WG: Tomcat 4 & javax.net.debug
Hi,
I have to debug an SSL problem when using LDAPS. So I decided to set the
javax.net.debug property to figure out what's going on. But
System.setProperty("javax.net.debug", "all"); or
System.setProperty("javax.net.debug", "ssl");
doesn't produce any output. I have a Tomcat 4 standalone installation
running, so afaik the debug output should go to catalina.out as well as
any output of System.out.println("...") does. I can find the
System.out.println("...") output but no javax.net.debug output. Does
anybody know the trick? I'm running jre version 1.4.2 on RedHat 7.3.
Btw.: If I run the classes outside Tomcat in a "standard" environment,
LDAPS is running as it should and javax.net.debug produces a lot of
debug output to the console. Hmmm.
Any hints are highly appreciated.
Thanks, Thomas.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Problem with Tomcat-IIS-Connection by JK
Hi, I have connected Tomcat 4.1.30 to IIS a lot of times at several customer sites. Now at one site I have a problem. The JK log reports the following when accessing a resource at context '/dw_3_16_12'. The ajp13 worker is correctly configured in workers.properties. It's a distributed configuration: IIS is in DMZ, Tomcat in Intranet; The port 8009 is open in the firewall. I checked that with "telnet 8009" . The only special thing IMO is that the IIS runs several websites. The connector is installed on level of website that listens on Port 81. What I wonder from the log is why there appear ajp12 log entries where I expect ajp13. Has anyone an idea? Michael --- [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (600)]: In HttpFilterProc Virtual Host redirection of /bsa..com:81/dw_3_16_12 [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (351)]: Into jk_uri_worker_map_t::map_uri_to_worker [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (368)]: Attempting to map URI '/bsa..com:81/dw_3_16_12' [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (456)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (606)]: In HttpFilterProc test Default redirection of /dw_3_16_12 [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (351)]: Into jk_uri_worker_map_t::map_uri_to_worker [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (368)]: Attempting to map URI '/dw_3_16_12' [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (381)]: jk_uri_worker_map_t::map_uri_to_worker, Found an exact match ajp13 -> /dw_3_16_12 [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (617)]: HttpFilterProc [/dw_3_16_12] is a servlet url - should redirect to ajp13 [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (639)]: HttpFilterProc check if [/dw_3_16_12] is points to the web-inf directory [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (555)]: HttpFilterProc started [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (600)]: In HttpFilterProc Virtual Host redirection of /bsa..com:81/jakarta/isapi_redirect.dll [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (351)]: Into jk_uri_worker_map_t::map_uri_to_worker [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (368)]: Attempting to map URI '/bsa..com:81/jakarta/isapi_redirect.dll' [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (456)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (606)]: In HttpFilterProc test Default redirection of /jakarta/isapi_redirect.dll [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (351)]: Into jk_uri_worker_map_t::map_uri_to_worker [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (368)]: Attempting to map URI '/jakarta/isapi_redirect.dll' [Thu Dec 16 12:35:48 2004] [jk_uri_worker_map.c (456)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (630)]: HttpFilterProc [/jakarta/isapi_redirect.dll] is not a servlet url [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (639)]: HttpFilterProc check if [/jakarta/isapi_redirect.dll] is points to the web-inf directory [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (679)]: HttpExtensionProc started [Thu Dec 16 12:35:48 2004] [jk_worker.c (123)]: Into wc_get_worker_for_name ajp12 [Thu Dec 16 12:35:48 2004] [jk_worker.c (127)]: wc_get_worker_for_name, done found a worker [Thu Dec 16 12:35:48 2004] [jk_isapi_plugin.c (701)]: HttpExtensionProc got a worker for name ajp12 [Thu Dec 16 12:35:48 2004] [jk_ajp12_worker.c (223)]: Into jk_worker_t::get_endpoint [Thu Dec 16 12:35:48 2004] [jk_ajp12_worker.c (121)]: Into jk_endpoint_t::service [Thu Dec 16 12:35:48 2004] [jk_connect.c (108)]: Into jk_open_socket [Thu Dec 16 12:35:48 2004] [jk_connect.c (115)]: jk_open_socket, try to connect socket = 5256 [Thu Dec 16 12:35:50 2004] [jk_connect.c (124)]: jk_open_socket, after connect ret = -1 [Thu Dec 16 12:35:50 2004] [jk_connect.c (143)]: jk_open_socket, connect() failed errno = 61 [Thu Dec 16 12:35:50 2004] [jk_ajp12_worker.c (134)]: In jk_endpoint_t::service, sd = -1 [Thu Dec 16 12:35:50 2004] [jk_ajp12_worker.c (152)]: In jk_endpoint_t::service, Error sd = -1 [Thu Dec 16 12:35:50 2004] [jk_isapi_plugin.c (716)]: HttpExtensionProc error, service() failed [Thu Dec 16 12:35:50 2004] [jk_ajp12_worker.c (163)]: Into jk_endpoint_t::done - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Problem with Tomcat-IIS-Connection by JK
It's solved! The customer admin has left an old JK setup on host level which I wasn't aware of when installing at website level. Best Regards Michael - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5.5 and jndi context naming error
- Original Message - From: "Ken Hall" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 16, 2004 10:41 PM Subject: tomcat 5.5 and jndi context naming error >Since downloading the new version of Tomcat 5.5.4, I have been >experiencing problems with jndi resources within my web app. I am >porting over from an existing server where that resource is working. I think you shoud change your config. From 5.0 to 5.5, the context xml files have changed. Now, instead of using resource params, you should use attributes in the Resource tag. Change this: maxWait 5000 (...) To this: I had the same problem, but it took me some time and headaches to notice the documentation had changed. Maybe the docs for 5.5 should have reflected the changes with BIG RED LETTERS or so. I'd want the people at the Jakarta project to think of it: If you save half an hour to each developer or admin who migrates to 5.5, maybe you are saving 2 or 3 lives a month :D --Steve jobs way of thinking ;) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
JCE and classloader question
Hello,
I have a trouble with using a JCE and multiple contexts. From what I
could have read around here this is probably linked to a classloader
problem. Could you guys help?
Basicaly, I generate a RSA Keypair, then create a certificate and want
to self sign it. Finally i need to store the private key to create a
p12. Here is the code: I am using the IAIK JCE.
KeyPair keyPair;
IAIK IAIKprovider = new IAIK();
Security.insertProviderAt(IAIKprovider, 2);
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA",
IAIKprovider.getName());
keyPairGenerator.initialize(keySize);
keyPair = keyPairGenerator.generateKeyPair();
X509Certificate cert;
[...]
cert.sign( AlgorithmID.sha1WithRSAEncryption ,keyPair.getPrivate(),
IAIKprovider.getName());
if(!RSAPrivateKey.class.isAssignableFrom(keyPair.getPrivate().getClass())){
error("Generated RSA private key is not of type RSA!");
}
KeyBag keybag = new KeyBag((RSAPrivateKey) keyPair.getPrivate(),
certLabel, certLabel.getBytes());
The problem is that if I have more than one tomcat context using the
same pice of code, the 2nd context to use it triggers the "if" (that is,
without it I get a ClassCastException). Meaning that the generated
private key is not compatible with RSAPrivateKey, while I asked for a
"RSA" key.
I also have the same problem with the other way around:
CertificateFactory certFactory = CertificateFactory.getInstance("X.509",
"IAIK");
Collection certCollection = certFactory.generateCertificates(new
ByteArrayInputStream( certChainBlob.getDatabinary() ));
cert = (X509Certificate)certChain.get(0); //where X509Certificate being
iaik.x509.X509Certificate)
gets a ClassCastException if being the second context to call this code.
Oh, one more important thing: I add the security provider dynamicaly with a:
Security.insertProviderAt(new IAIK(), 2);
Could someone help me on this?
Thank you,
Lionel
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Commercial Tomcat Support?
I have never used commercial support (yet), but I think that is what JBoss does. They also seem to be quite dedicated to Tomcat development in general. Daniel - Original Message - From: "Steven J. Owens" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 16, 2004 3:21 PM Subject: Commercial Tomcat Support? Hi guys, Does anybody have recommendations of providers for commercial tomcat support contracts? Not that I'm not fairly impressed with tomcat-users, but sometimes you're dealing with a problem at 4am and it'd be nice to have somebody to call. -- Steven J. Owens [EMAIL PROTECTED] "I'm going to make broad, sweeping generalizations and strong, declarative statements, because otherwise I'll be here all night and this document will be four times longer and much less fun to read. Take it all with a grain of salt." - http://darksleep.com/notablog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
CSR in Tomcat 5.0
Anyone have any idea how to properly create a CSR in Tomcat 5.0 to submit to Verisign? The command line is: Keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore The problem is that the -keyalg switch does not exist with the syntax for the -certreq switch. I can create the CSR file without the -keyalg switch. What affect will this have when submitting this to the CA? What encryption level? Richard Panek [EMAIL PROTECTED]
setting scheme in CoyoteConnector
According to: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html setting the "scheme" attribute should force all calls to getScheme() to return whatever protocol was put for the value of scheme. I've found this to not be true. Has anyone successfully set the scheme for tomcat 4.1.31 or tomcat 5.5.4? The connector is as follows: className="org.apache.coyote.tomcat5(4).CoyoteConnector" acceptCount="100" connectionTimeout="15000" debug="6" disableUploadTimeout="false" maxThreads="150" minSpareThreads="5" maxSpareThreads="75" enableLookups="false" port="8080" redirectPort="443" scheme="https" secure="false" proxyPort="443" useURIValidationHack="false"/> Calling getScheme() in a jsp [ getScheme=<%= request.getScheme() %> ] results in 'http' being displayed instead of 'https' Has anyone else noticed this behaviour or know a way around it? Thanks, Eric - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CSR in Tomcat 5.0
I've used the -keyalg with -certreq. On Fri, 2004-12-17 at 10:23, Richard Panek wrote: > Anyone have any idea how to properly create a CSR in Tomcat 5.0 to > submit to Verisign? > > > > > > The command line is: > > > > Keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore > > > > > The problem is that the -keyalg switch does not exist with the syntax > for the -certreq switch. I can create the CSR file without the -keyalg > switch. What affect will this have when submitting this to the CA? > What encryption level? > > > > > > Richard Panek > > [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: connection pooling
thats what I hope this is, the guy who was before me wasnt that great at anything other then coding swing apps, so tomcat the server and database are a mess. From: "Filip Hanik - Dev" <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Subject: Re: connection pooling Date: Thu, 16 Dec 2004 16:13:03 -0600 depends on what connection pool you use. but in almost all causes, its a pretty trivial thing (unless your code is funky of course) in our system, all we did was to switch the driver name (to the pooled driver), and it would pick up our connection pool. so it was a one line change. Filip - Original Message - From: "Didier McGillis" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, December 16, 2004 3:49 PM Subject: connection pooling I'm about to the point where I'm going to switch to db connection pooling. however before I undertake this seemly easy task I have a question, which will make this a huge project or a simple one. The current site uses typical MySQL connection, where a connection is opened and so on, if I do connection pooling will I have to go in and do mass code changes? aka will I have to rewrite any servlets or jsps that make database calls. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
Also, because I found this in the localhost_log.2004 file: 2004-12-17 09:45:15 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-17 09:45:15 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input --> true 2004-12-17 09:45:15 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-17 09:45:15 Authenticator[/resources]: Calling checkUserData() 2004-12-17 09:45:15 Authenticator[/resources]: User data constraint has no restrictions 2004-12-17 09:45:15 Authenticator[/resources]: Calling authenticate() 2004-12-17 09:45:15 Authenticator[/resources]: Failed authenticate() test That seems to tell me Tomcat saw something. Jim. To recap, if I go to http://xxx:8080/resources/input it works, if I go to http://xxx/resources/input it fails without ever showing me the basic authentication popup login window. The full error message from the browser is : HTTP Status 401 - *type* Status report *message* *description* _This request requires HTTP authentication ()._ Apache Tomcat/4.1.24 Authorization Required This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request. Apache/2.0.40 Server at xxx.sgi.com Port 80 Cox, Charlie wrote: Are you sure Apache is not blocking your request? Enable the AccessLogValve on tomcat and see if your request is getting through. Charlie -Original Message- From: Jim Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:28 AM To: Tomcat Users List Subject: Re: Authentication isn't working with mod_jk 1.7.3 beta. That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
The request is making a single entry into the log. 198.149.32.31 - - [17/Dec/2004:09:46:27 -0600] "GET /resources/input HTTP/1.0" 401 667 If I go to port 8080 and get validated, then it works without the port 8080. Jim. Cox, Charlie wrote: Are you sure Apache is not blocking your request? Enable the AccessLogValve on tomcat and see if your request is getting through. Charlie -Original Message- From: Jim Lynch [mailto:[EMAIL PROTECTED] Sent: Thursday, December 16, 2004 8:28 AM To: Tomcat Users List Subject: Re: Authentication isn't working with mod_jk 1.7.3 beta. That's quite possible but not helpful. The configuration is identical in essence to a working version on apache 1.3. Can anyone tell me what the differences are between the two are? Jim. Mladen Turk wrote: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. This simply is not true. It works very fine, and the authentication window is showed to the user. Check your config. Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: workers2.properties for mod_jk2.so and loadbalancing
Maybe may thinking is wronge. I thought that there was a way to loadbalance using worker2.properties file. I know you could loadbalance using mod_proxy and mod_rewrite, but I was just wondering if anyone else had did it using the AJP protocal??? One other simple question. Does tomcat also know to look at $CATALINA_BASE like it knows to look in $CATALINA_HOME? Dwayne Ghant wrote: Hey any of you guys out there have a good workers2.properties that I could use to model the loadbalancing functionality in my tomcat5.x/apache configuration . My current configuration is Apache2.0.46/tomcat5.0.28/mod_jk2.so Please keep in mind that I am using mod_jk2.so so that mean the configuration uses the mechanism modeled after JMX. All I have to do is take a look at an example of loadbalancing done this way and I should be fine. Thank you . -- Dwayne A. Ghant Application Developer Temple University 215.204. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
On Fri, 17 Dec 2004 10:55:27 -0500, Jim Lynch <[EMAIL PROTECTED]> wrote: > The request is making a single entry into the log. > > 198.149.32.31 - - [17/Dec/2004:09:46:27 -0600] "GET /resources/input > HTTP/1.0" 401 667 > > If I go to port 8080 and get validated, then it works without the port 8080. It's normal that you get a 401 back. Then your browser should display the auth popup. Use a telnet to see the reply sent by Tomcat on both ports. Especially pay attention to the presence of a WWW-Authenticate header. The rest (except the 401 status code) is almost irrelevant. -- x Rémy Maucherat Developer & Consultant JBoss Group (Europe) SàRL x - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: CSR in Tomcat 5.0
Ben, The command line doesn't work and will not create the CSR. What was the command line you used? Rich -Original Message- From: Ben Souther [mailto:[EMAIL PROTECTED] Sent: Friday, December 17, 2004 11:08 AM To: Tomcat Users List Subject: Re: CSR in Tomcat 5.0 I've used the -keyalg with -certreq. On Fri, 2004-12-17 at 10:23, Richard Panek wrote: > Anyone have any idea how to properly create a CSR in Tomcat 5.0 to > submit to Verisign? > > > > > > The command line is: > > > > Keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ -keystore > > > > > The problem is that the -keyalg switch does not exist with the syntax > for the -certreq switch. I can create the CSR file without the -keyalg > switch. What affect will this have when submitting this to the CA? > What encryption level? > > > > > > Richard Panek > > [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CSR in Tomcat 5.0
It's not anything with Tomcat, but with JDK. First ensure you've created the keys: keytool -genkey -keyalg RSA -alias tomcat -keystore yourkeystorefilename (You typically need to answer the questions, start with the web server name, like www.host.com, and fully spell out the city, state, etc.. The password and keystore file name you use will be configured into Tomcat.) To generate the CSR: keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore yourkeystorefilename Then to import (assuming PKCS#7 encoded): keytool -import -alias tomcat -trustcacerts -file certfilegiventoyoubyCA -keystore yourkeystorefilename Good luck, David - Original Message - From: "Richard Panek" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 9:30 AM Subject: RE: CSR in Tomcat 5.0 > Ben, > > The command line doesn't work and will not create the CSR. What was the > command line you used? > > Rich > > -Original Message- > From: Ben Souther [mailto:[EMAIL PROTECTED] > Sent: Friday, December 17, 2004 11:08 AM > To: Tomcat Users List > Subject: Re: CSR in Tomcat 5.0 > > I've used the -keyalg with -certreq. > > > On Fri, 2004-12-17 at 10:23, Richard Panek wrote: > > Anyone have any idea how to properly create a CSR in Tomcat 5.0 to > > submit to Verisign? > > > > > > > > > > > > The command line is: > > > > > > > > Keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \ > -keystore > > > > > > > > > > The problem is that the -keyalg switch does not exist with the syntax > > for the -certreq switch. I can create the CSR file without the > -keyalg > > switch. What affect will this have when submitting this to the CA? > > What encryption level? > > > > > > > > > > > > Richard Panek > > > > [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: workers2.properties for mod_jk2.so and loadbalancing
# ++BEGIN INSTALLATION INSTRUCTIONS+
#
# Jakarta ISAPI Connector Installation Steps
#
# I. Update the server's registry settings. This can be accomplished
#using either of the following two steps:
#1. Merge the registry file hosting.isapi_redirector2.reg
#2. Manually add the following registry entries:
# a. In the registry, create a new registry key named
# "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\
# Jakarta Isapi Redirector\2.0"
# b. [serverRoot] = [${JK2_HOME}/jk2-connector]
# c. [extensionUri] = /jakarta/isapi_redirector2.dll
# d. [workersFile] = [${JK2_HOME}/conf/workers2.properties]
# e. [logLevel] = [INFO]
#
# II. Configure IIS
#1. Using the IIS management console, add a new virtual directory to
# your default web site. The name of the virtual directory must be
# jakarta. Map this to C:\jk2-connector\bin\.
# While creating this new virtual directory assign it with
# execute access (scripts + executables)
#2. Using the IIS management console, add isapi_redirector2.dll as a
# filter to the default IIS web site.
# The name of the filter does not matter. Use "jakarta".
# The path should be C:\jk2-connector\bin\isapi_redirector2.dll
#
# [
#Windows 2003 / IIS 6.0 ONLY:
#
#3. Add isapi_redirector2.dll to the list of allowed
# "Web Service Extensions"
#4. Check to be sure an application pool named 'jakarta' was created
# under "Application Pools\DefaultAppPool", and if not, create it.
# ]
#
#5. Restart the IIS service ("IIS Admin Service")
#
#6. Test by requesting http://host-name/jkstatus
#
# ---END INSTALLATION INSTRUCTIONS--
# +++ BEGIN CONFIGURATION ++
#
# The following configuration file describes a JK2 installation
# which does round-robin, session-aware load balancing across all
# defined workers. Having a single work will balance the load on
# that worker. This is the default, even if you don't spell it out,
# but it is spelled out here for clarity. @TODO indicates a
# configuration must be made here. @OPTIONAL indicates an optional
# customization may be made.
#
#
# Define the status worker, used with the URI: /jkstatus
# This is useful for testing the health of the connector, and for
# getting performance statistics
#
# @OPTIONAL: if you don't want a /jkstatus report, omit
#
[status:status]
#
# (1) Create a logger.
# @OPTIONAL: You may customize the path if you wish.
#
[logger.file:0]
level=INFO
file=E:/files/jk2-logs/isapi_filter.log
#
# (2) Define a load balancer worker
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[lb:lb]
stickySession=1
#
# (3) Define a communication channel to tomcat
#
# @TODO:
# 1. Replace "@TODO-tomcat-id" with the tomcat server host name
# 2. Update the corresponding tomcat configuration file
(${CATALINA_HOME/conf/server.xml):
#Find the line '' and add the element
#jvmRoute="@TODO-tomcat-id:8009" >. The value of jvmRoute must
#match the "tomcatId" below, or stick session load balancing will not work.
#
#** NB ** The value of the jvmRoute parameter must not contain
# embedded dot characters (".") (i.e., the fully-qualified
# domain name.) Doing so will cause JK2 load balancing to fail.
#
# @TODO: Change the host name as appropriate
#
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[channel.socket:qailt002:8009]
info=AJP13 forwarding over socket
tomcatId=qailt002:8009
[channel.socket:qailt003:8009]
info=AJP13 forwarding over socket
tomcatId=qailt003:8009
#
# (4) Define a worker which communicates over the channel above
#
# @TODO: Change the host name as appropriate
#
# @OPTIONAL: Changing the lbfactor affects the weighted round-robin
# load balancing. Higher numbers means stronger machine which will
# receive more of the requests.
#
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[ajp13:qailt002:8009]
channel=channel.socket:qailt002:8009
lbfactor=1
[ajp13:qailt003:8009]
channel=channel.socket:qailt003:8009
lbfactor=1
#
# @OPTIONAL: Repeat steps (3) and (4) here for every tomcat server
# to participate in load balancing. At least one is required.
#
# For example, if the load on the single server defined above
# is too great, configure a similar server, and repeat steps (3) and (4)
# to include the new server in the load balancing.
#
# --- END CONFIGURATION --
# +++BEGIN MAPPING++
#
# (5) Map URIs to be forwarded.
#
# @TODO: For each context deployed on the tomcat id(s) above,
# define a mapping to be forwarded.
#
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
# @OPTIONAL: You may change the info= to be descriptive of this application.
#
[uri:/iltsp6150/*]
info=JK2-
Re: workers2.properties for mod_jk2.so and loadbalancing
Any body want to give this a shot? Dwayne Ghant wrote: Maybe may thinking is wronge. I thought that there was a way to loadbalance using worker2.properties file. I know you could loadbalance using mod_proxy and mod_rewrite, but I was just wondering if anyone else had did it using the AJP protocal??? One other simple question. Does tomcat also know to look at $CATALINA_BASE like it knows to look in $CATALINA_HOME? Dwayne Ghant wrote: Hey any of you guys out there have a good workers2.properties that I could use to model the loadbalancing functionality in my tomcat5.x/apache configuration . My current configuration is Apache2.0.46/tomcat5.0.28/mod_jk2.so Please keep in mind that I am using mod_jk2.so so that mean the configuration uses the mechanism modeled after JMX. All I have to do is take a look at an example of loadbalancing done this way and I should be fine. Thank you . -- Dwayne A. Ghant Application Developer Temple University 215.204. [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication isn't working with mod_jk 1.7.3 beta.
Is there something special I have to do in mod_jk config file for apache 2 that I didn't have to do for Apache 1.3 to permit basic authentication? Here is the section of the server.xml file dealing with the authentication I'm using: Jim Lynch wrote: I finally got mod_jk to comple on RH 9 for Apache 2, but the authentication doesn't work through the connector. If I go to port 8080 I get the login popup and am able to enter the app OK, however if I try to go to the default port and connect via mod_jk I get an authentication error. I never see the popup. Here is from the log when it works: 2004-12-15 09:34:01 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-15 09:34:01 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input --> true 2004-12-15 09:34:01 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-15 09:34:01 Authenticator[/resources]: Calling checkUserData() 2004-12-15 09:34:01 Authenticator[/resources]: User data constraint has no restrictions 2004-12-15 09:34:01 Authenticator[/resources]: Calling authenticate() 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl successfully authenticated 2004-12-15 09:34:01 Authenticator[/resources]: Authenticated 'jwl' with type 'BASIC' 2004-12-15 09:34:01 Authenticator[/resources]: Calling accessControl() 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl does NOT have role user 2004-12-15 09:34:01 JDBCRealm[/resources]: Username jwl has role admin 2004-12-15 09:34:01 Authenticator[/resources]: Successfully passed all security constraints 2004-12-15 09:34:01 StandardContext[/resources]: Mapping contextPath='/resources' with requestURI='/resources/input' and relativeURI='/input' and here is what it looks like when it doesn't work: 2004-12-15 09:34:56 Authenticator[/resources]: Security checking request GET /resources/input 2004-12-15 09:34:56 Authenticator[/resources]: Checking constraint 'SecurityConstraint[resources, resources1, resources2, resources3, resources4]' against GET /input --> true 2004-12-15 09:34:56 Authenticator[/resources]: Subject to constraint SecurityConstraint[resources, resources1, resources2, resources3, resources4] 2004-12-15 09:34:56 Authenticator[/resources]: Calling checkUserData() 2004-12-15 09:34:56 Authenticator[/resources]: User data constraint has no restrictions 2004-12-15 09:34:56 Authenticator[/resources]: Calling authenticate() 2004-12-15 09:34:56 Authenticator[/resources]: Failed authenticate() test In my httpd.conf file I have: Include /usr/local/tomcat/conf/auto/mod_jk_2.conf That file looks like: LoadModule jk_module /usr/lib/httpd/modules/mod_jk.so JkWorkersFile /usr/local/tomcat/conf/auto/workers.properties JkLogFile /var/log/httpd/mod_jk.log #JkLogLevel info JkLogLevel debug JkLogStampFormat "[%a %b %d %H:%M:%S %Y] " JkOptions +ForwardKeySize +ForwardURICompat -ForwardDirectories JkRequestLogFormat "%w %V %T" JkMount /examples/* workerx JkMount /resources workerx JkMount /resources/* workerx JkMount /tomcat-docs workerx JkMount /tomcat-docs/* workerx The jk log doesn't shed any light. It just indicates that a 401 was received from Tomcat when it didn't work. Any suggestions? Thanks, Jim. Partial error from browser: This server could not verify that you are authorized to access the document requested. Either you supplied the wrong credentials (e.g., bad password), or your browser doesn't understand how to supply the credentials required. Additionally, a 401 Authorization Required error was encountered while trying to use an ErrorDocument to handle the request. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat 5, JAASRealm, JNDILoginModule: error digesting user credentials
I'm attempting to cause Tomcat (I've tried versions 5.0.28 and
5.0.30) to perform user authentication against an LDAP server with
the JAASRealm and the JAAS JndiLoginModule.
I've ruled out LDAP server problems because things work properly
if I configure Tomcat to use the JNDIRealm instead of JAASRealm by
placing the following in Tomcat's server.xml:
ldap://localhost:389";
userPattern="uid={0},ou=associates,dc=mocek,dc=com"
roleBase="ou=groups,dc=mocek,dc=com"
roleName="cn"
roleSearch="(uniqueMember={0})" />
It's my understanding that the JNDIRealm is now able to
authenticate with an LDAP server either by performing a bind
operation or by comparing passwords, but that the JAASRealm's
JndiLoginModule is only capable of the latter. In order to allow
for this, my LDAP server is configured to allow anonymous read
access to the userPassword attribute.
I want to do exactly what happens with the above configuration,
except with JAAS inserted between Tomcat and the LDAP server.
I've substituted the above Realm element with the following (note
that digest is set to SHA and I've verified that my userPassword
on the LDAP server is SHA-digested):
I started Tomcat with the following option:
-Djava.security.auth.login.config==$CATALINA_HOME/conf/jaas.login.config
and included the following in $CATALINA_HOME/conf/jaas.login.config:
someApplication {
com.sun.security.auth.module.JndiLoginModule required debug=true
user.provider.url="ldap://localhost:389/ou=associates,dc=mocek,dc=com";
group.provider.url="ldap://localhost:389/ou=groups,dc=mocek,dc=com";;
};
I'm testing with the stock Tomcat manager and admin applications.
After I submit the login form of the admin app, login fails and
Tomcat writes the following to standard output:
Dec 16, 2004 3:35:45 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.taglib.html.LocalStrings',
returnNull=true
Dec 16, 2004 3:35:45 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.util.LocalStrings',
returnNull=true
Dec 16, 2004 3:35:45 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.taglib.bean.LocalStrings',
returnNull=true
Dec 16, 2004 3:35:45 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.taglib.html.LocalStrings',
returnNull=true
[JndiLoginModule] user provider:
ldap://localhost:389/ou=associates,dc=mocek,dc=com
[JndiLoginModule] group provider:
ldap://localhost:389/ou=groups,dc=mocek,dc=com
[JndiLoginModule] attemptAuthentication() failed
[JndiLoginModule] regular authentication failed
[JndiLoginModule]: aborted authentication failed
Dec 16, 2004 3:36:40 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.taglib.html.LocalStrings',
returnNull=true
Dec 16, 2004 3:36:40 PM org.apache.struts.util.PropertyMessageResources
INFO: Initializing, config='org.apache.struts.taglib.html.LocalStrings',
returnNull=true
When I instead attempt to run the manager application (i.e., load
/manager in a browser), the browser produces a login window, and
Tomcat writes the following to standard output -- before I've
entered my user name and password:
Dec 16, 2004 3:47:12 PM org.apache.catalina.realm.RealmBase digest
SEVERE: Error digesting user credentials
java.lang.NullPointerException
at org.apache.catalina.realm.RealmBase.digest(RealmBase.java:1062)
at
org.apache.catalina.realm.JAASCallbackHandler.(JAASCallbackHandler.java:73)
at
org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:358)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(Stand
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Olen joululomalla, palaan 4.1.2005
I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: workers2.properties for mod_jk2.so and loadbalancing
Thank you Derrick. I don't know how much the will help , because
I am using RH3 AS / Apache 2.x /Tomcat 5. x etc. but I will try to use it.
Anybody know where in Tomcat5 how the $CATALINA_BASE is read
Derrick Koes wrote:
# ++BEGIN INSTALLATION INSTRUCTIONS+
#
# Jakarta ISAPI Connector Installation Steps
#
# I. Update the server's registry settings. This can be accomplished
#using either of the following two steps:
#1. Merge the registry file hosting.isapi_redirector2.reg
#2. Manually add the following registry entries:
# a. In the registry, create a new registry key named
# "HKEY_LOCAL_MACHINE\SOFTWARE\Apache Software Foundation\
# Jakarta Isapi Redirector\2.0"
# b. [serverRoot] = [${JK2_HOME}/jk2-connector]
# c. [extensionUri] = /jakarta/isapi_redirector2.dll
# d. [workersFile] = [${JK2_HOME}/conf/workers2.properties]
# e. [logLevel] = [INFO]
#
# II. Configure IIS
#1. Using the IIS management console, add a new virtual directory to
# your default web site. The name of the virtual directory must be
# jakarta. Map this to C:\jk2-connector\bin\.
# While creating this new virtual directory assign it with
# execute access (scripts + executables)
#2. Using the IIS management console, add isapi_redirector2.dll as a
# filter to the default IIS web site.
# The name of the filter does not matter. Use "jakarta".
# The path should be C:\jk2-connector\bin\isapi_redirector2.dll
#
# [
#Windows 2003 / IIS 6.0 ONLY:
#
#3. Add isapi_redirector2.dll to the list of allowed
# "Web Service Extensions"
#4. Check to be sure an application pool named 'jakarta' was created
# under "Application Pools\DefaultAppPool", and if not, create it.
# ]
#
#5. Restart the IIS service ("IIS Admin Service")
#
#6. Test by requesting http://host-name/jkstatus
#
# ---END INSTALLATION INSTRUCTIONS--
# +++ BEGIN CONFIGURATION ++
#
# The following configuration file describes a JK2 installation
# which does round-robin, session-aware load balancing across all
# defined workers. Having a single work will balance the load on
# that worker. This is the default, even if you don't spell it out,
# but it is spelled out here for clarity. @TODO indicates a
# configuration must be made here. @OPTIONAL indicates an optional
# customization may be made.
#
#
# Define the status worker, used with the URI: /jkstatus
# This is useful for testing the health of the connector, and for
# getting performance statistics
#
# @OPTIONAL: if you don't want a /jkstatus report, omit
#
[status:status]
#
# (1) Create a logger.
# @OPTIONAL: You may customize the path if you wish.
#
[logger.file:0]
level=INFO
file=E:/files/jk2-logs/isapi_filter.log
#
# (2) Define a load balancer worker
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[lb:lb]
stickySession=1
#
# (3) Define a communication channel to tomcat
#
# @TODO:
# 1. Replace "@TODO-tomcat-id" with the tomcat server host name
# 2. Update the corresponding tomcat configuration file (${CATALINA_HOME/conf/server.xml):
#Find the line '' and add the element
#jvmRoute="@TODO-tomcat-id:8009" >. The value of jvmRoute must
#match the "tomcatId" below, or stick session load balancing will not work.
#
#** NB ** The value of the jvmRoute parameter must not contain
# embedded dot characters (".") (i.e., the fully-qualified
# domain name.) Doing so will cause JK2 load balancing to fail.
#
# @TODO: Change the host name as appropriate
#
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[channel.socket:qailt002:8009]
info=AJP13 forwarding over socket
tomcatId=qailt002:8009
[channel.socket:qailt003:8009]
info=AJP13 forwarding over socket
tomcatId=qailt003:8009
#
# (4) Define a worker which communicates over the channel above
#
# @TODO: Change the host name as appropriate
#
# @OPTIONAL: Changing the lbfactor affects the weighted round-robin
# load balancing. Higher numbers means stronger machine which will
# receive more of the requests.
#
# @OPTIONAL: You may add "debug=9" for triage, if needed
#
[ajp13:qailt002:8009]
channel=channel.socket:qailt002:8009
lbfactor=1
[ajp13:qailt003:8009]
channel=channel.socket:qailt003:8009
lbfactor=1
#
# @OPTIONAL: Repeat steps (3) and (4) here for every tomcat server
# to participate in load balancing. At least one is required.
#
# For example, if the load on the single server defined above
# is too great, configure a similar server, and repeat steps (3) and (4)
# to include the new server in the load balancing.
#
# --- END CONFIGURATION --
# +++BEGIN MAPPING++
#
# (5) Map URIs to be forwarded.
#
# @TODO: For each context deployed on the tomcat
Re: Olen joululomalla, palaan 4.1.2005
[EMAIL PROTECTED] wrote: I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] we.. I guess we have to put up with this until the new year ay. People...if you are on a mailing list.don't setup automatic replies unless you can filter out where they get sent. ... :-( Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does TC 5.5 have some type of farm deployer?
Fantastic. Thx. --- Peter Rossbach <[EMAIL PROTECTED]> wrote: > Hello Norris, > > I have actived the FarmWarDeployer at release 5.5.5. > > Regards > Peter > > Norris Shelton schrieb: > > >I ran across this document, but have not been able to find > out > >any additional information. > > > >http://tomcat.objektpark.org/pdf/Proposal-HostConfig-Deployer.pdf > > > >= > > > >Norris Shelton > >Software Engineer > >Sun Certified Java 1.1 Programmer > >Appriss, Inc. > >ICQ# 26487421 > >AIM NorrisEShelton > >YIM norrisshelton > > > > > > > > > >__ > >Do you Yahoo!? > >The all-new My Yahoo! - What will yours do? > >http://my.yahoo.com > > > >- > >To unsubscribe, e-mail: > [EMAIL PROTECTED] > >For additional commands, e-mail: > [EMAIL PROTECTED] > > > > > > > > > > > > > -- > J2EE Systemarchitekt und Tomcat Experte > > http://objektpark.de/ > http://tomcat.objektpark.org/ > http://centaurus.sourceforge.net/ > > Am Josephsschacht 72, 44879 Bochum, Deutschland > Telefon: (49) 234 9413228 > Mobil:(49) 175 1660884 > E-Mail: [EMAIL PROTECTED] > > > > > - > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > = Norris Shelton Software Engineer Sun Certified Java 1.1 Programmer Appriss, Inc. ICQ# 26487421 AIM NorrisEShelton YIM norrisshelton __ Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. http://info.mail.yahoo.com/mail_250 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: Olen joululomalla, palaan 4.1.2005
No worries. I'll kick them off the list. Mark > -Original Message- > From: Wade Chandler [mailto:[EMAIL PROTECTED] > Sent: Friday, December 17, 2004 9:30 PM > To: Tomcat Users List > Subject: Re: Olen joululomalla, palaan 4.1.2005 > > [EMAIL PROTECTED] wrote: > > I will be out of the office starting 17.12.2004 and will > not return until > > 04.01.2005. > > > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > we.. I guess we have to put up with this > until the new > year ay. People...if you are on a mailing list.don't setup > automatic replies unless you can filter out where they get > sent. ... :-( > > Wade > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Admin webapp on TC 5.0.25
I tried activating the admin web app. I got it to recognize my home-grown Realm, so I can log in and see an initial page. However, I see only one host (there are 4 defined in server.xml) and when I attempt to traverse from "Tomcat Server" to "Service" to "Host" node in the left-hand tree pane, I get the following exception: --- java.lang.NullPointerException org.apache.struts.taglib.logic.CompareTagBase.condition(CompareTagBase.java:179) org.apache.struts.taglib.logic.NotEqualTag.condition(NotEqualTag.java:90) org.apache.struts.taglib.logic.ConditionalTagBase.doStartTag(ConditionalTagBase.java:218) admin.host.host_jsp._jspService(host_jsp.java:440) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) org.apache.struts.action.RequestProcessor.doForward(RequestProcessor.java:1069) org.apache.struts.action.RequestProcessor.processForwardConfig(RequestProcessor.java:455) org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:279) org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482) org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507) javax.servlet.http.HttpServlet.service(HttpServlet.java:697) javax.servlet.http.HttpServlet.service(HttpServlet.java:810) - - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Olen joululomalla, palaan 4.1.2005
I think I can say this for a lot of us Thank You! Doug - Original Message - From: "Mark Thomas" <[EMAIL PROTECTED]> To: "'Tomcat Users List'" <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 4:48 PM Subject: RE: Olen joululomalla, palaan 4.1.2005 No worries. I'll kick them off the list. Mark -Original Message- From: Wade Chandler [mailto:[EMAIL PROTECTED] Sent: Friday, December 17, 2004 9:30 PM To: Tomcat Users List Subject: Re: Olen joululomalla, palaan 4.1.2005 [EMAIL PROTECTED] wrote: > I will be out of the office starting 17.12.2004 and will not return until > 04.01.2005. > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > we.. I guess we have to put up with this until the new year ay. People...if you are on a mailing list.don't setup automatic replies unless you can filter out where they get sent. ... :-( Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Virtual Hosts and SSL
Hello, I can't find anything specific to my question in the FAQs but I'm trying to set up a tomcat server with virtual hosts using https. I have two ips, each with its own SSL cert as I understand is necessary for https. What I want is to have each ip use port 443 with its own document tree (virtual host) but I cannot seem to get this to work. When I set up an additional ip to use port 443 I get an error 400 (bad request). Thanks, Mike -- Mike Kennedy Systems Group, C&C [EMAIL PROTECTED] 951.827.5922 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Olen joululomalla, palaan 4.1.2005
Mark Thomas wrote: No worries. I'll kick them off the list. Mark -Original Message- From: Wade Chandler [mailto:[EMAIL PROTECTED] Sent: Friday, December 17, 2004 9:30 PM To: Tomcat Users List Subject: Re: Olen joululomalla, palaan 4.1.2005 [EMAIL PROTECTED] wrote: I will be out of the office starting 17.12.2004 and will not return until 04.01.2005. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] we.. I guess we have to put up with this until the new year ay. People...if you are on a mailing list.don't setup automatic replies unless you can filter out where they get sent. ... :-( Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Yeah I normally wouldn't say something if it happened a couple of times, but his message says this will be happening until April of 2005. Thanks. Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
Mike, On Fri, Dec 17, 2004 at 02:04:43PM -0800, Mike Kennedy wrote: > I can't find anything specific to my question in the FAQs but I'm trying > to set up a tomcat server with virtual hosts using https. I have two ips, > each with its own SSL cert as I understand is necessary for https. > > What I want is to have each ip use port 443 with its own document tree > (virtual host) but I cannot seem to get this to work. When I set up an > additional ip to use port 443 I get an error 400 (bad request). I'm not sure what you mean by "virtual host". AFAIK there are generally two uses of the phrase. The first is to refer to a single web server answering to more than one domain name _without_ using one IP address per domain name. The second is to offer a customer seemingly full access to a server to run their website, without having one separate physical box per customer. Some solutions go all the way and try to make the customer feel like they have root on the box. Some solutions just provide the customer a greater-than-end-user level of access to tweaking the configuration of their webserver, cgi scripts and database. If you're asking the first, I don't know if my recent learning experience with Apache Virtual hosting will be relevant, but it may be give you some insight into what you're doing. It may only go for tomcat used in an apache/modjk/tomcat setup. Or it may not be at all relevant to tomcat, whether stand-alone or with apache. I recently re-installed my apache server, and in the process set up apache virtual hosting. I learned that it's almost impossible to set up SSL with virtual hosts with apache, you need to use IP-based hosting if you want to serve multiple domains from one apache installation via SSL, without any hitches. That said, if all you really care about is encrypting the connection, non-IP based (i.e. virtual) multiple domain hosting is still tolerable. Basically the SSL cert that's served by the server will match the default virtual host (the first one defined in the configuration). Requests to the other domains on the SSL port will hit the same SSL server and get served the SSL cert for the default domain. The browser will squawk because the Cert doesn't match the domain. If you're *really* security-conscious, this is a problem, since there's an opportunity for a man-in-the-middle attack. Somebody could slip the browser a bogus Cert and proxy requests to your server, eavesdropping on them all the while. But if you're just providing some encrypted web-access to an application, you may not mind. Security is all about trade-offs. -- Steven J. Owens [EMAIL PROTECTED] "I'm going to make broad, sweeping generalizations and strong, declarative statements, because otherwise I'll be here all night and this document will be four times longer and much less fun to read. Take it all with a grain of salt." - http://darksleep.com/notablog - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Olen joululomalla, palaan 4.1.2005
I believe the notation's semantics indicate dd/mm/ (4-January-2005).
extra directory in WebDAV servlet listing
I have the WebDAV servlet set to /webdav/*. Listing is turned on. I have a subdirectory in my webapp named "base", which contains "dir1", "dir2", and "dir3". "dir1" contains "test1" and "test2". When I get a WebDAV directory listing of http://localhost/webapp/webdav/base/dir1/ , I get back: dir1 test1 test2 In other words, the WebDAV servlet is for some reason returning the directory itself as one of its own subdirectories! Trying to select that directory gives a 404 not found. In fact, it does this for every subdirectory, listing the directory itself directory as if it were a subdirectory. This bug is exhibited by accessing the servlet from Windows XP Professional as well as from DAVExplorer. Garret - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Virtual Hosts and SSL
I know that in apache, and I suspect that it is a general rule, an SSL (HTTPS) connection requires a unique IP address. In other words, virtual hosts do not work with SSL. Daniel - Original Message - From: "Mike Kennedy" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, December 17, 2004 3:04 PM Subject: Virtual Hosts and SSL Hello, I can't find anything specific to my question in the FAQs but I'm trying to set up a tomcat server with virtual hosts using https. I have two ips, each with its own SSL cert as I understand is necessary for https. What I want is to have each ip use port 443 with its own document tree (virtual host) but I cannot seem to get this to work. When I set up an additional ip to use port 443 I get an error 400 (bad request). Thanks, Mike -- Mike Kennedy Systems Group, C&C [EMAIL PROTECTED] 951.827.5922 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
