Re: Tomcat "JNDI Datasource How-To" documentation & driver managers
Thank you - very helpful & much appreciated. On Sat, Aug 14, 2021 at 4:24 PM Mark Thomas wrote: > On 14/08/2021 01:51, Andrew Tanton wrote: > > In the Tomcat "JNDI Datasource How-To" documentation page > > < > http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html#comments_section > >, > > there is an unusually opinionated section, which discusses the Java > service > > provider (driver manager) mechanism: > > I suspect that was me after spending quite a but of time unpicking > various issues associated with DriverManager where Tomcat was getting > blamed. Goes to check the history... > > Yep. Here is the bug report: > https://bz.apache.org/bugzilla/show_bug.cgi?id=52025 > which triggered this doc update: > https://svn.apache.org/viewvc?view=revision=1184919 > > > "*However, the implementation is fundamentally broken in all Java > versions > > for a servlet container environment. The problem is > > that java.sql.DriverManager will scan for the drivers only once.*" > > > > Can someone help me understand what this means in more practical terms? > > This will be a lot simpler to explain with the source code to hand: > > https://github.com/openjdk/jdk/blob/master/src/java.sql/share/classes/java/sql/DriverManager.java > > > The page goes on to say: > > > > "*...web applications that have database drivers in > > their WEB-INF/lib directory cannot rely on the service provider mechanism > > and should register the drivers explicitly.*" > > > > And, indeed, I have found that placing my JDBC driver in Tomcat's > > $CATALINA_HOME/lib > > or $CATALINA_BASE/lib will be loaded correctly, without explicit > > registration. > > > > MY QUESTIONS: > > > > (1) I don't understand why the "scan only once" limitation results in > this > > behavior - so what am I missing, here, conceptually? > > There are several inter-related elements. > > Scan once caused problems as if two web apps both have JDBC drivers then > the DriverManager scan will only load the Driver for the app that > triggers the scan first. > > An added complication is that the memory leak protection code > essentially ensures that the scan is performed by Tomcat internal code > so no JDBC drivers in WEB-INF/lib for any wweb application are seen by > the scan. Hence, the JDBC drivers need to be in CATALINA_BASE/lib. > > (2) Where is this "scan only once" behavior documented? > > It is sort of implied in the DriverManager Javadoc but you need to read > the source code to get a clear picture. > > > (3) What is it about a servlet container environment which allows this > > problem to exist? > > Dynamic loading and unloading of web applications and use of a dedicated > class loader per web application. > > You can also get various memory leaks associated with DriverManager as > well (which Tomcat automatically protects you against). > > Mark > > > > > > Thank you. > > > > For reference, here is the documentation link I used above: > > > > > > > http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html > > > > (The wording in the documentation has been this way for several Tomcat > > versions, going back a few years.) > > > > > - > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
Re: Tomcat "JNDI Datasource How-To" documentation & driver managers
On 14/08/2021 01:51, Andrew Tanton wrote: In the Tomcat "JNDI Datasource How-To" documentation page <http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html#comments_section>, there is an unusually opinionated section, which discusses the Java service provider (driver manager) mechanism: I suspect that was me after spending quite a but of time unpicking various issues associated with DriverManager where Tomcat was getting blamed. Goes to check the history... Yep. Here is the bug report: https://bz.apache.org/bugzilla/show_bug.cgi?id=52025 which triggered this doc update: https://svn.apache.org/viewvc?view=revision=1184919 "*However, the implementation is fundamentally broken in all Java versions for a servlet container environment. The problem is that java.sql.DriverManager will scan for the drivers only once.*" Can someone help me understand what this means in more practical terms? This will be a lot simpler to explain with the source code to hand: https://github.com/openjdk/jdk/blob/master/src/java.sql/share/classes/java/sql/DriverManager.java The page goes on to say: "*...web applications that have database drivers in their WEB-INF/lib directory cannot rely on the service provider mechanism and should register the drivers explicitly.*" And, indeed, I have found that placing my JDBC driver in Tomcat's $CATALINA_HOME/lib or $CATALINA_BASE/lib will be loaded correctly, without explicit registration. MY QUESTIONS: (1) I don't understand why the "scan only once" limitation results in this behavior - so what am I missing, here, conceptually? There are several inter-related elements. Scan once caused problems as if two web apps both have JDBC drivers then the DriverManager scan will only load the Driver for the app that triggers the scan first. An added complication is that the memory leak protection code essentially ensures that the scan is performed by Tomcat internal code so no JDBC drivers in WEB-INF/lib for any wweb application are seen by the scan. Hence, the JDBC drivers need to be in CATALINA_BASE/lib. > (2) Where is this "scan only once" behavior documented? It is sort of implied in the DriverManager Javadoc but you need to read the source code to get a clear picture. (3) What is it about a servlet container environment which allows this problem to exist? Dynamic loading and unloading of web applications and use of a dedicated class loader per web application. You can also get various memory leaks associated with DriverManager as well (which Tomcat automatically protects you against). Mark Thank you. For reference, here is the documentation link I used above: http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html (The wording in the documentation has been this way for several Tomcat versions, going back a few years.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat "JNDI Datasource How-To" documentation & driver managers
In the Tomcat "JNDI Datasource How-To" documentation page <http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html#comments_section>, there is an unusually opinionated section, which discusses the Java service provider (driver manager) mechanism: "*However, the implementation is fundamentally broken in all Java versions for a servlet container environment. The problem is that java.sql.DriverManager will scan for the drivers only once.*" Can someone help me understand what this means in more practical terms? The page goes on to say: "*...web applications that have database drivers in their WEB-INF/lib directory cannot rely on the service provider mechanism and should register the drivers explicitly.*" And, indeed, I have found that placing my JDBC driver in Tomcat's $CATALINA_HOME/lib or $CATALINA_BASE/lib will be loaded correctly, without explicit registration. MY QUESTIONS: (1) I don't understand why the "scan only once" limitation results in this behavior - so what am I missing, here, conceptually? (2) Where is this "scan only once" behavior documented? (3) What is it about a servlet container environment which allows this problem to exist? Thank you. For reference, here is the documentation link I used above: http://tomcat.apache.org/tomcat-9.0-doc/jndi-datasource-examples-howto.html (The wording in the documentation has been this way for several Tomcat versions, going back a few years.)
[SECURITY] CVE-2021-30640 Apache Tomcat JNDI realm authentication weakness
CVE-2021-30640 JNDI Realm Authentication Weakness Severity: Low Vendor: The Apache Software Foundation Versions Affected: Apache Tomcat 10.0.0-M1 to 10.0.5 Apache Tomcat 9.0.0.M1 to 9.0.45 Apache Tomcat 8.5.0 to 8.5.65 Apache Tomcat 7.0.0 to 7.0.108 Description: Queries made by the JNDI Realm did not always correctly escape parameters. Parameter values could be sourced from user provided data (eg user names) as well as configuration data provided by an administrator. In limited circumstances it was possible for users to authenticate using variations of their user name and/or to bypass some of the protection provided by the LockOut Realm. Mitigation: Users of the affected versions should apply one of the following mitigations: - Upgrade to Apache Tomcat 10.0.6 or later - Upgrade to Apache Tomcat 9.0.46 or later - Upgrade to Apache Tomcat 8.5.66 or later - Upgrade to Apache Tomcat 7.0.109 or later History: 2021-07-12 Original advisory References: [1] https://tomcat.apache.org/security-10.html [2] https://tomcat.apache.org/security-9.html [3] https://tomcat.apache.org/security-8.html [4] https://tomcat.apache.org/security-7.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NPE while lookup resource in tomcat JNDI
Hello Christopher,
Thanks for the reply, digging more into this, I found that the cause of my
issue was a classloader issue.
Lookup for ResourceLink must be done in same classloader tomcat uses to
register resources, otherwise
org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(Object, Name,
Context, Hashtable) returns null
(see
org.apache.naming.factory.ResourceLinkFactory.validateGlobalResourceAccess(String))
Problem solved for me and it was in my code, but maybe having some logging
there could help to understand this kind of issue.
Best,Arnaud
Le lundi 9 novembre 2020 à 20:19:30 UTC+1, Christopher Schultz
a écrit :
Arnaud,
Apologies for the top-post. Could you please:
1. Re-post preserving whitespace? Your code+config were unreadable when
they made it to the mailing list.
2. Post the full (redacted if necessary) stack trace of the NPE.
3. Annotate your code with some line-numbers so we can match #1 and #2
above.
Thanks,
-chris
On 11/9/20 10:10, Arnaud Mergey wrote:
> Hello,
> I have a tomcat app that is trying to list available JDBC Datasources it can
> find in tomcat JNDI Context
> It fails with NPE when there is a ResourceLink in my app context.
> It seems to be a bug in org.apache.naming.NamingContextBindingsEnumeration to
> me, but I may be wrong.
> A minimal test to reproduce could be to define a global datasource in
> server.xml factory="org.apache.tomcat.jdbc.pool.DataSourceFactory"
> type="javax.sql.DataSource" driverClassName="org.postgresql.Driver"
> url="jdbc:postgresql://localhost:5432/postgres" username="user"
> password="pass" maxActive="8" maxIdle="8" minIdle="0" maxWait="15000"
> initialSize="0" defaultAutoCommit="false" rollbackOnReturn="true"
> validationQuery="select 1" testOnBorrow="true"
> timeBetweenEvictionRunsMillis="45000" validationInterval="6" />
> in context.xml of a tomcat app
> auth="container" type="javax.sql.DataSource"/>
>
> Executing this code
> process((Context)new InitialContext().lookup("java:comp/env"), new
>ArrayList(), "java:comp/env")
>
> with:
> private void process(Context context, List list, String jNDIPrefix)
>throws NamingException { NamingEnumeration objects = context
>.listBindings(""); while (objects.hasMore()) { try { Binding binding =
>objects.next(); Object obj = binding.getObject(); if (obj instanceof
>DataSource) { ist.add(jNDIPrefix + binding.getName()); } else if (obj
>instanceof Context) { process((Context) obj, list, jNDIPrefix +
>binding.getName()); } else if (obj instanceof Reference) { Object res =
>context.lookup(binding.getName());
> if (res instanceof DataSource) { list.add(jNDIPrefix + binding.getName()); }
>} } catch (NamingException e) { if (sLogger.isDebugEnabled()) {
>sLogger.debug("Exception while processing one JNDI element", e); } } } }
> fails with
> java.lang.NullPointerException at
> org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingContextBindingsEnumeration.java:129)
> at
> org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:71)
> at
> org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:34)
> After a quick debugin
> org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(),
> value for the ResourceLink is null (value = ctx.lookup(new
> CompositeName(entry.name));) but it should not, so the NPE in the return part
> Even if I am doing something illegal with my code (the recursive processing
> of the context, but would not see why), there should not be a NPE there
> anyway. Any thoughts ?
> Thanks,Arnaud
>
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: NPE while lookup resource in tomcat JNDI
Arnaud,
Apologies for the top-post. Could you please:
1. Re-post preserving whitespace? Your code+config were unreadable when
they made it to the mailing list.
2. Post the full (redacted if necessary) stack trace of the NPE.
3. Annotate your code with some line-numbers so we can match #1 and #2
above.
Thanks,
-chris
On 11/9/20 10:10, Arnaud Mergey wrote:
Hello,
I have a tomcat app that is trying to list available JDBC Datasources it can
find in tomcat JNDI Context
It fails with NPE when there is a ResourceLink in my app context.
It seems to be a bug in org.apache.naming.NamingContextBindingsEnumeration to
me, but I may be wrong.
A minimal test to reproduce could be to define a global datasource in server.xml
in context.xml of a tomcat app
Executing this code
process((Context)new InitialContext().lookup("java:comp/env"), new ArrayList(),
"java:comp/env")
with:
private void process(Context context, List list, String jNDIPrefix) throws
NamingException { NamingEnumeration objects = context .listBindings("");
while (objects.hasMore()) { try { Binding binding = objects.next(); Object obj = binding.getObject();
if (obj instanceof DataSource) { ist.add(jNDIPrefix + binding.getName()); } else if (obj instanceof
Context) { process((Context) obj, list, jNDIPrefix + binding.getName()); } else if (obj instanceof
Reference) { Object res = context.lookup(binding.getName());
if (res instanceof DataSource) { list.add(jNDIPrefix + binding.getName()); } } } catch
(NamingException e) { if (sLogger.isDebugEnabled()) { sLogger.debug("Exception while
processing one JNDI element", e); } } } }
fails with
java.lang.NullPointerException at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingContextBindingsEnumeration.java:129)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:71)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:34)
After a quick debugin
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(), value
for the ResourceLink is null (value = ctx.lookup(new
CompositeName(entry.name));) but it should not, so the NPE in the return part
Even if I am doing something illegal with my code (the recursive processing of
the context, but would not see why), there should not be a NPE there anyway.
Any thoughts ?
Thanks,Arnaud
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
NPE while lookup resource in tomcat JNDI
Hello,
I have a tomcat app that is trying to list available JDBC Datasources it can
find in tomcat JNDI Context
It fails with NPE when there is a ResourceLink in my app context.
It seems to be a bug in org.apache.naming.NamingContextBindingsEnumeration to
me, but I may be wrong.
A minimal test to reproduce could be to define a global datasource in
server.xml
in context.xml of a tomcat app
Executing this code
process((Context)new InitialContext().lookup("java:comp/env"), new
ArrayList(), "java:comp/env")
with:
private void process(Context context, List list, String jNDIPrefix)
throws NamingException { NamingEnumeration objects = context
.listBindings(""); while (objects.hasMore()) { try { Binding binding =
objects.next(); Object obj = binding.getObject(); if (obj instanceof
DataSource) { ist.add(jNDIPrefix + binding.getName()); } else if (obj
instanceof Context) { process((Context) obj, list, jNDIPrefix +
binding.getName()); } else if (obj instanceof Reference) { Object res =
context.lookup(binding.getName());
if (res instanceof DataSource) { list.add(jNDIPrefix + binding.getName()); } }
} catch (NamingException e) { if (sLogger.isDebugEnabled()) {
sLogger.debug("Exception while processing one JNDI element", e); } } } }
fails with
java.lang.NullPointerException at
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(NamingContextBindingsEnumeration.java:129)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:71)
at
org.apache.naming.NamingContextBindingsEnumeration.next(NamingContextBindingsEnumeration.java:34)
After a quick debugin
org.apache.naming.NamingContextBindingsEnumeration.nextElementInternal(), value
for the ResourceLink is null (value = ctx.lookup(new
CompositeName(entry.name));) but it should not, so the NPE in the return part
Even if I am doing something illegal with my code (the recursive processing of
the context, but would not see why), there should not be a NPE there anyway.
Any thoughts ?
Thanks,Arnaud
Re: Tomcat JNDI Authentication - No Login
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Lee,
On 10/9/18 08:11, Lee Broom wrote:
> Hello My aim is to introduce a domain level
> authentication/authorisation security layer when accessing the
> http://localhost:8080/sample/ application. I don't want this web
> application to be openly accessible and without challenging an
> operator.
You should be using HTTPS. This won't cause an erorr, but it is not a
secure configuration.
> After a frustrating and fruitless week I now reach out to the
> apache community for assistance because I have been unsuccessful
> enabling this function. The current behaviour is that
> http://localhost:8080/sample does not throw a login prompt.
>
> I can only assume it is caused by my Apache Tomcat code snippet
> configuration is all wrong. I am running version Apache
> Tomcat/7.0.91 on Redhat 7 in an ec2 AWS instance. I have installed
> and integrated Winbind on the OS and is happily talking to my AD
> domain example.com. Confirmation of this is realm connecting
> successful, I can see groups and users and I have masked the domain
> format 'example/user1' so it appears as 'user1'. Other factors; 1)
> I have found similar issues posted by others but none of the
> solutions worked for me 2)There are no errors found within
> /usr/local/tomcat7/logs/.
If you have the option, I'd use a more recent version of Tomcat. It
sounds like you are starting from scratch, so using e.g. Tomcat 9
should not represent too much of a burden.
> I had downloaded and installed sample.war from
> https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/ into my
> tomcat installation /usr/local.tomcat7/webapps/ directory.
>
> I would appreciate any assistance or a hefty kick in the right
> direction.
>
> There are 3 files in total that I have attempted to configure;
> /conf/server.xml, /webapps/sample/WEB-INF/web.xml &
> /conf/tomcat-users.xml
>
> My JNDI Realm entry in /usr/local/tomcat7/conf/server.xml
> configuration looks like this:
> --
-
>
>
debug="99"
What's the "debug for?
> connectionURL="ldap://example.com:389;
You should be using LDAPS. This won't cause an error, but it is not a
secure configuration.
> authentication="simple" referrals="follow"
> connectionName="ou=users,ou=lab,dc=example,dc=com"
> userSearch="(sAMAccountName={0})" userBase="dc=example,dc=com"
> userSubtree="true" roleSearch="(member={0})" roleName="cn"
> roleSubtree="true" roleBase="ou=users,ou=lab,dc=example,dc=com" />
This all looks okay to me at first glance, but I haven't set up Tomcat
LDAP authentication before.
Where is your defined in conf/server.xml? Within the
or where your application will live? If not, it needs to be in
one of those places. If you just replaced the existing from
the stock conf/server.xml file, then you should be good.
> --
-
>
> Also, I have commented the following:
> --
-
>
>
> --
-
>
> My /usr/local/tomcat7/webapps/sample/WEB-INF/web.xml file looks
> like this:
> --
-
>
>
> http://java.sun.com/xml/ns/j2ee;
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
> xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
> http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; version="2.4">
>
> Hello, World Application
> This is a simple web application with a source code
> organization based on the recommendations of the Application
> Developer's Guide.
>
> HelloServlet
> mypackage.Hello
>
> HelloServlet
> /hello
>
>
> Entire Application
> /*
>
You have a security-constraint which covers the entire URL space and
does not require any user roles. As explained in [1]:
"
An authorization constraint establishes a requirement for
authentication and names the roles authorized to access the URL
patterns and HTTP methods declared by this security constraint. If
there is no authorization constraint, the container must accept the
request without requiring user authentication.
"
I believe this is the core of your problem.
>
>
> All Users
> All
> Users /*
>
> User
>
You have mapped a second security-constraint to the same URL space.
> Admin Users
> Admin
> Users /*
>
> Admin
>
You have mapped a third security-constraint to the same URL space.
In case of a conflict, I believe the "let everyone in" constraint,
specified first above, will win.
> Webapp Admins
> Admin domain
> admins
>
> Webapp Users
> User domain users
>
>
> BASIC
> /sample/login.html
> /sample/error_login.jsp
>
>
>
> --
-
>
> The only change
Tomcat JNDI Authentication - No Login
Hello
My aim is to introduce a domain level authentication/authorisation security
layer when accessing the http://localhost:8080/sample/ application. I don't
want this web application to be openly accessible and without challenging an
operator.
After a frustrating and fruitless week I now reach out to the apache community
for assistance because I have been unsuccessful enabling this function. The
current behaviour is that http://localhost:8080/sample does not throw a login
prompt.
I can only assume it is caused by my Apache Tomcat code snippet configuration
is all wrong. I am running version Apache Tomcat/7.0.91 on Redhat 7 in an ec2
AWS instance. I have installed and integrated Winbind on the OS and is happily
talking to my AD domain example.com. Confirmation of this is realm connecting
successful, I can see groups and users and I have masked the domain format
'example/user1' so it appears as 'user1'. Other factors; 1) I have found
similar issues posted by others but none of the solutions worked for me 2)There
are no errors found within /usr/local/tomcat7/logs/.
I had downloaded and installed sample.war from
https://tomcat.apache.org/tomcat-7.0-doc/appdev/sample/ into my tomcat
installation /usr/local.tomcat7/webapps/ directory.
I would appreciate any assistance or a hefty kick in the right direction.
There are 3 files in total that I have attempted to configure;
/conf/server.xml, /webapps/sample/WEB-INF/web.xml & /conf/tomcat-users.xml
My JNDI Realm entry in /usr/local/tomcat7/conf/server.xml configuration looks
like this:
--
ldap://example.com:389;
authentication="simple"
referrals="follow"
connectionName="ou=users,ou=lab,dc=example,dc=com"
userSearch="(sAMAccountName={0})"
userBase="dc=example,dc=com"
userSubtree="true"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBase="ou=users,ou=lab,dc=example,dc=com"
/>
--
Also, I have commented the following:
--
--
My /usr/local/tomcat7/webapps/sample/WEB-INF/web.xml file looks like this:
--
http://java.sun.com/xml/ns/j2ee;
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance;
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd;
version="2.4">
Hello, World Application
This is a simple web application with a source code organization
based on the recommendations of the Application Developer's Guide.
HelloServlet
mypackage.Hello
HelloServlet
/hello
Entire Application
/*
All Users
All Users
/*
User
Admin Users
Admin Users
/*
Admin
Webapp Admins
Admin
domain admins
Webapp Users
User
domain users
BASIC
/sample/login.html
/sample/error_login.jsp
--
The only change made to /usr/local/tomcat7/conf/tomcat-users.xml is the
additional text:
--
--
Thanks for reading.
Terms and conditions apply to all Vitality partners, please visit the Member
Zone for more information.
© 2016 Vitality Corporate Services Limited trading as VitalityHealth and
VitalityLife. All rights reserved.
Don't want to receive our emails anymore? If you're sure you want to stop
receiving updates about our Vitality programme, you can unsubscribe by clicking
here. You will still receive emails from us about your plan or product changes
as we are obliged to send you these to comply with regulatory guidelines.
This email is confidential and should not be used by anyone who is not the
original intended recipient.
VitalityHealth and VitalityLife are trading names of Vitality Corporate
Services Limited. Registered number 05933141. Registered in England and Wales.
Registered office at 3 More London Riverside, London, SE1 2AQ. Vitality
Corporate Services Limited is authorised and regulated by the Financial Conduct
Authority. Trust administration business is handled by Vitality Corporate
Services Limited and this activity is not regulated by the Financial Conduct
Authority.
An email reply to
Fwd: Accessing tomcat JNDI tree remotely issue
Dear Team,
While trying to port our application from WAS 8.5.5 to
tomcat 8.0.33, we have hit a roadblock and we are unable to proceed. Hence
requesting for your inputs.
Following is the scenario: we have DataSourceManager class which looks for
datasource in the context as shown below.
Properties prop = *new* Properties();
prop.put("java.naming.factory.initial",
"org.apache.naming.java.javaURLContextFactory");
prop.put("java.naming.provider.url", “
rmi://localhost:1099”);
InitialContext context = *new* InitialContext(prop);
dataSource = (DataSource) context.lookup(“apl_datasource”);
Following code perfectly works well when code is run within the Tomcat
container.
But we are unable to access the context remotely i.e from outside the
Tomcat container.
But this works fine in case of WAS when
“com.ibm.websphere.naming.WsnInitialContextFactory”
class is used.
While running a standalone client from a shell script, when inside
DataSourceManager class we do a context lookup for a data source and the
lookup fails with following exception.
javax.naming.NameNotFoundException: Name [java:comp/env/jdbc/apl_datasource]
is not bound in this Context. Unable to find [java:comp].
It seems tomcat does not support remote access to its JNDI tree and
context initialized
is empty. Tomcat does have the data source in the context but it is only
accessible to the process running inside the containers and not accessible
to processes running outside the container. PFB the following link for your
reference.
https://
stackoverflow.com/questions/744389/tomcat-what-is-the-
init-context-params-to-use-for-making-an-external-client-con
Kindly provide your inputs on 2 points
· This link is for tomcat 5.5 and we are porting to tomcat 8. Has
scenario changed in tomcat8
· Is there any other way to access the JNDI tree remotely by
standalone application.
· Is the rmi protocol mentioned in provider url is supported by
tomcat, or we should change it to some another protocol.
Thanks and Regards,
Deepam Singla
tomcat jndi ldap userSearchAsUser not used
Hi,
When I configure this, it does not bind with the user (checked with
wireshark on the ad server)
(only when I use userPattern, but I cannot seem to use that as it needs a
user for both bind and search)
I don't want to have a username/password of a delegated user)
Realm className="org.apache.catalina.realm.JNDIRealm"
debug="99"
connectionURL="ldap://x.1.1.22:389;
userSearch="userPrincipalName={0}"
userBase="cn=Users,dc=mydomain,dc=lab"
userSubtree="true"
userRoleName="memberOf"
userSearchAsUser="true"
/>
Switching Tomcat JNDI Implementation
Is it possible to replace Tomcat's JNDI Implementation with a custom implementation? If so, how do I pass the information to Tomcat? Can it be done with a jndi.properties file? Thanks, Jeff Costello
Re: Tomcat JNDI Datasource
On 2/6/2014 10:45 PM, Filip Hanik wrote: Yes, define the connection pool in server.xml, GlobalNamingResources then in context.xml define a ContextLink That binds the shared connection pool to each context. Thank you, that worked perfectly. Although I think you meant ResourceLink. -Dave - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat JNDI Datasource
I have defined a JNDI JDBC datasource as a resource in the global context.xml file. I was under the impression that what this does is to create a shared connection pool that is tomcat wide. But in practice what seems to happen is that a new instance of that connection pool is created for each context that is running in the container. For example, if I have 6 web applications deployed I end up with 60 connections to my database, assuming the default initialSize parameter of 10. Is there a way to have a single connection pool that is shared amongst deployed applications? In case it is relevant this is tomcat 7.0.19 using the tomcat connection pool. Thanks -Dave
Re: Tomcat JNDI Datasource
Yes, define the connection pool in server.xml, GlobalNamingResources then in context.xml define a ContextLink That binds the shared connection pool to each context. On Thursday, February 6, 2014, David Newman dnew...@unixmonkeys.com wrote: I have defined a JNDI JDBC datasource as a resource in the global context.xml file. I was under the impression that what this does is to create a shared connection pool that is tomcat wide. But in practice what seems to happen is that a new instance of that connection pool is created for each context that is running in the container. For example, if I have 6 web applications deployed I end up with 60 connections to my database, assuming the default initialSize parameter of 10. Is there a way to have a single connection pool that is shared amongst deployed applications? In case it is relevant this is tomcat 7.0.19 using the tomcat connection pool. Thanks -Dave
Tomcat JNDI Server Configuration
Hello, How does one configure tomcat so that a hosted application could connect to a JMS Message server such as WebSphereMQ? I have managed to write a small test application in JMS and deployed it to tomcat and configured it to connect to MQ. This application defines the default initial context using InitialContext context = new InitialContext() And have configured the context.xml and web.xml. I have deployed and tested and it works quite well. However, I do not want to use the default context. I want to use code something like below: Hashtable env = new Hashtable() env.put(Context, contextValue) env.put(ProviderURL, theURL) etc InitialContext context = new InitialContext(env) My question is - What does this ProviderURL represents? Is it the URL to the JNDI service or is it the URL to the JMS message server? If it is the URL to the JNDI server, does tomcat have a separate JNDI server? If so, what is its URL? Thanks
Re: Tomcat JNDI Server Configuration
On Dec 12, 2013, at 4:25 AM, Vic Katte vicnka...@gmail.com wrote: Hello, What version of Tomcat are you using? How does one configure tomcat so that a hosted application could connect to a JMS Message server such as WebSphereMQ? I have managed to write a small test application in JMS and deployed it to tomcat and configured it to connect to MQ. This application defines the default initial context using InitialContext context = new InitialContext() Could you give us a larger code sample? This doesn't really show much. And have configured the context.xml and web.xml. What have you configured in these files? Include that too, minus comments. I have deployed and tested and it works quite well. However, I do not want to use the default context. Why do you not want to use the defaults? I want to use code something like below: Hashtable env = new Hashtable() env.put(Context, contextValue) env.put(ProviderURL, theURL) etc InitialContext context = new InitialContext(env) Again, why? What are you trying to achieve here? Why doesn't the default work? More context and information will help someone on this list to give you a better answer. My question is - What does this ProviderURL represents? Is it the URL to the JNDI service or is it the URL to the JMS message server? Not ringing any bells. Probably something specific to your JMS implementation. If it is the URL to the JNDI server, does tomcat have a separate JNDI server? If so, what is its URL? Tomcat has a JNDI implementation that you can use to access resources defined on the server. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html If you were to make your MQ resources available through JNDI (using the Resource/ tag), you could access them in your application through JNDI. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Using_resources Dan Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JNDI Server Configuration
Hello Dan, Thanks for responding. Without going too much into the code, I am trying to understand whether Tomcat does support the concept of a Naming Server. With JMS, it is possible to create and store administration objects such as ConnectionFactory, Destinations in a Naming Service (such as LDAP). Is it possible to use and external independent Naming Service, such as LDAP to store JMS Admin objects in conjunction with Tomcat? The whole idea of having a Naming Service was to separate objects. Thus your Naming Service hold the details of the objects one really wants to use. From the code, we connect to the Naming Service and obtain reference to the ConnectionFactory, say. We then use this reference to connect to the underlying JMS server encapsulated in the ConnFactory. Supposing my Naming Service URL/port is A.B.C.D/ and my JMS Server URL is E.F.G.H/ - What should one use as the Provider URL in this context? Does Tomcat have a Naming Service running inside it which stores the admin objects? If so, is it accessible via a URL? Thanks ViK On Thu, Dec 12, 2013 at 1:03 PM, Daniel Mikusa dmik...@gopivotal.comwrote: On Dec 12, 2013, at 4:25 AM, Vic Katte vicnka...@gmail.com wrote: Hello, What version of Tomcat are you using? How does one configure tomcat so that a hosted application could connect to a JMS Message server such as WebSphereMQ? I have managed to write a small test application in JMS and deployed it to tomcat and configured it to connect to MQ. This application defines the default initial context using InitialContext context = new InitialContext() Could you give us a larger code sample? This doesn't really show much. And have configured the context.xml and web.xml. What have you configured in these files? Include that too, minus comments. I have deployed and tested and it works quite well. However, I do not want to use the default context. Why do you not want to use the defaults? I want to use code something like below: Hashtable env = new Hashtable() env.put(Context, contextValue) env.put(ProviderURL, theURL) etc InitialContext context = new InitialContext(env) Again, why? What are you trying to achieve here? Why doesn't the default work? More context and information will help someone on this list to give you a better answer. My question is - What does this ProviderURL represents? Is it the URL to the JNDI service or is it the URL to the JMS message server? Not ringing any bells. Probably something specific to your JMS implementation. If it is the URL to the JNDI server, does tomcat have a separate JNDI server? If so, what is its URL? Tomcat has a JNDI implementation that you can use to access resources defined on the server. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html If you were to make your MQ resources available through JNDI (using the Resource/ tag), you could access them in your application through JNDI. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Using_resources Dan Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat JNDI Server Configuration
On Dec 12, 2013, at 1:42 PM, Vic Katte vicnka...@gmail.com wrote: Hello Dan, First, please don't top post. Reply inline, like me, or at the bottom. That is the convention followed on this list. Thanks for responding. Without going too much into the code, I am trying to understand whether Tomcat does support the concept of a Naming Server. Yes. See the link I sent in the previous email. With JMS, it is possible to create and store administration objects such as ConnectionFactory, Destinations in a Naming Service (such as LDAP). You can define these in Tomcat by using Resource / tags. Again, see the link I sent previously. Is it possible to use and external independent Naming Service, such as LDAP to store JMS Admin objects in conjunction with Tomcat? You can connect to an LDAP server, but that has nothing to do with Tomcat. You'd just use the functionality present in the JVM. The whole idea of having a Naming Service was to separate objects. Thus your Naming Service hold the details of the objects one really wants to use. From the code, we connect to the Naming Service and obtain reference to the ConnectionFactory, say. We then use this reference to connect to the underlying JMS server encapsulated in the ConnFactory. Supposing my Naming Service URL/port is A.B.C.D/ and my JMS Server URL is E.F.G.H/ - What should one use as the Provider URL in this context? There is no url, server or port required when loading items from JNDI with Tomcat. See the links I previously sent which show how to grab objects from JNDI. Does Tomcat have a Naming Service running inside it which stores the admin objects? Yes, it has naming service, but I'm not sure what you mean by admin objects. Anything you configure with Resource tags will be available to your applications through JNDI. If you don't configure it, it won't be available. If so, is it accessible via a URL? Yes. Resources are located in JNDI with the URL java:comp/env/ The rest of the path depends on what you setup in your Resource tag. Dan Thanks ViK On Thu, Dec 12, 2013 at 1:03 PM, Daniel Mikusa dmik...@gopivotal.comwrote: On Dec 12, 2013, at 4:25 AM, Vic Katte vicnka...@gmail.com wrote: Hello, What version of Tomcat are you using? How does one configure tomcat so that a hosted application could connect to a JMS Message server such as WebSphereMQ? I have managed to write a small test application in JMS and deployed it to tomcat and configured it to connect to MQ. This application defines the default initial context using InitialContext context = new InitialContext() Could you give us a larger code sample? This doesn't really show much. And have configured the context.xml and web.xml. What have you configured in these files? Include that too, minus comments. I have deployed and tested and it works quite well. However, I do not want to use the default context. Why do you not want to use the defaults? I want to use code something like below: Hashtable env = new Hashtable() env.put(Context, contextValue) env.put(ProviderURL, theURL) etc InitialContext context = new InitialContext(env) Again, why? What are you trying to achieve here? Why doesn't the default work? More context and information will help someone on this list to give you a better answer. My question is - What does this ProviderURL represents? Is it the URL to the JNDI service or is it the URL to the JMS message server? Not ringing any bells. Probably something specific to your JMS implementation. If it is the URL to the JNDI server, does tomcat have a separate JNDI server? If so, what is its URL? Tomcat has a JNDI implementation that you can use to access resources defined on the server. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html If you were to make your MQ resources available through JNDI (using the Resource/ tag), you could access them in your application through JNDI. http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Using_resources Dan Thanks - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
tomcat jndi
I have read http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html 1)I would like to ask about essence of jndi a) jndi as a whole and b) jndi in tomcat In all known to me cases jndi in tomcat and in jboss is used only as http://docs.oracle.com/javase/1.5.0/docs/api/javax/naming/InitialContext.html#lookup%28java.lang.String%29 2) are there any other common uses ? 3) Can we say JNDI in tomcat is a static Map for each application ? actually a map, that can hold simple values and objects(int, string), object factories on which Map.get doesn't return them, but returns objects created by this factories, object pools - similar to factories and this static Map can be configured with xml in web.xml and in context.xml. 4) Is this a good comparison ? InitialContext.lookup is not more than Map.get, apart from case of factories. 5) Or INDI in tomcat has much more functionality ? 6) Is comparison to spring container with scope singleton and prototype more adequate ? 7) Can we say it is older implementation of spring bean container ? 8)Where is the difference between a) Map and jndi b) spring container and jndi 9) can jndi be configured outside of tomcat ? in some other process ? 10) I mostly take part in small projects, where team leader/architect also deploys app in production, possibly jndi is much more handful in corporate environment, where war is shipped to admin dedicated tomcat administrator, who deploys it and configures jdbc connections, and he can't simply change spring configuration. 11) jndi in contrary to spring is a standard and each tomcat/app server admin knows it and knows where and how to configure it ? 12) in projects without dedicated tomcat administrator where team leader makes build and deploys it into production jndi is an excess, and it is better and more handful to use spring and maven profiles for dev and production environment ? 12b) in projects as in 12) there is no sense speaking about advantages of jndi, jndi can be skipped and spring can be used instead. 13) looking into http://docs.oracle.com/javase/1.5.0/docs/guide/jndi/jndi-dns.html would be possible in tomcat to map dns as a jndi provider ? would it work than that InitialContext.lookup(some_appropriate_dns_prefix + tomcat.apache.org) would return me ip address ?? 14) similar to 13) http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html would it be possible in tomcat to map some external ldap as a jndi provider ? would ctx.lookup(some_appropriate_ldap_prefix + cn=objects,ou=Sales/some/x/y/z); query ldap ? 15) would 13) and 14) work in tomcat, if not would it work in eg jboss ? if so what are common some_appropriate_dns_prefix and some_appropriate_ldap_prefix ? 16) can we add both 13) dns and 14) ldap into tomcat as jndi providers, and both work in the same webapp with appropriate prefixes, and java:comp/env/ still returns Resources from web.xml and from context.xml ? thx for reply in advance, regards Jakub
Re: tomcat jndi
3) and 4) are answered here http://stackoverflow.com/questions/1350816/what-is-the-purpose-of-jndi http://stackoverflow.com/questions/5143499/understanding-jndi http://www.javaworld.com/javaworld/jw-04-2002/jw-0419-jndi.html http://technotes.tostaky.biz/2013/01/what-is-jndi-spi-cci-ldap-and-jca.html other question, especially concerning tomcat are still valid On Mon, Apr 29, 2013 at 9:21 AM, Jakub 1983 jjaku...@gmail.com wrote: I have read http://tomcat.apache.org/tomcat-7.0-doc/jndi-datasource-examples-howto.html http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html 1)I would like to ask about essence of jndi a) jndi as a whole and b) jndi in tomcat In all known to me cases jndi in tomcat and in jboss is used only as http://docs.oracle.com/javase/1.5.0/docs/api/javax/naming/InitialContext.html#lookup%28java.lang.String%29 2) are there any other common uses ? 3) Can we say JNDI in tomcat is a static Map for each application ? actually a map, that can hold simple values and objects(int, string), object factories on which Map.get doesn't return them, but returns objects created by this factories, object pools - similar to factories and this static Map can be configured with xml in web.xml and in context.xml. 4) Is this a good comparison ? InitialContext.lookup is not more than Map.get, apart from case of factories. 5) Or INDI in tomcat has much more functionality ? 6) Is comparison to spring container with scope singleton and prototype more adequate ? 7) Can we say it is older implementation of spring bean container ? 8)Where is the difference between a) Map and jndi b) spring container and jndi 9) can jndi be configured outside of tomcat ? in some other process ? 10) I mostly take part in small projects, where team leader/architect also deploys app in production, possibly jndi is much more handful in corporate environment, where war is shipped to admin dedicated tomcat administrator, who deploys it and configures jdbc connections, and he can't simply change spring configuration. 11) jndi in contrary to spring is a standard and each tomcat/app server admin knows it and knows where and how to configure it ? 12) in projects without dedicated tomcat administrator where team leader makes build and deploys it into production jndi is an excess, and it is better and more handful to use spring and maven profiles for dev and production environment ? 12b) in projects as in 12) there is no sense speaking about advantages of jndi, jndi can be skipped and spring can be used instead. 13) looking into http://docs.oracle.com/javase/1.5.0/docs/guide/jndi/jndi-dns.html would be possible in tomcat to map dns as a jndi provider ? would it work than that InitialContext.lookup(some_appropriate_dns_prefix + tomcat.apache.org) would return me ip address ?? 14) similar to 13) http://docs.oracle.com/javase/6/docs/technotes/guides/jndi/jndi-ldap.html would it be possible in tomcat to map some external ldap as a jndi provider ? would ctx.lookup(some_appropriate_ldap_prefix + cn=objects,ou=Sales/some/x/y/z); query ldap ? 15) would 13) and 14) work in tomcat, if not would it work in eg jboss ? if so what are common some_appropriate_dns_prefix and some_appropriate_ldap_prefix ? 16) can we add both 13) dns and 14) ldap into tomcat as jndi providers, and both work in the same webapp with appropriate prefixes, and java:comp/env/ still returns Resources from web.xml and from context.xml ? thx for reply in advance, regards Jakub
Re: Tomcat JNDI custom resource factory questions
On Sep 12, 2012, at 1:52 AM, Kirill Ilyukhin wrote: Hi! I am using Tomcat 7.0.29 with a custom JNDI resource factory (http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Adding_Custom_Resource_Factories). The factory creates a connection to data server which then can be shared between servlets. Two questions regarding the resource usage. 1. Creation of the resource factory, isn't is supposed to be thread-safe? As I understand it, your ObjectFactory implementation needs to be thread safe. See section 4.5 of the link below. http://docs.oracle.com/javase/1.3/docs/guide/jndi/spec/spi/jndispi.fm.html#1007939 The resource (connection) is used by two servlets which obtains it on start-up. It works fine if the servlets are loaded one after another - the first servlet asks JNDI for a connection, JNDI creates a factory, the factory creates a connection, JNDI gives the connection to the servlet; the second one ask JNDI for a connection and immediately gets the same connection, without calling the factory. But if the servlets are being started exactly at the same time, they get two different connections created by two different factories. Shouldn't the factory singleton-ness be managed by Tomcat? Look at the resource definition... singleton Specify whether this resource definition is for a singleton resource, i.e. one where there is only a single instance of the resource. If this attribute is true, multiple JNDI lookups for this resource will return the same object. If this attribute is false, multiple JNDI lookups for this resource will return different objects. This attribute must be true for javax.sql.DataSource resources to enable JMX registration of the DataSource. The value of this attribute must be true or false. By default, this attribute is true. https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Definitions 2. What is the correct way to close the resource? How should I close the resource if the webapp is being stopped/undeployed? Again, look at the resource definition... closeMethod Name of the zero-argument method to call on a singleton resource when it is no longer required. This is intended to speed up clean-up of resources that would otherwise happen as part of garbage collection. This attribute is ignored if the singleton attribute is false. If not specificed, no default is defined and no close method will be called. https://tomcat.apache.org/tomcat-7.0-doc/config/context.html#Resource_Definitions Dan My factory creates a connection on please create a resource call somewhere from inside JNDI, lets the connection go and doesn't know how many servlets use it. Users of the resource are independent, they do not know how many of them are and do not know when the resource can be closed. So I would expect some kind of it's time to close the resource(s) call from JNDI. Is there one? I know that I can track all the resources creation in a ServletContextListener and then close them in contextDestroyed(), but I hope there is a nicer way. Thanks in advance, Kirill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat JNDI custom resource factory questions
Hi! I am using Tomcat 7.0.29 with a custom JNDI resource factory (http://tomcat.apache.org/tomcat-7.0-doc/jndi-resources-howto.html#Adding_Custom_Resource_Factories). The factory creates a connection to data server which then can be shared between servlets. Two questions regarding the resource usage. 1. Creation of the resource factory, isn't is supposed to be thread-safe? The resource (connection) is used by two servlets which obtains it on start-up. It works fine if the servlets are loaded one after another - the first servlet asks JNDI for a connection, JNDI creates a factory, the factory creates a connection, JNDI gives the connection to the servlet; the second one ask JNDI for a connection and immediately gets the same connection, without calling the factory. But if the servlets are being started exactly at the same time, they get two different connections created by two different factories. Shouldn't the factory singleton-ness be managed by Tomcat? 2. What is the correct way to close the resource? How should I close the resource if the webapp is being stopped/undeployed? My factory creates a connection on please create a resource call somewhere from inside JNDI, lets the connection go and doesn't know how many servlets use it. Users of the resource are independent, they do not know how many of them are and do not know when the resource can be closed. So I would expect some kind of it's time to close the resource(s) call from JNDI. Is there one? I know that I can track all the resources creation in a ServletContextListener and then close them in contextDestroyed(), but I hope there is a nicer way. Thanks in advance, Kirill - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
IIS, Tomcat, JNDI and ActiveDirectory
Hi,
i've got a Microsoft IIS 6.0 Webservice.
Behind the IIS is an Apache Tomcat 5.5.26 (connected via ISAPI and
AJP/1.3) protocoll.
In the IIS Integrated Windows Authentication is enabled.
On server.xml tomcatauthentication is set to false.
Also o've configured a JNDI REALM:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://:389/;
connectionName=*
connectionPassword=*
userBase=OU=**,OU=,OU=**,DC=**,DC=
userSearch=(sAMAccountName={0})
userSubtree=true
userRoleName=memberOf
roleBase=OU=**,OU=**,OU=**,OU=**,OU=*,DC=*,
DC=*
roleName=name
roleSubtree=true
roleSearch=(cn={0})
/
in the web.xml of Tomcat (/conf/web.xml) i've configured an
security-constraint:
security-constraint
web-resource-collection
web-resource-nameTest/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
http-methodDELETE/http-method
/web-resource-collection
auth-constraint
role-namesome_ad_role_name/role-name
/auth-constraint
/security-constraint
security-role
descriptionOnly 'tomcat' role is allowed to access this web
application/description
role-namesome_ad_role_name/role-name
/security-role
Now,
i'ld like to realize, that Tomcat give access only to users,
which are in one Active Directory Group detected on IIS.
Can anybody help me?
Thanks in advice
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: IIS, Tomcat, JNDI and ActiveDirectory
Hi Joerg.
The following remarks are more a question from me, than an answer to
you. I am interested also in a real answer from someone who really knows..
Buchner, Joerg [T0I] (VW Sachsen) wrote:
Hi,
i've got a Microsoft IIS 6.0 Webservice.
Behind the IIS is an Apache Tomcat 5.5.26 (connected via ISAPI and
AJP/1.3) protocoll.
In the IIS Integrated Windows Authentication is enabled.
Ok, so IIS authenticates the user's browser session, and gets a Windows
Domain user-id.
Then the AJP protocol passes this user-id to Tomcat (presumably as a
request attribute).
On server.xml tomcatauthentication is set to false.
Allright, so Tomcat believes the user-id as it is given by AJP, and
sets this in its own internal UserPrincipal structure.
Also o've configured a JNDI REALM:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://:389/;
connectionName=*
connectionPassword=*
userBase=OU=**,OU=,OU=**,DC=**,DC=
userSearch=(sAMAccountName={0})
userSubtree=true
userRoleName=memberOf
roleBase=OU=**,OU=**,OU=**,OU=**,OU=*,DC=*,
DC=*
roleName=name
roleSubtree=true
roleSearch=(cn={0})
/
Does the above not *interfere* with what you are trying to do, more than
it helps ?
I mean, you already have an authenticated user-id, of which you are sure
that it is in the AD directory. All that is needed now, is to get from
AD, whatever fields that contain the role-name(s) which we are looking
for, and compare with what we want to allow for this webapp.
Do the roles or groups, as understood by AD, match the roles as
understood by Tomcat ?
in the web.xml of Tomcat (/conf/web.xml) i've configured an
security-constraint:
security-constraint
web-resource-collection
web-resource-nameTest/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
http-methodDELETE/http-method
/web-resource-collection
auth-constraint
role-namesome_ad_role_name/role-name
/auth-constraint
/security-constraint
security-role
descriptionOnly 'tomcat' role is allowed to access this web
application/description
role-namesome_ad_role_name/role-name
/security-role
As far as I understand, with the above, Tomcat is going to issue a
HttpServletRequest.isUserInRole(some_ad_role_name) call, and only
allow access if the response is true.
Is that going to work in this case ?
It is not very clear (to me at least), what this isUserInRole() is going
to refer to.
Now,
i'ld like to realize, that Tomcat give access only to users,
which are in one Active Directory Group detected on IIS.
Since you already receive an authenticated user-id from IIS (but only a
user-id), I would do the rest with a servlet filter wrapping your
application (and allowing access or not depending on what it finds in AD
for this user), rather than with the standard Tomcat declarative
security model.
But maybe that's only my own ignorance speaking.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
AW: IIS, Tomcat, JNDI and ActiveDirectory
Hi André
yes, you alright.
With the Integrated Windows Authentication Tomcat gets only authenticated AD
Users.
But the problem is an other:
The SourceCodes (JSP/Servlets) are secured with NTFS rights on filesystem.
(Windows Server 2003 x64)
I've tried to secure the whole application with NTFS Rights,
but the NTFS ACL does not work for JSP Files.
That is my problem.
I found an article on internet, that this is a feature from the ISAPI
Redirector.
So, users can call JSP Sites directly without authorisation,
but we have not authorisation modules in the application.
That is my problem.
So, i'll secure the whole tomcat,
that tomcat check the permission of the user in an ActiveDirectory Group?
Thank you in advise.
Joerg
-Ursprüngliche Nachricht-
Von: André Warnier [mailto:a...@ice-sa.com]
Gesendet: Dienstag, 29. September 2009 17:45
An: Tomcat Users List
Betreff: Re: IIS, Tomcat, JNDI and ActiveDirectory
Hi Joerg.
The following remarks are more a question from me, than an answer to
you. I am interested also in a real answer from someone who really knows..
Buchner, Joerg [T0I] (VW Sachsen) wrote:
Hi,
i've got a Microsoft IIS 6.0 Webservice.
Behind the IIS is an Apache Tomcat 5.5.26 (connected via ISAPI and
AJP/1.3) protocoll.
In the IIS Integrated Windows Authentication is enabled.
Ok, so IIS authenticates the user's browser session, and gets a Windows
Domain user-id.
Then the AJP protocol passes this user-id to Tomcat (presumably as a
request attribute).
On server.xml tomcatauthentication is set to false.
Allright, so Tomcat believes the user-id as it is given by AJP, and
sets this in its own internal UserPrincipal structure.
Also o've configured a JNDI REALM:
Realm className=org.apache.catalina.realm.JNDIRealm debug=99
connectionURL=ldap://:389/;
connectionName=*
connectionPassword=*
userBase=OU=**,OU=,OU=**,DC=**,DC=
userSearch=(sAMAccountName={0})
userSubtree=true
userRoleName=memberOf
roleBase=OU=**,OU=**,OU=**,OU=**,OU=*,DC=*,
DC=*
roleName=name
roleSubtree=true
roleSearch=(cn={0})
/
Does the above not *interfere* with what you are trying to do, more than
it helps ?
I mean, you already have an authenticated user-id, of which you are sure
that it is in the AD directory. All that is needed now, is to get from
AD, whatever fields that contain the role-name(s) which we are looking
for, and compare with what we want to allow for this webapp.
Do the roles or groups, as understood by AD, match the roles as
understood by Tomcat ?
in the web.xml of Tomcat (/conf/web.xml) i've configured an
security-constraint:
security-constraint
web-resource-collection
web-resource-nameTest/web-resource-name
url-pattern/*/url-pattern
http-methodGET/http-method
http-methodPOST/http-method
http-methodPUT/http-method
http-methodDELETE/http-method
/web-resource-collection
auth-constraint
role-namesome_ad_role_name/role-name
/auth-constraint
/security-constraint
security-role
descriptionOnly 'tomcat' role is allowed to access this web
application/description
role-namesome_ad_role_name/role-name
/security-role
As far as I understand, with the above, Tomcat is going to issue a
HttpServletRequest.isUserInRole(some_ad_role_name) call, and only
allow access if the response is true.
Is that going to work in this case ?
It is not very clear (to me at least), what this isUserInRole() is going
to refer to.
Now,
i'ld like to realize, that Tomcat give access only to users,
which are in one Active Directory Group detected on IIS.
Since you already receive an authenticated user-id from IIS (but only a
user-id), I would do the rest with a servlet filter wrapping your
application (and allowing access or not depending on what it finds in AD
for this user), rather than with the standard Tomcat declarative
security model.
But maybe that's only my own ignorance speaking.
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Re: IIS, Tomcat, JNDI and ActiveDirectory
2009/9/29 Buchner, Joerg [T0I] (VW Sachsen) joerg.buch...@volkswagen.de: But the problem is an other: The SourceCodes (JSP/Servlets) are secured with NTFS rights on filesystem. (Windows Server 2003 x64) I've tried to secure the whole application with NTFS Rights, but the NTFS ACL does not work for JSP Files. The NTFS permissions work just fine for JSP files, as they work for all files. However, Tomcat and IIS have different security models, so just fine doesn't do what you might expect :-). IIS is a native Windows application, so each thread can impersonate a user. This means that when the thread tries to open a file, the permissions that are tested are the permissions of the user that's being impersonated. Tomcat is a Java application, and has no notion of threads impersonating users - each thread runs as the same user that Tomcat starts as. This means that when the thread tries to open a file, the permissions that are tested are the permissions of the user that Tomcat started as. This is not a feature of the ISAPI redirector. It's a core part of any Java application - threads in Java apps cannot impersonate users. You *might* be able to get round it with some nasty JNI code that got hold of the Windows thread correspondingto the Java thread and set the impersonation, but this would be very messy to get right - particularly making sure the impersonation is reset correctly in all error cases. This means that your approach is the correct one. You'll have to do the test in your own code somehow, and obtaining the identity of the user then checking against (a cache of) the AD group memberships seems like a good way to go. Do make sure you cache it, as repeated LDAP lookups will be slow! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: IIS, Tomcat, JNDI and ActiveDirectory
Hi Peter, thank you very much for this very helpful information. Is it now possible, that tomcat checks via JNDI an ActiveDirctory GroupMembership of the detected User (e.g. SAMPLEPC\User1) I'ld try to configure, that my users do not have an login prompt in browser Thank you in advice -Ursprüngliche Nachricht- Von: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] Im Auftrag von Peter Crowther Gesendet: Dienstag, 29. September 2009 18:28 An: Tomcat Users List Betreff: Re: IIS, Tomcat, JNDI and ActiveDirectory 2009/9/29 Buchner, Joerg [T0I] (VW Sachsen) joerg.buch...@volkswagen.de: But the problem is an other: The SourceCodes (JSP/Servlets) are secured with NTFS rights on filesystem. (Windows Server 2003 x64) I've tried to secure the whole application with NTFS Rights, but the NTFS ACL does not work for JSP Files. The NTFS permissions work just fine for JSP files, as they work for all files. However, Tomcat and IIS have different security models, so just fine doesn't do what you might expect :-). IIS is a native Windows application, so each thread can impersonate a user. This means that when the thread tries to open a file, the permissions that are tested are the permissions of the user that's being impersonated. Tomcat is a Java application, and has no notion of threads impersonating users - each thread runs as the same user that Tomcat starts as. This means that when the thread tries to open a file, the permissions that are tested are the permissions of the user that Tomcat started as. This is not a feature of the ISAPI redirector. It's a core part of any Java application - threads in Java apps cannot impersonate users. You *might* be able to get round it with some nasty JNI code that got hold of the Windows thread correspondingto the Java thread and set the impersonation, but this would be very messy to get right - particularly making sure the impersonation is reset correctly in all error cases. This means that your approach is the correct one. You'll have to do the test in your own code somehow, and obtaining the identity of the user then checking against (a cache of) the AD group memberships seems like a good way to go. Do make sure you cache it, as repeated LDAP lookups will be slow! - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: AW: IIS, Tomcat, JNDI and ActiveDirectory
Hi Joerg. To clear up a bit, you are talking about 2 distinct aspects : Authentication and Authorization. Authentication = to find out who the user is Authorization = when we know who the user is, determine if he has or not the authorization required to access some resource (in this case, some Tomcat webapps or JSP pages). With the Integrated Windows Authentication Tomcat gets only authenticated AD Users. Right. And that solves the Authentication part : your users will not have to enter their login again, to access Tomcat-based applications. Tomcat already knows who they are. (*) Unfortunately, IIS+AJP do not pass to Tomcat the names of the Windows groups to which this user belongs. They pass only the user-id. But the problem is an other: The SourceCodes (JSP/Servlets) are secured with NTFS rights on filesystem. (Windows Server 2003 x64) I've tried to secure the whole application with NTFS Rights, but the NTFS ACL does not work for JSP Files. In fact, you should not look at the JSP files as files. *Nobody* should have access to these files, as files, except Tomcat. Tomcat reads these files, and compiles them into executable java code, and they then become web applications (in short webapps) in memory. (To enforce the above, you can make these JSP files belong to the local user-id on your Tomcat server which is used to run Tomcat, and forbid anyone else from accessing them (except you)). The point is now that you want to control who can have access to the webapps that Tomcat creates from these pages. That is a matter for Tomcat, and for nobody else. Tomcat does not care about the NTFS permissions of the JSP files (as long as it can read them himself). Tomcat cares only about the compiled webapps in memory, and who can call them. And Tomcat cares about that from a purely Tomcat point of view, not from an NTFS or Windows point of view. in fact, Tomcat has no idea of what an authorized Windows Domain user is, or an AD user. Tomcat also has no idea of what an AD or Windows group means. It cares only about Tomcat user-id's, and maybe Tomcat roles associated to these user-id's. The point is, you are trying to combine two different worlds : one is the proprietary, single-platform world of Microsoft Windows Domain authentication and group membership and NTFS file permissions based on that; the other one is the open-source, multi-platform world of Java servlets and Tomcat, and access to webapps. These worlds do not fit together perfectly, so you have to make some adjustments. (Just like if you wanted to fit a Porsche engine in a Polo, you would have to make a special gearbox ;-)). So your problem is that you want (entweder/oder) : (a) to translate some AD/Windows attribute/group of an AD/Windows user-id, into something that Tomcat can understand (Tomcat roles) and then let Tomcat use its built-in role-based security model to allow or not access to the webapps. OR (b)(different thing), to bypass the role-based built-in security of Tomcat, and give access or not to the webapps, based on these AD attributes of the user, using some other mechanism. For (a) above, what you have to achieve is that when Tomcat calls isUserInRole(some_AD_attribute), the response comes back as true or false, appropriately. Maybe there is some standard Tomcat+AD method that can be used to do that. I really don't know, but maybe someone else on the list knows. For (b), you could use a servlet filter. This servlet filter would need to take the Tomcat user-id (the same as the one obtained from IIS and passed to Tomcat by the AJP module and accepted by Tomcat as its own), build a connection to the AD system, and retrieve the group attributes of this user in AD. Then, the servlet filter would compare these groups (as strings) to one or more strings contained in some filter configuration parameter (init-param in web.xml), and decide if it lets this call go through to the webapp, or not. A servlet filter does not modify the application in any way. It is a separate java module, and it installs on top of an existing application. The application does not even know that it is there. I don't know which solution between (a) and (b) above is simpler. Writing a servlet filter like above is not very complicated. It may even exist already. One issue with this, would be that you should save the result of the user lookup in AD (in the Tomcat session or in a cookie), to avoid having to do the same lookup at each new request of the same browser, otherwise it would be quite inefficient. I hope this helps. (*) there are other methods to achieve that, not depending on a front-end IIS, and where Tomcat obtains the user-id directly from the browser and the Windows DC (just like IIS does). See www.ioplex.com for one such solution. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For
Re: Tomcat JNDI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Felix, felix l wrote: I just need to register JNDI datasource to Tomcat 6 and I followed http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html. I just couldn't make it work if I put the Resource tag with my oracle connection info in conf/server.xml b/w the GlobalNamingResources tag. BUT it works if I put the Resource tag in webapp/META-INF/context.xml b/w the Context tag. What am I missing? I need the datasource be available for all web app, not just for the current web app. Please post the configuration you tried, and any error messages you got when you couldn't make it work. Also, where have you placed your Oracle JDBC driver's JAR file? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAki5cW0ACgkQ9CaO5/Lv0PCC8gCgtjLDZifJPVlAUVC6qqiVpaTQ 8qMAnREYFVr7g3ynjX+RM3HUWef9Zd3W =ibHc -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JNDI
First time posting on a mailing list, hope I am doing this right. I just need to register JNDI datasource to Tomcat 6 and I followed http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html. I just couldn't make it work if I put the Resource tag with my oracle connection info in conf/server.xml b/w the GlobalNamingResources tag. BUT it works if I put the Resource tag in webapp/META-INF/context.xml b/w the Context tag. What am I missing? I need the datasource be available for all web app, not just for the current web app. Thanks in advance. Felix
Re: Tomcat JNDI
I think you will need to configure realm in your server.xml. Plz refer http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html. -Original Message- From: felix l [EMAIL PROTECTED] To: users@tomcat.apache.org Sent: Fri, 29 Aug 2008 11:27 pm Subject: Tomcat JNDI First time posting on a mailing list, hope I am doing this right. I just need to register JNDI datasource to Tomcat 6 and I followed http://tomcat.apache.org/tomcat-6.0-doc/jndi-resources-howto.html. I just couldn't make it work if I put the Resource tag with my oracle connection info in conf/server.xml b/w the GlobalNamingResources tag. BUT it works if I put the Resource tag in webapp/META-INF/context.xml b/w the Context tag. What am I missing? I need the datasource be available for all web app, not just for the current web app. Thanks in advance. Felix You are invited to Get a Free AOL Email ID. - http://webmail.aol.in
RE: Tomcat: JNDI and Google Webtoolkit
Hi, I moved the driver to the common-directory. Unfortunately it still does not work. In my Java-Code, do I have to write only the following code to connect with the connection pool? Code: InitialContext ctx = new InitialContext(); DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/eco_test); cn = ds.getConnection(); Caldarale, Charles R wrote: What happens if you put the mysql jar into common/lib as the documentation says to? http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html#MySQL%20DBCP%20Example Make sure you remove the jar from server/lib - you don't want it in two places. - Chuck -- View this message in context: http://www.nabble.com/Tomcat%3A-JNDI-and-Google-Webtoolkit-tp18114801p18128251.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat: JNDI and Google Webtoolkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 nabruphonic, nabruphonic wrote: | I moved the driver to the common-directory. Unfortunately it still does not | work. In my Java-Code, do I have to write only the following code to connect | with the connection pool? | Code: | | InitialContext ctx = new InitialContext(); | DataSource ds = (DataSource)ctx.lookup(java:comp/env/jdbc/eco_test); | | cn = ds.getConnection(); Can you tell us what error you actually get? So far, you have just said that it doesn't work. Also, you probably want the Resource to be in an app-specific context.xml (that is, WEBAPP/META-INF/context.xml) instead of the global context.xml in $CATALINA_HOME/conf/context.xml. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhjmNwACgkQ9CaO5/Lv0PArGQCfYZ6t1FS+CknxlVxZxxvLeeYt IgwAoIUK5XejJHR/um+K5pioa4b0WbC1 =7e9p -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat: JNDI and Google Webtoolkit
From: nabruphonic [mailto:[EMAIL PROTECTED] Subject: RE: Tomcat: JNDI and Google Webtoolkit I moved the driver to the common-directory. Unfortunately it still does not work. I doubt that whatever error message you're getting says does not work; you need to be specific. Look in the Tomcat logs to see if there's anything pertinent. From your original message: - MySQL 4.1 (auf Ubuntu) - copy mysql-connector-java-5.1.6-bin.jar into TOMCAT/server/lib Is it valid to use the 5.1 JDBC driver with the 4.1 server? url=jdbc:mysql://192.168.7.136/eco_test Is the IP address correct? Do you need to specify a port number? I think I need to add somewhere a connector? The default Tomcat config includes a Connector for port 8080; if you're going to use port 80, just change the default, don't add another one. Also, if you're switching to the standard HTTP/HTTPS ports, change the redirectPort to 443. You certainly don't want the maxProcessors attribute for a 5.5 Tomcat - that went away some time ago. Use the Tomcat doc appropriate for your level. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat: JNDI and Google Webtoolkit
From: Caldarale, Charles R Subject: RE: Tomcat: JNDI and Google Webtoolkit Is it valid to use the 5.1 JDBC driver with the 4.1 server? Scratch that question - I see from the Connector/J doc that 5.1.6 does work with a 4.1 server. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat: JNDI and Google Webtoolkit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chuck, Caldarale, Charles R wrote: | Is it valid to use the 5.1 JDBC driver with the 4.1 server? Yeah. The driver and server negotiate the capabilities at connection time. Connector/J is pretty good about that -- it's mix-and-match ;) | url=jdbc:mysql://192.168.7.136/eco_test | | Is the IP address correct? Do you need to specify a port number? The default port for MySQL will be used if not provided: 3306. nabruphonic, are you using standard port numbers? - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkhjwpwACgkQ9CaO5/Lv0PC+mwCeOoPl1WeNzwN0L71TtzXsgmFw jiMAniTeNFR90A7n+TzZlthIyHALS9PA =kgS5 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat: JNDI and Google Webtoolkit
From: nabruphonic [mailto:[EMAIL PROTECTED] Subject: Tomcat: JNDI and Google Webtoolkit - copy mysql-connector-java-5.1.6-bin.jar into TOMCAT/server/lib What happens if you put the mysql jar into common/lib as the documentation says to? http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howto.html#MySQL%20DBCP%20Example Make sure you remove the jar from server/lib - you don't want it in two places. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Tomcat JNDI datasource
It was this David. 5.0 is a little different. Thanks to all that helped out! Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical auth=Container type=javax.sql.DataSource/ ResourceParams name=jdbc/medical parameter namemaxActive/name value10/value /parameter parameter namemaxIdle/name value1/value /parameter parameter namemaxWait/name value1/value /parameter parameter nameusername/name valueuser/value /parameter parameter namepassword/name valuepassword/value /parameter parameter namedriverClassName/name valuecom.ibm.db2.jcc.DB2Driver/value /parameter parameter nameurl/name valuejdbc:db2://server:5/medical/value /parameter /ResourceParams /Context Also Chris we still use 5.0 tomcat because we are still on Java 1.4, although we will on Java 5 very soon. We are stuck in the past like a Simon and Simon re-run... Tom -Original Message- From: David Smith [mailto:[EMAIL PROTECTED] Sent: Friday, March 28, 2008 10:19 AM To: Tomcat Users List Subject: Re: Tomcat JNDI datasource Just had a brainstorm while responding on another post. The docs for 5.0.30 should describe defining a resource in terms of a Resource ... / element and a ResourceParams/ResourceParams element. The resource as setup below is only correct for version 5.5.x and later. --David Tom Henricksen wrote: I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto . html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSourc e .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.j a va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applic a tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFil t erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperVal v e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveC o ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java: 5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCo n textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextVal v e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveC o ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke
Tomcat JNDI datasource
I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) Caused by: java.lang.NullPointerException at java.util.StringTokenizer.init(StringTokenizer.java:146) at com.ibm.db2.jcc.DB2Driver.acceptsURL(DB2Driver.java:245) at java.sql.DriverManager.getDriver(DriverManager.java:232) at
Re: Tomcat JNDI datasource
Hi try this InitialContext ic = new InitialContext(); DataSource ODS = (javax.sql.DataSource) ic.lookup(java:comp/env/jdbc/medical); Connection conn = ODS.getConnection(); It works for me in Oracle 10G on TC with regards Karthik I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) Caused by: java.lang.NullPointerException at
Re: Tomcat JNDI datasource
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, Tom Henricksen wrote: | org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver | of class '' for connect URL 'null' Aah, yes. The old connect URL 'null' problem. This is always a problem with some nitpicky detail in your configuration, /or/ that you have your driver JAR in the wrong place (or too many places). First check to see where you have put db2driver.jar (or whatever DB2 calls its driver library). It should only exist in one place. Since you have your DataSource configuration in your context.xml, I think that you can simply put it into your application's lib directory and leave it at that. However, if you also have it in your TOMCAT_HOME/(common|shared)/lib, things won't work. Pick one location and stick with it. I have my MySQL driver in one place only: TOMCAT_HOME/common/lib and nowhere else. | I have an application in Tomcat 5.0.30 that we are trying to get to use | JDBC through JNDI. Since you are making such a change, would upgrading Tomcat be a possibility? Tomcat 5.0 is no longer supported. Upgrading to 5.5 should not be all that painful. | I have setup the context.xml | | | | Context debug=4 | docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web | path=/bop-med reloadable=true | workDir=work\Catalina\localhost\bop-med Bad boy: take out the docBase and path attributes. At best, they will be ignored. At worse, they will confuse both you /and/ Tomcat. Feel free to leave workDir in there, though it is not required. Unless you /need/ to specify it, you should take that out and let Tomcat do what it wants. | Resource name=jdbc/medical | type=javax.sql.DataSource | password=password | driverClassName=com.ibm.db2.jcc.DB2Driver | maxIdle=2 | maxWait=5000 | validationQuery=select * from sysibm.SYSDUMMY1 | username=user | url=jdbc:db2://server:5/db | maxActive=4/ | /Context In my configuration, i also have: auth=Container Note that setting the validationQuery without also setting testOnBorrow=true will result in the validationQuery being ignored. | And I have setup the web.xml with | | | | resource-ref | descriptionDB Connection/description | res-ref-namejdbc/medical/res-ref-name | res-typejavax.sql.DataSource/res-type | res-authContainer/res-auth | /resource-ref Technically, you don't need this, but it's not a bad idea to leave it in there. | initCtx = new InitialContext(); | Context envCtx = (Context) initCtx.lookup(java:comp/env); | DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); | | Connection conn = ds.getConnection(); | | System.out.println(DB Version : | + conn.getMetaData().getDatabaseMajorVersion()); | | conn.close(); This code looks fine (though you don't really have to do two separate lookups -- you can combine them into a single lookup). When you get it working, you should be checking for null, catching NamingExceptions and stuff like that, too. But this should work. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkftAZMACgkQ9CaO5/Lv0PAy+gCgn4uSwY+hSQiQcTLb7lYIg04F uNcAnAo2QhichFNbHa4P24h7IA1X0XK4 =tR4e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat JNDI datasource
Your root cause seems to indicate it's having some trouble possibly with the url: Caused by: java.lang.NullPointerException at java.util.StringTokenizer.init(StringTokenizer.java:146) at com.ibm.db2.jcc.DB2Driver.acceptsURL(DB2Driver.java:245) at java.sql.DriverManager.getDriver(DriverManager.java:232) Not having much experience with IBM's db2 driver, I don't have any good suggestions, but it's something to look at. Also your validation query looks like it could potentially return a lot of records. The validation query only needs to be something simple like 'select 1' -- just enough to fire off some traffic to the server and get a positive response. Tom Henricksen wrote: I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9)
Re: Tomcat JNDI datasource
Hi. Did you try putting your .jar files in \WEB-INF\lib of you webapp? Tom Henricksen [EMAIL PROTECTED] 3/28/2008 8:08 AM I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) Caused by: java.lang.NullPointerException at java.util.StringTokenizer.init(StringTokenizer.java:146) at com.ibm.db2.jcc.DB2Driver.acceptsURL(DB2Driver.java:245)
Re: Tomcat JNDI datasource
| Context debug=4 | docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web | path=/bop-med reloadable=true | workDir=work\Catalina\localhost\bop-med Bad boy: take out the docBase and path attributes. At best, they will be ignored. At worse, they will confuse both you /and/ Tomcat. Feel free to leave workDir in there, though it is not required. Unless you /need/ to specify it, you should take that out and let Tomcat do what it wants. Not necessarily bad. He's deploying the app from outside the tomcat webapps directory, so at least docBase is good. The path on the other hand would be picked up from the name of the context xml file in conf/Catalina/localhost. Note that setting the validationQuery without also setting testOnBorrow=true will result in the validationQuery being ignored. Last I looked, testOnBorrow is true by default and only needs a validationQuery. Setting it explicitly won't hurt though. --David Christopher Schultz wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tom, Tom Henricksen wrote: | org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver | of class '' for connect URL 'null' Aah, yes. The old connect URL 'null' problem. This is always a problem with some nitpicky detail in your configuration, /or/ that you have your driver JAR in the wrong place (or too many places). First check to see where you have put db2driver.jar (or whatever DB2 calls its driver library). It should only exist in one place. Since you have your DataSource configuration in your context.xml, I think that you can simply put it into your application's lib directory and leave it at that. However, if you also have it in your TOMCAT_HOME/(common|shared)/lib, things won't work. Pick one location and stick with it. I have my MySQL driver in one place only: TOMCAT_HOME/common/lib and nowhere else. | I have an application in Tomcat 5.0.30 that we are trying to get to use | JDBC through JNDI. Since you are making such a change, would upgrading Tomcat be a possibility? Tomcat 5.0 is no longer supported. Upgrading to 5.5 should not be all that painful. | I have setup the context.xml | | | | Context debug=4 | docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web | path=/bop-med reloadable=true | workDir=work\Catalina\localhost\bop-med Bad boy: take out the docBase and path attributes. At best, they will be ignored. At worse, they will confuse both you /and/ Tomcat. Feel free to leave workDir in there, though it is not required. Unless you /need/ to specify it, you should take that out and let Tomcat do what it wants. | Resource name=jdbc/medical | type=javax.sql.DataSource | password=password | driverClassName=com.ibm.db2.jcc.DB2Driver | maxIdle=2 | maxWait=5000 | validationQuery=select * from sysibm.SYSDUMMY1 | username=user | url=jdbc:db2://server:5/db | maxActive=4/ | /Context In my configuration, i also have: auth=Container Note that setting the validationQuery without also setting testOnBorrow=true will result in the validationQuery being ignored. | And I have setup the web.xml with | | | | resource-ref | descriptionDB Connection/description | res-ref-namejdbc/medical/res-ref-name | res-typejavax.sql.DataSource/res-type | res-authContainer/res-auth | /resource-ref Technically, you don't need this, but it's not a bad idea to leave it in there. | initCtx = new InitialContext(); | Context envCtx = (Context) initCtx.lookup(java:comp/env); | DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); | | Connection conn = ds.getConnection(); | | System.out.println(DB Version : | + conn.getMetaData().getDatabaseMajorVersion()); | | conn.close(); This code looks fine (though you don't really have to do two separate lookups -- you can combine them into a single lookup). When you get it working, you should be checking for null, catching NamingExceptions and stuff like that, too. But this should work. Hope that helps, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkftAZMACgkQ9CaO5/Lv0PAy+gCgn4uSwY+hSQiQcTLb7lYIg04F uNcAnAo2QhichFNbHa4P24h7IA1X0XK4 =tR4e -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail:
Re: Tomcat JNDI datasource
Bad suggestion. It should exist in one and only one place. That place is common/lib for tc 5.0, 5.5 so it's visible to both tomcat's internal code and the webapp. --David Howard Watson wrote: Hi. Did you try putting your .jar files in \WEB-INF\lib of you webapp? Tom Henricksen [EMAIL PROTECTED] 3/28/2008 8:08 AM I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) Caused by:
Re: Tomcat JNDI datasource
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 David, David Smith wrote: | | | Context debug=4 | | docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web | | path=/bop-med reloadable=true | | workDir=work\Catalina\localhost\bop-med | | Bad boy: take out the docBase and path attributes. At best, they will be | ignored. At worse, they will confuse both you /and/ Tomcat. Feel free to | leave workDir in there, though it is not required. Unless you /need/ to | specify it, you should take that out and let Tomcat do what it wants. | | Not necessarily bad. He's deploying the app from outside the tomcat | webapps directory, so at least docBase is good. Tomcat needs to know where to find the application in the first place. Since context.xml is in the application, there's no need for the application to re-assert its own location. It can only be wrong about it. | The path on the other | hand would be picked up from the name of the context xml file in | conf/Catalina/localhost. I'm assuming (perhaps incorrectly) that context.xml really meant context.xml, and not an application-specific xml file in the conf directory. | Note that setting the validationQuery without also setting | testOnBorrow=true will result in the validationQuery being ignored. | | Last I looked, testOnBorrow is true by default and only needs a | validationQuery. Setting it explicitly won't hurt though. Oops, I always remember that one backward. testOnBorrow=true by default, but there's no default validationQuery, so it has no effect. Setting validationQuery=[something] will definitely turn it on. - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkftBPEACgkQ9CaO5/Lv0PAfYQCgrdxUDgs7vsh4BUCp9dalZK/y e88AoKrdMuzbiS57d/jGfWM1J6C8lx8+ =HZb2 -END PGP SIGNATURE- - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat JNDI datasource
If the app still had errors with the .jar file in the webapps own \WEB-INF\lib then something else is broken (called a test). Since his webapp docBase is outside the Tomcat directory structure there is merit with having associated .jar files in that docBase. And in instances where there are multiple Tomcats running and perhaps multiple versions, then keeping associated files with your app has merit also. David Smith [EMAIL PROTECTED] 3/28/2008 8:45 AM Bad suggestion. It should exist in one and only one place. That place is common/lib for tc 5.0, 5.5 so it's visible to both tomcat's internal code and the webapp. --David Howard Watson wrote: Hi. Did you try putting your .jar files in \WEB-INF\lib of you webapp? Tom Henricksen [EMAIL PROTECTED] 3/28/2008 8:08 AM I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at
Re: Tomcat JNDI datasource
It does have merit to keep associated jars together except in those rare occasions where the jar has to be in the classloader heirarchy at a place visible to both tomcat's internal code and the webapp's. In that case it has to be in common/lib and not in any descendant classloader. To do what you suggest requires the app have it's own pooling library and use the factory attribute in the Resource def. --David Howard Watson wrote: If the app still had errors with the .jar file in the webapps own \WEB-INF\lib then something else is broken (called a test). Since his webapp docBase is outside the Tomcat directory structure there is merit with having associated .jar files in that docBase. And in instances where there are multiple Tomcats running and perhaps multiple versions, then keeping associated files with your app has merit also. David Smith [EMAIL PROTECTED] 3/28/2008 8:45 AM Bad suggestion. It should exist in one and only one place. That place is common/lib for tc 5.0, 5.5 so it's visible to both tomcat's internal code and the webapp. --David Howard Watson wrote: Hi. Did you try putting your .jar files in \WEB-INF\lib of you webapp? Tom Henricksen [EMAIL PROTECTED] 3/28/2008 8:08 AM I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at
Re: Tomcat JNDI datasource
Just had a brainstorm while responding on another post. The docs for 5.0.30 should describe defining a resource in terms of a Resource ... / element and a ResourceParams/ResourceParams element. The resource as setup below is only correct for version 5.5.x and later. --David Tom Henricksen wrote: I have an application in Tomcat 5.0.30 that we are trying to get to use JDBC through JNDI. I am trying to follow along with akarta-tomcat-5.0.30/webapps/tomcat-docs/jndi-datasource-examples-howto. html. I have setup the context.xml Context debug=4 docBase=C:/Java/eclipse-europa/europa-workspace/bop-med/web path=/bop-med reloadable=true workDir=work\Catalina\localhost\bop-med Resource name=jdbc/medical type=javax.sql.DataSource password=password driverClassName=com.ibm.db2.jcc.DB2Driver maxIdle=2 maxWait=5000 validationQuery=select * from sysibm.SYSDUMMY1 username=user url=jdbc:db2://server:5/db maxActive=4/ /Context And I have setup the web.xml with resource-ref descriptionDB Connection/description res-ref-namejdbc/medical/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref When I call the following code initCtx = new InitialContext(); Context envCtx = (Context) initCtx.lookup(java:comp/env); DataSource ds = (DataSource) envCtx.lookup(jdbc/medical); Connection conn = ds.getConnection(); System.out.println(DB Version : + conn.getMetaData().getDatabaseMajorVersion()); conn.close(); I get the following error org.apache.commons.dbcp.SQLNestedException: Cannot create JDBC driver of class '' for connect URL 'null' at org.apache.commons.dbcp.BasicDataSource.createDataSource(BasicDataSource .java:780) at org.apache.commons.dbcp.BasicDataSource.getConnection(BasicDataSource.ja va:540) at com.advtechgrp.web.servlet.TestConn.processRequest(TestConn.java:37) at com.advtechgrp.web.servlet.TestConn.doGet(TestConn.java:20) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Applica tionFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilt erChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValv e.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardCon textValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValv e.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java :137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java :118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve. java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveCo ntext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:5 20) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:79 9) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processC onnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:57 7) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool .java:684) at java.lang.Thread.run(Thread.java:534) Caused by: java.lang.NullPointerException
Simultate Tomcat JNDI
Hi everyone, I'm trying to simulate tomcat's jndi mechanism, in order to test my DAO objects with junit. Does anybody knows how to do that? It seems to me that I need to bind the name java:/comp/env to a Context object and then bind my jdbc name to this context. Is this the way tomcat put things together? A Context object inside another and then the jdbc itself inside this one? Thnaks in advance! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Simultate Tomcat JNDI
Martin, Thanks for you reply. In fact I need to simulate tomcat's jndi mechanism. My class will be invoked by jUnit and not by tomcat. I'm trying to bind a datasource to a jndi name outside tomcat, but with exactaly the same names... Thank you! -Mensagem original- De: Martin Gainty [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 7 de março de 2008 11:43 Para: Milanez, Marcus Cc: Tomcat Users List Assunto: Re: Simultate Tomcat JNDI Marcus-http://tomcat.apache.org/tomcat-5.5-doc/jndi-datasource-examples-howt o.html//assume you have this Oracle Datasource definition in your web.xmlresource-ref descriptionOracle Datasource example/description res-ref-namejdbc/myoracle/res-ref-name res-typejavax.sql.DataSource/res-type res-authContainer/res-auth /resource-ref//I can now access the predefined DataSource using jdbc/myoracle lookup mechanism e.g.Context initContext = new InitialContext(); Context envContext = (Context)initContext.lookup(java:/comp/env); DataSource ds = (DataSource)envContext.lookup(jdbc/myoracle); Connection conn = ds.getConnection();HTHMartin- - Original Message - From: Milanez, Marcus [EMAIL PROTECTED] To: Tomcat Users List users@tomcat.apache.org Sent: Friday, March 07, 2008 9:08 AM Subject: Simultate Tomcat JNDI Hi everyone, I'm trying to simulate tomcat's jndi mechanism, in order to test my DAO objects with junit. Does anybody knows how to do that? It seems to me that I need to bind the name java:/comp/env to a Context object and then bind my jdbc name to this context. Is this the way tomcat put things together? A Context object inside another and then the jdbc itself inside this one? Thnaks in advance! Marcus Milanez - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RES: Simultate Tomcat JNDI
Hi everyone, I came accross a solution for that. I've created my own helper class that provides the same JNDI hierarchy tomcat does to my datasources. Now I can test my DAOs using jUnit outside tomcat! Thank you all! Marcus Milanez -Mensagem original- De: Milanez, Marcus [mailto:[EMAIL PROTECTED] Enviada em: sexta-feira, 7 de março de 2008 11:50 Para: Tomcat Users List Assunto: RES: Simultate Tomcat JNDI Martin, Thanks for you reply. In fact I need to simulate tomcat's jndi mechanism. My class will be invoked by jUnit and not by tomcat. I'm trying to bind a datasource to a jndi name outside tomcat, but with exactaly the same names... Thank you! - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
write to Tomcat JNDI
Hi, I need to bind objects using JNDI in my servlet running on apache tomcat . Since I'm new to the JNDI topic, I did a lot of reading the last few days and got mixed up a little. The tomcat documentation says that the initialContext is read-only, but then I found the hint to a solution in the mailing list archives (http://mail-archives.apache.org/mod_mbox/tomcat-users/200409.mbox/[EMAIL PROTECTED]) I call the initialContext Constructor passing an environment to it and omit the java prefix when creating the subcontext - and it works: Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,org.apache.naming.java.javaURLContextFactory); env.put(Context.URL_PKG_PREFIXES,org.apache.naming); Context initContext = new InitialContext(env); Context myContext = initContext.createSubcontext(wtl); Context jdbcContext = myContext.createSubcontext(jdbc); String test = new String(Hallo!); jdbcContext.bind(test, test); out.println(Object successfully bound!); String message = (String) jdbcContext.lookup(test); out.println(Message: + message); But why does this work? From what I've read I thought the prefix was necessary to associate the url with the context factory. I thought of this prefix as something specifying the protocol like http in web urls, but then this shouldn't work - and why can I write to the context anyway using this method? Does this work with other containers as well or just with tomcat? Thanks, Max - To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat JNDI and LDAP TLS ?
Hello, is it possible to use jndi (ldap) + tls in server.xml ? thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
