Re: help on a publication
I have this failure inside the log, when i am trying to see the context in the navigator.. i can solve this only fixing up the X Window ? I thought X Window had nothing to do with this could be another thing? thank you 2005-10-06 19:32:32 StandardContext[/alovmap]Context initialized 58 2005-10-06 19:32:32 StandardContext[/alovmap]Exception starting filter ogcFilter 59 java.lang.NoClassDefFoundError 60 at java.lang.Class.forName0(Native Method) 61 at java.lang.Class.forName(Class.java:141) 62 at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment( GraphicsEnvironment.java:62) 63 at java.awt.Font.initializeFont(Font.java:308) 64 at java.awt.Font.init(Font.java:344) 65 at org.alov.map.MapUtils.clinit(MapUtils.java:116) 66 at org.alov.serv.OGC_Filter.init(OGC_Filter.java:179) 67 at org.apache.catalina.core.ApplicationFilterConfig.getFilter( ApplicationFilterConfig.java:225) 68 at org.apache.catalina.core.ApplicationFilterConfig.setFilterDef( ApplicationFilterConfig.java:308) 69 at org.apache.catalina.core.ApplicationFilterConfig.init( ApplicationFilterConfig.java:79) 70 at org.apache.catalina.core.StandardContext.filterStart( StandardContext.java:3702) 71 at org.apache.catalina.core.StandardContext.start(StandardContext.java :4329) 72 at org.apache.catalina.core.ContainerBase.addChildInternal( ContainerBase.java:823) 73 at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java :807) 74 at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:595) 75 at org.apache.catalina.core.StandardHostDeployer.install( StandardHostDeployer.java:277) 76 at org.apache.catalina.core.StandardHost.install(StandardHost.java:832) 77 at org.apache.catalina.startup.HostConfig.deployDirectories( HostConfig.java:701) 78 at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:432) 79 at org.apache.catalina.startup.HostConfig.start(HostConfig.java:983) 80 at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java :349) 81 at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent( LifecycleSupport.java:119) 82 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1091) 83 at org.apache.catalina.core.StandardHost.start(StandardHost.java:789) 84 at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1083) 85 at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:478) 86 at org.apache.catalina.core.StandardService.start(StandardService.java :480) 87 at org.apache.catalina.core.StandardServer.start(StandardServer.java :2313) 88 at org.apache.catalina.startup.Catalina.start(Catalina.java:556) 89 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 90 at sun.reflect.NativeMethodAccessorImpl.invoke( NativeMethodAccessorImpl.java:39) 91 at sun.reflect.DelegatingMethodAccessorImpl.invoke( DelegatingMethodAccessorImpl.java:25) 92 at java.lang.reflect.Method.invoke(Method.java:324) 93 at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:287) 94 at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:425) 2005/10/6, Hugo Osorio [EMAIL PROTECTED]: here the is what i have done, what could be the reason because this app is not showing up thank you in advance for your help -- by oxygene27 on 2005/10/04 16:39 Hi everybody again, please help, Is it necessary to have the database up, for having the webapp visible in tomcat? it's just that i have chose as a name mapserv BUT i cannot see my publication, it is in $TOMCAT_HOME/webapps/mapserv I have done 1. Create a dir in [TOMCAT_HOME]/webapps. 2. Unzip the distribution zip file into this folder. 3. i have created in mysql the database, running the script .sql 4. i have copied the mm.(connector JDBC).jar into the WEB-INF/lib directory 5. i have restarted Tomcat. and go to : http://myhost:8080/mapserv/index.html and appears like nothing exist :S does not appears anything, like a wrong application what can I do? by artem on 2005/10/04 21:37 1) Verify that the path to index database (clearinghouse) is correct. Open WEB-INF/mapserv-home/mapserv.xml. Check the section database user=root password= url=jdbc:mysql://localhost/alov driver=com.mysql.jdbc.Driver server=MySQL/ 2) Verify that SQL server is up. 3) Verify that web.xml in the WEB-INF The best way to check database is to enter into admin zone. http://localhost:8080/map/pump If Tomcat and our server are installed correctly you have to see the login screen. If connection to clearinghouse database is correct after login you won't see the error message. by oxygene27 on 2005/10/05 17:58 thank you, i have followed your indications, but i can't see the webapp yet, i dont know what's happening... all the servers are up, and the publication is its right place, this is the message i get: - HTTP Status 404 - /alovmap/index.html type Status report message /alovmap/index.html description The
RE: help on a publication
The reference in your stacktrace might be an indicator that you are not running tomcat in 'headless' mode. And now I understand from where the by so-and-so on such-and-such came from in your original email. Check out http://alov.org/topic.do?t_id=369 by artem on 2004/02/18 02:54 Make sure that java on your server is 1.3 or higher. To work in headless environment (without X server) you have to add the following line in your catalina.sh CATALINA_OPTS=-Djava.awt.headless=true $CATALINA_OPTS -Original Message- From: Hugo Osorio [mailto:[EMAIL PROTECTED] Sent: Thursday, October 06, 2005 5:15 PM To: Tomcat Users List Subject: Re: help on a publication I have this failure inside the log, when i am trying to see the context in the navigator.. i can solve this only fixing up the X Window ? I thought X Window had nothing to do with this could be another thing? thank you 2005-10-06 19:32:32 StandardContext[/alovmap]Context initialized 58 2005-10-06 19:32:32 StandardContext[/alovmap]Exception starting filter ogcFilter 59 java.lang.NoClassDefFoundError 60 at java.lang.Class.forName0(Native Method) 61 at java.lang.Class.forName(Class.java:141) 62 at java.awt.GraphicsEnvironment.getLocalGraphicsEnvironment( GraphicsEnvironment.java:62) 63 at java.awt.Font.initializeFont(Font.java:308) 64 at java.awt.Font.init(Font.java:344) 65 at org.alov.map.MapUtils.clinit(MapUtils.java:116) 66 at org.alov.serv.OGC_Filter.init(OGC_Filter.java:179) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help customize socket options ??
Is there any way to customize some of the socket options used by tomcat ?? I would like to add the so_reuseaddr option to the sockets created by tomcat - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: help with stupid cvs proxy question ??
C:\tomcat-sourceant checkout Buildfile: build.xml checkout: [echo] If the checkout fails, run `cvs -d :pserver:[EMAIL PROTECTED]:/ home/cvspublic login` and try again. The password for the anonymous CVS access i s `anoncvs` [cvs] cvs [checkout aborted]: connect to cvs.apache.org:2401 failed: A con nection attempt failed because the connected party did not properly respond afte r a period of time, or established connection failed because connected host has failed to respond. Terminate batch job (Y/N)? y C:\tomcat-sourcecvs -d :pserver;proxy=caproxy.ca.com;proxyport=80:[EMAIL PROTECTED] he.org:/home/cvspublic login Logging in to :pserver:[EMAIL PROTECTED]:2401:/home/cvspublic CVS password: *** cvs [login aborted]: Proxy server requires authentication C:\tomcat-source How do I access cvs when my proxy server requires authentication Stephen Bovy Computer Associates 6100 Center Drive Suite 700 Los Angeles, CA 90045 Tel: (310) 957-3930 Fax: (310) 957-3917 e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help with embedded tomcat's webapp classloader
Donald Ball wrote: everything works okay but my webapp fails on initialization, with a NoClassDefFoundError on net.sf.hibernate.HibernateException. this is somewhat surprising given that hibernate.jar lives in the webapp's WEB-INF/lib directory. is there some additional configuration i need to do on my embedded Context object to force it to act like a normal tomcat webapp Context? do i perhaps need to ensure the webapp directory structure is in place before constructing my Tomcat instance? (that is to say, are the contents of WEB-INF/lib examined when the Context is created and/or added to the Host, or when tomcat is started?) i worked around this issue by simply adding the classpath resources under WEB-INF to the classpath of the swt application in which tomcat is embedded. not a very elegant solution, but it'll do for the moment. now i find that jsp files cannot be compiled because Jasper is unable to find a javac compiler; com.sun.tools.javac.Main is not on the classpath. ought i hunt down tools.jar and add that to my classpath manually as well, or can someone point me towards some documentation w.r.t. configuring embedded tomcat's webapp classloaders? i'm frankly unable to tell if this behavior is expected and i'm supposed to be manually doing some extra initialiation work on my Context, or if this is unusual behavior and i'm doing something wrong? any suggestions? - donald - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help figuring out Virtual Hosts
You can use multiple hosttags in the server.xml, each with their own context. As described here http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/host.html One or more Host elements are nested inside an Engine element. Inside the Host element, you can nest Context elements for the web applications associated with this virtual host. Exactly one of the Hosts associated with each Engine MUST have a name matching the defaultHost attribute of that Engine. You give each application its own host and it should work fine. You can also use alias tags inside a host tag if you want an application to be available for multiple hosts. Jilles Dola Woolfe wrote: Hi, I've certainly RTFM'd and had thoroughly read http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/host.html#Host%20Name%20Aliases but I just can't figure out how to get virtual servers to work. Basically, assume that DNS is set up properly and that ServerA.com ServerB.com and Server.com resolve to the same IP. Now, I want ServerA.com to go to Server.com/MyAppA/index.jsp and ServerB.com to go to Server.com/MyAppB/index.jsp. This, in my mind is sort of like how Apache lets you do it, where of course it takes advantage of the convention of index.html being the default destination. OK, how do I achieve this with Tomcat? Could anyone please provide a specific example? Many thanks, Dola __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help figuring out Virtual Hosts
Dola, I believe in order to serve static content you'll need to create a context XML file. I just posted an email outlining how I was able to get virtual hosting working. An additional step in your case would be to create a file [TOMCAT]/conf/Catalina/servera.com/ROOT.xml and include a context definition. The your content would reside in the [TOMCAT]/webapps-servera.com directory. Bernie -Original Message- From: Dola Woolfe [mailto:[EMAIL PROTECTED] Sent: Friday, September 16, 2005 2:44 PM To: Tom Cat Subject: Help figuring out Virtual Hosts Hi, I've certainly RTFM'd and had thoroughly read http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/host.ht ml#Host%20Name%20Aliases but I just can't figure out how to get virtual servers to work. Basically, assume that DNS is set up properly and that ServerA.com ServerB.com and Server.com resolve to the same IP. Now, I want ServerA.com to go to Server.com/MyAppA/index.jsp and ServerB.com to go to Server.com/MyAppB/index.jsp. This, in my mind is sort of like how Apache lets you do it, where of course it takes advantage of the convention of index.html being the default destination. OK, how do I achieve this with Tomcat? Could anyone please provide a specific example? Many thanks, Dola __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap
CVS head now includes an improvement: 1) If the directory containing tomcat-users.xml is not writeable you will get a nice warning instead of a strange exception. 2) You can configure the MemoryUserDatabase with the attribute readonly=true. Then there will be not write attempt at all. Details under http://issues.apache.org/bugzilla/show_bug.cgi?id=36020 Will be included in 5.5.11 most probably sometime during august. MC Moisei wrote: Hi, I manage to configure my tomcat with jsvc(common-daemon) and everything work great till I start to launch it as root. If I run it as tomcat user it does work great. If I try to run it as root from command prompt or from init.d I get the following exception ( see below ) Right are given as below chown -R tomcat:tomcat /usr/local/tomcat chown -R root:root /usr/local/tomcat/bin chown -R root:root /usr/local/tomcat/common This is not right - looks like the bootstrap is trying to access the Realm and there is no write access to the conf/tomcat-users.xml file. I can't believe the common-daemon not tomcat side didn't say a thing about this, I bet there are others experiencing the matter. Do i have to disable Tomcat realms ? It doesn't sounds right. There is no way I'd give others write access on that. Looking forward to hear from you if you experienced something similar. Thanks, MC Aug 1, 2005 7:23:15 PM org.apache.naming.NamingContext lookup WARNING: Unexpected exception resolving reference java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.init(FileOutputStream.java:179) at java.io.FileOutputStream.init(FileOutputStream.java:131) at org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:462) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:301) at org.apache.naming.NamingContext.lookup(NamingContext.java:792) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:138) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:108) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(GlobalResourcesLifecycleListener.java:80) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start(StandardServer.java:676) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) Aug 1, 2005 7:23:15 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans SEVERE: Exception processing Global JNDI Resources - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
Thanks Rainer! Meanwhile what I did was to give root access to the conf folder.That worked as a charm. Right/Owner are chown -R tomcat:tomcat /usr/local/tomcat chown -R root:root /usr/local/tomcat/bin chown -R root:root /usr/local/tomcat/common chown -R root:root /usr/local/tomcat/conf Having it in the memory is a much better way. I'm looking forward to get the 5.5.11 release then. MC From: Rainer Jung [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Thu, 04 Aug 2005 15:22:19 +0200 CVS head now includes an improvement: 1) If the directory containing tomcat-users.xml is not writeable you will get a nice warning instead of a strange exception. 2) You can configure the MemoryUserDatabase with the attribute readonly=true. Then there will be not write attempt at all. Details under http://issues.apache.org/bugzilla/show_bug.cgi?id=36020 Will be included in 5.5.11 most probably sometime during august. MC Moisei wrote: Hi, I manage to configure my tomcat with jsvc(common-daemon) and everything work great till I start to launch it as root. If I run it as tomcat user it does work great. If I try to run it as root from command prompt or from init.d I get the following exception ( see below ) Right are given as below chown -R tomcat:tomcat /usr/local/tomcat chown -R root:root /usr/local/tomcat/bin chown -R root:root /usr/local/tomcat/common This is not right - looks like the bootstrap is trying to access the Realm and there is no write access to the conf/tomcat-users.xml file. I can't believe the common-daemon not tomcat side didn't say a thing about this, I bet there are others experiencing the matter. Do i have to disable Tomcat realms ? It doesn't sounds right. There is no way I'd give others write access on that. Looking forward to hear from you if you experienced something similar. Thanks, MC Aug 1, 2005 7:23:15 PM org.apache.naming.NamingContext lookup WARNING: Unexpected exception resolving reference java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) at java.io.FileOutputStream.init(FileOutputStream.java:179) at java.io.FileOutputStream.init(FileOutputStream.java:131) at org.apache.catalina.users.MemoryUserDatabase.save(MemoryUserDatabase.java:462) at org.apache.catalina.users.MemoryUserDatabaseFactory.getObjectInstance(MemoryUserDatabaseFactory.java:98) at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:129) at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:301) at org.apache.naming.NamingContext.lookup(NamingContext.java:792) at org.apache.naming.NamingContext.lookup(NamingContext.java:152) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:138) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.createMBeans(GlobalResourcesLifecycleListener.java:108) at org.apache.catalina.mbeans.GlobalResourcesLifecycleListener.lifecycleEvent(GlobalResourcesLifecycleListener.java:80) at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119) at org.apache.catalina.core.StandardServer.start(StandardServer.java:676) at org.apache.catalina.startup.Catalina.start(Catalina.java:537) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.commons.daemon.support.DaemonLoader.start(DaemonLoader.java:218) Aug 1, 2005 7:23:15 PM org.apache.catalina.mbeans.GlobalResourcesLifecycleListener createMBeans SEVERE: Exception processing Global JNDI Resources - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL
Re: Help with a Class
Yep...simple example of a class as a wrapper around the Integer class. Syntax way off and looks more like you're trying to do it in a JSP page where you would do it in a library. So surejust read a good java book for syntax and maybe some of the java tutorial and you can get all the info you need at java.sun.com and www.java.net and if you need a good free IDE www.netbeans.org. Don't know what else to say really. Java uses patterns so you have methods setTest1 and getTest1 which is what you would do in C++ with the same pattern style for setters and getters as C++ doesn't have any simpler syntax than java for setters and getters. Maybe to say java scripting languages and EL in JSP pages let you access the properties directly like Integer temp2 = temp.test1 and temp.test1 = new Integer(4) so other than that I don't know what else to say without trying to explain java itself. Wade --- Charles P. Killmer [EMAIL PROTECTED] wrote: Does Java provide any ability to do something like the following. C# and C++ both allow this functionlality and I am hoping that Java does as well %! public class myInteger { private Integer _test1; public Integer test1 { set { _test1 = value; } get { return _test1; } } } % % myInteger temp = new myInteger; temp.test1 = new Integer(4); % Charles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap
MC Moisei wrote: java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) This smells like its calling for write access to the DIRECTORY /usr/local/tomcat/tomcat_home/conf/ (not the file) Unless you have a left over file that is actually called conf/tomcat-users.xml.new from a previous execution of TC that did not complete the edit and rename. In which case I think you need to delete the conf/tomcat-users.xml.new file (after you've ensured you have a valid and working conf/tomcat-users.xml file itself). FYI - I run jsvc too and have not seen this problem with 5.5.9. jsvc.exec -Djava.endorsed.dirs=./common/endorsed -classpath :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/bin/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp -outfile ./logs/catalina.out -errfile ./logs/catalina.err -pidfile ./logs/jsvc.pid -user jakarta -Xmx2048M -Xms512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start -- Darryl L. Miles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
Interesting, Thanks Darryl for sharing. So you run 5.5.9 and no problem huh ? What's the access given for the tomcat structure ? I'm interested in particular on that conf folder. I can run it fine too but not as root and root has no write access to the conf folder. How is your set up ? BTW that .new extension looked strange to me too. I cannot explain it - didn't look yet in TC source code. Here's the way I call the jsvc JAVA_HOME=/usr/local/java_home CATALINA_HOME=/usr/local/tomcat/tomcat_home TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS= CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $CATALINA_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar:\ $CATALINA_HOME/bin/mx4j-jmx.jar:\ $CATALINA_HOME/bin/mx4j.jar:\ $CATALINA_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina-daemon.out \ -errfile $CATALINA_HOME/logs/catalina-daemon.err \ $CATALINA_OPTS \ -cp $CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar org.apache.catalina.startup.Bootstrap Did you have any issues while installing jsvc ? Thanks again, MC http://www.goodstockimages.com From: Darryl L. Miles [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Tue, 02 Aug 2005 08:01:36 +0100 MC Moisei wrote: java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) This smells like its calling for write access to the DIRECTORY /usr/local/tomcat/tomcat_home/conf/ (not the file) Unless you have a left over file that is actually called conf/tomcat-users.xml.new from a previous execution of TC that did not complete the edit and rename. In which case I think you need to delete the conf/tomcat-users.xml.new file (after you've ensured you have a valid and working conf/tomcat-users.xml file itself). FYI - I run jsvc too and have not seen this problem with 5.5.9. jsvc.exec -Djava.endorsed.dirs=./common/endorsed -classpath :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/bin/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp -outfile ./logs/catalina.out -errfile ./logs/catalina.err -pidfile ./logs/jsvc.pid -user jakarta -Xmx2048M -Xms512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start -- Darryl L. Miles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Boots
For some reason during startup tomcat writes (!) the file tomcat-users.xml. It does it in the way that it writes to tomcat-users.xml.new and then renames that file to tomcat-users.xml. At least that's what was in the 5.0 code. I assume that didn't change with 5.5. As a consequence the user running tomcat needs write access to the directory the tomcat-users.xml file is in. If you don't like the idea of giving that runtime user write access to the conf directory, you can configure tomcat-users.xml inside server.xml to be in some other directory - which then is the one that needs write access. As far as I know, there is no workaround for that at the moment (except for choosing another user realm). Interesting, Thanks Darryl for sharing. So you run 5.5.9 and no problem huh ? What's the access given for the tomcat structure ? I'm interested in particular on that conf folder. I can run it fine too but not as root and root has no write access to the conf folder. How is your set up ? BTW that .new extension looked strange to me too. I cannot explain it - didn't look yet in TC source code. Here's the way I call the jsvc JAVA_HOME=/usr/local/java_home CATALINA_HOME=/usr/local/tomcat/tomcat_home TOMCAT_USER=tomcat TMP_DIR=/var/tmp CATALINA_OPTS= CLASSPATH=\ $JAVA_HOME/lib/tools.jar:\ $CATALINA_HOME/bin/commons-daemon.jar:\ $CATALINA_HOME/bin/bootstrap.jar:\ $CATALINA_HOME/bin/mx4j-jmx.jar:\ $CATALINA_HOME/bin/mx4j.jar:\ $CATALINA_HOME/bin/jsvc \ -user $TOMCAT_USER \ -home $JAVA_HOME \ -Dcatalina.home=$CATALINA_HOME \ -Djava.io.tmpdir=$TMP_DIR \ -outfile $CATALINA_HOME/logs/catalina-daemon.out \ -errfile $CATALINA_HOME/logs/catalina-daemon.err \ $CATALINA_OPTS \ -cp $CLASSPATH:$CATALINA_HOME/bin/bootstrap.jar:$CATALINA_HOME/bin/commons-daemon.jar org.apache.catalina.startup.Bootstrap Did you have any issues while installing jsvc ? Thanks again, MC http://www.goodstockimages.com From: Darryl L. Miles [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: HELP: Tomcat 5.5.9 with jsvc as low priviledges user on Linux fails in Bootstrap Date: Tue, 02 Aug 2005 08:01:36 +0100 MC Moisei wrote: java.io.FileNotFoundException: /usr/local/tomcat/tomcat_home/conf/tomcat-users.xml.new (Permission denied) at java.io.FileOutputStream.open(Native Method) This smells like its calling for write access to the DIRECTORY /usr/local/tomcat/tomcat_home/conf/ (not the file) Unless you have a left over file that is actually called conf/tomcat-users.xml.new from a previous execution of TC that did not complete the edit and rename. In which case I think you need to delete the conf/tomcat-users.xml.new file (after you've ensured you have a valid and working conf/tomcat-users.xml file itself). FYI - I run jsvc too and have not seen this problem with 5.5.9. jsvc.exec -Djava.endorsed.dirs=./common/endorsed -classpath :/opt/jakarta-tomcat-5.5.9/bin/bootstrap.jar:/opt/jakarta-tomcat-5.5.9/bin/commons-logging-api.jar -Dcatalina.base=/opt/jakarta-tomcat-5.5.9 -Dcatalina.home=/opt/jakarta-tomcat-5.5.9 -Djava.io.tmpdir=/opt/jakarta-tomcat-5.5.9/temp -outfile ./logs/catalina.out -errfile ./logs/catalina.err -pidfile ./logs/jsvc.pid -user jakarta -Xmx2048M -Xms512M -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager org.apache.catalina.startup.Bootstrap start -- Darryl L. Miles - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help in setting up
thankx htmlDIV DIVFONT color=#cc face=Lucida Handwriting, CursiveEMSTRONGIMG height=16 src=http://graphics.hotmail.com/emarrow_right.gif; width=16Ganesan_MalairajaIMG height=16 src=http://graphics.hotmail.com/emarrow_left.gif; width=16/STRONG/EM/FONT/DIV/DIV/html From: Parsons Technical Services [EMAIL PROTECTED] Reply-To: Tomcat Users List tomcat-user@jakarta.apache.org To: Tomcat Users List tomcat-user@jakarta.apache.org Subject: Re: help in setting up Date: Wed, 29 Jun 2005 01:52:39 -0400 It depends: 5.5.x only needs JRE 5.0.x and earlier versions needs full JDK As for version I recommend Java 1.5 and it is required for the 5.5.x version unless you use the compatibility patch for 1.4 Doug - Original Message - From: ganesan malairaja [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Tuesday, June 28, 2005 11:42 PM Subject: help in setting up hi guys i know that to settup tomcat , there no need for apache i wanna know what java i should use is it j2dk or j2ee because i saw some example that uses both.. i am going to run JSP to retrieve info from database i need guide on how to setup tomcat .. ie what java version i shoud use. any links also would be helpfull .. consider a newbie case thanks guys .. ur help is appreaciated. htmlDIV DIVFONT color=#cc face=Lucida Handwriting, CursiveEMSTRONGIMG height=16 src=http://graphics.hotmail.com/emarrow_right.gif; width=16Ganesan_MalairajaIMG height=16 src=http://graphics.hotmail.com/emarrow_left.gif; width=16/STRONG/EM/FONT/DIV/DIV/html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: help in setting up
Ganesan: You can download the latest and greatest version of Tomcat, unzip it and run the batch file to start it up. That's all to it. -Original Message- From: ganesan malairaja [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 28, 2005 11:42 PM To: tomcat-user@jakarta.apache.org Subject: help in setting up hi guys i know that to settup tomcat , there no need for apache i wanna know what java i should use is it j2dk or j2ee because i saw some example that uses both.. i am going to run JSP to retrieve info from database i need guide on how to setup tomcat .. ie what java version i shoud use. any links also would be helpfull .. consider a newbie case thanks guys .. ur help is appreaciated. htmlDIV DIVFONT color=#cc face=Lucida Handwriting, CursiveEMSTRONGIMG height=16 src=http://graphics.hotmail.com/emarrow_right.gif; width=16Ganesan_MalairajaIMG height=16 src=http://graphics.hotmail.com/emarrow_left.gif; width=16/STRONG/EM/FONT/DIV/DIV/html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help in setting up
I use JDK. On 6/29/05, ganesan malairaja [EMAIL PROTECTED] wrote: hi guys i know that to settup tomcat , there no need for apache i wanna know what java i should use is it j2dk or j2ee because i saw some example that uses both.. i am going to run JSP to retrieve info from database i need guide on how to setup tomcat .. ie what java version i shoud use. any links also would be helpfull .. consider a newbie case thanks guys .. ur help is appreaciated. htmlDIV DIVFONT color=#cc face=Lucida Handwriting, CursiveEMSTRONGIMG height=16 src=http://graphics.hotmail.com/emarrow_right.gif; width=16Ganesan_MalairajaIMG height=16 src=http://graphics.hotmail.com/emarrow_left.gif; width=16/STRONG/EM/FONT/DIV/DIV/html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help in setting up
It depends: 5.5.x only needs JRE 5.0.x and earlier versions needs full JDK As for version I recommend Java 1.5 and it is required for the 5.5.x version unless you use the compatibility patch for 1.4 Doug - Original Message - From: ganesan malairaja [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Tuesday, June 28, 2005 11:42 PM Subject: help in setting up hi guys i know that to settup tomcat , there no need for apache i wanna know what java i should use is it j2dk or j2ee because i saw some example that uses both.. i am going to run JSP to retrieve info from database i need guide on how to setup tomcat .. ie what java version i shoud use. any links also would be helpfull .. consider a newbie case thanks guys .. ur help is appreaciated. htmlDIV DIVFONT color=#cc face=Lucida Handwriting, CursiveEMSTRONGIMG height=16 src=http://graphics.hotmail.com/emarrow_right.gif; width=16Ganesan_MalairajaIMG height=16 src=http://graphics.hotmail.com/emarrow_left.gif; width=16/STRONG/EM/FONT/DIV/DIV/html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help/Examples setting up security settings
Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 6:37 PM To: Tomcat Users List Subject: Re: Help/Examples setting up security settings As Mark indicated in another post, the first problem you need to resolve is how you have installed your webapp. ROOT is itself a webapp, and although it might seem right that you want to put your webapp under it, that isn't the case. Move SPID_JSP to /webapps and you should be all set. One other thing I see is you are missing security role definitions in your web.xml. You'll want to add something like this: security-role descriptionspid_jsp/description role-namespid_jsp/role-name /security-role The role-name element maps to the role you created in tomcat-users.xml, and also maps to the security constraint's role-name element, as you already have. One other thing... the order of elements in web.xml is usually important. I think newer versions of Tomcat allow you to put things in any order you want (as one would expect with XML!), but earlier versions had a more restrictive DTD. You should see an error message when you start Tomcat if this is going to be a problem. Just wanted to warn you about it is you see it later. Frank Gagnon, Joseph M (US SSA) wrote: OK, now I'm more confused. First some background (for those of you who haven't seen the entire history). 1.I have defined a role and added myself as a user in that role to the tomcat-users.xml file (in [tomcat install dir]/conf). The role is defined as spid_jsp. (SPID is just the name of an existing application that contains ASP files that I would like to test converting to JSP.) 2.I have placed a WEB-INF directory under my test application directory ([tomcat install dir]/webapps/ROOT/SPID_JSP) and put a web.xml file in it. (SPID_JSP is where the JSP and HTML files reside.) 3.That web.xml file contains the following: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSPID JSP Test/display-name descriptionSPID JSP Test/description
RE: Help/Examples setting up security settings2
Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 6:37 PM To: Tomcat Users List Subject: Re: Help/Examples setting up security settings As Mark indicated in another post, the first problem you need to resolve is how you have installed your webapp. ROOT is itself a webapp, and although it might seem right that you want to put your webapp under it, that isn't the case. Move SPID_JSP to /webapps and you should be all set. One other thing I see is you are missing security role definitions in your web.xml. You'll want to add something like this: security
RE: Help/Examples setting up security settings2
See my comments/questions below. -Original Message- From: Frank Zammetti [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 15, 2005 11:37 AM To: tomcat-user@jakarta.apache.org Subject: RE: Help/Examples setting up security settings2 Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) [Gagnon, Joseph M] What can I say, I don't know much about what I'm doing. That is a good idea. Didn't think it would matter much for such a simple test. I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. [Gagnon, Joseph M] My first thought would be that this wouldn't have anything to do with the problem, but hey, I'm certainly not the one to know. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. [Gagnon, Joseph M] How important is the leading slash? Again, not sure this is the problem, but it could be. [Gagnon, Joseph M] Hmm. That's an interesting point. I wasn't sure how the path rules worked here. (i.e. whether you need to specify from the server root (e.g. webapps) or if it was more from the specific webapp's root. From what you're saying, it's the latter. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource[Gagnon, Joseph M] I have no idea what this is., or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock
RE: Help/Examples setting up security settings2
Let's try that again so that you can see it. See my comments/questions below. -Original Message- From: Frank Zammetti [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 15, 2005 11:37 AM To: tomcat-user@jakarta.apache.org Subject: RE: Help/Examples setting up security settings2 Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) [Gagnon, Joseph M] What can I say, I don't know much about what I'm doing. That is a good idea. Didn't think it would matter much for such a simple test. I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. [Gagnon, Joseph M] My first thought would be that this wouldn't have anything to do with the problem, but hey, I'm certainly not the one to know. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. [Gagnon, Joseph M] How important is the leading slash? Again, not sure this is the problem, but it could be. [Gagnon, Joseph M] Hmm. That's an interesting point. I wasn't sure how the path rules worked here. (i.e. whether you need to specify from the server root (e.g. webapps) or if it was more from the specific webapp's root. From what you're saying, it's the latter. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource [Gagnon, Joseph M] I have no idea what this is. , or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were
Re: Help/Examples setting up security settings2
Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) [Gagnon, Joseph M] What can I say, I don't know much about what I'm doing. That is a good idea. Didn't think it would matter much for such a simple test. Not a problem, we all go through a learning phase :) I'm not sure it would matter either frankly, but it seems like it might... if you request environment.jsp, the security intercept happens and tries to redirect to login.jsp, but that itself is protected, so ANOTHER intercept happens, etc. I'm not sure that will happen mind you, but I could imagine it happening, and your caught in a loop. Even if it is smart enough to avoid it there, what happens if you enter your password wrong and it tries to go to login_error.jsp? Same thing maybe, since it's protected too. Since I don't know for sure what will happen, better to avoid the unknown I figure :) Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. [Gagnon, Joseph M] How important is the leading slash? IIRC, it is required. I don't want to say what the difference is with or without it because I'm not 100% sure it's right, but the bottom line is I am reasonably sure uit has to be there. Again, not sure this is the problem, but it could be. [Gagnon, Joseph M] Hmm. That's an interesting point. I wasn't sure how the path rules worked here. (i.e. whether you need to specify from the server root (e.g. webapps) or if it was more from the specific webapp's root. From what you're saying, it's the latter. Right, it's all context-relative, and the context is whatever webapp you are in, NOT the server root (in essence you can think there is no server root really, that will simplify it a bit... pretend whatever webapp your working on is all there is and you should be OK). Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource[Gagnon, Joseph M] I have no idea what this is., or is that set up by default? In server.xml, there is a GlobalNamingResources element... in here should be a definition for UserDatabase. I *think* it is there by default, but I was hoping someone else could confirm. There is also an engine element, and within this can be a context element, one for each webapp. It is not strictly required, but it allows you to set various things. It looks like the engine has to be made aware of the UserDatabase, via a realm element. This is Tomcat-specific stuff, and while I've hacked my way through it before, there must be someone reading this that can better guide you with this particular part of the equation. It may be set up by default, it may not, I don't know. Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help/Examples setting up security settings2
The /Simple_JSP part of the URL should be left out. Always start typing from the web-app folder. (because, who knows when you want to rename the webapp?) If you remove the /Simple_JSP part of the URLs in the web.xml, I think it will work, additionally, you should try not setting restricted access on you login/error pages... Øyvind -Opprinnelig melding- Fra: Frank Zammetti [mailto:[EMAIL PROTECTED] Sendt: 15. juni 2005 17:37 Til: tomcat-user@jakarta.apache.org Emne: RE: Help/Examples setting up security settings2 Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14
RE: Help/Examples setting up security settings2
The /Simple_JSP part of the URL should be left out. Always start typing from the web-app folder. (because, who knows when you want to rename the webapp?) If you remove the /Simple_JSP part of the URLs in the web.xml, I think it will work, additionally, you should try not setting restricted access on you login/error pages... Øyvind -Opprinnelig melding- Fra: Frank Zammetti [mailto:[EMAIL PROTECTED] Sendt: 15. juni 2005 17:37 Til: tomcat-user@jakarta.apache.org Emne: RE: Help/Examples setting up security settings2 Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14
RE: Help/Examples setting up security settings
Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 6:37 PM To: Tomcat Users List Subject: Re: Help/Examples setting up security settings As Mark indicated in another post, the first problem you need to resolve is how you have installed your webapp. ROOT is itself a webapp, and although it might seem right that you want to put your webapp under it, that isn't the case. Move SPID_JSP to /webapps and you should be all set. One other thing I see is you are missing security role definitions in your web.xml. You'll want to add something like this: security-role descriptionspid_jsp/description
RE: Help/Examples setting up security settings1
Although I don't think this is the source of your problem, it strikes me as odd to be protecting the root of your webapp when this is where the unprotected page are as well (i.e., login.jsp, login_error.html) I would suggest leaving those two in the root of the webapp, and move environment.jsp and error.jsp to a subdirectory, maybe /Simple_JSP/content or something, then of course update the security constraint to constrain that new directory. Actually, one other thing... the references to the login form and the login error page in the login-config element I believe are relative to the webapp root, so drop the Simple_JSP from the beginning of them so they are /login.jsp and /login_error.jsp respectively. Again, not sure this is the problem, but it could be. Some other things, and this is where hopefully some Tomcat folks more knowledgable than me can help... There seems to be a realm-name element for login-config as well, but I have never used it... does it apply here? I think it may be for basic auth, but I am unsure. Also, there are perhaps some other things you need to do to tell Tomcat to use security... anyone else, does Joseph need to do anything to set up the UserDatabase resource, or is that set up by default? Also, does he need to create a context for his app and perhaps set something to tell Tomcat to use security? This is stuff I am not familiar with, so hopefully someone else reading this can help. -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com On Wed, June 15, 2005 9:31 am, Gagnon, Joseph M \(US SSA\) said: Ah-ha! Everything I had read so far led me to think I needed to put everything under ROOT. I'm glad you guys pointed that out. It makes sense. In the meantime, to make things simpler, I set up another webapp without any of the SPID stuff I was talking about before. It's very simple and contains nothing more than a login page (login.jsp) and login error page (login_error.html), the environment page (environment.jsp) I mentioned before and an error page (error.jsp), specified in the errorPage attribute of the page directive of the JSP files. The new app. sits in [tomcat]\webapps\Simple_JSP (not under ROOT any more) and the web.xml file in the WEB-INF subdirectory has been set up to use the correct path. I also included the security-role element Frank mentioned below. The web-app portion of web.xml looks like this: web-app xmlns=http://java.sun.com/xml/ns/j2ee; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance; xsi:schemaLocation=http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd; display-nameSimple JSP/display-name descriptionSimple JSP Test/description login-config auth-methodFORM/auth-method form-login-config form-login-page/Simple_JSP/login.jsp/form-login-page form-error-page/Simple_JSP/login_error.html/form-error-page /form-login-config /login-config security-role descriptionSecurity Role/description role-namesimple_jsp/role-name /security-role security-constraint web-resource-collection web-resource-nameSimple JSP Test/web-resource-name url-pattern/Simple_JSP/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-namesimple_jsp/role-name /auth-constraint /security-constraint /web-app Of course, I set up the simple_jsp role in the tomcat-users.xml file and added that role to my user entry. Now that this is all said and done, I'm still getting behavior that I'm not expecting. If I load my environment file into the browser (http://localhost/Simple_JSP/environment.jsp), it comes up as though there were no security/authentication mechanism to put up a roadblock. The login page is never presented. I was expecting that if I were to request any page from the Simple_JSP area, that before anything is displayed, I would be prompted to provide and user name and password. Isn't that what's supposed to happen? Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 6:37 PM To: Tomcat Users List Subject: Re: Help/Examples setting up security settings As Mark indicated in another post, the first problem you need to resolve is how you have installed your webapp. ROOT is itself a webapp, and although it might seem right that you want to put your webapp under it, that isn't the case. Move SPID_JSP to /webapps and you should be all set. One other thing I see is you are missing security role definitions in your web.xml. You'll want to add something like this: security
RE: Help/Examples setting up security settings
Frank, First of all, thanks for the detailed information. At about the same time your response came through, I also managed to locate similar info from Marty Hall's web site (http://courses.coreservlets.com/Course-Materials/msajsp.html). Using both sources of information, I made the following additions/changes to the following files: (Remember, I'm using Tomcat 5.5.9) [tomcat_install_dir]/conf/tomcat-users.xml: ?xml version='1.0' encoding='utf-8'? tomcat-users ... role rolename=spid_jsp/ user username=[my user name] password=[my password] roles=spid_jsp/ /tomcat-users [tomcat_install_dir]/webapps/ROOT/SPID_JSP/WEB-INF/web.xml: web-app display-nameSPID JSP Test/display-name descriptionSPID JSP Test/description login-config auth-methodFORM/auth-method form-login-page/SPID_JSP/login.jsp/form-login-page form-error-page/SPID_JSP/login_error.html/form-error-page /login-config security-constraint web-resource-collection web-resource-nameSPID JSP Test/web-resource-name url-pattern/SPID_JSP/*/url-pattern /web-resource-collection auth-constraint role-namespid_jsp/role-name /auth-constraint /security-constraint /web-app [tomcat_install_dir]/webapps/ROOT/SPID_JSP/login.jsp: %@ page contentType=text/html; charset=iso-8859-1 language=java import=java.sql.* errorPage= % !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html head titleSPID_JSP Login Page/title /head body form action=j_security_check method=post name=login_form table width=30% border=0 cellpadding=1 cellspacing=1 tr td width=30%User name:/td tdinput name=j_username type=text/td /tr tr td width=30%Password:/td tdinput name=j_password type=password/td /tr tr td width=30%nbsp;/td tdinput name=submit type=submit value=Login/td /tr /table /form /body /html [tomcat_install_dir]/webapps/ROOT/SPID_JSP/login_error.html: !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.01 Transitional//EN http://www.w3.org/TR/html4/loose.dtd; html head titleSPID JSP Login Error/title /head body Nope. Wrong password. a href=login.jspTry again/a /body /html Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. Any help would be appreciated. Thanks, Joe -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Monday, June 13, 2005 3:06 PM To: Tomcat Users List Cc: Tomcat Users List Subject: Re: Help/Examples setting up security settings Having just spent a couple of weeks integrating a new security framework into an existing app, a framework that works in concert with J2EE security, let me see if I can help... Hang on, this is going to be a long post!... J2EE security (I *thimk* that's what it's called this week!) works with the concept of constrained resources... think of it this way... a server's job, be it a web server, app server, Quake server, whatever, is to SERVE. Therefore, the baseline assumption is that resources should be AVAILABLE, and you will be defining which are constrained in some way. This is actually backwards for how many people think of it, so it is worth noteing. Now, in terms of actually configuring it, it comes down to two things... well, I guess three really... (1) Define what resources you want to constrain (2) Define who will be allowed to access those resources (3) Tell your app server how to authenticate a user for a given resource The first two are standard, the third is app server-specific. Let's say for the sake of example that you have a bunch of administration-type JSPs in your application, for setting up users or something. Let's assume they are all in the directory /admin in the root of your webapp. Now, let's do step (1) and define a rule that says we want anything in that directory to be constrained. Here's the web.xml entry: security-constraint display-nameAdminConstraint/display-name web-resource-collection web-resource-nameAdminConstraint/web-resource-name url-pattern/admin
RE: Help/Examples setting up security settings
On Tue, June 14, 2005 9:26 am, Gagnon, Joseph M \(US SSA\) said: Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. Hmmm... The only thing that strikes me odd is what is being requested... Every time I've seen it, j_security_check is in the root... I wonder if Tomcat doesn't recognize j_security_check as being a special servlet if it isn't in the root? Just for chuckles, move your JSPs to the root of your webapp, that should result in /j_security_check being what the form is submitted to, see if that solves the problem (I *think* you could make the action of your form ../j_security_check instead of moving everything, that should do the same thing and would be easier). If that doesn't work then there is probably something else specific to Tomcat that needs to be done to enable that servlet that I am not aware of. As for the question of directing control to the success page, this is one of those things that is a bit confusing at first... you really don't direct control anywhere... what should happen is the URL your users should access *IS* the success page, assuming the succcess page is a constrained resource... in other words, write your application with the assumption that a user is already authenticated and that really the login page IS NOT part of your application. Then, when they try to access the success page, the request will be intercepted and the login page shown. If they enter valid credentials, THEN the success page will be returned to them automatically. That part usually confuses people at first (I think it did me too for a few minutes when I first dealt with this). Just remember, it's an intercept-based security mechanism... when the user tries to hit a protected resource, the request is intercepted and they are challenged to authenticate themselves. Conceptually, think of the original request as having been put on hold. Once they authenticate, the request continues where it left off, you have nothing special to do. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. No, I think you've managed to get pretty far essentially on your own... Good job! :) Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help/Examples setting up security settings
converting an existing ASP application to JSP. The books would be purchased through my department, and I don't want to have a bunch of books bought that I may end up not using, if the decision ends up being that we won't go the JSP route. I realize that it's difficult for someone reading this to get the full picture of my situation. I've tried to include all pertinent information. If anyone can help me out, I would sure appreciate it. (Thanks again Frank Zammetti for the information you've provided so far.) Thanks, Joe Gagnon -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:39 AM To: Gagnon, Joseph M (US SSA) Cc: Tomcat Users List Subject: RE: Help/Examples setting up security settings On Tue, June 14, 2005 9:26 am, Gagnon, Joseph M \(US SSA\) said: Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. Hmmm... The only thing that strikes me odd is what is being requested... Every time I've seen it, j_security_check is in the root... I wonder if Tomcat doesn't recognize j_security_check as being a special servlet if it isn't in the root? Just for chuckles, move your JSPs to the root of your webapp, that should result in /j_security_check being what the form is submitted to, see if that solves the problem (I *think* you could make the action of your form ../j_security_check instead of moving everything, that should do the same thing and would be easier). If that doesn't work then there is probably something else specific to Tomcat that needs to be done to enable that servlet that I am not aware of. As for the question of directing control to the success page, this is one of those things that is a bit confusing at first... you really don't direct control anywhere... what should happen is the URL your users should access *IS* the success page, assuming the succcess page is a constrained resource... in other words, write your application with the assumption that a user is already authenticated and that really the login page IS NOT part of your application. Then, when they try to access the success page, the request will be intercepted and the login page shown. If they enter valid credentials, THEN the success page will be returned to them automatically. That part usually confuses people at first (I think it did me too for a few minutes when I first dealt with this). Just remember, it's an intercept-based security mechanism... when the user tries to hit a protected resource, the request is intercepted and they are challenged to authenticate themselves. Conceptually, think of the original request as having been put on hold. Once they authenticate, the request continues where it left off, you have nothing special to do. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. No, I think you've managed to get pretty far essentially on your own... Good job! :) Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help/Examples setting up security settings
Gagnon, Joseph M (US SSA) wrote: snip 2. I have placed a WEB-INF directory under my test application directory ([tomcat install dir]/webapps/ROOT/SPID_JSP) and put a web.xml file in it. (SPID_JSP is where the JSP and HTML files reside.) snip You will need to fix this before anything stands a chance of working. The ROOT web application and SPID_JSP web application should be in separate directories. You should have [tomcat install dir]/webapps/ROOT/ for the root context and [tomcat install dir]/webapps/SPID_JSP for your app. HTH, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help/Examples setting up security settings
dump, except this time, the page header shows what I expect: Get Environment Data. First, why didn't I get presented with the login page? Isn't that what was supposed to happen? Second, I don't understand the dual behavior observed above. Why should I get what happens in scenario 1? The file requested exists at the location specified. What gives? Why does scenario 2 allow me to access my page as I would expect to? Obviously, I don't know diddly-squat about how this technology works and is meant to be used. Everything I try ends up either a drop dead failure or confuses me even more than I already was. There does not seem to be any consistency to the behaviors I've been seeing. If someone asked me right now whether to recommend using JSP, I'd have to say No. I can't even get a simple test scenario to work. I'm trying to hold off on buying any books on the subject, because I'm not sure which ones would be the best to get (although I have some ideas) and more importantly, because I am trying to evaluate the technology and the feasibility (not to mention the do-ability) of potentially converting an existing ASP application to JSP. The books would be purchased through my department, and I don't want to have a bunch of books bought that I may end up not using, if the decision ends up being that we won't go the JSP route. I realize that it's difficult for someone reading this to get the full picture of my situation. I've tried to include all pertinent information. If anyone can help me out, I would sure appreciate it. (Thanks again Frank Zammetti for the information you've provided so far.) Thanks, Joe Gagnon -Original Message- From: Frank W. Zammetti [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 14, 2005 9:39 AM To: Gagnon, Joseph M (US SSA) Cc: Tomcat Users List Subject: RE: Help/Examples setting up security settings On Tue, June 14, 2005 9:26 am, Gagnon, Joseph M \(US SSA\) said: Very simple stuff. However, when I try to login (by loading the login.jsp page), I get the following error from Tomcat: HTTP Status 404 - /SPID_JSP/j_security_check type Status report message /SPID_JSP/j_security_check description The requested resource (/SPID_JSP/j_security_check) is not available. Apache Tomcat/5.5.9 Obviously, there are some other things that I need to do, but I don't know what they are. Also, I'm curious how to direct control to the success page once authentication passes and the login succeeds. Hmmm... The only thing that strikes me odd is what is being requested... Every time I've seen it, j_security_check is in the root... I wonder if Tomcat doesn't recognize j_security_check as being a special servlet if it isn't in the root? Just for chuckles, move your JSPs to the root of your webapp, that should result in /j_security_check being what the form is submitted to, see if that solves the problem (I *think* you could make the action of your form ../j_security_check instead of moving everything, that should do the same thing and would be easier). If that doesn't work then there is probably something else specific to Tomcat that needs to be done to enable that servlet that I am not aware of. As for the question of directing control to the success page, this is one of those things that is a bit confusing at first... you really don't direct control anywhere... what should happen is the URL your users should access *IS* the success page, assuming the succcess page is a constrained resource... in other words, write your application with the assumption that a user is already authenticated and that really the login page IS NOT part of your application. Then, when they try to access the success page, the request will be intercepted and the login page shown. If they enter valid credentials, THEN the success page will be returned to them automatically. That part usually confuses people at first (I think it did me too for a few minutes when I first dealt with this). Just remember, it's an intercept-based security mechanism... when the user tries to hit a protected resource, the request is intercepted and they are challenged to authenticate themselves. Conceptually, think of the original request as having been put on hold. Once they authenticate, the request continues where it left off, you have nothing special to do. I'm really very new at web programming, so I'm sure there are either a lot of stupid things I'm doing, or stuff I need to do, but am not. No, I think you've managed to get pretty far essentially on your own... Good job! :) Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Frank W. Zammetti Founder and Chief Software Architect Omnytex Technologies http://www.omnytex.com
Re: Help with memory leak using Tomcat
Hi. There was a discussion on this topic on Hibernate forum: http://forum.hibernate.org/viewtopic.php?t=935948postdays=0postorder=ascstart=0 If you find how to solve it, please let us know - I'm currently having the same problem :). Regards, Sergey. sudip shrestha wrote: I have experienced similar kind of memory leak, but that was while reloading the context. There was a steady increase in the memory usage after each autoReload of my struts 1.2.7-hibernate 2.1.8 powered webApp in Tomcat 5.5.7/JDK 1.5/Fedora Core 2. At the beginning: the process memory used by tomcat was 6.6%, then after each reload it went on slight increase such as: 7.8%, 8.3%, 8.8%, 9.1%, 10.1%, 10.7%Then I shutdown the tomcat server and restarted the server, I saw the memory usage as 6.4%, then on the next reload the usage was 7.9%. Meanwhile, the Java memory ( Runtime.getRuntime().totalMemory() Runtime.getRuntime().freeMemory() ) seem to stay pretty stabilizedSo, basically only process memory is increasing...which tells me that there is a leak in native memory. I saw similar threads like this when somebody had memory leaks with application reload/startup/shutdown with Tomcat Manager webapp... I am also looking for a good direction to move ahead. On 6/10/05, Mark Thomas [EMAIL PROTECTED] wrote: Does your profiling tool tell you the classes of the objects being created? Can you take a snapshot at two points in time, compare them and see what is different? If we know the class of the objects being created, it gives us a pretty good pointer as to where to start looking. Without this information, it is needle in haystack time. If your profiler doesn't do this, you probably need to get a new profiler. Mark Ed Hamilton wrote: I posted something similar to the Tomcat bug list and was asked to move it here. My first mailing to this list, so please correct any gaffes on my part... I'm running Tomcat 5.5.9; isapi redirector 1.2.13; J2SE 1.5.0.03; JDBC 3.1.8a; to support 2 very low volume websites. I have some kind of memory leak which triples tomcat's memory usage over about 4-5 days. I downloaded and installed AppPerfect profiler, and it shows a steady, consistent increase in objects and a corresponding decrease in the heap size. Even with my webserver shutdown and no Tomcat usage, this leak is persistent. The memory leak checker portion of AppPerfect reports multiple memory leaks (even with the web server shutdown as I mentioned.) Can anybody help me figure out how to find out where this is coming from? Best regards, Ed Hamilton - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help/Examples setting up security settings
Having just spent a couple of weeks integrating a new security framework into an existing app, a framework that works in concert with J2EE security, let me see if I can help... Hang on, this is going to be a long post!... J2EE security (I *thimk* that's what it's called this week!) works with the concept of constrained resources... think of it this way... a server's job, be it a web server, app server, Quake server, whatever, is to SERVE. Therefore, the baseline assumption is that resources should be AVAILABLE, and you will be defining which are constrained in some way. This is actually backwards for how many people think of it, so it is worth noteing. Now, in terms of actually configuring it, it comes down to two things... well, I guess three really... (1) Define what resources you want to constrain (2) Define who will be allowed to access those resources (3) Tell your app server how to authenticate a user for a given resource The first two are standard, the third is app server-specific. Let's say for the sake of example that you have a bunch of administration-type JSPs in your application, for setting up users or something. Let's assume they are all in the directory /admin in the root of your webapp. Now, let's do step (1) and define a rule that says we want anything in that directory to be constrained. Here's the web.xml entry: security-constraint display-nameAdminConstraint/display-name web-resource-collection web-resource-nameAdminConstraint/web-resource-name url-pattern/admin/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-nameAdminRole/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Ok, so there's really 3 things being done here... (1) We are saying that anything in the /admin directory (/admin/*), based on that URL pattern, is to be constrained. So, http://mysite.com/admin/page1.jsp will be constrained, http://mysite.com/jsp/page1.jsp WILL NOT. Further, we are saying that only the GET and POST methods are being constrained. In other words, if someone tries to use an HTTP method other than GET and POST on a resource in that directory, THEY WILL GET TO IT WITHOUT HINDERANCE. Note that the display-name element is for IDE purposes... it is optional. Also, web-resource-name is for your own purposes, it can be whatever you want. (2) The next part is defining who will be able to access those resources. In this example we are saying that something called the AdminRole will be allowed to get to it (potentially, assuming they are validated). We'll get to what that AdminRole is in a minute... (3) We are saying that we want the resource to be served under SSL. That's what the CONFIDENTIAL transport-guarantee does. IIRC, this part is optional. There are three setting, CONFIDENTIAL, INTEGRAL (I think) and NONE. The first two are close to the same, so close in fact that I don't rememeber the difference :) None, as the name implies, means no guarantee about transport is made (i.e., serve it in the clear). Ok, so that's the first part of the equation. The next part is to make that AdminRole mean something. We do this by another entry in web.xml: security-role descriptionAdminRole/description role-nameAdminRole/role-name /security-role This is saying that there is a role (read: group) that a user can be in called AdminRole. Just like almost any other security mechanism out there, a user is assigned to a group (or a number of groups). This helps determine what rights they have. In this case we are saying that if a user tries to access a resource in the /admin directory, and if they are in the AdminRole group, then they are elligible to get at that resource. Ok, now we get to the third part... Somehow, your app server has to know about that AdrminRole and what users are in it. As I said, this part is server-specific. But, the bottom line is that you will see the name AdminRole defined somewhere, and probably with a list of users in it (or it might be a reference to an LDAP directory that contains that information, etc.) I guess there really is one other piece in web.xml: login-config auth-methodFORM/auth-method form-login-config form-login-page/login/doLogin.do/form-login-page form-error-page/login/loginError.do/form-error-page /form-login-config /login-config This basically turns on security, more or less... Here I am sayingt to use form-based authentication (i.e., a form with the fields j_username and j_password that submits to j_security_check as the action), and I'm also saying that if the user tries to access a constrained resource, display the page /logon/doLogin.do (probably a Struts Action in this case) or send them to /login/loginError.do if they do not get authenticated. So, what happens in a web app
Re: Help with memory leak using Tomcat
Does your profiling tool tell you the classes of the objects being created? Can you take a snapshot at two points in time, compare them and see what is different? If we know the class of the objects being created, it gives us a pretty good pointer as to where to start looking. Without this information, it is needle in haystack time. If your profiler doesn't do this, you probably need to get a new profiler. Mark Ed Hamilton wrote: I posted something similar to the Tomcat bug list and was asked to move it here. My first mailing to this list, so please correct any gaffes on my part... I'm running Tomcat 5.5.9; isapi redirector 1.2.13; J2SE 1.5.0.03; JDBC 3.1.8a; to support 2 very low volume websites. I have some kind of memory leak which triples tomcat's memory usage over about 4-5 days. I downloaded and installed AppPerfect profiler, and it shows a steady, consistent increase in objects and a corresponding decrease in the heap size. Even with my webserver shutdown and no Tomcat usage, this leak is persistent. The memory leak checker portion of AppPerfect reports multiple memory leaks (even with the web server shutdown as I mentioned.) Can anybody help me figure out how to find out where this is coming from? Best regards, Ed Hamilton - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with memory leak using Tomcat
I have experienced similar kind of memory leak, but that was while reloading the context. There was a steady increase in the memory usage after each autoReload of my struts 1.2.7-hibernate 2.1.8 powered webApp in Tomcat 5.5.7/JDK 1.5/Fedora Core 2. At the beginning: the process memory used by tomcat was 6.6%, then after each reload it went on slight increase such as: 7.8%, 8.3%, 8.8%, 9.1%, 10.1%, 10.7%Then I shutdown the tomcat server and restarted the server, I saw the memory usage as 6.4%, then on the next reload the usage was 7.9%. Meanwhile, the Java memory ( Runtime.getRuntime().totalMemory() Runtime.getRuntime().freeMemory() ) seem to stay pretty stabilizedSo, basically only process memory is increasing...which tells me that there is a leak in native memory. I saw similar threads like this when somebody had memory leaks with application reload/startup/shutdown with Tomcat Manager webapp... I am also looking for a good direction to move ahead. On 6/10/05, Mark Thomas [EMAIL PROTECTED] wrote: Does your profiling tool tell you the classes of the objects being created? Can you take a snapshot at two points in time, compare them and see what is different? If we know the class of the objects being created, it gives us a pretty good pointer as to where to start looking. Without this information, it is needle in haystack time. If your profiler doesn't do this, you probably need to get a new profiler. Mark Ed Hamilton wrote: I posted something similar to the Tomcat bug list and was asked to move it here. My first mailing to this list, so please correct any gaffes on my part... I'm running Tomcat 5.5.9; isapi redirector 1.2.13; J2SE 1.5.0.03; JDBC 3.1.8a; to support 2 very low volume websites. I have some kind of memory leak which triples tomcat's memory usage over about 4-5 days. I downloaded and installed AppPerfect profiler, and it shows a steady, consistent increase in objects and a corresponding decrease in the heap size. Even with my webserver shutdown and no Tomcat usage, this leak is persistent. The memory leak checker portion of AppPerfect reports multiple memory leaks (even with the web server shutdown as I mentioned.) Can anybody help me figure out how to find out where this is coming from? Best regards, Ed Hamilton - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Fwd: Re: Help with memory leak using Tomcat]
Ed Hamilton wrote: Mark, Thanks for the response. I'm repling to you directly - if that's wrong, please let me know. Please always reply to the list. This is for two reasons: - The extra information you provide might be enough for someone else to help you even if the original respondent can not. - The point of the list is to share knowledge and experience. This stops working once people switch to private mail. I've determined that with all my webapps shutdown, Tomcat allocates a new ojbect(s) of about 80KB exactly every 10 seconds and doesn't release it/them. The GC collector doesn't seem to clear it automatically. If I use the profiler's run GC the objects are released, the heap is returned to full size, and then the objectes start piling up again. What you describe is not a memory leak, just normal operation of the JVM. Tomcat is clearly doing something on a regular basis (at a guess this will be the auto-deploy code doing its work). Whatever this regular activity is, it creates objects. These objects are correctly released, since running garbage collection removes them. The JVM makes no guarantees when, or indeed if, garbage collection will be run. Since garbage collection is expensive, the JVM doesn't normally do it unless it has to. Therefore it is perfectly normal to see a steady rise in memory over time. If you leave it long enough you will see memory usage come back down when GC runs. If you were seeing a steady rise in memory after GC, this would be a memory leak. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help for ClassNotFoundExcpetion
On 6/2/05, MEHMOOD, QAISER [EMAIL PROTECTED] wrote: When I put these jar files in tomcat/common/lib directory , its working fine. Can anyone tell me In Tomcat classes in common/lib cannot find a class in a webapplication. Check the stacktrace to see what class is not found and which class is loading this and where it is located. -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with reloading a servlet for log4j logging.
You must use PropertyConfigurator.configureAndWatch(fileProperties,miliseconds) By Mariano -Mensaje original- De: Subhrajyoti Moitra [mailto:[EMAIL PROTECTED] Enviado el: jueves, 26 de mayo de 2005 8:35 Para: tomcat-user@jakarta.apache.org Asunto: Help with reloading a servlet for log4j logging. Hi, I am initializing Log4J system using an init servlet, which is loaded on start-up (servlet name is Log4JInitServlet). In web.xml I am pointing to the log4j.properties file using the param tag. Problem Now suppose I change some properties in log4j.properties file. (change the log level for example). I want to reload this file with the changed properties and restart log4j system with these new properties. Question Can I re-load the new properties file (and consequently the log4j system) by reloading the initservlet (LogJInitServlet)? Something similar to reloading an entire webcontext using http://localhost/manager?reload=myLog4JApp. I don't want to restart tomcat to restart the logging system. Can this be done in tomcat? I am using tomcat 4.x version, on win32/linux systems. Thanks a lot in advance, Subhro. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with reloading a servlet for log4j logging.
It worked Thanks a lot Mariano! -Original Message- From: Mariano [mailto:[EMAIL PROTECTED] Sent: Thursday, May 26, 2005 12:23 PM To: 'Tomcat Users List' Subject: RE: Help with reloading a servlet for log4j logging. You must use PropertyConfigurator.configureAndWatch(fileProperties,miliseconds) By Mariano -Mensaje original- De: Subhrajyoti Moitra [mailto:[EMAIL PROTECTED] Enviado el: jueves, 26 de mayo de 2005 8:35 Para: tomcat-user@jakarta.apache.org Asunto: Help with reloading a servlet for log4j logging. Hi, I am initializing Log4J system using an init servlet, which is loaded on start-up (servlet name is Log4JInitServlet). In web.xml I am pointing to the log4j.properties file using the param tag. Problem Now suppose I change some properties in log4j.properties file. (change the log level for example). I want to reload this file with the changed properties and restart log4j system with these new properties. Question Can I re-load the new properties file (and consequently the log4j system) by reloading the initservlet (LogJInitServlet)? Something similar to reloading an entire webcontext using http://localhost/manager?reload=myLog4JApp. I don't want to restart tomcat to restart the logging system. Can this be done in tomcat? I am using tomcat 4.x version, on win32/linux systems. Thanks a lot in advance, Subhro. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with Tomcat 5.5.x on redhat-release-3ES-7.4
On 5/24/05, Gary Zhu [EMAIL PROTECTED] wrote: Hi all, When trying to start tomcat 5.5.4(tried 5.5.7 and 5.5.9) on OS redhat-release-3ES-7.4, I always get the following error: '/catalina.sh: /usr/local/tomcat/bin/setclasspath.sh: line 74: syntax error near unexpected token `do '/catalina.sh: /usr/local/tomcat/bin/setclasspath.sh: line 74: `for i in $OSXHACK/*.jar; do Of course, all the three versions have been working fine with other redhat linux versions such as redhat-release-9-3. Strange maybe RHEL3-ES-7.4 (whatever all that means) somehow does more syntax checking than usual and enteres that IF even though it doesn't need to and barfs it as a result so try editing setclasspath.sh and comment out the below lines: # OSX hack to CLASSPATH JIKESPATH= if [ `uname -s` = Darwin ]; then OSXHACK=/System/Library/Frameworks/JavaVM.framework/Versions/CurrentJDK/Classes if [ -d $OSXHACK ]; then for i in $OSXHACK/*.jar; do JIKESPATH=$JIKESPATH:$i done fi fi Hopefully that will make it happy. :) Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help needed with Hibernate persistent servlet
Allistair Crossley wrote: Hi, Hibernate needs a bunch of other jar files too. There is a text file in the H3 distrib indicating which are requisite and which are mandatory. You do not menion whether this HibernateUtil you are using as a servlet has an overridden init() method that creates the SessionFactory. Finally, the way we set the Hibernate sub-system up here is to use a ContextListener for our application which calls HibernateUtil.init which instances the SessionFactory. Another way to go about Hibernate3 usage in web apps is to use the Inversion of Control part of Spring. Cheers, Allistair. -Original Message- From: David Haynes [mailto:[EMAIL PROTECTED] Sent: 10 May 2005 19:30 To: tomcat-user@jakarta.apache.org Subject: Help needed with Hibernate persistent servlet I feel that I am almost there, but can't quite get the last problem out of the way. I am using Tomcat 5.5.7, NetBeans 4.1rc2, and Hibernate 3.0.3. I have set up the web.xml for my project to start the HibernateUtil as a load-on-startup servlet and confirmed that the proper libraries (jar files) are in place under WEB-INF/lib. I know that the servlet is running since I put the declaration into the global web.xml and got back the duplicate service error. My problem is that I am getting NoClassDefFoundError. Looking at the java generated for my jsp, I see that the class not found is the one which references my persistent object. ( i.e. when I reference HibernateUtil.currentSession() ) Do I need to do something else to make the persistent object visible to my jsp? The jsp does import my package containing HibernateUtil and the org.hibernate.* set as well. Googling seems to indicate that getting this to work is an often seen problem, but there not a lot of details about how to fix this. I have checked all the fixes I can find but nothing seems to be working. Thanks for any ideas/help. -david- Thanks for taking the time to try to help. It turns out to be a documentation problem with Hibernate 3.0 in that one of the required jar libraries is not documented as being required. Once I added the asm.jar library, everything started to work properly. -david- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help needed with Hibernate persistent servlet
Hi, Hibernate needs a bunch of other jar files too. There is a text file in the H3 distrib indicating which are requisite and which are mandatory. You do not menion whether this HibernateUtil you are using as a servlet has an overridden init() method that creates the SessionFactory. Finally, the way we set the Hibernate sub-system up here is to use a ContextListener for our application which calls HibernateUtil.init which instances the SessionFactory. Another way to go about Hibernate3 usage in web apps is to use the Inversion of Control part of Spring. Cheers, Allistair. -Original Message- From: David Haynes [mailto:[EMAIL PROTECTED] Sent: 10 May 2005 19:30 To: tomcat-user@jakarta.apache.org Subject: Help needed with Hibernate persistent servlet I feel that I am almost there, but can't quite get the last problem out of the way. I am using Tomcat 5.5.7, NetBeans 4.1rc2, and Hibernate 3.0.3. I have set up the web.xml for my project to start the HibernateUtil as a load-on-startup servlet and confirmed that the proper libraries (jar files) are in place under WEB-INF/lib. I know that the servlet is running since I put the declaration into the global web.xml and got back the duplicate service error. My problem is that I am getting NoClassDefFoundError. Looking at the java generated for my jsp, I see that the class not found is the one which references my persistent object. ( i.e. when I reference HibernateUtil.currentSession() ) Do I need to do something else to make the persistent object visible to my jsp? The jsp does import my package containing HibernateUtil and the org.hibernate.* set as well. Googling seems to indicate that getting this to work is an often seen problem, but there not a lot of details about how to fix this. I have checked all the fixes I can find but nothing seems to be working. Thanks for any ideas/help. -david- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help - Alias or Symlink to external(to the context) images directory?
On 5/3/05, Mott Leroy [EMAIL PROTECTED] wrote: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html - see the allowLinking property. This did the trick :) Thanks Mott!!! As far as how to create the symlink when the app is deployed, not sure beyond running some sort of script when the application loads (using a context listener perhaps). I actually have a script that deploys the app for me, so in that script I create the symlink after deploying. Thanks again, Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help - Alias or Symlink to external(to the context) images directory?
http://jakarta.apache.org/tomcat/tomcat-5.0-doc/config/context.html - see the allowLinking property. As far as how to create the symlink when the app is deployed, not sure beyond running some sort of script when the application loads (using a context listener perhaps). Matt Galvin wrote: Hi All, Does anyone know of a way to set an alias to an external directory that contains images to be displayed on a web page? Maybe explaining what I need to do would help: I have a directory, for example: /tmp/images I have a webapp in: /opt/tomcat/webapps/myapp I need to be able to store uploaded images in /tmp/images (which I have working fine) and I need to be able to display those images via the jsp's in myapp. Is it possible to have an alias called myapp/images that points to /tmp/images or can I maybe use a symlink(can tomcat follow the symlink?) or is there some other way I can do this, other than using a servlet to retrieve/return the images? I need to be able to do this so that when the webapp is updated/redeployed, the images will not get deleted. I am running tomcat 5.0.28 on SUN's Java 1.4.2_08 on a variety or Linux/UNIX systems. Thanks in advance, Matt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with JDBCRealm config on Tomcat 4.1
Well I've got JDBCRealm working for the entire server, but when I try to wrap the realm in a context for a specific webapp it stops working. Anyone have any ideas why? Is my Context specification not correct? Context path=/blojsom docBase=blojsom debug=99 Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=com.mysql.jdbc.Driver connectionURL=jdbc:mysql://localhost/mydatabase connectionName=xx connectionPassword=xx digest=MD5 userTable=users userNameCol=userid userCredCol=md5password userRoleTable=user_roles roleNameCol=role_name / /Context - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Friday, April 22, 2005 3:56 PM Subject: Help with JDBCRealm config on Tomcat 4.1 Hope someone can help me - I'm still a relative newbie to tomcat, am baffled at this point and I can't even get it configured so that I can get debug info to find out what's wrong. I've added a context to my server.xml for the webapp I'm trying to set up JDBCRealm authentication for: Context path=/blojsom docBase=blojsom debug=99 Logger className=org.apache.catalina.logger.FileLogger prefix=localhost_blojsom_log. suffix=.txt timestamp=true / Realm className=org.apache.catalina.realm.JDBCRealm debug=99 driverName=org.gjt.mm.mysql.Driver connectionURL=jdbc:mysql://localhost/mydatabase?user=xx;password=xx connectionName=xx connectionPassword=xx digest=MD5 userTable=users userNameCol=userid userCredCol=md5password userRoleTable=user_roles roleNameCol=role_name / /Context And, of course, added the supporting tables and roles to my database. When I attempt to access a page from the webapp, my login.jsp page is displayed, and when I attempt to login, my error.jsp page is displayed. I didn't expect this to work correctly the first time I configured it, and it's not, but my problem is that I can't figure out how to debug it at all. The Logger I have configured in the webapp's Context does nothing - doesn't create the log file and nothing is logged anywhere else either. How can I further debug it? Now, if I take the Realm out of the Context (applying it to the entire server), I get an exception in my catalina_log: 2005-04-22 15:26:10 JDBCRealm[Standalone]: Exception performing authentication java.sql.SQLException: org.gjt.mm.mysql.Driver at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:588) at org.apache.catalina.realm.JDBCRealm.authenticate(JDBCRealm.java:343) Though it doesn't say it precisely, I think this implies that it's not connecting to the DB, but the db, user and password values are all correct. Basically, I have three problems: why can't I get logging to work from within a specific context, am I doing something wrong in my attempt to get JDBCRealm authentication to work, and what is the right way to debug the problem further, if the solution isn't obvious? Also, I've added to my webapp's web.xml file: security-constraint web-resource-collection web-resource-nameEntire Application/web-resource-name url-pattern/*/url-pattern /web-resource-collection auth-constraint role-nameusers/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameUsers/realm-name form-login-config form-login-page/login.jsp/form-login-page form-error-page/error.jsp/form-error-page /form-login-config /login-config security-role description Some Stuff /description role-nameusers/role-name /security-role - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help needed: Setting Tomcat5.5 to run with security manager in Windows XP
From: Nikolay Karasev [mailto:[EMAIL PROTECTED] Subject: Help needed: Setting Tomcat5.5 to run with security manager in Windows XP however there is no file named catalina.bat in this directory. The .bat files are only in the zip download. If you're running Tomcat as a service, there is no .bat file to edit; instead you can use the Tomcat5w.exe program to set additional parameters (under the Java tab), or edit the registry. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with tomcat 5.5
the classes / jar files available for TC 5.5 are not the same in your case - Check the commons/lib folder and the web-inf/lib folder. Make sure all the classes/jar files in the above folders in 5.0 are available and the same as in 5.5 - my guess is that some are missing in 5.0. if that does not solve - them copy paste the exact classNotFound and someone will be able to help u in finding the right jar. HTH, Anoop On 4/13/05, dummy [EMAIL PROTECTED] wrote: Problem with tomcat 5.5. Application running on tomcat 5.0 fine but when run on tomcat 5.5 alot of problem appeared like noclassfound. Why is it so ? Anybody have the same problem ? How to solve ? -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HELP Tomcat CGI
hi, first you need to test if the script will be happy to execute: leave it where you want it to be called from the browser and in shell to type /path/to/script/test.pl if it execute, then you know it is your tomcat config problem. you may need to restart tomcat after change the .xml file(?) there is security concern about using cgi, does not matter with tomcat or apache. but as you know tomcat can run perl. good luck cheng --- Raghupathy,Gurumoorthy [EMAIL PROTECTED] wrote: Why don't you run perl in apache and integrate it with tomcat ? Tomcat should not be used with CGI ( security issues ) Guru -Original Message- From: Scholtyssek Siegfried [mailto:[EMAIL PROTECTED] Sent: 11 April 2005 09:29 To: tomcat-user@jakarta.apache.org Subject: HELP Tomcat CGI Importance: High Hello, I use the Apache Tomcat.5.0.16 on the SUNOS 5.8 UNIX With Tomcat we want execute cgi-scripts. So I modified all in web.xml and removed the file servlets-cgi.renametojar to servlets-cgi.jar If I start with Netscape the follow URL: http://localhost:8080/cgi-bin/test.pl so I get the follow ERROR: Can't open perl Script ./test.pl No such file or direktory Use -S to search $PATH for it. If I delete and make a follow link: rm /usr/bin/perl ln -s /usr/bin/ksh /usr/bin/perlthen it is running. Whats wrong ??? What I have to do, that it is running with ln -s /usr/local/bin/perl /usr/bin/perl In the first line of the test.pl I have still #!/usr/local/bin/perl and I made chmod a+x test.pl and with command from xterm I can execute it with the full path from the errormessage Can't open perl Script . ! Please help me because I will be else crazy :-) Thanks and regards Siggi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Best wishes Z C Wang Send instant messages to your online friends http://uk.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: HELP Tomcat CGI
Why don't you run perl in apache and integrate it with tomcat ? Tomcat should not be used with CGI ( security issues ) Guru -Original Message- From: Scholtyssek Siegfried [mailto:[EMAIL PROTECTED] Sent: 11 April 2005 09:29 To: tomcat-user@jakarta.apache.org Subject: HELP Tomcat CGI Importance: High Hello, I use the Apache Tomcat.5.0.16 on the SUNOS 5.8 UNIX With Tomcat we want execute cgi-scripts. So I modified all in web.xml and removed the file servlets-cgi.renametojar to servlets-cgi.jar If I start with Netscape the follow URL: http://localhost:8080/cgi-bin/test.pl so I get the follow ERROR: Can't open perl Script ./test.pl No such file or direktory Use -S to search $PATH for it. If I delete and make a follow link: rm /usr/bin/perl ln -s /usr/bin/ksh /usr/bin/perlthen it is running. Whats wrong ??? What I have to do, that it is running with ln -s /usr/local/bin/perl /usr/bin/perl In the first line of the test.pl I have still #!/usr/local/bin/perl and I made chmod a+x test.pl and with command from xterm I can execute it with the full path from the errormessage Can't open perl Script . ! Please help me because I will be else crazy :-) Thanks and regards Siggi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HELP Tomcat CGI
Should not is rather strong and a little misleading. What you need to keep in mind is the warning in the docs. quote CAUTION - CGI scripts are used to execute programs external to the Tomcat JVM. If you are using the Java SecurityManager this will bypass your security policy configuration in catalina.policy. /quote Mark Raghupathy,Gurumoorthy wrote: Why don't you run perl in apache and integrate it with tomcat ? Tomcat should not be used with CGI ( security issues ) Guru -Original Message- From: Scholtyssek Siegfried [mailto:[EMAIL PROTECTED] Sent: 11 April 2005 09:29 To: tomcat-user@jakarta.apache.org Subject: HELP Tomcat CGI Importance: High Hello, I use the Apache Tomcat.5.0.16 on the SUNOS 5.8 UNIX With Tomcat we want execute cgi-scripts. So I modified all in web.xml and removed the file servlets-cgi.renametojar to servlets-cgi.jar If I start with Netscape the follow URL: http://localhost:8080/cgi-bin/test.pl so I get the follow ERROR: Can't open perl Script ./test.pl No such file or direktory Use -S to search $PATH for it. If I delete and make a follow link: rm /usr/bin/perl ln -s /usr/bin/ksh /usr/bin/perlthen it is running. Whats wrong ??? What I have to do, that it is running with ln -s /usr/local/bin/perl /usr/bin/perl In the first line of the test.pl I have still #!/usr/local/bin/perl and I made chmod a+x test.pl and with command from xterm I can execute it with the full path from the errormessage Can't open perl Script . ! Please help me because I will be else crazy :-) Thanks and regards Siggi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help !!! Tomcat 5.5.7 - cannot start
Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help !!! Tomcat 5.5.7 - cannot start
Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help !!! Tomcat 5.5.7 - cannot start
I am installing all this for the first time. Where do you set the classpath, to include the catalina.jar? How do I know if tomcat is running? ps -ef | grep tomcat yields the same result. Do not see any pid the output is a set of paths that has tomcat in it. $JAVA_HOME and $CATLINA_HOME are set correctly. I may have said it wrong that it is during startup I get the error. It is actually during execution of shutdown.sh. Sorry about that. When I do: su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/startup.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 [EMAIL PROTECTED] ~]# su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/shutdown.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) --- Robert Harrison [EMAIL PROTECTED] wrote: Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help !!! Tomcat 5.5.7 - cannot start
The simplest thing to do would be to open a command prompt (if you are on windows) and type echo %CLASSPATH% and then hit enter / return key. The jars that have been added to the classpath are shown - ensure that u have catalina.jar or j2ee.jar. If you are not sure open the jar files using something like winzip and check for the existence of the class file. HTH -Anoop On Apr 8, 2005 1:41 PM, Robert Harrison [EMAIL PROTECTED] wrote: Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help !!! Tomcat 5.5.7 - cannot start
Look in $CATALINA_BASE/catalina.out for the startup error. The script redirects STDOUT and STDERR on startup but not shutdown. JT -Original Message- From: Parveen Pasha [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 1:48 PM To: Tomcat Users List; Robert Harrison Subject: Re: Help !!! Tomcat 5.5.7 - cannot start I am installing all this for the first time. Where do you set the classpath, to include the catalina.jar? How do I know if tomcat is running? ps -ef | grep tomcat yields the same result. Do not see any pid the output is a set of paths that has tomcat in it. $JAVA_HOME and $CATLINA_HOME are set correctly. I may have said it wrong that it is during startup I get the error. It is actually during execution of shutdown.sh. Sorry about that. When I do: su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/startup.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 [EMAIL PROTECTED] ~]# su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/shutdown.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) --- Robert Harrison [EMAIL PROTECTED] wrote: Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help !!! Tomcat 5.5.7 - cannot start
Sorry I meant $CATALINA_BASE/logs/catalina.out. -Original Message- From: Trice, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 2:46 PM To: Tomcat Users List Subject: RE: Help !!! Tomcat 5.5.7 - cannot start Look in $CATALINA_BASE/catalina.out for the startup error. The script redirects STDOUT and STDERR on startup but not shutdown. JT -Original Message- From: Parveen Pasha [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 1:48 PM To: Tomcat Users List; Robert Harrison Subject: Re: Help !!! Tomcat 5.5.7 - cannot start I am installing all this for the first time. Where do you set the classpath, to include the catalina.jar? How do I know if tomcat is running? ps -ef | grep tomcat yields the same result. Do not see any pid the output is a set of paths that has tomcat in it. $JAVA_HOME and $CATLINA_HOME are set correctly. I may have said it wrong that it is during startup I get the error. It is actually during execution of shutdown.sh. Sorry about that. When I do: su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/startup.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 [EMAIL PROTECTED] ~]# su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/shutdown.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) --- Robert Harrison [EMAIL PROTECTED] wrote: Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help !!! Tomcat 5.5.7 - cannot start
The output from catalina.out is : java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) --- Trice, Jim [EMAIL PROTECTED] wrote: Sorry I meant $CATALINA_BASE/logs/catalina.out. -Original Message- From: Trice, Jim [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 2:46 PM To: Tomcat Users List Subject: RE: Help !!! Tomcat 5.5.7 - cannot start Look in $CATALINA_BASE/catalina.out for the startup error. The script redirects STDOUT and STDERR on startup but not shutdown. JT -Original Message- From: Parveen Pasha [mailto:[EMAIL PROTECTED] Sent: Friday, April 08, 2005 1:48 PM To: Tomcat Users List; Robert Harrison Subject: Re: Help !!! Tomcat 5.5.7 - cannot start I am installing all this for the first time. Where do you set the classpath, to include the catalina.jar? How do I know if tomcat is running? ps -ef | grep tomcat yields the same result. Do not see any pid the output is a set of paths that has tomcat in it. $JAVA_HOME and $CATLINA_HOME are set correctly. I may have said it wrong that it is during startup I get the error. It is actually during execution of shutdown.sh. Sorry about that. When I do: su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/startup.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 [EMAIL PROTECTED] ~]# su - tomcat -c /usr/local/tomcat/jakarta-tomcat-5.5.7/bin/shutdown.sh I get: Using CATALINA_BASE: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_HOME: /usr/local/tomcat/jakarta-tomcat-5.5.7 Using CATALINA_TMPDIR: /usr/local/tomcat/jakarta-tomcat-5.5.7/temp Using JRE_HOME: /usr/java/jdk1.5.0_02 java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) --- Robert Harrison [EMAIL PROTECTED] wrote: Does echo $JAVA_HOME show it set correctly? Bob On Apr 8, 2005 1:28 PM, Anoop kumar V [EMAIL PROTECTED] wrote: Just make sure you have included catalina.jar file in the classpath. -Anoop On Apr 8, 2005 1:23 PM, Parveen Pasha [EMAIL PROTECTED] wrote: Using Tomcat 5.5 + Fedora Core 3 + jdk1.5.02 Changed the port to 8090 from the default 8080 port in server.xml. Did not install the runtime environment. only installed jdk1.5.02 using the rpm -iv jdk-1_5_0_02-linux-i586-rpm When I execute the startup.sh script, I receive the following error in Catalina.out java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:188) at java.lang.ClassLoader.loadClass(ClassLoader.java:306) at java.lang.ClassLoader.loadClass(ClassLoader.java:251) at org.apache.catalina.startup.Bootstrap.init(Bootstrap.java:198) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:386) Cannot view the default web applications included with Tomcat when accessing via http://localhost:8090 I receive the following message: The page cannot be displayed. I did not find any solution on the Web. Can someone help. Thanks! Thanks! Parveen - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Thanks and best regards, Anoop - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail
RE: Help !!! Tomcat 5.5.7 - cannot start
From: Anoop kumar V [mailto:[EMAIL PROTECTED] Subject: Re: Help !!! Tomcat 5.5.7 - cannot start The jars that have been added to the classpath are shown - ensure that u have catalina.jar or j2ee.jar. Sorry, but that advice is simply wrong and following it can produce serious Tomcat classloading problems. If you are using the standard startup and shutdown scripts supplied with the Tomcat download, the CLASSPATH environment variable is not used. Instead, the scripts set the -cp parameter based on CATALINA_HOME, and the only item that should be specified there is bootstrap.jar from $CATALINA_HOME/bin. Tomcat does not need the j2ee.jar at all, and placing it within the Tomcat environment can cause duplicate class problems with the subset of J2EE that is already included in the Tomcat download. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help !!! Tomcat 5.5.7 - cannot start
From: Parveen Pasha [mailto:[EMAIL PROTECTED] Subject: RE: Help !!! Tomcat 5.5.7 - cannot start The output from catalina.out is : java.lang.ClassNotFoundException: org.apache.catalina.startup.Catalina at java.net.URLClassLoader$1.run(URLClassLoader.java:200) at java.security.AccessController.doPrivileged(Native Method) Does the user doing the shutdown have proper access to the Tomcat files? That particular class comes from catalina.jar in the $CATALINA_HOME/server/lib directory. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
There's a light at the end of this tunnel - I've got it mostly working - via a browser anyway. My previous trivial problem was the imports of the CA and cert signed by that CA needed to be in the opposite order - CA first, then cert - so that keytool would accept the cert. My next, and hopefully last problem is that I can't seem to get the command to install the client cert in the java keystore correct. I tried just a simple keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file client1.pem -alias myalias But with or without this my java client can't connect - tomcat gives a certificate_unknown exception. The instructions I've been using don't mention what to do to get the client cert in the java keystore. They only say: create client cert request have the ca sign it generate a pkcs12 file form it import the pkcs12 into the browser nothing about importing the client cert into the java keystore. Is there some other step I need to perform before/instead of importing the .pem into the cacerts file? - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 9:07 PM Subject: Re: Help with SSL Cert config #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit This is either/or with truststoreFile (which, since you are using 4.1.x, is done with the -Djavax.net.ssl.trustStore=/path/to/trust.store; for TC 3 5 it's configured like keystoreFile). However, you need to trust your CA cert (i.e. -trustcacerts). So if I understand you correctly, I need to add a -trustcacerts flag to the keytool command above that imports the CA cert? And, since I am using 4.1 I do need the -Djavax.net.ssl.trustStore=... in my CATALINA_OPTS because 4.1 doesn't support the truststoreFile= in the Coyote connector? Not trying to be dense (I come by that naturally), just want to be clear. This (and everything I've said before) is assuming that you're using the Coyote Connector. I don't really remember how the (deprecated) Http11Connector works (and don't care enough to look it up :). Assumption correct. # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit It's good practice to import the server CA as well, so that JSSE can send the entire chain, but at this point, I imagine you just want it to work ;-). You can say that again. But, when you say the server CA, which file are you referring to? It's also necessary if you are pointing your truststore to your keystore. I get a 'Failed to establish chain from reply' exception at his point. Since you re-created your CA, you would need to re-import it into your browser. However, I'm guessing that it's because of the lack of trust mentioned above. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate
Re: Help with SSL Cert config
Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey
Re: Help with SSL Cert config
Well I have more info now. I turned on debugging and saw that I'm getting a 'null cert chain' SSLHandshakeException. So, I started from scratch and went through each of my steps one by one and I've apparently got one of them wrong. Now when I do these steps: # Create a private key and certificate request for your own CA: openssl req -new -subj /C=US/ST=New York/L=New York/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit I get a 'Failed to establish chain from reply' exception at his point. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Well I have more info now. I turned on debugging and saw that I'm getting a 'null cert chain' SSLHandshakeException. So, I started from scratch and went through each of my steps one by one and I've apparently got one of them wrong. Now when I do these steps: # Create a private key and certificate request for your own CA: openssl req -new -subj /C=US/ST=New York/L=New York/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit This is either/or with truststoreFile (which, since you are using 4.1.x, is done with the -Djavax.net.ssl.trustStore=/path/to/trust.store; for TC 3 5 it's configured like keystoreFile). However, you need to trust your CA cert (i.e. -trustcacerts). This (and everything I've said before) is assuming that you're using the Coyote Connector. I don't really remember how the (deprecated) Http11Connector works (and don't care enough to look it up :). # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit It's good practice to import the server CA as well, so that JSSE can send the entire chain, but at this point, I imagine you just want it to work ;-). It's also necessary if you are pointing your truststore to your keystore. I get a 'Failed to establish chain from reply' exception at his point. Since you re-created your CA, you would need to re-import it into your browser. However, I'm guessing that it's because of the lack of trust mentioned above. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem
Re: Help with SSL Cert config
#Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit This is either/or with truststoreFile (which, since you are using 4.1.x, is done with the -Djavax.net.ssl.trustStore=/path/to/trust.store; for TC 3 5 it's configured like keystoreFile). However, you need to trust your CA cert (i.e. -trustcacerts). So if I understand you correctly, I need to add a -trustcacerts flag to the keytool command above that imports the CA cert? And, since I am using 4.1 I do need the -Djavax.net.ssl.trustStore=... in my CATALINA_OPTS because 4.1 doesn't support the truststoreFile= in the Coyote connector? Not trying to be dense (I come by that naturally), just want to be clear. This (and everything I've said before) is assuming that you're using the Coyote Connector. I don't really remember how the (deprecated) Http11Connector works (and don't care enough to look it up :). Assumption correct. # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit It's good practice to import the server CA as well, so that JSSE can send the entire chain, but at this point, I imagine you just want it to work ;-). You can say that again. But, when you say the server CA, which file are you referring to? It's also necessary if you are pointing your truststore to your keystore. I get a 'Failed to establish chain from reply' exception at his point. Since you re-created your CA, you would need to re-import it into your browser. However, I'm guessing that it's because of the lack of trust mentioned above. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted
Re: HELP: How the DBCP works ? (and the JMXProxy)
On Wed, 23 Mar 2005 17:40:05 +0100 Lionel Farbos [EMAIL PROTECTED] wrote: Hi all (tomcat 5.5 developers), In my context.xml, I use a DataSource like this : Resource auth=Container name=myDB type=javax.sql.DataSource .../ So, I suppose the dataSource.getConnection() is taken from DataBase Connection Pool... 1- But How do this works ? 2- If all my contexts have their own DataSource, each context have their own Pool ? No response but I suppose there is one pool for each DataSource... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help configure ServletFilter
I would suggest For JSP's,use url-pattern*.jsp/url-pattern. And for Servlets. You could add a common starting name that maps to a servlet path in the container. For instance, let's say all the URLs starting with the path servlets map to some kind of servlet in the container. Now add url-pattern/servlet/*/url-pattern element to your filter. This maps all the servlet paths starting with servlet to be intercepted by your filter. All the Best, Vinod -Original Message- From: Fredrik Liden [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 16, 2005 2:18 PM To: Tomcat Users List Subject: Help configure ServletFilter Does anyone know how to configure a ServletFilter to only respond to JSPs and Servlets? If I set it to everything using * it triggers for all the images as well. Thanks! /Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help getting started
From: brian [mailto:[EMAIL PROTECTED] To get a servelet engine one needs the following apache web server No. Tomcat will work standalone. and tomcat servlet engine ?? Or another engine such as Jetty. But that's heresy on this list ;-). What about J2EE ? Does one need that as well ? Or the servlet engine above (like tomcat) would contain the J2EE as well. J2EE is a collection of different parts. Tomcat provides implementations of some, but not all, of the parts. What do you want J2EE for? Which bits do you want? - Peter - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help getting started
Hi, Yes, and some would say you don't need the Apache web server, since Tomcat can act as a web server too. Tomcat provides an implementation of the Servlet and JSP aspects of the J2EE suite, so if you only need those you're ok. Allistair. -Original Message- From: brian [mailto:[EMAIL PROTECTED] Sent: 15 March 2005 16:27 To: tomcat-user@jakarta.apache.org Subject: Help getting started To get a servelet engine one needs the following apache web server and tomcat servlet engine ?? What about J2EE ? Does one need that as well ? Or the servlet engine above (like tomcat) would contain the J2EE as well. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help getting started
How to install tomcat for linux, http://www.mythic-beasts.com/support/topic_vds_java.html How to make it act like a normal webserver with jsp virtual hosting support, rather than worrying about packaging .war files etc. http://www.ex-parrot.com/~pete/tomcat-vhost.html Hope this helps. Pete On Tue, 15 Mar 2005, Allistair Crossley wrote: Hi, Yes, and some would say you don't need the Apache web server, since Tomcat can act as a web server too. Tomcat provides an implementation of the Servlet and JSP aspects of the J2EE suite, so if you only need those you're ok. Allistair. -Original Message- From: brian [mailto:[EMAIL PROTECTED] Sent: 15 March 2005 16:27 To: tomcat-user@jakarta.apache.org Subject: Help getting started To get a servelet engine one needs the following apache web server and tomcat servlet engine ?? What about J2EE ? Does one need that as well ? Or the servlet engine above (like tomcat) would contain the J2EE as well. __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Pete Stevens [EMAIL PROTECTED] http://www.ex-parrot.com/~pete/ When I read about the evils of drinking, I gave up reading. -- Henny Youngman - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help - Byte [] to String
I think you can do as just below: byte[] buf = x509certificate.getPublicKey().getEncoded(); String s = new String(buf); On Thu, 10 Mar 2005 02:35:03 + (GMT), Sanjeev Srivastava [EMAIL PROTECTED] wrote: Hi All Can anybody tell me how to convert this Byte [] to String.. byte[] buf = x509certificate.getPublicKey().getEncoded(); Please help Thanks, Sanjeev Send instant messages to your online friends http://uk.messenger.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with tomcat on windoze/nfs
How is the drive mapped? By what logged-in windows user? Is it the same user that Tomcat is running as, and are you sure? ;) Mike Curwen -Original Message- From: Randy Paries [mailto:[EMAIL PROTECTED] Sent: Friday, March 04, 2005 3:51 PM To: 'Tomcat Users List' Subject: Help with tomcat on windoze/nfs Hello, I have the unfortunate opportunity of having to set up tomcat on windoze (sorry I am a linux bigot) I have this servlet that has to run a windows program. (that works fine) I have to create a directory on a NFS mount. In my test servlet, I have this snippet of code(see below) If I do /myservlet?dir=c:/ (is see it ok) If I do /myservlet?dir=z:/ (z is a mapped nfs mount, it does not see it) Here is the kicker, I wrote a little class that was basically the same but just a normal Java app, and it see z:/ OK Help??? Thanks === //DIR is a param passed in PrintWriter out = null; res.setContentType(text/html); out = new PrintWriter (res.getOutputStream()); out.println( looking for dir +DIR+BR); File fpath = new File(DIR); out.println(path--+fpath.getAbsolutePath()); if ( !fpath.exists() ){ out.println(Does not exist); }else{ out.println(exist); } out.close(); === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with tomcat on windoze/nfs
On Fri, 4 Mar 2005 15:51:18 -0600, Randy Paries [EMAIL PROTECTED] wrote: Hello, I have the unfortunate opportunity of having to set up tomcat on windoze (sorry I am a linux bigot) I have this servlet that has to run a windows program. (that works fine) I have to create a directory on a NFS mount. From memory no matter what you try a mapped drive won't work but I believe if you use the UNC name ie. \\Server\Share and then run Tomcat under an account that has Network privileges and access to that share so LocalSystem won't be good enough. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help with tomcat on windoze/nfs
I assume the map is ok, since I can run a java app and it works fine, It is only when I call it from a servlet it does not Thanks -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, March 04, 2005 4:15 PM To: 'Tomcat Users List' Subject: RE: Help with tomcat on windoze/nfs How is the drive mapped? By what logged-in windows user? Is it the same user that Tomcat is running as, and are you sure? ;) Mike Curwen -Original Message- From: Randy Paries [mailto:[EMAIL PROTECTED] Sent: Friday, March 04, 2005 3:51 PM To: 'Tomcat Users List' Subject: Help with tomcat on windoze/nfs Hello, I have the unfortunate opportunity of having to set up tomcat on windoze (sorry I am a linux bigot) I have this servlet that has to run a windows program. (that works fine) I have to create a directory on a NFS mount. In my test servlet, I have this snippet of code(see below) If I do /myservlet?dir=c:/ (is see it ok) If I do /myservlet?dir=z:/ (z is a mapped nfs mount, it does not see it) Here is the kicker, I wrote a little class that was basically the same but just a normal Java app, and it see z:/ OK Help??? Thanks === //DIR is a param passed in PrintWriter out = null; res.setContentType(text/html); out = new PrintWriter (res.getOutputStream()); out.println( looking for dir +DIR+BR); File fpath = new File(DIR); out.println(path--+fpath.getAbsolutePath()); if ( !fpath.exists() ){ out.println(Does not exist); }else{ out.println(exist); } out.close(); === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with tomcat on windoze/nfs
How are you starting Tomcat? Doug - Original Message - From: Randy Paries [EMAIL PROTECTED] To: 'Tomcat Users List' tomcat-user@jakarta.apache.org Sent: Friday, March 04, 2005 11:57 PM Subject: RE: Help with tomcat on windoze/nfs I assume the map is ok, since I can run a java app and it works fine, It is only when I call it from a servlet it does not Thanks -Original Message- From: Mike Curwen [mailto:[EMAIL PROTECTED] Sent: Friday, March 04, 2005 4:15 PM To: 'Tomcat Users List' Subject: RE: Help with tomcat on windoze/nfs How is the drive mapped? By what logged-in windows user? Is it the same user that Tomcat is running as, and are you sure? ;) Mike Curwen -Original Message- From: Randy Paries [mailto:[EMAIL PROTECTED] Sent: Friday, March 04, 2005 3:51 PM To: 'Tomcat Users List' Subject: Help with tomcat on windoze/nfs Hello, I have the unfortunate opportunity of having to set up tomcat on windoze (sorry I am a linux bigot) I have this servlet that has to run a windows program. (that works fine) I have to create a directory on a NFS mount. In my test servlet, I have this snippet of code(see below) If I do /myservlet?dir=c:/ (is see it ok) If I do /myservlet?dir=z:/ (z is a mapped nfs mount, it does not see it) Here is the kicker, I wrote a little class that was basically the same but just a normal Java app, and it see z:/ OK Help??? Thanks === //DIR is a param passed in PrintWriter out = null; res.setContentType(text/html); out = new PrintWriter (res.getOutputStream()); out.println( looking for dir +DIR+BR); File fpath = new File(DIR); out.println(path--+fpath.getAbsolutePath()); if ( !fpath.exists() ){ out.println(Does not exist); }else{ out.println(exist); } out.close(); === - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help installing
On Tue, 22 Feb 2005 14:00:14 -0800, Jeanne Case [EMAIL PROTECTED] wrote: I am new to the list and Tomcat. I know this has probably been answered, but I am having trouble finding it in the archives. Is there an installation guide that makes sense some where? Welcome. :) I actually had to scratch my head thinking about if there was such a guide and finally had to do a google to find http://www.coreservlets.com/Apache-Tomcat-Tutorial/ That seems like just what you're after. Although I don't know what they were thinking with all that pink and magenta on the page... Cheers, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help installing
On Tue, 22 Feb 2005, Jeanne Case wrote: I am new to the list and Tomcat. I know this has probably been answered, but I am having trouble finding it in the archives. Is there an installation guide that makes sense some where? I would like some thing with a definition of files, what to edit, what works, how to install from source. I find the documentation on jakarta.apache.org/tomcat to be confusing. Any help is appreciated. If you're installig on a linux machine, we have a brief guide on setting up Tomcat for our virtual linux machine service at http://www.mythic-beasts.com/support/topic_vds_java.html This is designed for low volume simple usage, everything is done directly by Tomcat and there is no challenges with connectors and apache for example. We're in the process of finalising our virtual hosting guide. Hope this helps, Pete Stevens -- Pete Stevens [EMAIL PROTECTED] http://www.ex-parrot.com/~pete/ I'd be a morning person if it didn't start so early in the day. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help installing
Thanks to all for responding. The information I received was much clearer and easier to understand then the apache site! -J.Case Jason Bainbridge wrote: On Tue, 22 Feb 2005 14:00:14 -0800, Jeanne Case [EMAIL PROTECTED] wrote: I am new to the list and Tomcat. I know this has probably been answered, but I am having trouble finding it in the archives. Is there an installation guide that makes sense some where? Welcome. :) I actually had to scratch my head thinking about if there was such a guide and finally had to do a google to find http://www.coreservlets.com/Apache-Tomcat-Tutorial/ That seems like just what you're after. Although I don't know what they were thinking with all that pink and magenta on the page... Cheers, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help installing
Thank you, thank you, thank you! This is exactly what I was hoping for. Something simple and straight forward! -J. Case Pete Stevens wrote: On Tue, 22 Feb 2005, Jeanne Case wrote: I am new to the list and Tomcat. I know this has probably been answered, but I am having trouble finding it in the archives. Is there an installation guide that makes sense some where? I would like some thing with a definition of files, what to edit, what works, how to install from source. I find the documentation on jakarta.apache.org/tomcat to be confusing. Any help is appreciated. If you're installig on a linux machine, we have a brief guide on setting up Tomcat for our virtual linux machine service at http://www.mythic-beasts.com/support/topic_vds_java.html This is designed for low volume simple usage, everything is done directly by Tomcat and there is no challenges with connectors and apache for example. We're in the process of finalising our virtual hosting guide. Hope this helps, Pete Stevens -- Pete Stevens [EMAIL PROTECTED] http://www.ex-parrot.com/~pete/ I'd be a morning person if it didn't start so early in the day. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: help: connecting Tomcat 5.5 to Apache 2.0 with mod_jk 1.2.8 on ISP's server: SOLVED.
Chris: It's working! Thanks a LOT! What you gave me wasn't the full answer, but it let me eliminate a lot of dead-ends and other mistakes I had made. One (of several) problems this helped was that I was using AddModule and not LoadModule, which is also addressed here: http://www.apache.org/~rbowen/presentations/apachecon2004/apache2.0/slide35. html I also put my workers.properties file in the same directory as httpd.conf b/c of something I read somewhere. Not sure if that actually did anything. I found my problem on other sites with no answers, so I'm going to include the relevant parts of my httpd.conf and workers.properties, in case others have a similar situation. Thanks again, Jason Musegraphics.com My setup: leasing a virtual server from olm.net Apache 2.0.50, Tomcat 5.5.4, mod_jk 1.2.8 Relevant parts of my httpd.conf: LoadModule jk_module modules/mod_jk.so #AddModule modk_jk.c JkWorkersFile /etc/httpd/conf/workers.properties JkLogFile /etc/httpd/logs/mod_jk.log JkLogLevel debug JkLogStampFormat [%a %b %d %H:%M] JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat %w %V %T JkMount /examples/* musegraphicsworker JkMount /*.jsp musegraphicsworker VirtualHost 69.94.10.74:80 ServerName www.musegraphics.com ServerAdmin [EMAIL PROTECTED] #DocumentRoot /home/virtual/site1/fst/var/www/html --this was another problem I had. Gotta change this after adding Tomcat to Apache. Seems obvious now. Changed to the following: DocumentRoot /usr/local/tomcat/tomcatCV/webapps/jsp-examples Directory /usr/local/tomcat/tomcatCV/webapps/jsp-examples Allow from all AllowOverride All Order allow,deny /Directory # A lot other stuff here my ISP (olm.net) put in, not included for brevity. /VirtualHost My workers.properties file: # workers.tomcat_home=/usr/local/tomcat/ # workers.java_home should point to your Java installation. workers.java_home=/usr/local/java # You should configure your environment slash... ps=\ on NT and / on UNIX ps=/ #-- workers list worker.list=musegraphicsworker #-- musegraphicsworker DEFINITION- worker.musegraphicsworker.type=ajp13 worker.musegraphicsworker.host=localhost worker.musegraphicsworker.port=8009 worker.musegraphicsworker.lbfactor=50 worker.musegraphicsworker.cachesize=10 worker.musegraphicsworker.cache_timeout=600 worker.musegraphicsworker.socket_timeout=300 worker.musegraphicsworker.socket_keepalive=1 There's quite a bit more but those are the parts I changed out of the already existing (and highly complex) Apache configuration my ISP had in place. Jason - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: help: connecting Tomcat 5.5 to Apache 2.0 with mod_jk 1.2.8 on ISP's server
Try something like this in your httpd.conf: IfDefine HAVE_JK LoadModule jk_module modules/mod_jk.so IfModule mod_jk.c JkWorkerPropertyworker.musegraphicsworker.type=ajp13 JkWorkerPropertyworker.musegraphicsworker.host=127.0.0.1 JkWorkerPropertyworker.musegraphicsworker.port=8011 JkWorkerPropertyworker.list=musegraphicsworker JkMount /*.jsp musegraphicsworker JkLogFile logs/mod_jk.log JkLogLevel debug JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories /IfModule # mod_jk.c /IfDefine # HAVE_JK Make sure to bind the ajp connector to 127.0.0.1 in your server.xml. You don't want to serve requests from anywhere else for obvious reasons. Here's an example: Connector port=8011 address=127.0.0.1 enableLookups=false redirectPort=8443 protocol=AJP/1.3 / Jason Nichols wrote: Hello all: I've been working on installing Tomcat 5.5 with Apache 2.0 for about two weeks now, and I've been stuck with an error for a week. A lot of my difficulty is that I'm working on a leased ISP's server, and am dealing with a complex pre-existing Apache installation. If you can help or tell me about a good source for integrating Apache with Tomcat via mod_jk (other than apache.org google, which I've been using), that would be great. I'm trying to get to the standard Tomcat examples pages. Any help is appreciated. Problem: Apache 2.0.50 running on a (virtual) server, musegraphics.musegraphics.com, leased from an ISP (olm.net). Apache works fine. Installed Tomcat 5.5.4, connecting it to Apache via mod_jk version 1.2.8. When I have this line JkMount /* musegraphicsworker in httpd.conf (actually a file included by httpd.conf) I get the Apache Internal Server Error page. I also get the following in mod_jk.log map_uri_to_worker::jk_uri_worker_map.c (700): Attempting to map URI '/' from 1 maps map_uri_to_worker::jk_uri_worker_map.c (718): Attempting to map context URI '/*' map_uri_to_worker::jk_uri_worker_map.c (755): Found a context match musegraphicsworker - / jk_handler::mod_jk.c (1715): Into handler jakarta-servlet worker=musegraphicsworker r-proxyreq=0 wc_get_worker_for_name::jk_worker.c (92): did not find a worker musegraphicsworker jk_handler::mod_jk.c (1883): Could not find a worker for worker name=musegraphicsworker When I comment it out, Apache works fine, but of course no Tomcat access. Any ideas would be appreciated Jason More info on Stuff I've done: I added these to httpd.conf: LoadModule jk_module modules/mod_jk.so #at the end of the LoadModule's list And I commented out these(put there by my ISP), b/c they seemed to be interfering with mod_jk.so #IfModule mod_jk.c # JkWorkersFile /etc/httpd/conf/workers.properties # IfDefine PROD_SERVER # JkLogFile/var/log/httpd/mod_jk.log # /IfDefine #IfDefine TEST_SERVER # JkLogFile/var/log/httpd-test/mod_jk.log # /IfDefine # JkLogLevel error #/IfModule Here are the lines I added to workers.properties worker.musegraphicsworker.type=ajp13 worker.musegraphicsworker.host=www.musegraphics.com worker.musegraphicsworker.port=8011 worker.musegraphicsworker.cachesize=10 worker.musegraphicsworker.cache_timeout=600 worker.musegraphicsworker.socket_timeout=300 worker.musegraphicsworker.socket_keepalive=1 What I've done to solve it: I've googled a lot, I've also searched this list's archive, found one person with the same problem but no answer. Again, any help would be greatly appreciated. I'm fairly new - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help Required- tomcat doesn't shutdown properly
What your application is doing ?. is there any threads watiing ?. You can have a look at localhost_log in the logs directory for any errors. rgds Antony Paul On Fri, 4 Feb 2005 10:08:09 +0100, Narayan, Satya [EMAIL PROTECTED] wrote: Hi , I am having a weird problem. I have deployed a webapp which basically runs a servlet in tomcat5. I can start and stop using the exe file provided. But when I use the command line version ie when I open a command shell and type catalina.bat start tomcat starts properly in a new shell. But when in the same command shell and I type catalina.bat stop It tries to stop tomcat but doesnot stop it properly and doesnot close the tomcat shell. The last message that appears on the tomcat shell while stopping is Feb 4, 2005 2:35:29 PM org.apache.coyote.http11.Http11Protocol destroy INFO: Stopping Coyote HTTP/1.1 on http-8080 This problem doesn't occur when my webapp is not deployed. Kindly advice as to wht could be wrong.Thanks in advance. Best Regards, Satya - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with JDBC query
I think you put the ) after the end of sql expression. It is not going to make it into a parsed query. One more suggestion - put these fields one per line - it is going to be too hard to debug them this way - they are all on the same line. Best regards, Edmon Begoli Jack Lauman wrote: I'm getting the following error in an insert, the update works fine. Is there a way to get a more informative error message about the error? Does anyone see a syntax error that I missed? I'm using MySQL 4.1.8 and Connector/J 3.0.16. 19:13:20,906 INFO [STDOUT] -SQLException- 19:13:20,906 INFO [STDOUT] SQLState: 42000 19:13:20,921 INFO [STDOUT] Message: Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 19:13:20,921 INFO [STDOUT] Vendor: 1064 19:13:20,937 INFO [STDOUT] descriptiveCopy: sql.setSqlValue(INSERT INTO Restaurant + (Name, Cuisine, ChefsName, Address_1, Address_2, + Neighborhood, City, State, ZIP, Country, + OfficePhone, ReservationPhone, FaxPhone, Email, Web, + HandicappAccess, CreditCards, CostBreakfast, CostLunch, CostDinner, + DressCode, Reservations, NonSmoking, OffStreetParking, OutsideDining, + Banquet, BanquetCapacity, Catering, ServiceTypes, DeliveryService, + LowCarbMenu, ChildMenu, ServesBooze, Entertainment, PhotoURL, + ImageCredit, LogoURL, DescriptiveCopy, AtAGlance, NearBy, + RestaurantOrder, Subscriber, SubscriptionExpired, UserID) + VALUES(?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?); } else { // Update an existing restaurant sql.setSqlValue(UPDATE Restaurant SET + Name = ?, Cuisine = ?, + ChefsName = ?, Address_1 = ?, Address_2 = ?, Neighborhood = ?, City = ?, + State = ?, ZIP = ?, Country = ?, OfficePhone = ?, ReservationPhone = ?, + FaxPhone = ?, Email = ?, Web = ?, HandicappAccess = ?, CreditCards = ?, + CostBreakfast = ?, CostLunch = ?, CostDinner = ?, DressCode = ?, Reservations = ?, + NonSmoking = ?, OffStreetParking = ?, OutsideDining = ?, Banquet = ?, BanquetCapacity = ?, + Catering = ?, ServiceTypes = ?, DeliveryService = ?, LowCarbMenu = ?, ChildMenu = ?, + ServesBooze = ?, Entertainment = ?, PhotoURL = ?, ImageCredit = ?, LogoURL = ?, + DescriptiveCopy = ?, AtAGlance = ?, NearBy = ? + WHERE RestaurantID = ?); } List values = new ArrayList(); values.add(request.getParameter(name)); values.add(request.getParameter(cuisine)); values.add(request.getParameter(chef)); values.add(request.getParameter(address1)); values.add(request.getParameter(address2)); values.add(request.getParameter(neighborhood)); values.add(request.getParameter(city)); values.add(request.getParameter(state)); values.add(request.getParameter(zip)); values.add(request.getParameter(country)); values.add(request.getParameter(officePhone)); values.add(request.getParameter(reservationPhone)); values.add(request.getParameter(fax)); values.add(request.getParameter(email)); values.add(request.getParameter(web)); int access = 0; String param = request.getParameter(access); if(param != null param.equals(on)){ access = 1; } values.add( + access); /** * visa = 1, mc = 2, amex = 4, discover = 8, diners = 16 * other usable id's are: 32, 64 and 128 * * This may have to be changed to accomodate Java 5.0 enum */ int cc = 0; param = request.getParameter(visa); if(param != null param.equals(on)){ cc |= 1; } param = request.getParameter(mastercard); if(param != null param.equals(on)){ cc |= 2; } param = request.getParameter(americanExpress); if(param != null param.equals(on)){ cc |= 4; } param = request.getParameter(discover); if(param != null param.equals(on)){ cc |= 8; } param = request.getParameter(diners); if(param != null param.equals(on)){ cc |= 16; } values.add( + cc); values.add(request.getParameter(costBreakfast)); values.add(request.getParameter(costLunch)); values.add(request.getParameter(costDinner)); values.add(request.getParameter(dressCode)); values.add(request.getParameter(reservations)); int nonSmoking = 0; param = request.getParameter(nonSmoking); if(param != null param.equals(on)){ nonSmoking = 1; } values.add( + nonSmoking); int offStreetParking = 0; param = request.getParameter(offStreetParking); if(param != null param.equals(on)){ offStreetParking = 1; } values.add( + offStreetParking); int outsideDining = 0; param = request.getParameter(outsideDining); if(param != null param.equals(on)){ outsideDining = 1; } values.add( + outsideDining); int banquet = 0; param = request.getParameter(banquet); if(param != null param.equals(on)){ banquet = 1; } values.add( + banquet); values.add(request.getParameter(banquetCapacity)); int catering = 0; param = request.getParameter(catering); if(param != null
Re: Help with JDBC query
Actually you need to add a ) at the end: ?, ?, ?, ?)); Classic case of unmatched bracket. Inner one is for the sql string as per Edmon and outer for your method call sql.setSqlValue( ); Doug - Original Message - From: Edmon Begoli [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Sunday, January 23, 2005 10:36 PM Subject: Re: Help with JDBC query I think you put the ) after the end of sql expression. It is not going to make it into a parsed query. One more suggestion - put these fields one per line - it is going to be too hard to debug them this way - they are all on the same line. Best regards, Edmon Begoli Jack Lauman wrote: I'm getting the following error in an insert, the update works fine. Is there a way to get a more informative error message about the error? Does anyone see a syntax error that I missed? I'm using MySQL 4.1.8 and Connector/J 3.0.16. 19:13:20,906 INFO [STDOUT] -SQLException- 19:13:20,906 INFO [STDOUT] SQLState: 42000 19:13:20,921 INFO [STDOUT] Message: Syntax error or access violation message from server: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 19:13:20,921 INFO [STDOUT] Vendor: 1064 19:13:20,937 INFO [STDOUT] descriptiveCopy: sql.setSqlValue(INSERT INTO Restaurant + (Name, Cuisine, ChefsName, Address_1, Address_2, + Neighborhood, City, State, ZIP, Country, + OfficePhone, ReservationPhone, FaxPhone, Email, Web, + HandicappAccess, CreditCards, CostBreakfast, CostLunch, CostDinner, + DressCode, Reservations, NonSmoking, OffStreetParking, OutsideDining, + Banquet, BanquetCapacity, Catering, ServiceTypes, DeliveryService, + LowCarbMenu, ChildMenu, ServesBooze, Entertainment, PhotoURL, + ImageCredit, LogoURL, DescriptiveCopy, AtAGlance, NearBy, + RestaurantOrder, Subscriber, SubscriptionExpired, UserID) + VALUES(?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?, ?, + ?, ?, ?, ?); } else { // Update an existing restaurant sql.setSqlValue(UPDATE Restaurant SET + Name = ?, Cuisine = ?, + ChefsName = ?, Address_1 = ?, Address_2 = ?, Neighborhood = ?, City = ?, + State = ?, ZIP = ?, Country = ?, OfficePhone = ?, ReservationPhone = ?, + FaxPhone = ?, Email = ?, Web = ?, HandicappAccess = ?, CreditCards = ?, + CostBreakfast = ?, CostLunch = ?, CostDinner = ?, DressCode = ?, Reservations = ?, + NonSmoking = ?, OffStreetParking = ?, OutsideDining = ?, Banquet = ?, BanquetCapacity = ?, + Catering = ?, ServiceTypes = ?, DeliveryService = ?, LowCarbMenu = ?, ChildMenu = ?, + ServesBooze = ?, Entertainment = ?, PhotoURL = ?, ImageCredit = ?, LogoURL = ?, + DescriptiveCopy = ?, AtAGlance = ?, NearBy = ? + WHERE RestaurantID = ?); } List values = new ArrayList(); values.add(request.getParameter(name)); values.add(request.getParameter(cuisine)); values.add(request.getParameter(chef)); values.add(request.getParameter(address1)); values.add(request.getParameter(address2)); values.add(request.getParameter(neighborhood)); values.add(request.getParameter(city)); values.add(request.getParameter(state)); values.add(request.getParameter(zip)); values.add(request.getParameter(country)); values.add(request.getParameter(officePhone)); values.add(request.getParameter(reservationPhone)); values.add(request.getParameter(fax)); values.add(request.getParameter(email)); values.add(request.getParameter(web)); int access = 0; String param = request.getParameter(access); if(param != null param.equals(on)){ access = 1; } values.add( + access); /** * visa = 1, mc = 2, amex = 4, discover = 8, diners = 16 * other usable id's are: 32, 64 and 128 * * This may have to be changed to accomodate Java 5.0 enum */ int cc = 0; param = request.getParameter(visa); if(param != null param.equals(on)){ cc |= 1; } param = request.getParameter(mastercard); if(param != null param.equals(on)){ cc |= 2; } param = request.getParameter(americanExpress); if(param != null param.equals(on)){ cc |= 4; } param = request.getParameter(discover); if(param != null param.equals(on)){ cc |= 8; } param = request.getParameter(diners); if(param != null param.equals(on)){ cc |= 16; } values.add( + cc); values.add(request.getParameter(costBreakfast)); values.add(request.getParameter(costLunch)); values.add(request.getParameter(costDinner)); values.add(request.getParameter(dressCode)); values.add(request.getParameter(reservations)); int nonSmoking = 0; param = request.getParameter(nonSmoking); if(param != null param.equals(on)){ nonSmoking = 1; } values.add( + nonSmoking); int offStreetParking = 0; param = request.getParameter(offStreetParking); if(param != null param.equals(on)){ offStreetParking = 1; } values.add( + offStreetParking); int outsideDining = 0; param
Re: Help: Context.xml Resource difference between 5.0.x and 5.5.x ?
On Mon, 2005-01-17 at 16:57 -0800, TomK wrote: I'm having trouble moving my webapp from Tomcat 5.0 to 5.5. The dataSource in Context.xml seems to be the issue. According to the 'JNDI how-to' documentation for 5.0 and 5.5, it looks like the 'ResourceParams' tag has been removed from the Context.xml and instead you can now supply arbitrary attributes to the Resource tag itself. In 5.0, my Context.xml looked like this and it worked fine: ?xml version=1.0 encoding=UTF-8? Context antiResourceLocking=true docBase=myapp path=/myapp Resource name=jdbc/db1 auth=Container type=oracle.jdbc.pool.OracleDataSource / ResourceParams name=jdbc/db1 parameter namefactory/name valueoracle.jdbc.pool.OracleDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@xx:xx:xx/value /parameter parameter nameuser/name valuexx/value /parameter parameter namepassword/name valuexx/value /parameter /ResourceParams /Context ...note that oracle's factory requires user, not username. Moving to 5.5, I changed it to: ?xml version=1.0 encoding=UTF-8? Context antiResourceLocking=true docBase=myapp path=/myapp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory name=jdbc/db1 password=xxx type=oracle.jdbc.pool.OracleDataSource url=jdbc:oracle:thin:@xx:xx:xx user=xx/ /Context ...this new Context.xml doesn't work. I get the following: javax.naming.NamingException: Cannot create resource instance at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:132) at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source) at org.apache.naming.NamingContext.lookup(NamingContext.java:792) any ideas? Almost seems as if the factory attribute of Resource is not being used. thanks tk_ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help: Context.xml Resource difference between 5.0.x and 5.5.x?
The docs say that the factory parameter is only needed for entries that Tomcat is not aware of. Since you had a special factory(in your old 5.0 context) and not the standard one used by Tomcat you will need to have the factory element in place. See: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/globalresources.html Under Resource Definitions it says: You MUST also define any other needed parameters using attributes on the Resource element, to configure the object factory to be used (if not known to Tomcat already), and the properties used to configure that object factory. And since Oracle does not use the standard factories that are built into Tomcat you will need the parameter for factory. And I could be full of manure and sprouting daisies. But every now and then I get one right. Doug - Original Message - From: Sean M. Duncan [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Monday, January 17, 2005 8:45 PM Subject: Re: Help: Context.xml Resource difference between 5.0.x and 5.5.x? On Mon, 2005-01-17 at 16:57 -0800, TomK wrote: I'm having trouble moving my webapp from Tomcat 5.0 to 5.5. The dataSource in Context.xml seems to be the issue. According to the 'JNDI how-to' documentation for 5.0 and 5.5, it looks like the 'ResourceParams' tag has been removed from the Context.xml and instead you can now supply arbitrary attributes to the Resource tag itself. In 5.0, my Context.xml looked like this and it worked fine: ?xml version=1.0 encoding=UTF-8? Context antiResourceLocking=true docBase=myapp path=/myapp Resource name=jdbc/db1 auth=Container type=oracle.jdbc.pool.OracleDataSource / ResourceParams name=jdbc/db1 parameter namefactory/name valueoracle.jdbc.pool.OracleDataSourceFactory/value /parameter parameter namedriverClassName/name valueoracle.jdbc.driver.OracleDriver/value /parameter parameter nameurl/name valuejdbc:oracle:thin:@xx:xx:xx/value /parameter parameter nameuser/name valuexx/value /parameter parameter namepassword/name valuexx/value /parameter /ResourceParams /Context ...note that oracle's factory requires user, not username. Moving to 5.5, I changed it to: ?xml version=1.0 encoding=UTF-8? Context antiResourceLocking=true docBase=myapp path=/myapp Resource auth=Container driverClassName=oracle.jdbc.driver.OracleDriver factory=oracle.jdbc.pool.OracleDataSourceFactory name=jdbc/db1 password=xxx type=oracle.jdbc.pool.OracleDataSource url=jdbc:oracle:thin:@xx:xx:xx user=xx/ /Context ...this new Context.xml doesn't work. I get the following: javax.naming.NamingException: Cannot create resource instance at org.apache.naming.factory.ResourceFactory.getObjectInstance(ResourceFactory.java:132) at javax.naming.spi.NamingManager.getObjectInstance(Unknown Source) at org.apache.naming.NamingContext.lookup(NamingContext.java:792) any ideas? Almost seems as if the factory attribute of Resource is not being used. thanks tk_ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help me off this list!
I think you must receive and send a confirmation reply if you want to subscribe or unsubscribe... aris -Original Message- From: TK Banks [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 15, 2004 3:56 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Help me off this list! No matter how many times I send mail to [EMAIL PROTECTED] I continue to be flooded with tomcat-user mail. Months ago I wanted to post a question to this list and found I couldn't do so unless I joined the list. So, grudgingly, I joined, posted my question and immediately unsubscribed. I checked my mail again days later to find I had gazillions of emails queued up. Since that time I've been periodically sending requests to unsubscribe and have had no success. Was there some fine print I missed that said I had to join for at least a year? __ Do you Yahoo!? Send holiday email and support a worthy cause. Do good. http://celebrity.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help me off this list!
you should send your unsubscribe from the same mail account as you subscribed with. you will then get an email from the mailing list bot (even if you are not on the list) telling you what to do. if you are not receiving those messages perhaps you ought to check your isp's email filters, or maybe your own junk mail settings, perhaps they are getting eaten. these messages have confirmation URLs to confirm you want the unsubscribe. Allistair. -Original Message- From: TK Banks [mailto:[EMAIL PROTECTED] Sent: 15 December 2004 07:56 To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Help me off this list! No matter how many times I send mail to [EMAIL PROTECTED] I continue to be flooded with tomcat-user mail. Months ago I wanted to post a question to this list and found I couldn't do so unless I joined the list. So, grudgingly, I joined, posted my question and immediately unsubscribed. I checked my mail again days later to find I had gazillions of emails queued up. Since that time I've been periodically sending requests to unsubscribe and have had no success. Was there some fine print I missed that said I had to join for at least a year? __ Do you Yahoo!? Send holiday email and support a worthy cause. Do good. http://celebrity.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help me off this list!
Actually, I have been in same situation for 2 years. I was not able to unsubscribe myself. htmlDIVnbsp;/DIV/html Original Message Follows From: TK Banks lt;[EMAIL PROTECTED]gt; Reply-To: quot;Tomcat Users Listquot; lt;[EMAIL PROTECTED]gt; To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Help me off this list! Date: Tue, 14 Dec 2004 23:55:40 -0800 (PST) No matter how many times I send mail to [EMAIL PROTECTED] I continue to be flooded with tomcat-user mail. Months ago I wanted to post a question to this list and found I couldn't do so unless I joined the list. So, grudgingly, I joined, posted my question and immediately unsubscribed. I checked my mail again days later to find I had gazillions of emails queued up. Since that time I've been periodically sending requests to unsubscribe and have had no success. Was there some fine print I missed that said I had to join for at least a year? __ Do you Yahoo!? Send holiday email and support a worthy cause. Do good. http://celebrity.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help me off this list!
Did you try to unsubscribe using a different address than the one you signed up with? You can start a subscription for an alternate address, for example [EMAIL PROTECTED], just add a hyphen and your address (with '=' instead of '@') after the command word: [EMAIL PROTECTED] To stop subscription for this address, mail: [EMAIL PROTECTED] On Wed, 2004-12-15 at 17:47, Leland Chen wrote: Actually, I have been in same situation for 2 years. I was not able to unsubscribe myself. htmlDIVnbsp;/DIV/html Original Message Follows From: TK Banks lt;[EMAIL PROTECTED]gt; Reply-To: quot;Tomcat Users Listquot; lt;[EMAIL PROTECTED]gt; To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Help me off this list! Date: Tue, 14 Dec 2004 23:55:40 -0800 (PST) No matter how many times I send mail to [EMAIL PROTECTED] I continue to be flooded with tomcat-user mail. Months ago I wanted to post a question to this list and found I couldn't do so unless I joined the list. So, grudgingly, I joined, posted my question and immediately unsubscribed. I checked my mail again days later to find I had gazillions of emails queued up. Since that time I've been periodically sending requests to unsubscribe and have had no success. Was there some fine print I missed that said I had to join for at least a year? __ Do you Yahoo!? Send holiday email and support a worthy cause. Do good. http://celebrity.mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help me off this list!
-Original Message- From: TK Banks [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 15, 2004 7:56 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Help me off this list! No matter how many times I send mail to [EMAIL PROTECTED] I continue to be flooded with tomcat-user mail. Months ago I wanted to post a question to this list and found I couldn't do so unless I joined the list. So, grudgingly, I joined, posted my question and immediately unsubscribed. I checked my mail again days later to find I had gazillions of emails queued up. Since that time I've been periodically sending requests to unsubscribe and have had no success. Was there some fine print I missed that said I had to join for at least a year? No. But there was plenty of not so fine print pointing you towards tomcat-user-owner if you had any problems ;) I have just unsubscribed you from the list. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
You don't need IIS to get rid of 8080. You need to shut down IIS and reconfigure server.xml to put tomcat on port 80. However, if you get rid of IIS, you can't possibly have domain login unless you want to write your own NTLM realm. -Original Message- From: Aris Javier [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 10:25 PM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client but where to type [EMAIL PROTECTED] or foo\domain in linux? sorry im a newbie in linux... thanks! aris -Original Message- From: Benson Margulies [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 10:12 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client The user can type [EMAIL PROTECTED] in as their user name to the basic auth box, and their domain password, or foo\domain. And then the IIS will cheerfully authenticate them to the domain. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
Now you have to turn on security in Tomcat. If you want to talk to the AD for this purpose, well, lots of luck. You will need a custom realm or to implement this by hand in your servlets. Once you have security enabled at all, the browser (on Linux or wherever) will pop up a 'basic auth' dialog, and the user can type in a domain-qualified name. Unless you want to use forms authentication, for which there are some packages that someone else can help you with. -Original Message- From: Aris Javier [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 12:10 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client Thanks! I've got Tomcat to work on port 80 with IIS service disabled! The problem now is request.getRemoteUser() returns NULL? Before, when I'm integrating it with IIS, request.getRemoteUser() returns the login name of the user... I need to get the user's domain login name... afterwhich, I will use that login name to verify in Active Directory if he/she exists... you mentioned a login box appears when I hit a site with security...? how to make my site secured then? So sorry to cause you too much trouble.. im the only java programmer here.. =| Thanks again! aris -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 12:34 PM To: Tomcat Users List Subject: Re: Help: Windows Server on Linux Client 1. Is IIS shutdown (Stop the service and disable it)? 2. Is Tomcat up and running? 3. http://localhost returns what? If you get the default start page there is a link to the manager. As for the login Benson is speaking of the authentication (login) box that appears when you hit a site with security. Doug - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 11:16 PM Subject: RE: Help: Windows Server on Linux Client thanks Chuck! I've changed my server.xml to port 80 and disconnected IIS... but page cannot be displayed appeared...? http://server/myApp then, how to go to Tomcat web manager? http://server:80? aris -Original Message- From: Caldarale, Charles R [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 11:51 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client From: Aris Javier [mailto:[EMAIL PROTECTED] Subject: RE: Help: Windows Server on Linux Client if I will not use IIS, how to remove 8080 in URL then? Tomcat's HTTP connector is configured in server.xml. By default, Tomcat ships with the port number set to 8080 so you can test without interfering with any HTTP server you might already have installed. Once you're ready to put Tomcat in production, change the 8080 in server.xml to 80. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
Hello! I already enabled Anonymous Access but to no success... =| I think the problem is in IIS ? because http://server:8080/myApp is working in linux but request.getRemoteUser() is null... well ofcourse, the user did not login inside the domain... how can a linux user login inside the domain? If I make use of realm, the problem is solved but my URL includes 8080 port number? I want to make 8080 disappear in linux... http 401 authentication problem occurs if I use http://server/myApp... still I cannot make use of realm because how to know I the client is using linux? Thanks! -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 11:55 AM To: Tomcat Users List Subject: Re: Help: Windows Server on Linux Client Aris, Do want the only people that use the app to be domain users? If so, then you will need to implement a different security system if users will be on non windows machines. One option is the authentication roles in Tomcat. Down side is that the database of users will have to be maintained separate from AD. Pro is the users do not have to be in AD. JDBCRealm Check out: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html Also look at: http://jakarta.apache.org/tomcat/faq/windows.html If you do not need to restrict the access to the application then enable the Anonymous access. Doug www.parsonstechnical.com - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, December 05, 2004 9:19 PM Subject: RE: Help: Windows Server on Linux Client Thanks for your reply Brad! Inside IIS (myApp virtual directory), I have disabled Anonymous access and checked integrated windows authentication... myApp gets the user domain login name first and verify in active directory if the user exists... if the user exists, then myApp will work.. if in linux, should I enable anonymous access ? I will also try url with 8080 port included and see if it works in linux... http://localhost:8080/myApp -Original Message- From: Brad Cobb [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 10:06 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client Hi, The server is Windows 2k (development pc) running tomcat 5.0.27 using jk2 connector to run on IIS... my web apps don't have problems on windows client... I would be looking at your IIS permissions. Are you using 'Anonymous Access' in IIS? It sounds like your Windows clients are actually authenticating under a domain account - not using the same Anonymous Access that Linux will try to use by default. If so, have you allocated the IUSR_servername account to your webapps directory through Windows Explorer? To confirm this - try un-integrating with IIS (temporarily) and see if the problem still happens. If not, then you know it's not a Tomcat issue. Brad Cobb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
The user can type [EMAIL PROTECTED] in as their user name to the basic auth box, and their domain password, or foo\domain. And then the IIS will cheerfully authenticate them to the domain. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help: Windows Server on Linux Client
With the Anonymous Access disabled, did it prompt for a login on Linux machines? If yes, then Benson has you covered. If not, then can you use Tomcat without IIS? Is there something that has to run on IIS? As for the JDBCRealm, it does not matter what the client is. Doug - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 8:51 PM Subject: RE: Help: Windows Server on Linux Client Hello! I already enabled Anonymous Access but to no success... =| I think the problem is in IIS ? because http://server:8080/myApp is working in linux but request.getRemoteUser() is null... well ofcourse, the user did not login inside the domain... how can a linux user login inside the domain? If I make use of realm, the problem is solved but my URL includes 8080 port number? I want to make 8080 disappear in linux... http 401 authentication problem occurs if I use http://server/myApp... still I cannot make use of realm because how to know I the client is using linux? Thanks! -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 11:55 AM To: Tomcat Users List Subject: Re: Help: Windows Server on Linux Client Aris, Do want the only people that use the app to be domain users? If so, then you will need to implement a different security system if users will be on non windows machines. One option is the authentication roles in Tomcat. Down side is that the database of users will have to be maintained separate from AD. Pro is the users do not have to be in AD. JDBCRealm Check out: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html Also look at: http://jakarta.apache.org/tomcat/faq/windows.html If you do not need to restrict the access to the application then enable the Anonymous access. Doug www.parsonstechnical.com - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, December 05, 2004 9:19 PM Subject: RE: Help: Windows Server on Linux Client Thanks for your reply Brad! Inside IIS (myApp virtual directory), I have disabled Anonymous access and checked integrated windows authentication... myApp gets the user domain login name first and verify in active directory if the user exists... if the user exists, then myApp will work.. if in linux, should I enable anonymous access ? I will also try url with 8080 port included and see if it works in linux... http://localhost:8080/myApp -Original Message- From: Brad Cobb [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 10:06 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client Hi, The server is Windows 2k (development pc) running tomcat 5.0.27 using jk2 connector to run on IIS... my web apps don't have problems on windows client... I would be looking at your IIS permissions. Are you using 'Anonymous Access' in IIS? It sounds like your Windows clients are actually authenticating under a domain account - not using the same Anonymous Access that Linux will try to use by default. If so, have you allocated the IUSR_servername account to your webapps directory through Windows Explorer? To confirm this - try un-integrating with IIS (temporarily) and see if the problem still happens. If not, then you know it's not a Tomcat issue. Brad Cobb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
im just using IIS to remove 8080 port number... with the help of jk2 connector... if I will not use IIS, how to remove 8080 in URL then? thanks! -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 10:20 AM To: Tomcat Users List Subject: Re: Help: Windows Server on Linux Client With the Anonymous Access disabled, did it prompt for a login on Linux machines? If yes, then Benson has you covered. If not, then can you use Tomcat without IIS? Is there something that has to run on IIS? As for the JDBCRealm, it does not matter what the client is. Doug - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, December 07, 2004 8:51 PM Subject: RE: Help: Windows Server on Linux Client Hello! I already enabled Anonymous Access but to no success... =| I think the problem is in IIS ? because http://server:8080/myApp is working in linux but request.getRemoteUser() is null... well ofcourse, the user did not login inside the domain... how can a linux user login inside the domain? If I make use of realm, the problem is solved but my URL includes 8080 port number? I want to make 8080 disappear in linux... http 401 authentication problem occurs if I use http://server/myApp... still I cannot make use of realm because how to know I the client is using linux? Thanks! -Original Message- From: Parsons Technical Services [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 11:55 AM To: Tomcat Users List Subject: Re: Help: Windows Server on Linux Client Aris, Do want the only people that use the app to be domain users? If so, then you will need to implement a different security system if users will be on non windows machines. One option is the authentication roles in Tomcat. Down side is that the database of users will have to be maintained separate from AD. Pro is the users do not have to be in AD. JDBCRealm Check out: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/realm-howto.html Also look at: http://jakarta.apache.org/tomcat/faq/windows.html If you do not need to restrict the access to the application then enable the Anonymous access. Doug www.parsonstechnical.com - Original Message - From: Aris Javier [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, December 05, 2004 9:19 PM Subject: RE: Help: Windows Server on Linux Client Thanks for your reply Brad! Inside IIS (myApp virtual directory), I have disabled Anonymous access and checked integrated windows authentication... myApp gets the user domain login name first and verify in active directory if the user exists... if the user exists, then myApp will work.. if in linux, should I enable anonymous access ? I will also try url with 8080 port included and see if it works in linux... http://localhost:8080/myApp -Original Message- From: Brad Cobb [mailto:[EMAIL PROTECTED] Sent: Monday, December 06, 2004 10:06 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client Hi, The server is Windows 2k (development pc) running tomcat 5.0.27 using jk2 connector to run on IIS... my web apps don't have problems on windows client... I would be looking at your IIS permissions. Are you using 'Anonymous Access' in IIS? It sounds like your Windows clients are actually authenticating under a domain account - not using the same Anonymous Access that Linux will try to use by default. If so, have you allocated the IUSR_servername account to your webapps directory through Windows Explorer? To confirm this - try un-integrating with IIS (temporarily) and see if the problem still happens. If not, then you know it's not a Tomcat issue. Brad Cobb - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Help: Windows Server on Linux Client
but where to type [EMAIL PROTECTED] or foo\domain in linux? sorry im a newbie in linux... thanks! aris -Original Message- From: Benson Margulies [mailto:[EMAIL PROTECTED] Sent: Wednesday, December 08, 2004 10:12 AM To: Tomcat Users List Subject: RE: Help: Windows Server on Linux Client The user can type [EMAIL PROTECTED] in as their user name to the basic auth box, and their domain password, or foo\domain. And then the IIS will cheerfully authenticate them to the domain. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]