyway, I'm currently looking at the serveResource() method in the DefaultServlet to try and figure out if it is possible to configure it to load resoures that have appeared after the server has started ... it doesn't look like it is possible which is slightly depressing ... unless of course I am missing something. Surely this is not an unusual requirement, how do others deal with serving up images that have been uploaded after the server has started. Anyway Thanks for taking the time to reply lyallex 2009/6/10 Jonathan Mast : > So you are actually storing the image data in the database, as opposed to > the filepath? interesting... > > So your webapp accesses the image data as needed and writes it to imagecache > dir? Is this feature not working? i don't understand what exactly the issue > is that you are having. please explain. > > > > On Wed, Jun 10, 2009 at 9:41 AM, Lyallex wrote: > >> apache-tomcat-6.0.16 >> jdk1.6.0_03 >> >> Dev box : Windows >> Deployment box: Linux >> >> Hi >> >> I've read some other posts that seem to be asking similar questions >> but I can't find the answer so far. >> maybe someone here would be kind enough to give me a hint >> >> I have a retail application that stores the product images in a database. >> Each product can have many images and products are being uploaded all the >> time. >> >> Fetching images from the database every time results in a clunky page >> load so I want to cache the images to disk >> the first time an item is accessed my cache manager checks the disk >> cache to see if images for that item are available. >> If not it loads them onto the disk. >> this happens in the servlet that serves the item details up so the >> images are in the disk cache before the request is forwarded to the >> view (jsp) >> In the jsp I access the images from the disk cache. >> >> The problem is, the first time I access the item details the images >> are written to the cache which resides directly under the >> context root but they are not loaded in the view. >> If I restart tomcat the images disply fine so I know all the caching >> is working correctly. >> >> I can't restart tomcat everytime I upload a new product so how can I >> force tomcat to recognise the new images 'on the fly' so as to speak? >> The application is running as the ROOT application on the server and >> is the only application being served. >> >> An example image might be >> ../apache-tomcat-6.0.16/webapps/ROOT/imagecache/830_main.jpg >> (example) >> >> I'm quite happy that the imagecache is deleted everytime I redeploy >> the application because the application is starting to stabilise and >> once I have this last problem ironed out >> I will only be doing irregular maintenance. The faster loading of >> images is more than enough compensation. >> >> I can't use symbolic links to place the imagecache outside the >> application space because I develop on Windows and deploy to Linux >> (historical, nothing I can do about it) >> >> Any ideas much appreciated. >> >> >> Many thanks >> lyallex >> >> - >> To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: users-h...@tomcat.apache.org >> >> > - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Loading dynamically created content: An old chestnut but still a problem.
apache-tomcat-6.0.16 jdk1.6.0_03 Dev box : Windows Deployment box: Linux Hi I've read some other posts that seem to be asking similar questions but I can't find the answer so far. maybe someone here would be kind enough to give me a hint I have a retail application that stores the product images in a database. Each product can have many images and products are being uploaded all the time. Fetching images from the database every time results in a clunky page load so I want to cache the images to disk the first time an item is accessed my cache manager checks the disk cache to see if images for that item are available. If not it loads them onto the disk. this happens in the servlet that serves the item details up so the images are in the disk cache before the request is forwarded to the view (jsp) In the jsp I access the images from the disk cache. The problem is, the first time I access the item details the images are written to the cache which resides directly under the context root but they are not loaded in the view. If I restart tomcat the images disply fine so I know all the caching is working correctly. I can't restart tomcat everytime I upload a new product so how can I force tomcat to recognise the new images 'on the fly' so as to speak? The application is running as the ROOT application on the server and is the only application being served. An example image might be ../apache-tomcat-6.0.16/webapps/ROOT/imagecache/830_main.jpg (example) I'm quite happy that the imagecache is deleted everytime I redeploy the application because the application is starting to stabilise and once I have this last problem ironed out I will only be doing irregular maintenance. The faster loading of images is more than enough compensation. I can't use symbolic links to place the imagecache outside the application space because I develop on Windows and deploy to Linux (historical, nothing I can do about it) Any ideas much appreciated. Many thanks lyallex - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 6 and javamail
2008/11/27 Caldarale, Charles R <[EMAIL PROTECTED]>: >> From: Lyallex [mailto:[EMAIL PROTECTED] >> Subject: Re: Tomcat 6 and javamail >> >> The mail server does not require authentication when accessed from the >> office subnet. The server guys have confirmed this. > > Or is it that your mail server is configured to accept the network signon > that each workstations uses? No, it's relaying from my subnet, no authentication required (according to the network guys anyway, I work for a hosting company and these guys seem to know their stuff). >> I am using the same mail server for the standalone test, the test >> where the mail component is configured to use the JNDI resource >> configured in context.xml and the test where the mail component uses >> the same configuration mechanism as the standlone test. The only test >> that fails is the last one. > > And is everything running under the same account? If you're running Tomcat > as a Windows service, it will not be the account you logged into your > workstation (and network)with. I start Tomcat from the command line. I only ever pass the IP address of the mail server. I can even telnet to it and send a mail from the command line. lyallex > > - Chuck > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > MATERIAL and is thus for use only by the intended recipient. If you received > this in error, please contact the sender and delete the e-mail and its > attachments from all computers. > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6 and javamail
2008/11/27 Rainer Frey <[EMAIL PROTECTED]>:
> On Thursday 27 November 2008 12:52:56 Lyallex wrote:
>
>
> (It would be easier to answer if you'd stop top quoting - but I won't correct
> this whole mail)
Well that's most kind of you, you are being very patient.
I think I need to take a step back here. The boss is happy that
sending email from within the application is now working. I on the
other hand want to know why something that works in Tomcat 5 doesn't
work in Tomcat 6. He's less than inclined to pay for that information
however :-(
Anyway, I will certainly do some more testing, maybe install a clean
Tomcat 6 and create a simple web app that just sends email to a
preconfigured address ... whatever, I'll post results here including
code, mail debug and anything else that might help
Thanks again for your time
lyallex
>
>> OK, firstly thanks for the feedback so far
>>
>> Let me be quite clear about one thing.
>> I am using the same mail server in both cases. Tomcat and Eclipse are
>> running on the same physical device with the same IP address.
>> The mail server does not require authentication when accessed from the
>> office subnet. The server guys have confirmed this.
>
> So the problem is certainly on Java side.
>
>> If I configure a JavaMail session as described in the following resource
>>
>> http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
>> (JavaMail section)
>>
>> and set auth to false in context.xml everything works perfectly when
>> sending mail from the web application.
>
> It then should not be anything related to Javamail or Java version,
> incompatible jar files ...
>
>> I am using the same mail server for the standalone test, the test
>> where the mail component is configured to use the JNDI resource
>> configured in context.xml and the test where the mail component uses
>> the same configuration mechanism as the standlone test. The only test
>> that fails is the last one.
>>
>> Something has changed since Tomcat 5. I have exactly the same
>> component running in several webapps on Tomcat 5 servers without any
>> need to configure JNDI resources/Mail sessions etc
>
> In such a setup, a javamail session is no managed resource for tomcat. I can't
> imagine how the tomcat version could have any influence on that. There must
> be any other difference between your eclipse runtime and this failing tomcat.
>
>> JAVA_OPTS and CATALINA_OPTS have not been modified by me and do not
>> contain anything other that the default settings (none of which appear
>> to have anything to do with mail config settings).
>
> Is there any other webapp that might set system properties with mail related
> content? I'd make sure and use an empty Properties object for your test. the
> only reason to use System.getProperties() is the ability to pass JavaMail
> configuration to the JVM command line. I'm not sure what static variables and
> Singletons Javamail has, so I'd test without the resource configuration (even
> if you don't use it anyway) and the Javamail jars in WEB-INF/lib. If this is
> not successful, I guess it's impossible to help unless you post more code,
> complete exception messages and perhaps the output of Javamail with
> mail.debug=true. As I think it is not directly related to tomcat, I'd
> recommend asking on the Javamail list though, they might know more details.
>
> Rainer
>
>>
>> Any ideas much appreciated.
>>
>> lyallex
>>
>> 2008/11/26 Rainer Frey <[EMAIL PROTECTED]>:
>> > On Wednesday 26 November 2008 08:37:14 Rainer Frey wrote:
>> >> > In the MailServer constructor I do the following
>> >> >
>> >> > properties = System.getProperties();
>> >> > ...
>> >> > properties.put("mail.smtp.auth", "false");
>> >> >
>> >> > so it looks like a different properties bundle is being used when I
>> >> > run this in Tomcat ... does any of this make sense ??
>> >
>> > Argh, I overlooked that you use System.getProperties() here. If you
>> > specify any JavaMail related Properties in JAVA_OPTS or CATALINA_OPTS
>> > environment variables, this will be different indeed. You might want to
>> > check your tomcat start script.
>> >
>> > Rainer
>> >
>> >
>> > -
>> > To start a new topic, e-mail: users@tomcat.apache.org
>> > To unsubscribe, e-mail: [EMAIL PROTECTED]
>> > For additional commands, e-mail: [EMAI
Re: Tomcat 6 and javamail
OK, firstly thanks for the feedback so far
Let me be quite clear about one thing.
I am using the same mail server in both cases. Tomcat and Eclipse are
running on the same physical device with the same IP address.
If I configure a JavaMail session as described in the following resource
http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
(JavaMail section)
and set auth to false in context.xml everything works perfectly when
sending mail from the web application.
When I try to send mail with my mail component cofigured to work
without using the configured session it fails with Authentication
failed
To sum up then
The mail server does not require authentication when accessed from the
office subnet. The server guys have confirmed this.
I am using the same mail server for the standalone test, the test
where the mail component is configured to use the JNDI resource
configured in context.xml and the test where the mail component uses
the same configuration mechanism as the standlone test. The only test
that fails is the last one.
Something has changed since Tomcat 5. I have exactly the same
component running in several webapps on Tomcat 5 servers without any
need to configure JNDI resources/Mail sessions etc
JAVA_OPTS and CATALINA_OPTS have not been modified by me and do not
contain anything other that the default settings (none of which appear
to have anything to do with mail config settings).
Any ideas much appreciated.
lyallex
2008/11/26 Rainer Frey <[EMAIL PROTECTED]>:
> On Wednesday 26 November 2008 08:37:14 Rainer Frey wrote:
>> > In the MailServer constructor I do the following
>> >
>> > properties = System.getProperties();
>> > ...
>> > properties.put("mail.smtp.auth", "false");
>> >
>> > so it looks like a different properties bundle is being used when I
>> > run this in Tomcat ... does any of this make sense ??
>
> Argh, I overlooked that you use System.getProperties() here. If you specify
> any JavaMail related Properties in JAVA_OPTS or CATALINA_OPTS environment
> variables, this will be different indeed. You might want to check your tomcat
> start script.
>
> Rainer
>
>
> -
> To start a new topic, e-mail: users@tomcat.apache.org
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6 and javamail
Hello again
2008/11/19 Don Millhofer <[EMAIL PROTECTED]>:
> Are you sure that the mail server, serving the host you are deploying to does
> not require authentication? I got this same error trying to go through the
> Google Mail Server without proper authentication.
I am absolutely sure that the mail server I am using for the
standalone test is the same one that I am using for the tomcat server.
I tried setting mail.smtp.auth = true and the send failed in Eclipse,
the debug output was exactly the same as when I run the code
in Tomcat Authentication failure
I then hardcoded properties.put("mail.smtp.auth", "false"); in the
MailServer constructor and ran the Eclipse test, it worked, so I ran
it in Tomcat and it failed with Authentication exception
In the MailServer constructor I do the following
properties = System.getProperties();
...
properties.put("mail.smtp.auth", "false");
so it looks like a different properties bundle is being used when I
run this in Tomcat ... does any of this make sense ??
Thanks
lyallex
>
> when I invoke the component in the webapp I get
> javax.mail.AuthenticationFailedException
> debug output shows that my components configuration parameters are
> IDENTICAL to those used in standalone mode.
>
> You say in Eclipse you use - (mail.smtp.auth = false) and sends the email.
> Try sending authentication.
>
>private class SMTPAuthenticator extends javax.mail.Authenticator {
>@ Override
>public PasswordAuthentication getPasswordAuthentication() {
>return new PasswordAuthentication(d_email, d_password);
>}
>}
>
> Don
>
>
> At 06:41 AM 11/25/2008, you wrote:
>>Start by making sure there is only one copy of the javamail jar.
>>Remove either the one in tomcat's lib directory or your webapp's lib
>>directory.
>>
>>-- David
>>
>>
>>On Nov 19, 2008, at 6:04 AM, Lyallex <[EMAIL PROTECTED]> wrote:
>>
>>>Hi
>>>
>>>Tomcat 6.0.16
>>>jdk1.6.0_06
>>>javamail 1.4.1
>>>
>>>I have a simple component that uses javamail 1.4.1 to send e-mail
>>>It works perfectly 'standalone' (executed from Eclipse).
>>>It connects to the server (mail.smtp.auth = false)
>>>and sends the email
>>>
>>>I've read the available docs at
>>>http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html
>>>which talk about activation.jar among others
>>>As I am using jdk 1.6 I understand that this is no longer required (it
>>>is included in the distro).
>>>
>>>The javamail 1.4.1 jars are in CATALINA_HOME/lib
>>>I have also tried them in WEB-INF/classes/lib
>>>
>>>when I invoke the component in the webapp I get
>>>javax.mail.AuthenticationFailedException
>>>debug output shows that my components configuration parameters are
>>>IDENTICAL to those used in standalone mode.
>>>
>>>I am not using jndi resources or resources defined in context.xml, I
>>>am not using tomcats JavaMail session management.
>>>
>>>I just need this to work as a simple component without lots of config
>>>to start with.
>>>
>>>Can anyone let me in on the 'secret' to getting this to work. I've had
>>>similar components working in earlier releases (and they are still
>>>working)
>>>Something must have changed, I'm rather hoping it's not a securuity
>>>thing but I suspect it might be.
>>>
>>>I'm not asking anyone to debug my application I could just do with a
>>>pointer or two.
>>>
>>>Any help much appreciated
>>>
>>>Cheers
>>>lyallex
>>>
>>>-
>>>To start a new topic, e-mail: users@tomcat.apache.org
>>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>>For additional commands, e-mail: [EMAIL PROTECTED]
>>
>>-
>>To start a new topic, e-mail: users@tomcat.apache.org
>>To unsubscribe, e-mail: [EMAIL PROTECTED]
>>For additional commands, e-mail: [EMAIL PROTECTED]
>
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 6 and javamail
Hi Well I've had problems with this before. As I'm sure you know, the JavaMail API 1.4.1 distribution contains dsn.jar, imap.jar, mailapi.jar, pop3.jar and smtp.jar I was very careful to make sure that I only had the above jars in EITHER the web application's lib directory (WEB-INF/lib) OR tomcat's lib directory (../apache-tomcat-6.0.16/lib) restarting every time I made a change. I just tried again, searching the entire tomcat filesystem each time to ensure that there were no duplicates but still no luck. Unfortunately the mail server admin is being less than helpful so I can't even see what is happening at the other end. Any other ideas ? Thanks anyway lyallex 2008/11/25 David Smith <[EMAIL PROTECTED]>: > Start by making sure there is only one copy of the javamail jar. Remove > either the one in tomcat's lib directory or your webapp's lib directory. > > -- David > > > On Nov 19, 2008, at 6:04 AM, Lyallex <[EMAIL PROTECTED]> wrote: > >> Hi >> >> Tomcat 6.0.16 >> jdk1.6.0_06 >> javamail 1.4.1 >> >> I have a simple component that uses javamail 1.4.1 to send e-mail >> It works perfectly 'standalone' (executed from Eclipse). >> It connects to the server (mail.smtp.auth = false) >> and sends the email >> >> I've read the available docs at >> http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html >> which talk about activation.jar among others >> As I am using jdk 1.6 I understand that this is no longer required (it >> is included in the distro). >> >> The javamail 1.4.1 jars are in CATALINA_HOME/lib >> I have also tried them in WEB-INF/classes/lib >> >> when I invoke the component in the webapp I get >> javax.mail.AuthenticationFailedException >> debug output shows that my components configuration parameters are >> IDENTICAL to those used in standalone mode. >> >> I am not using jndi resources or resources defined in context.xml, I >> am not using tomcats JavaMail session management. >> >> I just need this to work as a simple component without lots of config >> to start with. >> >> Can anyone let me in on the 'secret' to getting this to work. I've had >> similar components working in earlier releases (and they are still >> working) >> Something must have changed, I'm rather hoping it's not a securuity >> thing but I suspect it might be. >> >> I'm not asking anyone to debug my application I could just do with a >> pointer or two. >> >> Any help much appreciated >> >> Cheers >> lyallex >> >> - >> To start a new topic, e-mail: users@tomcat.apache.org >> To unsubscribe, e-mail: [EMAIL PROTECTED] >> For additional commands, e-mail: [EMAIL PROTECTED] >> > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 6 and javamail
Hi Tomcat 6.0.16 jdk1.6.0_06 javamail 1.4.1 I have a simple component that uses javamail 1.4.1 to send e-mail It works perfectly 'standalone' (executed from Eclipse). It connects to the server (mail.smtp.auth = false) and sends the email I've read the available docs at http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html which talk about activation.jar among others As I am using jdk 1.6 I understand that this is no longer required (it is included in the distro). The javamail 1.4.1 jars are in CATALINA_HOME/lib I have also tried them in WEB-INF/classes/lib when I invoke the component in the webapp I get javax.mail.AuthenticationFailedException debug output shows that my components configuration parameters are IDENTICAL to those used in standalone mode. I am not using jndi resources or resources defined in context.xml, I am not using tomcats JavaMail session management. I just need this to work as a simple component without lots of config to start with. Can anyone let me in on the 'secret' to getting this to work. I've had similar components working in earlier releases (and they are still working) Something must have changed, I'm rather hoping it's not a securuity thing but I suspect it might be. I'm not asking anyone to debug my application I could just do with a pointer or two. Any help much appreciated Cheers lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Possibly OT] Life after dojo, slow 'buggy' redeploy. Any experience here ?
Good Morning apache-tomcat-5.5.26 java 1.5.0_15 dojo 1.1.1 ant 1.7.0 I just bolted the dojo javascript libs into one of my web apps. I use the org.apache.catalina.ant.DeployTask and org.apache.catalina.ant.UndeployTask to redeploy my application from within an Ant script Before installing dojo, redeployment took about 12 seconds After I installed dojo, redeployment takes anything up to two minutes and throws exceptions (see below if interested) Removing dojo results in redployment happening in (about) 12 seconds again. I'm a bit ... confused. I'm going to turn on some deep debug and see if I can find out what's happening but I thought I might see if anyone else has experienced this Exceptions thrown WARNING: Error while removing context [/atledu] java.lang.NullPointerException at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:884) at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1046) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1214) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1306) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559) at java.lang.Thread.run(Thread.java:619) 03-Sep-2008 09:55:23 org.apache.catalina.startup.HostConfig checkResources WARNING: Error during context [/atledu] destroy java.lang.NullPointerException at org.apache.catalina.startup.HostConfig.checkResources(HostConfig.java:1052) at org.apache.catalina.startup.HostConfig.check(HostConfig.java:1214) at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:293) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120) at org.apache.catalina.core.ContainerBase.backgroundProcess(ContainerBase.java:1306) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1570) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.processChildren(ContainerBase.java:1579) at org.apache.catalina.core.ContainerBase$ContainerBackgroundProcessor.run(ContainerBase.java:1559) at java.lang.Thread.run(Thread.java:619) Many Thanks lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to close an out Stream if a client aborts
On Mon, Jun 30, 2008 at 1:52 PM, Johnny Kewl <[EMAIL PROTECTED]> wrote: > > - Original Message - From: "Lyallex" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Monday, June 30, 2008 10:11 AM > Subject: How to close an out Stream if a client aborts > > >> Good Morning >> >> Java 1.5.0_15 >> Tomcat 5.5.26 >> >> I have a servlet that is used to serve up images from a database >> > > Good question... it does seem to fly in the face of convention. Well it looks like the streams are being recycled Looking at the hash values of the stream objects it appears that the output stream is being reused even though it doesn't appear to be closing ... sort of lost here, looks like I need to get into the Tomcat code to understand what is going on here ... ah well, I've got nothing better to do (I wish) Lyallex > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
How to close an out Stream if a client aborts
Good Morning
Java 1.5.0_15
Tomcat 5.5.26
I have a servlet that is used to serve up images from a database
If the client aborts the connection I get the usual 'broken pipe' type
exceptions
The thing is that from my debug output it appears that the
OutputStream to the client
(instanceof ServletOutputStream) is neither flushed nor closed in this
situation.
I try to close all resources in a finally block but the debug after
outStream.close never appears
I guess I can understand why the stream is not flushed (there is no
connection to flush it to)
but I'm not sure why I can't close the stream, the javadoc doesn't
really help ...
The problem I have is that under heavy load the server crashes silently
(no errors to the logs) and I'm trying to track down why this might be.
If I get loads of unclosed OutputStreams containing uncommitted data
this might be the problem. (yes/no?)
Here's the basic code (logging and debug removed)
public void doService(HttpServletRequest request,
HttpServletResponse response) throws ServletException, IOException {
ServletOutputStream outStream = null;
InputStream inStream = null;
try {
outStream = response.getOutputStream();
response.reset();
response.setHeader("Expires", "-1");
response.setHeader("Cache-Control", "no-cache");
String imageId = request.getParameter(WebConstants.IMAGE_ID);
ImageServer images = ImageServer.getServer();
inStream = images.getImageData(imageId);
byte[] bytes = new byte[1000];
int bytesRead = inStream.read(bytes);
while (bytesRead != -1) {
outStream.write(bytes,0,bytesRead);
bytesRead = inStream.read(bytes);
}
//appears to 'hang' here if client breaks connection
outStream.flush();
}
catch (Throwable t) {
//aborted connection type exceptions to log
t.printStackTrace();
}
finally{
//outStream.flush();
//no debug output after here if flush is uncommented here
inStream.close();
//debug here appears OK
outStream.close();
//debug here never appears if client breaks connection
}
}
The whole thing works perfectly in the situiation where the client
doesn't abort the connection.
I'm not asking anyone to solve my problem, I'm just trying to figure
out if I'm looking in the right place, possibly.
Could this potentially be where the problem lies ?
TIA
Lyallex
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Changing roles on the fly
On Sun, Jun 22, 2008 at 1:46 PM, Johnny Kewl <[EMAIL PROTECTED]> wrote: > > - Original Message - From: "Lyallex" <[EMAIL PROTECTED]> > To: "Tomcat Users List" > Sent: Sunday, June 22, 2008 1:14 PM > Subject: Re: Changing roles on the fly > > >> On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: >>> >>> Johnny Kewl wrote: >>>> >>>> - Original Message - From: "Lyallex" <[EMAIL PROTECTED]> >>>>> >>>>> Allowing a user to add a role is simple enough. >>>> >>>> Is it? >>> >>> Yes. >> >> snip ... >> >>> If you change web.xml, yes TC will restart. However, you probably know >>> the >>> roles you want and the resources you want to protect, just not which >>> users >>> have which roles. >> >> Exactly, in my application there is a business requirement to allow >> certain user to add certain roles on the fly. ... snip ... > The part that is worrying me, is not the sessions tracking the sessions > in HttpSessionListener and jamming them into a Hashmap as chris said, I > think is the right way... thats not what is worrying me, its what you call > the "trivia", ie you "just" going to change the "persistance store"... which > I assume means > tomcat-users.xml Nope, it means the database. Does anyone really use tomcat-users.xml for a production system ... I can't believe it. My business logic code is "persistence mechanism agnostic" as all good and true Java OO code should be IMHO. That's why I used the term 'persistance store' apologies if this caused confusion. Anyway, the 'trivia' works perfectly (it is trivial after all). I've already done all that, it was just controlling the logged in users I was getting my head around. -- Lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Changing roles on the fly
On Sat, Jun 21, 2008 at 12:41 PM, Mark Thomas <[EMAIL PROTECTED]> wrote: > Johnny Kewl wrote: >> >> - Original Message - From: "Lyallex" <[EMAIL PROTECTED]> >>> >>> Allowing a user to add a role is simple enough. >> >> Is it? > > Yes. snip ... > If you change web.xml, yes TC will restart. However, you probably know the > roles you want and the resources you want to protect, just not which users > have which roles. Exactly, in my application there is a business requirement to allow certain user to add certain roles on the fly. I know what these roles are and the resources they protect, all this is predefined. When a user adds a role I log them out (They are warned about this and are ready for it) when they log in again they have the additional role, all this is relatively trivial to implement as is the elected removal of a role which works in exactly the same way. The problem comes when I want to remove certain privileges from a user who may already be logged in. I can remove the role in the persistance store easily enough but I need a way to get a handle on the session and invalidate it so that he next time the user tries to access a protected resource they have to log in again. > Look at how the manager webapp access the list of sessions. You should be > able to use similar code. Note you'll need to make your webapp privileged. > You might want a separate admin webapp. Yes, I've sort of come that that conclusion myself, I might try the JMX route as it's something I've never done before and it's fun to learn new stuff. If the client (who pays me after all) starts grizzling I can look at the HttpSessionListener thing recommended by Chris earlier. Thanks to all for taking the time to reply. This list truly is 'the dogs' --Lyallex > > Mark > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Changing roles on the fly
Hello Tomcat 5.5.26 Java 1.5.0_15-b04 This question is about role based security and the dynamic assignment/removal of roles. I have a requirement to allow an user to add or remove certain roles 'on the fly' Allowing a user to add a role is simple enough. Once they have 'clicked the button' to add a role (and thereby add a certain set of role defined features) I simply force them to log back in again. Similarly, when a user removes a role I again force them to log in and they then no longer have those role based features associated. The problem comes when a superuser wants to remove a role from a user and that user may be logged in. What I need to be able to do is to view all the currently active sessions and log the relevant user out (by invalidating the session for example) so that when they next try to access a protected resource they have to log in again ... I can't give any more details I'm afraid. I think I may be able to do this by allowing a superuser account to access this information using JMX (mbeans) and do appropriate stuff. This is a sanity check with the experts on this list as I have never used JMX before and I would like to know if I am pointing in the right direction. Is this something I could do via JMX or is there something else I should be looking at. I do not want to expose the tomcat management console to superusers as they will be (business) domain experts, not Tomcat users or developers/sysadmins Thank You Lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Distributed Singletons with clustered Tomcat
On Thu, May 22, 2008 at 2:10 PM, Christopher Schultz <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Lyllax, > > Lyallex wrote: > | Classically my ServiceLocator has been a Singleton, now I have the > | prospect of multiple Singletons living in multiple JVMs. > > Do you actually need intra-JVM synchronization or something like that? > Why can these "singletons" not operate independently on each instance of TC? Good question, I don't know, it's new stuff and I'm just starting to think about it. I just feel I need to control access to resources in some way, probably better to control access via the service rather that via the service delivery mechanism. I've never use multiple Tomcat instances to deliver a single application before, maybe this question is better posted in comp.lang.java. Thanks for taking the time to reply. Lyallex > > - -chris > > -BEGIN PGP SIGNATURE- > Version: GnuPG v1.4.9 (MingW32) > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org > > iEYEARECAAYFAkg1cLUACgkQ9CaO5/Lv0PCRDgCgnOIn1dS1S7qMgCGH++NkxE6M > 3h0AoLJiwo+qjrnLhmj4FzjhrXdUrXlU > =FbQA > -END PGP SIGNATURE- > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Distributed Singletons with clustered Tomcat
Hello Up until now everything I've done with Tomcat has been on a single server. Now I am developing an application that will require multiple Tomcat servers (instances at least) with some sort of load balancer thing in front of them. Classically my ServiceLocator has been a Singleton, now I have the prospect of multiple Singletons living in multiple JVMs. I realise that this is not actually Tomcat specific and that this situation can arise regardless of Servlet container but I am using Tomcat so I posted here. I was thinking maybe RMI might prove the answer (so I can still have a single Singleton) but another correspondant on this list seems to be having problems with lost data (although we won't be using a wan AFAIK). Is there a well tried solution to this issue ? Many Thanks In Advance Lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Save POJO Application Server Definition
On Thu, May 15, 2008 at 2:10 PM, David Fisher <[EMAIL PROTECTED]> wrote: >>> >>> Jeez, give the guy a break, snip > I find Johnny's emails interesting and helpful as well. > > All that I was asking for was for him to put his taglines (however many he > wants) at the end - like everyone else - sorry if I was too sarcastic. Tag line looks good at the bottom Johnny Lyallex - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Save POJO Application Server Definition
Jeez, give the guy a break, if you don't want to read his posts then don't read them. His name appears next to them, it's easy to ignore if you want to. I don't know 'Johnny' personally and I agree he can be a bit ebulliant but do we really all want to descend into greyness. Lyallex On Thu, May 15, 2008 at 2:35 AM, Stephen Souness <[EMAIL PROTECTED]> wrote: > I'm with you David, I don't visit these groups to see spam thinly disguised > as Tomcat-related messages. > > > -- > Stephen Souness > > > > David Fisher wrote: >> >> We know you think your stuff is so kewl, but would you please stop leading >> all your email with an evangelical tag line. >> >> That would be so cool of you. >> >> Thanks, >> >> Regards, >> Dave >> >> On May 13, 2008, at 3:14 PM, Johnny Kewl wrote: >> > >>> >> >> > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] RE: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site
I agree with others on the list that *for other purposes* starting at the basics and working up is the way to go. I may have a different view of what "basics" is, given that I *think* I still carry around enough in my head that I could design a functional (if basic) computer from the discrete components up through instruction set, microcode if absolutely required, I/O, OS to applications ;-). I wish all developers could think down to bare metal level, and beyond - it gives a very solid grounding in *why* to code in a particular way. > > - Peter > Well here I have to agree with you, I spent many happy hours in the compsci labs messing about with a Motorolla 68000 processor. I was lucky enough to be in the last cohort at my university to get a thorough grounding in computer architecture (Course Book 'Structured Computer Organization' by Andrew S Tannenbaum). A fantastic course and absolutely essential IMHO. I think it's been replaced with 'Business and Society' or something now, shame. I totally agree with using and reusing existing components. I use lots of commons components all the time and as for Lucene (http://lucene.apache.org/) well it's the absolute dogs danglers isn't it ? I just think that a framework as a starting point is one layer too far for a beginner to web development. Anyway, let us know how you get on OP. Cheers Lyallex Just my two quids worth - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] RE: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site
Peter Never suggested the OP develop carts and such like from scratch really did I. What I said was he should focus on learning the core APIs, that's a little different. Building your own business logic is a requirement whatever framework you use (or don't use). If you can tell me where to find reusable business logic then that will certainly save me time, I'd still want to know how it worked though so black boxes are useless. If, when you know the core you decide to rot your brain and spend frustrating days trying to configure some bloody minded framework then go for it, at least you'll have some idea where to look when it doesn't work (they NEVER work first time in my experience). Anyway OP, hope this little discussion has cleared things up for you :-)) Cheers Lyallex On Fri, May 2, 2008 at 2:48 PM, Peter Crowther <[EMAIL PROTECTED]> wrote: > > From: Lyallex [mailto:[EMAIL PROTECTED] > > Subject: Re: Seeking advice as to what platform/framework to > > use for developing a tourism/tourist attractions web site > > > > > Greetings > > > > I guess given the lack of replies that most think this is too OT for > > this list, well I suppose it is but I couldn't resist answering. > > > > "Don't Do It" > > > > That is, don't use any framework at all. > > Many of the OP's requirements are for existing tools. Blog, shopping cart > and the like. Developing those from scratch is rather like gathering the > coal, clay and iron ore to make your own oven to smelt your own iron ore to > make your own axe to cut down your own tree to make your own log cabin. You > *can*, and you get a lot of satisfaction from it, but it's a lot easier to > spend less time working for someone else, then rent a house. Sure, it might > not be quite what you'd build yourself... but you get most of what you want a > *lot* quicker. > > So, to the OP, I'd say: compare the big systems that you mention. Take a > tour of each. Install a few. You might spend a couple of weeks, maybe a > couple of months doing this. Then pick one and go for it. You'll have your > system running - and customers using it - while Lyallex is still building the > data access layer for the no-framework one. > > - Peter > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site
On Fri, May 2, 2008 at 2:38 PM, Frank W. Zammetti <[EMAIL PROTECTED]> wrote: > I actually agree with Lyallex quite strongly, ..no, you don't, you can't, well actually you do, so I'm not going mad then, fabulous. No Idea what DWR is and the idea of writing more of my app in javascript leaves me a little cold but I'll have a look BTW OP, the best way to learn about this stuff is just to read this list, someone will mention something you've never heard of before so you go look at it and you get a 'hey I could use that' moment it works for me. > P.S. - Is that your real name by the way Layallex? If so, I've never heard > it before, but it's pretty cool!) Actually Frank I've been lurking around on this list for as long as I care to remember, I try to help where I can but mostly it makes me laugh and I learn something new every day. 'nuff reason I guess. As for Lyallex, well it's a long (long) story. Cheers Lyallex > > -- > Frank W. Zammetti > Author of "Practical DWR 2 Projects" > and "Practical JavaScript, DOM Scripting and Ajax Projects" > and "Practical Ajax Projects With Java Technology" > for info: apress.com/book/search?searchterm=zammetti&act=search > Java Web Parts - javawebparts.sourceforge.net > Supplying the wheel, so you don't have to reinvent it! > My "only partially serious" blog: zammetti.com/blog > > Lyallex wrote: > > > > > > > > > Greetings > > > > I guess given the lack of replies that most think this is too OT for > > this list, well I suppose it is but I couldn't resist answering. > > > > "Don't Do It" > > > > That is, don't use any framework at all. > > > > Download Tomcat and the relevant J2EE API documentation bundle, then > > goto the MySQL site and get the driver > > then go http://commons.apache.org/ and get all sorts of stuff. Finally > > read http://java.sun.com/blueprints/patterns/catalog.html (maybe this > > should be the other way around) > > > > This really is all you need. learning a framework is an overhead you > > can do without if you are getting into J2EE. > > > > I used to use Struts and JSF and Castor and lot's of other stuff but I > > found I was spending more time learning how to configure the framework > > than I was developing. My latest site has most of what you mention and > > not a framework in site. > > > > Follow the patterns, write cohesive POJOs and hide the business logic > > behind facades. Use the commons stuff, it works, it's free and it's > > documented (to a degree). I even used to eschew taglibs but I'm a > > convert now so use them where you can. > > > > NEVER put business logic anywhere other than in POJOs (or EJBs if you > > must) and never do anything other than rendering in jsp's. > > > > Use css, everywhere, all the time ... IE 6 is broken but most of the > > latest browsers are pretty good these days IMHO. > > good, bad (well not quite). > > > > Stick to this and you will be writing websites and earning money for > > the rest of your working life while others struggle to get heir head > > around the latest bloated XML nightmare config, docubabble latest > > greatest framework. > > > > Madness ? perhaps, but I spend my time learning the Java/J2EE APIs > > rather than reading framework documentation and I am never out of > > work. > > > > > > > > Good Luck > > > > Lyallex > > > > > > > > On Fri, May 2, 2008 at 11:01 AM, qm westview <[EMAIL PROTECTED]> > wrote: > > > > > *Hi there,* *I am an application programmer (Java, PHP) and almost new > to > > > web development. I am currently investigating as to what is the most > > > appropriate/applicable open source platform/framework to develop a web > site > > > (simple to start but more comprehensive into the future) for tourism or > > > tourist attractions. The following lists the basic support requirements > > > (mainly multimedia, interactivity and future proof) * *1. XHTML, > > > JavaScript, Ajax* *2. Multimedia – images, slides show, music, > videos* > > > *3. Simple blogging facility * *4. Community, Feedbacks * *5. > > > Emailing for registered users (regular news release)* *6. Database > > > (mySQL or similar)* *7. Search ability (text based)* *8. > Shopping > > > facility (online, gift etc)* *9. Management facility* *I have seen > some > &
Re: Seeking advice as to what platform/framework to use for developing a tourism/tourist attractions web site
Greetings I guess given the lack of replies that most think this is too OT for this list, well I suppose it is but I couldn't resist answering. "Don't Do It" That is, don't use any framework at all. Download Tomcat and the relevant J2EE API documentation bundle, then goto the MySQL site and get the driver then go http://commons.apache.org/ and get all sorts of stuff. Finally read http://java.sun.com/blueprints/patterns/catalog.html (maybe this should be the other way around) This really is all you need. learning a framework is an overhead you can do without if you are getting into J2EE. I used to use Struts and JSF and Castor and lot's of other stuff but I found I was spending more time learning how to configure the framework than I was developing. My latest site has most of what you mention and not a framework in site. Follow the patterns, write cohesive POJOs and hide the business logic behind facades. Use the commons stuff, it works, it's free and it's documented (to a degree). I even used to eschew taglibs but I'm a convert now so use them where you can. NEVER put business logic anywhere other than in POJOs (or EJBs if you must) and never do anything other than rendering in jsp's. Use css, everywhere, all the time ... IE 6 is broken but most of the latest browsers are pretty good these days IMHO. good, bad (well not quite). Stick to this and you will be writing websites and earning money for the rest of your working life while others struggle to get heir head around the latest bloated XML nightmare config, docubabble latest greatest framework. Madness ? perhaps, but I spend my time learning the Java/J2EE APIs rather than reading framework documentation and I am never out of work. Good Luck Lyallex On Fri, May 2, 2008 at 11:01 AM, qm westview <[EMAIL PROTECTED]> wrote: > *Hi there,* *I am an application programmer (Java, PHP) and almost new to > web development. I am currently investigating as to what is the most > appropriate/applicable open source platform/framework to develop a web site > (simple to start but more comprehensive into the future) for tourism or > tourist attractions. The following lists the basic support requirements > (mainly multimedia, interactivity and future proof) * *1. XHTML, > JavaScript, Ajax* *2. Multimedia – images, slides show, music, videos* > *3. Simple blogging facility * *4. Community, Feedbacks * *5. > Emailing for registered users (regular news release)* *6. Database > (mySQL or similar)* *7. Search ability (text based)* *8. Shopping > facility (online, gift etc)* *9. Management facility* *I have seen some > CMS type of open system, such as Xoops, Lenya, Daisy, etc. But I do not have > enough knowledge to make any choice decision. Just wondered if any > experienced people here could help me or shed some lights please. * *I am a > techi person and wouldn't mind the complicity of technology so long as the > job can be done efficiently and effectively and low cost.* *Many thanks in > advance,* *Mark* > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [OT] "Ooh, shiny!" (was RE: Best Linux distribution)
> Unfortunately too many IT teams that I've encountered tend towards the "Ooh, > shiny new toy!" and "My server's newer than your server" views of the world. Heh heh, shiny new toy syndrome, where would the 'IT business' be without it. comp.lang.java.programmer has some really bilious postings from people who get REALLY upset if you even mention older releases of Java ... can't see why really, maybe it's all a conspiracy to keep the consultants in business. ... now where did I put my Dr Logo manual. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Confused about startup
Hi
Thanks for this and thanks to those that replied about this off list.
Sometmes I struggle to make myself understood, this is one such time I think.
All I really wanted to know was why Bootstrap.main() had the line
"Main method, used for testing only"
In it's comment block. As far as I can see this is just one of those
things, maybe it should be removed, maybe it should stay if there is a
good reason.
I does go to show that something as simple as a one line comment can
cause much confusion to those of us that rely on a combination of code
and comment to understand what's going on in code we have not seen
before.
I once knew a PhD who was always saying that he did not need comments
as he could read code, well possibly, but for us mere mortals comments
can make the difference between success and failure.
Keep up the good work
Cheers
Duncan
On 10/24/07, Konstantin Kolinko <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I can say you a few words about this bootstrap class. I remember how I
> was proud, when I managed to decypher what it actually does. It was a
> year ago, but it is still a good memory. ;) It's an excellent piece.
> I hope that in a while you will be able to share these feelings of
> joy.
>
> In essence, it parses catalina.properties (either the default copy of
> it, or the one available in the conf folder), sets up a chain of
> classloaders (see
> http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html), and
> starts the server.
>
> Most of the work is done through reflection calls.
>
> JMX test at the begin of Bootstrap.main() (in tomcat 5.5 only) is
> required, because JMX is used to manage tomcat instance. Thus there is
> a quick test, and a message if the test fails.
>
> Please note, that catalina.properties specifies patterns, e.g.
> ${catalina.home}/common/lib/*.jar, but ClassLoader instance requires
> references to actual jar files, thus some lookup is performed to get
> the actual names from the pattern.
>
> The startup sequence description in
> http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
> is correct. It is not a simple matter though.
>
> The comment for Bootstrap.main( ) is, well, misleading.
> Both in 5.5.25 and 6.0.14 sources.
> Should someone provide a patch for this?
>
> Actually, the Bootstrap class is not so important. The more important
> class is org.apache.catalina.startup.Catalina, and its main(args)
> method is commented as being the entry point.
>
>
> 2007/10/24, Lyallex <[EMAIL PROTECTED]>:
> > Hmm, obviously this was "not an acceptable question" ... shame.
> >
> > Still, I have now managed to get 5.5.25 to build and run and when I
> > put some simple debug in Bootstrap.main() it does indeed appear that
> > this method is being called.
> >
> > Still slightly confused as to why this method is commented as
> >
> > /**
> > * Main method, used for testing only.
> > *
> > * @param args Command line arguments to be processed
> > */
> >
> > Ah well, it's all character building stuff I suppose.
> >
> > On 10/24/07, Lyallex <[EMAIL PROTECTED]> wrote:
> > > Hello
> > >
> > > Windows XP SP2
> > > Java 1.5.0_10
> > > Tomcat 5.5.25
> > >
> > > After many years using Tomcat to host various web sites I thought it
> > > was about time I started looking at some of the code. I downloaded the
> > > source for 5.5.25 and thought I'd start at the beginning and figure
> > > out what happens when I start the server from the command line..
> > > After deciphering the batch files (catalina.bat, startup.bat and
> > > setclasspath.bat) I figured out that the class being invoked was
> > > org.apache.catalina.startup.Bootstrap with the command line param
> > > start ... Well that's about as far as I get because I just can't
> > > figure out the entry point. I know that an instance of
> > > org.apache.catalina.startup.Catalina is being instantiated and invoked
> > > eventually but the main method in Bootstrap is apparently only used
> > > for testing.
> > > At least that what he comments state ... but main must be being called
> > > mustn't it ... If main is not being called in Bootstrap how do things
> > > kick off... I'm a bit distressed that I can't figure this out. I
> > > haven't got around to building the distribution yet.
> > >
> > > I've read
> > > http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt
> > > but I'm still at a loss, maybe I'
Re: Confused about startup
Hmm, obviously this was "not an acceptable question" ... shame. Still, I have now managed to get 5.5.25 to build and run and when I put some simple debug in Bootstrap.main() it does indeed appear that this method is being called. Still slightly confused as to why this method is commented as /** * Main method, used for testing only. * * @param args Command line arguments to be processed */ Ah well, it's all character building stuff I suppose. On 10/24/07, Lyallex <[EMAIL PROTECTED]> wrote: > Hello > > Windows XP SP2 > Java 1.5.0_10 > Tomcat 5.5.25 > > After many years using Tomcat to host various web sites I thought it > was about time I started looking at some of the code. I downloaded the > source for 5.5.25 and thought I'd start at the beginning and figure > out what happens when I start the server from the command line.. > After deciphering the batch files (catalina.bat, startup.bat and > setclasspath.bat) I figured out that the class being invoked was > org.apache.catalina.startup.Bootstrap with the command line param > start ... Well that's about as far as I get because I just can't > figure out the entry point. I know that an instance of > org.apache.catalina.startup.Catalina is being instantiated and invoked > eventually but the main method in Bootstrap is apparently only used > for testing. > At least that what he comments state ... but main must be being called > mustn't it ... If main is not being called in Bootstrap how do things > kick off... I'm a bit distressed that I can't figure this out. I > haven't got around to building the distribution yet. > > I've read > http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt > but I'm still at a loss, maybe I'm getting too old for all this or > maybe I'm just tired ... > > Thanks > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Confused about startup
Hello Windows XP SP2 Java 1.5.0_10 Tomcat 5.5.25 After many years using Tomcat to host various web sites I thought it was about time I started looking at some of the code. I downloaded the source for 5.5.25 and thought I'd start at the beginning and figure out what happens when I start the server from the command line.. After deciphering the batch files (catalina.bat, startup.bat and setclasspath.bat) I figured out that the class being invoked was org.apache.catalina.startup.Bootstrap with the command line param start ... Well that's about as far as I get because I just can't figure out the entry point. I know that an instance of org.apache.catalina.startup.Catalina is being instantiated and invoked eventually but the main method in Bootstrap is apparently only used for testing. At least that what he comments state ... but main must be being called mustn't it ... If main is not being called in Bootstrap how do things kick off... I'm a bit distressed that I can't figure this out. I haven't got around to building the distribution yet. I've read http://tomcat.apache.org/tomcat-5.5-doc/architecture/startup/serverStartup.txt but I'm still at a loss, maybe I'm getting too old for all this or maybe I'm just tired ... Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Diagnosing Tomcat memory usage
Try Lambda Probe as recommended by other contributors to this list. http://www.lambdaprobe.org/d/index.htm I'm no expert with this tool but it's straightforward to install and I think it may help you out a bit. The System Information/Memory Utilization thing is particularly fascinating although I don't fully understandthe output yet. I also used the JProbe profiller some time ago to profile a running instance of Weblogic, it had a fantastic real time heap analysis tool that shows you exactly what's happening at runtime ... 2 million String objects, where the heck did they come from ? It's not free though as far as I know. It might help On 10/10/07, Andrew Hole <[EMAIL PROTECTED]> wrote: > I've an java application running under tomcat and in the last week > memory usage increase 50%, from 200M to 400M. I want to know exactly > why this happens. Some suggestion? > > Thanks a lot > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.23: caching of css files?
Did you clear your browser cache ? If you access the application via different adresses AFAIK the browser sees identical files as being different due to those different addresses (FQDN versus IP address). I had similar problems that dissapeared after I cleared out the browser cache It's just a thought. On 10/9/07, Angelo Chen <[EMAIL PROTECTED]> wrote: > > Hi Charles, > > this is what I did: > > 1. shut down tomcat > 2. delete war and related directory > 3. copy new war file > 4. start tomcat > > with all above, I'm still getting pages styled with old css file, it will go > away after several hours. kind of strange. > A.C. > > > Caldarale, Charles R wrote: > > > >> From: Angelo Chen [mailto:[EMAIL PROTECTED] > >> Subject: Tomcat 5.23: caching of css files? > >> > >> I have tomcat 5.23 in ubuntu 7.04, if I update the war file > >> and access it thru domain name, the css file is not updated > >> even i clear everything in my browser > > > > I haven't tried it, but you may have to restart the webapp in order to > > get the updated .css file loaded; just changing the .war file may not do > > that. Did you try restarting the app manually? You could provide the > > name of the .css file as a to do it automatically. > > > > - Chuck > > > > > > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY > > MATERIAL and is thus for use only by the intended recipient. If you > > received this in error, please contact the sender and delete the e-mail > > and its attachments from all computers. > > > > - > > To start a new topic, e-mail: users@tomcat.apache.org > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > -- > View this message in context: > http://www.nabble.com/Tomcat-5.23%3A-caching-of-css-files--tf4593435.html#a13114923 > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you access all sessions from a servlet in tomcat 6.0?
On 9/19/07, David Delbecq <[EMAIL PROTECTED]> wrote: > Just use WeakReference :) Er, well that's OK, the WeakReference referant object (the session) is null after gc but now I have a WeakReference object lurking in my Map as opposed to the HttpSession object previously so I'm not really gaining anything. Probably best to remove the K, V pair when the session is destroyed. > > Anyway, I'll shut up now. I wish. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you access all sessions from a servlet in tomcat 6.0?
OK, for some reason I've been obsessing about this for a whole day now. If you hold an external reference to a Session then according to my tests the session will still time out as expected but the external reference will be non null. At the very least this means that you may end up with a large number of useless references taking up space in memory. Of course you can always remove an invalid or timed out reference in the sessionDestroyed method of your listener. There are a whole bunch of other issues surrounding this but I'm sure you've sussed them out for yourself already. Anyway, I'll shut up now. Rgds Duncan On 9/19/07, Lyallex <[EMAIL PROTECTED]> wrote: > On 9/18/07, Lyallex <[EMAIL PROTECTED]> wrote: > > How about creating a SessionListener > > > > class SomeSessionListener implements HttpSessionListener ... > > > > Register it in web.xml > > > > in the sessionCreated method of your listener get a reference to the > > new session from the HttpSessionEvent you can now access the > > getLastAccessedTime(), maybe store the refs in some singleton ... > > ...er, actually I think this could be a REALLY STUPID idea as I hadn't > thought about what happens if you maintain an external reference to a > session and the session expires... > > Investigating now > > Duncan > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you access all sessions from a servlet in tomcat 6.0?
On 9/18/07, Lyallex <[EMAIL PROTECTED]> wrote: > How about creating a SessionListener > > class SomeSessionListener implements HttpSessionListener ... > > Register it in web.xml > > in the sessionCreated method of your listener get a reference to the > new session from the HttpSessionEvent you can now access the > getLastAccessedTime(), maybe store the refs in some singleton ... ...er, actually I think this could be a REALLY STUPID idea as I hadn't thought about what happens if you maintain an external reference to a session and the session expires... Investigating now Duncan - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do you access all sessions from a servlet in tomcat 6.0?
How about creating a SessionListener class SomeSessionListener implements HttpSessionListener ... Register it in web.xml in the sessionCreated method of your listener get a reference to the new session from the HttpSessionEvent you can now access the getLastAccessedTime(), maybe store the refs in some singleton accessible from the context and so some stuff in your TimerTask ... Just an idea if you like messing about with stuff, nothing to do with ManagerBase though so I bet there is a better way of doing it. Rgds Duncan On 9/18/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > We have tomcat configured to allow users sessions to stay alive for 12 > hours. This is because this is how they like to work, login once at the > start of the day and shutdown at the end of the day. > > I have a need to track their actual activity, like a concurrent license > tool, and thought the best way of doing this would be to have a servlet > start a timer at server startup, this servlet could then poll all the > active sessions at a set interval and check the getLastAccessedtime() > method, building up a view of the actual activity. > > Am I going about this in the right way? > > If I am how do I access all the currently active sessions from a servlet? > It looks like if I can gain access to the servers engine/context I could > access all sessions via the ManagerBase class but I do not know how to do > this. > > Thanks Gary > _ > This e-mail transmission and any attachments to it are intended solely for > the use of the individual or entity to whom it is addressed and may contain > confidential and privileged information. If you are not the intended > recipient, your use, forwarding, printing, storing, disseminating, > distribution, or copying of this communication is prohibited. If you > received this communication in error, please notify the sender immediately > by replying to this message and delete it from your computer. > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
On 8/23/07, Christopher Schultz <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Duncan, > > Not to belabor this thread too much, but... > > Lyallex wrote: > > I never actually suggested [curl] was a > > hacking tool > > See the subject line. Yes ... fair point :-} - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is Tomcat being hacked by curl ?
On 8/23/07, David Smith <[EMAIL PROTECTED]> wrote: > Just to nip this one early before the discussion strays too far, curl is > NOT a hacking tool. It's just a command line http client useful in all > sorts of linux/unix OS scripts. Yep, I understand what curl is now ... spent some time on the relevant website reading up about it. I never actually suggested it was a hacking tool, I was unsure what it was and was asking for relevant exp' from the uses of this list, and as is often the case users@tomcat.apache.org delivered the goods. > To determine if it's being used to probe your site, you need to pay > attention to WHAT is being requested. The brief sample offered by the > OP was actually very benign (no weird escape sequences or attempts to > access a binary executable). Although ... depending on what you consider hacking it certainly seems like it could easily be used to run a crude DOS attack (for example) simply by writing a shell script with a loop in it, like many other otherwise benign applications out there I'm sure. Anyway, what this has taught me is to pay much more attention to the logs over and above checking out the webalizer pages once a day and to understand what is being requested as well as by what (and by whom)... oh yes, and to dredge up what I used to know about iptables (or was that ipchains) as well, good tip. So, a success than, and none of this is EVER a waste of time IMHO. Many thanks Duncan > > --David > > Mark Deneen wrote: > > >Once you find them, you might be hard pressed to actually do anything > >about it beyond getting in touch with their ISP. > > > >It might be easier to just block them at the firewall or on the server > >tomcat runs on with something like iptables. > > > >Mark > > > >On 8/23/07, Lyallex <[EMAIL PROTECTED]> wrote: > > > > > >>www.who.is > >> > >>Much more info > >> > >>...tracking the perpetrator down now ... this is fun. > >> > >> > >> > > > >- > >To start a new topic, e-mail: users@tomcat.apache.org > >To unsubscribe, e-mail: [EMAIL PROTECTED] > >For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > - > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
