Re: how to set role for JAASRealm
Hi
First of all, are you sure a JDBCRealm or a DataSourceRealm do not fill your
needs ?
Secondly, AFAIK when providing a Jaas module to the JaasRealm you just need
to provide the authentication method (LoginModule inteface). You don't have
to manipulate the loginContext, it is the JaasRealm job ...
If you really need to use Jaas:
1: Write your own LoginModule (implementing
java.security.auth.spi.LoginModule)
2: Write a jaas.conf description file (must be declared with -
Djava.security.auth.config )
3: The appName (TMSLogin) must reference a valid config in the jaas.conf
4: Configure the context / web.xml file
Hih
On 3/7/07, shahab [EMAIL PROTECTED] wrote:
Hi:
I am trying to implement authentication and authorization using JAASRealm.
(I am following the instruction provided at -
http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html). However, looks
like the role that I set (in the RolePrincipal) is not taking effect.
I have created a class extending Principal for the role. I am setting the
right name of the role (which I fetch from DB) and add the class to
Subject
as follows -
LoginContext lc = null;
try {
lc = new LoginContext(TMSLogin,
new AuthCallBackHandler(username, password));
} catch (LoginException le) {
..
}
try {
lc.login();
} catch (LoginException le) {
}
// now I am trying to set the rolePrincipal
Subject mySubject = lc.getSubject();
TMSRoles tmsRoles = new TMSRoles(role);
mySubject.getPrincipals().add(tmsRoles);
I have also made entries in server.xml as follows (i set debug to 0 hoping
for more debug info, TMSLogin is defined in jaas.config in tomcat's conf
directory) -
Realm className=org.apache.catalina.realm.JAASRealm
appName=TMSLogin
userClassNames=tms.core.authentication.TMSPrincipal
roleClassNames=tms.core.authentication.TMSRoles
debug=0/
my entry in web.xml is the following -
security-constraint
display-nameAdminConstraint/display-name
web-resource-collection
web-resource-nameTMSAdmin/web-resource-name
descriptionOnly for administrators/description
url-pattern/admin/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
/web-resource-collection
auth-constraint
description/
role-nameADMIN/role-name
/auth-constraint
/security-constraint
security-role
descriptionADMIN/description
role-nameADMIN/role-name
/security-role
the getName() of the TMSRoles instance returns ADMIN, which should allow
url /admin/*.
However, I am still getting HTTP 403.
Please help.
thanx
Shahab
--
View this message in context:
http://www.nabble.com/how-to-set-role-for-JAASRealm-tf3359888.html#a9346104
Sent from the Tomcat - User mailing list archive at Nabble.com.
-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie
et toi dans les pleurs.
Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs
et toi dans la joie.
Re: [Tomcat 5.5.20] How to use JAASRealm ?
hi, I can't figure out why you need to extend a JaasRealm ? This class lives in the server classloader, therein it cannot be and should definitivly never be accessed from your webapp. I think that you missunderstand the way to use the JaasRealm. Please look at my previous post (today) and tell me if it's clear enougth. HIH On 2/13/07, Stefan Lecho [EMAIL PROTECTED] wrote: Hello, In our project we are using a class that extends JAASRealm. This class is deployed in Tomcat 5.5.20. When accessing this class, an exception is generated: java.lang.NoClassDefFoundError: org/apache/catalina/realm/JAASRealm. By copying catalina-optional.jar from server\lib to common\lib, the original exception is no longer generated, but other exceptions are generated. In order to remove all generated exceptions, I am obliged to copy the following jars from server\lib to common\lib: catalina.jar, catalina-cluster.jar, catalina-optional.jar, catalina-storeconfig.jar, commons-modeler.jar, tomcat-ajp.jar, tomcat-coyote.jar, tomcat-http.jarand tomcat-util.jar. Is there another - cleaner - solution to make JAASRealm-derived classes work in Tomcat 5.5.20 ? Regards, Stefan Lecho. -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: [Tomcat 5.5.20] How to use JAASRealm ?
Sorry for the double post: If you really need to use Jaas: 1: Write your own LoginModule (implementing java.security.auth.spi.LoginModule) 2: Write a jaas.conf description file (must be declared with - Djava.security.auth.config ) 3: The appName (TMSLogin) must reference a valid config in the jaas.conf 4: Configure the context / web.xml file On 3/7/07, olivier nouguier [EMAIL PROTECTED] wrote: hi, I can't figure out why you need to extend a JaasRealm ? This class lives in the server classloader, therein it cannot be and should definitivly never be accessed from your webapp. I think that you missunderstand the way to use the JaasRealm. Please look at my previous post (today) and tell me if it's clear enougth. HIH On 2/13/07, Stefan Lecho [EMAIL PROTECTED] wrote: Hello, In our project we are using a class that extends JAASRealm. This class is deployed in Tomcat 5.5.20. When accessing this class, an exception is generated: java.lang.NoClassDefFoundError: org/apache/catalina/realm/JAASRealm. By copying catalina-optional.jar from server\lib to common\lib, the original exception is no longer generated, but other exceptions are generated. In order to remove all generated exceptions, I am obliged to copy the following jars from server\lib to common\lib: catalina.jar, catalina-cluster.jar, catalina-optional.jar, catalina-storeconfig.jar, commons-modeler.jar, tomcat-ajp.jar, tomcat-coyote.jar, tomcat-http.jarand tomcat-util.jar . Is there another - cleaner - solution to make JAASRealm-derived classes work in Tomcat 5.5.20 ? Regards, Stefan Lecho. -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: DB2/Tomcat Connection pooling problem
Hi Are you you sure that select 1 is a valid query under DB2? It is under mysql but it is not under DB2/AS400 ! HIH On 2/2/07, Pete [EMAIL PROTECTED] wrote: Thanks Tim. More information to my intial question: -I have also installed Websphere App Server on this machine and configured the application to work correctly there. -Shutdown WAS to run Tomcat -I have Tomcat working on my home server with a mysql database, so I do have something working! I also get this error: SEVERE: Null component Catalina:type=DataSource,path=/TestWeb,host=localhost,class= javax.sql.DataSource,name=jdbc/PhoenixDB When trying to use the DB2DataSourceFactory instead of the dbcp one... Context Resource name=jdbc/PhoenixDB auth=Container type=javax.sql.DataSource factory=com.ibm.db2.jcc.DB2DataSourceFactory driverClassName=com.ibm.db2.jcc.DB2Driver validationQuery=SELECT 1 loginTimeout=10 connectionProperties=currentSchema=T; maxWait=5000 username=uid password=pwd testOnBorrow=true driverType=4 url=jdbc:db2://test:5/TDB / /Context Thanks, -P - Original Message From: Tim Lucia [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, February 2, 2007 1:29:05 PM Subject: RE: DB2/Tomcat Connection pooling problem Also in V6, it seems to be using a version of dbcp associated with tomcat as opposed to commons. (org.apache.tomcat.dbcp.*) Has some underlying behavior changed as well here? This is the standard behavior with 5.5.x -- DBCP is repackaged under the Tomcat package (presumably) to avoid conflicts with commons DBCP. Tim - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it now. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: JNDI example for connecting to a DB2 on OS400
Hi, Nothing more than for another database. But: - be carrefull to put a valid validationQuery ( eg: select 1; is not supported by DB2/OS400 )! the URL and drivers should look like: parameter nameurl/name valuejdbc:as400://yourServerName;libraries=YOURSLIB1,YOURSLIB2;prompt=false;errors=full;trace=false/value /parameter parameter namedriverClassName/name valuecom.ibm.as400.access.AS400JDBCDriver/value /parameter parameter On 1/9/07, Greg Foulks [EMAIL PROTECTED] wrote: I've read the JNDI docs and can't find an example as to how to configure a connection for a DB2. I need to be able to setup a autoreconnect and a validation query in my server.xml but can't seem to find an example. Anyone able to help direct me in the to right location? Greg -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: JNDI example for connecting to a DB2 on OS400
A query that *always* return a row ... On 1/11/07, Greg Foulks [EMAIL PROTECTED] wrote: then what would be a vaild validation query? On 1/11/07, olivier nouguier [EMAIL PROTECTED] wrote: Hi, Nothing more than for another database. But: - be carrefull to put a valid validationQuery ( eg: select 1; is not supported by DB2/OS400 )! the URL and drivers should look like: parameter nameurl/name valuejdbc:as400://yourServerName;libraries=YOURSLIB1,YOURSLIB2;prompt=false;errors=full;trace=false/value /parameter parameter namedriverClassName/name valuecom.ibm.as400.access.AS400JDBCDriver/value /parameter parameter On 1/9/07, Greg Foulks [EMAIL PROTECTED] wrote: I've read the JNDI docs and can't find an example as to how to configure a connection for a DB2. I need to be able to setup a autoreconnect and a validation query in my server.xml but can't seem to find an example. Anyone able to help direct me in the to right location? Greg -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: wrong version of Tomcat
In the web.xml: The servlet api must be set with something like: web-app version=2.4 xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi= http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation= http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; Instead of old DTD. On 1/2/07, Leon van der Merwe [EMAIL PROTECTED] wrote: My company upgraded their Tomcat version from 4.1.x... to 5.5.x The version of Tomcat that is displayed as part of the 404(page not found) error page is wrong, still displaying the previous version. Where does Tomcat get/set the version number like 5.5.20? It seems to not be in the server.xml file. Thanks Leon FinSource A Maitland group company Celebrating 30 years (1976 - 2006) FinSource (Pty) Ltd 22 Leeuwen Street, Cape Town, 8001 PO Box 3149, Cape Town, 8000 Tel: +27 (0)21 480 8600 Direct Line: +27 (0)21 480 8710 Fax: +27 (0)21 480 8700 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.finsourcegroup.com BVI Cape Town Dublin Durban Geneva Isle of Man Johannesburg London Luxembourg Paris ** This e-mail is confidential and may also be privileged. If you are not the intended recipient, please delete from your system and notify the sender now; you may not use, disclose, distribute or copy it. Anyone who communicates with us by e-mail is taken to accept the risks in so doing. E-mails are subject to data corruption, delay, interception and unauthorised amendment. Nothing in the message is capable of or intended to create any legally binding obligation and it is not intended to provide legal advice. ** # This e-mail message has been scanned for Viruses and Content and cleared by FinSource Infrastructure Services' MailMarshal # -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Desperate: Tomcat 5.5. j_security_check
j_username should give you something better ;-) On 12/21/06, Gregor Schneider [EMAIL PROTECTED] wrote: Hi list, we're really, really deperate here. We have developed a web-app on Debian Edge with Tomcat 5.5.17 using Form-based Authentication with a JDBC-realm. Database is a MySQL 4.1.11 However, when we try to authenticate, the content passed from j_security_check - mysql-driver - MySQL always contains an empty string for the username, although the user has been read from the FORM and j_security_check even writes the j_user_name to the log. The logs show the following (log4j enabled in Tomcat): DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Security checking request GET /RRWizardCLUE/RRWizardCLUE DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Security checking request GET /RRWizardCLUE/RRWizardCLUE DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Calling hasUserDataPermission() DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Calling hasUserDataPermission() DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate() DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Calling authenticate() DEBUG http-8080-Processor2 org.apache.catalina.authenticator.FormAuthenticator - Save request in session '2872D911DD1F4534F9875C5C8994EA8B' DEBUG http-8080-Processor2 org.apache.catalina.authenticator.FormAuthenticator - Save request in session '2872D911DD1F4534F9875C5C8994EA8B' DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Security checking request POST /RRWizardCLUE/j_security_check DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Security checking request POST /RRWizardCLUE/j_security_check DEBUG http-8080-Processor2 org.apache.catalina.authenticator.FormAuthenticator - Authenticating username 'genre' DEBUG http-8080-Processor2 org.apache.catalina.authenticator.FormAuthenticator - Authenticating username 'genre' DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test ??/RRWizardCLUE/j_security_check DEBUG http-8080-Processor2 org.apache.catalina.authenticator.AuthenticatorBase - Failed authenticate() test ??/RRWizardCLUE/j_security_check Now when I look at the MySQL-logs, I can see that an empty string has been passed: 061221 21:14:32 100 Execute [1] SELECT user_pass FROM users WHERE user_name = '' 100 Query commit As you can see, the user genre has been found by j_security_check (which is demonstrated by the log), however, j_security_check (or the MySQL-JDBC-driver) somehow swallows the user and delivers an empty string to the MySQL-query. The definition of our JDBC-REALM is fine, and we've triple- and quadruple-checked that the tables are there, rights are set, however, for your information I'll post it here anyways: Realm className=org.apache.catalina.realm.JDBCRealm connectionPassword= userCredCol=user_pass userTable=users driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/authyela connectionName=someuser digest=MD5 userNameCol=user_name userRoleTable=user_roles roleNameCol=role_name / This whole setup worked on Debian Sarge with a single processor on a 32bit-machine, but it does not work on Debian Edge Dual CPU Dual Core Opteron 64bit. The JDK installed is 1.5.0-09-b01 (64bit JDK). As far as I know, it doesn't matter wether a Java-program (i.e. the MySQL-Connector or Tomcat) is running on 32bit-JDK or on 64bit-JDK since the bytecode of the classes remains the same, right? Or do we have to recompile the whole bunch on 64bit??? Please, please, please, throw all your suggestions, assumptions at me, we're absolutely out of any ideas. Thanks Greg -- what's puzzlin' you, is the nature of my game gpgp-fp: 79A84FA526807026795E4209D3B3FE028B3170B2 gpgp-key available @ http://pgpkeys.pca.dfn.de:11371 - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: avoiding multiple form submission
1) How do you submit your forms ... a few years ago I had a guy who show my that issue, in fact he submitted the form oncheck on an input image ... 2a) There is a simple server side pattern two avoid double submit:(could not find the www reference). * jsp put a token in the session (scriplet, taglib). * submit action test the token and remove it from the session. so the second post can safely fail as the token is not found ! 2b) js code !? On 12/19/06, Pierre Goupil [EMAIL PROTECTED] wrote: Hello, listers ! As you have certainly seen it, some sites submit their forms as many times as you validate them. For instance, how many forums post two messages if, by mistake, you click on the submit button twice ? As everyone (I guess), I had to face this problem, and then... I gave Hibernate a try : then, for some reason, it didn't happened to my webapp anymore. Great, thought I ! But today, in front of my customers for a demo (!), I decided not to use Firefox as usual, but Konqueror (a Linux browser). And to show them, I validated a form 5-6 times and... it got submited twice. 'f*?*?' thought I ! 'Not now...' :-/ If anyone could explain me this behaviour, it would be appreciated : why an Hibernate can avoid this on a Firefox, but partly not on another browser ! But if I post it here is because my REAL question is this one : does anyone know a way to totally avoid this ? I guess this is servlet container (hence Tomcat, for me) - related. Any suggestions ? Regards, Pierre -- To her who remembers every word spoken, From the heroe's oath To the baby's cry. You're my eternal witness. -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: My webapp is oddly asking for user and password
hi http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html and http://java.sun.com/products/servlet/download.html On 12/17/06, Dani [EMAIL PROTECTED] wrote: Hi. I have my webapp in c:\tomcat\webapps\rms\ and when I access http://localhost/rms/ Tomcat asks me for a user and a password. Even if I try a hello world HTML file. Why? I guess it's something I have to fix in web.xml or server.xml. What should I modify? TIA. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Character encoding
export CATALINA_OPTS=-Dfile.encoding=UTF-8 On 12/12/06, Mester József [EMAIL PROTECTED] wrote: Hi I have some problem with character encoding. I have found a page ( http://junlu.com/msg/1132.html ) and on this page there is a direction: 2. In the Catalina.bat (windows) catalina.sh (linux) there must be a switch added to the call to java.exe. The switch is: -Dfile.encoding=UTF-8 But I don't know where can I add this switch in catalina.sh I use Tomcat 5.5.20 on Debian Sarge Joe Send instant messages to your online friends http://uk.messenger.yahoo.com -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: how do I restrict access to folder?
hi Just put then in /WEB-INF/templates ... On 12/12/06, Sköldheimer Fredrik [EMAIL PROTECTED] wrote: Hello I'm new to the tomcat servers (have experience from apache webserver). I have a project coded in Java/JSF/Facelets and I need to restrict access to the folder that contains the xhtml-template files. The index.xhtmlfiles should be able to reach the content in the folder that contains the other xhtml files but you should not be able to reach them directly. Ex. - index.xhtml -- [templates] someTemplate.xhtml In witch I want to restrict access to all files in the [templates] folder. How do I accomplish this? /Fredrik - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Deploying shared .jar's
hi, By http://tomcat.apache.org/tomcat-5.5-doc/class-loader-howto.html Shared is the parent classloader of webapp. AFAIK the consequence of this in that a class loaded from webapp classloader can see other classes (whenever they come from shared, webapp or common), but the reverse is not true, and could lead to ClassNotDef or ClassNotFound exeption unless some classloader hack are performed ... On 12/11/06, David Kerber [EMAIL PROTECTED] wrote: From what I've read in the Tomcat 5.5 docs, I should be able to deploy a .jar that is shared across multiple webapps on Windows by putting it in the (tomcat)/shared/lib folder, but I've never gotten that to work. I've always had to put that jar in the web-inf/lib folder of each of the webapps that need it, in order for them to be able to use it. Why is that? Is there something I'm missing about deploying shared jars? The wasted disk space doesn't matter, but the hassle of putting the same .jar file in multiple different places does... Any help or explanations would be appreciated! Dave - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Problem with connectivity of web application with siebel(that sits behind firewall)
hi, http://tomcat.apache.org/connectors-doc/faq.html http://tomcat.apache.org/connectors-doc/howto/workers.html Look for keep alive On 12/1/06, Manish Kumar Singh [EMAIL PROTECTED] wrote: Hi All, We have a web application that communicates with siebel server 7.5.3. There is a firewall between web server and siebel server.When we start our web application it works fine but after sometime connection request to siebel fails.Session timout value for TCP connections on firewall is 30 minute. We have another application which is same, but communicates with siebel server that is in the same network with no firewall in between web server and siebel server. This application works fine and don't have any issue with connectivity. tomcat version that we are using is 5.0.25. Please advise if we can configure our web server to resolve this issue. Regards, Manish -**Nihilent*** *** All information contained in this communication is confidential, proprietary, privileged and is intended for the addressees only. If you have received this E-mail in error please notify mail administrator by telephone on +91-20-39846100 or E-mail the sender by replying to this message, and then delete this E-mail and other copies of it from your computer system. Any unauthorized dissemination, publication, transfer or use of the contents of this communication, with or without modifications is punishable under the relevant law. Nihilent has scanned this mail with current virus checking technologies. However, Nihilent makes no representations or warranties to the effect that this communication is virus-free. Nihilent reserves the right to monitor all E-mail communications through its Corporate Network. *** *- -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: virtual mapping on Tomcat 5.5
hi, A: put apache (httpd) in front of tomcat == quite easy. B: dirty read/stream hack == don't know what to say :-) On 11/29/06, Jennifer Lu [EMAIL PROTECTED] wrote: Hi David, I think I have joined the list as I have received the confirmation on this? Probably this is the first email I sent before the confirmation. Thank you for your advice on my question. However, the templates/images folder has to be outside of the RMS webapp folder in this case so I cannot figure out how to do this. I do not have problems in retrieving images from the RMS webapp folder. Any idea on how to refer to an images folder outside of the webapp root? Thanks. Jen On 11/29/06, David Smith [EMAIL PROTECTED] wrote: 1. the path attribute of your context definition will be ignored by tomcat 5.5. The webapp itself will be deployed as RMS, not images. 2. Assuming you have an images folder in your RMS webapp and a file named logo.gif exists there, the url http://localhost:8080/RMS/images/logo.gif should work. Check the logs if it's not working. 3. Please don't hijack threads. Join the list and send a NEW message to [EMAIL PROTECTED] Replying to a message and changing the subject isn't enough. --David Jennifer Lu wrote: Dear all, I need to define a virtual mapping path on Tomcat 5.5. The following works well on Tomcat 5.0.28 (I put it in the server.xml) Context path=/images docBase=E:/templates/images debug=0 reloadable=true/Context The webapp is called RMS and its classes directory has been installed on C:. http://localhost:8080/RMS/images/logo.gifthis url works well on Tomcat 5.0.28 but causes a HTTP404error on Tomcat5.5 I have tried several approaches on Tomcat5.5 but none of them succeeded. Approach 1. put it in conf/Catalina/localhost/RMS.xml Approach 2. put it in webapps/RMS/META-INF/context.xml Any advice on this? Thanks a lot. Jen - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Realms
On 11/25/06, Asare Samuel [EMAIL PROTECTED] wrote: Thank you for your speedly reply. Let me get this straight are you saying you can't access the login page directly and that the only thing that should be accessed directly is the item (ie page)your are protecting. Yes definitively, when using FORM scheme ! If so, you have hit the nail on the head. I am currently allowing the user to access the login page first, and then the system passes users to the secured page. This is wrong according to your mail??? Yap, all you have to is to point on a secured resource, the user will be redirected (internaly aka forward (tomcat 5)) to the login page! sam olivier nouguier [EMAIL PROTECTED] wrote: hi, You are using the FORM authentication scheme! This scheme imply that: 1: a secured resource is accessed. 2: login (error-page) is given 3: login occures 4: secured resource (1) is given (with a GET !) 408 error code may occurs if: a - login page is access directly ( starting at stage 2). b - session expired between stage 2 and 3. To avoid (a) you should set error-page hidden ( eg /WEB-INF/jsp/login.jsp) if tomcat 5 The treat (b) you should have a custom 408 error page HIH On 11/24/06, Asare Samuel wrote: I have put a realm on a page on one of my Html pages using the FORM based realm. 1-sometimes i get this message: message HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser description The client did not produce a request within the time that the server was prepared to wait (The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser). 2-If I have already loged-in and I login again, i get the following: HTTP Status 404 - /LeeOasis/html/j_security_check type Status report message /LeeOasis/html/j_security_check description The requested resource (/LeeOasis/html/j_security_check) is not available. Please help - Try the all-new Yahoo! Mail . The New Version is radically easier to use – The Wall Street Journal -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. Send instant messages to your online friends http://uk.messenger.yahoo.com -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Realms
hi, You are using the FORM authentication scheme! This scheme imply that: 1: a secured resource is accessed. 2: login (error-page) is given 3: login occures 4: secured resource (1) is given (with a GET !) 408 error code may occurs if: a - login page is access directly ( starting at stage 2). b - session expired between stage 2 and 3. To avoid (a) you should set error-page hidden ( eg /WEB-INF/jsp/login.jsp) if tomcat 5 The treat (b) you should have a custom 408 error page HIH On 11/24/06, Asare Samuel [EMAIL PROTECTED] wrote: I have put a realm on a page on one of my Html pages using the FORM based realm. 1-sometimes i get this message: message HTTP Status 408 - The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser description The client did not produce a request within the time that the server was prepared to wait (The time allowed for the login process has been exceeded. If you wish to continue you must either click back twice and re-click the link you requested or close and re-open your browser). 2-If I have already loged-in and I login again, i get the following: HTTP Status 404 - /LeeOasis/html/j_security_check type Status report message /LeeOasis/html/j_security_check description The requested resource (/LeeOasis/html/j_security_check) is not available. Please help - Try the all-new Yahoo! Mail . The New Version is radically easier to use – The Wall Street Journal -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Tomcat5: Losing JDBCRealm session starting application with own session
hi What do you mean by start the application ? Restart tomcat ? On 11/23/06, Dipl.-Ing. Holger Evers | Cybay New Media [EMAIL PROTECTED] wrote: Hello, i've set up my Tomcat with form based authentication and a JDBCRealm (besides i use an AJP-Connector to attach it to Apache1.3). Everything works fine when calling simple jsp-files such as the jsp-examples. Unfortunately the application i want restricted access for uses sessions itself. I have not written it by myself, but it uses the global Tomcat session object. When i login on a page without session use and then start the application i am redirected to the login page again, same when pushing the back button. My conclusion is that the JDBCRealm uses the same session as my application. When i'm right, is there any possibility to change this? Viele Grüße Holger Evers -- Dipl.-Ing. Holger Evers | Entwicklung Cybay New Media GmbH | http://www.cybay.de - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Realm authentication - unconventional usage
Hi The natural *post* should be http://localhost/realm-test /j_security_check?j_username=fooj_password=bar And should be OK. What are your need ? On 11/22/06, Santosh Puranshettiwar [EMAIL PROTECTED] wrote: Hello, I wish to user a JDBCRealm with the username password coming in the HTTP request as key-value pairs. Is it possible? Elaborate: - They request uri: - http://localhost/realm-test/RealmTestServetlet?username=foopassword=bar The Realm must authenticate with 'foo' 'bar'. -- Santosh. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: Realm authentication - unconventional usage
I just like to point you the usual / standard use of J2EE authentication in a web tier ! http://java.sun.com/products/servlet/download.html With restricted resources define in web.xml Login page (FORM) And a defined realm in context.xml (or server.xml) No more ... PS: I don't think it really smart to GET login password in (clear) URL ;-) On 11/22/06, Santosh Puranshettiwar [EMAIL PROTECTED] wrote: olivier nouguier wrote: Thanks. Hi The natural *post* should be http://localhost/realm-test /j_security_check?j_username=fooj_password=bar Let me make sure I got it right. So you mean the request should be something like this: - URL: - http://localhost/realm-test?j_security_check (method=POST) message body: - j_username=fooj_password=bar So appending a 'j_' will do the job? Also, in your case 'j_security_check' is the resource. But in my case, *'RealmTestServetlet'* is the resource. And should be OK. What are your need ? Till now, my authentication code used to be in the application layer. But now, I wish to offload the task to my container (Tomcat) without any changes to the application protocol; which is to send username and password as _plain key-value pairs_ in the request URL. On 11/22/06, Santosh Puranshettiwar [EMAIL PROTECTED] wrote: Hello, I wish to user a JDBCRealm with the username password coming in the HTTP request as key-value pairs. Is it possible? Elaborate: - They request uri: - http://localhost/realm-test/RealmTestServetlet?username=foopassword=bar The Realm must authenticate with 'foo' 'bar'. -- Santosh. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Santosh. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Re: tomcat 5.5 multiple contexts using same realm bug?
Hum, looking back to your previous post I've noticed that you are using context local datasource and that you missed the localDataSource='true' attributte in DataSourceRealm, perhaps il can explain this behaviour. Ref: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm On 11/22/06, Elliott Murray [EMAIL PROTECTED] wrote: They are both FORM auth methods. I have not specified in web.xml any realm attribute because it relates to BASIC authentication. This is a snippet from web.xml and looks like pretty much for both apps. login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page /form-login-config /login-config -Original Message- From: olivier nouguier [mailto:[EMAIL PROTECTED] Sent: 21 November 2006 18:20 To: Tomcat Users List Subject: Re: tomcat 5.5 multiple contexts using same realm bug? In the web.xml, is the realm-name is different ? BASIC | FORM Auth On 11/21/06, Elliott Murray [EMAIL PROTECTED] wrote: Hi, I am trying to set up multiple contexts in Tomcat 5.5 but have a problem in logging in. I have them both up and running. They both use realms for login functionality. I wanted to originally use my own custom data source realm (limitations in the use of the Catalina one) This was working fine for App A but as soon as I put up App B using the same code but a different configuration (different tables, jdbc connections etc) I had some strange results. I would get the login page for App A turning up in App B and vice versa on what seemed random conditions. Login would only work on one App at a time in best case scenario. I then regressed back to using the DataSourceRealm but have the same results. If I use one of each it seems to work in that the correct login pages appear and I can log into one of the sites (though due to my sql requirements can only actually log into one app as the DataSourceRealm isn't quite flexible enough for either of my apps) Help! Is this a bug? I think my config is all correct - all in the correct context files/tags and as I say stand alone they work. If I hazarded a guess I reckon because the realm code is in server lib under tomcat only one instance of the realm is loaded in a parent classloader and sharing its state across multiple apps which is really bad and I'd even go so far to say this has serious potential security issues depending on your environment. It also negates a great potential feature of having realm embedded into context. I could go to using JAAS but would rather not as its a rewrite of something that's been working just fine for a while now. Some (edited) sample config below in case someone believes this is wrong. As I say I am pretty sure this is a bug but cannot believe I am the first person to want to do this? Context docBase=C:/webapps/app1 reloadable=true workDir=C:\Java\Tomcat5.5\work Realm className=org.apache.catalina.realm.DataSourceRealm debug=99 dataSourceName=jdbc/App1MySQLDB userTable=member userNameCol=email userCredCol=password userRoleTable=schemes roleNameCol=name/ Resource auth=Container name=jdbc/App1MySQLDB type=javax.sql.DataSource password=xxx driverClassName=com.mysql.jdbc.Driver maxIdle=5 maxWait=1 removeAbandoned=true logAbandoned=true username=user url=jdbc:mysql://a-url removeAbandonedTimeout=60 factory=org.apache.commons.dbcp.BasicDataSourceFactory maxActive=20/ /Context Repeat for App2 with its own data source (and db/config etc) Should this go to dev mailing list? Or logged as a bug? Thanks Elliott Murray Elliott Murray Technical Architect Green Cathedral http://www.greencathedral.com/images/gc-logo.gif Green Cathedral The Old Granary Westwick Cambridge CB4 5AR [EMAIL PROTECTED] mailto: [EMAIL PROTECTED] m. +44 (C)B243 AR t. +44 (0)1223 266700 f. +44 (0)1223 266701 www.greencathedral.com http://www.greencathedral.com/ -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5 multiple contexts using same realm bug?
Yap, it seem that the mess is in :
http://svn.apache.org/repos/asf/tomcat/container/tc5.5.x/catalina/src/share/org/apache/catalina/realm/DataSourceRealm.java
###
protected Connection open() {
try {
Context context = null;
if (localDataSource) {
context = ContextBindings.getClassLoader();
context = (Context) context.lookup(comp/env);
} else {
StandardServer server =
(StandardServer) ServerFactory.getServer();
context = server.getGlobalNamingContext();
}
DataSource dataSource = (DataSource)context.lookup(dataSourceName);
return dataSource.getConnection();
} catch (Exception e) {
// Log the problem for posterity
containerLog.error(sm.getString(dataSourceRealm.exception), e);
}
return null;
}
###
Something strange in the tomcat JNDI Context ...
Did you put something in the GlobalNamingContext, if not it perhaps a
bug ! So now that you have the workaround you can submit a nice bug
report ... that the way open source advance ;-)
In the worst case it a feature and the documentation should be patched :-)
Don't forget the post the answer in this thread.
On 11/22/06, Elliott Murray [EMAIL PROTECTED] wrote:
Olivier
Brilliant. Good spot and that fixed the problem. Not sure from reading the link
why it fixed the problem to be honest (especially why I was getting App A's
login page in App B!?) but it is now working as I expect!
Many thanks
U welcome.
Elliott
-Original Message-
From: olivier nouguier [mailto:[EMAIL PROTECTED]
Sent: 22 November 2006 12:10
To: Tomcat Users List
Subject: Re: tomcat 5.5 multiple contexts using same realm bug?
Hum, looking back to your previous post I've noticed that you are
using context local datasource and that you missed the
localDataSource='true' attributte in DataSourceRealm, perhaps il can
explain this behaviour.
Ref: http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html#DataSourceRealm
On 11/22/06, Elliott Murray [EMAIL PROTECTED] wrote:
They are both FORM auth methods. I have not specified in web.xml any realm
attribute because it relates to BASIC authentication.
This is a snippet from web.xml and looks like pretty much for both apps.
login-config
auth-methodFORM/auth-method
form-login-config
form-login-page/login.jsp/form-login-page
/form-login-config
/login-config
-Original Message-
From: olivier nouguier [mailto:[EMAIL PROTECTED]
Sent: 21 November 2006 18:20
To: Tomcat Users List
Subject: Re: tomcat 5.5 multiple contexts using same realm bug?
In the web.xml, is the realm-name is different ?
BASIC | FORM Auth
On 11/21/06, Elliott Murray [EMAIL PROTECTED] wrote:
Hi,
I am trying to set up multiple contexts in Tomcat 5.5 but have a problem
in logging in. I have them both up and running. They both use realms for
login functionality. I wanted to originally use my own custom data source
realm (limitations in the use of the Catalina one) This was working fine for
App A but as soon as I put up App B using the same code but a different
configuration (different tables, jdbc connections etc) I had some strange
results. I would get the login page for App A turning up in App B and vice
versa on what seemed random conditions. Login would only work on one App at
a time in best case scenario. I then regressed back to using the
DataSourceRealm but have the same results. If I use one of each it seems to
work in that the correct login pages appear and I can log into one of the
sites (though due to my sql requirements can only actually log into one app
as the DataSourceRealm isn't quite flexible enough for either of my apps)
Help! Is this a bug? I think my config is all correct - all in the correct
context files/tags and as I say stand alone they work. If I hazarded a guess
I reckon because the realm code is in server lib under tomcat only one
instance of the realm is loaded in a parent classloader and sharing its
state across multiple apps which is really bad and I'd even go so far to say
this has serious potential security issues depending on your environment. It
also negates a great potential feature of having realm embedded into
context. I could go to using JAAS but would rather not as its a rewrite of
something that's been working just fine for a while now.
Some (edited) sample config below in case someone believes this is wrong.
As I say I am pretty sure this is a bug but cannot believe I am the first
person to want to do this?
Context
docBase=C:/webapps/app1
reloadable=true
workDir=C:\Java\Tomcat5.5\work
Realm className=org.apache.catalina.realm.DataSourceRealm debug=99
dataSourceName=jdbc/App1MySQLDB
userTable=member userNameCol=email userCredCol=password
userRoleTable=schemes
Re: profiling a webapp
wtp tptp? (www.eclipse.org/) On 11/22/06, asaf.lahav [EMAIL PROTECTED] wrote: Can anyone recommend a good (and FREE) java profiling tool that can be used to profile a webapp running under Tomcat 5.5? Thanks in advance, Asaf -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Log4j
Hi pierre, Simply what is your question ? Did you try wtp ? On 11/22/06, Pierre Goupil [EMAIL PROTECTED] wrote: Hi all ! I once had a Tomcat 5.5 and an Eclipse 3.2 that where running just fine and then... the HDD crashed... I suffered no data lost but since then, I can't start Tomcat anymore. The server view of Eclipse gives me the following trace : Exception in thread main java.lang.ExceptionInInitializerError Caused by: com.sun.org.apache.commons.logging.LogConfigurationException: com.sun.org.apache.commons.logging.LogConfigurationException : java.lang.NullPointerException (Caused by java.lang.NullPointerException) (Caused by com.sun.org.apache.commons.logging.LogConfigurationException: java.lang.NullPointerException (Caused by java.lang.NullPointerException )) at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.newInstance( LogFactoryImpl.java:543) at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.getInstance( LogFactoryImpl.java:235) at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.getInstance ( LogFactoryImpl.java:209) at com.sun.org.apache.commons.logging.LogFactory.getLog(LogFactory.java :351) at org.apache.catalina.startup.Bootstrap.clinit(Bootstrap.java:73) Caused by: com.sun.org.apache.commons.logging.LogConfigurationException : java.lang.NullPointerException (Caused by java.lang.NullPointerException) at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor( LogFactoryImpl.java:397) at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.newInstance ( LogFactoryImpl.java:529) ... 4 more Caused by: java.lang.NullPointerException at com.sun.org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor( LogFactoryImpl.java:374) ... 5 more I eventually felt into Commons-logging / Log4j neighborhood jam ! The log system of my servlet (Log4j) doesn't work anymore, but I don't bother because it doesn't start anyway. But, regarding Tomcat's log system re-launching, it's an usual concern : lots of people talk about that. But neither them nor me can find a solution. Of course I've found a lot of tutorials, but they can't help... I have re-installed my workstation, indeed. I've tried to launch Tomcat via another plugin, too. I gave Sysdeo a try : Tomcat runs, loads the servlet, but doesn't run it and keeps quiet. No servlet log, no exception, no result (resource unavailable). If someone could help me find a definitive answer to that classical question... (other than 42, of course ;-). Thanx a lot and excuse me for my poor English, I'm a little froggie. Pierre -- L'une des raisons pour lesquelles la vie est complexe C'est qu'elle a une partie réelle et une partie imaginaire. -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat stop working for some minute regulary
Is there something between apache and tomcat (firewall ?). On 11/21/06, Rainer Jung [EMAIL PROTECTED] wrote: Please post your mod_jk config (Webserver part, eg. Jk* directoves in httpd.conf, workers.properties, other relevant config and the connector element of the AJP connector in your timcat's server.xml). Also give us the version numbers of apache, tomcat, mod_jk and your OS. Finally: is there anything elso in your mod_jk log or your tomcat logs around the time of the problem? [EMAIL PROTECTED] schrieb: Hi, since few weeks i have a strange problem, sometimes tomcat stop working and then come back (the site is unreachable and come back few mn after) In the log i have : [Tue Nov 21 15:03:11 2006] [error] ajp_service::jk_ajp_common.c (1758): Error connecting to tomcat. Tomcat is probably not started or is listening on the wrong port. worker=ajp14 failed what could be the cause of that? (because tomcat is still listening) Thanks - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
Reloading JAAS Configuration File
Hi all, I was wondering if there is a smarter way to reload a jaas configuration file than to call Configuration.getConfiguration().refresh(); in a servlet. I was thinking of such a call in a webapp lifcycle listener. I really don't know much about JMX but perhaps it should the only nice way? Idea ? Thanks -- Souviens-toi qu'au moment de ta naissance tout le monde était dans la joie et toi dans les pleurs. Vis de manière qu'au moment de ta mort, tout le monde soit dans les pleurs et toi dans la joie.
