Re: Problems with ImageIO custom service providers with Tomcat = 6.0.24
Ciao Mark, thanks for your answer. The short explanation is the one I gave It looks like that ImageIO additional service providers are not loaded anymore at runtime via the standard jar META-INF/services mechanism. Longer explanation is as follows. ImageIO allows to define additional readers/writers by means of the javax ServiceRegistry/IIORegistry mechanism: this mechanism basically requires that we put complete classnames for the service strategies we have defined for a certain interface inside a text file whose name is the complete classname of the interface, e.g. javax.imageio.spi.ImageInputStreamSpi. Does this make sense? Simone. --- Ing. Simone Giannecchini GeoSolutions S.A.S. Founder - Software Engineer Via Carignoni 51 55041 Camaiore (LU) Italy phone: +39 0584983027 fax: +39 0584983027 mob:+39 333 8128928 http://www.geo-solutions.it http://geo-solutions.blogspot.com/ http://www.linkedin.com/in/simonegiannecchini http://twitter.com/simogeo --- On Tue, Mar 30, 2010 at 1:31 AM, Mark Thomas ma...@apache.org wrote: On 30/03/2010 00:21, Simone Giannecchini wrote: Ciao, long story short, in an OS geospatial project that we maintain we are experiencing problems when deploying on Tomcat = 6.0.24 due to the latest permgen fixes ( I guess). Define problems. What? When? It looks like that ImageIO additional service providers are not loaded anymore at runtime via the standard jar META-INF/services mechanism. Any hints for putting together a workaround? How about some hints on what problem you are seeing. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
No WWW-Authenticate header sent when error-page 401 is configured
Hi, I'm trying to get digest authentication working on Tomcat 5.5.23. I got it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat 5.5.23, because there no WWW-Authenticate header is sent. I figured out that it will work if I remove error-page 401 configuration from my web.xml. What's the reason? Regards, Nick
Re: Problems with ImageIO custom service providers with Tomcat = 6.0.24
On 30/03/2010 08:03, Simone Giannecchini wrote: Ciao Mark, thanks for your answer. The short explanation is the one I gave It looks like that ImageIO additional service providers are not loaded anymore at runtime via the standard jar META-INF/services mechanism. Longer explanation is as follows. ImageIO allows to define additional readers/writers by means of the javax ServiceRegistry/IIORegistry mechanism: this mechanism basically requires that we put complete classnames for the service strategies we have defined for a certain interface inside a text file whose name is the complete classname of the interface, e.g. javax.imageio.spi.ImageInputStreamSpi. Does this make sense? That makes sense but doesn't tell me anything I didn't already know. Still no info on when you see this issue. All the time? Just on reload? Randomly? Still no info on where these JARs are located. In a WAR, in CATALINA_HOME/lib, somewhere else? Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Problems with ImageIO custom service providers with Tomcat = 6.0.24
On Tue, Mar 30, 2010 at 9:41 AM, Mark Thomas ma...@apache.org wrote: On 30/03/2010 08:03, Simone Giannecchini wrote: Ciao Mark, thanks for your answer. The short explanation is the one I gave It looks like that ImageIO additional service providers are not loaded anymore at runtime via the standard jar META-INF/services mechanism. Longer explanation is as follows. ImageIO allows to define additional readers/writers by means of the javax ServiceRegistry/IIORegistry mechanism: this mechanism basically requires that we put complete classnames for the service strategies we have defined for a certain interface inside a text file whose name is the complete classname of the interface, e.g. javax.imageio.spi.ImageInputStreamSpi. Does this make sense? That makes sense but doesn't tell me anything I didn't already know. Still no info on when you see this issue. All the time? Just on reload? Randomly? The webapp I am talking about is a GeoSpatial server called GeoServer. At startup my own SPI implementations are not registered anymore in the IIORegistry. Still no info on where these JARs are located. In a WAR, in CATALINA_HOME/lib, somewhere else? Libs are inside WEB-INF/lib of GeoServer WAR. Thx, Simone. Mark - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
Hi, How to install tomcat 6.0.X in IBM P series box running with RHEL 5. I see rpms available only for tomacat 5.x. Environment: Machine: IBM P series OS:RHEL 5.0 Java version: Java 1.6 Any help is appreciated. Thanks, Ratnavel.
Re: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
1st need to define JAVA_HOME , and better u download tomcat from tomcat website. then confugure it Run it. On Tue, Mar 30, 2010 at 5:48 PM, Ratnavel Sundaramurthi ratnavel.sundaramur...@aspiresys.com wrote: Hi, How to install tomcat 6.0.X in IBM P series box running with RHEL 5. I see rpms available only for tomacat 5.x. Environment: Machine: IBM P series OS:RHEL 5.0 Java version: Java 1.6 Any help is appreciated. Thanks, Ratnavel. -- Regards Partha Goswami
Re: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
Ratnavel Sundaramurthi wrote: Hi, How to install tomcat 6.0.X in IBM P series box running with RHEL 5. I see rpms available only for tomacat 5.x. Environment: Machine: IBM P series OS:RHEL 5.0 Java version: Java 1.6 Any help is appreciated. Hi. 1) If you want a package usable with the RedHat package management tools, then you are stuck with whatever versions RedHat makes available for your version of RHEL. (And they are always a few versions behind the latest available Tomcat). 2) Otherwise, you can download the latest Tomcat version from the official Tomcat website at http://tomcat.apache.org, and install it following the instructions found on that same website. (And you should anyway first install a reasonable Java JVM 1.6 before Tomcat; usually people here do not consider the OpenJDK JVM as reasonable for Tomcat). The advantage of option (2) is that you have the latest bestest Tomcat, and that it will be easier for people on this forum to help you with it, because it installs Tomcat and Tomcat files is a known location and configuration. A disadvantage of option (2) may be that your sysadmins will probably not support it, as it is not the official RHEL version which they know and love. Another disadvantage, is that you will probably have to create yourself the system startup/stop scripts for your Tomcat server, if you intend to run it as a daemon. A disadvantage of option (1), is that these packages usually put the Tomcat files all over the place, with millions of symlinks to tie it all together again. So if you have a problem, it is more difficult for people here to figure out what happens. But then of course there is always the RedHat hotline.. My own subjective (but practical) recommendation : If you are knowledgeable about your OS, system startup scripts etc.., then use the latest version from the Tomcat website. (Tomcat by itself is not complicated to install and run, but it is these surrounding system aspects that will give you work). If not, then use the RedHat packaged version if you can live with it, because it will install out of the box. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5 (And you should anyway first install a reasonable Java JVM 1.6 before Tomcat; usually people here do not consider the OpenJDK JVM as reasonable for Tomcat). Actually, OpenJDK (which comes from what used be known as Sun) is probably ok; it's the GNU JVM that is pretty awful. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Proposal : Enhancing docs for RemoteIpValve and RemoteIpFilter
Dear all, I would be very happy to enhance the docs of the RemoteIpValve (1) and the RemoteIpFilter (2) if the project is interested. I was thinking about adding sample to explain * the difference between the internal proxies list and the trusted proxies list, * how to handle https requests with x-forwarded-proto header, * what are the values of x-forwarded-for and x-forwarded-by headers Many samples are already available in the javadocs (3), I would be very happy to adapt them to the docs. Please let me know if this proposal is interesting. Cyrille -- Cyrille Le Clerc clecl...@xebia.fr (1) http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote IP Valve (2) will be available in Tomcat 7 in /config/filter.html (3) http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat login
Stéphanie Cettou wrote: Hi, I use Tomcat 5.5. I have a JSP application. The login is implemented with database. Realm className=org.apache.catalina.realm.JDBCRealm . I need to increase the security. I want that the user have only 3 retry for the login, the user must change the password every months, I need a password policy (8 char, Maj and min,...). How I can implement this? I think to use active directory, but I can't manage user and passwords directly with tomcat, or yes? Hi Stéphanie. Maybe as an alternative.. If you mention Active Directory, does that mean that all your Tomcat users are working on MS Windows workstations, and login to a Windows domain before they call up the browser and access your Tomcat-based applications ? I am asking because if that is the case, then there exist solutions which would allow your users to not even have to login (to your Tomcat applications), and will automatically use their Windows domain user-id for Tomcat. And the management of users and passwords is then left to the AD system, and you get a Single-Sign-On solution at the same time. This scenario may or may not fit your needs, but if it does, it may be a big simplification for you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat login
Hi André, thank you very much for your fast answer. No, not all user have an active directory account (or yes but in 3 different emplacement...). And the web site must to be accessible everytime from anywhere... My idea is to use a new active directory only to manage user and password...the problem is to manage it from the web site... But, if there are an alternative, for me is ok. There are an other solution? Thanks, Stéphanie 2010/3/30 André Warnier a...@ice-sa.com: Stéphanie Cettou wrote: Hi, I use Tomcat 5.5. I have a JSP application. The login is implemented with database. Realm className=org.apache.catalina.realm.JDBCRealm . I need to increase the security. I want that the user have only 3 retry for the login, the user must change the password every months, I need a password policy (8 char, Maj and min,...). How I can implement this? I think to use active directory, but I can't manage user and passwords directly with tomcat, or yes? Hi Stéphanie. Maybe as an alternative.. If you mention Active Directory, does that mean that all your Tomcat users are working on MS Windows workstations, and login to a Windows domain before they call up the browser and access your Tomcat-based applications ? I am asking because if that is the case, then there exist solutions which would allow your users to not even have to login (to your Tomcat applications), and will automatically use their Windows domain user-id for Tomcat. And the management of users and passwords is then left to the AD system, and you get a Single-Sign-On solution at the same time. This scenario may or may not fit your needs, but if it does, it may be a big simplification for you. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Virtualization (Xen, vmware) + Tomcat
Hi, We have a lot of server using virtualization (xen source) and we have a lot of problem with tomcat. Tomcat process seems to stop responding after undetermined time and write in loop this in the catalina.out: Error occurred during initialization of VM Could not reserve enough space for object heap The servers has 32 gig of ram so it's not the ram that is in need. We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Thank you. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Tomcat login
From: Stéphanie Cettou [mailto:s.cet...@gmail.com] Subject: Re: Tomcat login There are an other solution? Best if you can upgrade to Tomcat 6 (usually very easy to do from 5.5), and then use the CombinedRealm in conjunction with the JNDIRealm and LockOutRealm: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#CombinedRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#LockOutRealm You always create a custom Realm to extend the capabilities of the above. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Virtualization (Xen, vmware) + Tomcat
From: Eric Laflamme [mailto:elafla...@iweb.com] Subject: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap That would indicate you're not allocating enough virtualized memory to the virtual server - that's your configuration error in Xen or VMware, nothing to do with Tomcat. The servers has 32 gig of ram so it's not the ram that is in need. The amount of RAM is irrelevant, other than as a performance constraint. tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M Giving the JVM 1 GB of heap space will likely require at least 2 GB of memory for the virtual machine. Again, it's your virtual machine configuration that's inadequate, not anything you're doing with Tomcat. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
There are two uses of virtual machine here. I'll distinguish the Java virtual machine and the Xen virtual machine. On 30 March 2010 16:29, Eric Laflamme elafla...@iweb.com wrote: We have a lot of server using virtualization (xen source) and we have a lot of problem with tomcat. Tomcat process seems to stop responding after undetermined time and write in loop this in the catalina.out: Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Is Tomcat running inside a Xen VM? If so, how much memory is allocated to the Xen VM? The servers has 32 gig of ram so it's not the ram that is in need. *Which* server? The host for your Xen virtual machines, or a particular Xen virtual machine? We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Keep -Xms and -Xmx the same. If you do that, Java will allocate all the heap as it starts. You will either get a failure at startup (which is easier to deal with) or the heap memory will be allocated. As you have found, allowing Java to grow its heap while it is running causes problems when another process is using memory. - Peter
RE: Virtualization (Xen, vmware) + Tomcat
From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Actually, that's the JVM trying to allocate the *initial* space for the heap, not extend it. There hasn't been any attempt to load and run Tomcat yet. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
Hi Peter, Thank you for you answer.. Le 2010-03-30 à 11:37, Peter Crowther a écrit : There are two uses of virtual machine here. I'll distinguish the Java virtual machine and the Xen virtual machine. Yes, I'm talking more of Xen VM. On 30 March 2010 16:29, Eric Laflamme elafla...@iweb.com wrote: We have a lot of server using virtualization (xen source) and we have a lot of problem with tomcat. Tomcat process seems to stop responding after undetermined time and write in loop this in the catalina.out: Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Is Tomcat running inside a Xen VM? If so, how much memory is allocated to the Xen VM? Yes Tomcat is running inside the VM and is, by the way, a cPanel. The servers has 32 gig of ram so it's not the ram that is in need. *Which* server? The host for your Xen virtual machines, or a particular Xen virtual machine? The host have 32 gig of ram but we allocated all of them to the only vm running. So tomcat is running in a vm that have 32 gig of ram. We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Keep -Xms and -Xmx the same. If you do that, Java will allocate all the heap as it starts. You will either get a failure at startup (which is easier to deal with) or the heap memory will be allocated. We try all kind of allocation and the problem isn't showing at startup.. It happen only after few hours. If this can help, it can happen on a server that doesn't contain any data.. A fresh install of Cpanel and after few hours, it can happen.. As you have found, allowing Java to grow its heap while it is running causes problems when another process is using memory. - Peter I always restart tomcat when adding heap memory.. Thank you. Eric L. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Proposal : Enhancing docs for RemoteIpValve and RemoteIpFilter
simply open a bugzilla ticket and attach your patch there Filpi On 03/30/2010 09:02 AM, Cyrille Le Clerc wrote: Dear all, I would be very happy to enhance the docs of the RemoteIpValve (1) and the RemoteIpFilter (2) if the project is interested. I was thinking about adding sample to explain * the difference between the internal proxies list and the trusted proxies list, * how to handle https requests with x-forwarded-proto header, * what are the values of x-forwarded-for and x-forwarded-by headers Many samples are already available in the javadocs (3), I would be very happy to adapt them to the docs. Please let me know if this proposal is interesting. Cyrille -- Cyrille Le Clerc clecl...@xebia.fr (1) http://tomcat.apache.org/tomcat-6.0-doc/config/valve.html#Remote IP Valve (2) will be available in Tomcat 7 in /config/filter.html (3) http://tomcat.apache.org/tomcat-6.0-doc/api/org/apache/catalina/valves/RemoteIpValve.html - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
On 30 March 2010 16:45, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Actually, that's the JVM trying to allocate the *initial* space for the heap, not extend it. There hasn't been any attempt to load and run Tomcat yet. My mistake. In that case, if Eric's seeing lots of those in the log files, it implies that the JVM intended to host Tomcat is repeatedly failing to start and some other process is repeatedly trying to start Tomcat. Eric, could you tell us more about your statement that Tomcat is running inside the VM and is, by the way, a cPanel? - What operating system? - What version of Tomcat? - Did you download the Tomcat directly from http://tomcat.apache.org, or was it packaged with some third-party software? In particular, if it's a version of Tomcat that was packaged with cPanel, you may well be better asking them about the issue. - Peter
Re: Tomcat login
I will get the issue list, because I think that with Tomcat 6 I can't do all..(But I don't know Tomcat) - Get more roles at an user (my code is ready for a JDBCRealm login) * read/modify pages and object - Check type of password (more that 8 char, special char,...) - Ask new password every month (from the web site) - Block the user after 3 failed login - Block inactive user (ex after 90 days) - (ev. Single-Sing-On for some users, but I think not possible with more active directory) not Mandatory - Add/modify/delete user from web site I can do it with Tomcat 6 update? how? Or it exist others solution / applications? thanks, Stéphanie 2010/3/30 Caldarale, Charles R chuck.caldar...@unisys.com: From: Stéphanie Cettou [mailto:s.cet...@gmail.com] Subject: Re: Tomcat login There are an other solution? Best if you can upgrade to Tomcat 6 (usually very easy to do from 5.5), and then use the CombinedRealm in conjunction with the JNDIRealm and LockOutRealm: http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#CombinedRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#JNDIRealm http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html#LockOutRealm You always create a custom Realm to extend the capabilities of the above. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
Eric Laflamme wrote: ... We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Keep -Xms and -Xmx the same. If you do that, Java will allocate all the heap as it starts. You will either get a failure at startup (which is easier to deal with) or the heap memory will be allocated. We try all kind of allocation and the problem isn't showing at startup.. It happen only after few hours. If this can help, it can happen on a server that doesn't contain any data.. A fresh install of Cpanel and after few hours, it can happen.. As you have found, allowing Java to grow its heap while it is running causes problems when another process is using memory. - Peter I always restart tomcat when adding heap memory.. Independently of the rest of the issue, I think that what Peter was telling you, is to use for example : -Xms1024M -Xmx1024M In other words, keep these two parameters equal. That will cause the JVM to allocate the 1024M to the heap right at the beginning, and keep the heap always at the same size. Otherwise : 1) the JVM which runs Tomcat will start with 512M for the heap, but may have a problem later, when it needs more, tries to get it from the Xen VM where it is running, and (maybe) cannot get it then. 2) when the two parameters are not equal, the JVM regularly tries to adjust the size of the heap dynamically. This costs some performance. When the parameters are equal, this dynamic adjustment work does not happen. Another question : are all the components which are involved here, capable of using 32 GB of RAM ? I don't know what exactly matters here, but maybe there are 32/64 bit issues somewhere. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat login
On 3/30/2010 12:04 PM, Stéphanie Cettou wrote: I will get the issue list, because I think that with Tomcat 6 I can't do all..(But I don't know Tomcat) - Get more roles at an user (my code is ready for a JDBCRealm login) * read/modify pages and object - Check type of password (more that 8 char, special char,...) - Ask new password every month (from the web site) - Block the user after 3 failed login - Block inactive user (ex after 90 days) - (ev. Single-Sing-On for some users, but I think not possible with more active directory) not Mandatory - Add/modify/delete user from web site I can do it with Tomcat 6 update? how? Write a webapp (program) to do all of the above. Or it exist others solution / applications? I don't know of any, but they may exist. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
On 30/03/2010 16:29, Eric Laflamme wrote: Hi, We have a lot of server using virtualization (xen source) and we have a lot of problem with tomcat. Tomcat process seems to stop responding after undetermined time and write in loop this in the catalina.out: Error occurred during initialization of VM Could not reserve enough space for object heap The servers has 32 gig of ram so it's not the ram that is in need. We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Thank you. As an aside, it's consider bad form (thread hijacking) to reply to someone elses email then change the subject and body to your own message. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Tomcat login
Hi, I found: http://jeftek.com/222/using-java-code-with-active-directory/ I think I will use this exemples to manage the users via java. Or I found Spring Security framework..but I don't understand if it doe's all of my issues or not... thank you very much for all answer! Stéphanie 2010/3/30 David kerber dcker...@verizon.net: On 3/30/2010 12:04 PM, Stéphanie Cettou wrote: I will get the issue list, because I think that with Tomcat 6 I can't do all..(But I don't know Tomcat) - Get more roles at an user (my code is ready for a JDBCRealm login) * read/modify pages and object - Check type of password (more that 8 char, special char,...) - Ask new password every month (from the web site) - Block the user after 3 failed login - Block inactive user (ex after 90 days) - (ev. Single-Sing-On for some users, but I think not possible with more active directory) not Mandatory - Add/modify/delete user from web site I can do it with Tomcat 6 update? how? Write a webapp (program) to do all of the above. Or it exist others solution / applications? I don't know of any, but they may exist. D - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge. That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for. Where is the Realm for the manager app defined? Where is the Realm for your webapp defined? Post your server.xml so we can see it. Did you remove the Realm in server.xml? Have you made any changes to the global conf/context.xml? -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, March 30, 2010 9:20 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide authentication, so the examples all show use of a Realm in server.xml and a corresponding global resource declaration. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received
Re: Tomcat login
Stéphanie, I don't want to interfere with the other people here who are trying to help you in the direction of a pure Tomcat solution. I am incompetent in that area, while they are, and their recommendations may in the end be better than mine. So let's say that there are alternative ways in which your basic issue could be solved, and what I am suggesting is one of these possible alternatives. The solution I am suggesting consists of separating the user management business from the Tomcat application business. My first premise is that managing users, passwords, rules for these passwords, aging, people coming and going etc.. is a complicated and time-consuming task and, if there already exists an AD infrastructure (or 3) that does this and people who manage it, maybe you do not want to create and manage a 4th system. (For example, if you create a mechanism based on a database, then you will probably have to synchronise that database with the 3 existing AD databases; and you will probably never obtain from the separate admins of the 3 AD domains, that they send you every day a new list of their users and passwords). My second premise is that users, in general, do not like to have to login several times, and remember different user-id's and/or passwords for different things. So if you can propose a solution which requires less additional programming and setup, and less management hassle later on, that may be to your own and to the users' advantage. Based on your previous explanations, I will imagine that there are 3 locations from where users can access your Tomcat system; that at each of those locations, there is a Windows domain based on an AD system; and that the users in each of those locations already login to their local domain before they access your Tomcat applications; and that these systems already manage the business of password rules and aging, and the day-to-day business of people coming and going. If it is so, you can set up a system whereby the local login which each user has already done once when they started their workstation, can be used by your Tomcat application(s). Your Tomcat application(s) will automatically receive, for each access, a unique and pre-authenticated user-id for each user, just as if you had done the authentication yourself at the Tomcat level. This user-id can include the original domain name of the user (iow the location), so that if two users john.smith exist in two separate AD domains, they will not be confused. This method does not necessarily cover all your needs, and it may still require some user data and some management at the Tomcat level, but it may also avoid having to re-implement and manage stuff that is already being done elsewhere. If you are still interested, then go have a look here : http://www.ioplex.com/ I am not saying that this is necessarily the solution for you, but it is maybe worth having a look at it. (and no, I am not an employee of that company; it is just something I use myself with Tomcat, in contexts apparently similar to yours.) - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
Hi, Let me first apologize for that, I'm pretty new with mailing list.. It won't happen again. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:11, Pid a écrit : On 30/03/2010 16:29, Eric Laflamme wrote: Hi, We have a lot of server using virtualization (xen source) and we have a lot of problem with tomcat. Tomcat process seems to stop responding after undetermined time and write in loop this in the catalina.out: Error occurred during initialization of VM Could not reserve enough space for object heap The servers has 32 gig of ram so it's not the ram that is in need. We tried to specifiy the memory for tomcat like: -Xmx1024M -Xms512M But nothing seems to help. Does anybody have any ideas for this behaviour? Thank you. As an aside, it's consider bad form (thread hijacking) to reply to someone elses email then change the subject and body to your own message. p - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Virtualization (Xen, vmware) + Tomcat
Hi Peter, Here is the information about the server: We have a Xen Host with CentOS release 5.4 (Final) In that host, we have a vm with CentOS release 5.4 (Final) We install a cPanel 11.25 The version of tomcat is 5.5.28 The tomcat we use is the one package with cPanel. We already communicate with their support. A lot of time.. But they are, like us, clueless on how to solve this problem. So I came here as another step to try to resolve this issue. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. But as we only have this problem and log of the problem by now, we start with tomcat to maybe found what is the real problem. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:01, Peter Crowther a écrit : On 30 March 2010 16:45, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Actually, that's the JVM trying to allocate the *initial* space for the heap, not extend it. There hasn't been any attempt to load and run Tomcat yet. My mistake. In that case, if Eric's seeing lots of those in the log files, it implies that the JVM intended to host Tomcat is repeatedly failing to start and some other process is repeatedly trying to start Tomcat. Eric, could you tell us more about your statement that Tomcat is running inside the VM and is, by the way, a cPanel? - What operating system? - What version of Tomcat? - Did you download the Tomcat directly from http://tomcat.apache.org, or was it packaged with some third-party software? In particular, if it's a version of Tomcat that was packaged with cPanel, you may well be better asking them about the issue. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
Chuck, a bit off-topic, but since we might have to choose the next few months which JVM to use on Intel/Linux, I am interested in why you think the OpenJDK is pretty awful ? regards, Harry 2010/3/30 Caldarale, Charles R chuck.caldar...@unisys.com From: André Warnier [mailto:a...@ice-sa.com] Subject: Re: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5 (And you should anyway first install a reasonable Java JVM 1.6 before Tomcat; usually people here do not consider the OpenJDK JVM as reasonable for Tomcat). Actually, OpenJDK (which comes from what used be known as Sun) is probably ok; it's the GNU JVM that is pretty awful. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Virtualization (Xen, vmware) + Tomcat
From: Eric Laflamme [mailto:elafla...@iweb.com] Subject: Re: Virtualization (Xen, vmware) + Tomcat Here is the information about the server: Except the critical bit, which is how much virtualized memory have you provisioned the virtual server with? The evidence points to that being insufficient. We install a cPanel 11.25 We still have no idea what cPanel is. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. If the JVM initialization message your posted previously is in fact the only symptom you're seeing, then it has nothing to do with Tomcat - Tomcat isn't even started at that point. If you're running out of virtualized memory for your virtualized server to the point that another process (the JVM) cannot even start, you need to find out what's consuming the virtualized memory. Tools like ps might help. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: using tomcat maven plugin
Sorry for not answering in that thread. Here are the plugin details http://mojo.codehaus.org/tomcat-maven-plugin/deployment.html n828cl wrote: From: fachhoch [mailto:fachh...@gmail.com] Subject: using tomcat maven plugin I am struggling hard to setup datasource in tomact, mine is embedded tomcat through maven plugin , please help me in setting up dataasource for embedded tomcat You could always try answering the questions that were asked of you in the previous iteration of this thread, rather than just ignoring them: http://marc.info/?l=tomcat-userm=126962585919427w=2 http://marc.info/?l=tomcat-userm=126961353929829w=2 http://marc.info/?l=tomcat-userm=126960904222350w=2 - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/using-tomcat-maven-plugin-tp28069941p28085738.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: tomcat maven plugin datasource
Here are the plugin details http://mojo.codehaus.org/tomcat-maven-plugin/deployment.html n828cl wrote: From: fachhoch [mailto:fachh...@gmail.com] Subject: Re: tomcat maven plugin datasource I did as per the plugin instructions , what am i missing ? Telling us what plugin you're referring to. Where did you get it? I don't recall seeing any such plugin as part of any Tomcat distribution, but maybe I missed it. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org -- View this message in context: http://old.nabble.com/tomcat-maven--plugin-datasource-tp28037478p28085745.html Sent from the Tomcat - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5
From: Harry Metske [mailto:harry.met...@gmail.com] Subject: Re: Fwd: How to install tomcat 6.0.X in IBM P series box running with RHEL 5 Chuck, a bit off-topic, but since we might have to choose the next few months which JVM to use on Intel/Linux, I am interested in why you think the OpenJDK is pretty awful ? Read the message again; I said OpenJDK is probably ok, and that the GNU JVM is pretty awful. Search the archives for the numerous reports of any serious application (such as Tomcat) failing miserably on the GNU JVM, but working fine on a real JVM. OpenJDK is (or at least was) pretty much the same as the Sun HotSpot JVM, but with some packages replaced or omitted due to licensing issues. - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers.
RE: using tomcat maven plugin
From: fachhoch [mailto:fachh...@gmail.com] Subject: RE: using tomcat maven plugin Sorry for not answering in that thread. Here are the plugin details http://mojo.codehaus.org/tomcat-maven-plugin/deployment.html In a brief review of the doc for that plugin, I saw nothing to indicate that it would generate the Context element or any necessary included elements (such as Resource); creation of those would seem to be your responsibility, or that of any IDE you might be using. Since the plugin is not part of Tomcat, you'll need to get help from whatever support group might exist for the plugin. To tell the truth, I can't quite see the point of the plugin, other than satisfying those who think everything has to be mavenized. (If your only tool is a hammer...) - Chuck THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus for use only by the intended recipient. If you received this in error, please contact the sender and delete the e-mail and its attachments from all computers. - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
RE: Connecting to a Database
Right -- ok, that's good. And I will do so (post the data Chuck asked for). -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Tuesday, March 30, 2010 11:34 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database I only added that valve because I did not want just anyone to be able to type http://mydomain.com/manager/html and get the Tomcat manager login challenge. That valve should not have any effect on your DataSourceRealm. You should probably post the data Chuck asked for. Where is the Realm for the manager app defined? Where is the Realm for your webapp defined? Post your server.xml so we can see it. Did you remove the Realm in server.xml? Have you made any changes to the global conf/context.xml? -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Tuesday, March 30, 2010 9:20 AM To: 'Tomcat Users List' Subject: RE: Connecting to a Database Oh ok, I see. You've added a valve to the manager app. I probably need to do that, and have not. Thanks. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Monday, March 29, 2010 5:38 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Barry, I thought having a context.xml in META-INF/ was the most specific place to define a context for a webapp, in the heirarchy of Context element locations. http://tomcat.apache.org/tomcat-6.0-doc/config/context.html I have the manager webapp running. In various places in server.xml, other than adding digest, this is the standard tomcat config: GlobalNamingResources !-- Editable user database that can also be used by UserDatabaseRealm to authenticate users -- Resource name=UserDatabase auth=Container type=org.apache.catalina.UserDatabase description=User database that can be updated and saved factory=org.apache.catalina.users.MemoryUserDatabaseFactory pathname=conf/tomcat-users.xml / /GlobalNamingResources !-- This Realm uses the UserDatabase configured in the global JNDI resources under the key UserDatabase. Any edits that are performed against this UserDatabase are immediately available for use by the Realm. -- Realm className=org.apache.catalina.realm.UserDatabaseRealm digest=md5 resourceName=UserDatabase/ In webapps/manager/META-INF/context.xml: !-- Valve added to prevent access to this webapp from public computers -- Context antiResourceLocking=false debug=0 privileged=true Valve className=org.apache.catalina.valves.RemoteAddrValve allow=specific ip / /Context -Original Message- From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Sent: Monday, March 29, 2010 2:41 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database And after doing this, and getting my DataSourceRealm to work properly, now I can't get the Tomcat manager app to work properly now...it references my JNDI realm reference (DataSourceRealm actually) and throws an exception. Even if I delete it out of my context.xml file (the reference) and delete the one created in the conf folder, it still tries to reference the DataSourceRealm credentials and throws an error. If I set the DataSourceRealm in my context.xml file of my webapps/webappfldr/META-INF/ will it not allow for a later reference separately in the Tomcat manager app? Reference to the tomcat-users.xml file? I'll dump out the work folder, too, but it'd be nice to have both working concurrently. I would have thought they would, but am likely mistaken. -Original Message- From: Leo Donahue - PLANDEVX [mailto:leodona...@mail.maricopa.gov] Sent: Friday, March 26, 2010 6:09 PM To: 'Tomcat Users List' Subject: RE: Connecting to a Database You are correct. I stumbled across that info while reading the Realm config in the DataSource Database Realm section but I wasn't looking for that when I saw it the first n times. I was looking for info about the userRoleTable. -Original Message- From: Caldarale, Charles R [mailto:chuck.caldar...@unisys.com] Sent: Friday, March 26, 2010 2:56 PM To: Tomcat Users List Subject: RE: Connecting to a Database From: Propes, Barry L [mailto:barry.l.pro...@citi.com] Subject: RE: Connecting to a Database Thanks, Leo! I've not seen instructions in the How-To (maybe I overlooked it) on the localDataSource=true attrib to the Realm in the context.xml file Unfortunately, it's not in the How-To, just in the configuration doc for Realm (which is linked to from the How-To): http://tomcat.apache.org/tomcat-6.0-doc/config/realm.html The How-To is oriented towards server-wide
Re: No WWW-Authenticate header sent when error-page 401 is configured
2010/3/30 Nick Wiedenbrück mailinglists...@googlemail.com: I got it working on Tomcat 6 and Jetty, but I've got a problem with Tomcat 5.5.23, It will not work with 5.5.23, because it is some issue that was fixed in a later version. (Headers were cleared when rendering a custom page). Search the bugzilla or look in the changelog. I am certain that it is fixed in 6.0.x about a year ago, but I do not remember whether it was backported to 5.5 or not -- you can find that yourself (e.g. try 5.5.28). Best regards, Konstantin Kolinko - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: [OT] SecurityManager and Java Policy Files
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Konstantin,
On 3/29/2010 7:56 PM, Konstantin Kolinko wrote:
2010/3/25 Christopher Schultz ch...@christopherschultz.net:
I will try to be brief in my answers below, so please excuse some
apparent harshness.
(...)
In the Tomcat SecurityManager docs
(http://tomcat.apache.org/tomcat-6.0-doc/security-manager-howto.html),
most of the grants in the policy file do not have a codeBase.
Why are you looking there? The policy file cited there is
conf/catalina.policy. I would prefer the live copy over the paper.
(Though the doc should match the file).
It does, but I've found it's better to give list readers something to
click on instead of saying hey, get the latest Tomcat tarball and look
at the policy file included. I suppose I could have gotten the link
from svnweb, but, well, that takes a while, too.
By the way, I /have/ read
http://java.sun.com/j2se/1.5.0/docs/guide/security/PolicyFiles.html but
some things are still unclear.
Java 6 docs are below from here:
http://java.sun.com/javase/6/docs/technotes/guides/security/index.html
See also the following document there
http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html
http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-specTOC.fm.html
I'll take a look at all of those. Thanks for the references.
it appears that the SecurityManager is enforcing
permissions along with the call chain...
It is documented in those specifications by Sun. It looks the call
chain up to the nearest AccessController.doPrivileged().
My question was this: is the immediate caller before the
AcessController.doPrivileged() the one checked, or is the /entire call
chain/ checked recursively? The small amount of evidence I've collected
leads me to that conclusion, and I'd like to be sure so that I can write
policy files without completely losing my sanity.
Third: doesn't this make performance really suck?
As with any performance question: test it yourself and for your own
application/environment. Only that will give you numbers.
Fair enough.
It may be that impact of those security checks is small compared to
other bottlenecks in one's application. Though, personally, I do not
like when a computer performs useless work.
This is what I was getting at, though in my current position, it pays to
have as many layers of (reasonable) security as possible. We do have
control over all the code, but I'd also like to make sure that a rogue
programmer/library or careless mistake doesn't really foul things up.
such as granting AllPermission to things like bootstrap.jar
That is determined by the task that this protection performs.
In general, the idea is that what is installed by administrator is
controlled and thus trusted, but the web applications themselves are
not trusted by default.
This was my real question here: is the codebase-less grant and the
granting of AllPermission just basically laziness on the part of the
policy writer? Or is there a real reason to grant /all/ privileges to
Tomcat.
Here's what's in the policy file (I refer you to the catalina.policy
file that ships with Tomcat 6.0.26 :) regarding the JDBC driver privileges:
// The permission granted to your JDBC driver
// grant codeBase
jar:file:${catalina.home}/webapps/examples/WEB-INF/lib/driver.jar!/- {
// permission java.net.SocketPermission
dbhost.mycompany.com:5432, connect;
// };
That shows the codebase of the driver's JAR being given a
SocketPermission. If my web application tried to create a JDBC
connection directly (that is, by not using Tomcat's connection pool),
would it fail? My experience with the logging framework suggests that it
would fail.
If I need to create a JDBC connection from within my webapp, do I have
to do something like this:
grant codeBase .../my-jdbc.jar { permission ... }
grant codeBase .../my-service.jar { permission ...}
grant codeBase webapps/mywebapp/WEB-INF/classes/- { permission ... }
all with the same permission so that this will work? If I want to get
really anal retentive, can I specify exactly which classes are allowed
to make new JDBC connections by setting this SocketPermission for each
one of them? That gives me great flexibility at the cost of a PITA when
writing my policy file... which is why I suspect people just say screw
it and do something like this:
grant {
permission SocketPermission ..., resolve, connect;
}
Thanks,
- -chris
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAkuyceAACgkQ9CaO5/Lv0PAsvACdFJPEZRrT3ghZ+PbSGCJR6CIO
1q0An2nRvylFW++7ZOOvyuJbENRAnh4C
=gPID
-END PGP SIGNATURE-
-
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Tomcat 7 and securityfilter [or A Love Letter to markt]
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 All, One of the major architectural changes I've heard about coming in Tomcat 7 is the removal of the Valve interface in favor of using the standard javax.servlet.Filter interface. IIRC, the current implementation of container-managed authentication and authorization is done using a Valve (or series of Valves). If Tomcat is moving to Filters rather than Valves, does that mean that Tomcat authentication will be done using Filters, or is there some other strategy in the works? I ask because a Filter-based authentication and authorization strategy would duplicate the work of securityfilter (and probably be more up-to-date, but that's beside the point). I would actually prefer that Tomcat go with a Filter-based authentication strategy because of the flexibility which can be achieved by intercepting the call chain without having to dive into the internals of Tomcat. What's the plan for T7-auth? Thanks, - -chris -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkuydZAACgkQ9CaO5/Lv0PArvgCgnoUpBYS4i3HuCTSTrqiOLLkQ RMoAnj96FWY4EzzVNQxeTVhqsuvUinz6 =sB2s -END PGP SIGNATURE- - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
AW: Virtualization (Xen, vmware) + Tomcat
Hi Can you post: - `uname -a` inside both your dom0 as well as your domU - the config file for your domU - `ps aux | grep java` inside your domU - `free` inside your domU - `xm list` inside your dom0 Maybe there will be hints to help you. I am running lots of tomcats in domUs (actually all non-development installations are virtualized), and I never had a problem related to xen. Regards, Steffen -Ursprüngliche Nachricht- Von: Eric Laflamme [mailto:elafla...@iweb.com] Gesendet: Dienstag, 30. März 2010 19:16 An: Tomcat Users List Betreff: Re: Virtualization (Xen, vmware) + Tomcat Hi Peter, Here is the information about the server: We have a Xen Host with CentOS release 5.4 (Final) In that host, we have a vm with CentOS release 5.4 (Final) We install a cPanel 11.25 The version of tomcat is 5.5.28 The tomcat we use is the one package with cPanel. We already communicate with their support. A lot of time.. But they are, like us, clueless on how to solve this problem. So I came here as another step to try to resolve this issue. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. But as we only have this problem and log of the problem by now, we start with tomcat to maybe found what is the real problem. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:01, Peter Crowther a écrit : On 30 March 2010 16:45, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Actually, that's the JVM trying to allocate the *initial* space for the heap, not extend it. There hasn't been any attempt to load and run Tomcat yet. My mistake. In that case, if Eric's seeing lots of those in the log files, it implies that the JVM intended to host Tomcat is repeatedly failing to start and some other process is repeatedly trying to start Tomcat. Eric, could you tell us more about your statement that Tomcat is running inside the VM and is, by the way, a cPanel? - What operating system? - What version of Tomcat? - Did you download the Tomcat directly from http://tomcat.apache.org, or was it packaged with some third-party software? In particular, if it's a version of Tomcat that was packaged with cPanel, you may well be better asking them about the issue. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
AW: Virtualization (Xen, vmware) + Tomcat
And maybe `xm info` in the dom0. -Ursprüngliche Nachricht- Von: Steffen Heil [mailto:li...@steffen-heil.de] Gesendet: Mittwoch, 31. März 2010 00:12 An: 'Tomcat Users List' Betreff: AW: Virtualization (Xen, vmware) + Tomcat Hi Can you post: - `uname -a` inside both your dom0 as well as your domU - the config file for your domU - `ps aux | grep java` inside your domU - `free` inside your domU - `xm list` inside your dom0 Maybe there will be hints to help you. I am running lots of tomcats in domUs (actually all non-development installations are virtualized), and I never had a problem related to xen. Regards, Steffen -Ursprüngliche Nachricht- Von: Eric Laflamme [mailto:elafla...@iweb.com] Gesendet: Dienstag, 30. März 2010 19:16 An: Tomcat Users List Betreff: Re: Virtualization (Xen, vmware) + Tomcat Hi Peter, Here is the information about the server: We have a Xen Host with CentOS release 5.4 (Final) In that host, we have a vm with CentOS release 5.4 (Final) We install a cPanel 11.25 The version of tomcat is 5.5.28 The tomcat we use is the one package with cPanel. We already communicate with their support. A lot of time.. But they are, like us, clueless on how to solve this problem. So I came here as another step to try to resolve this issue. I don't know if the problem is Tomcat itself or Tomcat only have a symptom of another problem. But as we only have this problem and log of the problem by now, we start with tomcat to maybe found what is the real problem. -- Eric Laflamme [iWeb] IT Architecture Specialist Spécialiste de l'Architecture TI http://www.iWeb.com/ Le 2010-03-30 à 12:01, Peter Crowther a écrit : On 30 March 2010 16:45, Caldarale, Charles R chuck.caldar...@unisys.comwrote: From: peter.crowth...@googlemail.com [mailto:peter.crowth...@googlemail.com] On Behalf Of Peter Crowther Subject: Re: Virtualization (Xen, vmware) + Tomcat Error occurred during initialization of VM Could not reserve enough space for object heap OK, so that's the Java virtual machine running Tomcat not being able to extend its heap. Actually, that's the JVM trying to allocate the *initial* space for the heap, not extend it. There hasn't been any attempt to load and run Tomcat yet. My mistake. In that case, if Eric's seeing lots of those in the log files, it implies that the JVM intended to host Tomcat is repeatedly failing to start and some other process is repeatedly trying to start Tomcat. Eric, could you tell us more about your statement that Tomcat is running inside the VM and is, by the way, a cPanel? - What operating system? - What version of Tomcat? - Did you download the Tomcat directly from http://tomcat.apache.org, or was it packaged with some third-party software? In particular, if it's a version of Tomcat that was packaged with cPanel, you may well be better asking them about the issue. - Peter - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org smime.p7s Description: S/MIME cryptographic signature
Re: Tomcat 7 and securityfilter [or A Love Letter to markt]
On 30/03/2010 23:05, Christopher Schultz wrote: All, One of the major architectural changes I've heard about coming in Tomcat 7 is the removal of the Valve interface in favor of using the standard javax.servlet.Filter interface. Getting Tomcat 7 to move from Valves towards Filters is one of my pet projects. There is still a long way to go and it isn't at the top of my todo list. IIRC, the current implementation of container-managed authentication and authorization is done using a Valve (or series of Valves). It is currently a single Valve. If Tomcat is moving to Filters rather than Valves, does that mean that Tomcat authentication will be done using Filters, or is there some other strategy in the works? The strategy is to move to filters. The tactics are somewhat lacking in detail. I ask because a Filter-based authentication and authorization strategy would duplicate the work of securityfilter (and probably be more up-to-date, but that's beside the point). Potentially. I see security filter is essentially Apache licensed. Hmm. I feel a Baldrick[1] moment coming on. I would actually prefer that Tomcat go with a Filter-based authentication strategy because of the flexibility which can be achieved by intercepting the call chain without having to dive into the internals of Tomcat. What's the plan for T7-auth? At the minute, implement JSR-196 once the Servlet 3.0 is completed (it is very close) with a valve to filter move for authentication probably pushed back to Tomcat 8. SecurityFilter is an obvious starting point. How do you feel about contributing some patches with the aim of merging the SecurityFilter code into Tomcat? Is it feasible to do this incrementally or would it need to be in one big patch? Mark [1] http://en.wikipedia.org/wiki/Baldrick - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Submitting a patch
Is the a HOWTO located somewhere on the best way to submit a patch? Thanks, Matthew - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
Re: Submitting a patch
--- On Tue, 3/30/10 at 9:56 PM, ntwrkd ntw...@gmail.com wrote: Is the a HOWTO located somewhere on the best way to submit a patch? http://www.lmgtfy.com/?q=tomcat+patch+submit - Bob - To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
