Yes the tomcat should be run as a back-end server (AJP) with apache2-2.2.21. I have add to the catalina.policy following permission: permission javax.management.MBeanServerPermission "createMBeanServer"; permission javax.management.MBeamPermission "com.javamonitor.mbeans.*","*"; permission javax.management.MBeanTrustPermission "register"; permission javax.management.MBeanServerPermission "findMBeanServer"; permission java.net.SocketPermission "java-monitor.com:80", "connect"; permission java.net.SocketPermission "java-monitor.com:80", "resolve";
In the log of catalina.out I see: log4j:WARN No appenders could be found for logger (org.apache.catalina.startup.Embedded). log4j:WARN Please initialize the log4j system properly. But as in ps -ef | grep java and lsof -i | grep java I did not see any 8009 and 8005 port or even that tomcat5 is not starting. Where could be a problem? Dne 7. listopadu 2011 12:29 André Warnier <a...@ice-sa.com> napsal(a): > Petr Hracek wrote: >> >> Dear tomcat users, >> >> I have try to configure my really old tomcat5 configuration (for using >> -security). >> but tomcat is not running. > > Petr, > can you be a bit more specific ? what is not running ? does it start ? does > it crash after starting ? is it just not answering requests ? are there > error messages anywhere ? > > On my system tomcat5 is run only as servlet >> >> engine and not as web server. >> > Do you mean for example that it runs as a back-end server (through AJP > e.g.), with a front-end webserver serving all static content ? > > > >> Do you have any example catalina.policy file? >> My catalina.policy file is: >> // ========== SYSTEM CODE PERMISSIONS >> ========================================= >> >> >> // These permissions apply to javac >> grant codeBase "file:${java.home}/lib/-" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to all shared system extensions >> grant codeBase "file:${java.home}/jre/lib/ext/-" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to javac when ${java.home] points at >> $JAVA_HOME/jre >> grant codeBase "file:${java.home}/../lib/-" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to all shared system extensions when >> // ${java.home} points at $JAVA_HOME/jre >> grant codeBase "file:${java.home}/lib/ext/-" { >> permission java.security.AllPermission; >> }; >> // ========== CATALINA CODE PERMISSIONS >> ======================================= >> >> >> // These permissions apply to the launcher code >> grant codeBase "file:${catalina.home}/bin/commons-launcher.jar" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to the daemon code >> grant codeBase "file:${catalina.home}/bin/commons-daemon.jar" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to the commons-logging API >> grant codeBase "file:${catalina.home}/bin/commons-logging-api-1.1.1.jar" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to the server startup code >> grant codeBase "file:${catalina.home}/bin/bootstrap.jar" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to the JMX server >> grant codeBase "file:${catalina.home}/bin/jmx.jar" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to JULI >> grant codeBase "file:${catalina.home}/bin/tomcat-juli.jar" { >> permission java.util.PropertyPermission >> "java.util.logging.config.class", "read"; >> permission java.util.PropertyPermission >> "java.util.logging.config.file", "read"; >> permission java.io.FilePermission >> "${java.home}${file.separator}lib${file.separator}logging.properties", >> "read"; >> permission java.lang.RuntimePermission "shutdownHooks"; >> permission java.io.FilePermission >> >> "${catalina.base}${file.separator}conf${file.separator}logging.properties", >> "read"; >> permission java.util.PropertyPermission "catalina.base", "read"; >> permission java.util.logging.LoggingPermission "control"; >> permission java.io.FilePermission >> "${catalina.base}${file.separator}logs", "read, write"; >> permission java.io.FilePermission >> "${catalina.base}${file.separator}logs${file.separator}*", "read, >> write"; >> permission java.lang.RuntimePermission "getClassLoader"; >> // To enable per context logging configuration, permit read >> access to the appropriate file. >> // Be sure that the logging configuration is secure before >> enabling such access >> // eg for the examples web application: >> // permission java.io.FilePermission >> >> "${catalina.base}${file.separator}webapps${file.separator}examples${file.separator}WEB-INF${file.separator}classes${file.separator}logging.properties", >> "read"; >> }; >> >> // These permissions apply to the servlet API classes >> // and those that are shared across all class loaders >> // located in the "common" directory >> grant codeBase "file:${catalina.home}/common/-" { >> permission java.security.AllPermission; >> }; >> >> // These permissions apply to the container's core code, plus any >> additional >> // libraries installed in the "server" directory >> grant codeBase "file:${catalina.home}/server/-" { >> permission java.security.AllPermission; >> }; >> >> // The permissions granted to the balancer WEB-INF/classes and >> WEB-INF/lib directory >> grant codeBase "file:${catalina.home}/webapps/balancer/-" { >> permission java.lang.RuntimePermission >> "accessClassInPackage.org.apache.tomcat.util.digester"; >> permission java.lang.RuntimePermission >> "accessClassInPackage.org.apache.tomcat.util.digester.*"; >> }; >> // ========== WEB APPLICATION PERMISSIONS >> ===================================== >> >> >> // These permissions are granted by default to all web applications >> // In addition, a web application will be given a read FilePermission >> // and JndiPermission for all files and directories in its document root. >> grant { >> // Required for JNDI lookup of named JDBC DataSource's and >> // javamail named MimePart DataSource used to send mail >> permission java.util.PropertyPermission "java.home", "read"; >> permission java.util.PropertyPermission "java.naming.*", "read"; >> permission java.util.PropertyPermission "javax.sql.*", "read"; >> >> // OS Specific properties to allow read access >> permission java.util.PropertyPermission "os.name", "read"; >> permission java.util.PropertyPermission "os.version", "read"; >> permission java.util.PropertyPermission "os.arch", "read"; >> permission java.util.PropertyPermission "file.separator", "read"; >> permission java.util.PropertyPermission "path.separator", "read"; >> permission java.util.PropertyPermission "line.separator", "read"; >> >> // JVM properties to allow read access >> permission java.util.PropertyPermission "java.version", "read"; >> permission java.util.PropertyPermission "java.vendor", "read"; >> permission java.util.PropertyPermission "java.vendor.url", "read"; >> permission java.util.PropertyPermission "java.class.version", "read"; >> permission java.util.PropertyPermission >> "java.specification.version", "read"; >> permission java.util.PropertyPermission "java.specification.vendor", >> "read"; >> permission java.util.PropertyPermission "java.specification.name", >> "read"; >> >> permission java.util.PropertyPermission >> "java.vm.specification.version", "read"; >> permission java.util.PropertyPermission >> "java.vm.specification.vendor", "read"; >> permission java.util.PropertyPermission >> "java.vm.specification.name", "read"; >> permission java.util.PropertyPermission "java.vm.version", "read"; >> permission java.util.PropertyPermission "java.vm.vendor", "read"; >> permission java.util.PropertyPermission "java.vm.name", "read"; >> >> // Required for OpenJMX >> permission java.lang.RuntimePermission "getAttribute"; >> >> // Allow read of JAXP compliant XML parser debug >> permission java.util.PropertyPermission "jaxp.debug", "read"; >> >> // Precompiled JSPs need access to this package. >> permission java.lang.RuntimePermission >> "accessClassInPackage.org.apache.jasper.runtime"; >> permission java.lang.RuntimePermission >> "accessClassInPackage.org.apache.jasper.runtime.*"; >> >> // Precompiled JSPs need access to this system property. >> permission java.util.PropertyPermission >> "org.apache.jasper.runtime.BodyContentImpl.LIMIT_BUFFER", "read"; >> }; >> >> >> My server.xml configuration file is: >> <?xml version="1.0" encoding="UTF-8"?> >> <!-- >> Licensed to the Apache Software Foundation (ASF) under one or more >> contributor license agreements. See the NOTICE file distributed with >> this work for additional information regarding copyright ownership. >> The ASF licenses this file to You under the Apache License, Version 2.0 >> (the "License"); you may not use this file except in compliance with >> the License. You may obtain a copy of the License at >> >> http://www.apache.org/licenses/LICENSE-2.0 >> >> Unless required by applicable law or agreed to in writing, software >> distributed under the License is distributed on an "AS IS" BASIS, >> WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. >> See the License for the specific language governing permissions and >> limitations under the License. >> --> >> >> <Server port="8005" shutdown="SHUTDOWN"> >> >> <Listener className="org.apache.catalina.core.AprLifecycleListener" /> >> <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" >> /> >> <Listener >> className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" >> /> >> <Listener >> className="org.apache.catalina.storeconfig.StoreConfigLifecycleListener"/> >> >> <!-- Global JNDI resources --> >> <GlobalNamingResources> >> >> <!-- Test entry for demonstration purposes --> >> <Environment name="simpleValue" type="java.lang.Integer" value="30"/> >> >> <!-- Editable user database that can also be used by >> UserDatabaseRealm to authenticate users --> >> <Resource name="UserDatabase" auth="Container" >> type="org.apache.catalina.UserDatabase" >> description="User database that can be updated and saved" >> factory="org.apache.catalina.users.MemoryUserDatabaseFactory" >> pathname="conf/tomcat-users.xml" /> >> >> </GlobalNamingResources> >> >> <!-- Define the Tomcat Stand-Alone Service --> >> <Service name="Catalina"> >> >> <!-- Define a non-SSL HTTP/1.1 Connector on port 8080 --> >> <Connector port="8080" maxHttpHeaderSize="8192" >> maxThreads="150" minSpareThreads="25" maxSpareThreads="75" >> enableLookups="false" redirectPort="8443" acceptCount="100" >> connectionTimeout="20000" disableUploadTimeout="true" /> >> <!-- Note : To disable connection timeouts, set connectionTimeout value >> to 0 --> >> >> <!-- Define an AJP 1.3 Connector on port 8009 --> >> <Connector port="8009" >> enableLookups="false" redirectPort="8443" >> protocol="AJP/1.3" address="127.0.0.1" /> >> >> <!-- Define a Proxied HTTP/1.1 Connector on port 8082 --> >> <!-- See proxy documentation for more information about using this. --> >> <Engine name="Catalina" defaultHost="localhost"> >> >> <Realm className="org.apache.catalina.realm.UserDatabaseRealm" >> resourceName="UserDatabase"/> >> >> <!-- Define the default virtual host >> Note: XML Schema validation will not work with Xerces 2.2. >> --> >> <Host name="localhost" appBase="webapps" >> unpackWARs="true" autoDeploy="true" >> xmlValidation="false" xmlNamespaceAware="false"> >> >> >> <!-- >> <Valve className="org.apache.catalina.authenticator.SingleSignOn" >> /> >> --> >> >> <!-- >> <Valve className="org.apache.catalina.valves.AccessLogValve" >> directory="logs" prefix="localhost_access_log." >> suffix=".txt" >> pattern="common" resolveHosts="false"/> >> --> >> <!-- >> <Valve >> className="org.apache.catalina.valves.FastCommonAccessLogValve" >> directory="logs" prefix="localhost_access_log." >> suffix=".txt" >> pattern="common" resolveHosts="false"/> >> --> >> </Host> >> >> </Engine> >> >> </Service> >> >> </Server> >> >> Thank you in advance. >> If any logs will be need I can provide of course. >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > > -- Best Regards / S pozdravem Petr Hracek --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org