Re: Using RemoteAddressValve with an Apache mod_proxy_balancer
On 12/16/2009 11:01 PM, Bill Barker wrote: > "André Warnier" wrote in message > news:4b294eb6.4090...@ice-sa.com... >> Martin B. Smith wrote: >>> Howdy! >>> >>> I'm trying to ensure that only specific instances of Apache are allowed >>> to proxy requests into my Tomcat 5.5.28 instances. Unfortunately, it >>> looks like Tomcat is seeing the actual client IP making the original >>> request to Apache. Does anyone have a configuration that only allows >>> specific Apache (mod_)proxies to be serviced by Tomcat? >>> >> Of course if your are under Linux, you could use iptables to block >> requests to port 8009, from hosts you don't like. >> And if you are under Windows, you could use the Windows firewall or >> filtering rules. >> Probably even more efficient than doing this at the Tomcat level. > > Yes, but if the OP wants to block all access to Tomcat, it is even easier to > just not have the worker configured on those Apaches that shouldn't contact > it. As a result, I'm guessing that the OP wants to restrict access to > certain webapps. > > The good news is that with the AJP connector, request.getLocalName() returns > the name of the Apache server (as specified by the ServerName directive), > not the Tomcat server. And request.getLocalAddr() returns the IP address of > request.getLocalName() as it resolves on the Tomcat machine. With that > information it isn't hard to write a Filter that does what you want. For > the truely lazy, it would also be trivial to copy RemoteAddrValve to > LocalAddrValve and have it check localAddr instead of remoteAddr. > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > André, thank you for the suggestions. I had considered them, but wanted some additional, more specific protections without going to mod_jk. Bill, your post is a gem. Indeed, I can always use network ACLs and iptables and mod_jk, but I was really hoping to do mod_proxy_balancer. While there's some administrative separations between the programmers and the system administrators that prevent me from writing servlets on top of Tomcat, this is a nice tip. Thanks. -- Martin B. Smith smit...@ufl.edu - (352) 273-1374 CNS/Open Systems Group University of Florida - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Using RemoteAddressValve with an Apache mod_proxy_balancer
Howdy! I'm trying to ensure that only specific instances of Apache are allowed to proxy requests into my Tomcat 5.5.28 instances. Unfortunately, it looks like Tomcat is seeing the actual client IP making the original request to Apache. Does anyone have a configuration that only allows specific Apache (mod_)proxies to be serviced by Tomcat? I will be using other ways to protect Tomcat, but I'd like something inside Tomcat filtering these AJP requests too, and RemoteAddressValve sounds like it should work :) Here's what I'm using now -- Apache: ProxyPass / balancer://foo/ stickysession=JSESSIONID nofailover=On BalancerMember ajp://host1:1234 route=foo BalancerMember ajp://host2:1235 route=foo Tomcat: allow="127.0.0.1,apache-front-end-ip"/> Additionally, I'm noticing 403s returned from Tomcat via AJP are showing up as empty pages in Apache, instead of showing a default 403 page like Apache usually does. Thanks for any insight! -- Martin B. Smith smit...@ufl.edu - (352) 273-1374 CNS/Open Systems Group University of Florida - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat 5.5.28 with simple valve causes startup errors
On 12/16/2009 11:33 AM, Mark Thomas wrote: On 16/12/2009 17:28, Martin B. Smith wrote: Hi folks, I'm getting some exceptions with a vanilla Tomcat 5.5.28 and a simple logging valve. I'm using the following version of Java: java version "1.5.0_22" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_22-b03, mixed mode) The valve I've configured inside a Host element: Below I'm including the stack trace I receive, and below that, the full server.xml including the fragment above. Am I way off the path on configuring a logging valve? Not way off but every so slightly off but in a way the *really* upsets things. Try using className rather than classname. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org Thanks! I took this from documentation and didn't catch that *facepalm* :) -- Martin B. Smith smit...@ufl.edu - (352) 273-1374 CNS/Open Systems Group University of Florida - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 5.5.28 with simple valve causes startup errors
Hi folks, I'm getting some exceptions with a vanilla Tomcat 5.5.28 and a simple logging valve. I'm using the following version of Java: java version "1.5.0_22" Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0_22-b03) Java HotSpot(TM) 64-Bit Server VM (build 1.5.0_22-b03, mixed mode) The valve I've configured inside a Host element: classname="org.apache.catalina.valves.FastCommonAccessLogValve" resolveHosts="false" rotatable="false" pattern="combined" /> Below I'm including the stack trace I receive, and below that, the full server.xml including the fragment above. Am I way off the path on configuring a logging valve? Thanks! Martin B. Smith smit...@ufl.edu - (352) 273-1374 CNS/Open Systems Group University of Florida -- 2009-12-16 11:25:23,071 WARN main org.apache.catalina.startup.Catalina - Catalina.start using conf/server.xml: java.lang.NullPointerException at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2726) at org.apache.tomcat.util.digester.Digester.createSAXException(Digester.java:2752) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1279) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.startElement(AbstractSAXParser.java:533) at com.sun.org.apache.xerces.internal.parsers.AbstractXMLDocumentParser.emptyElement(AbstractXMLDocumentParser.java:220) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanStartElement(XMLDocumentFragmentScannerImpl.java:872) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(XMLDocumentFragmentScannerImpl.java:1693) at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:368) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:834) at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:764) at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:148) at com.sun.org.apache.xerces.internal.parsers.AbstractSAXParser.parse(AbstractSAXParser.java:1242) at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1562) at org.apache.catalina.startup.Catalina.load(Catalina.java:490) at org.apache.catalina.startup.Catalina.start(Catalina.java:544) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) Caused by: java.lang.NullPointerException at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:261) at java.lang.ClassLoader.loadClass(ClassLoader.java:300) at java.lang.ClassLoader.loadClass(ClassLoader.java:300) at java.lang.ClassLoader.loadClass(ClassLoader.java:252) at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:205) at org.apache.tomcat.util.digester.Rule.begin(Rule.java:153) at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1276) ... 18 more 2009-12-16 11:25:23,192 INFO main org.apache.catalina.startup.Catalina - Server startup in 0 ms java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:592) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433) Caused by: java.lang.NullPointerException at org.apache.catalina.startup.Catalina.await(Catalina.java:616) at org.apache.catalina.startup.Catalina.start(Catalina.java:576) ... 6 more and my config: className="org.apache.catalina.mbeans.ServerLifecycleListener" /> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" /> className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/> minProcessors="20" acceptCount="10" connectionTimeout="2" URIEncoding="UTF-8" tomcatAuthentication="false" scheme="ht
Re: HttpServletRequest#getSession(false) says the session is good, but session is still invalid!
Hi Chris, Thanks for your response. I actually don't invalidate the current session there. That's what is so frustrating -- the code snippet I provided is at the very top of the method, and there's no more reference to the session or request until using setAttribute. I don't mind providing the code -- it's at http://java.pastebin.ca/1283742. Actually, looking at it in the pastebin -- could it be that I'm setting an attribute FOR the error about a missing session? Hmm did I just solve my own problem? Martin Christopher Schultz wrote: > Martin, > > Martin B. Smith wrote: >> With Tomcat 5.5 , I'm using the (what I assume to be typical) pattern: > >> -- >> if(!request.isRequestedSessionIdValid() || request.getSession(false) == >> null) >> { >> // some code to bail out and return an error >> } > >> HttpSession session = request.getSession(); > > > I've never done this. I typically just do: > > HttpSession nonRequiredSession = request.getSession(false); > > if(null === nonRequiredSession) > // I gots no session > else > // I have a session > >> and yet, later on in my code, a call to session.setAttribute() throws >> the following exception (see bottom of email)... what am I doing wrong? > >> Throwable/Exception cause: java.lang.IllegalStateException: >> setAttribute: Session already invalidated > > Presumably, your code has called session.invalidate() during the > processing of the current request. I'm not sure what happens if you do this: > > session = request.getSession(); > session.invalidate(); > session = request.getSession(); > session.setAttribute("foo", "bar"); > > Will this fail on the setAttribute, or will the second getSession give > you a new session? > > My guess is that your code does the above, but without the second > request.getSession(), so you end up with an invalidated session into > which you are trying to shove attributes. > > Maybe you could post the code? > > -chris - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- Martin Smith, Systems Developer mart...@bebr.ufl.edu Bureau of Economic and Business Research University of Florida (352) 392-0171 Ext. 221 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
HttpServletRequest#getSession(false) says the session is good, but session is still invalid!
Hi there, With Tomcat 5.5 , I'm using the (what I assume to be typical) pattern: -- if(!request.isRequestedSessionIdValid() || request.getSession(false) == null) { // some code to bail out and return an error } HttpSession session = request.getSession(); -- and yet, later on in my code, a call to session.setAttribute() throws the following exception (see bottom of email)... what am I doing wrong? I've guarded against an invalid session by checking for one, yet there it is on the first attempt to use it! Help! Thanks! Exception from above: Throwable/Exception cause: java.lang.IllegalStateException: setAttribute: Session already invalidated Stack trace: java.lang.IllegalStateException: setAttribute: Session already invalidated at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1251) at org.apache.catalina.session.StandardSession.setAttribute(StandardSession.java:1233) at org.apache.catalina.session.StandardSessionFacade.setAttribute(StandardSessionFacade.java:129) at edu.ufl.bebr.scheduler.web.action.EmployeeScheduleAction.execute(EmployeeScheduleAction.java:176) -- Martin Smith, Systems Developer mart...@bebr.ufl.edu Bureau of Economic and Business Research University of Florida (352) 392-0171 Ext. 221 - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org