RE: Apache TomCat 5.5

2016-09-21 Thread Jeffrey Janner 
Mary -
First, sorry for the top-post.

I noticed in your original post that you have upgraded to the latest Java 8, 
and nearly latest Windows version (at least new than the release available when 
Tomcat 5.5 was first available).  I don't understand why you can't just go 
ahead and upgrade to the latest Tomcat 8 or 8.5 implementation.  As others have 
said, it is quite likely that your application will run just fine.
Without more details of your exact implementation environment, I can't give 
full advice, but here are some things to take into account:

1) If you are terminating SSL at the IIS7 client interface, then that is where 
you need to enable HSTS. It only needs to be on the IIS7-Tomcat conversation if 
that is also using SSL on its linkage (not normally needed for an internal 
network, but your requirements may specify otherwise).  Strip it out of headers 
on the way to Tomcat and add it back on the way to client if necessary.

2) When going from such an old Version of Tomcat to a newer one, be aware that 
Tomcat configuration files and options HAVE changed.  You cannot just copy 
server.xml, context.xml, etc. files from the old version to the new.  You must 
migrate your settings to the new versions.  This is not that difficult or 
time-consuming, but it is best to do this manually.

3) Beware of any changes to provided valves/filters that you rely on.  Changes 
to those in new versions may require you to handle them differently.

4) Do this all in a test/dev environment, possibly several times, before even 
thinking about changing production.

5) If the addition of an additional/unknown HTTP header is causing problems 
with your backend processing, then you have more problems than you think you 
do. You application is in violation of the most basic tenets of the HTTP 
protocol stack, as those headers should just be ignored according to the 
protocol.  Your application may stop working correctly in the next few months 
even without you doing anything to your current setup.

Respectfully,
Jeff


> -Original Message-
> From: Pham, Mary (NIH/OD/ORS) [E] [mailto:maryp...@mail.nih.gov]
> Sent: Wednesday, September 21, 2016 9:52 AM
> To: 'Tomcat Users List' <users@tomcat.apache.org>
> Subject: RE: Apache TomCat 5.5
> 
> Thank you.  Chris, Chuck, Andre, Mark who had answered and I've done
> this far.
> My report.
> - I installed the "URL rewrite" module on IIS 7.  To make short, it
> worked.  http to https redirected then enforced hsts on the IIS site.
> - but broke all the scripts run on Tomcat due to Strick Transport
> Security when HTTPS.
> - so I have to disable in/outbound of URL rewrite.
> Back to square one.  We will not be able to upgrade Tomcat at this time.
> 
> Please help.
> 
> -Mary
> 
> -Original Message-
> From: Christopher Schultz [mailto:ch...@christopherschultz.net]
> Sent: Thursday, September 15, 2016 11:01 AM
> To: Tomcat Users List <users@tomcat.apache.org>
> Subject: Re: Apache TomCat 5.5
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> 
> André,
> 
> On 9/14/16 7:04 PM, André Warnier (tomcat) wrote:
> > Mary, have a look here :
> > http://tomcat.apache.org/whichversion.html Tomcat 5.5 was first
> > released about 10 years ago, and the last modification to it was in
> > 2012. The current "stable" version is Tomcat 8.5.5.
> >
> > For Open Source and free software such as Apache Tomcat, that means
> > that your chances of getting support and help for such an old version
> > are really not good, because most of the people which would be able to
> > help you probably do not run that version anywhere anymore. Even the
> > documentation is not directly available on-line anymore.
> >
> > Regarding your particular issue, it is even possible that the
> > requirement which you are mentioning is younger than Tomcat 5.5 and
> > cannot be met by such an old software version. It is even likely that,
> > considering the age of your Tomcat and the age of the Java JVM it is
> > probably running under, there are a whole lot of other security issues
> > with your server, which make it impossible to make it "secure as the
> > government requires".
> >
> > What I am saying is that you are probably wasting your time, and
> > ultimately your employer's time, with this approach.
> >
> > You seem to mention below that you are using Tomcat "with IIS".
> > Maybe this IIS is a front-end to Tomcat, and users access Tomcat
> > always through IIS. If so, then as long as the connection between IIS
> > and Tomcat is secure (e.g. they run on the same host), then you should
> > probably take care of the SSL/HTTPS (and header) aspect on the IIS
> > front-end. That is, if you /real

Re: Apache TomCat 5.5

2016-09-21 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Mary,

On 9/21/16 10:51 AM, Pham, Mary (NIH/OD/ORS) [E] wrote:
> Thank you.  Chris, Chuck, Andre, Mark who had answered and I've
> done this far. My report.
> 
> - I installed the "URL rewrite" module on IIS 7.  To make short,
> it worked.  http to https redirected then enforced hsts on the IIS 
> site. - but broke all the scripts run on Tomcat due to Strick
> Transport Security when HTTPS. - so I have to disable in/outbound
> of URL rewrite.
> 
> Back to square one.  We will not be able to upgrade Tomcat at this
> time.

So you have several requirements, here:

1. Stay on Tomcat 5.5
2. Implement HSTS
3. Have your scripts all work

It sounds like #2 and #3 conflict, since evidently HSTS "broke all the
scripts to run on Tomcat".

Your only option is to fix your application so that it will work with
HSTS enabled.

Upgrading Tomcat doesn't really have any bearing on any of this, since
you could upgrade Tomcat and still not enable HSTS.

- -chris

> -Original Message- From: Christopher Schultz
> [mailto:ch...@christopherschultz.net] Sent: Thursday, September 15,
> 2016 11:01 AM To: Tomcat Users List <users@tomcat.apache.org> 
> Subject: Re: Apache TomCat 5.5
> 
> André,
> 
> On 9/14/16 7:04 PM, André Warnier (tomcat) wrote:
>> Mary, have a look here : 
>> http://tomcat.apache.org/whichversion.html Tomcat 5.5 was first 
>> released about 10 years ago, and the last modification to it was
>> in 2012. The current "stable" version is Tomcat 8.5.5.
> 
>> For Open Source and free software such as Apache Tomcat, that
>> means that your chances of getting support and help for such an
>> old version are really not good, because most of the people which
>> would be able to help you probably do not run that version
>> anywhere anymore. Even the documentation is not directly
>> available on-line anymore.
> 
>> Regarding your particular issue, it is even possible that the 
>> requirement which you are mentioning is younger than Tomcat 5.5
>> and cannot be met by such an old software version. It is even
>> likely that, considering the age of your Tomcat and the age of
>> the Java JVM it is probably running under, there are a whole lot
>> of other security issues with your server, which make it
>> impossible to make it "secure as the government requires".
> 
>> What I am saying is that you are probably wasting your time, and
>>  ultimately your employer's time, with this approach.
> 
>> You seem to mention below that you are using Tomcat "with IIS". 
>> Maybe this IIS is a front-end to Tomcat, and users access Tomcat
>>  always through IIS. If so, then as long as the connection
>> between IIS and Tomcat is secure (e.g. they run on the same
>> host), then you should probably take care of the SSL/HTTPS (and
>> header) aspect on the IIS front-end. That is, if you /really/
>> cannot upgrade Tomcat and if your applications /really/ do not
>> run under a newer version of Tomcat and Java.
> 
> HSTS is just an HTTP header thing. It can be deployed on any
> version of anything basically back until the beginning of (HTTP)
> time.
> 
> It's slightly easier to do with more recent Tomcats because of the
> inclusion of both the HTTP Header Security Filter[1] and the
> rewrite valve[2] (oddly not mentioned in the "Valves" section of
> the "Configuration" reference), but anyone can write a simple
> Filter and add it to their web application to add these headers. In
> fact, I wouldn't surprised if Tomcat's HTTP Header Security Filter
> included with Tomcat 8+ would work just fine on Tomcat 5.5. You
> just need to grab the code, compile it, and drop it into your own
> application.
> 
> Since you mentioned IIS, I think you're right that IIS is probably
> a better place to configure these HSTS headers.
> 
> Mary, ultimately, Tomcat 5.5 should definitely be upgraded to
> Tomcat 8 or later. You should take your web application and deploy
> it on Tomcat 8.0 or Tomcat 8.5 in a testing environment and just
> see what happens. You might be surprised: it will probably with
> right away without any modifications.
> 
> Hope that helps, -chris
> 
> [1] http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html [2]
> http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
> For additional commands, e-mail: users-h...@tomcat.apache.org
> 
> 
> -
>
> 
To unsubscribe, e-mail: users-unsubs

RE: Apache TomCat 5.5

2016-09-21 Thread Pham, Mary (NIH/OD/ORS) [E] 
Thank you.  Chris, Chuck, Andre, Mark who had answered and I've done this far.  
My report.
- I installed the "URL rewrite" module on IIS 7.  To make short, it worked.  
http to https redirected then enforced hsts on the IIS site.
- but broke all the scripts run on Tomcat due to Strick Transport Security when 
HTTPS.
- so I have to disable in/outbound of URL rewrite.
Back to square one.  We will not be able to upgrade Tomcat at this time.

Please help.

-Mary

-Original Message-
From: Christopher Schultz [mailto:ch...@christopherschultz.net] 
Sent: Thursday, September 15, 2016 11:01 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Apache TomCat 5.5

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 9/14/16 7:04 PM, André Warnier (tomcat) wrote:
> Mary, have a look here :
> http://tomcat.apache.org/whichversion.html Tomcat 5.5 was first 
> released about 10 years ago, and the last modification to it was in 
> 2012. The current "stable" version is Tomcat 8.5.5.
> 
> For Open Source and free software such as Apache Tomcat, that means 
> that your chances of getting support and help for such an old version 
> are really not good, because most of the people which would be able to 
> help you probably do not run that version anywhere anymore. Even the 
> documentation is not directly available on-line anymore.
> 
> Regarding your particular issue, it is even possible that the 
> requirement which you are mentioning is younger than Tomcat 5.5 and 
> cannot be met by such an old software version. It is even likely that, 
> considering the age of your Tomcat and the age of the Java JVM it is 
> probably running under, there are a whole lot of other security issues 
> with your server, which make it impossible to make it "secure as the 
> government requires".
> 
> What I am saying is that you are probably wasting your time, and 
> ultimately your employer's time, with this approach.
> 
> You seem to mention below that you are using Tomcat "with IIS".
> Maybe this IIS is a front-end to Tomcat, and users access Tomcat 
> always through IIS. If so, then as long as the connection between IIS 
> and Tomcat is secure (e.g. they run on the same host), then you should 
> probably take care of the SSL/HTTPS (and header) aspect on the IIS 
> front-end. That is, if you /really/ cannot upgrade Tomcat and if your 
> applications /really/ do not run under a newer version of Tomcat and 
> Java.

HSTS is just an HTTP header thing. It can be deployed on any version of 
anything basically back until the beginning of (HTTP) time.

It's slightly easier to do with more recent Tomcats because of the inclusion of 
both the HTTP Header Security Filter[1] and the rewrite valve[2] (oddly not 
mentioned in the "Valves" section of the "Configuration" reference), but anyone 
can write a simple Filter and add it to their web application to add these 
headers. In fact, I wouldn't surprised if Tomcat's HTTP Header Security Filter 
included with Tomcat 8+ would work just fine on Tomcat 5.5. You just need to 
grab the code, compile it, and drop it into your own application.

Since you mentioned IIS, I think you're right that IIS is probably a better 
place to configure these HSTS headers.

Mary, ultimately, Tomcat 5.5 should definitely be upgraded to Tomcat 8 or 
later. You should take your web application and deploy it on Tomcat
8.0 or Tomcat 8.5 in a testing environment and just see what happens.
You might be surprised: it will probably with right away without any 
modifications.

Hope that helps,
- -chris

[1] http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
[2] http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX2reWAAoJEBzwKT+lPKRYp7MQAJ6nRq3m47o2BEX6nwTBNFFb
lcOfn/2L0dTfhESp/7EHqAcJaTvCHT6JH+RKplQ4gito4cJ8F2tp0HBiLRNukxjB
dxnZL7q5j6Z/41vrLMWX94WI4zz1PMqlhrEMI0/pEtRQFx07h0aE7WLp4CY6JMTl
dCGcuqkEgzNmjL1se+3+Aj3uVd0QAYESfT24AbLK0MHyrkmtIhRfr8W03C/ouD8M
9xcZ9f9BemvneI2zwiUelXaTvE4sCkPf3ULp/xw0MNYGLgl6VS8yByt1KwQsFzal
YPK+UL+k/JK6sxvGpsVLTvmY6StWYXOJZzp4C38YHxj7L5exDpDc/gCAClGm5kM/
uS1vVLL8jlkxby6k3mk5eU43M/HZkgAL+3FNjYCOcnvlsyJKsvQ9qai7Mal2N1Zt
jolFNDZCxWxfXLBPM/BLnfaYTYS6FXWZmAT5QrbnqAoxG9iKWsiMloPym8xdO36+
vIxOeNevWZif7MbpRUw84oOtcCAm1aZcyjXjwxQwWNciczocZg8d3DSJY53wqcrL
nAx5zVbxE5h3nBKSuuNl3s1WGXf7hySYxWyCg7Ya67EsGGeDT1rlLaotXI8PdKOL
qB32fz6PRJZspxJDefQGSHWrjq3gBAqeNFzp/3vj9tmvdCDkdzT0xNJH9s/6YGVE
7whnGB6jlseII/fYe6s1
=hetE
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache TomCat 5.5

2016-09-15 Thread Christopher Schultz 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

André,

On 9/14/16 7:04 PM, André Warnier (tomcat) wrote:
> Mary, have a look here :
> http://tomcat.apache.org/whichversion.html Tomcat 5.5 was first
> released about 10 years ago, and the last modification to it was in
> 2012. The current "stable" version is Tomcat 8.5.5.
> 
> For Open Source and free software such as Apache Tomcat, that means
> that your chances of getting support and help for such an old
> version are really not good, because most of the people which would
> be able to help you probably do not run that version anywhere
> anymore. Even the documentation is not directly available on-line
> anymore.
> 
> Regarding your particular issue, it is even possible that the 
> requirement which you are mentioning is younger than Tomcat 5.5
> and cannot be met by such an old software version. It is even
> likely that, considering the age of your Tomcat and the age of the
> Java JVM it is probably running under, there are a whole lot of 
> other security issues with your server, which make it impossible to
> make it "secure as the government requires".
> 
> What I am saying is that you are probably wasting your time, and 
> ultimately your employer's time, with this approach.
> 
> You seem to mention below that you are using Tomcat "with IIS".
> Maybe this IIS is a front-end to Tomcat, and users access Tomcat
> always through IIS. If so, then as long as the connection between
> IIS and Tomcat is secure (e.g. they run on the same host), then you
> should probably take care of the SSL/HTTPS (and header) aspect on
> the IIS front-end. That is, if you /really/ cannot upgrade Tomcat
> and if your applications /really/ do not run under a newer version
> of Tomcat and Java.

HSTS is just an HTTP header thing. It can be deployed on any version
of anything basically back until the beginning of (HTTP) time.

It's slightly easier to do with more recent Tomcats because of the
inclusion of both the HTTP Header Security Filter[1] and the rewrite
valve[2] (oddly not mentioned in the "Valves" section of the
"Configuration" reference), but anyone can write a simple Filter and
add it to their web application to add these headers. In fact, I
wouldn't surprised if Tomcat's HTTP Header Security Filter included
with Tomcat 8+ would work just fine on Tomcat 5.5. You just need to
grab the code, compile it, and drop it into your own application.

Since you mentioned IIS, I think you're right that IIS is probably a
better place to configure these HSTS headers.

Mary, ultimately, Tomcat 5.5 should definitely be upgraded to Tomcat 8
or later. You should take your web application and deploy it on Tomcat
8.0 or Tomcat 8.5 in a testing environment and just see what happens.
You might be surprised: it will probably with right away without any
modifications.

Hope that helps,
- -chris

[1] http://tomcat.apache.org/tomcat-7.0-doc/config/filter.html
[2] http://tomcat.apache.org/tomcat-8.0-doc/rewrite.html
-BEGIN PGP SIGNATURE-
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCAAGBQJX2reWAAoJEBzwKT+lPKRYp7MQAJ6nRq3m47o2BEX6nwTBNFFb
lcOfn/2L0dTfhESp/7EHqAcJaTvCHT6JH+RKplQ4gito4cJ8F2tp0HBiLRNukxjB
dxnZL7q5j6Z/41vrLMWX94WI4zz1PMqlhrEMI0/pEtRQFx07h0aE7WLp4CY6JMTl
dCGcuqkEgzNmjL1se+3+Aj3uVd0QAYESfT24AbLK0MHyrkmtIhRfr8W03C/ouD8M
9xcZ9f9BemvneI2zwiUelXaTvE4sCkPf3ULp/xw0MNYGLgl6VS8yByt1KwQsFzal
YPK+UL+k/JK6sxvGpsVLTvmY6StWYXOJZzp4C38YHxj7L5exDpDc/gCAClGm5kM/
uS1vVLL8jlkxby6k3mk5eU43M/HZkgAL+3FNjYCOcnvlsyJKsvQ9qai7Mal2N1Zt
jolFNDZCxWxfXLBPM/BLnfaYTYS6FXWZmAT5QrbnqAoxG9iKWsiMloPym8xdO36+
vIxOeNevWZif7MbpRUw84oOtcCAm1aZcyjXjwxQwWNciczocZg8d3DSJY53wqcrL
nAx5zVbxE5h3nBKSuuNl3s1WGXf7hySYxWyCg7Ya67EsGGeDT1rlLaotXI8PdKOL
qB32fz6PRJZspxJDefQGSHWrjq3gBAqeNFzp/3vj9tmvdCDkdzT0xNJH9s/6YGVE
7whnGB6jlseII/fYe6s1
=hetE
-END PGP SIGNATURE-

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache TomCat 5.5

2016-09-14 Thread tomcat 

Mary,
have a look here : http://tomcat.apache.org/whichversion.html
Tomcat 5.5 was first released about 10 years ago, and the last modification to 
it was in 2012.
The current "stable" version is Tomcat 8.5.5.

For Open Source and free software such as Apache Tomcat, that means that your chances of 
getting support and help for such an old version are really not good, because most of the 
people which would be able to help you probably do not run that version anywhere anymore.

Even the documentation is not directly available on-line anymore.

Regarding your particular issue, it is even possible that the requirement which you are 
mentioning is younger than Tomcat 5.5 and cannot be met by such an old software version.
It is even likely that, considering the age of your Tomcat and the age of the Java JVM it 
is probably running under, there are a whole lot of other security issues with your 
server, which make it impossible to make it "secure as the government requires".


What I am saying is that you are probably wasting your time, and ultimately your 
employer's time, with this approach.


You seem to mention below that you are using Tomcat "with IIS".  Maybe this IIS is a 
front-end to Tomcat, and users access Tomcat always through IIS.
If so, then as long as the connection between IIS and Tomcat is secure (e.g. they run on 
the same host), then you should probably take care of the SSL/HTTPS (and header) aspect on 
the IIS front-end.
That is, if you /really/ cannot upgrade Tomcat and if your applications /really/ do not 
run under a newer version of Tomcat and Java.



On 14.09.2016 20:49, Pham, Mary (NIH/OD/ORS) [E] wrote:

Hi Daniel,

A new bee has to learn on an outdated systems!  We cann't up upgrade due to 
dependency of apps and forms, that's what I've learned.
Thank you for the link.  To be honest I do not know what to do yet.  I've 
checked and seen several web.xml files, in different directoriesSome I 
think is original, some had modified.

Regards,

-Mary

-Original Message-
From: Daniel Küppers [mailto:dan...@tetralog.com]
Sent: Wednesday, September 14, 2016 11:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Apache TomCat 5.5



Hello EveryOne,

As new bee of Apache.  We have been using one of the old Apache TomCat on windows server 
2008R2, IIS 7.  After we purchased and installed the SSL certificate.  We need to apply a 
header directive in Apache "Strict-Transport-Security" so that our web site 
would be secured as the Government required.  My question is where can I insert this 
line?  In which and where's the files in Apache TomCat 5.5, JDK 8 updated 102.  Is it in 
the same server.xml file as we modified the connector for SSL.
Look forward to hearing from your supports.

Regards,


Mary Pham
Information Technology Specialist
National Institutes of Health Library
Division of Library Services
Office of Research Services
10 Center Drive, Room 1L07, MSC 1150
Bethesda, MD 20892-1150
T. 301.496.1506
maryp...@mail.nih.gov<mailto:maryp...@mail.nih.gov>

Hello Mary,

you are using a quite outdated tomcat. A quick googling brought me to 
stackoverflow, which might solve the problem for your tomcat 5.5. the easiest 
way possible is to add a filter to your webapp and apply the HSTS header in the 
response. You can make use of the buildin HSTS support, if its possible to 
upgrade your tomcat to a recent version.
Related SO-Question:
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat

Best regards,

Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org




-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache TomCat 5.5

2016-09-14 Thread Caldarale, Charles R 
> From: Pham, Mary (NIH/OD/ORS) [E] [mailto:maryp...@mail.nih.gov] 
> Subject: Apache TomCat 5.5

> We have been using one of the old Apache TomCat on windows server 2008R2, IIS 
> 7.

Firstly, it's Tomcat, not TomCat.

> We need to apply a header directive in Apache "Strict-Transport-Security" so 
> that our web site 
> would be secured as the Government required.

Your web site is pretty much guaranteed to be _insecure_ as long as you're 
running that old - and unsupported - version of Tomcat.  The last Tomcat 5.5 
release was nearly four years ago, and many, many vulnerabilities have been 
addressed since then.  SSL does not protect you against those.  You really must 
upgrade to a supported level (preferably 8.5), after carefully reading the 
migration guides:
http://tomcat.apache.org/migration.html

Not doing so makes anything else you try pointless.

> My question is where can I insert this line?

As suggested by Daniel, a filter is your best bet - but upgrade Tomcat first.  
Not doing so leaves you subject to many more liabilities than lack of HSTS.

 - Chuck 


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache TomCat 5.5

2016-09-14 Thread Pham, Mary (NIH/OD/ORS) [E] 
Hi Daniel,

A new bee has to learn on an outdated systems!  We cann't up upgrade due to 
dependency of apps and forms, that's what I've learned.
Thank you for the link.  To be honest I do not know what to do yet.  I've 
checked and seen several web.xml files, in different directoriesSome I 
think is original, some had modified.

Regards,

-Mary

-Original Message-
From: Daniel Küppers [mailto:dan...@tetralog.com] 
Sent: Wednesday, September 14, 2016 11:17 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: Re: Apache TomCat 5.5


> Hello EveryOne,
>
> As new bee of Apache.  We have been using one of the old Apache TomCat on 
> windows server 2008R2, IIS 7.  After we purchased and installed the SSL 
> certificate.  We need to apply a header directive in Apache 
> "Strict-Transport-Security" so that our web site would be secured as the 
> Government required.  My question is where can I insert this line?  In which 
> and where's the files in Apache TomCat 5.5, JDK 8 updated 102.  Is it in the 
> same server.xml file as we modified the connector for SSL.
> Look forward to hearing from your supports.
>
> Regards,
>
>
> Mary Pham
> Information Technology Specialist
> National Institutes of Health Library
> Division of Library Services
> Office of Research Services
> 10 Center Drive, Room 1L07, MSC 1150
> Bethesda, MD 20892-1150
> T. 301.496.1506
> maryp...@mail.nih.gov<mailto:maryp...@mail.nih.gov>
Hello Mary,

you are using a quite outdated tomcat. A quick googling brought me to 
stackoverflow, which might solve the problem for your tomcat 5.5. the easiest 
way possible is to add a filter to your webapp and apply the HSTS header in the 
response. You can make use of the buildin HSTS support, if its possible to 
upgrade your tomcat to a recent version.
Related SO-Question: 
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat

Best regards,

Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache TomCat 5.5

2016-09-14 Thread Daniel Küppers 



Hello EveryOne,

As new bee of Apache.  We have been using one of the old Apache TomCat on windows server 
2008R2, IIS 7.  After we purchased and installed the SSL certificate.  We need to apply a 
header directive in Apache "Strict-Transport-Security" so that our web site 
would be secured as the Government required.  My question is where can I insert this 
line?  In which and where's the files in Apache TomCat 5.5, JDK 8 updated 102.  Is it in 
the same server.xml file as we modified the connector for SSL.
Look forward to hearing from your supports.

Regards,


Mary Pham
Information Technology Specialist
National Institutes of Health Library
Division of Library Services
Office of Research Services
10 Center Drive, Room 1L07, MSC 1150
Bethesda, MD 20892-1150
T. 301.496.1506
maryp...@mail.nih.gov

Hello Mary,

you are using a quite outdated tomcat. A quick googling brought me to 
stackoverflow, which might solve the problem for your tomcat 5.5. the 
easiest way possible is to add a filter to your webapp and apply the 
HSTS header in the response. You can make use of the buildin HSTS 
support, if its possible to upgrade your tomcat to a recent version.
Related SO-Question: 
http://stackoverflow.com/questions/27541755/add-hsts-feature-to-tomcat


Best regards,

Daniel

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Pid 
On 30/06/2010 13:13, Michael Rodov wrote:
 Hi All,
 I have the following question:
 In the apache 5.0 there was a file called cwc_labels.properties, its
 attached 

The list strips attachments.

Where, exactly, was this file?

 It had some interesting properties in it, such as ErrorPage.Message -
 you could set a customer error message in it, and others
 
 In 5.5 we could not find this file, theres the app_labels.properties

Where is this file?


p

 file, but it does not contain such settings as ErrorPage and many more.
 
 Do you know if this or similar labels file exist in the 5.5 and older
 Tomcats?
 Or maybe how can I change the error message displayed on Tomcat errors?
 thanks
 
 
 
 
 -
 To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 For additional commands, e-mail: users-h...@tomcat.apache.org




signature.asc
Description: OpenPGP digital signature

Re: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Michael Rodov 
this is the link, but its not 100% sure since it depends on the installed
directories

C:\Program Files\Apache Software Foundation\Tomcat
5.5.26\work\Catalina\localhost\sm711\loader\*com\hp\ov\cwc\web*



On Wed, Jun 30, 2010 at 4:08 PM, Pid p...@pidster.com wrote:

 On 30/06/2010 13:13, Michael Rodov wrote:
  Hi All,
  I have the following question:
  In the apache 5.0 there was a file called cwc_labels.properties, its
  attached

 The list strips attachments.

 Where, exactly, was this file?

  It had some interesting properties in it, such as ErrorPage.Message -
  you could set a customer error message in it, and others
 
  In 5.5 we could not find this file, theres the app_labels.properties

 Where is this file?


 p

  file, but it does not contain such settings as ErrorPage and many more.
 
  Do you know if this or similar labels file exist in the 5.5 and older
  Tomcats?
  Or maybe how can I change the error message displayed on Tomcat errors?
  thanks
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Caldarale, Charles R 
 From: Michael Rodov [mailto:rodov.mich...@gmail.com]
 Subject: Apache Tomcat 5.5 and labels.properties
 
 In the apache 5.0 there was a file called cwc_labels.properties

Assuming you mean Tomcat 5.0 (Apache is an organization, not a product), there 
was no such file.  If you had one in your installation of Tomcat, someone added 
it locally - likely part of a webapp.  Note that the work directory in a Tomcat 
distribution is empty; deployment and execution of the webapp can result in 
files being placed there.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY 
MATERIAL and is thus for use only by the intended recipient. If you received 
this in error, please contact the sender and delete the e-mail and its 
attachments from all computers.


-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Pid 
On 30/06/2010 14:13, Michael Rodov wrote:
 this is the link, but its not 100% sure since it depends on the
 installed directories
 
 C:\Program Files\Apache Software Foundation\Tomcat
 5.5.26\work\Catalina\localhost\sm711\loader\*com\hp\ov\cwc\web*

So the clue there is in the package name.

This is not an Apache package, let alone Tomcat: com.hp.ov.cwc.web, it's
something to do with your application - or an app / jar you're using.


p

 On Wed, Jun 30, 2010 at 4:08 PM, Pid p...@pidster.com
 mailto:p...@pidster.com wrote:
 
 On 30/06/2010 13:13, Michael Rodov wrote:
  Hi All,
  I have the following question:
  In the apache 5.0 there was a file called cwc_labels.properties, its
  attached
 
 The list strips attachments.
 
 Where, exactly, was this file?
 
  It had some interesting properties in it, such as ErrorPage.Message -
  you could set a customer error message in it, and others
 
  In 5.5 we could not find this file, theres the app_labels.properties
 
 Where is this file?
 
 
 p
 
  file, but it does not contain such settings as ErrorPage and many
 more.
 
  Do you know if this or similar labels file exist in the 5.5 and older
  Tomcats?
  Or maybe how can I change the error message displayed on Tomcat
 errors?
  thanks
 
 
 
 
  -
  To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
 mailto:users-unsubscr...@tomcat.apache.org
  For additional commands, e-mail: users-h...@tomcat.apache.org
 mailto:users-h...@tomcat.apache.org
 
 
 




signature.asc
Description: OpenPGP digital signature

Re: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Rainer Jung 

On 30.06.2010 15:43, Pid wrote:

On 30/06/2010 14:13, Michael Rodov wrote:

this is the link, but its not 100% sure since it depends on the
installed directories

C:\Program Files\Apache Software Foundation\Tomcat
5.5.26\work\Catalina\localhost\sm711\loader\*com\hp\ov\cwc\web*


So the clue there is in the package name.

This is not an Apache package, let alone Tomcat: com.hp.ov.cwc.web, it's
something to do with your application - or an app / jar you're using.


Likely the application in question is HP Service Manager. It seems the 
file was part of that. It is definitely not a Tomcat file. Talk to hP or 
your integration partner, why they dropped the file and where you can 
find the missing functionality.


Regards,

Rainer

-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Re: Apache Tomcat 5.5 and labels.properties

2010-06-30 Thread Michael Rodov 
Ok thanks guys

On Wed, Jun 30, 2010 at 4:43 PM, Pid p...@pidster.com wrote:

 On 30/06/2010 14:13, Michael Rodov wrote:
  this is the link, but its not 100% sure since it depends on the
  installed directories
 
  C:\Program Files\Apache Software Foundation\Tomcat
  5.5.26\work\Catalina\localhost\sm711\loader\*com\hp\ov\cwc\web*

 So the clue there is in the package name.

 This is not an Apache package, let alone Tomcat: com.hp.ov.cwc.web, it's
 something to do with your application - or an app / jar you're using.


 p

  On Wed, Jun 30, 2010 at 4:08 PM, Pid p...@pidster.com
  mailto:p...@pidster.com wrote:
 
  On 30/06/2010 13:13, Michael Rodov wrote:
   Hi All,
   I have the following question:
   In the apache 5.0 there was a file called cwc_labels.properties,
 its
   attached
 
  The list strips attachments.
 
  Where, exactly, was this file?
 
   It had some interesting properties in it, such as ErrorPage.Message
 -
   you could set a customer error message in it, and others
  
   In 5.5 we could not find this file, theres the
 app_labels.properties
 
  Where is this file?
 
 
  p
 
   file, but it does not contain such settings as ErrorPage and many
  more.
  
   Do you know if this or similar labels file exist in the 5.5 and
 older
   Tomcats?
   Or maybe how can I change the error message displayed on Tomcat
  errors?
   thanks
  
  
  
  
  
 -
   To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
  mailto:users-unsubscr...@tomcat.apache.org
   For additional commands, e-mail: users-h...@tomcat.apache.org
  mailto:users-h...@tomcat.apache.org

RE: Apache Tomcat 5.5.X End of Life

2009-01-07 Thread Mark Thomas 
 -Original Message-
 From: Chad Kellerman [mailto:sunck...@gmail.com]
 Sent: 07 January 2009 16:38
 To: Tomcat Users List
 Subject: Apache Tomcat 5.5.X End of Life
 
 Tomcat Users,
 Is there an expected End of Life date for Tomcat 5.5.x?  I couldn't
 find
 anything on the apache site or google?

No firm plans as yet. Best guess is that it will move to security fixes only
some time later this year. Security fixes are likely to continue for several
years.

Mark



-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

RE: Apache Tomcat (5.5) configuration suggestions

2007-10-04 Thread Peter Crowther 
 From: Tony Fountain [mailto:[EMAIL PROTECTED] 
 is there some sort of server type mode
 for Apache to run in that will allow me to make use of more 
 than 1.5 GB of memory?

You'll need the 64-bit JVM - and a 64-bit OS!  Other than that, 1.5G is
about as large a contiguous heap as Java can allocate in the 32-bit
Windows address space.  Windows reserves the upper 2G for itself and its
DLLs, and there are some other bits'n'pieces in the lower 2G that
fragment it.

If your 2k3 server is already 64-bit, a simple change of JVM will do the
job.  Otherwise, you have a reinstall on your hands.

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache Tomcat (5.5) configuration suggestions

2007-10-04 Thread Peter Crowther 
 From: Tony Fountain [mailto:[EMAIL PROTECTED] 
 from the perspective of
 performance, will the x64 yield much better performance for 
 this type of
 thing over x32?  Obviously it will from a systems standpoint but is it
 evident from an end user perspective?

Depends entirely on your application and your system configuration.  For
most server applications, network bandwidth, disk latency and throughput
and the amount of RAM available for caching are far more relevant than
CPU grunt.  Intel have done a superb job of branding the CPU as *the*
key system component.  It isn't - servers need to be balanced systems,
and x86 vs x64 is only a small part of the overall balance.

Bottom line: if you have an application that's too slow, a change in CPU
architecture isn't going to save you :-).

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache Tomcat (5.5) configuration suggestions

2007-10-04 Thread Tony Fountain 
Peter,

Thanks for the response.  I have our network guy looking into that
avenue for me.  Just another question though, from the perspective of
performance, will the x64 yield much better performance for this type of
thing over x32?  Obviously it will from a systems standpoint but is it
evident from an end user perspective?

Thanks,
Tony Fountain
Benefit Concepts, Inc.
(419) 244-9936 x9010 (office)
(419) 249-7221 (fax)

-Original Message-
From: Peter Crowther [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 04, 2007 11:14 AM
To: Tomcat Users List
Subject: RE: Apache Tomcat (5.5) configuration suggestions

 From: Tony Fountain [mailto:[EMAIL PROTECTED]
 is there some sort of server type mode for Apache to run in that 
 will allow me to make use of more than 1.5 GB of memory?

You'll need the 64-bit JVM - and a 64-bit OS!  Other than that, 1.5G is
about as large a contiguous heap as Java can allocate in the 32-bit
Windows address space.  Windows reserves the upper 2G for itself and its
DLLs, and there are some other bits'n'pieces in the lower 2G that
fragment it.

If your 2k3 server is already 64-bit, a simple change of JVM will do the
job.  Otherwise, you have a reinstall on your hands.

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



This Email has been scanned for all viruses by PAETEC Email Scanning
Services, utilizing MessageLabs proprietary SkyScan infrastructure. For
more information on a proactive anti-virus service working around the
clock, around the globe, visit http://www.paetec.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache Tomcat (5.5) configuration suggestions

2007-10-04 Thread Tony Fountain 
Peter,

Would you happen to know of any good references that walks through how
to trouble shoot Apache related performance issues?  If I can zone in on
the key issues I can obviously address them appropriately.

Thanks,
Tony Fountain
Benefit Concepts, Inc.
(419) 244-9936 x9010 (office)
(419) 249-7221 (fax)

-Original Message-
From: Peter Crowther [mailto:[EMAIL PROTECTED] 
Sent: Thursday, October 04, 2007 11:53 AM
To: Tomcat Users List
Subject: RE: Apache Tomcat (5.5) configuration suggestions

 From: Tony Fountain [mailto:[EMAIL PROTECTED]
 from the perspective of
 performance, will the x64 yield much better performance for this type 
 of thing over x32?  Obviously it will from a systems standpoint but is

 it evident from an end user perspective?

Depends entirely on your application and your system configuration.  For
most server applications, network bandwidth, disk latency and throughput
and the amount of RAM available for caching are far more relevant than
CPU grunt.  Intel have done a superb job of branding the CPU as *the*
key system component.  It isn't - servers need to be balanced systems,
and x86 vs x64 is only a small part of the overall balance.

Bottom line: if you have an application that's too slow, a change in CPU
architecture isn't going to save you :-).

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe,
e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



This Email has been scanned for all viruses by PAETEC Email Scanning
Services, utilizing MessageLabs proprietary SkyScan infrastructure. For
more information on a proactive anti-virus service working around the
clock, around the globe, visit http://www.paetec.com.


-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache Tomcat (5.5) configuration suggestions

2007-10-04 Thread Peter Crowther 
 From: Tony Fountain [mailto:[EMAIL PROTECTED] 
 Would you happen to know of any good references that walks through how
 to trouble shoot Apache related performance issues?

I don't, so I'm going to throw that open to the list here :-).

A few obvious pointers from me:

- Performance Monitor: %CPU, Memory pages/second, average disk queue
length.  Over 80% sustained, over 100, or over 2 per spindle in your
disk array are finger in the air figures for bottlenecks on that kind
of resource.

- Remember to monitor your database server if it's separate - and the
traffic across your net link to/from the RDBMS.  I've seen plenty of
people scratching their heads over an almost-idle Web server when the
database server was thrashing away.

- Turn on verbose GCs in the Java VM and watch for significant GC
activity.  This can also show as spikes of CPU usage, and generally
indicates you're short of Java heap space.

- The single most common cause of poor webapp performance, in my
experience, is poor use of the database.  It's easy to send thousands of
small queries to the RDBMS - at which point you'll be crippled by time
to parse and execute all these queries, plus latency if the RDBMS is on
another machine.  It's also easy to create big queries that make poor
use of indexes, and saturate the RDBMS that way.  In general, more
hardware doesn't solve the problem; sending the person who built the
database and/or webapp on a course on RDB optimisation is the way to go
;-).

- Peter

-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: Apache Tomcat 5.5 install issues.

2007-08-05 Thread William Rui 
Hi, Kristian

Thanks for your help,

(a) You don't have a JDK installed but just a JRE which
[CODE]
[EMAIL PROTECTED] apache-tomcat-5.5.23 ls -a ..
.   apache-tomcat-5.5.23 jdk1.5.0_12  jre1.5.0_12
..  apache-tomcat-5.5.23.tar.gz  jdk-1_5_0_12-linux-i586.bin
jre-1_5_0_12-linux-i586.bin
[EMAIL PROTECTED] apache-tomcat-5.5.23 rpm -qa | grep jdk
[EMAIL PROTECTED] apache-tomcat-5.5.23 rpm -qa | grep jre
[EMAIL PROTECTED] apache-tomcat-5.5.23
[/CODE]
It seems that I've not install jdkjre, but actually I just installed them
by their manual (such as http://java.sun.com/j2se/1.5.0/install-linux.html).


 which java
 which javac
[CODE]
[EMAIL PROTECTED] apache-tomcat-5.5.23 which java
/usr/bin/which: no java in
(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/
bin:/usr/sbin:/usr/bin:/usr/java/jdk1.5.0_07/bin:/var/www/tomcat/bin:/usr/X1
1R6/bin:/root/bin)
[EMAIL PROTECTED] apache-tomcat-5.5.23 which javac
/usr/bin/which: no javac in
(/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/sbin:/usr/local/bin:/sbin:/
bin:/usr/sbin:/usr/bin:/usr/java/jdk1.5.0_07/bin:/var/www/tomcat/bin:/usr/X1
1R6/bin:/root/bin)
[/CODE]

It really seems that I've not successfully installed them, but how can I?

Thanks and regards,


-Original Message-
From: Kristian Rink [mailto:[EMAIL PROTECTED] 
Sent: 2007?8?3? 16:30
To: users@tomcat.apache.org
Subject: Re: Apache Tomcat 5.5 install issues.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

William;


[William Rui [EMAIL PROTECTED] @ Fri, 3 Aug 2007
16:19:17 +0800]

 *** Host support ***
 checking C flags dependant on host system type... ok
 *** Java compilation tools ***
 checking for javac... NONE
 checking for javac... NONE
 configure: error: javac not found

There could be two things causing this issue:

(a) You don't have a JDK installed but just a JRE which, well, just
provides the features required to run Java application but actually
lacks everything required to build Java apps from source. Solution
would be to install an up-to-date JDK.

(b) you don't have your PATH set up so your shell can't find javac.
To set this right, best is putting something like this to your shell
configuration file:

export JAVA_HOME=/path/to/your/jdk
export PATH=$JAVA_HOME/bin:$PATH

(assuming a bash-like shell).


By the way you can check pretty well how things are by trying to
manually entering java or javac in your terminal, or by using

which java
which javac

to locate where these friends are. Maybe, however, you'll be better /
quicker off installing a pre-built tomcat binary. :)

Cheers,
Kristian

- -- 
Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/
jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771
One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality. (Hundertwasser)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsueWcxBAPOA1m6wRAjF9AJ92sDDUMX4+rLplBn7GNtxvS2j2JQCdE4yk
Psy9OUqGng9xy3pXOdKFaVM=
=woaR
-END PGP SIGNATURE-



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Tomcat 5.5 install issues.

2007-08-03 Thread Kristian Rink 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


William;

[William Rui [EMAIL PROTECTED] @ Fri, 3 Aug 2007
15:43:18 +0800]
...
 [EMAIL PROTECTED] bin cd jsvc-src/
 
 [EMAIL PROTECTED] jsvc-src autoconf
 
 [EMAIL PROTECTED] jsvc-src ./configure
 
 -bash: ./configure: Permission denied

First bet would be that configure is not actually marked as executable,
try either

sh ./configure 

or do a 

chmod u+x configure 


prior to running ./configure to move on.

Cheers,
Kristian

- -- 
Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/
jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771
One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality. (Hundertwasser)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsuKBcxBAPOA1m6wRApH4AJ4+ox35fpsgMPBvC3e+pKMcWUB9PgCgjn3I
ATlUyJUqLeO4Xv074eTo59Y=
=7mGT
-END PGP SIGNATURE-

RE: Apache Tomcat 5.5 install issues.

2007-08-03 Thread William Rui 
Kristian:

Thank you for your reply. I did as you said, got following info:
[CODE]
[EMAIL PROTECTED] jsvc-src autoconf
[EMAIL PROTECTED] jsvc-src sh ./configure
*** Current host ***
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking cached host system type... ok
*** C-Language compilation tools ***
checking for gcc... gcc
checking for C compiler default output... a.out
checking whether the C compiler works... yes
checking whether we are cross compiling... no
checking for suffix of executables...
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ANSI C... none needed
checking for ranlib... ranlib
*** Host support ***
checking C flags dependant on host system type... ok
*** Java compilation tools ***
checking for javac... NONE
checking for javac... NONE
configure: error: javac not found
[EMAIL PROTECTED] jsvc-src
[/CODE]

I wander if above info maybe something error, for somebody has installed
tomcat some early time on this pc but failed.


Br, william

-Original Message-
From: Kristian Rink [mailto:[EMAIL PROTECTED] 
Sent: 2007?8?3? 16:08
To: users@tomcat.apache.org
Subject: Re: Apache Tomcat 5.5 install issues.

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1


William;

[William Rui [EMAIL PROTECTED] @ Fri, 3 Aug 2007
15:43:18 +0800]
...
 [EMAIL PROTECTED] bin cd jsvc-src/
 
 [EMAIL PROTECTED] jsvc-src autoconf
 
 [EMAIL PROTECTED] jsvc-src ./configure
 
 -bash: ./configure: Permission denied

First bet would be that configure is not actually marked as executable,
try either

sh ./configure 

or do a 

chmod u+x configure 


prior to running ./configure to move on.

Cheers,
Kristian

- -- 
Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/
jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771
One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality. (Hundertwasser)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsuKBcxBAPOA1m6wRApH4AJ4+ox35fpsgMPBvC3e+pKMcWUB9PgCgjn3I
ATlUyJUqLeO4Xv074eTo59Y=
=7mGT
-END PGP SIGNATURE-



-
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache Tomcat 5.5 install issues.

2007-08-03 Thread Kristian Rink 
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

William;


[William Rui [EMAIL PROTECTED] @ Fri, 3 Aug 2007
16:19:17 +0800]

 *** Host support ***
 checking C flags dependant on host system type... ok
 *** Java compilation tools ***
 checking for javac... NONE
 checking for javac... NONE
 configure: error: javac not found

There could be two things causing this issue:

(a) You don't have a JDK installed but just a JRE which, well, just
provides the features required to run Java application but actually
lacks everything required to build Java apps from source. Solution
would be to install an up-to-date JDK.

(b) you don't have your PATH set up so your shell can't find javac.
To set this right, best is putting something like this to your shell
configuration file:

export JAVA_HOME=/path/to/your/jdk
export PATH=$JAVA_HOME/bin:$PATH

(assuming a bash-like shell).


By the way you can check pretty well how things are by trying to
manually entering java or javac in your terminal, or by using

which java
which javac

to locate where these friends are. Maybe, however, you'll be better /
quicker off installing a pre-built tomcat binary. :)

Cheers,
Kristian

- -- 
Kristian Rink * http://zimmer428.net * http://flickr.com/photos/z428/
jab: [EMAIL PROTECTED] * icq: 48874445 * fon: ++49 176 2447 2771
One dreaming alone, it will be only a dream; many dreaming together
is the beginning of a new reality. (Hundertwasser)
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsueWcxBAPOA1m6wRAjF9AJ92sDDUMX4+rLplBn7GNtxvS2j2JQCdE4yk
Psy9OUqGng9xy3pXOdKFaVM=
=woaR
-END PGP SIGNATURE-