Re: Apache Tomcat mod_jk 1.2.5 WSC configuration for Tomcat 5
"Thorsten Westmeier" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > if I interpret the Version-Number correctly, then it is a follower of the > old JK Connector and not of the new JK2. > Yes. > Can I use my old uriworkermap.properties and workers.properties? > Yes. No changes have been made to the configuration code. > Which changes has to be made in the Tomcat 5 server.xml to use the new > Connector-Version 1.2.5? By default, Tomcat 5 is configured for JK2, or not? > No changes are required in server.xml for any Tomcat versions 3.3.x-5.0.x. Just like with Tomcat 4.1.x, the Tomcat 5 JK2 Connector is fully compatible with mod_jk (assuming that you are using channelSocket, since channelJNI and channelUnix require mod_jk2). > > Thanks for your help, > Thorsten > > > > At 12:52 11.10.2003 -0500, you wrote: > >The Tomcat team is pleased to announce the release of version 1.2.5 of the > >Apache > >Tomcat mod_jk web server connector. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat JDBCRealm And in the web.xml
"Caroline Jen" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Tim: > > Before I posted my questions regarding the > problem that I encountered, I have gone through > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Configuring%20a%20Realm > > As long as I have the JDBCRealm in > the server.xml, the Tomcat does not accept > specified in the application's > web.xml file. And the Tomcat cannot find my > application. > > Following your advice, I moved the Realm > declaration outside of the declaration into > the declaration, and my problem is solved. > > Nonetheles, you also said "refine the in > each context where it is needed." I really want the > JDBCRealm applies to my application only. My question > is how do I do it? > If what is below is accurate, then your is configured wrong. It needs to be: You should probably also leave e.g. the UserDatabaseRealm configured under the , so that other Contexts (i.e. admin & manager) have a Realm to use. By configuring your own Realm under your , it will override the one defined in the . > Currently, my JDBCRealm looks like: > > > > className="org.apache.catalina.realm.JDBCRealm" > debug="99" > driverName="com.mysql.jdbc.Driver" > connectionURL="jdbc:mysql://localhost:3306/artimus? >user=javauser&password=javadude" > userTable="members" userNameCol="user_name" > userCredCol="user_password" > userRoleTable="user_roles" roleNameCol="user_role"/> > > > . > > > > > --Caroline > > > My configuration in the $TOMCAT_HOME/conf/sever.xml is > shown below: > > > > > debug="99" > driverName="com.mysql.jdbc.Driver" > connectionURL="jdbc:mysql://localhost:3306/artimus > user=javauser&password=javadude" > userTable="members" userNameCol="user_name" > userCredCol="user_password" > userRoleTable="user_roles" roleNameCol="user_role"/> > > > > > > --- Tim Funk <[EMAIL PROTECTED]> wrote: > > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/realm-howto.html#Configuring%20a%20Realm > > > > -Tim > > > > Caroline Jen wrote: > > > Tim: > > > > > > Would you explain "refine the in each > > > context where it is needed"? > > > > > > -Caroline > > > --- Tim Funk <[EMAIL PROTECTED]> wrote: > > > > > >>Move the Realm declaration outside of the > > > > >>declaration into the > > >> declaration. Or refine the in each > > >>context where it is needed. > > >> > > >>-Tim > > >> > > >>Caroline Jen wrote: > > >> > > >>>My applications behave wierd after I configured > > >> > > >>the > > >> > > >>>JDBCRealm. After experimenting in many different > > >>>ways, I found that as long as I have the > > JDBCRealm > > >> > > >>in > > >> > > >>>the server.xml, the Tomcat does not accept > > >>> specified in the > > >> > > >>application's > > >> > > >>>web.xml file. Please help me. > > >>> > > >>>My configuration in the > > >> > > >>$TOMCAT_HOME/conf/sever.xml is > > >> > > >>>shown below: > > >>> > > >>> > > >>> > > >>> > > >>> > >> > > >>className="org.apache.catalina.realm.JDBCRealm" > > >> > > >>>debug="99" > > >>> driverName="com.mysql.jdbc.Driver" > > >>> > > >> > > >>connectionURL="jdbc:mysql://localhost:3306/artimus > > > > >> > > >>> user=javauser&password=javadude" > > >>> userTable="members" userNameCol="user_name" > > >>> userCredCol="user_password" > > >>> userRoleTable="user_roles" > > >> > > >>roleNameCol="user_role"/> > > >> > > >>> > > >>> > > >>> > > >>> > > > > > > > > > - > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > __ > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search > http://shopping.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [HELP!] Which key alias names to use for SSL?
"Sonny Sukumar" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > >From: "Bill Barker" <[EMAIL PROTECTED]> > > > > > > > --I reconfigured the SSL port from 8443 to 443 on our server (as well as > >the > > > redirect port), and all of a sudden I can connect using SSL. I don't > > > understand why 8443 didn't work. Any ideas?? > > > > > > >There is a well-know bug in MSIE related to security-constraints, but that > >doesn't seem to apply here. > > Hmm, what's that bug? I'd like to know because I next plan to implement > some s to prevent insecure access to certain pages and > sets of pages. > If you are running SSL on a non-standard port (e.g. 8443), and the user attempts to access a page (via http) which is protected with both an auth-constraint and a transport-guarantee, MSIE will fumble around and end up issuing a request for 'http://host:8443/myapp/login.jsp' (which of course will fail). It doesn't happen if you are using the standard SSL port (i.e. 443), or with Tomcat 5. > _ > Frustrated with dial-up? Get high-speed for as low as $29.95/month > (depending on the local service providers in your area). > https://broadband.msn.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[OT] Re: Question about the Petstore's SignOnFilter class
It is also off-topic, since Petstore is maintained by Sun, not Jakarta. "Steve Raeburn" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > IMHO sign in and sign on are equivalent. To register is, well, register :-) > > The only suggestion I would make is that you use Sign in/Sign out or Sign > on/Sign off consistently. > > Steve > > > -Original Message- > > From: Julien Martin [mailto:[EMAIL PROTECTED] > > Sent: October 11, 2003 6:17 AM > > To: Tomcat Users List > > Subject: Question about the Petstore's SignOnFilter class > > > > > > Hello Ralph, > > I am not a native english speaker either. I thought that "to sign > > on" meant > > to register and "to sign in" meant to authenticate oneself. Can anyone > > help? > > Julien. > > > > - Original Message - > > From: "Ralph Einfeldt" <[EMAIL PROTECTED]> > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > > Sent: Saturday, October 11, 2003 2:37 PM > > Subject: RE: Question about the Petstore's SignOnFilter class > > > > > > What is the difference for you between singing in and on ? > > > > For me as non native english speaker SignIn and SignOn are equivalent. > > > > The opposite is SignOff. > > > > > -Original Message- > > > From: Julien Martin [mailto:[EMAIL PROTECTED] > > > Sent: Saturday, October 11, 2003 1:52 PM > > > To: Tomcat Users List > > > Subject: Question about the Petstore's SignOnFilter class > > > > > > I am going through the Petstore's SignOnFilter class and I am > > > wondering why it has been named SignOnFilter and not > > > Thanks in advance for your replies. > > > Julien. > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [HELP!] Which key alias names to use for SSL?
"Sonny Sukumar" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > 2nd Update: > > --I reconfigured the SSL port from 8443 to 443 on our server (as well as the > redirect port), and all of a sudden I can connect using SSL. I don't > understand why 8443 didn't work. Any ideas?? > There is a well-know bug in MSIE related to security-constraints, but that doesn't seem to apply here. > --Now when I request static HTML pages, I get a browser alert saying that > some of the info on the requested page is NOT encrypted, so it displays a > lock broken in half instead of the golden lock I so desire. :-( I can't > understand how a page would get partially encrypted--especially a static > HTML page. > This means that the page has links to pages with 'http://server/folder/file"; in it. It could be images or stylesheets or anything else that gets included. Usually the easiest is to change all of your resource references to be relative (so the browser requests them with the same protocol as the main page). If you are including images from third-party servers that don't support SSL (or even if they do :), you should consider re-negotiating your contract with them. > I'm not sure if it's relevant, but I use Cocoon for the backend (2.1.2) in > conjunction with Tomcat (4.1.27) on Linux (RedHat 7.3). > > Sonny > > >From: "Sonny Sukumar" <[EMAIL PROTECTED]> > > > > > >Update: I did a "keytool -list" with the "-rfc" options and discovered that > >all the certs *are* in fact there, but just that public/private key were > >bundled together under the same alias. The way it lists the certs by > >default is what confused me. > > > >HOWEVER, I uploaded the keystore to our server, set up server.xml, and > >restarted Tomcat, but every single secure connection I attempt just times > >out. I don't understand why this happens. > > > >Here's my server.xml SSL connector: > > > > > > > port="8443" minProcessors="5" maxProcessors="75" > > enableLookups="true" > > acceptCount="100" debug="0" scheme="https" secure="true" > > useURIValidationHack="false" disableUploadTimeout="true" > > compression="on"> > > >className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > > clientAuth="false" protocol="TLS" keystorePass="changeit" > > keystoreFile="conf/.keystore"/> > > > > > >Btw, does anybody know how to secure the server.xml file? It contains some > >clear text passwords, so this really concerns me! (Yes, I know "changeit" > >is the default password even without specifying it here). > > > >Also, I don't currently have any s set in my web.xml. > > > >Thanks for any insights! > > > >Sonny > > > >>From: "Sonny Sukumar" <[EMAIL PROTECTED]> > >>Reply-To: [EMAIL PROTECTED] > >>To: [EMAIL PROTECTED] > >>Subject: Re: [HELP!] Which key alias names to use for SSL? > >>Date: Sat, 11 Oct 2003 14:12:17 -0700 > >> > >> > >>Hi Adam, > >> > >>Your first step was: > >>># keytool -genkey -alias tomcat -keyalg RSA > >> > >>and your last step was: > >>># keytool -import trustcacerts -file public.crt -alias tomcat > >> > >>So you used the same alias ("tomcat") for both the private key and the > >>signed public key. This is what doesn't work for me, because when I > >>import the signed public key using the same ("tomcat") alias, my private > >>key gets overwritten. I've verified this using "keytool list -keystore > >>./.keystore" > >> > >>I also have the root cert from GeoTrust in there with alias "root". The > >>root cert is actually an Equifax cert valid from 1998 to 2018, but the > >>GeoTrust tech support rep told me to use that one. Could this be the > >>problem? > >> > >>Other ideas? > >> > >>Thanks, > >> > >>Sonny > >> > >>>From: Adam Hardy <[EMAIL PROTECTED]> > >> > >>>On 10/11/2003 09:08 PM Sonny Sukumar wrote: > > [I sent this once before, but got no response, and I'm not sure what to > do. Thanks in advance.] > > Hi guys, > > I'm trying to setup my Tomcat (4.1.27) server to work with SSL. I got a > CA-signed cert to go with my private key and CA root cert, but I'm > confused as to how to name the alias for the CA-signed-cert and my > private key. > > The Tomcat SSL How-To is confusing me, becuase it says to give the > "tomcat" alias to both the private key and the CA-signed key. I tried > it and it overwrote my private key (luckily I made a backup of my > keystore). > > I'm looking at this documentation: > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html > > It also doesn't seem possible to configure the alias names in > server.xml. So what alias names should I use? :-) > >> > >>_ > >>Instant message with integrated webcam using MSN Messenger 6.0. Try it now > >>FREE! http://msnmessenger-download.com > >> > >> > >>--
Re: mod_jk lbfactor strangeness
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > 1 Understood, it was just to get some ballpark indication > > 2 Surely then the new session would be balanced to the faster machine, > and I would see more activity on them. > > 3 That would explain everything :( > > Would a move to mod_jk2 be of any use, or should I get someone to put > their hand in their pocket and upgrade the other two boxes > Unless I've missed a crucial commit-message, mod_jk2 is just as broken using the 'pre-fork' MPM as mod_jk (and they should work similarly with the 'worker' MPM). The difference is that mod_jk2 already has a built-in way do communicate the information to all of the Apache children (via the shm scoreboard). At the moment, it just isn't using the scoreboard to do this. > Thanks for the reply. > > Lee > > On Fri, 10 Oct 2003, Ralph Einfeldt wrote: > > > > > 1. mod_jk doesn't balance the load on the base of > >packets. > > > > 2. mod_jk works with sticky sessions so only new sessions > >are balanced. I belief but am not shure that it's just > >round robin. > > > > 3. Bill Barker claims that the load balancing is broken > >as the instances of mod_jk don't know the load of each > >other. So mod_jk will balance to some extend but not as > >good as it could/should. > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > Sent: Friday, October 10, 2003 1:37 PM > > > To: [EMAIL PROTECTED] > > > Subject: mod_jk lbfactor strangeness > > > > > > I've an apache servers with 4 backend app servers and using mod_jk to > > > balance the load over them. > > > > > > Two of the machines are a fair bit quicker than the other > > > two, so I've adjusted the weighting with lbfactor > > > > > > app1 (slow) = lbfactor=100 > > > app2 (slow) = lbfactor=100 > > > app3 (fast) = lbfactor=150 > > > app4 (fast) = lbfactor=150 > > > > > > Yet what I see is that app2 and app3 get most of the load? > > > > > > I've checked this with snoop(tcpdump) and counted the packets to the > > > various app servers. And app2 and app3 defiantly seems to be getting > > > more work. I've checked my host file and workers.properties and all > > > seems right. > > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: redirect port 8080 to 443
It's in the FAQ: http://jakarta.apache.org/tomcat/faq/security.html#https "Twan Munster" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello, I'm using apache+mod_ssl+mod_jk to make a secure connection. But every time I call a page in cocoon it is called through port 8080. Is it possible to redirect a call to port 8080 to port 443? And not for the entire server, but only for a certain directory?How is this done? thnx Twan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ssl client authentication again
The Tomcat 5 docs have an example for this: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/ssl-howto.html Since it's just about setting up the KeyStore, this section applies to Tomcat 4 (or even Tomcat 3 :) as well. "Twan Munster" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello, I've worked around with using apache+mod_ssl, but i'm running in several problems now so please can somebody help me with the next problem: I've always used apache http server for client authenticatien with ssl. I've installed Tomcat now voor mij jsp's. But I'm not able to get the ssl client authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf. I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get "handshake error". Can somebody please tell me how to use keytool. I've got the following certificates: 1 server.crt = server certificate 2 ca.crt = chain certificate 3 ca-bundle.crt = lots of certificates for client authentication 4 server.key = i really don't know how to get this one in keytool Thnx Twan Munster - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 4 + ssl + client authentication
"Kenneth Westelinck" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi all, > > I've been searching the internet for 2 days now and still haven't found a > solution for my problem. I am trying to set up a Tomcat 4 server running in > HTTPS mode, contacted by a client written in Java. The client is using > HTTPClient from apache. I have done everything the document at > http://ws.apache.org/soap/docs/install/FAQ_Tomcat_SOAP_SSL.html describes. > If I disable client authentication in the tomcat config, the client is able > to comunicate with the server. If I enable the authentication the client > aborts with the following exception: > java.net.SocketException: Software caused connection abort: JVM_recv in > socket input stream read > at java.net.SocketInputStream.socketRead0(Native Method) > ... > > I enabled all possible debugging on the Tomcat server and this is part of > what I found in the console: > Thread-10, WRITE: SSL v3.1 Handshake, length = 625 > Thread-10, READ: SSL v3.1 Handshake, length = 141 > *** Certificate chain > *** > Thread-10, SEND SSL v3.1 ALERT: fatal, description = bad_certificate > Thread-10, WRITE: SSL v3.1 Alert, length = 2 > > The client's certificate cannot be bad. It was signed with the server's key > and it's in the server's keystore. > Client cert verification is done against the TrustStore, not the KeyStore. Tomcat 5 has some improvements for this. Tomcat 4 is still a bit limited. > I have no idea what is goin wrong. Can someone tell me how to make this > work? > Assuming that you don't want to just import the signing cert into cacerts (see the JSSE docs for how to do this), then you need to have something like: CATALINA_OPTS="-Djavax.net.ssl.trustStore=/path/to/my/truststore -Djavax.net .ssl.trustStorePassword=myTrustStorePassword" At the moment, your TrustStore file has to be in the same format as your KeyStore file (a nasty limitation that I haven't gotten around to fixing :). > MTIA > > regards, > > Kenneth > > _ > Op zoek naar makkelijk recept? http://www.msn.be/culinair - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CLIENT-CERT and custom username?
"Bud P. Bruegger" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > hello everyone, > > looked for this all over but couldn't find an answer... > > So I would like to ask a question about the auth-method CLIENT-CERT. It > seems that the username resulting from an authentication is the CN > component of the subject's DN (as it appears in the client > certificate). Is there any way to using a custom function that returns a > username based on the DN? Or is it possible to use a custom function to > return a principal that is different from the username? > Not with Tomcat out-of-the box (but patches are always welcome :). You could do it with a custom Realm however. Just extend your favorite Tomcat Realm, and override the: Principal getPrincipal(String) method. The String argument is the DN from the user's cert. It can return any Principal that it wants. However, if it doesn't extend Tomcat's GenericPrincipal then you also need to override the 'hasRole' method. > many thanks for any help > > --bud - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with getContentLenght() of AccesLogInterceptor
"Ricard de la Vega" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, I have a problem with the format parameter of AccesLogInterceptor. I > need the response.getContentLenght in my Log. I have the param value to > "combined" such as Apache but, in the log I see a "?" or others characters > in the position of getContentLenght. > > My tomcat's version is 3.3.1 Final and my S.O is HP-UX 11i > > Can somebody help me? > It's a bug in 3.3.1, that is fixed in the CVS. It seems that the 3.3 nightly builds haven't been integrated into the new download site yet, so probably the easiest thing to do is to grab the AccessLogInterceptor.java file from the CVS and compile it into $TOMCAT_HOME/lib/container/classes/org/apache/tomcat/modules/loggers. > Thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie Question: Tomcat 3.2.3 + JDK1.3.1_09 + Win2K
"Graham Reeds" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > "Bill Barker" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > I haven't used 3.2.x in a very very long time. My first guess would be to > > check the batch files. From the error you are getting, it may just not be > > quoting the initial Java command. > > They are both in quotes - I forgot to mention that in my original post. > That's why it is suprising. One works with quotes (TOMCAT_HOME) and the > other doesn't (JAVA_HOME). > I just took a quick look in the CVS, and it looks like you are right. I don't know why the batch file doesn't run. You could try: set JAVA_HOME=c:\progra~1\jdk1.3.1_09 and see if it helps. > > Of course, it is useless to submit a bug-report, since the 3.2.x line is > no > > longer maintained. > > True. Just wondering if anyone else had encountered this. If one person > can honestly say 'I have had it working' then it comes down to me. However > I am in a limbo where I don't know if it is me or not. > > -- > > Graham Reeds, > [EMAIL PROTECTED] | http://omnieng.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Client authentication: what goes in tomcat-users.xml?
"Christopher Williams" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Following the advice from this link > http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html > > I tried to get SSL client authentication to work by setting the following > entry in tomcat-users.xml: > > > where x,y,z,etc. have real but unimportant values. Evidently Tomcat somehow > matches the distinguished name from my certificate against an entry in the > users file, presumably to establish the user's role. If it fails to make a > match, no authentication takes place which, I guess, is why I was able to > access protected pages but getUserPrincipal() was returning null. However, > when I start Tomcat I get the error: > GlobalResourcesLifecycleListener: Exception creating UserDatabase MBeans for > UserDatabase > javax.management.MalformedObjectNameException: ObjectName: Invalid > (key,value) pair -> username=CN=x > The correct value to use is the string-value of the Certificate Subject. However, only the MemoryRealm (of the standard Tomcat Realms) works with CLIENT-CERT authentication. So you have to disable the default DatasourceRealm and enable the MemoryRealm. You also have to (at least in 4.1.27 and lower) disable the Datasource under the GlobalResources. This is because it will attempt to write back the tomcat-users.xml file without escaping the attribute values (resulting in invalid XML). Then (after fixing the damage that Tomcat has already done to your file :), what you have should work. > So, what do I put in tomcat-users.xml to get client certificate > authentication to work? Do I have to escape the '=' signs in some way? > The main thing that you have to escape is quote ('\"') characters. For example, Verisign-issued certs typically have an entry like O="Verisign, Inc.". You need to render this as O="Verisign, Inc.". > TIA (as I really want to put this issue to bed), > > Chris Williams. > > P.S. If somebody tells me to "read the FAQ", please specify WHICH FAQ. I've > read hundreds over the past few days trying to get to the bottom of > CLIENT-CERT auth. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: I need help explaining why lock box doesn't show up - PLEASE
I'm going to assume that like any good webmaster these days, you have access to MSIE. Go to tools->Internet Options->Security->Custom Level. Under 'Miscellaneous' select the 'Disable' option for 'Display mixed content'. Click on enough Ok buttons to get to the main IE screen. Attempt to access your page. If it looks like sh*t, then the problem is that you are referencing images/stylesheets with the HTTP protocol from an HTTPS page. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Greetings, > I'm running Apache with mod SSL on a linux box. I'm also running Tomcat and > using the JkMount statements to send all of the jsp pages to Tomcat. The > clients that I set this up for are complaining that the little lock box in > the browser doesn't show up on the jsp pages - but isn't the connection > still secure b/c it's going through apache? > > > Thanks, > Bobbie > > Bobbie Atristain > Internet Systems Administrator > Media General, INC. > 804.649.6156 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Newbie Question: Tomcat 3.2.3 + JDK1.3.1_09 + Win2K
I haven't used 3.2.x in a very very long time. My first guess would be to check the batch files. From the error you are getting, it may just not be quoting the initial Java command. Of course, it is useless to submit a bug-report, since the 3.2.x line is no longer maintained. "Graham Reeds" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I finally got Tomcat working last night. Nothing odd in that, you'd think, > but the problems I have been having is quite frustrating. The reason was I > would get a 'Unable to find "Program "' message when trying to start the > Tomcat server. However, at various stages of installation things would > seemingly work fine. > > So I sat down with a clean system. I had removed all traces of JDK and > Tomcat (not that there was any) from my registry and installed them both to > their default locations, "C:\jakarta-tomcat-3.2.3" and > "C:\jdk1.3.1_09". I then Modified the scripts and stuff to point to these > locations (as mentioned in this tutorial: ) and it worked fine: I compiled a > couple of scripts and ran them. I then rebooted and tried again. Still > worked. > > Then I moved Tomcat to "C:\Program Files\Apache Group\jakarta-tomcat-3.2.3" > and modified the > scripts accordingly. That worked (I could view the sample pages and compile > my own), so I rebooted and tried again. That worked too. > > I then uninstalled the JDK, rebooted and installed the JDK to "C:\Program > Files\jdk1.3.1_09", modified the scripts and hey presto! It wouldn't work. > I double checked the scripts. I rebooted, and it still didn't work. > > Uninstalled and reinstalled JDK to root, changed the scripts and then it > worked. Conclusion: I think that Tomcat 3.2.3 has a flaw that can't work > with the JDK having spaces in its JAVA_HOME path, but it can have spaces in > the TOMCAT_HOME path. > > The reason I am not using a version higher than 3.2.3 is that I have seen > enough to know that the layout of the file system can change drastically > between versions in the same release and I'd rather work with an identical > system to my Service Provider. And the reason I want the JDK in Program > Files is that I like to have a clean PC with an elegant filing system. > Having something break that system is irritating. > > So my question is: Is it possible to run Tomcat 3.2.3 with the JDK > installed to some where other than Root which has spaces in the directory > path (i.e: 'Program Files') ? > > -- > > Graham Reeds, > [EMAIL PROTECTED] | http://omnieng.co.uk - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How To: JkSet, JkSet2 & JkUriSet
Doing the easy part only (mind you, I haven't tested this) JkSet server.root /usr/local/apache "Jack Lauman" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Are there ary docs for "JkSet, JkSet2 & JkUriSet"? > > Also is ther a way to override {$server.root} so the mod_jk2 can > find it's configuration file? I can't get the shm file to initialize > because it can't find it. > > After the shm file fails to initialize the log files indicate that > it found the config file in /etc/httpd/conf/workers2.properties > > Any help would be appreciated. > > Jack Lauman - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Client authentication woes
"Christopher Williams" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > My setup: > Windows XP Pro > JDK 1.4.1 > JWSDP 1.0 > > I'm hoping to get SSL client authentication working for web services. I set > up Tomcat for SSL ages ago and it works fine. However, I run into multiple > problems when I attempt to use SSL client authentication. > > I have enabled client authentication by changing the value of "clientAuth" > in server.xml to true. I removed all and > entries from my web.xml as they didn't appear to have any > effect (question: am I right to do so? I've done my research on the web and > there are no consistent instructions for what to do). > Tomcat currently has only very light support for this, but this is orthogonal to your current problem. > When I access https://localhost:8443/ in Internet Explorer, I get notified > that a private key is being used and the server home page displays fine. > However, when I first access the page, the following stack trace appears on > Tomcat's console: > > PoolTcpEndpoint: Handshake failed > javax.net.ssl.SSLHandshakeException: Remote host closed connection > during handshake > ... > Caused by: java.io.EOFException: SSL peer shut down incorrectly > at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) > ... 7 more > ThreadPool: Caught exception executing > [EMAIL PROTECTED], terminating thread > java.lang.NullPointerException > at > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:512) > ... > > Does anybody know what the problem is here? Tomcat obviously doesn't like your client-cert, or (more likely) you don't have any. By default, only Verisign & Thwate signed client certs are recoginized (at least with Sun's JVM). If this is your problem, then you need to set up a TrustStore (or import the signer into cacerts). Searching the archives for 'TrustStore' will give you an answer faster than waiting on me. > > The second thing is, I want to know who's accessing pages and web services. > That's the whole point of authentication, right? However, when SSL client > authentication is in force, the following calls all return null: > > request.getUserPrincipal() > request.getRemoteUser() > request.getAttribute("javax.servlet.request.X509Certificate") > request.getAttribute("org.apache.coyote.request.X509Certificate") > > This seems most bizarre. At some point these calls must return non-null > values as they are used in > org.apache.catalina.authenticator.SSLAuthenticator. Does anybody know > whether there are any server settings to make these calls return the correct > values? > > Ideally, I would like to have just one or two URL-patterns protected by SSL, > like you do with HTTP authentication rather than it being all or nothing. > Is this possible with Tomcat? > This is in the FAQ. > Kind regards, > > Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat 3.3, SSL and short handshake
"Yuriy Stul" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > I have Tomcat 3.3 with activated SSL. > > Everything works fine (HTTP, HTTPS). > > A problem is: when user connects with server via Microsoft Internet > Explorer then Tomcat throws exception (SSL socket, socket was closed) > but continues to work. > > I think I found problem - IE does two handshakes - usual (long and > full), then closes socket and does short handshake (it is normally > according to SSL protocol). > > In Tomcat 4.0.4 I didn't see this problem. > > My question is how to prevent output of this exception in Tomcat 3.3? > The best way is probably to use the CoyoteConnector2 from Tomcat 3.3.2-dev (aka nightly). This has the best SSL support in the Tomcat 3 line (it's basically the same as the Tomcat 4.1.x code). > Thanks in advance. > > = > Yuriy > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NullPointerException during HttpServletRequest.getSession
The short answer is that you can't do this. It's true that Tomcat 3.2.x allowed you to get away with nasty hacks like this, but in subsequent Tomcat versions the Request object is only valid for the lifetime of the request. "Dave Barkan" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > OK thanks for responding to my first question; I looked around, some > interesting discoveries within: > > On Tue, 30 Sep 2003, Shapira, Yoav wrote: > > > > Howdy, > > > > >The symptom is a NullPointerException when I call getSession() on an > > >HttpServletRequest object. The HttpServletRequest object had > > previously > > >been saved as an attribute of the Session that it contained. > > > > This seems prone to problems. How can storing the request itself as a > > session attribute be valid? A session by definition may have many > > requests in it -- so you override the value of the attribute when a new > > request comes in? > > This is true; although everything had worked previously until we upgraded > to the new tomcat specifications. However the same behavior occurs when I > hacked by saving the HttpServletRequest in a global variable for later > use. Also, see below: > > > > > >I tried looking at the CoyoteRequestFacade code but the directory > > >containing it in the public download site was empty! That was the code > > >that threw the actual exception so I'm sure it could give some insight. > > > > It's here: > > http://cvs.apache.org/viewcvs/jakarta-tomcat-connectors/coyote/src/java/ > > org/apache/coyote/tomcat4/CoyoteRequestFacade.java?rev=1.3&content-type= > > text/vnd.viewcvs-markup > > > > However, it's been modified since the last release so the line number > > may not be accurate. Anyways, it's likely the request object itself had > > been nulled out, giving NPE in request.getSession(). > > > Yes I think so as well, that looks like the only thing that can throw the > NPE. I'm wondering where the nullification could have taken place, since > the CoyoteRequestFacade is still intact, I will look around. However, I > noticed this wile looking at the CoyoteRequestFacade code: > > CoyoteRequestFacade.java: > > public HttpSession getSession(boolean create) { > return request.getSession(create); > } > > CoyoteRequest.java: > /** > * Return the session associated with this Request, creating one > * if necessary and requested. > * > * @param create Create a new session if one does not exist > */ > public HttpSession getSession(boolean create) { > return null; > } > > This was in the cvs repository; if this is an accurate reflection of the > library I'm using then it seems I am always getting a null Session. > However I think the CoyoteRequest being null is actually throwing the > error, rather than the session, so either something is nullifying the > CoyoteRequest, or that cvs code is not the code I'm using, or both. > > Thanks for your help! > Dave Barkan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Request Handling Question
The Servlet spec (2.2-2.4) requires that each Request is handled by a single Thread. Especially with the Jk2-Coyote connector (that links Tomcat to Apache/IIS/SunOne), the thread may be re-used for requests from different clients. However, it will always serve one Request from start-to-finish before starting another one. At a guess (since I obviously can't see it :), I'd guess that your implementation is sub-optimal, but will work. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hello, > From not having too much experience programming threads I have run into a > design snag that I need some help with. Long story short, I need to be > absolutely sure that the tomcat servlet container handles each request in a > unique thread. So (for example) if there are 300 simultaneous connections > they are processed in 300 unique threads. > > The reason behind this desperation is because I have created a framework > that uses the threadlocal class to create a singleton like class for each > request that stores references to the request and response objects so all > classes during the request can access these objects without having to pass > parameters around from class to class. If for some reason 2 different > requests were handled in the same thread that could be a huge flaw in my > design. Thanks! > > > Duncan Krebs > Bank One > > > > > > > This transmission may contain information that is privileged, confidential and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk_ajp12_worker.lo: unknown file type
At a quick guess, you've got Sun's 'ld' ahead of the GNU 'ld' in your path. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi Folks, > > I have the following configuration: > Solaris 8 > Apache 2.0.45 > Tomcat 4.1.27 > Jakarta-tomcat-connectors-jk 1.2.4 > > I am following similar procedure as posted on www.johnturner.com/howto (minus the version differences). I am running into a problem as below. Please advise me what to do next. > > TIA, > Dan > > > #make > Making all in common > make[1]: Entering directory `/usr/local/src/jakarta-tomcat-connectors-jk-1.2.4-src/jk/native/common' > make[1]: Nothing to be done for `all'. > make[1]: Leaving directory `/usr/local/src/jakarta-tomcat-connectors-jk-1.2.4-src/jk/native/common' > Making all in apache-2.0 > make[1]: Entering directory `/usr/local/src/jakarta-tomcat-connectors-jk-1.2.4-src/jk/native/apache-2.0' > /bin/ksh /opt/apache/build/libtool --silent --mode=link /usr/local/bin/gcc -I/opt/apache/include -g -O2 -DUSE_APACHE_MD5 -I ../common -I /usr/j2se/include -I /usr/j2se/include/unix -DSOLARIS2=7 -D_POSIX_PTHREAD_SEMANTICS -D_REENTRANT -g -O2 -pthreads -g -O2 -g -O2 -pthreads -DSOLARIS2=7 -D_POSIX_PTHREAD_SEMAN TICS -D_REENTRANT -o mod_jk.la -module -rpath /opt/apache/modules -avoid-version mod_jk.lo ../common/jk_ajp12_worker.lo ../common/jk_connect.lo ../common/jk_msg_buff.lo ../common/jk_util.lo ../common/jk_ajp13.lo ../common/jk_pool.lo ../common/jk_worker.lo ../common/jk_ajp13_worker.lo ../common/jk_lb_worker.lo ../common/jk_sockbuf.lo ../common/jk_map.lo ../common/jk_uri_worker_map.lo ../common/jk_ajp14.lo ../common/jk_ajp14_worker.lo ../common/jk_md5.lo ../common/jk_ajp_common.lo ../common/jk_context.lo > ld: fatal: file ../common/jk_ajp12_worker.lo: unknown file type > ld: fatal: File processing errors. No output written to .libs/mod_jk.so > make[1]: *** [mod_jk.la] Error 1 > make[1]: Leaving directory `/usr/local/src/jakarta-tomcat-connectors-jk-1.2.4-src/jk/native/apache-2.0' > make: *** [all-recursive] Error 1 > > __ > McAfee VirusScan Online from the Netscape Network. > Comprehensive protection for your entire computer. Get your free trial today! > http://channels.netscape.com/ns/computing/mcafee/index.jsp?promo=393397 > > Get AOL Instant Messenger 5.1 free of charge. Download Now! > http://aim.aol.com/aimnew/Aim/register.adp?promo=380455 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Filter for Form Authentication Problem
"Joerg Heinicke" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Tim Funk wrote: > > You can't intercept j_security_check with a filter, it violates the spec. > > > > -Tim > > This is at least one answer to my thread started last week: > http://www.mail-archive.com/[EMAIL PROTECTED]/msg104931.html. > What are the consequences/possibilities to set the request character > encoding with servlet standard API mechanisms instead of using the > Tomcat proprietary solution of using a Valve? > This is a really interesting issue. I would hope that you would send a message to [EMAIL PROTECTED] to hopefully get the expert-team to clarify this before the 2.4 spec goes final. Because the Servlet-2.2 spec lacks the request.setCharacterEncoding method, Tomcat 3.3 jumps through a lot of hoops to try and guess the charset. These were dropped in Tomcat 4+, since the request.setCharacterEncoding method was supposed to solve all of these problems. As you have pointed out, it is not possible to use this in a Filter for the standard Form-auth config (for the simple reason that Auth is called before Filters). Therefore, the j_security_check target is flying blind wrt charset. > Joerg > > > Lawence wrote: > > > >> Dear All, > >> > >> I wrote a filter servlet that does some preprocessing. Basically it > >> intercepts the call of j_secuity_check. The problem is that most of > >> the time it was just bypassed. The only way to trigger it as I found > >> is to first fill the form and got authenticated, then go back and try > >> the authentication again. Anybody knows the solution? > >> Another question is how to sepcify the url pattern of > >> j_security_check. My login page is /secured/login.jsp, I think the > >> url should be /secured/j_security_check, am I right? > >> > >> Thanks in advance. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can't import apache ssl key to tomcat keystore
The Bicore utility has always worked for me. Getting on-topic, I'm assuming that since you have an Apache cert, that you have openssl installed. The alternative method is to use openssl to generate a pkcs12 file, and use that as your keystore. Something like: openssl pkcs12 -export -chain -inkey server.key -in server.crt -name tomcat \ -out server.p12 -cafile ca.crt -caname root Of course, if your server.crt is signed by Verisign (please, no flames :) or Thwate, then you can omit the '-cafile' and '-caname' arguments, since JSSE already knows about the signers. Then in the Factory element (for Tomcat 4, for Tomcat 5 it's the Connector element) set 'keystoreFile="/path/to/server.p12" keystoreType="pkcs12"'. "James Tolles" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks in advance, > > > > We are trying to import an existing apache ssl crt/key into a tomcat > keystore. > > > > First step was discover that the jdk1.4 / keytool does not support import a > private key into a keystore. (s this still true?) > > > > Next step was to get the "importKey.jar" tool from Biocore and try that. > > > > Two three ssl-keys have imported correctly. The third one however seems to > get broken. > > > > Would anyone know of a more direct way to get an existing "apache > compatible" ssl key into a tomcat keystore? > > > > Thanks for any help.. > > - James > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Migration from 4.1.x to Tomcat 5
"Marco Tedone" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, which are the key anspects I shall keep in mind when migrating from > Tomcat 4.1.xx to version 5, keeping in mind that I'm developing Struts > application? > > Which are the key technology anspects I shall review in my project > architecture, particularly related to: > > 1) Servlets/JSP Tomcat 5 is backwards compatible, but JSP-2.0 is so cool, that you should consider migrating your apps to it. > 2) Taglibs See answer to 1). > 3) Tomcat starting and stopping > 4) WAR deployment This has been improved in Tomcat 5, especially when using the Manager web-app. > 5) Security Tomcat 5 allows for a much more restrictive sandbox than Tomcat 4. > > At present I deploy a WAR under webapps with taglibs defined in the web.xml > file and make use of my personal security model (is there any reason Tomcat > 5 should make things easier?), I stop and start it as a service (still > available?). > > Will be JSTL and JSF natively implemented? Could I just drop my application > from Tomcat 4.1.xx to Tomcat 5 without problems? > > Thanks for any reply, > > Marco - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL: Hiding index.jsp
"Tim Funk" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Tomcat4 cannot do this by itself. With the help of apache and directory > indexing - this can be done with a little tweaking. > > Tomcat5 can hide the name of the welcome-file. > As can Tomcat 3.3.2-dev. > -Tim > > [EMAIL PROTECTED] wrote: > > > All, > > > > I am trying to develop a site and wish to hide the default page defined in the welcom-file-list in the xml from displaying in the address bar of the browser. > > > > For example: > > > > If I have a directory called test1 and have an index.jsp defined, I want the user to only see "/test1" in the address bar of the browser and not "/test1/index.jsp". > > > > Has anyone come accross this in the past? Can you provide me the details on how I can accomplish this? > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Pleas help (Custom Authenticator & Reaml Problem)
I agree with Tim that custom Authenticators can be 'icky'. Fortunately, in Tomcat 5 there is almost no need for one. However, in Tomcat 4, there is still a valid use case for them. You can avoid messing with Authenticators.properties by explicitly configuring your Authenticator like: To check that your Authenticator has been called, the easiest is to simply add some debugging logging statements. It probably is being called from your description. Of course, these are all generic comments, since you haven't provided enough info to attempt to guess what is wrong (other than the Authenticator isn't setting the Principal :). "Lawence" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Dear all, > > I wrote my own authenticator (extends FormAuthenticator) & realm (extends JDBCRealm). What I need is to check one more field in the database besides password for authentication. Only minor modifications are made on the original codes so I think it should be fine. What I also did include changing the org/apache/catalina/startup/Authenticators.properties > file to add the new authenticator; modifying the server.xml and web.xml accordingly. Furthermore, I added the entries for my authenticator and realm in the mbeans-descriptor.xml file. > > I expected everything to work perfectly but when I tried to access the secured area, I got the following error: > HTTP Status 500 - Configuration error: Cannot perform access control without an authenticated principal > - > > type Status report > > message Configuration error: Cannot perform access control without an authenticated principal > > description The server encountered an internal error (Configuration error: Cannot perform access control without an authenticated principal) that prevented it from fulfilling this request. > > This error was triggered instantly. I mean I even did not have a chance to see the login webpage. Now I have several questions: > > What is the flow of the authentication? Was my authenticator got executed at all? > > Any suggestions would be greatly appreciated. > > > > - > Do you Yahoo!? > The New Yahoo! Shopping - with improved product search - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Question Regarding AJP Connectors
"Rhugga" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > If I am only using Tomcat as a JSP/Servlet engine using mod_jk2, and I > am using a Unix socket for communication, I do not need these connectors > correct? > > > You need this one, but you can omit the port attribute. > > > I am running apache 2 and only use tomcat for JSP and servlets. > > Thx, > Chuck - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Choosing an appropriate JK2 Handler
JNI is reported to be very good (I haven't tried it myself). However, I'd avoid it if you are using the pre-fork MPM (which includes all Apache 1.3.x versions on *nix system). If you are using a *nix box, then the unix-socket may help a bit, but I'd guess that the improvement over the plain-vanilla socket is probably pretty small in most usage cases. "Jeremy Nix" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I'm running a configuration with Apache and Tomcat on the same machine. Which handler(s) would I see the biggest performance improvement by using them? I figured it would be the JNI option, but I wanted to get some input. _ Jeremy Nix Senior Application Developer Southwest Financial Ltd. [EMAIL PROTECTED] (513) 621-6699 ext 1158 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: curiosity kills tomcat
Actually, there is no need to contact the expert-group, since the order doesn't matter in Servlet-2.4: The sub elements under web-app can be in an arbitrary order in this version of the specification. "Shapira, Yoav" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Howdy, >yes, I've always considered that a bug, but guess what, it's a dtd ! > >so .. that 'bug' won't dissapear in the future ? >( why on earth would anyone want it like that ? :-) You don't like it, contact the Expert Group / JSR for the Servlet Specification and ask them to relax the DTD. Good luck ;) Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat5, SSL, IBM JDK 1.4 and Linux
It seems that IBM's JSSE implementation has some limitations using the TLS protocol. However, Tomcat seems to work fine if you change the sslProtocol="SSL". "Halstead, Chris" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] OK, I'm tearing my hair out here ;-) What's the secret to making SSL work in Tomcat 5.0.12 when running on Linux with IBM JDK 1.4? I have followed the steps to the letter (thrice) and have nothing to show for it yet. I found that you need to set algorithm to "IbmX509" in the connector def, which stopped me from getting IOExceptions in JSSE14SocketFactory.init(). After doing that, the connector initializes and binds to the port, but attempts to connect with a browser immediately fail. Netscape is nice enough to let me know that it could find no ciphers in common with the server, whereas IE just fails. Non-secure works great. I followed the exact same steps on a Sun box running Sun's 1.4 JDK (with the exact same install set, tarred and moved), and all works just fine. This happens identically on an i386 machine as well as on an s/390 Linux partition. I even tried plopping the JSSE stuff in JAVA_HOME/jre/lib/ext, but no joy. I have tried using a self-signed cert as well as a demo cert from Verisign. What on earth am I missing? -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mapping a servlet to multiple urls
There was a bug in the Mapper in early versions of Tomcat 5.x. Try upgrading to 5.0.12 and see if the bug goes away. "Marion McKelvie" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I think I may be misunderstanding how to map multiple urls to a servlet. I > have a very simple servlet which when I use the following mapping (for > context prj) > > > myServlet > /servlet/fred > > > everything works fine and I can see my servlet output at /prj/servlet/fred. > > If I try > > > myServlet > /servlet/* > > > I can only see my servlet output at a url of /prj/servlet/* ie with an > actual asterisk in the url. I thought the * acts as a wildcard and I was > hoping to see my servlet output at urls such as /prj/servlet/fred and > /prj/servlet/freddy > > I am using Tomcat 5 (standalone, not with httpd) as downloaded with Sun's > web services development kit. > > Is it correct to expect that mapping to map the servlet to /prj/servlet/fred > and /prj/servlet/freddy? If so, what am I missing or doing wrong? > > Many thanks, > > Marion - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Connector attributes
That's largely because they depend on your JSSE provider. I believe that most providers will also support 'SSL3' and 'SSL2' as protocol attributes (but I don't recommend either of them, so I won't actually try it :). I know that if you are using IBM's 1.4.x JVM, that you need to set the protocol to 'IbmX509'. If you are using another vendor besides Sun or IBM, consult their documentation for the correct value to use. "Ian Elverson" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I am trying to find out what all of the possible values are for the > 'algorithm' and 'protocol' attributes of the Factory element in the HTTPS > connector. I have looked all over the web and have only found a reference > to the existence of the 'algorithm' attribute, but no usage examples. Also, > the only example for the 'protocol' attribute I can find is the one included > in the configuration file, protocol="TLS". > > Does anyone know what the possible values are? > > Ian - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat + Apache + SSL
Where is Tim when you need him ;-). http://jakarta.apache.org/tomcat/faq/security.html#https "Robert D. Abernethy IV" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have apache set up to redirect requests for a specific context to > Tomcat. I am curious if there is a way to force all requests to that > context to be redirected through SSL. > > http://servername/securecontext --> https://servername/sercurecontext > http://servername/everythingelse --> http://servername/everythingelse > > Is this something I set up in workers2.properties or httpd.conf? Can > anyone point me at a decent tutorial? Thanks. > > Rob Abernethy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat - thread per connection model
"Rau NF" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi - Not sure about one thing - what if someone opens > up a 100 odd connections and sends data over the pipe > slowly ? This will definitely keep that particular > server (Tomcat 4.1.24) busy for a long time and no new > user can get in. In this case, the throttling logic in > tomcat will probably do nothing. Am I mistaken ? If they send too slowly, the request will timeout (resulting in a fail to the client). However, Tomcat will stay active. > > Also, what is disableUploadTimeout ? I didn't find any > doc. about this. If it is set to false, how can I > configure a longer timeout for reading requests ? I'm really bad at writing docs ;-). If the 'disableUploadTimeout' attribute is set to 'false', then the Socket.setSoTimeout uses the value of the 'connectionUploadTimeout' attribute (which defaults to 5min, like Apache/httpd) to control the timeout after the initial request line has been read. > > Thanks in advance > > > "Rau NF" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Hi - Since tomcat implements a thread per connection > > model (as per the spec), would it be open to a DoS > > attack if it does not have an Apache server in front > > of it ? ie keep all threads busy servicing slow > > requests and valid users can't get in. > > On my tests, Tomcat stands up pretty well to a DoS > attack. It will become > slow if I have one machine saturate it with requests, > but they all > eventually get served. Tomcat 5 has additional logic > to throttle > connections if the load becomes high, so I'd guess > that a DoS attack against > it (with the default settings) is almost impossible > (you would need a DDoS > attack, since one machine couldn't maintain the > concurrency necessary to > shut Tomcat down). > > > > > Assuming there is no apache server in front of > tomcat > > and tomcat is serving everything, what's a > reasonable > > connection timeout value? I know this is application > > specific but it would be interesting to hear about > > this. The goal obviously is to serve as many users > as > > possible without having to create too many threads. > > I tend to use 5sec (which is 5000 in server.xml), > since most of my apps > write back very quickly. Some people prefer 15sec; > The current default for > Tomcat 4 is 1min. Like anything else, it depends on > your app. If you > typically start sending back data that includes links > to images/style-sheets > very quickly, then you want a low number. Even if > not, I prefer to set > disableUploadTimeout="false" to use the longer time to > read the request > body. > > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL client authentication
Personally, I think that the easiest way to move an Apache cert to a Tomcat cert is to export it to a pkcs12 file and use that as the keystore (of course, setting keystoreType="pkcs12" on the Factory element). Using OpenSSL, something like: $ openssl pkcs12 -export -chain -inkey server.key -in server.crt -CAfile ca.crt \ -name tomcat -caname root -out server.p12 "Twan Munster" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello, I've always used apache http server for client authenticatien with ssl. I've installed Tomcat now voor mij jsp's. But I'm not able to get the ssl client authentication working. The problem is getting my existing certificates working in tomcat. Is apache http server it was very easy. I configured all the stuff in my httpd.conf. I also tried to get tomcat working with keytool. But ther's something I do wrong. I alwas get "handshake error". Can somebody please tell me how to use keytool. I've got the following certificates: 1 server.crt = server certificate 2 ca.crt = chain certificate 3 ca-bundle.crt = lots of certificates for client authentication 4 server.key = i really don't know how to get this one in keytool Thnx Twan Munster - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Permission denied to webapps folder
On *nix systems, you need to have 'r-x' permission to cd to a directory. "Denise Mangano" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] This is probably something simple, but I can't seem to understand this. As suggested by a Tomcat book that I have, I gave the webapps folder rwx to the owner, and r access to everyone else. However, when I try to change to the webapps directory as any user other than the owner I get a permission denied. Shouldn't I be able to at least view whats in this directory? Thanks. Denise - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: peer not authenticated
a) Grab the JSSESupport.java file from the CVS (using the coyote_10 branch), and compile it into server/classes. b) wait for the 4.1.28 release. "Kleber" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > Thanks again for your attention, and help... > > I'm with a doubt. You said that there was nothing wrong, however the warning > message always appears. Won't this leave the webpage slower with lots of > person accessing it? > Is there any way to avoid this message appearing? > I can´t leave this messages appears. > > []'s > Kleber > > > - Original Message - > From: "Bill Barker" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, September 19, 2003 1:25 AM > Subject: Re: peer not authenticated > > > > It looks like I fixed it after 4.1.27. The message you are seeing is > simply > > a debugging message that got left in the code. It doesn't mean that there > > is anything wrong with your keystore, or even that anything unusual is > > happening. All that it is saying is the the browser didn't send a > > certificate (which is normal when you have clientAuth="false"). > > > > "Kleber" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > Hi Bill, > > > > > > For a test, I created a new keystore file that use the keytool from > java: > > > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA > > > the password is: "kleber" > > > > > > My server.xml file is like this: > > > > > redirectPort="443" bufferSize="2048" > > > serverSocketTimeout="0" connectionUploadTimeout="30" > > port="443" > > > connectionTimeout="6" > > > scheme="https" enableLookups="true" secure="true" > > > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol" > > > debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true" > > > proxyPort="0" > > > maxProcessors="75" minProcessors="5" tcpNoDelay="true" > > > acceptCount="100" > > > useURIValidationHack="false" compression="off" > > > connectionLinger="-1"> > > > > > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > > > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS" > > > keystorePass="kleber" clientAuth="false" > > > randomFile="C:\WINDOWS\random.pem" > > > keystoreFile="c:\Tomcat\keystore\.keystore" > > protocol="TLS"/> > > > > > > > > > As I ever had said, the page with https:// load normally at the browser, > > > however at DOS windows appears this error: > > > > > > [WARN] Http11Processor - -Exception getting SSL attributes > > > > > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not > > > authenticated > > > at > > > > > > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62 > > > 75) > > > at > > > > > > org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport. > > > java:113) > > > at > > > > > > org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp > > > ort.java:161) > > > at > > > > org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748) > > > at org.apache.coyote.Response.action(Response.java:222) > > > at > > > > > > org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java: > > > 321) > > > at > > > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) > > > at > > > > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) > > > at > > > > > > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne > > > ction(Http11Protocol.java:392) > > > at > > > > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) > > > at > > > > > > org.apache.tomcat.util.threads.
Re: Please help - Unable to create mod_jk.so connector4.1.27 , Apache 2.0.47
There is an extra ';' on one line, that some compilers don't like. It's at or near the line number given, so just edit the file and delete it. "Satya Narayan Dash" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi All, > > I am unable to create mod_jk.so with > jakarta-tomcat-connectors-4.1.27 and Apache 2.0.47. > > In the last few lines it is throwing some errors. But I do not > what I missed. > > My Environment: > --- > Red Hat Linux 7.2; JDK - 1.4.0 > > What I did: > -- > > 1. Installed Apache 2.0.47 and it runs fine. > > 2. Took the src of jakarta-tomcat-connectors-4.1.27 and followed > the following steps. > > i) $ ./buildconf.sh > > > libtoolize --force --automake --copy > aclocal > automake -a --foreign -i --copy > automake: configure.in: installing > `scripts/build/unix/install-sh' > automake: configure.in: installing > `scripts/build/unix/mkinstalldirs' > automake: configure.in: installing `scripts/build/unix/missing' > autoconf > configure.in:24: AC_PROG_CPP was called before AC_PROG_CC > > --- > > > ii) $ ./configure --with-apxs=/home/kernel/satya/instal > led_apache/bin/apxs > > creating cache ./config.cache > checking for a BSD compatible install... /usr/bin/install -c > checking whether build environment is sane... yes > checking whether make sets ${MAKE}... yes > checking for working aclocal... found > checking for working autoconf... found > checking for working automake... found > checking for working autoheader... found > checking for working makeinfo... found > checking for Cygwin environment... no > checking for mingw32 environment... no > checking how to run the C preprocessor... cc -E > checking host system type... i686-pc-linux-gnu > checking build system type... i686-pc-linux-gnu > checking for gcc... gcc > checking whether the C compiler (gcc ) works... yes > checking whether the C compiler (gcc ) is a cross-compiler... > no > checking whether we are using GNU C... yes > checking whether gcc accepts -g... yes > checking for ld used by GCC... /usr/bin/ld > checking if the linker (/usr/bin/ld) is GNU ld... yes > checking for /usr/bin/ld option to reload object files... -r > checking for BSD-compatible nm... /usr/bin/nm -B > checking whether ln -s works... yes > checking how to recognise dependant libraries... pass_all > checking for object suffix... o > checking for executable suffix... no > checking command to parse /usr/bin/nm -B output... ok > checking for dlfcn.h... yes > checking for ranlib... ranlib > checking for strip... strip > checking for objdir... .libs > checking for gcc option to produce PIC... -fPIC > checking if gcc PIC flag -fPIC works... yes > checking if gcc static flag -static works... yes > checking if gcc supports -c -o file.o... yes > checking if gcc supports -c -o file.lo... yes > checking if gcc supports -fno-rtti -fno-exceptions... yes > checking whether the linker (/usr/bin/ld) supports shared > libraries... yes > checking how to hardcode library paths into programs... > immediate > checking whether stripping libraries is possible... yes > checking dynamic linker characteristics... GNU/Linux ld.so > checking if libtool supports shared libraries... yes > checking for dlopen in -ldl... yes > checking whether a program can dlopen itself... yes > checking whether a statically linked program can dlopen itself... > no > checking whether -lc should be explicitly linked in... no > creating libtool > checking for gcc... (cached) gcc > checking whether the C compiler (gcc -g -O2 ) works... yes > checking whether the C compiler (gcc -g -O2 ) is a > cross-compiler... no > checking whether we are using GNU C... (cached) yes > checking whether gcc accepts -g... (cached) yes > checking for ld used by GCC... (cached) /usr/bin/ld > checking if the linker (/usr/bin/ld) is GNU ld... (cached) yes > checking for test... /usr/bin/test > checking for rm... /bin//rm > checking for grep... /bin//grep > checking for echo... /bin//echo > checking for sed... /bin//sed > checking for cp... /bin//cp > checking for mkdir... /bin//mkdir > checking for libtool... /usr/bin/libtool > need to check for Perl first, apxs depends on it... > checking for perl... /usr/bin/perl > building connector for "apache-2.0" > checking for target platform... unix > no apache given > updating cache ./config.cache > creating ./config.status > creating Makefile > creating apache-1.3/Makefile > creating apache-1.3/Makefile.apxs > creating apache-2.0/Makefile > creating apache-2.0/Makefile.apxs > creating common/Makefile > creating common/list.mk > creating jni/Makefile > > --- > > iii)$ make > > Making all in common > make[1]: Entering directory > > `/home/kernel/satya/connector/jakarta-tomcat-connectors-4.1.27-src/jk/native /common' > /usr/bin/libtool --mode=compile gcc > -I/home/kernel/satya/installed_apache//include -g -O2 > > -g -O2 -pt
Re: tomcat - thread per connection model
"Rau NF" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi - Since tomcat implements a thread per connection > model (as per the spec), would it be open to a DoS > attack if it does not have an Apache server in front > of it ? ie keep all threads busy servicing slow > requests and valid users can't get in. On my tests, Tomcat stands up pretty well to a DoS attack. It will become slow if I have one machine saturate it with requests, but they all eventually get served. Tomcat 5 has additional logic to throttle connections if the load becomes high, so I'd guess that a DoS attack against it (with the default settings) is almost impossible (you would need a DDoS attack, since one machine couldn't maintain the concurrency necessary to shut Tomcat down). > > Assuming there is no apache server in front of tomcat > and tomcat is serving everything, what's a reasonable > connection timeout value? I know this is application > specific but it would be interesting to hear about > this. The goal obviously is to serve as many users as > possible without having to create too many threads. I tend to use 5sec (which is 5000 in server.xml), since most of my apps write back very quickly. Some people prefer 15sec; The current default for Tomcat 4 is 1min. Like anything else, it depends on your app. If you typically start sending back data that includes links to images/style-sheets very quickly, then you want a low number. Even if not, I prefer to set disableUploadTimeout="false" to use the longer time to read the request body. > > Thanks in advance > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat & version 3 certificates?
Sorry about the last post, hit the wrong key. I've never had problems using V3 certs with Tomcat (at least using a 1.4 JVM). (Ok, I'm lying: there was a bug using PureTLS with certain V3 certs at one point). In any case, Tomcat delegates cert handling to JSSE, so any problems would be with all Java programs. "Adrian Beech" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > G'day all, > > Earlier today we were advised by a bod from another section in our > organisation that there is a known compatibility issue with Tomcat and > version 3 certificates. Apparently he had been advised of this from > someone at Verisign. > > Does such an issue really exist and if so is it solely a Tomcat issue or > is it a result of something not quite working correctly in a particular > JDK version? > > I find it a bit hard to believe that this claim is true. However as I'm > no expert in the area I thought I'd pose the question before dismissing > it out of hand. If such issues do exist I'd like to know where to find > further information relating to the situation, scenario and/or > workarounds. > > Thanks if you can shed some light on this one! > > AB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat & version 3 certificates?
I've never "Adrian Beech" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > G'day all, > > Earlier today we were advised by a bod from another section in our > organisation that there is a known compatibility issue with Tomcat and > version 3 certificates. Apparently he had been advised of this from > someone at Verisign. > > Does such an issue really exist and if so is it solely a Tomcat issue or > is it a result of something not quite working correctly in a particular > JDK version? > > I find it a bit hard to believe that this claim is true. However as I'm > no expert in the area I thought I'd pose the question before dismissing > it out of hand. If such issues do exist I'd like to know where to find > further information relating to the situation, scenario and/or > workarounds. > > Thanks if you can shed some light on this one! > > AB - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Logging Error in org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler processConnection
See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=22701. It should be fixed in the CVS code now, but I haven't finished running tests to close the bug. "Martin Grüneberg" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hallo together, i have mystery errormessage. The scenario is: I develop a struts webapplication with eclipse 2.1.1 (WAST Tomcat plugin) struts uses common-logging and my backend programm uses log4j. When i start the application in eclipse with the WAST i can test my application. after a clicking a while and wait a short time (ca. 1 minute) i often get the following error message when clicking again on any link. 17.09.2003 12:30:43 org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler processConnection SCHWERWIEGEND: Error reading request, ignored org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.ja va:532) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.ja va:272) at org.apache.commons.logging.impl.LogFactoryImpl.getInstance(LogFactoryImpl.ja va:246) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:395) at org.apache.tomcat.util.net.jsse.JSSESupport.(JSSESupport.java:87) at org.apache.tomcat.util.net.jsse.JSSE14Support.(JSSE14Support.java:99) at org.apache.tomcat.util.net.jsse.JSSE14Factory.getSSLSupport(JSSE14Factory.ja va:84) at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLSupport(JSSEImpleme ntation.java:118) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne ction(Http11Protocol.java:385) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav a:619) at java.lang.Thread.run(Thread.java:534) Caused by: org.apache.commons.logging.LogConfigurationException: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFactoryI mpl.java:416) at org.apache.commons.logging.impl.LogFactoryImpl.newInstance(LogFactoryImpl.ja va:525) ... 11 more Caused by: org.apache.commons.logging.LogConfigurationException: Class org.apache.commons.logging.impl.Log4JCategoryLog does not implement Log at org.apache.commons.logging.impl.LogFactoryImpl.getLogConstructor(LogFactoryI mpl.java:412) ... 12 more I don't know how I can fix this. I already tried all different Logger configurations for the commons Logging in commons-logging.properties. I hope somebody knows the answer. Greetings, Martin Grüneberg - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Port 443 request not forwarded to Tomcat from Apache
The most common reason is that you have your JkMount statements nested in the VirtualHost for port 80. If so, then you need to copy them to the VirtualHost for port 443 as well. Of course, without knowing your configuration, all I can do is guess ;-). "Ramanan Ramadoss" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > I am trying to configure apache 2.0.46 to accept request on port 443 > and route it to tomcat 4.1.27 using mod_jk. I am not using ssl yet, but it > looks like calls are not forwarded to Tomcat from Apache. I am following > step 1 of the following URL. >http://raibledesigns.com/tomcat/ssl-howto.html > > http:localhost:443 works but http:localhost:443/application where the > application is served by Tomcat does not work. > Both of the above url work if I use port 80 instead of 443. > > Any help or pointers is greatly appreciated. > > Thanks > Ramanan Ramadoss - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Coyote Performance
I realize that this is the default, but you probably want to decrease the value of connectionTimeout (to somewhere between 5000 and 15000). As it is, Tomcat will spend a lot of time in Socket.read for the simple reason that it will wait for up to a minute to see if the client is going to send another request. "David Morris" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I hope this is a simple configuration issue. Here is my setup for the > Coyote and HTTP connectors: > > port="8080" > minProcessors="5" > maxProcessors="95" > enableLookups="true" > redirectPort="8443" > acceptCount="10" > debug"0" > connectionTimeout="6" > useURIValidationHack="false" /> > > -vs- > > className="org.apache.catalina.connector.http.HttpConnector" > port="8080" > minProcessors="5" > maxProcessors="95" > enableLookups="true" > redirectPort="8443" > acceptCount="10" > debug"0" > connectionTimeout="6" /> > > I profiled the an offending page interaction using a tool from IBM > called performance explorer. To analyze the results I used a tool from > IBM called Performance Trace Data Visualizer. Compared to other tools I > have used, it is more similar to JProbe than jProfiler in that it shows > hierarchical clock time. This tool also tracks processor usage, inline > time, locks, threads, object creation, garbage collection, etc. From > what I can see there are no locking issues and the read method of > java.net.SocketInputStream is taking the majority of the processing > time. > > When I saw that the Coyote Connector was invoking the > SocketInputStream.read(byte[],int,int) routine, I tried the old HTTP > connector without expecting any performance change. The > 8 X's > performance increase was totally unexpected and I am just trying to find > out how to do the right thing (use the coyote connector). In both cases > there are 17 calls to with one being a thread startup. Of the 16 calls, > the 15th is the one taking up the bulk of the time (6,437,348 NS vs. > 5,950 - 150 NS). > > Thanks, > > David Morris > > >>> [EMAIL PROTECTED] 9/18/2003 12:18:49 PM >>> > > I'm not totally clear on how you profiled the page. Did you use > OptimizeIt/JProbe, or simply added a start time at the beginning and at > the end. > > from first hand experience, I doubt the connector is the cause, but I > could be wrong. What in your struts page is causing it to take 35 > seconds? You might want to time the actual application process and see > how much time it takes. > > In theory and practice reading the input into buffers scales better. > What exactly does the page do with the input in the first place? > > peter > > > David Morris <[EMAIL PROTECTED]> wrote: > I did some profiling of a slow page (Struts based) on a site using the > Coyote connector. This site does not use Apache. It appeared that a > java.net.SocketInputStream.read being invoked from > org.apache.coyote.http11.InternalInputBuffer.parseRequestLine() was > causing a bottleneck. In this case average response over a 5 page > interaction with three being relatively simple and two being complex > averaged 35 seconds per response when repeated 20 times. > > I changed the site to use the old and deprecated http connector and > performance improved to 4 seconds per response. It appears that the > org.apache.catalina.connector.http.SocketInputStream was much faster. > Since Coyote is recommended, does anyone have any ideas on how I can > get > it to perform better? Over dozens of tests, it appears that large > pages > take a long time with the Coyote connector. > > Thanks, > > David Morris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: peer not authenticated
It looks like I fixed it after 4.1.27. The message you are seeing is simply a debugging message that got left in the code. It doesn't mean that there is anything wrong with your keystore, or even that anything unusual is happening. All that it is saying is the the browser didn't send a certificate (which is normal when you have clientAuth="false"). "Kleber" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi Bill, > > For a test, I created a new keystore file that use the keytool from java: > %JAVA_HOME%\bin\keytool -genkey -alias tomcat -keyalg RSA > the password is: "kleber" > > My server.xml file is like this: > redirectPort="443" bufferSize="2048" > serverSocketTimeout="0" connectionUploadTimeout="30" port="443" > connectionTimeout="6" > scheme="https" enableLookups="true" secure="true" > protocolHandlerClassName="org.apache.coyote.http11.Http11Protocol" > debug="0" maxKeepAliveRequests="100" disableUploadTimeout="true" > proxyPort="0" > maxProcessors="75" minProcessors="5" tcpNoDelay="true" > acceptCount="100" > useURIValidationHack="false" compression="off" > connectionLinger="-1"> > className="org.apache.coyote.tomcat4.CoyoteServerSocketFactory" > rootFile="C:\WINDOWS\root.pem" keystoreType="JKS" > keystorePass="kleber" clientAuth="false" > randomFile="C:\WINDOWS\random.pem" > keystoreFile="c:\Tomcat\keystore\.keystore" protocol="TLS"/> > > > As I ever had said, the page with https:// load normally at the browser, > however at DOS windows appears this error: > > [WARN] Http11Processor - -Exception getting SSL attributes > authenticated>javax.net.ssl.SSLPeerUnverifiedException: peer not > authenticated > at > com.sun.net.ssl.internal.ssl.SSLSessionImpl.getPeerCertificateChain(DashoA62 > 75) > at > org.apache.tomcat.util.net.jsse.JSSESupport.getX509Certificates(JSSESupport. > java:113) > at > org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupp > ort.java:161) > at > org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:748) > at org.apache.coyote.Response.action(Response.java:222) > at > org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java: > 321) > at > org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) > at > org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:601) > at > org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne > ction(Http11Protocol.java:392) > at > org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) > at > org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav > a:619) > at java.lang.Thread.run(Thread.java:484) > > I'm also attaching my keystore file > > I´m thankful for your attention... > Kleber > > - Original Message - > From: "Bill Barker" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Thursday, September 18, 2003 12:03 AM > Subject: Re: peer not authenticated > > > > That message is supposed to be only logged at 'debug' level. Could you > post > > more of the stack trace, so I can see how to plug this message under > normal > > use? > > > > The error itself is harmless (it's just telling you that the user didn't > > send a client cert, which is normal). > > > > "Kleber" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > Hi, > > > > My name is Kleber, I am brazilian and I have a problem with Tomcat > > certificates(if someone could help me, I would be grateful). > > I was trying to place Tomcat certificate 4.1.27, however I've just had a > > certificate, because nowadays I'm using Orion server. > > I have one file called keystore and another '.cer'. > > > > I had created a HTTP connection using port 443 and I have used the path > from > > the keystore file. Till this point, everything was working well, the > Tomcat > > was starting normally. When I open a website that use a 'secure > encryption', > > it is loaded normally, however, a error message apears on
Re: peer not authenticated
That message is supposed to be only logged at 'debug' level. Could you post more of the stack trace, so I can see how to plug this message under normal use? The error itself is harmless (it's just telling you that the user didn't send a client cert, which is normal). "Kleber" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, My name is Kleber, I am brazilian and I have a problem with Tomcat certificates(if someone could help me, I would be grateful). I was trying to place Tomcat certificate 4.1.27, however I've just had a certificate, because nowadays I'm using Orion server. I have one file called keystore and another '.cer'. I had created a HTTP connection using port 443 and I have used the path from the keystore file. Till this point, everything was working well, the Tomcat was starting normally. When I open a website that use a 'secure encryption', it is loaded normally, however, a error message apears on DOS: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated I had created an keystore file from the beginning, even so the same message error has apeared. I also have tried to import, without sucess, the content from my .cer file to an empty keystore file. Where was I messing up? Since now I´m thankful for your help and I´m waiting for an aswer. []´s Kleber - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URGENT!!!mod_jk2 and apache 1.3.27
Don't use it myself, but it is supposed to work fine. Of course, you probably don't want to enable the JNI Channel with this config. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi All > I would like to know if the mod_jk2 works for apache1.3.27 and tomcat > 4.1.27. I know it sure works for apache 2.x and tomcat4.1.27 and i have > configured it successfully for this combination. Please also let me know > if the same configuration for mod_jk2 works for apache 1.3.x as apache 2.x > if mod_jk2 works at all for apache 1.3. > > Thanks in Advance > > --Mohan - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache + Tomcat, a default servlet, and static content
If you have only a small number of static file types, then you could also do: default *.gif Another trick is to include in your servlet something like: ServletContext cntx = getServletContext(); URL resource = cntx.getResource(request.getPathInfo()); if(resource != null) { // physical file exists RequestDispatcher rd = cntx.getNamedDispatcher("default"); rd.forward(request, response); return; } "Tim Funk" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > That is because your have overridden the default servlet. It is now your > servlet's job to also serve static content. > > A simple workaround: Extend the DefaultServlet, then use super.doGet(), > super.doPost() ... when your servlet doesn't want the mapping. > > -Tim > > Mike Curwen wrote: > > > Apologies if this is a dupe. I just realized I sent the first one from > > an account that is not subscribed > > > > ****** > > > > Once more with feeling? > > > > Bill Barker, John Turner and others might recognize this question. Yes, > > it's me AGAIN. > > > > httpd.conf: > > > > > > ServerName foo.myfoo.com > > ServerAlias www.foo.myfoo.com > > DocumentRoot /home/webhome/myfoo > > #deny WEB-INF > > > > AllowOverride None > > deny from all > > > > JkMount /* tomcat1 > > ErrorLog /var/log/myfoo/error_log > > CustomLog /var/log/myfoo/access_log combined > > > > > > server.xml: > > > > > defaultSessionTimeout="60" /> > > > > web.xml in myfoo/WEB-INF: > > > > > > Translator > > / > > > > > > > > Result: > > > > http://foo.myfoo.com/hello/there > > > > 1. Apache passes everything to Tomcat > > 2. Tomcat can't recognize a mapped servlet, and uses the default > > 3. My Translator servlet will translate 'foo' from the subdomain and the > > /hello/there URI into a form like "/real_servlet?a=foo&b=hello&c=there", > > which is then redirected to. > > 4. Request for foo.myfoo.com/real_servlet?a=foo&b=hello&c=there > > 5. Apache passes everything to Tomcat > > 6. the real_servlet is a recognized mapping, and everything is > > wonderful. > > > > > > > > Except when it comes to the HTML. > > > > > > > > > > These requests are *also* being sent through my translator servlet, > > which of course, results in little red "X" images and no CSS. > > > > The solution I've come up with is to serve all images/css/etc from a > > completely separate virtual host. > > > > > > ServerName img.myfoo.com > > DocumentRoot /home/webhome/myfoo > > #deny WEB-INF > > > > AllowOverride None > > deny from all > > > > ErrorLog /var/log/myfoo/img_error_log > > CustomLog /var/log/myfoo/img_access_log combined > > > > > > Here, I forward nothing to Tomcat, and let apache serve whatever > > requests it gets. And of course, I'd construct my links in such a > > manner: > > > > http://img.myfoo.com/img/foo.gif"; /> > > http://img.myfoo.com/myfoo.css"; > > type="text/css"> > > > > > > Finally the question: > > Is there a way around having to use the separate virtual host to serve > > static content? > > > > > > --- > > Mike Curwen204-885-7733 > > Intermediate Programmer www.gb-im.com > > --- > > ___ __ __ > > / ___| | __ ) |_ _| | \/ | > > | | _ | _ \ _ | | | |\/| | > > | |_| | | |_) | |_| | | | | | | > > \| |/ |___| |_| |_| > > > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Cipher Suite Config in Tomcat JSSE
Tomcat 5 supports configuring the cipher suite (by specifying ciphers="" on the Connector). I don't believe that this has been ported to Tomcat 4. "McClure, Timothy J(IndSys, GE Interlogix)" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I am trying to configure Tomcat to only support cipher suite SSL_RSA_WITH_3DES_EDE_CBC_SHA as we have a requirement to only use Triple DES encryption. How does one do this? Tim McClure - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Status of SSL Bug 22701 Big problem
I believe that it is fixed in the CVS code, but I haven't had enough time to run enough test to actually close the bug. If you can build from CVS (for Tomcat 4.1.x, use the coyote_10 branch), and want to play tester, I'd be much obliged :-). "McClure, Timothy J(IndSys, GE Interlogix)" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I am querying the status of this bug as it is a significant issue for us. Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: multiple http10connector in server.xml - Side effects
"Anecss" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi there, > > In tomcat's (Using tomcat 3.3.1) server.xml, I added another module Http10Connector like this below > > secure="false" >maxThreads="100" >maxSpareThreads="50" >minSpareThreads="10" /> > secure="false" >maxThreads="100" >maxSpareThreads="50" >minSpareThreads="10" /> > > So that, my tomcat can receive requests on both port 80 & 8080. It is working for me. Can anyone tell, if there will be any side effects because of this change. > With your settings, a very slight increase in memory usage, but that's about it. However, the CoyoteConnector2 from 3.3.2-dev is much nicer than the Http10Connector for running standalone. > Thanks a lot in advance! > Anecss. > > > ___ > No banners. No pop-ups. No kidding. > Introducing My Way - http://www.myway.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: 4.1.27-hotfix-22096.tar.gz source code ?
The patch appears to be: http://cvs.apache.org/viewcvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/core/StandardContext.java.diff?r1=1.119&r2=1.120 "webmaster" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi all, > > Where can I find the source code for the 4.1.27-hotfix-22096.tar.gz ? It can be just the patch file either. > > Thanks ! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Obtaining client connection
It sounds like all you want is request.getRemoteAddr()/request.getRemoteHost(). These give you the IP/DNS-name of the client's box. All of this is taken from the Socket (since there really isn't any other way to get at it). If you need to get the IP on your machine that they connected to, then you can't. request.getServerName() reports what was sent in the Headers. "Peter Guyatt" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi There, > > I am not too sure if you are actually able to do this but I have a need to > get the IP address/hostname of the client that has accessed a page in our > web application. > > This is mainly for security/auditing purposes, however I really need to get > the client Socket connection and not the ip address given in the attributes > of the HTTP header. > > Is there any way of obtaining a handle on the client socket that has > connected to the server. > > Any help on this matter would be greatly appreciated. > > Currently we are using Tomcat version 4.1.18 > > Many Thanks > > Pete Guyatt - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: problem in session closing for explorer
My first guess is that you are using MSIE, and have enabled "Active Desktop". In this case, there is always a MSIE running, so MS (helpfully ;-) always preserves your cookies as long as you are logged on to your workstation. "Fabio Bazzani" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] After I authenticate I begin a session. Closing the browser my session does not go down. When I open a new browser my old session is still on. What to do to terminate my session when I close my browser? FB. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Simplified Install of Apache w/ Tomcat
"Nikolaos Giannopoulos" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > We have a product that utilizes servlets that we will be making available > for download. > > The problem is that we can't expect that our target customers will have > Apache + Tomcat or Tomcat (standalone) installed. > > What we want to do however is to provide a set of simplified (if possible > minimal) instructions for installing Apache + Tomcat (ideally we would want > to automate this through a script if possible). Is there a simplified > procedure for installing these two components - by simplified I mean that > building from source is probably not going to go over well with the Windows > oriented target customers unless we automate the process. > > Our target platforms are Windows NT/2000/XP, RedHat 6/7, and Solaris 7/8/9. > > Our (specific) product installation is quite trivial - we just want to make > sure that a burdensome installation of the web server / servlet engine > doesn't turn customers away before they even get to our product install. > > Any ideas? Suggestions? > > We would suggest a stand alone install of Tomcat 4.X except that (a) there > seems to be no way to have it run on port 80 as nobody (without front ending > Apache) and (b) our product tries to minimize the work done in servlets and > is designed to leverage the web server to serve the appropriate content > (whose URL it returns) - unless Tomcat 4.X becomes more solid as a stand > alone web server we have to offer this option. > > Will Tomcat 5.X will make these stand aline issues moot? Addressing this one only, since Filip & Colin have pretty much covered the rest (except for the fact that Tomcat & Apache both come with a GUI installer for Windows). Tomcat 5.x (at least at the moment) ships with the *source* to build a daemon to allow Tomcat to run as non-root on *nix systems. If it proves popular, then at some point in the future there may be binaries available as well (at least for popular platforms). > > Thanks, > > --Nikolaos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat classloader behaviour and Xerces
AFAIK, there shouldn't be a Xerces in common/lib. That having been said, Xerces is handled specially in Tomcat 4.x. If there is a copy in common/lib or shared/lib, then it will use that one in preference to WEB-INF/lib. Of course, it always checks the System ClassLoader first, so it will usually grab the one in common/endorsed. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, I'm trying to understand why regardless of whether or not a particular version of Xerces is present in a webapp's WEB-INF/lib, the version in Tomcat's common/lib is always picked up. With other simple classes sharing the same namespace that I have used to test this, the version in the webapp is correctly picked up. I suspect that this is something to do with the fact that Xerces usage internally by Tomcat which loads it in the parent classloader, but I would appreciate someone providing me with the full logical explanation. On a related note, if the behaviour is such that webapps are tied into the version of Xerces in common/endorsed, that's not such a problem because this location is configurable. However, other classes such as JDBC drivers are documented as being supposed to reside in common/lib, which would present a problem when having a standard build supporting many different applications with different dependencies. However, a solution to this seems to be to rely on the placing of such libraries in the endorsed directory, which can be configured. This appears to work, but I would just like to check whether there is anything wrong with this approach. If common/lib must be used, then that would effectively mean that applications team would have to create "fake" builds of Tomcat using symlinks so that they could place the versions of dependencies that they required in common/lib. All answers much appreciated. Thanks, Kosh Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat SSL issues and looking for an expert
Without more details, I'm guess the problem with the SSL standalone configuration is the same as http://nagoya.apache.org/bugzilla/show_bug.cgi?id=21763. Fronting Tomcat with Apache avoids the bug above, but as anyone who has been on this list at least a day knows, it comes with its own worm-can ;-). "Randy Carpenter" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > I have a customer who is running Tomcat 4.1.27. We have been having a > problem when using SSL (running the site on port 443). Periodically the > server will stop responding on 443, but not on port 80. Restarting the > Tomcat server is required to restore functionality. > > We are also looking at the possibility of using the standard Apache HTTP > server as a front-end, and using tomcat as a JSP backend server. > > I have been asked to try to find someone, "an expert at Tomcat," that > could help out my customer in planning their implementation, and possibly > figuring out the SSL hanging issue in the meantime. Is there anyone that > may be able to help? > > Specs: > > Tomcat 4.1.27, Sun JDK 1.4.2, Red Hat Linux 9 > > thanks, > Randy - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsp -> string ?
"Pike" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi > > > Can be done. This example should get you started. > > that is a really nice solution ! > one question > > >public class MyEmailResponse extends HttpServletResponseWrapper { > > Writer out; > >public MyEmailResponse(HttpServletResponse res) { > > super(res); > > out = new StringWriter(); > >} > >public Writer getWriter() { > > return out; > >} > >// You may need to override some other methods here > > }; > > do you have to override both getWriter() and getOutputStream(), and in > both, > check if the other hasn't been called ? how do you know which method > tomcat or jasper internally uses ? Without looking, I believe that Jasper only asks for Writer. Of course, the only way to know which method Tomcat and/or Jasper internally uses is to downlowd the source distro, and start poking around (of course, the downside of this is that you might end up being a Tomcat committer, and having to deal with questions like this ;-). > > > Then in your servlet: > > > > MyEmailResponse mer = new MyEmailResponse(response); > > RequestDispatcher rd = > > getServletContext().getRequestDispatcher("/myEmail.jsp"); > > rd.include(request, mer); > > mer.flushBuffer(); > > StringWriter sw = (StringWriter)mer.getWriter(); > > String emailMessage = sw.toString(); > > > thanks, > *pike > > > = 1/9671406556917033397649408 yottabyte > = 1/9444732965739290427392 zettabyte > = 1/9223372036854775808 exabyte > = 1/9007199254740992 petabyte > = 1/8796093022208 terabyte > = 1/8589934592 gigabyte > = 1/8388608 megabyte > = 1/1048576 Megabit > = 1/8192 kilobyte > = 1/1024 Kilobit > = 1/8 byte > = 1/4 nibble > bit = 1 bit - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: ClassPath with Tomcat 4.1
4.1.x uses the (deprecated) JavaService to install a Windows service. You can continue to use (the even more deprecated, but at least it works :) jk_nt_service from 3.x, or consider using the 5.x commons-daemon 'procrun' (my personal recommendation). "David LAFAY" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > Tomcat 3.x have a wrapper.properties file. > Where is it on tomcat 4.1.x release. > > I don't know how to configure classpath for my webApp > > Thanks, > > David > [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication in tomcat 4.1.27
Have you ever got a fun project for you ;-). The first thing you must do is to make certain that your Realm implements org.apache.catalina.Realm (when I did this, it was a big enough change that I put the 4.x classes in a new package so that I could still see the 3.x versions). Personally, I have a total phobia against depending on anything below o.a.c, but most people implement this by extending o.a.c.realm.RealmBase. At this point you have to minimally implement 'getName' (your Realm's identifier), 'getPassword' (fetch password, given user), and 'getPrincipal(String)' (used only for CLIENT-CERT auth, so if you don't want to support CLIENT-CERT, return null). Of course, the only point of doing a custom Realm is that you want to override other stuff ;-). If your Realm requires access to the Request, then I'd suggest holding off until you can use 5.x. It is sometimes possible to split a 3.x Realm into a Valve+Realm (what I managed to do), but after my pain, I won't recommend it ;-). "Shailesh Modi" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > I am migrating my web application to 4.1.27 from tomcat 3 . > > > In tomcat 3 , I had following code for authentication in server.xml. > > initCtx="com.sun.jndi.ldap.LdapCtxFactory" > ldapHost="ldap://ldap.mycompany.com:389"; > baseDn="ou=active,ou=employees,ou=people,o=mycompany.com" > maxDnAge="300" > maxPwAge="6000" > maxFilterAge="6000" > /> > > where as 'com.remind.securetomcat.SecRealm' is my class to authenticate user > by my company's ldap. > com.remind.securetomcat.SecRealm class extends tomcat's > org.apache.tomcat.core.BaseInterceptor' , which is not present in tomcat > 4.1.27 . > > What changes are required to make authentication work in server.xml in > tomcat 4.1.27 configuration > to make this work? > > > Thanks and Regards > Shailesh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsp -> string ?
Can be done. This example should get you started. public class MyEmailResponse extends HttpServletResponseWrapper { Writer out; public MyEmailResponse(HttpServletResponse res) { super(res); out = new StringWriter(); } public Writer getWriter() { return out; } // You may need to override some other methods here }; Then in your servlet: MyEmailResponse mer = new MyEmailResponse(response); RequestDispatcher rd = getServletContext().getRequestDispatcher("/myEmail.jsp"); rd.include(request, mer); mer.flushBuffer(); StringWriter sw = (StringWriter)mer.getWriter(); String emailMessage = sw.toString(); "Andoni" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hello, I have written a little method for my servlet that let's me know when something goes wrong. It sends me an email the body of which is a simple java.lang.String. This is easy as I cut mostly from a book I have ;-) Anyway, my question now is, I want to have my RequestDipatcher fill out a jsp page and send this as the body of the email. Can anyone tell me how to achieve this? How do I convert the .jsp with all it's parameters filled in, into a java.lang.String? My thanks in advance, Andoni. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JK2 Question...
I vaguely remember that there was/is a bug in Jk2 with using ports > 32K (a signed vs. unsigned thing). Can you try with a port < 32K? "Richard Norman" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have read the information and configured my server as specified at the > following URL... > > http://jakarta.apache.org/builds/jakarta-tomcat-connectors/jk2/doc/jk2/installhowto.html > > The thing I think is going on is that the port is not open fully cause every > time I try to connect to a JSP page from IIS, I get the "Can not find server > or DNS Error" message. If I go directly to tomcat on the port I set up, > everything works (4). in the startup sequence it says in the log file > the following > > * > INFO: Starting Coyote HTTP/1.1 on port 4 > Sep 10, 2003 1:22:09 PM org.apache.jk.common.ChannelSocket init > INFO: JK2: ajp13 listening on /0.0.0.0:40100 > Sep 10, 2003 1:22:09 PM org.apache.jk.server.JkMain start > INFO: Jk running ID=0 time=0/250 > config=C:\Tomcat\Tomcat-5.0\conf\jk2.properties > Sep 10, 2003 1:22:09 PM org.apache.catalina.startup.Catalina start > INFO: Server startup in 6797 ms > * > > Here is my workers2.properties file > * > [channel.socket:localhost:40100] > port=40100 > host=127.0.0.1 > > # define the worker > [ajp13:localhost:40100] > channel=channel.socket:localhost:40100 > > # Map the Tomcat examples webapp to the Web server uri space > [uri:/jsp-examples/*] > info=Map the whole webapp > * > > Here is my jk2.properties file > * > # Set the desired handler list > handler.list=request,channelSocket > # > # Override the default port for the socketChannel > channelSocket.port=40100 > channelSocket.address=127.0.0.1 > > request.tomcatAuthentication=true > * > > and here is the connector entry in my server.xml file > * > protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" > redirectPort="8443"> > > * > Any ideas anyone? THis is the last step to get everything working 100% for > me... > > Richard Norman > Web/Application Developer > > _ > Compare Cable, DSL or Satellite plans: As low as $29.95. > https://broadband.msn.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: NullPointer on getParameter
I just got a ton of these while doing a stress-test to try and get another bug to crawl out from under it's rock ;-). I believe that there is a bug here somewhere, but I'm currently chasing bug #1. If your server logs are more interesting than mine (which don't say much more than NPE at ...), could you at least post them as an attachment to a bugzilla report? "Laurie Harper" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Agreed :-) But understanding the life cycle of CoyoteRequestFacade may > make it easier to do so. There's nothing particularly funky going on in > the code that's exhibiting the problem so I don't know yet what I can > pare away. I'm trying to get a local build of Tomcat set up so I can add > some tracing and narrow things down. > > L. > > Shapira, Yoav wrote: > > > Howdy, > > The best thing is to come up with a way for us to reproduce it. The > > simplest, most direct way to get the exception. > > > > Yoav Shapira > > Millennium ChemInformatics > > > > > > > >>-Original Message- > >>From: Laurie Harper [mailto:[EMAIL PROTECTED] > >>Sent: Tuesday, September 09, 2003 6:17 PM > >>To: [EMAIL PROTECTED] > >>Subject: NullPointer on getParameter > >> > >>Hi, I'm trying to figure out a problem we've encountered since > > > > upgrading > > > >>to Tomcat 4.1. I've seen this both on 4.1.24 and 4.1.27. I haven't yet > >>reduced it to a specific recipe for reproduction outside the context of > >>my application but I do see this quite frequently so I thought I'd see > >>if anyone else has come across it... > >> > >>The problem is that a call to getParameter is getting a > >>NullPointerException in the delegation method on CoyoteRequestFacade: > >> > >>Caused by: > >>java.lang.NullPointerException > >>at org.apache.coyote.tomcat4.CoyoteRequestFacade. > >>getParameter(CoyoteRequestFacade.java:178) > >>at javax.servlet.ServletRequestWrapper. > >>getParameter(ServletRequestWrapper.java:203) > >> > >>I checked the code and line 178 just a call to the wrapped > > > > CoyoteRequest > > > >>object, meaning that reference is null. Now, there's only two ways it > >>could be null: a null reference was passed into CoyoteRequestFacade's > >>constructor, or CoyoteRequestFacade.clear() was called. > >> > >>As I understand it, a CoyoteRequestFacade should be associated with a > >>request when it starts and not released until the request has completed > >>so I'm leaning towards looking at the first possibility. Can anyone > > > > give > > > >>me an overview of the 'life cycle' of CoyoteRequestFacade? Where is it > >>created, managed, assigned/reclaimed from a particular request, etc? > >> > >>Better yet, has anyone run into this and found a solution? The nearest > >>thing I could find was Bug# 21611 which sounds like the same problem. > >>From the commentary, it doesn't look like there's a known cause yet; > >>what would be the best way to track this down (as I say, I can > > > > reproduce > > > >>the behaviour easily here)? > >> > >>Thanks, > >> > >>L. > >> > >> > >> > >>- > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > >>For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > > > > > > > This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Apache/Tomcat encrypting a subdirectory
Easiest is probably to use a: SSL area /online/* INTEGRAL in your web.xml file. An alternative methed for your config would be: RewriteRule /online/.* https://my.server.name/online/$1 [R] "Kai Schliemann" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello list, > > I have the following problem: > > I'm running Apache 1.3.27 on Suse Linux 8.2 (Server 1) and Tomcat 4.1.24 on > Suse Linux 8.2 (Server 2). > I'm using mod_jk as connector for Apache/Tomcat which works fine without > SSL-configuration. > > My JAVA-Webapp is running on Tomcat (Server 2). > I can connect to my JAVA-Webapp through the URL http://www.foo.com/. > Now I want a subdirectory (online) of this webapp to run in ssl-mode (e.g. > https://www.foo.com/online/). > I just want the directory "online" (and all of its subdirectories) to be > ssl-encrypted not the complete domain "www.foo.com". > > How can I do that? > > Thanks in advance. > > Kai - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jsp 1.2 and escaping quote marks
Does this work: "Rich Unger" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > http://java.sun.com/JSP/Page"; version="1.2"> > > > > > > > > All 3 of these lines cause compile errors. I'm using XSLT to generate > files which _may_ be JSP files (they may be static files, it's determined > when the xslt runs). Because of this, I'm not particularly enthused about > manually sticking backslashes in front of my quote characters. > > What I want to know is, how does tomcat 4 know to escape the quote marks > around foo.jpg, as in: > > out.write(""); > > ...but not around "quoted"? Is it a bug, or is this an expected compile > error in my jsp? > > Thanks, > Rich - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connetion between Tomcat & MySQL
Assuming that you aren't using JDBCRealm, then it should be enough to put the jar file in $TOMCAT_HOME/lib/apps. If you are using JDBCRealm, then place it in $TOMCAT_HOME/lib/common. Setting the CLASSPATH is evil ;-). "Amy Cheung" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I am using Tomcat 3.3.1 and MySQL 4.0 in Window XP. > MySQL engine is running. When I run my jsp, it stated > the error that "import com.mysql.Driver" not found. > Anyone know how to install the driver properly? I read > something about setting the class path. But where to > set? I don't know much about the MSDOS command and > specify the envirnomental variables in Window XP. I > download both the J/Connector & OCBC driver from > MySQL. Where should be the exact location to store? > > Thanks, > Amy Cheung > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: where is JkWorkerFile
Firstly, mod_jk2 doesn't have a JkWorkerFile directive. Secondly, for mod_jk this directive needs to be at top-level (i.e. it can't appear in a VHost). "Eugene Lee" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Trying to get mod_jk2 working, and Apache 2 complains in its error logs: > > No worker file and no worker options in httpd.conf > use JkWorkerFile to set workers > > Now I do have a JkWorkersFile directive, but it's in an external file > that is Include'd inside a block. Thoughts? > > > -- > Eugene Lee > http://www.coxar.pwp.blueyonder.co.uk/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat IBM JVM 1.4 and SSL truststores
I've just checked in a patch to have the TrustStore algorithm to be the same as the 'algorithm' (Tomcat 5 has a more general fix). It should appear in 4.1.28. If you need it sooner, you can download from the CVS. "McClure, Timothy J(IndSys, GE Interlogix)" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I am trying to use client SSL sockets connections running underneath Tomcat on AIX with IBM JVM 1.4. I set the 'algorithm' key word in the server.xml file and this seems to work well for key store (server socket) connections. However I cannot get the trust store side to work appropriately, I always get an I/O exception on SunX509 algorithm. I notice in the code it appears that the "SunX509" is hard coded to the TrustStoreManager. How do I get it to use IbmX509? I set the trsutManagerType to IbmX509 through -D options but this also did not work. Tim - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat IBM JVM 1.4 and SSL truststores
It's possible to configure PureTLS (which Tomcat supports) to support un-trusted certs. "Jerry Birchler" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I tried both the IBM and Sun packages. Unfortunately, neither handled > expired or untrusted certificates. In my case, I did not care one way or the > other whether or not the certificate was "trusted" or not. By virtue of > parsing or spidering a site, I was making a choice. Perhaps you have the > same situation? If so, then this will work for you. > > I found the attached source on the internet somewhere, and I was able to > successfully implement it in a core class to my html parsers and spiders. > Here is the snippet of code that is found in that core class. The class file > you will need follows the snippet. > > import com.sun.net.ssl.HttpsURLConnection; > // > // it's important to use the javax flavors of these packages, the com.sun > equivalents will not work > // > import javax.net.ssl.*; > import javax.net.ssl.SSLSocketFactory; > > // > // put this in you constructor... > // > > System.setProperty("java.protocol.handler.pkgs","com.sun.net.ssl.internal.ww > w.protocol"); > > // > // . whatever code you want > // > if ( blnSSL ) > { > try > { > java.security.Security.addProvider(new > com.sun.net.ssl.internal.ssl.Provider()); > X509TrustManager oTrustMngr = new EnlistaTrustManager(); > TrustManager oEnlistaTrustManagers[] = {oTrustMngr}; > SSLContext ctx = SSLContext.getInstance("SSL"); > ctx.init(null, oEnlistaTrustManagers, null); > SSLSocketFactory sslSocketFactory = ctx.getSocketFactory(); > HttpsURLConnection.setDefaultSSLSocketFactory(sslSocketFactory); > } > catch(Exception e) > { > e.printStackTrace(); > } > objUC = (HttpsURLConnection)objURL.openConnection(); > } > else > { > objUC = (HttpURLConnection)objURL.openConnection(); > } > > > // use your own packge. this is the class called by the snippet above. > > package com.efn.cmn.uihelper.urlscraper; > > import javax.net.ssl.X509TrustManager; > import java.security.cert.*; > > //EnlistaTrustManager implements X509TrustManager and you can have the > following code to accept ANY certificate. > > public class EnlistaTrustManager implements X509TrustManager > { > > EnlistaTrustManager() > { // constructor > // create/load keystore > // No need to load the keystore because it will be validated on demand. > } > > public void checkClientTrusted(X509Certificate chain[], String authType) > throws CertificateException > { > return; > } > > /** > * This function is called when receiving information from the server. > * Before accepting the info it checks that the certificates sent by the > server > * are valid according to this function. > * > * @throws CertificateException if the certificate does not meet this peer's > validation. > */ > public void checkServerTrusted(X509Certificate oaChain[], String > sAuthType) throws CertificateException > { > // special handling such as poping dialog boxes > > // Certificate is valid. > return; > } > > /** >* Returns the valid or accepted issuers. Currently this function returns > one empty >* certificate. The validation is done in checkServerTrusted function. >*/ > > public X509Certificate[] getAcceptedIssuers() { > return new X509Certificate[0]; > } > > public boolean isServerTrusted(X509Certificate oaChain[], String > sAuthType) throws CertificateException > { > return true; > } > } > > -Original Message- > From: McClure, Timothy J(IndSys, GE Interlogix) > [mailto:[EMAIL PROTECTED] > Sent: Monday, September 08, 2003 10:01 AM > To: Tomcat Users List; McClure, Timothy J(IndSys, GE Interlogix) > Subject: Tomcat IBM JVM 1.4 and SSL truststores > > > I am trying to use client SSL sockets connections running underneath Tomcat > on AIX with IBM JVM 1.4. I set the 'algorithm' key word in the server.xml > file and this seems to work well for key store (server socket) connections. > However I cannot get the trust store side to work appropriately, I always > get an I/O exception on SunX509 algorithm. I notice in the code it appears > that the "SunX509" is hard coded to the TrustStoreManager. How do I get it > to use IbmX509? I set the trsutManagerType to IbmX509 through -D options > but this also did not work. > > Tim > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/Verisign Confusion
gt; 3. Open the certificate you got from Versign. > > 4. Change the certificate in your key entry to your Verisign certificate. > > 5. Save and close the keystore. > > > > OpenSSL doesn't understand most of the Java keystore formats, although it > > can manipulate PKCS#12 files which Keytool can handle. If you download > the > > BouncyCastle crypto provider, then you can use keytool to write PKCS#12 > > files as well. > > > > Also, if the person who originally posted the question doesn't feel up to > > monkeying around with the Keystore classes, I have some code that I can > > adapt to stick your Verisign certificate in your keystore. Get in touch > > with me personally and I'll see what I can do. > > > > - Original Message - > > From: "Jay Garala" <[EMAIL PROTECTED]> > > To: "'Tomcat Users List'" <[EMAIL PROTECTED]> > > Sent: Friday, September 05, 2003 3:36 PM > > Subject: RE: SSL/Verisign Confusion > > > > > > NOTE: You cannot export private key from keystore. > > > > -Original Message- > > From: Dave Wood [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 05, 2003 10:32 AM > > To: Tomcat Users List > > Subject: RE: SSL/Verisign Confusion > > > > Thanks. With the exception of the openssl doc, I've been over these quite > a > > bit. The result is the problem I've mentioned where keytool says it can't > > import my certificate because the alias already exists. > > > > After some help I got last night, I think the question boils down to this: > > > > * once I have extracted my private key from keytool (haven't done this > yet), > > how do I take that key, the VeriSign intermediate certificate and my > public > > key certificate and get them to play together. I'm hoping the openssl > stuff > > will take care of this, because keytool doesn't really seem to recognize > > private keys as things that you can work with directly. > > > > Thanks again, > > Dave > > > > -Original Message- > > From: Jay Garala [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 05, 2003 7:12 AM > > To: 'Tomcat Users List' > > Subject: RE: SSL/Verisign Confusion > > > > > > Try the Java keytool help: > > http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html > > > > Tomcat how-to: > > http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html > > > > If you have OpenSSL: > > http://forum.java.sun.com/thread.jsp?forum=2&thread=4240 > > > > Jay > > -Original Message- > > From: Dave Wood [mailto:[EMAIL PROTECTED] > > Sent: Friday, September 05, 2003 1:04 AM > > To: Tomcat Users List > > Subject: RE: SSL/Verisign Confusion > > > > Thanks Bill. I think this highlights something I'm really not > > understanding... > > > > Didn't I generate an important "private key" somewhere along the line that > I > > can't just regenerate if I blow away my keystore? I assumed the > certificate > > I got back from verisign would only work if I still had the original > private > > key I generated before sending them my request. Is that wrong? > > > > (I'll take a look at the link you sent...at first glance, it looks a > little > > hard to follow, but hopefully not). > > > > Thanks again. > > > > Dave > > > > -Original Message- > > From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker > > Sent: Thursday, September 04, 2003 11:06 PM > > To: [EMAIL PROTECTED] > > Subject: Re: SSL/Verisign Confusion > > > > > > Firstly, it looks like you should wipe you keystore and start again. To > use > > a VS cert with Tomcat, the two options I know are: > > 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. > > 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and > > use that as your keystore (remember to set 'keystoreType="pkcs12"' on the > > Factory in server.xml). > > > > > > "Dave Wood" <[EMAIL PROTECTED]> wrote in message > > news:[EMAIL PROTECTED] > > > >>I'm having a problem getting an SSL certificate from Verisign working > >>correctly. I'm going to include everything I can think of that MIGHT be a > >>problem. Unfortunately, there are a couple things I can't quite remember > >>for certain. Here's the situation: >
Re: Servlet front page without redirect - Tomcat 4.1 with mod_rewrite and mod_jk2
"Mike Curwen" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Just to expound on this point: > > > -Original Message- > > From: news [mailto:[EMAIL PROTECTED] On Behalf Of Bill Barker > > Sent: Saturday, September 06, 2003 10:43 PM > > To: [EMAIL PROTECTED] > > Subject: Re: Servlet front page without redirect - Tomcat 4.1 > > with mod_rewrite and mod_jk2 > > > > > > This can be done for: > > 1) TC 3.3.2-dev with a non-default setting. > > 2) TC 5.0.9+ with default settings. > > The reason 5.x allows you to do this, is because it follows the 2.4 > Servlet spec, which now allows servlets to be included in the > welcome-file list (where before, it was only HTML or JSP). So if you're > completely desperate to have this functionality, and a simple META > refresh from index.jsp will NOT do... can you upgrade to the 5.x > tomcat? > > For Bill: What's the 3.3.2 hack? And why was it taken out? If you set the 'useInternal="true"' attribute on the StaticInterceptor element in server.xml, Tomcat does an internal redirect to the welcome file. If you set the 'strict23Welcome="true"' attribute, the you can use pre-compiled JSPs (or, for that matter, any servlet that maps to the welcome page). The 'useInternal' is off by default, a) so as to not break any apps that were depending on the old behavior, and b) it's a bit of a grey area in the 2.2 Servlet-spec on that this is allowed (although, of course, it happens to conform to the 2.4 spec :). The 'strict23Welcome' is off be default, since it isn't very optimized at the moment (so it add some overhead even in the case where you have only static welcome-files). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where does tomcat-jk2.jar come from?
This is from jakarta-tomcat-connectors. The tarball is sitting next to the main 4.1.27 tarball at the download page. From there, you look under the 'jk' directory. "Jon Skeet" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I'm still on the trail of bug 17193, and I'd quite like to see if I can fix it myself. Unfortunately, I've run into a problem at the very first hurdle - finding the source! Catalina has tomcat-jk2.jar in the server/lib directory, but where does this come from in the first place? The source doesn't seem to be in the main 4.1.27 source archive. Any offers? Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HeadlessException: The chickens come home to roost!
Running headless means using awt-light. In particular, one of the things you are forbidden from doing is creating heavy-weight components like Frames. If you want to run headless, you will need to re-structure your servlet to only use light-wieght components (that, in particular, don't care that there isn't a mouse). "Simon Brooke" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] -BEGIN PGP SIGNED MESSAGE- Long, long ago I spent a lot of time writing a Servlet which allowed drill-through graphs and charts to be built on the fly, server side. I was very proud of it, but getting it working on an X11 platform was such a bloody swine that I actually documented how to do it here: http://www.weft.co.uk/library/jacquard/documentation/uk/co/weft/htform/ Graphic.html> Now I need to use this functionality in a new project, and can I get it to work? No, I *&*%$ can't. And the problem is a new one: java.awt.HeadlessException I get this whether or not I have CATALINA_OPTS="-Djava.awt.headless=true" defined in /etc/default/tomcat4, and whether or not I have Xvfb running, with the DISPLAY environment variable pointing in the right place, and all X security off. Specifically I get: java.awt.HeadlessException at java.awt.GraphicsEnvironment.checkHeadless(GraphicsEnvironment.java:121) at java.awt.Window.(Window.java:266) at java.awt.Frame.(Frame.java:398) at java.awt.Frame.(Frame.java:363) at uk.co.weft.htform.MappedImage.(MappedImage.java:156) at uk.co.weft.htform.ExampleMappedImage.(ExampleMappedImageServlet.java:28) which is to say when I first try to create a java.awt.Frame I'm using tomcat 4.0.4 as packaged in Debian package tomcat4_4.0.4-4 on Debian 3.0 with Sun Java 1.4.0 and Sun Java 1.4.1; I also have, and could try if people think it would help, IBM Java 1.3.0 The last time this issue was discussed on this list was on 20th March this year; I've tried all the proposed solutions which were discussed at that time, including the eTeks PJA toolkit, which sounds a very clever solution but which unfortunately failed with a NullPointerException java.lang.NullPointerException at com.eteks.awt.servlet.PJARedirectServlet.servicePJA(PJARedirectServlet.java: 195) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at com.eteks.awt.servlet.PJAServlet.HttpMethodInvoke(PJAServlet.java:793) at com.eteks.awt.servlet.PJAServlet.service(PJAServlet.java:775) Any further suggestions gratefully received. Simon - -- [EMAIL PROTECTED] (Simon Brooke) http://www.jasmine.org.uk/~simon/ ;; MS Windows: A thirty-two bit extension ... to a sixteen bit ;; patch to an eight bit operating system originally coded for a ;; four bit microprocessor and sold by a two-bit company that ;; can't stand one bit of competition -- anonymous -BEGIN PGP SIGNATURE- Version: 2.6.3ia Charset: noconv iQCVAwUBP1zdAHr1UrYJMbiJAQHSUAP/RoR0DwfzilZ3EySyin3kXFzPkLQopTM9 l1yHrFdLnFFW6MV9rIuoKxNS2U1vPJ9zlqfeJt8hJszKKYO3b5WII6IJ0sz3fOIL YaItN0wTGmgpDtOMSFHsv4hXrzHBVdzNXYuQaJ6Fo/alKcRMGdfKliYzNAR3PaeH zlgRCXecWio= =z/Pq -END PGP SIGNATURE- - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running JSP....new to Tomcat 5.0
Urm, there is almost nothing in common between setting up Tomcat 3.x and setting up Tomcat 5.x (except that the name of the 'server.xml' file has stayed the same ;-). Almost all of the directories have changed (with the exceptions of 'conf' and 'webapps'), the syntax of 'server.xml' is completely different, if you are using app-.xml files the location has changed as well as the content. My advice is to go to http://jakarta.apache.org/tomcat/tomcat-5.0-doc/index.html and re-learn how to setup Tomcat as though you never knew how to setup Tomcat 3.x. "Amy Cheung" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > How can I setup the server configuration using TOMCAT > Ver5.0? I follow the same method for TOMCAT Ver3.0 but > it give error as below: > "SEVERE: Cannot find msg asso. with key > stdContext.resourcesStart Document base does not > exit or is not a readable directory" > > What is the correct to initialize the docBase? My > folder is stored in C:\SLF_proj. Where to put the code > in server.xml? > > Thks!!! > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet/JSP Lifecycle and Performance
"Lukas Bradley" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > AFAIK, no such benchmarks have been made. > > Once tomcat loads a servlet, it is loaded. Tomcat currently does not > unload > > servlets due to lack of use. > > Is this the case with Tomcat 5? Currently, yes. > > Lukas - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bit confused: Admin Tool vs Manager Application
Tomcat 4.0.4 only has the 'manager' (which is similar to the 4.1.x 'manager' (but with fewer features), and the 3.3.x 'admin'). <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > THX, but where does 404 fit in. > It's neither 3.3+ or 4.1+ > TIA > > > Bill Barker wrote: > > > > The 'admin' Context in 3.3.x is similar tothe 'manager' Context in 4.1.x. > > There are big difference when you get down to the specifics (e.g. 3.3 > > doesn't include Ant tasks), but in "Big Picture" terms, they do much the > > same thing from the HTML interface. > > > > <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > > > > > Hi All. > > > I'm on TC404, looking at manager configuration. > > > Is Administration Tool only available in TC3.x? > > > Is the Manager Applicatio only available in TC4.1+? > > > Seems like TC404 is somewhere in between. > > > > - > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Bit confused: Admin Tool vs Manager Application
The 'admin' Context in 3.3.x is similar tothe 'manager' Context in 4.1.x. There are big difference when you get down to the specifics (e.g. 3.3 doesn't include Ant tasks), but in "Big Picture" terms, they do much the same thing from the HTML interface. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi All. > I'm on TC404, looking at manager configuration. > Is Administration Tool only available in TC3.x? > Is the Manager Applicatio only available in TC4.1+? > Seems like TC404 is somewhere in between. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Debugging mode?
Tim's comments are very good, and should be followed. However, this error is usually because you've b*rked up your web.xml file, and the context isn't loading at all. Your log files should be a help in determining which element is out-of-order. "Thomas Hehl" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > OK, I had tomcat up and working just fine. I moved some directories around and changed my web.xml for my web app and now I get 404 for EVERYTHING > > I'm not asking anyone to solve this problem for me, but I've tried to check all of the logs and can't figure out where to go next. Is there some way to turn the tomcat mode into log EVERYTHING so that I can find out what's going on with this problem? > > Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet front page without redirect - Tomcat 4.1 with mod_rewrite and mod_jk2
This can be done for: 1) TC 3.3.2-dev with a non-default setting. 2) TC 5.0.9+ with default settings. You can't currently do this on any 4.x version. "A. Zazula" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Okay, I'm trying to solve my problem by using mod_rewrite with mod_jk2 > now. I've spent several days on this problem to date and I'm more than > a little frustrated. > > When the user types "http://mysight.org"; I want the page they get to > be generated by a servlet but without a redirect. So they won't be > redirected to http://mysight.org/index.jsp or something. When their > browser location bar sees "http://mysight.org"; they'll be looking at a > page generated by a java servlet. > > This can be obviously done with Perl (slashdot.org is proof---you > aren't redirected to slashdot.org/index.pl) and it can probably be > done with every other non-Java language. Can it be done with a Java > servlet? Is the combination of Apache 2.0.47, Tomcat 4.1.27, mod_jk2, > and mod_rewrite powerful enough to be able to accomplish this > extraordinary technical feat or do I have to switch to Perl because > that community obviously figured it out? > > > > __ > Do you Yahoo!? > Yahoo! SiteBuilder - Free, easy-to-use web site design software > http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: shutdown error
You are attempting the shutdown too soon (before Tomcat has finished coming up). Wait 30sec or so and try again. <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi, I have a problem when I try to shutdown tomcat. I have tried with version 4.1.24 and 4.1.27, but the problem happens with both versions. When I start the server (with startup.sh), and browse http://localhost:8080/index.jsp, and then shutdown it (with shutdown.sh), it works fine. The problem is when I start it, and then stop it without browsing http://localhost:8080/index.jsp. The following is displayed: Using CATALINA_BASE: /usr/jakarta-tomcat-4.1.27 Using CATALINA_HOME: /usr/jakarta-tomcat-4.1.27 Using CATALINA_TMPDIR: /usr/jakarta-tomcat-4.1.27/temp Using JAVA_HOME: /usr/java/j2sdk1.4.2 Catalina.stop: java.net.ConnectException: Connection refused java.net.ConnectException: Connection refused at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305) at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171) at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158) at java.net.Socket.connect(Socket.java:452) at java.net.Socket.connect(Socket.java:402) at java.net.Socket.(Socket.java:309) at java.net.Socket.(Socket.java:124) at org.apache.catalina.startup.Catalina.stop(Catalina.java:581) at org.apache.catalina.startup.Catalina.execute(Catalina.java:402) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) After trying to stop it two or three more times, with the same message displayed, it stops fine. I have tried to stop the iptables (because I have read somewhere that maybe it was a firewall problem), but the same happens. Can anyone help me? Thanks very much. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: class files being cached?
Finally a CL question I know ;-). Replies below. "Mike Millson" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I have a tomcat 3.3.1 application that I suspect might be caching old > class files. > > The application consists of about 50 servlet classes (I'm using straight > servlets, not JSPs) deployed as a jar file. When I update the jar file, > I think some of the old classes are not being replaced w/ the new ones. Have you checked that you aren't connecting via a Proxy-Server, and that the caching is actually being done by the Proxy? > > Will any of the following cause servlet classes to be cached between > stop/starts: > > 1) Not clearing the /work directory. Can this directory have anything to > do with servlets being cached? Or does tomcat strictly use it to compile > JSPs? Tomcat 3.3.x only uses the work directory for JSPs. Of course, your servlets can use it for anything that they want. > > 2) Storing old jar files in the WEB-INF/lib with extensions other than > .jar. For example, can I rename app.jar to app.jar.20030906 and leave it > in WEB-INF/lib along with the new app.jar file, or could this cause > servlet caching issues? Any file in WEB-INF/lib that doesn't end in '.jar' is simply ignored. > > Mike - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JSP Document
My reading of the JSP spec says that Tomcat is correct here. If you need to preserve the escape, then follow Sjoerd's suggestion. "Sam Hough" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Tomcat 4.1.27 on Win32 given > > > http://java.sun.com/JSP/Page version="1.2"> > Cat & Dog > > > Generates > > Cat & Dog > > Can anybody confirm that this is correct behaviour? > > I can sort of see that it makes sense (JSP is for generating any character > stream...) but it does make a JSP Document look very odd. > > Also, is it correct that should > not allow namespaces to be redelcared? > > Sorry if both these things are clear in the spec. Ive read it but > dont feel much wiser. > > Thanks > > Sam - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/Verisign Confusion
"Dave Wood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Thanks Bill. I think this highlights something I'm really not > understanding... > > Didn't I generate an important "private key" somewhere along the line that I > can't just regenerate if I blow away my keystore? I assumed the certificate > I got back from verisign would only work if I still had the original private > key I generated before sending them my request. Is that wrong? > Of course you need your original private key. A lapse on my part, since I always use openssl to generate the CSR for VS :(. If you used keytool to generate the PK, then you'll have to extract it first. > (I'll take a look at the link you sent...at first glance, it looks a little > hard to follow, but hopefully not). > > Thanks again. > > Dave > > -Original Message- > From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker > Sent: Thursday, September 04, 2003 11:06 PM > To: [EMAIL PROTECTED] > Subject: Re: SSL/Verisign Confusion > > > Firstly, it looks like you should wipe you keystore and start again. To use > a VS cert with Tomcat, the two options I know are: > 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. > 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and > use that as your keystore (remember to set 'keystoreType="pkcs12"' on the > Factory in server.xml). > > > "Dave Wood" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > I'm having a problem getting an SSL certificate from Verisign working > > correctly. I'm going to include everything I can think of that MIGHT be a > > problem. Unfortunately, there are a couple things I can't quite remember > > for certain. Here's the situation: > > > > 1. I generated the initial key using an alias other than "tomcat" (we'll > > call it "company") > > 2. I generated the CSR and sent it to verisign. I still have this file. > > 3. Verisign changed the company name during the verification process (from > > an acronym to the full spelling of the name) > > 4. I now have the certificate that they sent back after the validation > > process. > > 5. One thing I can't account for is why when I see this: > > > > $ keytool -list > > > > Keystore type: jks > > Keystore provider: SUN > > > > Your keystore contains 4 entries: (...others removed...) > > > > company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, > > Certificate fingerprint (MD5): > > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really > > 0's) > > > > ...I think I must have self-signed or something (I was doing a couple of > > these things and don't recall exactly), but I'm surprised to see > > "trustedCertEntry" here. > > > > The problem I'm having is this: > > > > $ keytool -import -trustcacerts -alias company -file public.crt > > Enter keystore password: xxx > > keytool error: java.lang.Exception: Certificate not imported, alias > > already exists > > > > (but I'm thinking it should be REPLACING this entry, so the fact that it > > exists shouldn't be a problem???) > > > > So, I have several questions: > > > > 1. Am I hosed completely because I didn't use "tomcat" as the alias? > > 2. How does the private key get stored exactly? I assume that if I delete > > the current entry for the "company" alias, I'll be losing the private key, > > right? > > 3. Can someone provide steps I should take to get this working given what > I > > have said above. > > > > Thanks so much in advance. Sorry to be so long-winded. > > > > -Dave > > --- > > Outgoing mail is certified Virus Free. > > Checked by AVG anti-virus system (http://www.grisoft.com). > > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --- > Incoming mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 > > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Sharing of JSP pages across multiple web apps
It depends what you want to accomplish basically. Personally, I prefer symlinking the pages (of course, after enabling the symlink option :). This results in seperate class files for each context that uses the page, but is easy to maintain. Alternatively, you can pre-compile the JSP to $CATALINA_HOME/shared/classes, and adjust your servlet-mappings accordingly. "Ashutosh Satyam" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Is it possible to share JSP page across multiple web-application within tomcat servlet container? Something like the libraries, which we want to share across multiple web application can be placed under the shared directory of tomcat. If it's not possible, why it has been not designed like that? Thanks and Regards, Ashutosh - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/Verisign Confusion
Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType="pkcs12"' on the Factory in server.xml). "Dave Wood" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I'm having a problem getting an SSL certificate from Verisign working > correctly. I'm going to include everything I can think of that MIGHT be a > problem. Unfortunately, there are a couple things I can't quite remember > for certain. Here's the situation: > > 1. I generated the initial key using an alias other than "tomcat" (we'll > call it "company") > 2. I generated the CSR and sent it to verisign. I still have this file. > 3. Verisign changed the company name during the verification process (from > an acronym to the full spelling of the name) > 4. I now have the certificate that they sent back after the validation > process. > 5. One thing I can't account for is why when I see this: > > $ keytool -list > > Keystore type: jks > Keystore provider: SUN > > Your keystore contains 4 entries: (...others removed...) > > company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, > Certificate fingerprint (MD5): > 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really > 0's) > > ...I think I must have self-signed or something (I was doing a couple of > these things and don't recall exactly), but I'm surprised to see > "trustedCertEntry" here. > > The problem I'm having is this: > > $ keytool -import -trustcacerts -alias company -file public.crt > Enter keystore password: xxx > keytool error: java.lang.Exception: Certificate not imported, alias > already exists > > (but I'm thinking it should be REPLACING this entry, so the fact that it > exists shouldn't be a problem???) > > So, I have several questions: > > 1. Am I hosed completely because I didn't use "tomcat" as the alias? > 2. How does the private key get stored exactly? I assume that if I delete > the current entry for the "company" alias, I'll be losing the private key, > right? > 3. Can someone provide steps I should take to get this working given what I > have said above. > > Thanks so much in advance. Sorry to be so long-winded. > > -Dave > --- > Outgoing mail is certified Virus Free. > Checked by AVG anti-virus system (http://www.grisoft.com). > Version: 6.0.512 / Virus Database: 309 - Release Date: 8/19/2003 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat as an in-process Servlet container?
I don't really understand the question. If you are using channelJni, then there is no address or port: The data is passed in-memory. "Carlos Cajina - Hotmail" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi everyone. I've followed the steps in http://www.greenfieldresearch.ca/technical/jk2_config.html for configuring Apache and Tomcat to communicate using JNI with good results, but there's just one thing that I can't figure out: When using channelSocket as the communication channel between the two servers is possible to use the workers2.properties file to configure the host:port where Apache is supposed to forward requests for non-static content, so a call to some http://host/webapp/index.jsp would be served transparently. Now, how do I do the same mapping when using channelJni? My main concern is to let user access any WebApp without having to type Tomcat's listening port. Regards, Carlos - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using jdk1.4 logger problem
"Chan, Kam Yuen" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello, > > I am trying to load our App in Tomcat. > One of the initialization is being done by a Servlet, which is set to autoload. During this initialization, we also initializes the logger, which are subclasses of the JDK1.4 logger classes. > > But, some how the logger manager can't find the handler classes. (Class loader problem?) Yup, it's a CL problem. Unfortunately, it looks like the problem is in Sun's implementation of 1.4 Logging. Instead of using the ContextClassLoader, it's looking for your class in the AppClassLoader (which, of course, knows nothing about your class :). At the moment, the only work-around I can see is to place your jar in $CATALINA_HOME/common/endorsed. Of course, if it will make you feel better, you can also b*tch at Sun for not designing their Logging implementation in a way that is friendly to app-servers ;-). > > Please see below the stack trace. You will see that the resoft.framework.logging.DBHandler is the class that can't be found. But it is in the same package and jar as the resoft.framework.logging.ResoftLogger, which was invoked in the middle of the stack. > > The jar is placed in the WEB-INF/lib directory. > > Thanks in advance for your Help. > > Kam Chan > > Can't load log handler "resoft.framework.logging.DBHandler" > java.lang.ClassNotFoundException: resoft.framework.logging.DBHandler > java.lang.ClassNotFoundException: resoft.framework.logging.DBHandler > at java.net.URLClassLoader$1.run(URLClassLoader.java:198) > at java.security.AccessController.doPrivileged(Native Method) > at java.net.URLClassLoader.findClass(URLClassLoader.java:186) > at java.lang.ClassLoader.loadClass(ClassLoader.java:299) > at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265) > at java.lang.ClassLoader.loadClass(ClassLoader.java:255) > at java.util.logging.LogManager$3.run(LogManager.java:717) > at java.security.AccessController.doPrivileged(Native Method) > at java.util.logging.LogManager.initializeGlobalHandlers(LogManager.java:710) > at java.util.logging.LogManager.access$800(LogManager.java:114) > at java.util.logging.LogManager$RootLogger.getHandlers(LogManager.java:817) > at java.util.logging.Logger.log(Logger.java:420) > at java.util.logging.Logger.doLog(Logger.java:446) > at java.util.logging.Logger.logp(Logger.java:589) > at resoft.framework.logging.ResoftLogger.log(ResoftLogger.java:780) > at resoft.framework.logging.ResoftLogger.info(ResoftLogger.java:439) > at resoft.framework.sessionmgmt.AppCtx.outputStartupInfo(AppCtx.java:456) > at resoft.framework.appsvr.sessionmgmt.AppServerCtx.init(AppServerCtx.java:539) > at resoft.framework.appsvr.initialization.AppServerStartUp.startup(AppServerSta rtUp.java:97) > at resoft.webserver.servlets.WebServerStartup.init(WebServerStartup.java:156) > at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:91 8) > at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:810) > at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java: 3279) > at org.apache.catalina.core.StandardContext.start(StandardContext.java:3421) > at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) > at org.apache.catalina.core.StandardHost.start(StandardHost.java:638) > at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1123) > at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343) > at org.apache.catalina.core.StandardService.start(StandardService.java:388) > at org.apache.catalina.core.StandardServer.start(StandardServer.java:506) > at org.apache.catalina.startup.Catalina.start(Catalina.java:781) > at org.apache.catalina.startup.Catalina.execute(Catalina.java:681) > at org.apache.catalina.startup.Catalina.process(Catalina.java:179) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39 ) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl .java:25) > at java.lang.reflect.Method.invoke(Method.java:324) > at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243) - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: j_security_check gets a 404 error
You need to add j_security_check to the URIs that get passed to Tomcat. I don't use Jk2 myself, but if your version is recent enough, I believe that you can even use: /*/j_security_check ajp13 If I'm wrong (and that doesn't work), simply put the full path to j_security_check. "Louise Pryor" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi > > I'm having a problem using form-based authentication. It all works > fine with standalone Tomcat, but goes pear shaped on Apache with > Tomcat. It seems to be the same problem that is described in > http://www.mail-archive.com/[EMAIL PROTECTED]/msg43091.html > (but I think it's more a Tomcat thing than a struts thing). > > Basically, I'm using the securityfilter filter from > http://www.securityfilter.org/. I have a login.jsp that submits a form > to j_security_check in the usual way. The only trouble is that Apache > comes back with an Apache 404 on /path-to-login.jsp/j_security_check. It is > clearly not passing j_security_check through to Tomcat to handle. > > The URL at the top of this message suggests passing all requests > through to Tomcat (at least I think that's what it means - it uses > mod_jk, and I'm using mod_jk2, which I'm not totally expert at > anyway). First, that doesn't seem to work for me, and second, although > I could configure things that way on my local setup it's not a > realistic option for deployment, where I'm on a shared server. > > The support guy at my hosting service suggested making the target of > the form /servlet/j_security_check, which at least gets it through to > Tomcat --- which then gives me a 404. Obviously this is right, because > I have no servlet mapping that would pick it up. > > So is there a way of defining a servlet mapping (or indeed any other > element in web.xml) that would push things through to the right place? > > Alternatively is there any way of doing this programmatically? Could I > send the form into a servlet which could then forward or redirect to > j_security_check directly, without going through Apache? If so, how? > > Thanks for any help on this. > > -- > Louise Pryor > http://www.louisepryor.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Servlet mappings?
<[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Seems strange that there wouldn't be the option to do this. Is there any > way to write your own default servlet? > To do your own default servlet, you need a mapping like the one for "default" in conf/web.xml: MyDefaultServlet / This mapping sends anything that doesn't match any other mapping to MyDefaultServlet. In particular, this usually means static content as well (e.g. gif, jpeg, css, etc files), so your servlet has to be prepared to deal with this case as well. > > Thank You, > > Justin A. Stanczak > Web Manager > Shake Learning Resource Center > Vincennes University > (812)888-5813 > > > > > "Mike Cherichetti \(Renegade Internet\)" <[EMAIL PROTECTED]> > 09/03/2003 08:11 PM > Please respond to "Tomcat Users List" > > > To: "Tomcat Users List" <[EMAIL PROTECTED]> > cc: > Subject:RE: Servlet mappings? > > > I don't think this can be done with mappings. You can put an index.jsp > file > with only a forward/redirect call in it to transfer control to your > servlet. > I've done this before, seems to work quite well. > > Mike > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Sent: Wednesday, September 03, 2003 8:55 PM > To: [EMAIL PROTECTED] > Subject: Servlet mappings? > > > I have a web app with multiple servlets. I would like one of those > servlets to handle all requests to http://mywebserver/. Basically I want > it to do the same thing as the welcome-file in the web.xml. How can I do > this? > > > Thank You, > > Justin A. Stanczak > Web Manager > Shake Learning Resource Center > Vincennes University > (812)888-5813 > > > > > - > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Shutting down the server
For integration, you should call o.a.c.startup.BootstrapService instead of Bootstrap. Bootstrap blocks its calling thread, so the only way to unblock it is to generate the IP traffic. For BootstrapService, the order of the calls is: 1) init(org.apache.commons.daemon.DaemonContext) 2) start() 3) stop() 4) destroy() "Jimm" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hello everybody, > > today, we were trying to integrating tomcat in an other application, by > reflecting the bootstrap classes, > like the script in bin/ do. My question is now, if it's possible to shutdown > the server by calling stop > instead of start on the same object ( > org.apache.tomcat.catalina.startup.Bootstrap.stop() )? > > I don't want to generate local IP-trafic and I don't want to call a external > shutdown script. or to build > up a second server by reflecting which will call the first server to > shutdown... > > Hey, if have a good solution I would be very happy... :-) > > Regards, Jimm > > -- > COMPUTERBILD 15/03: Premium-e-mail-Dienste im Test > -- > 1. GMX TopMail - Platz 1 und Testsieger! > 2. GMX ProMail - Platz 2 und Preis-Qualitätssieger! > 3. Arcor - 4. web.de - 5. T-Online - 6. freenet.de - 7. daybyday - 8. e-Post - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can not get SSL Client Certificate
Try: X509Certificate [] certs = (X509Certificate [])request.getAttribute("javax.servlet.request.X509Certificate"); "Elif Akten" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > I have been trying to get SSL client certificate during a client > authenticated SSL session. I am using Apache 2.0 with Tomcat 4.1.27. > Everything works succesfully: when I want to open a SSL protected JSP page > my browser asks for my client certificate and verifies it. But when I try to > get client certificate using request.getHeader("SSL_CLIENT_CERT") it returns > null. Also request.getAuthType() and request.getUserPrincipal() return null > value. Following is the relevant part from our httpd.conf file: > > > SSLEngine On > SSLCipherSuite ALL:!ADH:!EXP56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL > SSLCertificateFile conf/ssl/server.crt > SSLCertificateKeyFile conf/ssl/server.key > > JkExtractSSL On > JkHTTPSIndicator HTTPS > JkSESSIONIndicator SSL_SESSION_ID > JkCIPHERIndicator SSL_CIPHER > JkCERTSIndicator SSL_CLIENT_CERT > > > SSLVerifyClient require > SSLVerifyDepth 2 > SSLCACertificateFile "C:/Program Files/Apache Group/Apache2/conf/ssl/ca.cer" > SSLCACertificatePath "C:/Program Files/Apache Group/Apache2/conf/ssl" > SSLCACertificateFile "C:/Program Files/Apache > Group/Apache2/conf/ssl/rootca.cer" > > > LoadModule jk_module "C:/Program Files/Apache > Group/Apache2/modules/mod_jk.dll" > > > JkWorkersFile "C:/Program Files/Apache Tomcat 4.0/conf/workers.properties" > JkLogFile "C:/Program Files/Apache Tomcat 4.0/logs/mod_jk.log" > JkLogLevel info > JkMount /examples/* ajp13 > > Also our ssl.conf file includes the following lines : > > SSLOptions +StdEnvVars +ExportCertData > JkOptions +ForwardKeySize +ForwardURICompat +ForwardDirectories > JkMount /demo/* ajp13 > JkExtractSSL On > JkEnvVar SSL_CLIENT_CERT "" > > What should I do to read the client certificate? Any help is welcome... > > _ > The new MSN 8: advanced junk mail protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running Tomcat 4.1.27 without Jasper (or a JDK)?
Yeah, well, it won't work with 3.3.0 (it will exhibit the intestinal behavior that you describe :). After the 3.3.0 release the Velocity people lobbied for a non-JSP Servlet-container, so with 3.3.1, we (with non-default options) gave it to them. "Jon Skeet" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Actually, removing Jasper from 3.3.1(a) is about the same as > for 4.1.x: You > just comment out the JspInterceptor element in server.xml, > and voila: you've > got a JSP-less Servlet-Container. I tried that at the time - I can't remember which version, I'm afraid - and if I didn't have Jasper present, it barfed. I didn't have *any* references to JSPs left in the configuration, *anywhere*. Very strange. Never mind though - seems to be fine with 4.1. > Ok, to be helpful, for 4.1.x, you need to comment out all > references to > JspServlet in $CATALINA_HOME/conf/web.xml (including the > servlet-mapping). > Then you have a JSP-less Servlet-Container. Cheers, Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Running Tomcat 4.1.27 without Jasper (or a JDK)?
Actually, removing Jasper from 3.3.1(a) is about the same as for 4.1.x: You just comment out the JspInterceptor element in server.xml, and voila: you've got a JSP-less Servlet-Container. Ok, to be helpful, for 4.1.x, you need to comment out all references to JspServlet in $CATALINA_HOME/conf/web.xml (including the servlet-mapping). Then you have a JSP-less Servlet-Container. "Jon Skeet" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > I don't think you need to do anything. But you probaly want > to do this: > - remove $CATALINA/common/lib/jasper-compiler.jar > - in $CATALINA/conf/web.xml - comment out boht jasper/jsp references > > If you don't use precompiled jsp's > - remove $CATALINA/common/lib/jasper-runtime.jar > > You might not need $CATALINA/common/lib/ant.jar either. (I > don't know if anything other than jasper depends on it) > > [ On second thought, you might need to edit setclasspath.bat > (or sh) to remove the javac check. ] I'll certainly need to do the last bit, and I'll also (for the sake of completeness) remove the reference to tools.jar on the classpath. Great. I know I tried to do this with Tomcat 3.3, and I couldn't for the life of me get it to not require the Jasper jar files on the system... Jon - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat &apache SSL
My first guess is that you are running a version < 4.1.27. If so, you should see all sorts of errors in your Tomcat logs telling you what didn't work. If you want to know why earlier version don't work, search the archives or bugzilla. "Elif Akten" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Hi All, > > I use apache web server and for jsp files I configureted tomcat. > > I try to make SSL connection with client authentication. I configureted > apache and did nothing with tomcat (should I do??), it works, asks me for > client certificate and verifys it. > > Everything looks fine but when I try to get client certificate from servlet > it returns null, > > anybody knows ? > > Please Help > > Elif > > _ > The new MSN 8: smart spam protection and 2 months FREE* > http://join.msn.com/?page=features/junkmail - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Ant task for reloading webapps
To get Tomcat to redeploy your war file, you need to set the redeploy="true" attribute on the AutoDeploy element in server.xml. In theory, you could get an Ant task to re-load the context (assuming that you've left the 'admin' webapp installed). It would need to send a request to /admin/contextAdmin/contextRemove.jsp?removeContextName=context-name followed by a request to /admin/contextAdmin/contextAdd.jsp?addContextPath=/context-name&addContextNa me=context-name The 3.3-nightly also has a contextReload.jsp which combines these. Bug #21456 has a patch to get it working with 3.3.1(a). <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] I don't know if my last mail got throught so I'll resend. I'm using Tomcat 3.3 and cannot get the redeploying to work (ie I copy the war over an existing one and Tomcat should load the new war). I cannot get it to work. Everywhere on the net seems to say it's broken so I'm willing to now accept that now! My question is this: I have read how Tomcat 4 has an ant task to reload the war file, which works, but is this possible with Tomcat 3.3? Regards, Ian Colledge Visit our website at http://www.ubs.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: application working only partially with mod_jk2
Basically: no. The AJP13 protocol (used by mod_jk(2)) currently does not have an 'authorize' state. The request currently must be handled entirely either by Apache or Tomcat. "ToFu" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi All, I've got an app that is configured and working with mod_jk2 -- using apache 2.0x and tomcat 4.1.24. It's running fast, and stable. However, I'm having some problems with securing the app. Here's the deal. Security is configured at the application level (i.e. tomcat application) using the configurations in the application specific web.xml file. Works fine going straight to tomcat ( via port 8080). All files are locked down. However, I find that going through Apache, via mod_jk2, only the files that are specified in the workers2.properties are actually being triggered for authentication by the app server. This is fine for the .jsp files or .do (struts) directives that I've got in workers2.properties, but not fine for all the images and videos that I've got behind the secuiryt constraint (or want to, at least). I've changed the workers2.properties file to include the other image and video files types, and this works. This seems klugey though, as I would prefer if apache serves up these files. Does anyone have a better solution to locking down ALL files in a webapp using mod_jk2? Apache authentication won't work for me, as I'm using authentication information within my application. Any ideas would help. Todd # FROM WORKERS2.PROPERTIES # # MEMBERS.MYAPP.COM WORKER [ajp13:chihuahua:8009] channel=channel.socket:chihuahua:8009 [uri:members.myapp.com/*.jsp] worker=ajp13:chihuahua:8009 [uri:members.myapp.com/*.do] worker=ajp13:chihuahua:8009 #[uri:members.myapp.com/*.wmv]# UNCOMMENTED, AND THE APP SECURITY WORKS FOR THESE FILES, OTHERWISE, NOT #worker=ajp13:chihuahua:8009 #[uri:members.myapp.com/*.mpg]# UNCOMMENTED, AND THE APP SECURITY WORKS FOR THESE FILES, OTHERWISE, NOT #worker=ajp13:chihuahua:8009 #[uri:members.myapp.com/*.jpg]# UNCOMMENTED, AND THE APP SECURITY WORKS FOR THESE FILES, OTHERWISE, NOT #worker=ajp13:chihuahua:8009 # FROM WEB.XML FILE # Entire Application /* member BASIC Application Realm member - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mod_jk and Tomcat 3.2.4
AFAIK, the latest-and-greatest should still work with 3.2.x. "Armenio Pinto" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] Hi there, can anyone tell me, please, where can I find the most suitable version of mod_jk to use with Tomcat 3.2.4? Thanks in advance, Arménio Pinto - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: /usr/ucb/cc: language optional software package not installed
Like the message says, you need a working compiler (which on Solaris /usr/ucb/cc definitely isn't ;-). I've never tried it, but I believe that the Forte (or, rather, whatever it is being called these days) complier can be used to build gcc. Otherwise, you are stuck with downloading the binary gcc from sunfreeware or otherwise. "Raj Dasgupta" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > > Whenever I try to run the configure command , I get the following error. I > am loading gcc so I can compile the TomCat connector source. (Sorry, I know > the issue below is not directly Tomcat related) > > sudo ./configure > Configuring for a sparc-sun-solaris2.8 host. > Created "Makefile" in /opt/gcc/gcc-3.3.1 using "mh-frag" > /usr/ucb/cc: language optional software package not installed > *** The command 'cc -o conftest -g conftest.c' failed. > *** You must set the environment variable CC to a working compiler. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Catching JSP Custom tag errors
Yet another one for the FAQ ;-). An error-page element for a status code of 500 won't be invoked if the Servlet/JSP throws an exception out of the service method. For that, you need to have an error-page element with an exception-type, e.g.: java.lang.Exception /Error.jsp "Erez Efrati" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > Hi, > > I am using Tomcat/Struts and I am trying to catch errors in JSP pages > without luck. It only works if I put the <%page errorPage="/MyError.jsp" > %> tag in the page. I tried to remove it and use the in the > Web.xml but it didn't catch anything. What is wrong here? > > The page which causes the exception (A sample file, the version that > catches and the error redirects to the MyError.page as supposed): > > <%@ page contentType="text/html; charset=windows-1255" %> > <%@ taglib uri="/WEB-INF/struts-logic.tld" prefix="logic" %> > <%@ taglib uri="/WEB-INF/struts-template.tld" prefix="template" %> > <%@ taglib uri="/WEB-INF/struts-bean.tld" prefix="bean" %> > <%@ taglib uri="/WEB-INF/struts-html.tld" prefix="html" %> > <%@ page errorPage="MyError.jsp" %> > > > > hello > > > > > > JBuilder Generated JSP > > > > > > > > > > > THE WEB.XML > > > 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd";> > > > action > > org.apache.struts.action.ActionServlet > > config > /WEB-INF/struts-config.xml > > > debug > 2 > > 2 > > > debugjsp > Added to compile JSPs with debug info > org.apache.jasper.servlet.JspServlet > > classdebuginfo > true > > 3 > > > action > *.do > > > debugjsp > *.jsp > > > index.jsp > > > > 500 > /MyError.jsp > > > > /tags/struts-bean > /WEB-INF/struts-bean.tld > > > /tags/struts-bean-el > /WEB-INF/struts-bean-el.tld > > > /tags/struts-html > /WEB-INF/struts-html.tld > > > /tags/struts-html-el > /WEB-INF/struts-html-el.tld > > > /tags/struts-logic > /WEB-INF/struts-logic.tld > > > /tags/struts-logic-el > /WEB-INF/struts-logic-el.tld > > > /tags/struts-nested > /WEB-INF/struts-nested.tld > > > /tags/struts-template > /WEB-INF/struts-template.tld > > > /tags/struts-tiles > /WEB-INF/struts-tiles.tld > > > http://java.sun.com/jstl/core > /WEB-INF/c.tld > > > http://java.sun.com/jstl/core_rt > /WEB-INF/c-rt.tld > > > http://java.sun.com/jstl/fmt > /WEB-INF/fmt.tld > > > http://java.sun.com/jstl/fmt_rt > /WEB-INF/fmt-rt.tld > > > http://java.sun.com/jstl/sql > /WEB-INF/sql.tld > > > http://java.sun.com/jstl/sql_rt > /WEB-INF/sql-rt.tld > > > http://java.sun.com/jstl/xml > /WEB-INF/x.tld > > > http://java.sun.com/jstl/xml_rt > /WEB-INF/x-rt.tld > > > > > Thanks in advance, > Erez - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [File Upload]Multiple Destination ??
Another alternative (depending on your network config, and network policies) is to upload the file once and rsync the uploaded file to the various locations. "Tim Funk" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > The client (SWING app) will need to perform multiple HTTP requests to post > the file to the multiple servers. Thats the way HTTP works. You can do this > concurrently with multiple threads. (How-to is beyond the scope of this list > and an exercise in using google) > > Otherwise, you can have one server act as master and copy the file to the > other locations but this may bypass some of your business logic. > > -Tim > > Bikash Paul wrote: > > > Hi all friends, > > > > Iam facing problem with Uploading of one file in > > multiple destination means user can select multiple > > remote destination from client interface(swing) and my > > application should send that file in all remote > > destination from local hot folder.For that I have used > > Jlist Box with Multiple selection mode in swing client > > interface.Presently my application is working fine > > with one destination and multiple file.Iam little bit > > confused about the way of proceed Can any one plz > > guide me how I should proceed, I want only logic or > > some suggestion.Iam using Tomcat4.1.24 and servlet. > > > > Thanks & Regards > > Bikash > > - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]