Re: Turning on debugging in Tomcat 5.5
James Rome [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Most of the installed Tomcat classes have something like container.isDebugEnabled() {...} How do I enable these debug statements in Tomcat 5.5? I'll assume that you are using Juli. If you are using log4j, compare what I'm saying to http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html to see what you need to do. First you edit $CATALINA_HOME/conf/logging.properties and add and something like: org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/myapp].level = FINE s/Catalina/EngineName/ s/localhost/my.host.name/ Of course, if you really want to fill up your logs, you can do something like: org.apache.catalina.level = FINE Thanks, Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Q:how to remove charset from HTTP responce to allow browser use a browser selected charset?
Mark [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Mark, In my case servlet generates an output, so no JSP for now... Can I do it using filters? Or define and store user's prefs with encoding outside of tomcat and in the session and use if it's exists in the session? Other Mark's answer was a little incomplete. If your Servlet uses response.getWriter, then the spec requires that you get a charset on the Response headers. If your Servlet doesn't specify a charset in the response.setContentType, then a Filter something like: public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws ServletException, IOException { if(request instanceof HttpServletRequest) { HttpServletRequest hreq = (HttpServletRequest)request; HttpSession session = hreq.getSession(); String enc = (String)session.getAttribute(MY_ENC_ATTR_NAME); if(enc == null) { enc = getCharSetForUser(hreq); // Your lookup from DB function if(enc != null) { session.setAttribute(MY_ENC_ATTR_NAME, enc); } } if(enc != null) { response.setCharacterEncoding(enc); } } chain.doFilter(request, response); } Thanks a lot! Mark. --- Mark Thomas [EMAIL PROTECTED] wrote: Mark wrote: Hello, In my application users enter data using different languages. The problem I'm facing is the browser sets the page encoding always to ISO-8859-1. (I guess this is default based on server OS) User can change encoding on the page (Browser settings) and everything looks OK but only for one page. On the next page encoding is back to ISO-8859-1. Is there any way to instruct tomcat not to send the page encoding? If you are using JSPs, no. The spec requires that the charset is set. Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] __ Yahoo! for Good Donate to the Hurricane Katrina relief effort. http://store.yahoo.com/redcross-donate3/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.12 and user-agent header
Richard Mixon [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I tested out my application on 5.5.12 yesterday and noticed one small anomally. I had a JSP in my sitemesh decorator default.jsp that ends up wrapping the login page for container managed authentication. This page had a statement String _userAgent = request.getHeader(user-agent).toLowerCase(); It gets a null-pointer exception in 5.5.12, but under 5.5.9 it runs fine. In 5.5.12, after the login succeeds then the user-agent headers appear to be there just fine, but not on the initial login page. Is this a known issue? It's certainly not a known issue. It would help a lot if you could tell us which Connector you are using at the time (e.g. HTTP/1.1, HTTP/1.1-APR, AJP/1.3, AJP/1.3-APR). Thank you - Richard - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat start exception
If you add the attribute channelSocket.soLinger=-1 to your AJP/1.3 Connector element in server.xml, it should make the error go away. It's beyond me why Sun has decided to throw an exception here. Jun Zhu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I have a Tomcat5.5.9 server that works fine with JDBCRealm. I am trying to configure a customRealm for the sever. The customRealm.jar file was placed in the directory of $Tomcat_Home/server/lib. The realm in the server.xml has been defined as: Realm className=edu.aces.realm.JDBCUnixRealm connectionName= connectionPassword=XXX connectionURL=jdbc:mysql://oscar.acesag.auburn.edu:3306/authenticate driverName=org.gjt.mm.mysql.Driver roleNameCol=role_name userCredCol=user_pass userNameCol=user_name userRoleTable=tomcat_user_roles userTable=tomcat_users validate=true / After starting tomcat, I can see tomcat page via IE browser, but when click on Tomcat Manager, just got a blank page. I got exception in catalina.out as: WARNING: Exception executing accept java.net.SocketException: Invalid argument at java.net.PlainSocketImpl.socketSetOption(Native Method) at java.net.PlainSocketImpl.setOption(PlainSocketImpl.java:264) at java.net.Socket.setSoLinger(Socket.java:869) at org.apache.jk.common.ChannelSocket.accept(ChannelSocket.java:300) at org.apache.jk.common.ChannelSocket.acceptConnections(ChannelSocket.j$ at org.apache.jk.common.SocketAcceptor.runIt(ChannelSocket.java:852) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(Thread$ at java.lang.Thread.run(Thread.java:595) In most case this exception means The server is not running (nobody is listening on the specified port) or The host is not reachable. Is there any additional configuration I missed? How to fix this problem? Please help. Julia Zhu - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat working directory
The easiest way to to open up the nice GUI (If it isn't in the System-Tray or the Start menu, then it's usually at $CATALINA_HOME\bin\tomcat5w.exe), open the Startup tab, fill-in the Working Path box, and click 'OK'. Then restart the service. It's also possible to do this from the command line, but I'll leave that as an exercise for people that have actually read the commons-daemon FM. Samit Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, How do I set tomcat-5's working directory to something other than C:\Windows\System32 when it is run as windows (XP) service . Even if I set CATALINA_HOME to point to the tomcat installation directory it doesn't take it. Everything works great if I run tomcat from the command line using tomcat's startup.bat file. Any help would be appreciated. ~Samit Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Suppress Connection reset by peer: socket write error.
Dola Woolfe [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I apologize for asking this question again for I remembering asking this question in the past, but I can't find the response. What setting (and where) will suppress the aforementioned exception in the tomcat log? Including the Tomcat version helps ;-). I'm assuming that this is for the AJP/1.3 Connector. The answer is to change the logging level for that component to be one higher than the level in the message (in the latest version, it's at DEBUG level and I don't remember what it used to be). For example, if you are using JDK1.4 logging you would do something like: org.apache.jk.common.level=SEVERE in your logging.properties file. Thank you very much in advance, again! Dola __ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: password authentication causes 403 error
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I would like to set up my development tomcat-5.0.28 (on port 8080) so that all webapps that are not password protected, to have password authentification. Since it is my dev box I would like to use the memory realm. I have this in my web.xml: security-constraint web-resource-collection url-pattern/*/url-pattern http-methodGET/http-method http-methodPOST/http-method /web-resource-collection auth-constraint role-name=admin/ It's: auth-constraint role-nameadmin/role-name /auth-constraint What you have (other than being invalid, if validation-checking was enabled :), tells Tomcat to forbid access to everyone. user-data-constraint transport-guaranteeNONE/transport-guarantee /user-data-constraint /security-constraint login-config auth-methodBASIC/auth-method /login-config I have this in my tomcat-users.xml: tomcat-users role rolename=tomcat/ role rolename=role1/ role rolename=manager/ role rolename=admin/ user username=mylogin password=mypassword roles=admin,manager,role1/ /tomcat-users If I go to http://localhost:8080/manager it asks me to login and then gives me access to the webapp as expected. If I go to http://localhost:8080/ it asks me to login and if I get it wrong is gives me a 401 error as expected but if I get it right it gives me a 403 error instead of allowing access to the webapp. This happens with all webapps that do not have their own authentication. How do I configure tomcat to give me access to my webapps when I login correctly? Thanks, Paul -- Paul Mackinlay (PhD, MEng) http://www.webotech.co.uk/ [EMAIL PROTECTED] Tel: +44(0)7050 699971 Fax: +44(0)7050 699972 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Final questions: workers.properties
David Thielen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi; First off thanks to all for help - I think I'm just about done. Question: workers.properties.minimal (which works fine) only has: worker.list=ajp13w worker.ajp13w.type=ajp13 worker.ajp13w.host=localhost worker.ajp13w.port=8009 While workers.properties (not load balancing) also has: workers.tomcat_home=/var/tomcat3 workers.java_home=/opt/IBMJava2-13 ps=/ worker.inprocess.* (lots of inprocess ones) Are the above needed for anything? It wasn't clear to me reading the docs what inprocess was for. The inprocess is for Apache to connect to Tomcat using JNI. It currently only works for TC 3.3.x, so you can likely safely ignore it (or comment it out). ??? - thanks - dave David Thielen 303-499-2544 www.windwardreports.com http://www.windwardreports.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Final questions: Default pages
David Thielen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi; I have multiple domains on my website (IIS). I would like to do the following. When a user goes to http://www.windward.net/cart.jsp or http://www.windwardreports.com/cart.jsp that it then loads the jsp page in the root of a specific webapp of mine. In other words, all requests for a .jsp (or .faces) page is mapped to the same servlet regardless of the domain. And that the servlet name is not needed as part of the url. How can I do this? Simplest is to Alias one or the other to your real VHost. With TC 5.5.10+ you can also use useIPVHosts=true on the Connector to use whatever IIS sends for SERVER_NAME as the Host name for mapping (really don't know, and care even less how this will work :). Thanks - dave David Thielen 303-499-2544 www.windwardreports.com http://www.windwardreports.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Suspected memory leak in Tomcat or JVM?
There are some memory leaks in the AJP/1.3 Connector (e.g. http://issues.apache.org/bugzilla/show_bug.cgi?id=32141), but the CVS logs say that these were introduced after 4.1.27. Jochen Wiedmann [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, we have an elder application running on Tomcat 4.1.27 with Java 1.4.2_08 on Sparc Solaris 8. Recently we moved the application to a new machine running on Sparc Solaris 9. Since then we have a serious memory problem and need to restart the same application twice a day. One minor change: We are now using mod_jk 1.2.14 and no longer mod_proxy. As I am unaware of any serious heap profiler that is fast enough for production use, I decided to try the very simple heap profiler from http://www.virtualmachine.de/. I made a dump after starting the application and before shutting down. The results were (to me) quite surprising: The main difference was in the following numbers: At startBefore shutdown Objects Size Objects Size [byte5638 6M160796569M [char 3006402 195M 3211457418M ByteChunk62 2K 345450 14M CharChunk 46 2K 324080 13M (With ByteChunk and CharChunk being from the org.apache.tomcat.util.buf package.) To me, this numbers seem to be related. Any ideas? Regards, Jochen -- Having experienced 7 years of labour/green government, I now know the reason, why a conservative government is good for the economy: The economy's unable to imagine anything else ... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: connecting tomcat-5-5-9 to apache server 2-0-54
If you have MSVC 6+ installed, just use the mod_jk2.dsp file in native2\server\apache2. Otherwise, you'll probably have to roll your own Makefile. Thomas Clery [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I would like to connect Apache Tomcat and Apache Server using mod_jk2 but I cannot find the .dll. How do I build the mod_jk2.dll for apache 2.0.54. I would like to install this on windows xp professional Thank you - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Custom SSLServerSocket implementation
Alain Brousseau [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I need to tell Tomcat 5.5 to use my custom SSLServerSocketFactory for backwards compatibility with our client-side software. It was relatively easy with Tomcat 4.1 (using a Factory element in the Connector configuration) but with tomcat 5.5 it doesn't work. The Connector seems to ignore the factory attribute. How can this be done with Tomcat 5.5 ? You can't implement a custom SSLServerSocketFactory in TC 5.5. You can however implement a custom SSLImplementation. You need to extend o.a.t.u.net.SSLImplementation (implementing the abstract methods), and then use something like: Connector port=443 secure=true scheme=https sSLImplementation=com.myfirm.mypackage.MySSLImplementation / Thanks Alain Brousseau - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Http Keep-Alive
As I recall, TC 3.2.x only has a HTTP/1.0 Connector. In particular, it never respects HTTP keep-alives. Jamie Spurr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know the property in the server.xml file on Tomcat for switching off http keep-alives? I'm using version 3.2.1. I can't find a listing for this deprecated version - Thanks, Jamie. ** Disclaimer: This message may contain privileged or confidential information. If you are not the intended recipient, please notify the sender and delete this message. Please be advised that any disclosure, copying, distribution or use of this information is strictly prohibited. Views expressed in this message are those of the individual sender and are not necessarily the views of Streamdoor Ltd, unless otherwise stated. Although Streamdoor Ltd has taken precautions to ensure no viruses are present in this email, the company cannot accept responsibility for any loss or damage caused arising from the use of this email or attachment. www.streamdoor.com ** - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: anonymising Tomcat
Paul Singleton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is it possible to configure Tomcat (5.5.9) so that a moderately able hacker couldn't figure out what is serving up our web apps? As documented at http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html: Connector protocol=HTTP/1.1 server=MSIE/5.0 / Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.338 / Virus Database: 267.10.0/63 - Release Date: 3/Aug/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.5.x and Unix Sockets
Haven't tried it, but it should still work. The main difference is that (since mod_jk2 is deprecated) Tomcat 5.5.x no longer reads jk.properties by default. You need something like: Connector protocol=AJP/1.3 propertiesFile=conf/jk2.properties / Alternatively, you can include the settings from jk2.properties as attributes of the Connector element. Vijay Babu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi , Had anyone of you tested Tomcat 5.5.x with mod_jk2 configured for using Unix sockets. I have not been able to make this work. I know mod_jk2 is deprecated. The open source doesnt say that it will not work , but says it may work. Since i want to upgrade to Tomcat 5.5.9 i want to check this. Please let me know the configuration details for this to work. Tomcat 4 configuration doenst work here. Thanks in advance, Regards, Bob - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet mapping - url pattern with *
flower [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Let's consider situation like this: We have got some servlets responsible for genereting galery page. We want group galery pages by use common part in uri (/galery/): http://x.com/galery/galery_id/firstpage.html http://x.com/galery/galery_id/secondpage.html firstpage.html is generated by servlet1 , secondpage.html by servlet2. So we must url-pattern like this: /galery/*/firstpage.html and /galery/*/secondpage.html but this url-pattern doesn't work. question: why ? ( I use version 5.5.9 ) Some people, with I was talking about this, said that patterns like this was work with previously version and that version 5.5.9 is crazy ;] I've got a vague recollection that some some such Tomcat-specific extension was proposed on the dev list. Can't remember if it was ever implemented (and to which version), and I'm much to lazy to look it up :). However, the 5.5.9 behavior is in strict compilance with the Servlet spec (and, hence anything but crazy). Is any way to obtain behaviour like above with latest version ? Simplest is with a Filter that does something like: RequestDispatcher rd = null; if(request.getRequestURI().endsWith(/firstpage.html) { rd = getServletContext().getNamedDispatcher(servlet1); } else if(request.getRequestURI().endsWith(/secondpage.html); rd = getServletContext().getNamedDispatcher(servlet2); } if(rd != null) { rd.forward(request, response); } Greatings flow - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is APR ?
http://apr.apache.org/ Anto Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, Is APR for Tomcat is any native library or java ? Where to get it ? -- rgds Anto Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getting Tomcat 5.5 daemon/service to startup automatically on bootup?
Ferindo Middleton Jr [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm running *Tomcat/5.5.6 on* Fedora Core 4. What is the best way to get my Tomcat server to start automatically on bootup. My server does use SSL. I have read through the info on setting up tomcat as a daemon under Unix at http://jakarta.apache.org/tomcat/tomcat-5.5-doc/setup.html and this works after i run the command: ./bin/jsvc -Djava.endorsed.dirs=./common/endorsed -cp ./bin/bootstrap.jar \ -outfile ./logs/catalina.out -errfile ./logs/catalina.err \ org.apache.catalina.startup.Bootstrap but when the computer reboots, no daemon/service restarts the tomcat automatically. How do you get it to start automatically during bootup. In the jsvc-src/native directory where you unpacked the jsvc source code there is a file called Tomcat5.sh. Edit that so that it specifies the options you want. Then copy it to /etc/init.d. Then cd to /etc/rc2.d (or rc3.d if you boot to init-level three) do: ln -s ../init.d/Tomcat5.sh S75tomcat Ferindo -- Ferindo Middleton Chief Architect Sleekcollar.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem running Tomcat on Windows 64-Bit Edition
There is a srvbatch in commons-daemon (I'm too lazy to look if there is a binary released for it :) that will allow you run the batch files as a service. You can also grab the source from commons-daemon and compile a 64bit version yourself (only the MSDK is needed, but you need to create your own makefiles). I've done both, and they both work well (but only the second one lets you have the nice configuration GUI :). Spors, Jeffrey R [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am trying to run Tomcat 5.5.9 as a service on Windows Server 2003 64-Bit Edition. The following scenarios work fine: - 32-bit JDK and Tomcat 5.5 running as a service and using startup.bat - 64-bit JDK and Tomcat 5.5 using startup.bat However, I can't run 64-bit JDK and Tomcat 5.5 as a service because it runs tomcat5.exe, which is 32-bit app (32-bit apps cannot reference 64-bit apps and vice versa on Windows 64). Is there a 64-bit binary for tomcat5.exe, is it possible for me to build tomcat5.exe as a 64-bit app from source, or is there a way of getting Tomcat to run as a service using only the .bat files? Thanks for any help. Jeff Spors Winona State University - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to Replace Tomcat authentication?
ohaya [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've been looking into possibly replacing Tomcat's authentication with our own functionality. It looks like there use to be a class called SimpleRealm in the older Tomcat versions that would have done the trick if we replaced it, but I can't find any references to it in the latest source that I downloaded. In TC versions 3.x.x, the replacement is RealmBase (in org.apache.catalina.realm). It's an abstract class, so you extend it with the functionality that you want. Has anyone here done this before, and can you provide me to some pointers as to where/how to get started with it with the current version of Tomcat? Thanks in advance!! Jim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Is there another version of Tomcat coming any time soon
I would guess that 5.5.10 will likely come out within the next month+0.5, but this is only a guess. No timetable for a release has been mentioned recently on the dev list. Edmon Begoli [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am trying to schedule a production release, so I would like to know if there is another point release of Tomcat coming out (like 5.5.10) within next month and a half. -- Thank you, Edmon Begoli http://blogs.ittoolbox.com/eai/software - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What is allowed to do with a HttpServletRequest ?
cristi [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello all I have a web application where I need to use in a second request the HttpServletRequest object sent to the same servelet in the first request. Here is what my servlet looks like : public void doGet( HttpServletRequest request, HttpServletResponse response ) { /* some code here detecting if this request is the first one. This code initializes isFirstRequest */ if( isFirstRequest ) { session.setAttribute( FIRST_REQUEST_OBJECT, request ); request.getRequestDispatcher(somepage.jsp).forward(request, response); } else { HttpServletRequest oreq = (HttpServletRequest)session.getAttribute(FIRST_REQUEST_OBJECT); request.getRequestDispatcher(somepage.jsp).forward(oreq, response); } } It seems that it is not safe to do so. What can I do to handle this situation ? According to the spec (section 8.2 for those of you following along at home :), the only safe HttpServletRequest to pass is the one that was passed into the Servlet, or a child of HttpServletRequestWrapper that wraps the one that was passed into the Servlet. Tomcat happens to be very lenient in inforcing this restriction among Servlet-Containers out there. The other-guys would probably throw an exception straight away for attempting something like the above. Thx. Cristi - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat JSVC Errors
At a first guess, compare the version of libgcc for jsvc and libjvm.so. I remember that java -version tells you the second one on Lynux. Otherwise, you can use 'ldd'. You can also use 'ldd' to get the first. Wasik, Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I'm rather new to Tomcat. I have configured Tomcat 5.0.28 to launch under a non-privileged user account using the jsvc launcher. Tomcat works fine except I am finding the following errors in my Tomcat logs. I'm running this on Red Hat EL3 Linux server. I'm running the Sun JDK 1_5_0_03. jsvc.exec error: Service exit with a return value of 143 Java HotSpot(TM) Client VM warning: Can't detect initial thread stack location - find_vma failed Can anyone point me in the right direction on how to resolve this? I have Googled around but not found a good answer. Thanks, Paul - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how do i prevent tomcat5 from adding trailing slash?
Edmund Urbani [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hi! i ran into some trouble with tomcat5 and its slash adding behaviour. there's this MS WebFolder client (M$ for WebDAV), that does not seem to be able to cope with status 302 redirects in some situations. in order to work around this problem i modified the class org.apache.tomcat.util.http.mapper.Mapper, so it would not add a trailing slash for an URL like http://host:8080/slide. But since I really don't want to (and usually don't need to) change anything about tomcat, I'd rather have a configuration option for this. I know that the old tomcat4 did not do redirects for this either, so I thought maybe someone would add a config option to revert to that old behaviour. if not, is there a any way to prevent this redirect without modifying tomcat5's source? I'm too lazy to look at the commit log to see what TC 5 version it was changed in, but if you use url-pattern/*/url-pattern for your webdav servlet instead of url-pattern//url-pattern, Tomcat will not send the 302 response for a directory request. Cheers, Edmund - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Authentication for individual apps
Mahesh S Kudva [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All Thanks for the note. May be I was not clear in my earlier mail. I have client authentication using certificates. I want to skip client auth for certain hosted applications on the server but preserve client auth for other apps. On the Connector leave the 'clientAuth' attribute as 'false' (or use 'want', if you really want to be annoying :). Then in the webapps that care setup your web.xml files with something like: login-config auth-methodCLIENT-CERT/auth-method /login-config In this case, any page protected by a security-constraint will force the user to send a client-cert. Unfortunately, most of the production-quality Realms that ship with Tomcat don't support CLIENT-CERT auth. For 4.1.x = tcversion = 5.0.x, there is also a request attribute that you can use to do the same thing. If you need it, search the archives. Regards Thanks Mahesh S Kudva -Original Message- From: Paul Singleton [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Date: Fri, 01 Jul 2005 15:32:12 +0100 Subject: Re: Certificate Authentication for individual apps Mahesh S Kudva wrote: How can I have different certificate authentication for different applications and skip certificate authentication for some applications hosted on the same server. I believe that, at least under SSL, certificates authenticate *servers* not applications, and that the Connector offers a certificate before it checks, or regardless of, the context path within that server. So you need to deploy each app at a different (virtual) host, each with a different IP address. We do this currently with 5.5.9. You can use the default keystore for all hosts, and use the (undocumented) keyAlias=myalias Connector attribute to offer the appropriate certificate for each host, e.g. Connector address=288.104.197.211 port=8443 scheme=https secure=true sslProtocol=TLS keyAlias=mrk2 / (in 5.5.9 you also need sslProtocol=TLS explicitly) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.8.8/35 - Release Date: 30/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- Robosoft Technologies - Partners in Product Development - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5.5.7 and Log4j
Robert Taylor [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings, I'm trying to use Log4j in my web app and I'm having some difficulty. I'm running Tomcat5.5.7 and JDK 1.5.0 I've followed the instructions here: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html -placed log4j.jar and commons-logging.jar in commons/lib -placed log4j.xml in commons/classes -Added the following to the Tomcat startup: -Dlog4j.configuration=file:///D:/j2ee_containers/servlet/tomcat/5.5.7/Tomcat%205.5/common/classes/log4j.xml Don't know exactly what you're trying to do. The URL above is about using log4j for Tomcat internal logging (including HttpServlet.log). If you don't care about this, then just remove the log4j.jar from commons/lib (and log4j.xml from commons/classes just to be clean :). Then you're webapp will use the log4j in WEB-INF/lib and everybody is happy. Alternatively, if you want to use log4j for Tomcat logging as well as for your webapp, then either: 1) remove the log4j.jar from your webapp's WEB-INF/lib and force it to use the one in common/lib. This is good for small sites that want one central place to control all of the logging, and can easily setup common/classes/log4j.xml to handle all webapps that are deployed. 2) move log4j.jar to $CATALINA_HOME/server/lib and log4j.xml to $CATALINA_HOME/server/classes. In this case, this copy of log4j will be used for Tomcat internal logging only. Your webapp will use the copy in WEB-INF/lib, with the configuration that is in WEB-INF/classes. Personally, if you're not a Tomcat developer, I think that this is a questionable use-case since Juli (the default Tomcat logging) is good enough to handle the Tomcat logs in most cases. It looks like Tomcat is finding and recognizing log4j.xml but is failing with the following error in the log file: log4j:ERROR A org.apache.log4j.xml.DOMConfigurator object is not assignable to a org.apache.log4j.spi.Configurator variable. log4j:ERROR The class org.apache.log4j.spi.Configurator was loaded by log4j:ERROR [EMAIL PROTECTED] whereas object of type log4j:ERROR org.apache.log4j.xml.DOMConfigurator was loaded by [WebappClassLoader delegate: false repositories: -- Parent Classloader: [EMAIL PROTECTED] ]. log4j:ERROR Could not instantiate configurator [org.apache.log4j.xml.DOMConfigurator]. I googled for this and didn't find anything relavent. http://www.google.com/search?biw=1266hl=enq=A+%22org.apache.log4j.xml.DOMConfigurator%22+object+is+not+assignable+to+a+%22org.apache.log4j.spi.Configurator%22+variable.btnG=Google+Search Any hints (even if its RTFM with a link) would be great. /robert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Test - please[don't] ignore!
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, This is really wierd - I can't post this msg to the list! The Test went through fine, but every time I try and post the msg below, it just disappears. Anyone guess why? Anyone know the answer?!! cheers, David Subject: Get Tomcat's port in startup servlet Body: Hi, I have a servlet which runs on startup. Within it, I need to get the port number that tomcat is using. Does anyone know the best way to do this? Strictly speaking, you want request.getLocalPort(). However, usually you want request.getServerPort() instead. cheers, David |-+ | | David Hay | | | [EMAIL PROTECTED]| | | l.com | | || | | 06/24/2005 09:19 | | | AM | | | Please respond to| | | Tomcat Users| | | List| | || |-+ ---| | | | To: tomcat-user@jakarta.apache.org | | cc: | | Subject: Test - please ignore! | ---| testing - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Building tomcat-connectors with ANT
Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Ah. It wasn't clear from your original post which part of the connectors you were trying to build. I was referring to the Tomcat end of things (the Java AJP/HTTP connectors) rather than mod_jk. The following from the dev list might help. Failing that, with the clarification of what it is you want to do, someone else may pitch in with some help. http://marc.theaimsgroup.com/?l=tomcat-devm=50341215849w=2 Yup. The Ant build of mod_jk isn't supported and I don't think that it has worked in a very long time. Use the configure/make option as outlined in the link above. Mark BATCHELOR, SCOTT (CONTRACTOR) wrote: Would you mind pointing me in the right direction for some docs? I really only want to build mod_jk Thanks, -SB -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Monday, June 27, 2005 2:08 PM To: Tomcat Users List Subject: Re: Building tomcat-connectors with ANT BATCHELOR, SCOTT (CONTRACTOR) wrote: Has anyone been successful in this? Yes. Regularly. 4.1.x, 5.0.x and 5.5.x Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Rc3.d startup scripts
For Apache 2.0.52, unless you need SSL, you can do worse than: ln -s /usr/local/apache2/bin/apachectl S35apache If you don't mind running as root, you can do the same thing for Tomcat: ln -s /path/to/tomcat/bin/catalina.sh S34tomcat If you are using jsvc, then the Tomcat5.sh script that ships with it is meant to be the start of an rcx.d script. Even if you're not using jsvc, you could always unpack the distro and look at the script as a pattern to start from. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am trying to create a startup script for Solaris for both Tomcat 5.5.9 and Apache 2.0.52. Can anyone tell me how to do that, so that when the box is rebooted it automatically starts Tomcat and Apache. Thank you for your help. This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: configuration question : the number of connections could be supported by a connector in Tomcat 5.0
If you are fronting with Apache, then the mapping between connections and threads is more a function of your MPM. As a result, I'm just going to answer for the stand-alone Connector. In Tomcat 5.0, there is a one-to-one mapping between socket connections and threads. Pipelined HTTP/1.1 keep-alive connections will all use the same thread to process. In 5.5.10+ this will no longer necessarily be the case. It will be possible for Tomcat to handle many (and the value of 'many' is heavily dependent on what your app does :) more socket connections than the configured maxThreads. Feng Xie (fxie) [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I like to get some help on how to configure the maximum number of connections could be supported by Tomcat5.0. There is one config attribute called maxThreads, according to Tomcat doc, which isThe maximum number of request processing threads to be created by this Connector, which therefore determines the maximum number of simultaneous requests that can be handled. . My question comes from the fact that there might be multiple HTTP requests pipelined in each HTTP/1.1 connections, so can we still treat the maxThread as the maxConnections. Thanks in advance, Feng - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3.2.3 / JDK 1.4.2_04-b05
Samit Paul [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, Can somebody help me find out how my tomcat is dying. As far as I know it's not triggered by any url access or memory leak or stack overflow. It dies on it's own( I guess). Is there any kind of hook I can provide that will tell me when it dies? If this subject is already covered , please atleat point me there. Well, as I remember, tomcat dying on 3.2.3 was one of it's major features ;-). This was one of the major reasons for the re-designs in both TC 3.3.x and TC 4.x. Unless you think that you look distinguished after pulling all of your hair out, I'd strongly suggest upgrading ;-). Thanks, Samit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Web Server ServerTokenNotSet Vulnerability
My long-time favorite is server=Microsoft-IIS/5.0 ;-). Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] No idea. Try , , Tin foil hats R us or something similar. I am not even sure this is why your scanner is reporting a problem. Mark Gao, Frank wrote: What the server parameter value should be in order to pass the security scan? -Original Message- From: Mark Thomas [mailto:[EMAIL PROTECTED] Sent: Friday, June 10, 2005 2:14 PM To: Tomcat Users List Subject: Re: Tomcat Web Server ServerTokenNotSet Vulnerability Try setting the server parameter on the connector. See http://jakarta.apache.org/tomcat/tomcat-5.5-doc/config/http.html Mark Gao, Frank wrote: Hi, I have a Tomcat 5.5.7 standalone webserver running on my machine, recently I got a security scan warning of ApacheServerTokenNotSet. Does anyone know how to configure the Tomcat 5.5.7 to pass this security scan? I know there is a 'ServerTokens' directive for Apache Web Server that I can use to limit the information giving out. But I cann't find anything similar on Tomcat Web Server. Anyone has any idea about this? Thanks, Frank - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.0.28 w/ MX4J 3.0.1, possible?
Rick [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have been trying to migrate to the latest version of MX4J (3.0.1) from the old 1.1.1 version. And for the life of me, I don't seem to be able to get it to work. I use JMX to communicate to various servers in our webapp to show session info on different nodes, and I would also like to implement some other features.. Old 1.1.1 implementation -- jk2.properties mx.enabled=true mx.jrmpPort=1099 mx.jrmpHost=localhost -- Code -- Hashtable environment = new Hashtable(); environment.put(Context.INITIAL_CONTEXT_FACTORY, com.sun.jndi.rmi.registry.RegistryContextFactory); environment.put(Context.PROVIDER_URL,rmi://localhost:1099); JRMPConnector connector = new JMRPConnector(); connector.connect(jrmp, environment); RemoteMBeanServer server = connector.getRemoteMBeanServer(); Ok.. So I replaced jmx.jar with the latest version of mx4j.jar (renamed to jmx.jar) under tomcat_home/bin And replaced or added Mx4j-jmx.jar Mx4j-tools.jar Mx4j-remote.jar To /tomcat_home/common/lib Now, when I start tomcat I get the error.. MX4j RMI adapter not loaded: java.lang.ClassNotFoundException: mx4j.adaptor.rmi.jrmp.JRMPAdaptor Which is correct, since that's not a valid class now, but how do I configure tomcat to properly use the new mx4j. Yep. The jrmp adapter is gone. If I enable mx.httpPort=9000/mx.httpHost=localhost then JMX does enable and I get a pretty little message like... HttpAdapter version 3.0.1 started on port 9000 , but I have no idea at this point how to properly use the HTTP connector. Any info or suggestions to getting the RMI adapter working, or how to use the http adapter, or just the best way to go about Using MX4J, not sure if either is possible with out updating to tomcat 5.5.x. The RMI adapter is gone in mx4j 3.x. There is nothing that Tomat can do about it. You can access the http adapter by simply typing http://localhost:9000 in you favorite browser. The only thing you gain by upgrading to 5.5.x is the ability to use the http adapter in XML instead of HTML. Thanks, Rick - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: After a successful build of tomcat from build.xml, how do I install it?
Optionally copy your build.properties file to .../jakarta-tomcat-5. Then in your .../jakarta-tomcat-5/build.properties file add the property: tomcat.dist=/path/to/my/tomcat/install/dir Then from .../jakarta-tomcat-5 do 'ant dist'. This is the closest to 'ant install' that you can get. The other option (w/o necessarily setting the property above) is to do 'ant release' from the .../jakarta-tomcat-5 directory. That will create the source and binary release .tar.gz and .zip files that you could otherwise install just as if you had downloaded them. In short, the top-level build.xml is just a convenience file. The one with all the power is the one in jakarta-tomcat-5. Clark, Benjamin [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I am a Tomcat newbie, having been a Perl webguy for the past 5 years. Because I like to build that which I use from source, I am trying to get Tomcat running on my Linux laptop using a build.xml file from http://jakarta.apache.org/tomcat/tomcat-5.5-doc/build.xml http://jakarta.apache.org/tomcat/tomcat-5.5-doc/build.xml I created a /home/tomcatd/tomcat_build directory, put the build.xml file in there, and then created a build.properties file with base.path=/home/tomcatd/lib $ pwd /home/tomcatd/tomcat_build $ ls build.xml build.properties $ ant ... blah blah blah - build was successful $ ls build.properties jakarta-servletapi-5 jakarta-tomcat-connectors build.xml jakarta-tomcat-5 jakarta-tomcat-jasper jakarta-commons jakarta-tomcat-catalina LICENSE This is all the instructions for 'Building Tomcat' say to do. $ cd jakarta-tomcat-5 $ ls BENCHMARKS.txtcompat NOTICE RUNNING.txt Build CVS RELEASE-NOTES tomcat.nsi BUILDING.txt deployer RELEASE-PLAN-5.0.txt build.properties.defaultKEYS RELEASE-PLAN-5.5.txt build.xml LICENSE resources $ cd build $ ls bincommondocs logs shared tests work classes conf lib servertemp webapps This is the stuff ( I think ) that comes with the pre-compiled distributions. It would seem there is one more step akin to a 'make install' that I need to perform, but I can't seem to find it. Does anyone know what I would need to do to actually install the stuff in the build directory into another directory from which it could be used? Yes, I know I could just copy the stuff out myself, but I would have a nagging feeling there might be an 'ant install' step I should have done that may or may not do more than just copy stuff. Thanks. - Please note that with our change to TD Banknorth, N.A. our e-mail addresses have changed. Please make note of my new e-mail address. And while our name has changed, remember this: Everything else has stayed the same. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.5.9's choice of certificate from keystore
Paul Singleton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I believe that a keystore can legitimately contain many certificates, whether root- or self-signed. How does (and should) Tomcat 5.5.9 choose which of many such certificates to offer when a client makes an HTTPS request? It will use the one with the 'tomcat' alias by default. Is there any way of hinting or telling it which to use (to help me implement multi-IP-address-based virtual root-certified HTTPS hosts)? You can specify the attribute keyAlias=myCertAlias on the Connector element to tell Tomcat which cert to use. (Empirically, it seems to pick an arbitrary root certificate if it can find one, else an arbitrary self-signed one...) Paul Singleton -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.323 / Virus Database: 267.6.2 - Release Date: 4/Jun/2005 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: security constraints in tomcat 4.1.30
Along with what Mark said, you should know that TC 4.1.30 stops checking after the *first* matching constraint (so in your case, the '/*' always wins). Try reversing the order of your constraints in web.xml. As Mark mentioned, this has changed in TC 5.x, and your web.xml should work as written. Angela Stempfel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello all I have a problem concerning Tomcat 4.1.30. In web.xml i defined several security constraint. First of all I protected the whole application and then I excluded the directories with images and css files. Furthermore I defined some roles. pre security-constraint display-nameTCE GUI/display-name web-resource-collection web-resource-nameWEBGui Area/web-resource-name !-- Define the context-relative URL(s) to be protected -- url-pattern/*/url-pattern /web-resource-collection auth-constraint !-- Anyone with one of the listed roles may access this area -- role-name*/role-name /auth-constraint /security-constraint security-constraint web-resource-collection web-resource-nameImages and CSS Not Protected/web-resource-name url-pattern/images/*/url-pattern url-pattern/css/*/url-pattern http-methodGET/http-method http-methodHEAD/http-method /web-resource-collection /security-constraint security-constraint display-nameDSLAM Configuration/display-name web-resource-collection web-resource-name Access to DSLAM Configuration /web-resource-name url-pattern/DslamConfig/*/url-pattern /web-resource-collection auth-constraint role-namedslamConfig/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method form-login-config form-login-page/login.jsp/form-login-page form-error-page/login-error.jsp/form-error-page /form-login-config /login-config security-role role-namedslamConfig/role-name /security-role /pre So my problem is that this works fine with Tomcat 5.0 but not with Tomcat 4.1.30. If I go to the login page, the stylesheet and images are not found when running the Application with version 4.1.30. Also the Security Constraints are not working correctly, this means that a user that hasn't the role dslamConfig is able to enter the following URL: /DslamConfig/* Has anyone some ideas? Thanks a lot Angela - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and RMI client - setup
Nikola Milutinovic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all. This might be a simple question. I have a working RMI client and server. I have tested it no problem. Now I would like to make a JSP/Servlet that will act as a RMI client and connect to the RMI server running outside Tomcat JVM. I keep running into access permission violations. I understand that I need to setup security policy, I had that for RMI. One thing than makes me slightly suspicious, is the fact that when I debug TC/RMI combo, I can see that my RMI client enters into setting up RMISecurityManager: if (System.getSecurityManager() == null) { goes in = System.setSecurityManager( new RMISecurityManager() ); } Is that OK? I thought TC would setup security manager. Setting an SM this late could cause wierd problems, depending on what permissions it doesn't grant, so it's probably at the least a bad idea. TC only sets up the SM if you start it with '-security'. Now, my question is, what about Tomcat? If I want to run this, what do I need to do? If I get it, I need to: - setup catalina.policy - run it with -security option I'm on Windows XP, how do I enable security mode for TC? That's the idea. And, as a bonus, it works the same on Linux, Solaris, OS/X, . Am I barking up the wrong tree? Nix. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with precompiled JSP's (2nd Try)
I just checked, and there is indeed NoSuchMethod in Tomcat 5. You need to re-precompile your JSPs using the jspc from Tomcat 5 for it to work. It's not enough to just move the class files over, since they reference the Jasper version that they were compiled with. Mike Baliel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have an application that is currently running under JBoss 3.2.x with Jetty that I would like to get running on Tomcat 5.X. I have precompiled all of the JSP's and mapped them to there respective JSP path in the web.xml. Here is a sample fragment of the web.xml: ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=WebApp display-namemjc_campus_tour/display-name servlet servlet-nametourArea0/servlet-name display-nametourArea0/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea0_jsp/servlet-class /servlet servlet servlet-nametourArea1/servlet-name display-nametourArea1/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea1_jsp/servlet-class /servlet servlet servlet-nametourArea2/servlet-name display-nametourArea2/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea2_jsp/servlet-class /servlet servlet servlet-nametourArea3/servlet-name display-nametourArea3/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea3_jsp/servlet-class /servlet servlet servlet-namefooter/servlet-name display-namefooter/display-name servlet-classcom.atomogy.virtualtour.view.include.footer_jsp/servlet-class /servlet servlet servlet-nameheader/servlet-name display-nameheader/display-name servlet-classcom.atomogy.virtualtour.view.include.header_jsp/servlet-class /servlet servlet-mapping servlet-nametourArea0/servlet-name url-pattern/pages/tourArea0.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea1/servlet-name url-pattern/pages/tourArea1.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea2/servlet-name url-pattern/pages/tourArea2.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea3/servlet-name url-pattern/pages/tourArea3.jsp/url-pattern /servlet-mapping servlet-mapping servlet-namefooter/servlet-name url-pattern/include/footer.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameheader/servlet-name url-pattern/include/header.jsp/url-pattern /servlet-mapping welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list /web-app The error message that I get when trying to run the application on Tomcat is as follows: 2005-05-26 09:33:03 StandardWrapperValve[tourArea0]: Servlet.service() for servlet tourArea0 threw exception java.lang.NoSuchMethodError: org.apache.jasper.runtime.JspRuntimeLibrary.include(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V at com.atomogy.virtualtour.view.pages.tourArea0_jsp._jspService(tourArea0_jsp.java:43) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at
Re: Problem with precompiled JSP's (2nd Try)
Mike Baliel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks for replying Bill I have Tomcat 5.0 installed and I checked the jasper-runtime.jar located at Tomcat5.0\common\lib and in my copy the method exists... ? Are you looking in jasper-compiler or jasper-runtime? Admittedly, I'm looking at the 5.5 version (since I removed the 5.0 version here long ago :). However, I didn't think that there were such major changes in Jasper between 5.0 and 5.5 (and a quick check of the CVS log confirms it :). The signature in all recent versions of TC 5.x jasper-runtimes is: public static void include(ServletRequest request, ServletResponse response, String relativePath, JspWriter out, boolean flush) throws IOException, ServletException { which is clearly different from your pre-compiled JSPs. Bill Barker wrote: I just checked, and there is indeed NoSuchMethod in Tomcat 5. You need to re-precompile your JSPs using the jspc from Tomcat 5 for it to work. It's not enough to just move the class files over, since they reference the Jasper version that they were compiled with. Mike Baliel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have an application that is currently running under JBoss 3.2.x with Jetty that I would like to get running on Tomcat 5.X. I have precompiled all of the JSP's and mapped them to there respective JSP path in the web.xml. Here is a sample fragment of the web.xml: ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app id=WebApp display-namemjc_campus_tour/display-name servlet servlet-nametourArea0/servlet-name display-nametourArea0/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea0_jsp/servlet-class /servlet servlet servlet-nametourArea1/servlet-name display-nametourArea1/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea1_jsp/servlet-class /servlet servlet servlet-nametourArea2/servlet-name display-nametourArea2/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea2_jsp/servlet-class /servlet servlet servlet-nametourArea3/servlet-name display-nametourArea3/display-name servlet-classcom.atomogy.virtualtour.view.pages.tourArea3_jsp/servlet-class /servlet servlet servlet-namefooter/servlet-name display-namefooter/display-name servlet-classcom.atomogy.virtualtour.view.include.footer_jsp/servlet-class /servlet servlet servlet-nameheader/servlet-name display-nameheader/display-name servlet-classcom.atomogy.virtualtour.view.include.header_jsp/servlet-class /servlet servlet-mapping servlet-nametourArea0/servlet-name url-pattern/pages/tourArea0.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea1/servlet-name url-pattern/pages/tourArea1.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea2/servlet-name url-pattern/pages/tourArea2.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nametourArea3/servlet-name url-pattern/pages/tourArea3.jsp/url-pattern /servlet-mapping servlet-mapping servlet-namefooter/servlet-name url-pattern/include/footer.jsp/url-pattern /servlet-mapping servlet-mapping servlet-nameheader/servlet-name url-pattern/include/header.jsp/url-pattern /servlet-mapping welcome-file-list welcome-fileindex.jsp/welcome-file /welcome-file-list /web-app The error message that I get when trying to run the application on Tomcat is as follows: 2005-05-26 09:33:03 StandardWrapperValve[tourArea0]: Servlet.service() for servlet tourArea0 threw exception java.lang.NoSuchMethodError: org.apache.jasper.runtime.JspRuntimeLibrary.include(Ljavax/servlet/http/HttpServletRequest;Ljavax/servlet/http/HttpServletResponse;Ljava/lang/String;Ljavax/servlet/jsp/JspWriter;Z)V at com.atomogy.virtualtour.view.pages.tourArea0_jsp._jspService(tourArea0_jsp.java:43) at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520
Re: ip-based virtual hosting
Mirko [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I know name-based virtual hosting works great in Tomcat but I am interested in setting up ip-based virtual hosting in standalone Tomcat. Is that possible? It will be possible in TC 5.5.10. It's not possible in any of the currently released versions. /Mirko - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ip-based virtual hosting
Hassan Schroeder [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: I ... am interested in setting up ip-based virtual hosting in standalone Tomcat. Is that possible? It will be possible in TC 5.5.10. It's not possible in any of the currently released versions. ?! Could you explain, please? Because I've currently got several systems running what *I* think of as IP-based virtual hosts using TC 5.0.x and 5.5.x... All TC versions = 5.5.9 use the Host header on the Request to map the Request to a Host. Starting with 5.5.10, it is possible to specify the attribute useIPVHosts=true on the Connector element that will cause Tomcat to use request.getLocalName() to map the Request to a Host, independently of whatever the browser has sent for the Host header. Granted, it was assumed that this option would be mostly useful to people using an AJP/1.3 Connector. However, it will work with the standalone Connector as well. -- Hassan Schroeder - [EMAIL PROTECTED] Webtuitive Design === (+1) 408-938-0567 === http://webtuitive.com dream. code. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Connector + truststore refresh without bouncing tomcat
Diego Ballve [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I'm using ssl client authentication with Tomcat 5.0.28. I have configured it to use my truststoreFile and all works fine there. I have added a feature to my webapp (The freebXML Registry, http://ebxmlrr.sourceforge.net/) to allow the user to register his own certificate when creating an user account. The certificate gets added to truststoreFile and other account details are set. My problem is that the SSL Connector will only read the truststoreFile when it is initialized. What I would like to have something monitoring the keystore file for changes and reload it to to the connector when it happens. I could not find a way to do it yet by checking the source for JSSEConnector (method init() triggers keystore loading). Has anybody done something similar?? Strangely, there seems to be more requests to do this sort of thing. Take a look at http://issues.apache.org/bugzilla/show_bug.cgi?id=34643. It's possible to bounce the Connector using JMX (which probably isn't good enough, since it bounces already-connected sessions as well). Otherwise, no, Tomcat currently initializes the TrustStore on startup, and won't re-initialize it afterwards. As always, patches are always welcome :). Another posibility would be to re-initialize the connector every hour, fo instance. There would be some delay after registration but user could be pacient and wait a bit. Is this easy to achieve/configure?? Thanks, Diego -- Diego Ballve Digital Artefacts Europe http://www.digital-artefacts.fi/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem starting jrmp service in tomcat 5.5.9 ?
Ah, yes, there was another reason to deprecate JkMX :). mx4j no longer ships with the jrmp Adapter. You need to downgrade your mx4j to version 1.1. Pankaj Bhatnagar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi I am trying to upgrade from Tomcat 5.0.x to Tomcat 5.5.9. I have an application that used to monitor Tomcat 5.0.x by connecting to the jrmp service and retreiving the MBeanServer. I used to enable the jrmp service by adding the 2 lines : mx.port= mx.jrmpPort=1099 to the jk2.properties file in the /conf folder. This does not work with Tomcat 5.5.9 :( I added these 2 lines to the jk2.properties file but found that there was no change in Tomcat starting up. I realized that the jk2.properties file was not being read by default. I then added the attribute propertiesFile=/conf/jk2.properties to the AJP Connector definition in the server.xml file. Now I get the following : May 13, 2004 1:16:35 PM org.apache.jk.common.ChannelSocket init INFO: JK: ajp13 listening on /0.0.0.0:8009 May 13, 2004 1:16:35 PM org.apache.jk.common.JkMX init INFO: Can't enable log4j mx: java.lang.ClassNotFoundException: org.apache.log4j.jmx.HierarchyDynamicMBean at java.net.URLClassLoader$1.run(URLClassLoader.java:199) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:187) at java.lang.ClassLoader.loadClass(ClassLoader.java:289) at java.lang.ClassLoader.loadClass(ClassLoader.java:235) at ava.lang.ClassLoader.loadClassInternal(ClassLoader.java:302) at java.lang.Class.forName0(Native Method) at java.lang.Class.forName(Class.java:141) at org.apache.jk.common.JkMX.registerObject(JkMX.java:382) at org.apache.jk.common.JkMX.init(JkMX.java:341) at org.apache.jk.server.JkMain.start(JkMain.java:326) at org.apache.jk.server.JkCoyoteHandler.start(JkCoyoteHandler.java:200) at org.apache.catalina.connector.Connector.start(Connector.java:1001) at .. May 13, 2004 1:16:35 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/79 config=/conf/jk2.properties Now I dont understand whether the service started successfully or not ? How can I check whether the service started or not ? I am not able to connect to the service through code. Could please help me as to how I can enable the jrmp service in Tomcat 5.5.9 and retreive the MBeanServer programatically ? Also, how do I start Tomcat in debug mode where will I get the debug messages ? Thanks in advance Pankaj Bhatnagar - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to change the port for jmx in tomcat 5.5.9 ?
Well, firstly JkMX is deprecated in 5.5 in favor of javax.management.remote. To use JkMX anyway, you need to either specify the properties directly on the Connector (e.g. mx.jrmpPort=1099) or specify the location of the properties file (e.g. propertiesFile=conf/jk2.properties) Pankaj Bhatnagar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi I used to change the port for jmx by specifying the property : jrmpPort=1099 in the jk2.properties file while using Tomcat 5.0.28 After adding this property when I started Tomcat I used to get the following in the console : May 11, 2005 12:57:22 PM org.apache.jk.common.JkMX loadAdapter INFO: Creating Naming:name=rmiregistry May 11, 2005 12:57:22 PM org.apache.jk.common.JkMX loadAdapter INFO: Creating Adaptor:protocol=jrmp on host localhost at port 1099 May 11, 2005 12:57:22 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=15/328 config=D:\Apps\tomcat5.0.19\conf\jk2.properties I made the same changes to the jk2.properties file in Tomcat 5.5.9, but it seems that it does not read the jk2.properties file. I get the following in the console : May 11, 2005 10:55:32 AM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=0/32 config=null Could someone help me out as to what I am missing in this ? Thanks Pankaj - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Launching an embedded Tomcat from Maven 1.x
Since you are using Embedded, your class needs to be loaded by the same ClassLoader that loads Tomcat. You might want to look at the examples for loading Tomcat from ant in commons-modeler, as an alternative way of doing what you want. Alonso Dominguez [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there! I'm working to embed a Tomcat server as a servlet container inside an Avalon Framework with a Loom engine. I looked for information how to launch the Catalina service from Java and finally I wrote the next file: package org.jlabase.framework.tomcat.startup; import java.io.File; import java.net.InetAddress; import org.apache.catalina.*; import org.apache.catalina.connector.*; import org.apache.catalina.realm.*; import org.apache.catalina.startup.*; import org.apache.tomcat.util.*; import org.jlabase.framework.tomcat.*; /** * @author a href=mailto:[EMAIL PROTECTED]A. Alonso Dominguez/a * @version 1.0 */ public class TomcatImpl implements Tomcat { private String path = null; private Embedded catalina = null; private Host host = null; private Context rootContext; private int port = 8080; public String getPath() { return path; } public void setPath(String value) { path = value; } public int getPort() { return port; } public void setPort(int value) { port = value; } public void start() throws Exception { Engine engine = null; // Create an embedded server catalina = new Embedded(); catalina.setCatalinaHome(getPath()); // Set the MemoryRealm MemoryRealm mr = new MemoryRealm(); catalina.setRealm(mr); // Create an engine engine = catalina.createEngine(); engine.setDefaultHost(localhost); // Create a default virtual host host = catalina.createHost(localhost, getPath() + /webapps); engine.addChild(host); // Create the ROOT context rootContext = catalina.createContext(, getPath() + /webapps/ROOT); rootContext.setReloadable(false); rootContext.addWelcomeFile(index.jsp); host.addChild(rootContext); // Create the Manager context Context managerCtx = catalina.createContext(/manager, getPath() + /webapps/manager); managerCtx.setPrivileged(true); host.addChild(managerCtx); // Assemble the container hierarchy catalina.addEngine(engine); // TODO Repair the Connector bug String addr = null; Connector connector = null; InetAddress address = null; try { connector = new Connector(); connector.setSecure(false); address = InetAddress.getLocalHost(); if(address != null) { IntrospectionUtils.setProperty(connector, address, address.toString()); } IntrospectionUtils.setProperty(connector, port, new Integer(getPort()).toString()); } catch(Exception e) { e.printStackTrace(); } connector.setEnableLookups(false); catalina.addConnector(connector); catalina.start(); // Starts the embedded server } public void stop() throws Exception { catalina.stop(); } public static void main(String args[]) { System.out.println(Creating server instance...); TomcatImpl tomcat = new TomcatImpl(); tomcat.setPath( new File(System.getProperty(jlbframework.tomcat.home, System.getProperty(basedir, .))).getAbsolutePath() ); try { System.out.println(Using CATALINA_HOME = + tomcat.getPath()); System.out.println(Starting server on port + tomcat.getPort()); tomcat.start(); //tomcat.catalina.setAwait(true); } catch(Exception e) { e.printStackTrace(); } } } My intention is to configure the Catalina service from this class and use a simple Ant-like script in Maven to launch the main method of this class. So, my next step was write the maven.xml file, this is: project xmlns:ant=jelly:ant xmlns:j=jelly:core xmlns:u=jelly:util default=loom:sar goal name=jlbframework:tomcat-init ant:path id=tomcat.classpath j:forEach var=artifact items=${pom.artifacts} j:set var=dependency value=${artifact.dependency} / j:if test=${dependency.getProperty('sar.bundle')=='true'} ant:fileset dir=${maven.repo.local}/${dependency.artifactDirectory}/jars prefix=lib ant:echoAdding artifact: ${dependency.artifact} to the Tomcat classpath./ant:echo ant:include name=${dependency.artifact} / /ant:fileset /j:if /j:forEach ant:pathelement path=${jlbframework.tomcat.home}/conf / /ant:path /goal goal name=jlbframework:tomcat-start prereqs=jar:jar,jlbframework:tomcat-init ant:echoStarting Tomcat in stand-alone mode.../ant:echo ant:java jar=${maven.build.dir}/${maven.final.name}.jar fork=true maxmemory=15M failonerror=true classpathref=tomcat.classpath ant:sysproperty key=basedir value=${basedir} / ant:sysproperty key=jlbframework.home value=${jlbframework.home} / ant:sysproperty key=jlbframework.tomcat.home value=${jlbframework.tomcat.home} / /ant:java /goal /project And this are the contents of the project.properties file: jlbframework.home=${basedir}/../.. jlbframework.tomcat.home=${basedir} maven.xdoc.date=left maven.xdoc.version=${pom.currentVersion} maven.eclipse.resources.addtoclasspath=true
Re: jsvc.exec error: syscall failed in set_caps
Georges Roux [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks much for sharing your solution with the group -- this will help people when they search the archives. -QM Well hm, bad news, the probleme is already here and I don't have the solution. Yeah, well, check out http://issues.apache.org/bugzilla/show_bug.cgi?id=33154. Sorry Georges - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Developing custom Realm
The archives are your friend. For example: http://www.mail-archive.com/tomcat-user%40jakarta.apache.org/msg150366.html. alebu [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi! I was searching for any documentation about developing custom Realm for Tomcat but did'nt found anything. Could someone point me in the right direction? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Re[6]: Tomcat/4.1.31 - SSL Troubles
Andrey [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, Wednesday, April 13, 2005, 10:17:42 PM, you wrote: I can connect to ssl port ... and i can see sertificate.. but when i accept this sertificate my browser says The page cannot be displayed. Just a basic guesswork... Assuming the code does not differentiate between ssl and non-ssl, could it be a browser specific problem? Also, can you see it from local machine, i.e. https://localhost:8443/...? Just my 2 pence... No difference between local/remote. I don't think it's network/browser related problem. Thanks to Jason.. GET / HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Accept-Language: lv Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) Host: 62.86.16.101 Connection: Keep-Alive HTTP/1.1 302 Moved Temporarily Location: https://62.86.16.101/index.jsp Content-Length: 0 Date: Wed, 13 Apr 2005 19:38:50 GMT Server: Apache-Coyote/1.1 What can i do ? :) MSIE is sending the wrong Host header (it's known to do that :), so the Location is bad on the response (it's asking MSIE to connect to port 443). What you can do is: 1) Use FireFox. 2) Configure the connector to run on the default port of 443. 3) Get MS to fix their browser. -- Best regards, Andrey [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat user 'roles' question
Wendy Smoak [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] From: Bill Barker [EMAIL PROTECTED] Custom Realms really aren't all that hard. You typically create a class that extends RealmBase (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/realm/RealmBase.html, changing the '5.5' to the TC version you care about, unless it's 3.3 where the package is different). Then you override the 'getPassword(String)' (returns the db-password of the user), the 'getPrincipal(String)' (returns the userPrincipal for the user), and the 'getName()' (returns the name of the realm -- any identifying string). If you return anything but a o.a.c.realm.GenericPrincipal from getPrincipal, then you'll have to override the 'hasRole(Principal, String)' method as well. Thank you, that gives me a place to start. But I don't want to _authenticate_ the user at all... that's done elsewhere (one of two different places, actually,) and handled by a Filter. And yet I realize that somehow Tomcat has to know who the user is. :/ If I create a realm and configure it, will I be able to circumvent the user getting prompted for a userID and password? Can I (in the Filter) place a GenericPrincipal object in the session under some key? I'm really only after the programmatic security of isUserInRole(...) here, but would like to stick to the standard way of doing things as much as possible. The Realm will populate the 'userRoles' only if they are accessing a protected page (one that is under a security-contraint), so it doesn't change prompting. And, no, a normal Filter can't set the userPrincipal, since that requires access to Tomcat internals. You could use a Valve, but it sounds like for what you want, you could simply wrap the HttpServletRequest in your Filter with a wrapper that overrides isUserInRole. If anything, this would be more 'the standard way', since then your app would also be portable to another Servlet Container. -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Clean shutdown? Can sessions survive a jsvc stop/start ?
August Detlefsen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] In TC 5.5.7, the tomcat start/stop script for Linux/Solaris (/etc/init.d/tomcat) stops tomcat by simply killing the process: stop) # # Stop Tomcat # PID=`cat /var/run/jsvc.pid` kill $PID ;; Do user sessions ever get a chance to be serialized if tomcat is stopped in such a manner? They do if you're not using the broken version of jsvc that ships with Tomcat. The non-buggy jsvc program catches SIGTERM and performs a clean shutdown of Tomcat. I have noticed that users are forced to login again (we determine login status based on an object in a user's session) after tomcat restarts and I need to know if the object is getting serialized at all. Is there a better stop procedure? Nope. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat user 'roles' question
Yeah, but writing your own custom UserDatabase is usually harder than writing your own custom Realm (at least four classes vs. one.). It does have the advantage that (in theory) it should work with the admin webapp ;-). Custom Realms really aren't all that hard. You typically create a class that extends RealmBase (http://jakarta.apache.org/tomcat/tomcat-5.5-doc/catalina/docs/api/org/apache/catalina/realm/RealmBase.html, changing the '5.5' to the TC version you care about, unless it's 3.3 where the package is different). Then you override the 'getPassword(String)' (returns the db-password of the user), the 'getPrincipal(String)' (returns the userPrincipal for the user), and the 'getName()' (returns the name of the realm -- any identifying string). If you return anything but a o.a.c.realm.GenericPrincipal from getPrincipal, then you'll have to override the 'hasRole(Principal, String)' method as well. One strategy is to just do the above, and you are done. The other is to implement the required overrides (except 'getName') to return null, and override the 'authenticate(String, String)' method. Whichever works better with your DB. Jerome Jar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I think you can modify the UserDatabase part in server.xml, to change the authentiation to use in your own way. On Apr 9, 2005 1:41 AM, Wendy Smoak [EMAIL PROTECTED] wrote: The only exposure that I have to this is configuring tomcat-users.xml so I can use the manager webapp, so please bear with me. I've got several web front-ends for a non-JDBC database. There is a 'green screen' (telnet) app running against the DB that uses a system of user security classes to which different 'screens' are assigned. That data is stored in the DB itself. We've fit the web front end into this system by assigning each 'page' of the webapp a 'screen id', so that the admin can define who sees what in a single place. What I'm wondering is if there's any hope of using this data with the existing request.isUserInRole() method. (The security classes are (loosely) roles.) I only need to deal with authorization. Authentication is handled separately by a Filter that redirects elsewhere to make them log in. Can someone point me in the right general direction? Everything Google turns up starts in with configuring a JDBC or JNDI realm, and I don't think that part of it will ever work with this database. Would I end up defining my own kind of a Realm? Confused, -- Wendy Smoak - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3 and Tomcat 5 on JDK 1.3 and JDK 1.5 respectively
I routinely run TC 3.3.2 on JDK 1.4.x (and even occationally on 1.5.x :) without any problems. I haven't used TC 3.2.3 in very many years, so I don't know. I'd guess that it would run ok, except possibly if you are using SSL. Fredrik Liden [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does anyone know if this configuration is possible on one computer? The reason for the two different JDKs is that I'm guessing that Tomcat 3.23 isn't compatible with jdk 1.5 or even 1.4 or is it? So I guess the question is if it's in Catalinas startup config files it's possible to specify different JAVA_HOMEs. Anyone have any experience with running different versions like this? Any input would be appreciated. Fredrik - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4.1.27 context MBeans
I don't believe that TC 4 registers the webapp's classloader with JMX (only the Catalina Loader). You'll need TC 5 for that. Sheykhet, Rostic [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi all, I would like to deploy my webapp along with custom mbeans. I have LifeCycleListeners enabled, and I can get a hold of MBeanServer object from my webapp's servlet code, list mbeans, etc. I cannot call the MBeanServer.createMBean() method because all of my mbean-related classes are only known to the webapp's class loader. I would like the mbean classes to not be shared and to remain in the WAR file. How can I pass the webapp's class loader to the MBeanServer? I've read the mbean descriptor howto, but found no suitable answers there. Thanks, Rostic - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apply SSL using tomcat 3.3.1a and JDK 1.3.1
Marcus Nugroho [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, Is it possible to apply SSL on tomcat 3.3.1a using JDK 1.3.1 ? We have succeeded for Tomcat 3.3.1a using JDK 1.4.2. unfortunately, the application required JDK 1.3.1 Does anyone have similar experince about this ? You need to download JSSE 1.0.x from Sun, and copy the jars to $TOMCAT_HOME/lib/common. After that, it's just like with JDK 1.4.x. Thanks, Marcus. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Well I have more info now. I turned on debugging and saw that I'm getting a 'null cert chain' SSLHandshakeException. So, I started from scratch and went through each of my steps one by one and I've apparently got one of them wrong. Now when I do these steps: # Create a private key and certificate request for your own CA: openssl req -new -subj /C=US/ST=New York/L=New York/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias myalias -keypass changeit This is either/or with truststoreFile (which, since you are using 4.1.x, is done with the -Djavax.net.ssl.trustStore=/path/to/trust.store; for TC 3 5 it's configured like keystoreFile). However, you need to trust your CA cert (i.e. -trustcacerts). This (and everything I've said before) is assuming that you're using the Coyote Connector. I don't really remember how the (deprecated) Http11Connector works (and don't care enough to look it up :). # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrg, L=New York, S=New York, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit It's good practice to import the server CA as well, so that JSSE can send the entire chain, but at this point, I imagine you just want it to work ;-). It's also necessary if you are pointing your truststore to your keystore. I get a 'Failed to establish chain from reply' exception at his point. Since you re-created your CA, you would need to re-import it into your browser. However, I'm guessing that it's because of the lack of trust mentioned above. - Original Message - From: joelsherriff [EMAIL PROTECTED] To: Tomcat Users List tomcat-user@jakarta.apache.org Sent: Saturday, March 26, 2005 11:24 AM Subject: Re: Help with SSL Cert config Ah. Thanks for the help, truly, but I'm still not getting there. I didn't even know about the truststoreFile so I googled it and saw mention that the easiest thing to do is to set the truststoreFile = the keystoreFile, since that already has the CA cert in it. So, I tried setting truststoreFile to point to my keystoreFile in server.xml. That didn't help. Then I saw that there might be issues with setting truststoreFile in the server.xml in Tomcat 4.1 so I set it in CATALINA_OPTS like: -Djavax.net.ssl.trustStore=C:/Program Files/Apache Group/Tomcat 4.1/conf/server.keystore and that didn't help either. Anything else I'm missing? - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 10:13 PM Subject: Re: Help with SSL Cert config joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem
Re: Help with SSL Cert config
You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Help with SSL Cert config
joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I thought that's what this step: # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit was doing. No? No. That's putting it into your keystoreFile. The keystoreFile is to identify you. The truststoreFile is to identify other people. - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Friday, March 25, 2005 8:51 PM Subject: Re: Help with SSL Cert config You need to put your CA cert into your Tomcat truststoreFile. Otherwise, you client's cert won't be trusted. joelsherriff [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm resending this message because a) for some reason I didn't see it on the list after I sent it and b) I never got any responses (maybe because of _a_). So, if my original post did actually make it to the list, please forgive the re-post. Hope someone can help. I've searched through the archives and this seems to be a common problem, but even detailed instructions have left me stumped. I'm trying to get client certificates to be required by tomcat by setting clientAuth=true but I can't seem to figure out how to get the client certificate to be accepted once I do that. Here's what I've done to generate all the appropriate files (parts coped from other posts to this list): Further elaboration of what we're trying to do: We want to require client authentication from our customers. So, IIUC, we'll have to send them a signed client cert (p12) to install in their browser and java keystores. Again, IIUC, importing the CA certificate, that was used to sign the client cert, into the server keystore is what tells the server to accept the client certificate presented, because it will be signed by that CA (us). Is my understanding correct? If so, these steps appear to be correct, unless I've hosed something up along the way. # Create a private key and certificate request openssl req -new -subj /C=US/ST=North Carolina/L=Raleigh/CN=akuma-c -newkey rsa:1024 -nodes -out ca.csr -keyout ca.key # Create CA's self-signed certificate openssl x509 -trustout -signkey ca.key -days 365 -req -in ca.csr -out ca.pem # Copy ca.pem to ca.crt, edit and change TRUSTED CERTIFICATE to CERTIFICATE # import ca.crt into the Trusted Root Certificates Store in IE #Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore %JAVA_HOME%/jre/lib/security/cacerts -file ca.pem -alias my_ca_alias -keypass changeit -storepass changeit # Create a file to hold CA's serial numbers. echo 02 ca.srl # Create a keystore for the web server. keytool -genkey -alias tomcat-sv -dname CN=akuma-c, OU=RD, O=MyOrganization, L=Raleigh, S=North Carolina, C=US -keyalg RSA -keypass changeit -storepass changeit -keysize 1024 -keystore server.keystore -storetype JKS # Create a certificate request for the web server: keytool -certreq -keyalg RSA -alias tomcat-sv -file server.csr -keystore server.keystore -storepass changeit # Sign the certificate request: openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in server.csr -out server.crt -days 365 # Import the signed server certificate into the server keystore: keytool -import -alias tomcat-sv -keystore server.keystore -trustcacerts -file server.crt -storepass changeit # Import the CA certificate into the server keystore: keytool -import -alias my_ca_alias -keystore server.keystore -trustcacerts -file ca.pem -keypass changeit # Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out client1.req -keyout client1.key # Sign the client certificate. openssl x509 -CA ca.pem -CAkey ca.key -CAserial ca.srl -req -in client1.req -out client1.pem -days 365 # Generate a PKCS12 file containing client key and client certificate. openssl pkcs12 -export -clcerts -in client1.pem -inkey client1.key -out client1.p12 -name Client # Import the PKCS12 file into the web browser under Personal Certificates # edit the server.xml file and set clientAuth=true and keystoreFile to point to my server.keystore file. Once all this is done, neither IE nor my web app can talk to tomcat on the ssl port (8443) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CERT Vulnerability Note VU#204710 on Tomcat 3.x
Jess Holle [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] This vulnerability note has to be amongst the most vague and least informative I've ever seen. It says that Tomcat 3.x and AJP12 has an issue and that the issue is not present in Tomcat 5. What about Tomcat 4 and 4.1? What about AJP13? The report simply does not address any of these variations. AJP12 is deprecated in Tomcat 3.3.x, and isn't supported at all in Tomcat = 4. At a guess, the AJP13 variant of it is http://issues.apache.org/bugzilla/show_bug.cgi?id=31204. On the other hand, any production installation should block communication on the AJP 12 or AJP13 port except where it is coming from Apache. This completely addresses the vulnerability irrespective of version. -- Jess Holle [EMAIL PROTECTED] wrote: Hi, CERT released a vulnerability note on Tomcat 3.x last week. See the following url for details: http://www.kb.cert.org/vuls/id/204710 We are running two configurations of Apache and Tomcat: Apache v1.3.27 with Tomcat v4.1.29 Apache v1.3.27 with Tomcat v4.0.6 I'm trying to determine if these versions of Tomcat are vulnerable. Can anyone confirm or deny? If you like, respond to summers_ed () emc ! com Thanks, Ed - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Howto MBean
Tomcat doesn't have an automatic MBean deployment option for a Context. You'll need a ServletContextListener (or otherwise) to register your application MBeans. Note that with commons-modeler 1.1 (which ships with Tomcat 5), it is no longer necessary to include your mbeans-descriptor.xml in the ServerLifecycleListener. commons-modeler will automagically load it when your MBeans are registered. Kris Balle Kristensen [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I have written a bunch of MBeans for JBoss, but I can't figure out how to do it for Tomcat5 :(. I have google'd a lot of pages containing the MBean keyword, but have yet to find a tutorial for MBeans deployed on Tomcat5. My scenario: I need a persistent object in Tomcat (trigger mechanism) that will be triggered when a certain time of day (like midnight) is up. Furthermore I need some kind of cache for some of my beans. This cache should be callable from any jsp page if so desired. I'm not sure if MBean would be the right approach, but anyway this is what I normally use with JBoss. What I need is an MBean example written for Tomcat5 including example descriptors for same. I have tried to do this myself, but it looks like my Mbean doesn't get deployed on startup of Tomcat. I can't see it in the Tomcat log. In the test example below, the Mbean is just suppose to show the current datetime when the getShowTime (attribute showTime) gets activated. Also the System.outs should be printed out during init/start/stop/destroy of this MBean, but nothing happens. I have tried the following: In server.xml I added the following: Listener className=org.apache.catalina.mbeans.ServerLifecycleListener debug=0 descriptors=/mbean/test/mbean-descriptors.xml/ Listener className=org.apache.catalina.mbeans.GlobalResourcesLifecycleListener debug=0/ In mbean/test/mbean-descriptors.xml: mbean name=mbean.test.ShowTimeMBean className=org.apache.catalina.mbeans.ClassNameMBean description=Shows the current time domain=Catalina group=ShowTime type=mbean.test.ShowTime attribute name=timeNow description=Shows the current time type=java.lang.String writeable=false/ operation name=start description=Start impact=ACTION returnType=void / operation name=stop description=Stop impact=ACTION returnType=void / operation name=init description=Init impact=ACTION returnType=void / operation name=destroy description=Destroy impact=ACTION returnType=void / operation name=showDateTimeNow description=showDateTimeNow impact=ACTION returnType=java.lang.String / /mbean In package test.mbean: public class ShowTime { private String showTime; public String getShowTime() { SimpleDateFormat sdf = new SimpleDateFormat(-MM-dd tt:mm:ss); showTime = sdf.format(new Date()); return showTime; } public void start() { System.out.println(start called..); } public void stop() { System.out.println(stop called..); } public void init() { System.out.println(init called..); } public void destroy() { System.out.println(destroy called..); } } public class ShowTimeMBean extends BaseModelMBean{ String timeNow = null; protected MBeanServer mserver; protected ManagedBean managed; public ShowTimeMBean() throws MBeanException, RuntimeOperationsException { initialize(); } public ShowTimeMBean(ModelMBeanInfo modelMBeanInfo) throws MBeanException, RuntimeOperationsException { super(modelMBeanInfo); initialize(); } public ShowTimeMBean(String s) throws MBeanException, RuntimeOperationsException { super(s); initialize(); } public ShowTimeMBean(String s, ModelerSource modelerSource) throws MBeanException, RuntimeOperationsException { super(s, modelerSource); initialize(); } private void initialize() { registry = MBeanUtils.createRegistry(); mserver = MBeanUtils.createServer(); managed = registry.findManagedBean(ShowTime); } public void start() { System.out.println(ShowTimeMBean::start called..); } public void stop() { System.out.println(ShowTimeMBean::stop called..); } public void init() { System.out.println(ShowTimeMBean::init called..); } public void destroy() { System.out.println(ShowTimeMBean::destroy called..); } public String showDateTimeNow() { ShowTime st = (ShowTime)resource; timeNow = st.getShowTime(); return timeNow; } public String getTimeNow() { return timeNow; } } Everything gets deployed using a .war file. Can any of you point me in the right direction? Regards. Kris - To unsubscribe,
Re: Authentication for streaming file (OT)
Have you tried other browsers than MSIE? If it works for FireFox, then you've probably hit http://issues.apache.org/bugzilla/show_bug.cgi?id=28750. Mark Leone [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Slightly off-topic -- Tomcat related I have a servlet that is invoked by clicking a hyperlink that is rendered by a JSP running in Tomcat. The servlet receives a file path parameter in the HTTP request, and then streams that file to the requesting client. I have a security-constraint/ defined in Tomcat for the JSP, requiring basic password authentication. However, if I define the security-constraint/ so that it applies to the servlet also, then the following error occurs when the servlet attempts to stream the file to the client. The browser presents the file info and prompts to save or open the file, but then when the actual streaming is attempted, the browser reports that the site is unreachable. This is apparently caused by the lack of any authentication during the file streaming operation, because when I define the security-constraint/ so that it applies to the JSP but not the servlet, the problem does not occur. I don't really understand why it behaves this way, since the servlet was invoked with proper authorization, and the problem occurs only when the servlet starts streaming a file to the client. But it does seem to be an authorization problem, since it goes away when I don't constrain the servlet for authentication. I can operate this way, but then my JSP is protected and the servlet is not. Is there a way to specify authentication parameters during the file streaming operation? Does anyone have an explanation for what I'm experiencing? Here's my servlet code: public class FileSender extends HttpServlet{ protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException{ String filename = request.getParameter(file); File file = new File(filename); MimetypesFileTypeMap mimeTypes = new MimetypesFileTypeMap (C:\\Program Files\\Java\\jdk1.5.0_01\\lib\\mime.types); String mime = mimeTypes.getContentType(file); response.setContentType(mime); response.setHeader(Content-Disposition, attachment; + filename= + file.getName()); FileInputStream in = new FileInputStream(file); OutputStream out = response.getOutputStream(); byte[] buf = new byte[1024]; int i = 0; while((i=in.read(buf))!=-1) { out.write(buf, 0, i); } in.close(); out.close(); } } And here's my web.xml. With this configuration, the file downolad fails as described above. To make it work, I remove the second url-pattern/ element as indicated. !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.2//EN http://java.sun.com/j2ee/dtds/web-app_2_2.dtd; web-app display-name File Port /display-name description Makes files available through the web container /description servlet servlet-nameFilePort/servlet-name description Retrieves specified file and sends it to requester /description servlet-classFileSnatcher.FileSender/servlet-class /servlet servlet-mapping servlet-nameFilePort/servlet-name url-pattern/FilePort/url-pattern /servlet-mapping !-- Define a Security Constraint on this Application -- security-constraint web-resource-collection web-resource-nameFileSnatcher/web-resource-name url-pattern*.jsp/url-pattern url-pattern/FilePort/url-pattern !-- remove this to make it work -- /web-resource-collection auth-constraint role-namemanager/role-name /auth-constraint /security-constraint !-- Define the Login Configuration for this Application -- login-config auth-methodBASIC/auth-method realm-nameJDBCRealm/realm-name /login-config !-- Security roles referenced by this web application -- security-role description The role that is required to log in to the Manager Application /description role-namemanager/role-name /security-role /web-app - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat, Sun One Webserver 6.1
Since SunOne isn't the most supported platform (at least at Apache; I believe that Sun has a better-supported plugin, but you'll have to ask them :), you'll need to build mod_jk from the source distro in jk/native/netscape (for the simple reason that nobody has contributed a binary distro for SunOne in a very long time). After that, you'll need http://jakarta.apache.org/tomcat/connectors-doc-archive/jk2/jk/neshowto.html, and possibly enabling NSConfig (for TC 5: Listener className=org.apache.jk.conf.NSConfig /) to work out the configuration. Of course, if you want to share back your success/horror-stories to improve the Tomcat docs, it will be appreciated. Ashish Tripahi [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] the doco on the tomcat website is not helping me at all. Can somebody please explain how to integrate SunOne/IPlanet 6.1 with Tomcat. Waiting for the response - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuration Problem in Tomcat for HTTPS
Urm, not really enough info here to help you. Of course I'm assuming that you've already read http://jakarta.apache.org/tomcat/tomcat-5.5-doc/ssl-howto.html. Beyond that, you can try setting your logging category (log4j/java.util.logging config) for 'org.apache.tomcat.net.jsse' to DEBUG to increase the number of messages. suryadevara dushyanth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am trying to configure my Tomcat with https support. I tried in two versions of tomcat. Tomcat 5 I followed the process as given by the documentation but https is not working as i typed in the url https://localhost:8443; I am getting page not available. Tomcat 4.1.29 I followed the process and modified the server.xml file by uncommenting the 8443 port. When i start my tomcat server it is shutting down and it does not start. I tried it through Tomcat Admin page but it says resource requested not available. Please help me out as I have to host my application in Tomcat using HTTPS port. And I am under a tight deadline for hosting this application. Thanks Regards Dushyanth __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Being lost in the mailing list
Klaus-F. Kaal [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi Peter, I can imagine that the gurus get tons of eMails with difficult and silly questions. And as there is limited time, they can't answer them all. I believe they keep answering the freshly incoming ones. Since I am really in problems and did not get an answer over days, I thought, I was lost in the cant do this bin and it's better to shout out to get attention. Believe me: that is not my normal style. I aquired a dedicated server and got it with Suse 9.1 preinstalled. Apache 2.0.48 was on it. It uses virtual hostst. Apart from that it seems to be not special. But it runs without problems (as far as I can judge from the logs) I installed - Java 1.4 - Tomcat 5.0.28 - mod_jk2 from the latest binary distribution Well, there is your problem. The mod_jk.conf generated by ApacheConfig is for mod_jk. It's totally useless with mod_jk2. For mod_jk2, you have to set up the configuration by hand. Independently, Apache and Tomcat work well. Tomcat reports in the logs that it listens on port 8009 for mod_jk communication. It also created /conf/auto/mod_jk.conf, the content of which, I show later in this text. Apache does not shift incoming JSP calls to mod_jk. It just states that it could not find the document in the normal public_html space. Can you do something with this info? Thanks a lot for your hints. Klaus Peter Johnson schrieb: Klaus, Taking a tone with people gives you less chance of a response. Are you doing any url rewriting in Apache? PJ Klaus-F. Kaal wrote: _In my Tomcat log, I can see:_ INFO: JK2: ajp13 listening on /0.0.0.0:8009 06.03.2005 00:54:10 org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=5/43 config=/usr/tomcat/conf/jk2.properties _I included my automatically created mod_jk.conf into the httpd.conf:_ Include /usr/tomcat/conf/auto/mod_jk.conf This mod_jk.conf looks like this: IfModule !mod_jk.c LoadModule jk_module /usr/lib/apache2-prefork/mod_jk.so /IfModule JkWorkersFile /etc/apache2/workers2.properties JkLogFile /usr/tomcat/logs/mod_jk.log JkLogLevel emerg _The workers2.properties is here:_ [channel.socket:localhost:8009] port=8009 host=127.0.0.1 [ajp13:localhost:8009] channel=channel.socket:localhost:8009 [uri:/jsp-examples/*] worker=ajp13.localhost:8009 [uri:www.technologyserver.com/*.jsp] worker=ajp13:localhost:8009 Apache and Tomcat are working fine, independently. But when I try to call a JSP on port 80, Apache states that it cannot find the file. What am I doing wrong?? Thanks for your help. Klaus - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem on Tomcat 3.3.1a: hang
Connection reset by peer isn't usually that interesting (it usually means that the browser dropped the connection). Making some wild guesses: Using the Http10Connector on Windows usually means that you need to add something like socketCloseDelay=50 to the element in server.xml. Even better would be to upgrade to 3.3.2 and use the CoyoteConnector (the same one that TC 4 5 use). This is much more reliable that the Http10Connector. Marcus Nugroho [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, We are implementing CRM application using Tomcat as a web server : The platform and version : - Jakarta Tomcat 3.3.1a - Windows 2000 Advance Server SP4 The problem is after several users logged in properly, then the next user login will hang. Any other login process after it will failed also (hang). This problem can be solved by restarting the Tomcat server. The above problem is intermittent. The error message is : 2005-01-17 17:12:58 - Ctx(/epoint) : IOException in R( /epoint + /Clients/HTML/e rror.jsp + null) - java.net.SocketException: Connection reset by peer: socket wr ite error anyone can help on this matter ? Many Thanks, Marcus. The full Tomcat output when the error occured is as follows : 85) at org.apache.tomcat.core.ContextManager.internalService(ContextManager. java:917) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:833 ) at org.apache.tomcat.modules.server.Http10Interceptor.processConnection( Http10Interceptor.java:176) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :494) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:516) at java.lang.Thread.run(Thread.java:484) 2005-01-17 17:12:58 - Ctx(/epoint) : IOException in R( /epoint + /Clients/HTML/e rror.jsp + null) - java.net.SocketException: Connection reset by peer: socket wr ite error at java.net.SocketOutputStream.socketWrite(Native Method) at java.net.SocketOutputStream.write(SocketOutputStream.java:83) at org.apache.tomcat.modules.server.Http10.doWrite(Http10.java:436) at org.apache.tomcat.modules.server.HttpResponse.doWrite(Http10Intercept or.java:480) at org.apache.tomcat.core.OutputBuffer.realWriteBytes(OutputBuffer.java: 188) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:360) at org.apache.tomcat.util.buf.ByteChunk.append(ByteChunk.java:338) at org.apache.tomcat.util.buf.IntermediateOutputStream.write(C2BConverte r.java:234) at java.io.OutputStreamWriter.flushBuffer(OutputStreamWriter.java:230) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:244) at org.apache.tomcat.util.buf.WriteConvertor.flush(C2BConverter.java:183 ) at org.apache.tomcat.util.buf.C2BConverter.flushBuffer(C2BConverter.java :126) at org.apache.tomcat.core.OutputBuffer.realWriteChars(OutputBuffer.java: 337) at org.apache.tomcat.util.buf.CharChunk.flushBuffer(CharChunk.java:388) at org.apache.tomcat.core.OutputBuffer.flush(OutputBuffer.java:314) at org.apache.tomcat.core.OutputBuffer.close(OutputBuffer.java:305) at org.apache.tomcat.core.Response.finish(Response.java:271) at org.apache.tomcat.core.ContextManager.service(ContextManager.java:838 ) at org.apache.tomcat.modules.server.Http10Interceptor.processConnection( Http10Interceptor.java:176) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :494) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:516) at java.lang.Thread.run(Thread.java:484) 2005-01-17 17:12:58 - Ctx(/epoint) : Error: exception inside exception servlet n ull class java.net.SocketException 2005-01-17 17:12:58 - ErrorHandler: Error loop for R( /epoint + /Clients/HTML/er ror.jsp + null) error java.net.SocketException: Connection reset by peer: socket write error - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: java.net.SocketException when user disconnects from response stream
Urm, the entire point of ClientAbortException (which is a Tomcat class) is to allow Tomcat to know that it shouldn't be logging it. If com.lowagie.text.pdf chooses to log it, well you'll have to take it up with them ;-). Allistair Crossley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I've seen similar posts from users before on this topic but do not believe I saw a concrete answer. I was streaming a PDF to my browser yesterday when I decided to quickly move to another page in the website and therefore stopping the PDF response stream. When I looked in the logs, I found the following stack trace. The com.lowagie.text.pdf has spotted that this was a Client Abort which it was, but I also noted that it is wrapping up the real error that occured which was a java.net.SocketException: Connection reset by peer: socket write. We have this java.net.SocketException: Connection reset by peer: socket write error in our logs quite often on our production server and I am guessing that perhaps users are stopping the response stream somehow, perhaps closing the browser or moving to another page mid-response? In both that case, and in the case of aborting the PDF stream as below, I am not convinced I need to care since it does not impair the server that a user did not bother to receive the full response. Does anyone disagree or have an explanation why such scary stack traces should be output by Tomcat each time a user does not complete receiving their response .. is it perhaps because Tomcat is unable to differentiate between a user closing their browser and some other network problem that I may well want to know about? Thanks, Allistair. ExceptionConverter: ClientAbortException: java.net.SocketException: Connection reset by peer: socket write error at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:366) at org.apache.tomcat.util.buf.ByteChunk.flushBuffer(ByteChunk.java:403) at org.apache.catalina.connector.OutputBuffer.doFlush(OutputBuffer.java:314) at org.apache.catalina.connector.OutputBuffer.flush(OutputBuffer.java:293) at org.apache.catalina.connector.CoyoteOutputStream.flush(CoyoteOutputStream.java:85) at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:124) at com.lowagie.text.pdf.OutputStreamCounter.flush(Unknown Source) at com.lowagie.text.DocWriter.close(Unknown Source) at com.lowagie.text.pdf.PdfWriter.close(Unknown Source) at com.lowagie.text.pdf.PdfDocument.close(Unknown Source) at com.lowagie.text.Document.close(Unknown Source) at net.sf.jasperreports.engine.export.JRPdfExporter.exportReportToStream(JRPdfExporter.java:457) at net.sf.jasperreports.engine.export.JRPdfExporter.exportReport(JRPdfExporter.java:282) at net.sf.jasperreports.engine.JasperExportManager.exportReportToPdfStream(JasperExportManager.java:174) at net.sf.jasperreports.engine.JasperPrintManager.printReportToPdfStream(JasperPrintManager.java:145) at net.sf.jasperreports.engine.JasperRunManager.runReportToPdfStream(JasperRunManager.java:269) at com.qas.newmedia.intranet.pof.actions.mypos.PDFGenerateAction.doWork(PDFGenerateAction.java:155) at com.qas.newmedia.intranet.iq.actions.SecuredBaseAction.execute(SecuredBaseAction.java:188) at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:421) at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:226) at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1158) at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:397) at javax.servlet.http.HttpServlet.service(HttpServlet.java:689) at javax.servlet.http.HttpServlet.service(HttpServlet.java:802) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at com.qas.newmedia.common.filters.SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java:65) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:305) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:383) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:745) at
Re: Tomcat5 and Client Certificates
Jason Bainbridge [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Fri, 4 Mar 2005 06:54:34 -0800, Sweeney, Bill [EMAIL PROTECTED] wrote: Hello TC5 Users - I used %java-home%/bin/keytool to build the certificate store and the server and client certificates (self-signed). Tomcat asks for the client certificate when I try and connect, but - here is the problem: (1) I can't seem to get the client key to export properly so that I can install it in the browser; how do I get a .pfx out of the keystore? I think you are going to have to use openssl to convert the file after exporting it, http://www.mindreef.com/products/4.1/help/sslcerts.html has a little info on that but the reverse. I'm sure there are better resources but that was the first Google I saw. (2) How can I validate which certificate store is being used by tomcat? (I made a few along the way in testing) There is a parameter (keyStoreFile?) that you can specify the location in the Connector properties it's detailled in one of those links you have. The one you want is: truststoreFile. (3) I set debug=3 in the SSL connector but am not seeing the SSL handshake in stdout. Is there some other way for setting debug to see the handshake? Not sure on that one. Configure the logging category 'org.apache.tomcat.util.net.jsse' to be DEBUG (in your log4j/JDK 1.4 logging configuration). That will give you lots of Tomcat messages. If you want lower level messages, consult the JSSE docs. Regards, -- Jason Bainbridge http://kde.org - [EMAIL PROTECTED] Personal Site - http://jasonbainbridge.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc.exec error on FC3
Chong Yu Meng [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Barker wrote: | Chong Yu Meng [EMAIL PROTECTED] wrote in message | news:[EMAIL PROTECTED] | | The daemon starts up ok, but when shutting down, I get this error: | | Feb 28, 2005 3:23:40 PM org.apache.coyote.http11.Http11Protocol pause | INFO: Pausing Coyote HTTP/1.1 on http-8080 | jsvc.exec error: Service exit with a return value of 143 | | When I do a shutdown using the shutdown.sh script, Tomcat shuts down | gracefully. | | Is there a way to shutdown jsvc gracefully? | | Yes. Don't use the version that ships with Tomcat. Hi Bill, I just downloaded and compiled the source version from the Commons website (http://www.apache.org/dist/jakarta/commons/daemon/binaries/). Unfortunately, I still get the same error. Any ideas? Perhaps you could point me to the site you downloaded your jsvc sources from, because the date stamp on the two sites I visited were different -- although the results were the same. You need CVS HEAD. - -- ~ -- ~ Pascal Chong -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCJaUgmVdpiRJSldgRAo8/AJ0QnHZ9OAiWCnYZ307u+2f1MyMOAwCgksRt h0KffKXJ+tk+cU3JXD3TT7U= =Vgbu -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to disable PUT, DELETE http methods etc if not using container managed security?
Sorry, I blanked on this one. You also need the http-methodGET/http-method etc on the second (SSL) constraint. It's a pain, but the servlet-spec says you get the least restrictive combination of constraints. Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks Bill but I'm not sure it's working. Per your suggestion here's what I have now: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method http-methodPUT/http-method http-methodDELETE/http-method http-methodTRACE/http-method http-methodOPTIONS/http-method /web-resource-collection auth-constraint / /security-constraint security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint But, how do I verify that PUT's and DELETE's are blocked now? My vulnerability scanner still shows them as open: It seems that the PUT method is enabled on your web server Although we could not exploit this, you'd better disable it Solution : disable this method Risk factor : High BID : 12141 If I try to delete index.jsp through a telnet session: DELETE /index.jsp HTTP/1.1 I get this as a response: HTTP/1.1 400 Bad Request What's a good way to verify that DELETE is blocked? Can someone give a definitive test? Thanks - Original Message - From: Bill Barker [EMAIL PROTECTED] To: tomcat-user@jakarta.apache.org Sent: Saturday, February 26, 2005 3:33 PM Subject: Re: How to disable PUT, DELETE http methods etc if not using container managed security? For TC 5.x.x, you need two security-constraints to do what you want. One of them looks like your first example, and the other like your second example (except that you probably want auth-constraint /, which is deny all, instead of role-name/ which is deny to all but the blank role). Since you are forbidding all access, you could also drop the user-data-constraint on the second one (since with it, TC will first redirect a PUT to SSL, and then deny it). Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to prevent PUT or DELETE http methods if you're not using container managed security? If so, how? I already have this to force the use of https: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint What changes are needed? I tried this but it didn't seem to work: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method -- http-methodPUT/http-method -- http-methodDELETE/http-method -- http-methodTRACE/http-method-- http-methodOPTIONS/http-method -- /web-resource-collection auth-constraint role-name/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Inserting these statements seems to turn off the automatic enforcement of https which was achieved with the first version. Any ideas? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsvc.exec error on FC3
Chong Yu Meng [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, I'm trying to configure jsvc to work on a Fedora Core 3 system running Blackdown Java 1.4.2. I managed to do a configure and compile jsvc all right. I used the Tomcat5.sh script to start up and shutdown jsvc. The daemon starts up ok, but when shutting down, I get this error: Feb 28, 2005 3:23:40 PM org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8080 jsvc.exec error: Service exit with a return value of 143 When I do a shutdown using the shutdown.sh script, Tomcat shuts down gracefully. Is there a way to shutdown jsvc gracefully? Yes. Don't use the version that ships with Tomcat. - -- ~ -- ~ Pascal Chong -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFCItLzmVdpiRJSldgRAvmvAKCm9a0bCgMM/MyqAK3Z+didFbljDACeMLCI mTEsiSSYMKZjLouLXON4/Eo= =L0kT -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Startup
patrick et michelle [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi there, I'm a newcomer in Web technology and I need to understand how to configure Tomcat 3.3 In fact, I can see that the servlets examples offered with tomcat are located in tomcat\jakarta-tomcat-3.3.2\webapps\examples\web-inf\classes\whatever.class Although, the URL to invoke these servlets is HTTP://localhost:8080/examples/servlet/whatever.class How is this URL-directory path relation done ? (through what config file / what command / TAG ??) In the case of the examples, it's $TOMCAT_HOME/conf/apps-examples.xml. If TC 3.3 doesn't find a $TOMCAT_HOME/conf/apps-myapp.xml, it will also attempt to mount any directories found in $TOMCAT_HOME/webapps. If I want to build a web application and want to put a new directory structure, where do I put it and what configuration files do I have to modify in order to be able to invoke them through a URL. If you want to put your apps someplace other than $TOMCAT_HOME/webapps, you need to change/add the AutoWebApp and AutoDeploy elements in server.xml. If you just one one app someplace else, then you can do it easier by creating an apps-myapp.xml file with the docBase pointing to the correct place. Can somebody provide me with a step-by-step ? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Benefits of running Tomcat as a daemon with JSVC
Behrang Saeedzadeh [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Mladen, But not everything that runs when the system starts up is a daemon. For example, to run Tomcat as a daemon one needs to use JSVC (or something like that.) But it's also possible to write an init script for Tomcat and store it in /etc/init.d and add it to the list of the programs that are executed when the system starts up and in that init script only call Tomcat's startup.sh script. This won't run Tomcat as a daemon. In Linux, as you said, one can use daemons to run on ports 1024 but on Windows I doubt if the only benefit would be that to run a certain program when the Windows boots. That's pretty much it. About the only other benefit is to not tie up a TS session on your W2K+3 machine just to run Tomcat. Of course (thanks to Mladen), using procrun (aka tomcatw.exe) also gives you the nice GUI to do configuration :). Best Regards, Behrang S. On Sat, 26 Feb 2005 11:06:07 -0800, Shankar Unni [EMAIL PROTECTED] wrote: Mladen Turk wrote: Behrang Saeedzadeh wrote: What are the benefits of running an application like Tomcat with as a daemon (with JSVC) vs. running it like a normal application? In one sentence: Running as non-root on port 1024 In another sentence, starting up the service automatically on system startup. That's the big one. We actually run Tomcat as a non-root user, but we need to start it up automatically on system startup. On Windows, too - the same rationale. Making it start up as a service means you don't have to log in and start it up manually each time. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Behrang Saeedzadeh http://www.jroller.com/page/behrangsa - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to disable PUT, DELETE http methods etc if not using container managed security?
For TC 5.x.x, you need two security-constraints to do what you want. One of them looks like your first example, and the other like your second example (except that you probably want auth-constraint /, which is deny all, instead of role-name/ which is deny to all but the blank role). Since you are forbidding all access, you could also drop the user-data-constraint on the second one (since with it, TC will first redirect a PUT to SSL, and then deny it). Ted Anagnost [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Is there a way to prevent PUT or DELETE http methods if you're not using container managed security? If so, how? I already have this to force the use of https: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern /web-resource-collection !-- auth-constraint goes here if you requre authentication -- user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint What changes are needed? I tried this but it didn't seem to work: security-constraint web-resource-collection web-resource-nameProtected Context/web-resource-name url-pattern/*/url-pattern http-methodHEAD/http-method -- http-methodPUT/http-method-- http-methodDELETE/http-method -- http-methodTRACE/http-method-- http-methodOPTIONS/http-method -- /web-resource-collection auth-constraint role-name/role-name /auth-constraint user-data-constraint transport-guaranteeCONFIDENTIAL/transport-guarantee /user-data-constraint /security-constraint Inserting these statements seems to turn off the automatic enforcement of https which was achieved with the first version. Any ideas? Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Howto get Port in HttpServlet#init(ServletConfig)?
Patrick Wunderlich [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hey Tomcat Fans, is there a programmatically way to get the Http-Port in the HttpServlet#init(ServletConfig) method? No, for the simple reason that the Http-Port isn't well-defined during init. For example, if you have both a HTTP Connector and a HTTPS Connector defined, then the same servlet will serve requests on both port 80 and port 443. Kind Regards, Patrick Wunderlich (Germany) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can servlet mappings be done somewhere other than web.xml?
Yup. Tomcat 3.3 has the Invoker enabled by default (although 3.3 doesn't have a global web.xml file, so it's declared in server.xml :). Drew Jorgenson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Looks like the invoker servlet is being used, which is declared in the global web.xml file. The servlet-name and servlet-class that you see are used to map a name to a servlet, which are all accessed through /servlet/* Drew. On Tue, 2005-02-22 at 10:43, Beckle, Steven R wrote: I'm currently working on a legacy Tomcat 3.3 project that was developed (not by me) a couple of years ago, and I am having a heck of a time understanding how servlets are getting mapped properly. A typical URL in the application is of the form CONTEXT/servlet/servletName - nothing fancy there. However, the webapp's web.xml file contains no servlet-mapping tags, but just the servlet-name and servlet-class tags. Is there another way in Tomcat to map URL's to servlets, either through a server configuration setting or some other global information contained in a conf/xml file that I'm not aware of? My problem isn't that the servlets aren't being accessed - they display content fine. I'm for now just trying to understand how Tomcat is associating the URL string with the actual servlet class since there is no servlet mapping being done in the web.xml file. The servlets themselves reside in jar files under CONTEXT/WEB-INF/lib. Thank you. Steve Beckle Computer Associates tel: +1 (630) 505 6855 fax: +1 (630) 505 6983 [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connecting http-2.0.48 with tomcat 3.3.1a using jk connector.
Well, since 3.3.1a doesn't ship with the CoyoteConnector, you need to have the AJP13Connector in server.xml (it's enabled by default). I'm assuming that you aren't using the JNIConnector (although it's still supported in mod_jk 1.2.8 :). You need the Http10Connector if you want Tomcat to answer on 8080. Otherwise, you can follow Charles' suggestions, along with possibly 'ps'. [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hello, I have already installed the apache(http-2.0.48) and tomcat 3.3.1a in my Linux system. The jk connector is also installed. But now the problem is that I don't know how to test whether my tomcat is running or not. When I try to see giving the URL: http://IP http://ip/ Address:8080/ it doesn't display any pages. Could anyone give me a detailed procedure of how to test my tomcat is running? Regards, Varsha. Confidentiality Notice The information contained in this electronic message and any attachments to this message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. If you are not the intended recipient, please notify the sender at Wipro or [EMAIL PROTECTED] immediately and destroy all copies of this message and any attachments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: coyote standalone?
Adam Fisk [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Can I use Coyote HTTP 1.1 server outside of the rest of tomcat? I'm interested in just plugging in the coyote jar for serving static content using Jetty, but it appears to have dependencies on the rest of tomcat. I don't want to use the rest of Tomcat due to size constraints. Yes. You need to create a Coyote Adapter (org.apache.coyote.Adapter) that is responsible for wrapping the Coyote Request Response and passing them off to Jetty. Thanks. -Adam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Certificate Revocation List
Martin Dubuc [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Does Tomcat support certificate revocation list? If it does, could someone send me a pointer to a page that explains how to configure Tomcat to enable this? Not currently. It's something that probably could be added to TC 5.5 when using a 1.5 JVM. Regards, Martin __ Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. http://promotions.yahoo.com/new_mail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: issues using Tomcat 3.2.4 with JavaVM jdk 1.4.1?
Mieke Banderas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Are there any issues I should know about using Tomcat 3.2.4 with JavaVM jdk 1.4.1? I'm looking for general known info/bugs . I'm deploying on Mac OS X Server 10.2.6 and the bundled Tomcat 3.2.4 distribution. Other than it is unsupported, and the number of people who even remember how to use it is getting smaller, most of http://issues.apache.org/bugzilla/buglist.cgi?bug_status=__open__product=Tomcat+3 refers to issues in 3.2.4. Database is MySQL 3, which may change and Web server is Apache 1.3. I believe that 3.2.x only supports AJP/1.2, so you can't use mod_jk2. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session restart replication when using jsvc
Mark Thomas [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Bill Barker wrote: This is the old, buggy, code that ships with Tomcat. You need to get the code from commons-daemon CVS HEAD if you want shutdowns (and restarts) to work properly. Bill, Just thinking ahead to the next 4.1.x release - do you know if there is a commons-daemon release that includes the necessary fixes or does it have to be CVS head? There has only been the c-d 1.0 release, so, yes, it has to be CVS HEAD. Cheers, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Session restart replication when using jsvc
This is the old, buggy, code that ships with Tomcat. You need to get the code from commons-daemon CVS HEAD if you want shutdowns (and restarts) to work properly. Wade Chandler [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Trond G. Ziarkowski wrote: Hi Wolfgang! by using signal 9 you give Tomcat no chance to perform any further action. Maybe you omit -9 from your kill command. Thanks for the tip. Tried it, but same results. Trond - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Hmmm. Here is the source code of the jsvc-unix.c which is called upon a signal. static void handler(int sig) { switch (sig) { case SIGTERM: { log_debug(Caught SIGTERM: Scheduling a shutdown); if (stopping==true) { log_error(Shutdown or reload already scheduled); } else { stopping=true; } if (handler_trm!=NULL) (*handler_trm)(sig); break; } case SIGINT: { log_debug(Caught SIGINT: Scheduling a shutdown); if (stopping==true) { log_error(Shutdown or reload already scheduled); } else { stopping=true; } if (handler_int!=NULL) (*handler_int)(sig); break; } case SIGHUP: { log_debug(Caught SIGHUP: Scheduling a reload); if (stopping==true) { log_error(Shutdown or reload already scheduled); } else { stopping=true; doreload=true; } if (handler_hup!=NULL) (*handler_hup)(sig); break; } default: { log_debug(Caught unknown signal %d,sig); break; } } } So, from the text I would assume SIGINT and SIGTERM should perform the same shutdown behavior, but you can try to use kill -s SIGTERM pid or kill -s SIGINT pid and see what results you get. If it isn't behaving correctly then you need to maybe 1) You might want to make sure you don't have the serialization of session turned off some how...is it behaving correctly if you don't use jsvc? 2) You are using the right tomcat class to start it up...surely or you should get an errorI would imagine anywaysso maybe forget this altogether. 3) You might want to search the tomcat source code for the Daemon implementer class and locate the method stop to see if you can figure out if it is being called. It should be I would imagine since tomcat is stopping, but if it is not, then I guess it's a Daemon/jsvc error and you need to talk to that list. On another note same subject.You can look in the daemon src at the file /src/native/unix/native/java.c and you could put some code into the java_stop function to see if you can figure out if the function is going to call (through jni) the Daemon stop method correctly or not. REMEMBER: The Daemon startup code does not force the class used as a Daemon to actually implemnt the interface through source code, but the class can simply have the correct methods.only know this because of the source code not any docsdon't know if Tomcat does this or not. 4) You might look in your jsvc error file...where ever you have put it and look for the text 'Cannot stop daemon' or 'Cannot found Daemon Loader stop entry point'that mis type of Cannot foundis really in the logging of the 1.0 release source code. Because even though you get this text and tomcat goes awaythe method to stop may not have been found and the jsvc process is going to kill the JVM anyways. Hope some of that helps Wade - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cleint Side Certificates
Julian W H Osborne [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dear All, I've been trying to get client/server certificates working with tomcat now for a while and I'm not having much success. I have generated certificates which have worked successfully with apache but not tomcat. I decided to script what I needed to do, so hopefully if anyone can see a problem with what I am doing they can help!! I've modified the servers.xml file to clientAuth=true (btw everything works if it is false), and I've added the path for the key store and the password for the key store, other than that there is nothing unusual in the the config file. Well, that's your problem then ;-). You need to configure your truststore to tell Tomcat how to validate client certs. For TC 5.x.x, you need to add truststoreFile=/path/to/trust.store and truststorePass=your-password-here to your Connector element in server.xml. The openssl.cnf file has only been modified to include valid DN enteries. I've pasted the script I am using below. Any help greatfully received. Thanks Julian #!/bin/sh SSL_DIR=/usr/share/ssl/ JAVA_BIN=/usr/java/j2sdk1.4.2_04/jre/bin/ KEYTOOL=${JAVA_BIN}keytool KEYSTORE_TYPE=jks KEYSTORE=${SSL_DIR}java/$1-keystore.${KEYSTORE_TYPE} echo Extracting Private Key ... echo Enter Private Key Password: stty_orig=`stty -g` stty -echo read PASSWORD stty $stty_orig DN='CN='$1', OU=it-dept, O=IMS MAXIMS Plc, L=Milton Keynes, S=Buckinghamshire, C=GB' CACERT=${SSL_DIR}imscacert.pem cd ${SSL_DIR}java echo Using ${DN} ... echo Generating key ... ${KEYTOOL} -genkey -dname ${DN} -alias tomcat -keyalg RSA -keystore ${KEYSTORE} -storetype ${KEYSTORE_TYPE} -keypass ${PASSWORD} -storepass ${PASSWORD} echo Generating certificate request ... ${KEYTOOL} -certreq -keyalg RSA -alias tomcat -file $1.csr -keystore ${KEYSTORE} -storetype ${KEYSTORE_TYPE} -storepass ${PASSWORD} -keypass ${PASSWORD} echo Exporting key ... ${KEYTOOL} -export -alias tomcat -keystore ${KEYSTORE} -file $1-exported.crt -storepass ${PASSWORD} echo Converting key ... openssl x509 -out $1-exported.pem -outform pem -text -in $1-exported.crt -inform der ${JAVA_BIN}java ExportPriv ${KEYSTORE} tomcat ${PASSWORD} $1.key cp $1.csr ${SSL_DIR}clients/requests/ cp $1.key ${SSL_DIR}clients/keys/ cd ${SSL_DIR}clients echo Signing server-side certificate ... openssl ca -out ./completed/$1.crt -infiles ./requests/$1.csr echo Converting certificate ... openssl x509 -in ./completed/$1.crt -out ./completed/$1.pem echo Signing client-side certificate openssl pkcs12 -export -in ./completed/$1.pem -inkey ./keys/$1.key -out ./client-side/$1.p12 cd ${SSL_DIR}java echo Updating root certificate in keystore ... ${KEYTOOL} -import -trustcacerts -alias IMS MAXIMS CA -keystore ${KEYSTORE} -storetype ${KEYSTORE_TYPE} -file ${CACERT} -storepass ${PASSWORD} echo Updating server-side certificate in keystore ${KEYTOOL} -import -trustcacerts -alias tomcat -keystore ${KEYSTORE} -storetype ${KEYSTORE_TYPE} -file ${SSL_DIR}clients/completed/$1.pem -storepass ${PASSWORD} - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat redirecting when base URI doesn't have trailing slash
Not strictly true. If you have a '/*' mapping, then Tomcat won't redirect. Shapira, Yoav [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, To question #2: no. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Tauzell, Dave [mailto:[EMAIL PROTECTED] Sent: Tuesday, December 14, 2004 9:32 AM To: [EMAIL PROTECTED] Subject: Tomcat redirecting when base URI doesn't have trailing slash Hi, I recently upgraded to Tomcat 5.0 (running under JBoss) and am using the Slide webdav servlet. I used to point to: http://my.url.com/webdav to access our slide repository. Now when I do that I get a 302 redirect sent back which directs my client to http://my.url.com/webdav/. This makes sense, but it is a problem for WebDrive clients as they don't support the redirect. My questions: 1. Has anybody else dealt with this? 2. Is there anything I can do to not have the redirect happen? Thanks, Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK 1.2.7 Problem?
You could also set the logging level to DEBUG for the category 'org.apache.jk'. That should give you a hex dump of the problem message with the exception. The exception is when Tomcat is parsing the Content-Length header. However, since it is working on the retry (inferred because it isn't reported to the user), I'm guessing that Mladen is probably correct about the cause. Allistair Crossley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Will do. I am off now so it will be tomorrow before I can post anything. Cheers, Allistair, -Original Message- From: Mladen Turk [mailto:[EMAIL PROTECTED] Sent: 13 December 2004 18:02 To: Tomcat Users List Subject: Re: JK 1.2.7 Problem? Allistair Crossley wrote: Hi, I'm afraid I cannot tell you too much about this. I have no idea why or how I am generating these errors. I'm just stepping around my test web site and and every now and again this error is dumped into stdout. I think it may be the JK 1.2.7 beta 2. It's running as an IIS 5 ISAPI filter to Tomcat 5.5.5. No error is propogated to the user, it seems to be silent. Hi can you test the newst beta-3. It might be that you have a socket_timeout property set in your config that was using milliseconds instead seconds. The binaries are at: http://www.apache.org/dist/jakarta/tomcat-connectors/jk/binari es/win32/ Also could you please turn log level to trace and post a log. Regards, Mladen. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] FONT SIZE=1 FACE=VERDANA,ARIAL COLOR=BLUE --- QAS Ltd. Developers of QuickAddress Software a href=http://www.qas.com;www.qas.com/a Registered in England: No 2582055 Registered in Australia: No 082 851 474 --- /FONT - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Registry problems followed by OutOfMemory errors
Asim Alp [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Thanks for the quick reply! How can I turn off JMX request registration? I tried to find it in the Tomcat documentation, but all I could find was the MBean Descriptor How To which wasn't very helpful. I doubt that we need it. Set request.registerRequests=false on the Connector. I will look into the resource problem. I doubt that we're running out of threads, because 1000 of them should be more than enough. Another resource problem could be the number of SQL connections, but on our SQL Side (MySQL), max_connections is set to 5000 which is about 7 times more than we need. Number of file descriptors might be a problem. For each web application, we have to load properties files and these files are automatically checked once every minute for possible updates. How can I configure the number of file descriptors? Thank you very much! Asim On Dec 10, 2004, at 11:02 AM, Shapira, Yoav wrote: Hi, Do you need JMX request registration? If not, turn it off by setting it to false in the configuration file. That'll save you some memory by itself. Your OOME is the root cause, so if you fix that the hundreds of others errors will likely go away. The OOME, in turn, is probably caused not because you're out of heap memory, but because you're out of another resource, such as file descriptors or threads. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Asim Alp [mailto:[EMAIL PROTECTED] Sent: Friday, December 10, 2004 10:59 AM To: Tomcat Users List Subject: Registry problems followed by OutOfMemory errors Here is our configuration: Windows Server 2003 Apache 2.0.49 (Win32) mod_ssl/2.0.51 OpenSSL/0.9.7d DAV/2 mod_jk/1.2.6 Tomcat 5.5.4 sun jdk 1.5.0-b64 We have a 2 node tomcat cluster each running with the -Xms128m -Xmx1024m options. We have the following thread options set in the AJP/1.3 connector: maxThreads=1000 minSpareThreads=50 maxSpareThreads=300 And the following corresponding values in our workers.properties (same for each tomcat) worker.tomcat1.type=ajp13 worker.tomcat1.cachesize=300 worker.tomcat1.cache_timeout=60 worker.worker1.local_worker=1 worker.tomcat1.lbfactor=1 worker.tomcat1.connect_timeout = 1000 worker.tomcat1.prepost_timeout = 1000 worker.tomcat1.reply_timeout = 7000 ... worker.loadbalancer.local_worker_only=0 We have a heavily loaded database application running. Same application runs on about 180 different virtual hosts on each Tomcat. We did profiling with JProfile and couldn't find any memory leaks in our application. Each Tomcat works perfect for about 8 to 10 hours, then all of a sudden, they start hanging (not necessarily at the same time). We monitor our heap memory very closely and we usually have enough FREE memory (more than 25%) when the following errors occur: First, we get a couple of SEVERE registering errors: record date2004-12-09T18:19:51/date millis1102634391333/millis sequence270/sequence loggerorg.apache.commons.modeler.Registry/logger levelSEVERE/level classorg.apache.commons.modeler.Registry/class methodregisterComponent/method thread44/thread messageError registering Catalina:type=RequestProcessor,worker=jk-8009,name=JkRequest2291/ message exception messagejavax.management.InstanceAlreadyExistsException: Catalina:type=RequestProcessor,worker=jk-8009,name=JkRequest2291/ message frame classcom.sun.jmx.mbeanserver.RepositorySupport/class methodaddMBean/method line452/line /frame frame classcom.sun.jmx.interceptor.DefaultMBeanServerInterceptor/class methodinternal_addObject/method line1410/line /frame /exception /record record date2004-12-09T18:19:51/date millis1102634391333/millis sequence271/sequence loggerorg.apache.jk.common.ChannelSocket/logger levelWARNING/level classorg.apache.jk.common.ChannelSocket/class methodregisterRequest/method thread44/thread messageError registering request/message /record Followed by a couple of java.lang.OutOfMemoryError: PermGen space messages record date2004-12-09T21:48:25/date millis1102646905849/millis sequence294/sequence loggerStandardWrapper[/apps:jsp]/logger levelSEVERE/level classorg.apache.catalina.core.StandardWrapperValve/class methodinvoke/method thread47/thread messageServlet.service() for servlet jsp threw exception/message exception messagejava.lang.OutOfMemoryError: PermGen space/message /exception /record ... Followed by HUNDREDS (basically for each thread) of Error unregistering mbean messages record date2004-12-09T21:53:29/date millis1102647209630/millis sequence302/sequence loggerorg.apache.commons.modeler.Registry/logger levelSEVERE/level classorg.apache.commons.modeler.Registry/class methodunregisterComponent/method thread20/thread messageError unregistering mbean /message exception
Re: Tomcat synchronous shutdown?
Kevin A. Burton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Shapira, Yoav wrote: The semantic of restart only if you feel like it is useless IMHO. You either want a restart or you don't. If there's an error serious enough to prevent shutdown, you want to look into it anyways. But since your use-case apparently calls for this functionality, go ahead, do it, and have fun ;) I'd probably -1 any proposed patches as useless bloat. It isn't like this functionaliy is new. Most major daemons in existance implement this. Apache, MySQL, Postgres, Sendmail, I could go on. Use jsvc from commons-daemon. It implements restart semantics (at least if you don't use the one that ships with Tomcat :). In fact Tomcat is the odd man out on this guy. Every single daemon on my Unix box implements this version of semantic control except Tomcat. The major issue is for scripts. Even most major Linux distribution tools like the sysv init tools under KDE assume that scripts can do shutdown correctly or return an error code. Kevin -- Use Rojo (RSS/Atom aggregator). Visit http://rojo.com. Ask me for an invite! Also see irc.freenode.net #rojo if you want to chat. Rojo is Hiring! - http://www.rojonetworks.com/JobsAtRojo.html If you're interested in RSS, Weblogs, Social Networking, etc... then you should work for Rojo! If you recommend someone and we hire them you'll get a free iPod! Kevin A. Burton, Location - San Francisco, CA AIM/YIM - sfburtonator, Web - http://peerfear.org/ GPG fingerprint: 5FB2 F3E2 760E 70A8 6174 D393 E84D 8D04 99F1 4412 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: trustStore details in server.xml
You mean something like: Connector port=443 secure=true scheme=https keystoreFile=/path/to/key.store keystorePass=changeit keystoreType=jks truststoreFile=/path/to/trust.store truststorePass=changeit truststoreType=jks / Sunitha Kumar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi , Is there a way we could mention this in server.xml? Similar to the keyStore. thanks, -sunitha - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.0.28 - How to stop Jasper JSP compiler from evaluting JSTL expressions
Jerry Rodgers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Oh so close : I thought you had it. Now my Tomcat JSP generated code looks a bit more like I would expect: _jspx_th_core_forEach_0.setItems(new String(${topnav})); However by setting that variable now the jstl tags do not evaluate the expression either. The tags must key off that attribute too to know whether to run the expression evaluator. I guess my first email must be clarified to be how do I stop jsp from evaluating rtexpressions and yet still allow jstl to evaluate them within their tags With isELIgnored set to it's default value of false, the following should evaluate to the string you want: core:forEach var=menuItem varStatus=status items=${'${'topnav} -Jerry -Original Message- From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker Sent: Saturday, December 04, 2004 12:17 PM To: [EMAIL PROTECTED] Subject: Re: Tomcat 5.0.28 - How to stop Jasper JSP compiler from evaluting JSTL expressions Try: [EMAIL PROTECTED] isELIgnored=true % Jerry Rodgers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am having a problem where the parameter this is passed to my setItems() method of the jstl forEach tag is actually the .toString() version of my collection. This appears to be because the servlet code generated by Tomcat - Jasper actually evaluates the expression and then use the coerce to string on my collection. I was under the impression that the generated jsp code should only set the items property to the runtime expression and then the tag is actually the one that evaluates the expression. Here is the problem/question. How do I make Tomcat NOT evaluate my expression in the JSP because the jstl for:each tags actually have the expression evaluation built into them. Just as a test when I changed the value of the parameter in the setItems() back to my expression ${topnav} - then hit resume my page works correctly. What I am currently passed by Jasper is a long string that is the .toString() on all my items. // Tomcat generated this _jspx_th_core_forEach_0.setItems((java.lang.String) org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(${topnav}, java.lang.String.class, (PageContext)_jspx_page_context, null, false)); // Weblogic generated this, _core_forEach0.setItems(weblogic.utils.StringUtils.valueOf(${topnav})); //[ /layout/nav/top/default.jsp; Line: 13] When I tried to set the rtexpressionfalse/rtexpression in the tld for the items attribute then of course jasper complained and gave me this exception. org.apache.jasper.JasperException: /layout/default.jsp(14,4) According to TLD or attribute directive in tag file, attribute items does not accept any expressions I need jasper to allow the expression but not execute it. How do I do this? Other details. - my jsp page tiles:importAttribute / core:forEach var=menuItem varStatus=status items=${topnav} html:message name=menuItem property=value/ /core:forEach I have tested this with both version 1.0.6 and 1.1. of the jstl tags. Same behavior in both. It doesn't appear to be the tags fault but rather Jasper. Thanks everyone, Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk_uri_worker_map_t::map_uri_to_worker, done without a match
Context path= docBase=ROOT Listener className=org.apache.ajp.tomcat4.config.ApacheConfig noRoot=false forwardAll=true / /Context Thomas Charles Robinson [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Ok, so since nobody else knows this: If I take the auto/mod_jk.conf auto generated from ApacheConfig and make some manual edits to include: JkMount / ajp13 JkMount /* ajp13 It all seems to work. Of course, the next question is how to get this auto generated! (why do I feel like I'm talking to myself)! t. On Fri, 2004-12-03 at 23:46, Thomas Charles Robinson wrote: Hi, I'm trying to configure tomcat 4.1.30 but at the moment I can't get the examples to serve using mod_jk 1.2.5 apache 2.0.50. I keep getting the error below. I've tried various different things in the server.xml and mod_jk.conf (for apache) but can't get it to work. Does anyone have any clues as to what the problem is and/or to some documentation about how to fix it? Best regards, Tom [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/index.php' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/index.php' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/index.html' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (486)]: Into jk_uri_worker_map_t::map_uri_to_worker [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (500)]: Attempting to map URI '/index.html' [Fri Dec 03 19:08:40 2004] [jk_uri_worker_map.c (618)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match On Wed, 2004-12-01 at 16:10, Thomas Charles Robinson wrote: Hi, Can anyone please help me? I've been looking at this for a couple of weeks now and still have had no success t. On Wed, 2004-12-01 at 02:08, Thomas Charles Robinson wrote: Hi Again, Sorry about the long email. I've included all my logging with the configs. I've read the documentation and had some clarifications on JK/JK2 but still can't get this to work. What am I doing wrong here? Any help is appreciated and thanks in advance. I'm trying to get tomcat4 (4.1.30) to work with apache (2.0.50) using mod_jk (1.2.5) on Fedora Core 1 but so far can only get it to serve content via the CoyoteConnector and Http on port 8080 (i.e. accessing http://kennetwww:8080 is fine) - see logging below: == tomcat4/catalina_log.2004-12-01.txt == 2004-12-01 01:56:44 StandardEngine[Standalone]: Mapping server name 'kennetwww' 2004-12-01 01:56:44 StandardEngine[Standalone]: Trying a direct match == tomcat4/kennetwww_log.2004-12-01.txt == 2004-12-01 01:56:44 StandardHost[kennetwww]: Mapping request URI '/' 2004-12-01 01:56:44 StandardHost[kennetwww]: Trying the longest context path prefix 2004-12-01 01:56:44 StandardHost[kennetwww]: Mapped to context '' 2004-12-01 01:56:44 default: DefaultServlet.serveResource: Serving resource '/' headers and data == tomcat4/catalina_log.2004-12-01.txt == 2004-12-01 01:56:45 StandardEngine[Standalone]: Mapping server name 'kennetwww' 2004-12-01 01:56:45 StandardEngine[Standalone]: Trying a direct match == tomcat4/kennetwww_log.2004-12-01.txt == 2004-12-01 01:56:45 StandardHost[kennetwww]: Mapping request URI '/index.jsp' 2004-12-01 01:56:45 StandardHost[kennetwww]: Trying the longest context path prefix 2004-12-01 01:56:45 StandardHost[kennetwww]: Mapped to context '' 2004-12-01 01:56:45 jsp: init But when I try to connect directly to the host using the CoyoteConnector with the JkCoyoteHandler on port 8009, I see
Re: more logging in tomcat 5.5
Jeff Ousley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] hello! forgive the rambling nature of this message. my basic question is how do i get more detailed logging out of tomcat. i'm trying to set up a JNDIRealm to authenticate to an ldap server. in my realm config i've got the debug=99 name/value pair. my realm is included inside my host container. i see no debug output anywhere. where should i see this output? The 'debug' attribute has been removed in 5.5, and so is simply quietly ignored. i also have an accesslog valve inside the host container like this: Valve className=org.apache.catalina.valves.AccessLogValve prefix=localhost_access_log. suffix=.out pattern=combined/ the localhost_access_log... files are being created with very minimal information in them. is this where the debug output from the realm should go, or in the catalina.out directory? i've also followed the steps exactly to try and configure log4j as found here: http://jakarta.apache.org/tomcat/tomcat-5.5-doc/logging.html after stopping and restarting tomcat, my log4j settings seem to have made no difference. they don't seem to be working at all. my log file as specified in the log4j.properties file is not being created. is there something further i must do to get this working? To configure Tomcat logging via log4j, you need to download commons-logging, and copy commons-logging.jar (*not* commons-logging-api.jar) to $CATALINA_HOME/common/lib. is there anything i can do to get more detailed logging out of tomcat and especially my realm config? sorry for the mess of questions. i appreciate any help, direction, or guidance! -jeff - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 5.0.28 - How to stop Jasper JSP compiler from evaluting JSTL expressions
Try: [EMAIL PROTECTED] isELIgnored=true % Jerry Rodgers [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi, I am having a problem where the parameter this is passed to my setItems() method of the jstl forEach tag is actually the .toString() version of my collection. This appears to be because the servlet code generated by Tomcat - Jasper actually evaluates the expression and then use the coerce to string on my collection. I was under the impression that the generated jsp code should only set the items property to the runtime expression and then the tag is actually the one that evaluates the expression. Here is the problem/question. How do I make Tomcat NOT evaluate my expression in the JSP because the jstl for:each tags actually have the expression evaluation built into them. Just as a test when I changed the value of the parameter in the setItems() back to my expression ${topnav} - then hit resume my page works correctly. What I am currently passed by Jasper is a long string that is the .toString() on all my items. // Tomcat generated this _jspx_th_core_forEach_0.setItems((java.lang.String) org.apache.jasper.runtime.PageContextImpl.proprietaryEvaluate(${topnav}, java.lang.String.class, (PageContext)_jspx_page_context, null, false)); // Weblogic generated this, _core_forEach0.setItems(weblogic.utils.StringUtils.valueOf(${topnav})); //[ /layout/nav/top/default.jsp; Line: 13] When I tried to set the rtexpressionfalse/rtexpression in the tld for the items attribute then of course jasper complained and gave me this exception. org.apache.jasper.JasperException: /layout/default.jsp(14,4) According to TLD or attribute directive in tag file, attribute items does not accept any expressions I need jasper to allow the expression but not execute it. How do I do this? Other details. - my jsp page tiles:importAttribute / core:forEach var=menuItem varStatus=status items=${topnav} html:message name=menuItem property=value/ /core:forEach I have tested this with both version 1.0.6 and 1.1. of the jstl tags. Same behavior in both. It doesn't appear to be the tags fault but rather Jasper. Thanks everyone, Jerry - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Ajp12Interceptor: HANDLER THREAD PROBLEM
It looks like you DocumentRoot in Apache isn't matching up with the ROOT context in Tomcat. As a start, you could find the ApacheConfig element in server.xml, and add the attribute 'noRoot=false'. Then run $TOMCAT_HOME/bin/tomcat run -jkconf You should then compare $TOMCAT_HOME/conf/auto/mod_jk.conf with your Apache configuration as a hint for what isn't matching up. Mayuresh Kshirsagar [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi All, I have set up a website on my test machines using Apache1.3 Tomcat3.3.2 and mod_jk. While connecting to http://localhost/ I get the following error shown for Tomcat. Also attaching the error.log of httpd.conf. 2004-12-02 14:11:51 - Ctx() : Class not found: TOMCAT/JSP/index.jsp 2004-12-02 14:11:51 - Ctx() : Status code:404 request:R( + /index.jsp + null) m sg:null 2004-12-02 14:11:53 - Ctx() : Status code:404 request:R( + /index.jsp + null) m sg:null 2004-12-02 14:17:48 - Ctx() : Status code:404 request:R( + /index.jsp + null) m sg:null 2004-12-02 14:26:24 - Ajp12Interceptor: HANDLER THREAD PROBLEM - java.io.IOExcep tion: Stream broken at org.apache.tomcat.modules.server.Ajp12.readNextRequest(Ajp12.java:277 ) at org.apache.tomcat.modules.server.AJP12Request.readNextRequest(Ajp12In terceptor.java:215) at org.apache.tomcat.modules.server.Ajp12Interceptor.processConnection(A jp12Interceptor.java:178) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :571) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:644) at java.lang.Thread.run(Thread.java:534) error.log- [Thu Dec 02 14:17:36 2004] [warn] module mod_jk.c is already added, skipping program files/apache group/apache/htdocs/manual/urlmapping.html [Wed Dec 01 16:16:58 2004] [error] [client 127.0.0.1] File does not exist: d:/program files/apache group/apache/htdocs/manual/urlmapping.html [Wed Dec 01 16:17:34 2004] [error] [client 127.0.0.1] File does not exist: d:/program files/apache group/apache/htdocs/manual/urlmapping.html [Wed Dec 01 16:54:14 2004] [error] [client 127.0.0.1] File does not exist: d:/program files/apache group/apache/htdocs/manual/urlmapping.html Apache server shutdown initiated... Apache server shutdown initiated... [Wed Dec 01 19:13:38 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-on.gif [Wed Dec 01 19:13:38 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-off.gif [Wed Dec 01 19:14:25 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-on.gif [Wed Dec 01 19:14:25 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-off.gif [Wed Dec 01 19:15:24 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-on.gif [Wed Dec 01 19:15:24 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-off.gif [Wed Dec 01 21:52:25 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-on.gif [Wed Dec 01 21:52:25 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-off.gif [Thu Dec 02 12:08:50 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-on.gif [Thu Dec 02 12:08:50 2004] [error] [client 127.0.0.1] File does not exist: /usr/local/apache/support.cp.net/images/myprofile-off.gif [Thu Dec 02 13:49:40 2004] [warn] module mod_jk.c is already added, skipping [Thu Dec 02 14:10:57 2004] [warn] module mod_jk.c is already added, skipping [Thu Dec 02 14:12:32 2004] [warn] module mod_jk.c is already added, skipping [Thu Dec 02 14:17:35 2004] [warn] module mod_jk.c is already added, skipping Could you please show me a way ? Thanks. Mayuresh. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Does Tomcat 5.5 support jikes?
Kevin A. Burton [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Kevin A. Burton wrote: This isn't fun: -- !-- If you wish to use Jikes to compile JSP -- !-- Set the init parameter compiler to jikes. -- !-- the property -Dbuild.compiler.emacs=true when starting cat-- !-- by adding the above to your CATALINA_OPTS environment iable.-- !-- If you get an error reporting that jikes can't use UTF8 encoding, -- !-- try setting the init parameter javaEncoding to -8859-1. -- But I follow these instructions (as I did with Tomcat 5.0) and Tomcat 5.5 STILL uses jdtool! Any thoughts? It looks like the web.xml configuration is lying about a number of things. Tomcat 5.5 ONLY used the JDTCompiler and will never use the AntCompiler. Theres not even a way to tell it to use one or the other. The only way (currently) to use the AntCompiler is to remove the jasper-compiler-jdt.jar and install ant.jar and ant-launcher.jar instead. Thus fork, jikes, etc don't matter anymore. Kevin -- Use Rojo (RSS/Atom aggregator). Visit http://rojo.com. Ask me for an invite! Also see irc.freenode.net #rojo if you want to chat. Rojo is Hiring! - http://www.rojonetworks.com/JobsAtRojo.html If you're interested in RSS, Weblogs, Social Networking, etc... then you should work for Rojo! If you recommend someone and we hire them you'll get a free iPod! Kevin A. Burton, Location - San Francisco, CA AIM/YIM - sfburtonator, Web - http://peerfear.org/ GPG fingerprint: 5FB2 F3E2 760E 70A8 6174 D393 E84D 8D04 99F1 4412 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Shutdown error Tomcat 5.5.4 and jdk1.5.0 on Fedora
Daemon 1.0 is what ships with Tomcat. You need 1.1-dev (aka CVS HEAD). Phill Ashworth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I was using the jsvc bundled with Tomcat, I've also tried with the latest from Commons Daemon 1.0 and it makes no difference. Debug posted below if that's any help. On Nov 29, 2004, at 12:16 AM, Bill Barker wrote: I'm running Tomcat 5.5.4 and jdk1.5.0 on Fedora Core 3 and when I stop Tomcat using the supplied Tomcat5.sh script I always get - jsvc.exec error: Service exit with a return value of 143 Can someone please explain this error, is it something I should be concerned about? It means that Tomcat died a horrible death, without being able to do a clean shutdown. If you care about shutdown-processing (e.g. 'destroy' being called on servlets), then you should use a more recent version of jsvc. jsvc.exec debug: Caught SIGTERM: Scheduling a shutdown jsvc.exec debug: Shutdown or reload requested: exiting [Loaded sun.net.util.IPAddressUtil from shared objects file] [Loaded java.util.regex.MatchResult from shared objects file] [Loaded java.util.regex.Matcher from shared objects file] [Loaded sun.misc.Signal$1 from /usr/local/java/jdk1.5.0/jre/lib/rt.jar] [Loaded java.util.SubList from shared objects file] [Loaded java.util.RandomAccessSubList from shared objects file] [Loaded java.util.ListIterator from shared objects file] [Loaded java.util.SubList$1 from shared objects file] [Loaded java.util.AbstractList$ListItr from shared objects file] [Loaded java.net.SocksSocketImpl$5 from shared objects file] [Loaded java.net.ProxySelector from shared objects file] [Loaded sun.net.spi.DefaultProxySelector from shared objects file] [Loaded sun.net.spi.DefaultProxySelector$1 from shared objects file] [Loaded sun.net.NetProperties from shared objects file] [Loaded sun.net.NetProperties$1 from shared objects file] [Loaded sun.net.spi.DefaultProxySelector$NonProxyInfo from shared objects file] [Loaded java.util.regex.ASCII from shared objects file] [Loaded java.util.regex.Pattern$GroupCurly from shared objects file] [Loaded java.net.InetAddress$CacheEntry from shared objects file] [Loaded java.net.Inet6Address from shared objects file] [Loaded sun.net.spi.DefaultProxySelector$2 from shared objects file] [Loaded java.net.Proxy from shared objects file] [Loaded java.net.Proxy$Type from shared objects file] [Loaded java.net.Socket$2 from /usr/local/java/jdk1.5.0/jre/lib/rt.jar] [Loaded java.net.SocketInputStream from /usr/local/java/jdk1.5.0/jre/lib/rt.jar] [Loaded java.net.Socket$3 from /usr/local/java/jdk1.5.0/jre/lib/rt.jar] [Loaded java.net.SocketOutputStream from /usr/local/java/jdk1.5.0/jre/lib/rt.jar] 29-Nov-2004 06:26:23 org.apache.coyote.http11.Http11Protocol pause INFO: Pausing Coyote HTTP/1.1 on http-8090 [Loaded org.apache.jk.common.SocketConnection from file:/usr/local/java/jakarta-tomcat-5.5.4/server/lib/tomcat-ajp.jar] jsvc.exec error: Service exit with a return value of 143 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Shutdown error Tomcat 5.5.4 and jdk1.5.0 on Fedora
Phill Ashworth [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm running Tomcat 5.5.4 and jdk1.5.0 on Fedora Core 3 and when I stop Tomcat using the supplied Tomcat5.sh script I always get - jsvc.exec error: Service exit with a return value of 143 Can someone please explain this error, is it something I should be concerned about? It means that Tomcat died a horrible death, without being able to do a clean shutdown. If you care about shutdown-processing (e.g. 'destroy' being called on servlets), then you should use a more recent version of jsvc. Thanks Phil - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: servlet config on apache 1.3 tomcat 3.3
Since your context is called '/servlet', the correct URL is http://www.example.com/servlet/servlet/HelloServlet (without a servlet-mapping) or http://www.example.com/servlet/servlet/helloservlet (with a servlet-mapping). You probably want to change your servlet-mapping to have: url-pattern/helloservlet/url-pattern. Marek Podmaka [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Hi! I'm trying to set up servlet access on one virtual host using apache 1.3.26, tomcat 3.3 and mod_jk 3.3, all on debian stable. Myself I don't use jsp or servlets, so I'm little confused with all those java-specific terms. I was trying to get it to work using many howtos (found by google), but there is still something wrong. *** OK, so this is how my httpd.conf looks like: IfModule mod_jk.c # The following line is for apacheconfig - DO NOT REMOVE! JkWorkersFile /etc/tomcat/jk/workers.properties JkLogFile /usr/share/tomcat/logs/mod_jk.log JkLogLevel info JkMount /*.jsp vhosts JkMount /servlet/* vhosts /IfModule VirtualHost *:80 ServerName www.example.com DocumentRoot /home/web/example.com/www /VirtualHost *** File /etc/tomcat/jk/workers.properties: worker.list=vhosts worker.vhosts.port=8009 worker.vhosts.host=localhost worker.vhosts.type=ajp13 worker.vhosts.lbfactor=1 worker.vhosts.socket_timeout=60 *** File /etc/tomcat/apps-vhosts.xml ?xml version=1.0 encoding=ISO-8859-1? Server Host name=www.example.com Context path=/servlet docBase=/home/web/example.com/www/servlet debug=1/ /Host /Server *** File /etc/tomcat/server.xml ?xml version=1.0 encoding=ISO-8859-1? Server ContextManager workDir=work LoaderInterceptor11 useApplicationLoader=true use11Loader=true / TrustedLoader / LogSetter name=tc_log timestamps=true verbosityLevel=INFORMATION / LogEvents enabled=false / !-- Backward compat: read the Context declarations from server.xml-- ContextXmlReader config=conf/server.xml / !-- Separated Context -- ContextXmlReader config=conf/apps.xml / AutoDeploy source=modules target=modules redeploy=true / AutoWebApp dir=modules host=DEFAULT trusted=true/ AutoDeploy source=webapps target=webapps / AutoWebApp dir=webapps host=DEFAULT / PolicyLoader securityManagerClass=java.lang.SecurityManager policyFile=conf/tomcat.policy / SimpleMapper1 / SessionExpirer checkInterval=60 / !-- For development you can use randomClass=java.util.Random -- SessionIdGenerator randomClass=java.security.SecureRandom randomFile=/dev/urandom / LogSetter name=servlet_log timestamps=true verbosityLevel = INFORMATION path=logs/servlet.log / LogSetter name=JASPER_LOG timestamps=true path=logs/jasper.log verbosityLevel = INFORMATION / WebXmlReader validate=true / ErrorHandler showDebugInfo=true / WorkDirSetup cleanWorkDir=false / Jdk12Interceptor / !-- Non-standard invoker, for backward compat. ( /servlet/* ) -- InvokerInterceptor / !-- you can add javaCompiler=jikes -- JspInterceptor keepGenerated=true largeFile=false useJspServlet=false javaCompiler=jikes / StaticInterceptor listings=true / ReloadInterceptor fullReload=true / SimpleSessionStore maxActiveSessions=-1 / AccessInterceptor / CredentialsInterceptor / SimpleRealm filename=conf/users/global-users.xml / LoadOnStartupInterceptor / Servlet22Interceptor / DecodeInterceptor / SessionId cookiesFirst=true noCookies=false / JniConnector / Ajp13Connector port=8009 address=127.0.0.1 pools=true / /ContextManager /Server *** File /home/web/example.com/www/servlet/WEB-INF/web.xml ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app servlet servlet-nameHelloServlet/servlet-name servlet-classHelloServlet/servlet-class /servlet servlet-mapping servlet-nameHelloServlet/servlet-name url-pattern/servlet/helloservlet/url-pattern /servlet-mapping /web-app OK, so tomcat and apache are running, request to http://www.example.com/servlet/hello.jsp is correctly processed by tomcat. But trying to access http://www.example.com/servlet/helloservlet gives out 404 error: Original request: /servlet/helloservlet Not found request: /servlet/helloservlet and I don't know why. I have file HelloServlet.class in classes subdir of WEB-INF. All tomcat-related logs are
Re: How to add a request filter for TC5.5.3? It was working for TC5.0.29!
Valves (and other custom components, like Realms) written for TC 5.0.x will at the very least have to be re-compiled to work for TC 5.5.x. More likely, there will have to be code changes to make them work. That's just the price you pay for relying on TC internals ;-). David Lee [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Dear Folks, I have a test request filter on TC5.0.29. It is defined in server.xml as follows and it works: conf\server.xml: Context path= docBase=ROOT debug=0 Valve className=com.oreilly.tomcat.valves.BadInputFilterValve deny=\x00,\x04,\x08,\x0a,\x0d/ /Context How do I move this context into TC5.5.3, I tried to put it into conf\context.xml file and I saw the errors when I started TC5.5.3. I struggle for a while and still don't know how to do it? Thanks in advance for any help David Lee - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins.
Thanks for the report. http://nagoya.apache.org/eyebrowse/[EMAIL PROTECTED]msgNo=81697 Allistair Crossley [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Yoav, Has this one been noted by your good self for invesigation or propogation to the appropriate place? It's still all over our logs. Allistair -Original Message- From: Allistair Crossley Sent: 19 November 2004 14:47 To: Tomcat Users List Subject: RE: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins. Hi OK, ran an e-Load script covering home page (database query heavy), 2 navigations (medium) and 1 full text search. Under a load of 50 virtual users (started at same time) * 2 iterations of the script, this produces more load then normal usage. No errors at all from the test Tomcat. Hm. Allistair. -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: 19 November 2004 14:19 To: Tomcat Users List Subject: RE: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins. Hi, The next step, then, is to run a stress test in your test environment. See if you get the same errors. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 8:45 AM To: Tomcat Users List Subject: RE: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins. Hi Yoav, Tomcat standalone no. IIS Tomcat SQL Server Content Management System However, we have the same setup on test and production servers and test does not exhibit this behaviour, perhaps due to load, or so on I expect. Cheers, Allistair -Original Message- From: Shapira, Yoav [mailto:[EMAIL PROTECTED] Sent: 19 November 2004 13:38 To: Tomcat Users List Subject: RE: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins. Hi, I think I already know the answer to this, but I'll ask anyways: does it happen with Tomcat standalone? My guess is no. Yoav Shapira http://www.yoavshapira.com -Original Message- From: Allistair Crossley [mailto:[EMAIL PROTECTED] Sent: Friday, November 19, 2004 6:32 AM To: [EMAIL PROTECTED] Subject: 5.5.4 SEVERE: Error unregistering mbean in stdout every 5-10 mins. Hi, Having run our web application on 5.5.4 for a couple of days, I have studied the stdout logs to find that we are getting severe errors relating to mbeans. Here are some time intervals: 10:43 11:10 11:14 11:24 This time pattern stays fairly consistent as above. Each time the errors occur, they appear as a set as follows below. Can I do anything to prevent this? Cheers, Allistair. SEVERE: Error unregistering mbean javax.management.RuntimeOperationsException: Object name cannot be null at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.isRegis tered(Defa ultM BeanServerInterceptor.java:545) at com.sun.jmx.mbeanserver.JmxMBeanServer.isRegistered(JmxMBeanS erver.java :619 ) at org.apache.commons.modeler.Registry.unregisterComponent(Regis try.java:6 42) at org.apache.jk.common.ChannelSocket.processConnection(ChannelS ocket.java :706 ) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run (ThreadPoo l.ja va:684) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.IllegalArgumentException: Object name cannot be null ... 7 more 19-Nov-2004 10:43:47 org.apache.commons.modeler.Registry unregisterComponent SEVERE: Error unregistering mbean javax.management.RuntimeOperationsException: Object name cannot be null at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.isRegis tered(Defa ultM BeanServerInterceptor.java:545) at com.sun.jmx.mbeanserver.JmxMBeanServer.isRegistered(JmxMBeanS erver.java :619 ) at org.apache.commons.modeler.Registry.unregisterComponent(Regis try.java:6 42) at org.apache.jk.common.ChannelSocket.processConnection(ChannelS ocket.java :706 ) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:866) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run (ThreadPoo l.ja va:684) at java.lang.Thread.run(Thread.java:595) Caused by: java.lang.IllegalArgumentException: Object name cannot be null ... 7 more 19-Nov-2004 10:45:53 org.apache.commons.modeler.Registry unregisterComponent SEVERE: Error unregistering mbean javax.management.RuntimeOperationsException: Object name cannot be null at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.isRegis tered(Defa ultM BeanServerInterceptor.java:545) at
Re: Problem with ssl
Carl Olivier [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Greetings. Where is this specified? In which element? The Connector (where all of the other SSL attributes are :). Thanks! Carl -Original Message- From: Bill Barker [mailto:[EMAIL PROTECTED] Sent: Saturday, November 20, 2004 4:42 AM To: [EMAIL PROTECTED] Subject: Re: Problem with ssl [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using ssl with tomcat 5.0.28 I use a keystore that contains several certificates How can I tell tomcat which one to use for SSL transaction ? Is there a parameter like alias ? The correct attribute is 'keyAlias' to specify which cert Tomcat should use. Valerie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Declarative security in context?
Simon Tardell [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Wendy Smoak wrote: From: Simon Tardell [EMAIL PROTECTED] I want to deploy multiple instances of the same webapp, with different authorization rules. However, declarative security is done in the web.xml of which there will only be one copy (referred by multiple contexts). I'm confused by why you say there's only one copy of web.xml. In addition to the global web.xml, I also have one for each context. Is there a reason why you can't do whatever you're trying to do in the web.xml that lives in .../webapps/yourContext/WEB-INF/ ? I was confused too. I was under (the wrong) impression that the war-files were not expanded. They are (but only if unpackWARs is true for the host) . So, assuming unpackWARs is true, after deploying, I can edit the web.xml. However this bothers me because of three reasons: 1/ It is not persistent. If I upgrade the web app, the old web.xml is replaced, along with the rest of the old version of the web app (correct?). This is a problem if we are talking security constraints. 2/ There is a time window during which a web app is open until I have edited the web.xml (assuming that the default of the web app is to have no constraints). 3/ In the scenario where more than one webapp make upp a website security constraints have to be specified in more than one place. It'd be handy to be able to specify at the host level that all URLs hierarchically under /foo/bar are protected this way and all under /baz some other way regardless of how many webapps that are mounted under each namespace. So, to rephrase my question, how would I go about specifying security constraints on the host level from the outside of any webapp? It is probably easier than I think. With TC 5.5, you can put them in $CATALINA_HOME/conf/host/web.xml.default. Simon Simon Tardell, [EMAIL PROTECTED], +46 70 3198319 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with ssl
[EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm using ssl with tomcat 5.0.28 I use a keystore that contains several certificates How can I tell tomcat which one to use for SSL transaction ? Is there a parameter like alias ? The correct attribute is 'keyAlias' to specify which cert Tomcat should use. Valerie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]