Re: Tomcat + SSL
Change keystrokeFile to keystoreFile and keystrokePass to keystorePass. Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTML quoting
Here's a simple method to quote the most important character entities: /** * Handles a couple of problematic characters in strings that are printed to * an HTML stream, replacing them with their escaped equivalents * @param s an input string * @return the escaped string */ public static String escapeSpaces(String s) { StringBuffer sb = new StringBuffer(); int nChars = s.length(); for (int i = 0; i nChars; i++) { char c = s.charAt(i); if (' ' == c) { sb.append(#032;); } else if ('' == c) { sb.append(gt;); } else if ('' == c) { sb.append(lt;); } else if ('\' == c) { sb.append(quot;); } else if ('' == c) { sb.append(amp;); } else { sb.append(c); } } return sb.toString(); } A more complete solution would be to look up the complete list of character entities (e.g 'HTML and XHTML The Definitive Guide'), build a lookup table and use each character as an index into that table. Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Printing with page breaks.
It's possible with CSS. Check out: http://www.w3.org/TR/CSS21/page.html Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HTML quoting
It is obvious then that a space would be #032; or #x20; since 32 is the ascii code for a space. Though i cannot quite figure out why you would want to escape a space... I escape spaces and character entities in form fields; if you do the following: input name=x size=20 maxlength=20 value=%= someVal % and someVal contains space characters (or worse, ''), it won't display properly. If you escape the spaces, it will, and this is what I use the method for. If I'm emitting HTML where I know what it will be beforehand, I simply include any appropriate character entities in my resource strings. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Client authentication: what goes in tomcat-users.xml?
Following the advice from this link http://books.mcgraw-hill.com/betabooks/aug02/taylor/0072225653_ch10.html I tried to get SSL client authentication to work by setting the following entry in tomcat-users.xml: user username=CN=x, OU=y, O=z, L=a, S=b, C=c password= roles=user/ where x,y,z,etc. have real but unimportant values. Evidently Tomcat somehow matches the distinguished name from my certificate against an entry in the users file, presumably to establish the user's role. If it fails to make a match, no authentication takes place which, I guess, is why I was able to access protected pages but getUserPrincipal() was returning null. However, when I start Tomcat I get the error: GlobalResourcesLifecycleListener: Exception creating UserDatabase MBeans for UserDatabase javax.management.MalformedObjectNameException: ObjectName: Invalid (key,value) pair - username=CN=x So, what do I put in tomcat-users.xml to get client certificate authentication to work? Do I have to escape the '=' signs in some way? TIA (as I really want to put this issue to bed), Chris Williams. P.S. If somebody tells me to read the FAQ, please specify WHICH FAQ. I've read hundreds over the past few days trying to get to the bottom of CLIENT-CERT auth. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: URL in Location Bar
Use frames. However, you are trying to change the way people use the web and your users won't like that. People expect the URL in the location bar to reflect where they are - that way they can bookmark pages and such like. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL Client Authorization
Rich, Here are some instructions on using OpenSSL to set up your own CA. SETTING UP YOUR CA --- Step 1. Go to www.openssl.org and download the source code. Even Windows users need to build it, so you'll need access to a C compiler. You may be able to get hold of prebuilt binaries on the web and you can certainly get hold of the GNU C compiler or you can use Borland and Microsoft compilers. There are good build instructions included with the source distribution, so I won't go into build details. Step 2. Create directories to hold your CA keys, your server keys and, if you want to use SSL client authentication, your client keys. For the sake of argument let's assume that these directories are called ssl/ca, ssl/server and ssl/client. Step 3. Create a private key and certificate request for your own CA: openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key Step 4. Create your CA's self-signed certificate (note lasts one year - increase the days setting to whatever you want): openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem WINDOWS USERS:If you copy the ca.pem file to ca.crt and edit the file so that the strings TRUSTED CERTIFICATE read CERTIFICATE, you can import your CA certificate into your trusted root certificates store. Step 5. Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore $JAVA_JOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias my_ca Windows users need to replace $JAVA_HOME with %JAVA_HOME%. Step 6. Create a file to hold your CA's serial numbers. This file starts with the number 2: echo 02 ssl/ca/ca.srl SETTING UP YOUR WEB SERVER Step 7. Create a keystore for your web server. keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ssl/server/server.ks -storetype JKS Step 8. Create a certificate request for your web server: keytool -certreq -keyalg RSA -alias tomcat -file ssl/server/server.csr -keystore ssl/server/server.ks Step 9. Have your CA sign your certificate request: openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/server/server.csr -out ssl/server/server.crt -days 365 Step 10. Import your signed server certificate into your server keystore: keytool -import -alias tomcat -keystore ssl/server/server.ks -trustcacerts -file ssl/server/server.crt You should see a message Certificate reply was installed in keystore. Step 11. Import your CA certificate into your server keystore: keytool -import -alias my_ca -keystore ssl/server/server.ks -trustcacerts -file ssl/ca/ca.pem This step is only necessary if you wish to use SSL client authentication with Tomcat. Step 12. Set up an SSL connector for Tomcat. I assume that you know, or can find out, how to do this. Open up conf/server.xml in a text editor and search for the text keystoreFile. Ensure that the attribute value is the keystore you've created above. SETTING UP AN SSL CLIENT --- Step 13. Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out ssl/client/client1.req -keyout ssl/client/client1.key Step 14. Have your CA sign your client certificate. openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/client/client1.req -out ssl/client/client1.pem -days 365 Step 15. Generate a PKCS12 file containing your client key and client certificate. openssl pkcs12 -export -clcerts -in ssl/client/client1.pem -inkey ssl/client/client1.key -out ssl/client/client1.p12 -name my_client_certificate Step 16. Import the PKCS12 file into your web browser to use as your client certificate and key. Repeat steps 13-16 as often as required. Step 17. Enable client certificate authentication in Tomcat. Open up conf/server.xml and search for the text clientAuth. Set the value of the attribute to true. I apologize in advance for any typing errors. Hopefully, it's all correct and you should all be able to get up to speed with OpenSSL. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL Client authentication woes
My setup: Windows XP Pro JDK 1.4.1 JWSDP 1.0 I'm hoping to get SSL client authentication working for web services. I set up Tomcat for SSL ages ago and it works fine. However, I run into multiple problems when I attempt to use SSL client authentication. I have enabled client authentication by changing the value of clientAuth in server.xml to true. I removed all security-constraint and login-config entries from my web.xml as they didn't appear to have any effect (question: am I right to do so? I've done my research on the web and there are no consistent instructions for what to do). When I access https://localhost:8443/ in Internet Explorer, I get notified that a private key is being used and the server home page displays fine. However, when I first access the page, the following stack trace appears on Tomcat's console: PoolTcpEndpoint: Handshake failed javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake ... Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(DashoA6275) ... 7 more ThreadPool: Caught exception executing [EMAIL PROTECTED], terminating thread java.lang.NullPointerException at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:512) ... Does anybody know what the problem is here? The second thing is, I want to know who's accessing pages and web services. That's the whole point of authentication, right? However, when SSL client authentication is in force, the following calls all return null: request.getUserPrincipal() request.getRemoteUser() request.getAttribute(javax.servlet.request.X509Certificate) request.getAttribute(org.apache.coyote.request.X509Certificate) This seems most bizarre. At some point these calls must return non-null values as they are used in org.apache.catalina.authenticator.SSLAuthenticator. Does anybody know whether there are any server settings to make these calls return the correct values? Ideally, I would like to have just one or two URL-patterns protected by SSL, like you do with HTTP authentication rather than it being all or nothing. Is this possible with Tomcat? Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Configuring server.xml for SSL breaks Tomcat
Matt, 2 suggestions: 1. Upgrade your JDK to 1.4.x. JSSE is now integrated with the Java Runtime and, you never know, this step alone might fix your problem. 2. Create and configure the SSL connector using the Admin tool instead of manually editing server.xml. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication - based on request parameters
Morten, HttpServletRequest is simply an interface. If you wanted to subclass it, you would have to implement every member of the interface. However, you could do this easily enough by passing every method that you didn't want to implement to the original request object, for example: public class MySpecialHttpServletRequest implements HttpServletRequest { private HttpServletRequest origRequest; public MySpecialHttpServletRequest(HttpServletRequest origRequest) { this.origRequest = origRequest; } public String getAuthType() { return origRequest.getAuthType(); } etc. public boolean isUserInRole(String role) { // Do your own stuff } } And then in your JSP you would have something like % request = new MySpecialHttpServletRequest(request); % However, if I were thinking of implementing an entire J2EE interface simply to handle a single method, I'd be questioning whether I was going in the right direction. If you have something that is working, you may want to consider keeping it. Alternatively, why not try to use Tomcat's role-based security architecture rather than overriding it? Something else that occurs to me is that your security model appears to depend on a GET parameter in the request (?site=MySite). A client could easily change this value to circumvent your security. A better model is that your logon page sets a value in the Session object to identify the user. Then the security depends on a very long, random session ID and it is vanishingly unlikely that a client will be able to change this ID (either in a URL or a cookie) and, by chance, hit on a valid session ID belonging to another user. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Authentication - based on request parameters
The problem is that your model does not seem to be based on a secret and site names don't have a lot of entropy. I don't know enough about your model to give you examples of possible attacks, but it seems to be similar to an access control model where you ask to people to enter their user ID but no password. Saying Oh, the client has to know a valid user name to get in would not be enough to make this a secure model. If you store the remote site information in the Session, this information is stored-server side and a client never even gets the chance to have a go at circumventing it. The role model can be made to work. You have a list of clients, or sites, and you assign them roles. You create a table of role-to-permissions or simply declare the required roles in your JSP. Then in your pages make the following access check: // This gives MyApp/saveEditedPage.action in your original example; you may also use // getServletPath() to give you saveEditedPage.action String requestURI = request.getRequestURI(); // Implement this method yourself String[] permittedRoles = getPermittedRoles(requestURI); boolean accessAllowed = false; for (int i = 0; i permittedRoles.length; i++) { if (request.isUserInRole(permittedRoles[i])) { accessAllowed = true; break; } } This is simply an example, of course, and I don't know whether such a scheme would work for you. - Original Message - From: Morten Andersen [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, September 26, 2003 10:33 AM Subject: Re: Authentication - based on request parameters Why is that a security-issue? I wan't the user to enter the site by cliking on a link or whatever, so that the user enters the site using that request. It should be OK, that the user tryes to go to a restricted page by writing blabla:8080/MyApp/restrictedRequest.action?site=JustAGuess But if that is done and the user has not got rights to do it, then he is being rejected... Regards Morten Andersen PS: I did consider the role-based model form tomcat, but that is coarse-grained, in the sense that it is based on 1 role for one web-app, and that is not suficient. Something else that occurs to me is that your security model appears to depend on a GET parameter in the request (?site=MySite). A client could easily change this value to circumvent your security. A better model is that your logon page sets a value in the Session object to identify the user. Then the security depends on a very long, random session ID and it is vanishingly unlikely that a client will be able to change this ID (either in a URL or a cookie) and, by chance, hit on a valid session ID belonging to another user. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Morten Andersen Master of applied mathematics and computer science Amanuensis (in e-learning) The Maersk Institute of Production technology at Southern Danish University www.mip.sdu.dk Campusvej 55 DK-5230 Odense M Denmark +45 6550-3654 +45 6171-1103 Jabber id: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: HOW INCREASE URL length size ?
Philippe, I suspect that the underlying question is I want to stick loads of GET parameters in a URL, more than 451 characters' worth. How?. The answer is: don't. Do something else instead: 1. Use HTTP POST 2. Store stuff in the Session. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Javaw
Use Windows Scripting. Let's say that your program is called myApp and that the batch file that you use to run it is called run_myApp.bat. Simply create a script file called run_myApp.vbs and use the following VBScript code: Set objShell = Wscript.createObject(Wscript.shell) objShell.run(javaw...) Obviously, your script requires a little more work; you need to build the path to your class and setup the Java classpath, but fundamentaly this is all you need to do to run javaw without a console. Your work isn't quite done, however. I find that Norton Antivirus puts up a seriously hostile dialog box when I run a VBS script directly. To this end you need to create a scripting host file. Let's call it run_myApp.wsh: [ScriptFile] Path=run_myApp.vbs [Options] ... You can execute this .wsh file from Start\Run or from a link on the desktop or whatever. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Single Login Authentication with Tomcat
I believe somewhere on java.sun.com I saw an article about setting up JAAS as a tomcat realm to use NT authorisation. There's a big problem with JAAS and the NTLoginModule: it gives you the details of the currently logged on user. For a web app, this will be the user under which Tomcat is being run, not the person who has typed in his name and password in his browser. There are two solutions: 1. Use JNDI realm to talk to Active Directory. 2. Collect credentials yourself and use native code to call the WinAPI function LogonUser. I have written a centralized authentication service. One of the modules that I created to authenticate users against a Windows domain uses method 2 above. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Tomcat appears to cause erroneous ClassCastException (see message for circumstances)
I am using Tomcat 5 (I think) as a servlet and web service container via JWSDP 1.2. My OS is Windows XP Professional SP 2. I have written a centralized authentication service which uses a pluggable authentication module architecture. Each authentication module derives from an abstract base class com.inmezzo.authn.logon.Logon which is contained in a JAR file called inMezzo_AuthnLogon.jar, copied to common/lib. I supply a number of authentication modules (Win32, LDAP and others) with the service. These are in a package called com.inmezzo.authn.server and are contained in a WAR in webapps and they all work fine. However, the general pattern is that custom authentication modules will use a completely different package hierarchy and will be stored in their own JAR files in common/lib. This, however, causes problems. When my web app loads, the following code is executed (note that much of it is used simply to provide debug output for this post): String aClassName = m_props.getProperty(authenticator, com.inmezzo.authn.server.NullLogon); try { Class aClass = Class.forName(aClassName); System.out.println(Class is + aClass); System.out.println(Class package is + aClass.getPackage()); System.out.println(Classloader is + aClass.getClassLoader()); System.out.println(Superclass is + aClass.getSuperclass()); System.out.println(Superclass package is + aClass.getSuperclass().getPackage()); Object o = aClass.newInstance(); System.out.println(New object is + o); System.out.println(New object is a Logon object: + (o instanceof com.inmezzo.authn.logon.Logon)); System.out.flush(); m_authenticator = (com.inmezzo.authn.logon.Logon) o; // Boom! } catch(Exception e) { e.printStackTrace(); } When this code attempts to load a custom authenticator running under Tomcat, I get the following output: Class is class rdc.users.RIOLogon Class package is package rdc.users Classloader is StandardClassLoader ... Superclass is class com.inmezzo.authn.logon.Logon Superclass package is package com.inmezzo.authn.logon New object is [EMAIL PROTECTED] New object is a Logon object: false java.lang.ClassCastException at... When, however, I execute the same code from the command line, I get the output that I would expect: Class is class rdc.users.RIOLogon Class package is package rdc.users Classloader is [EMAIL PROTECTED] Superclass is class com.inmezzo.authn.logon.Logon Superclass package is package com.inmezzo.authn.logon New object is [EMAIL PROTECTED] New object is a Logon object: true Can anybody tell me what the problem is here? I don't think that I'm trying to do anything too perverse. Is there perhaps a configuration setting for Tomcat that will fix this? Alternatively, can anybody confirm whether it is worth my while to rewrite the abstract base class as an interface? I'm loath to do this only to find that it doesn't fix the problem. Thanks in advance for any light that you can shed on this matter, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Follow on from ClassCastException question
I've implemented the logon architecture using an interface which all authenticator modules implement, so that the attempted cast now reads: m_authenticator = (ILogon) o; That still causes a ClassCastException. Bummer! Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: newbie jasperException
Hi, Your JSP code is wrong. The %@ page import... % directive needs to go at the top of the page. When the Jasper compiler turns it into Java, that directive gets turned into one or more Java import statements, and you wouldn't stick those in the middle of your code. Remember, all the HTML gets turned into Java code, as follows: out.write(html\r\nhead\r\n...); So that your import statements (and the class variable declaration %! Vector v; %) appear inside a servlet doGet() method, which is illegal Java. In spite of the superficial similarities, JSP is not really like PHP. The PHP interpreter turns embedded PHP code into HTML, while the JSP compiler turns HTML into Java (and then the Java compiler turns it into byte code). It will help you to keep this in mind when writing JSP code. BTW, I'm a little troubled by that %! Vector v; % declaration. This turns v into an instance variable of the servlet class that Jasper creates. Is this what you intended? If not, remove the exclamation mark and leave the variable declaration where it is. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CPU usage 100%
Ravi, Assuming that your code is at fault, have you tried doing debug output so you can find the part of your code that causes CPU usage to hit 100%. Just do this: void myMethod() { System.out.println(In myMethod); ... } You can put similar statements in your JSP code as well. Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Printing from java bean to jsp page
If you need to capture output from a bean, don't use System.out.print - that goes to the system console or a log file. The out variable on a JSP page is a java.io.Writer object (or at least it is deep down). You should set this as a member variable of your bean class and write output through that. Or, if you prefer, you could have the methods from which you want output take a Writer object as an additional parameter. The output of your bean will then be part of the output of your JSP page. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: sloppy English
A lot of posts to this mailing list seem to use really lazy English: I consistently in lowercase, missing punctuation, missing capital letters at the start of sentences, etc. Two things: 1. A sentence which goes something like must i do x or can i do y is hard to read. 2. Writing like this makes you sound like a moron. We're all educated people or otherwise we wouldn't be computer programmers. So let's maintain some reasonable standards. Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Signal 11 Error: An unexpected exception in native code outside the VM
Signal 11 is a segmentation error (I think), which would be caused by attempting to access an invalid memory address. This in turn might be caused by attempting (in native code) to construct an instance of a Java class that the class loader can't find, something like: jclass clz = env-FindClass(example/somewhere/something/ClassIWant); jmethodID mid = env-GetMethodID(clz, init, ()V); If the FindClass call hasn't been successful, the second line will crash the JVM. If your project uses native code, make sure that Tomcat's class loader can find any Java classes that you want to use. If it doesn't, does the JVM error trace point a finger at any native library? Chris Williams. P.S. You might want to try upgrading Red Hat 7.3. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cannot run Tomcat as new user
Denise, Java makes tracking your own memory usage quite difficult, which is good in some ways, not so good in others. What you could try is temorarily removing your web app. Then create a dummy servlet which gets loaded when Tomcat loads. This servlet won't do anything, it will just hang around periodically calling Runtime.getRuntime().gc() followed by Runtime.getRuntime().freeMemory(), logging the result (use a java.util.Timer for this). Then re-enable your web app and see how the total is affected. It's somewhat crude, and will require a several runs to get a half-decent average, but it's better than nothing. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: Apologies
Sorry, folks, I didn't mean to start a flame war. Also, I certainly didn't mean to call anybody a moron - I simply meant that sloppy writing makes you sound less intelligent than you really are (and unpunctuated sentences really are harder to read). I also appreciate that English is not everybody's first language. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Where should I put properties files
Configuration files are a problem area in Java, particularly J2EE. You can: 1. Use a Preferences object (although I personally have found this quite painful - you need to provide a UI to set up and administer your preferences and system preferences require admin privileges on Windows). 2. Put your config file in a directory off the user's home directory. Use System.getProperty(user.home) to retrieve the home directory and build up the path to your file. Indicate in your documentation that the web service must run in the context of a aprticular user. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and native libs.
Have you tried synchronizing access to the native methods? Does Tomcat and the JVM crash when you only have one servlet using the native code? Alternatively, can you have two instances of the object so that it is not shared? What are the messages printed by the JVM when it crashes? Are you sure that your native library is even beng found and loaded? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and native libs.
I'm no Unix expert, but I believe that signal 11 is a segmentation fault (i.e. you're accessing either an invalid memory address or one which you are not allowed to use). The most likely cause is a NULL pointer access. What you could try doing is handling signal 11 in your code. In the remainder of your native code you could set a global variable to the name of the current function being executed and your signal handler could print this to STDOUT. Then at least you can start to isolate where the problem is occurring. Do something like the following: #include signal.h #include siginfo.h char *g_currFn = ; if (SIG_ERR == sigset(11, handler)) { // Bummer... } ... void handler(int sig) { // Print signal and offending function to STDERR psignal(sig, (const char *) g_currFn); } int myfunc(int) { g_currFn = myfunc; ... } Something that is eminently possible is that your native code is relying on a Java class that is, say, in $JAVA_HOME/jre/lib/ext and is being loaded by the standard Java classloader but is not being loaded by the Tomcat loader. In this case the call: jclass clz = env-FindClass(example/somewhere/something/ClassIWant); jmethodID mid = env-GetMethodID(clz, init, ()V); will access an invalid pointer and crash the virtual machine. I know; I've done it. Hope this helps. Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Character Set Issues (windows vs. Unix)
Hans, Make the database fields BLOBs as you're storing binary data. No attempt should then be made by your database to interpret character codes. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Can access tomcat locally but not from another machine
If your company is hot on security, the most likely cause is that port 8080 is blocked (possibly at the router). Ask your admin guys about freeing it for internal network access or try running Tomcat on port 80. Ping doesn't use TCP so you won't experience the same connectivity problems. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: performing init operations in webapp
The easiest way is as follows: Say your web service is called MyWebService. Implement the class that does the real work as a singleton class (i.e. private constructor, public getInstance() method which returns the only instance of the singleton class, creating it if it doesn't exist). This class will be called something like MyWebServiceImpl. Your servant class will be a wrapper around the methods in MyWebServiceImpl. For example, say you expose a method called x, the code in the servant class will call MyWebServiceImpl().getInstance().x(). Create a servlet for lifecycle management. In your web.xml set the loadOnStartup value to 1. In your servlet's init() method call MyWebServiceImpl.getInstance() and do your necessary initializing in the getInstance() method. In your servlet's destroy() method, call something like MyWebServiceImpl.getInstance().shutdown() to clean up (assuming that you've defined a shutdown() method). Your lifecycle management servlet can do other stuff - for example acting as the destination for post operations from any admin pages that you might write. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Using encodeURL - do we have to pass the jsessionID around?
No, it's done for you. - Original Message - From: Anson Zeall [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Saturday, September 13, 2003 4:43 AM Subject: Using encodeURL - do we have to pass the jsessionID around? Hi guys. I still don't quite get how to really use encodeURL and encodeRedirectURL. Yes I know the syntax and how to put in the link but like.hmm.do we have to pass the ID around to get page? Regards Anson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Java Mail Question
Java will only contact the SMTP server when you call Transport.send(). - Original Message - From: Peter Vertes [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, September 12, 2003 10:46 PM Subject: Java Mail Question Hello All, Quick question about Tomcat and Java Mail. When I create a JNDI mail resource will it act like a Connection Pool ? Meaning, will there always be a session logged into the specified SMTP server or will Tomcat only log into the SMTP server once I explicitly ask for a session ? Thanks in advance... -Pete -- perl -e 'print pack(H*, 70766572746573406E79632E72722E636F6D0A)' - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Mobile phone on serial port - Howto send sms?
Seems a bit cheeky: the question how do I send SMS messages using Tomcat? is really how do I send SMS messages using Java? and there are probably more relevant mailing lists for that question. Anyway, presumably your mobile phone can impersonate a Hayes modem, so you need to open up your COM port and write Hayes commands to dial the number you want. Then you need to write your SMS message. This is a standard, so you need to obtain the appropriate standards documents. Then you hangup the phone, again using Hayes commands. An alternative is to use a web-based SMS service, such as the one on Lycos, and then post the appropriate data to the URL. There are commercial services available as well - do a Google search. Here's a link to a JMS discussion thread which has an example of using a web-based SMS service: http://forum.java.sun.com/thread.jsp?thread=33106forum=29message=80021 BTW, the Tomcat way to talk to a mobile phone is to serve WML pages. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mysite - 3rd party - mysite, session *sometimes* lost
I'm guessing that you redirect to the credit card processor's URL, supplying your own URL as a GET parameter. Try calling response.encodeURL() on your own URL before supplying it so that the session ID is appended. If it still doesn't work, you need to work round it by persisting the current session state, adding some ID as a GET parameter to your own URL (be sure to call URLEncoder.encode() on the query string) and then repopulating the session when you're called back. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Simulating HttpSession
HttpSession is an interface - implement it yourself. - Original Message - From: Altu B. Altnta [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Thursday, September 11, 2003 11:15 AM Subject: Simulating HttpSession Hi, How can i simulate HttpSession. Back side classes uses HttpSession but testing them without Tomcat seems imposible, any idea ? Regards. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The function for response.encodeURL....me still not sure
As I said, the URL-rewriting is done by the container to allow you to use HTTP sessions when the user of your site has disabled cookies and it does this by appending ;jessionid=blah-blah-blah to end of your URLs prior to the query string (?blah=stuffjabber=yakka-yakka...). This is all in the servlet spec. However, you need to give the container the opportunity to do so and for this you need to use the encodeURL methods of HttpServletResponse. Think about your JSPs. Currently (presumably) you have links like the following: a href=some_link.jspSome link/a To enable session tracking without cookies, all you need to do is: a href=%= response.encodeURL(some_link.jsp) %Some link/a Likewise, whenever the logic of your page indicates that a redirect is required, instead of calling: response.sendRedirect(some_link.jsp); you call response.sendRedirect(response.encodeRedirectURL(some_link.jsp)); Check out the J2EE tutorial for examples: http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html#63281 Chris. - Original Message - From: Anson Zeall [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 2:56 AM Subject: The function for response.encodeURLme still not sure Hi guys, I was asking about the login stuff before from previous emails and trying to avoid the use of cookies. Someone in the group asked me to try and use sessions ...using response.encodeURL and stuff. Can someone explain a bit more what that does, or is there a site that can explain to me about that? Thanks, Anson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: new Aspen Group Email
You need to unsubscribe using your old email address (which you will need to enable so that you can respond to the confirmation email) and then resubscribe using your new address, otherwise you'll generate bounce messages in the mailing list. - Original Message - From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 3:44 AM Subject: new Aspen Group Email Due to problems with SPAM, [EMAIL PROTECTED] has been discontinued. Please note my new email address. To prevent automated systems from obtaining my new email address, I will spell out the @ symbol. Please send all future email to: gordon[at]aspengroup.net - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: The function for response.encodeURL....me still not sure
You don't use encodeURL() with the include directive. The include directive takes a relative path straight to the appropriate JSP and has the same effect as, say, #include stdio.h in C code, i.e. the included file is added to your source prior to compilation. You couldn't write C code like the following: char *include_file = stdio.h; #include include_file And you can't do something similar with JSP files either: % String included_page = header.jsp; % %@ include file=included_page % An even more obviously absurd example might be: % String importedPackage = java.util.; % %@ page import=importedPackage + Properties % %@ page import=importedPackage + Vector % Even if the JSP compiler accepted this (it won't), the output would be: String importedPackage = java.util.; import importedPackage + Properties; import importedPackage + Vector; which is illegal Java. However, that dumb example is conceptually the same as your %@ include file=%= response.encodeURL(header_status_register.jsp)% % (please note, I'm not saying that you're dumb, simply that a dumb example can be used to illustrate a technical point). The JSP %@ ... % directives are handled by a pre-processor, just like C #include statements and the pre-processor does not evaluate Java (or C) expressions. You only use encodeURL() for links and encodeRedirectURL() for redirects. You may want to get a good book on Servlet and JSP programming. I use the O'Reilly volumes 'Java Servlet Programming' and 'JavaServer Pages'. Doubtless there are other good titles but you can never go far wrong with an O'Reilly, I always say. - Original Message - From: Anson Zeall [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 10:17 AM Subject: RE: The function for response.encodeURLme still not sure Thanks a lot, But..for example...if I have a jsp file..that includes another jsp file in it.how can I write it with encodeURL? Doesn't seem to work.. E.g. %@ include file=%= response.encodeURL(header_status_register.jsp) % % doesn't work Anson -Original Message- From: Christopher Williams [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 5:55 PM To: Tomcat Users List Subject: Re: The function for response.encodeURLme still not sure As I said, the URL-rewriting is done by the container to allow you to use HTTP sessions when the user of your site has disabled cookies and it does this by appending ;jessionid=blah-blah-blah to end of your URLs prior to the query string (?blah=stuffjabber=yakka-yakka...). This is all in the servlet spec. However, you need to give the container the opportunity to do so and for this you need to use the encodeURL methods of HttpServletResponse. Think about your JSPs. Currently (presumably) you have links like the following: a href=some_link.jspSome link/a To enable session tracking without cookies, all you need to do is: a href=%= response.encodeURL(some_link.jsp) %Some link/a Likewise, whenever the logic of your page indicates that a redirect is required, instead of calling: response.sendRedirect(some_link.jsp); you call response.sendRedirect(response.encodeRedirectURL(some_link.jsp)); Check out the J2EE tutorial for examples: http://java.sun.com/j2ee/tutorial/1_3-fcs/doc/Servlets11.html#63281 Chris. - Original Message - From: Anson Zeall [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Wednesday, September 10, 2003 2:56 AM Subject: The function for response.encodeURLme still not sure Hi guys, I was asking about the login stuff before from previous emails and trying to avoid the use of cookies. Someone in the group asked me to try and use sessions ...using response.encodeURL and stuff. Can someone explain a bit more what that does, or is there a site that can explain to me about that? Thanks, Anson - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connetion between Tomcat MySQL
I'll assume that you're using Connector /J. Stick the file mysql-connector-java-x.y.zz-bin.jar (where x.y.zz is the version number) in Tomcat's common/lib directory. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Connetion between Tomcat MySQL
My apologies (and my tping error), the directory should be common/lib, not lib/common. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Connector/J or ODBC?
Amy, Always use a native JDBC driver if one is available: 1. The JDBC-ODBC bridge adds another layer of translation and redirection, slowing down your database operations. 2. The JDBC-ODBC bridge seems kinda flaky. I keep on getting errors staing that HRESULT is busy with another operation when I use the bridge. Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Implementing a Login procedure, but avoiding cookies/session
Magic? Actually, you could use URL-rewriting or hidden forms, but anybody using your page could change the value from 0 to 1 to fool your code into thinking they'd logged on. They could also do the same with a cookie if they reverse engineered your cookie data (which is not hard). Best to use the Session object as that's stored server side, and, conveniently, goes away when the user does. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Implementing a Login procedure, but avoiding cookies/session
Anson, If cookies are disabled, Tomcat uses URL rewriting to store the session ID. When you encode URLs you need to to use special methods to support this feature. These methods are defined in HttpServletResponse and are: String encodeURL(String url) String encodeRedirectURL(String url) So, instead of calling: response.sendRedirect(url); you should call: response.sendRedirect(response.encodeRedirectURL(url)); If the session ID is stored in a cookie, this call is a NOOP. Does this make sense? By the way, you may have noticed that some web sites have a mysterious ;jsessionid=BASE64-encoded-gobbledygook added to the URLs when you browse them (try www.postoffice.co.uk for an example). This is URL-rewriting in action. Importantly, the jsessionid value is opaque. Unless you'd managed to spy on another user's session, there is no useful change you could make to this value to enhance your privileges on the web site. The session IDs are long, random, unique strings used (presumably) as the key to a hashtable. Of course, there's nothing to stop you implementing a similar scheme yourself, but there's no need. Hope this is useful. Chris. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: What are the features of Tomcat ?
Antony, No unique features, I wouldn't think. Tomcat is the reference implementation of Sun's servlet and JSP specification, but there are other implementations around (such as Jetty, for example). Its support for the spec is very thorough, of course, and it also has full support for serving static files, SSI, CGI, etc. Also, it's embeddable in other web servers, such as Apache, IIS, etc. and can add servlet and JSP support to them. I don't know whether anybody has bothered to write the necessary glue for any other servlet containers so this may be a unique feature. Oh, and multiplatform support without compilation. By the way, did you get the job? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Development Tools
Try Eclipse or Netbeans. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Another question - validating user input in fields
You'll have to handle it yourself. You could do it server-side or client-side with Javascript and DHTML. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory
There's just been a similar question answered. The URL to your Active Directory appears to be wrong - after all I'm guessing that Active Directory is not running on your development system. Change the URL to: ldap://server.name:389/ou=migrated users... and you might have some success. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory
You won't get an intelligent response if you enter your LDAP URL into a web browser, but many email clients are LDAP-compatible (e.g. Outlook Express - add an LDAP link via the Tools\Accounts menu). Also, you can try an LDAP browser, such as the one at http://www.iit.edu/~gawojar/ldap. Another suggestion which you can try right now is to change the ldap to ldaps in the URL - port 636 is the SSL port for LDAP. - Original Message - From: Srofe, Douglas (c) [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 4:31 PM Subject: RE: Tomcat and Active Directory Thanks for your response. I have changed the url to the following: connectionURL=ldap://nmr001dundom01:636/ou=migrated users,ou=nmr,dc=enterprisenet,dc=org Our admin said to use port 636. However, I still get the same error saying it can't connect to localhost:389. As a test, should I be able to enter that url in the browser and get something meaningful? Thanks again. -Original Message- From: Christopher Williams [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 09, 2003 10:55 AM To: Tomcat Users List Subject: Re: Tomcat and Active Directory There's just been a similar question answered. The URL to your Active Directory appears to be wrong - after all I'm guessing that Active Directory is not running on your development system. Change the URL to: ldap://server.name:389/ou=migrated users... and you might have some success. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Development Tools
Having suggested Netbeans and Eclipse as possible development environments, I've been using Textpad and Ant for about six months since I failed to migrate JBuilder 6 to a new system (the license info got screwed up somehow). It works for me. The one thing I really miss is code completion, though... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk_nt_service
Have you installed it as a service (with the -I switch)? Services require special entries in the registry so that Windows recognizes them as such. Alternatively, you can get hold of the source code and either modify it to dump out debug information or debug it yourself. My guess is that for some reason, the ServiceMain function isn't getting found. - Original Message - From: Bland Clan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, November 09, 2003 10:29 AM Subject: jk_nt_service I am using Tomcat 3.3.2 running on Windows 2000 Server. When I start Tomcat from startup.bat, everything works fine. Yet, I want to run the server as a Service. I completed the setup instructions for jk_nt_service.exe (using Tomcat 3.3.2) exactly as described in http://jakarta.apache.org/tomcat/tomcat-3.3-doc/NT-Service-howto.html. However, the service fails (without a Windows error) to start either from command line (i.e., jk_nt_service -S Jakarta) or from the Windows Services manager window. Any ideas what the problem may be? thanks, -scott - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to use sendmail program (in Jakarta-Tomcat)
Does the sendmail program use SMTP (presumably it does, because it wouldn't be very useful otherwise)? If so, use the JavaMail API: import javax.mail.*; import javax.mail.internet.*; import java.util.Properties; String mailhost = ...; String from = ...; String to = ...; String subject = ...; String msgText = ...; Properties props = new Properties(); props.put(mail.host, mailhost); javax.mail.Session mailConnection = javax.mail.Session.getInstance(props, null); Message msg = new MimeMessage(mailConnection); msg.setContent(msgText, text/plain); msg.setFrom(new InternetAddress(from)); msg.setRecipient(new InternetAddress(to)); msg.setSubject(MimeUtility.encodeText(subject)); Transport.send(msg); Two files, mail.jar and activation.jar, need to be pathed in for this code to work. If this isn't suitable for you, I've written some code which you can use to talk to the SMTP server directly and will let you have if you get in touch directly. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Development Tools
I love cygwin! The ease of use of *nix, the stability of windows. This combination makes me think of Canadians who could have had British government, French culture and American know-how and instead got French government, British know-how and American culture. Apologies to all Canadians, BTW - that was a joke I read once. This thread could end up like that Monty Python sketch: Geek 1 - Well I don't use anything more sophisticated than Textpad and Ant. Geek 2 - Textpad and Ant? Lightweight! I use ed on a 1970s PDP-11. Geek 3 - PDP-11? Loser! I hand assemble bytecodes by flicking toggle switches on a MITS Altair. etc. etc. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to use classes from another webapp/context?
Let's say you have a web app and it's stored in my_app1.war. Then you have a second web app stored in my_app2.war and you want to use some really neat classes defined in my_app1.war. So you add my_app1.war to your second application's classpath and stick import com.me.my_stuff.really_neat_class in one of your source files. Your compiler will complain that it can't find really_neat_class because it does not have the path com/me/my_stuff, it's in WEB-INF/classes/com/me/my_stuff instead. Bummer. Unfortunately, you do need to move classes common to multiple web apps into library files. You don't have to put the library files into common\lib, however. You can put the JARs in WEB-INF/lib inside your WAR file. Never done it myself, but it's supposed to work. - Original Message - From: Ulrich Mayring [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 8:53 AM Subject: Re: How to use classes from another webapp/context? Christopher Williams wrote: Easiest method: Put JSPs in WAR and stick in webapps Put classes in JAR and stick in common\lib I'd rather use a more complicated method, if that would allow me to put my classes in WARs as well :) Ulrich - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and Active Directory
Is Active Directory running on your localhost? Presumably not, so you need to have ldap://host_name:port_no/ou=...;. - Original Message - From: Srofe, Douglas (c) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 7:38 PM Subject: Tomcat and Active Directory I am trying to use the JNDI realm to access our Active Directory. The server.xml entry I have is: Realm className=org.apache.catalina.realm.JNDIRealm debug=99 connectionURL=ldap://ou=migrated users,ou=nmr,dc=enterprisenet,dc=org userBase=cn=Users,dc=enterprisenet,dc=org userSearch=(userPrincipalName={0}) userRoleName=member roleBase=CN=Users,dc=enterprisenet.org,dc=org roleName=cn roleSearch=(member={0}) connectionName=CN=jndildap,CN=Users,DC=enterprisenet.org,DC=org connectionPassword=Umisvc01 roleSubtree=true userSubtree=true / When I start Tomcat I get Catalina.start: LifecycleException: Exception opening directory server connecti on: javax.naming.CommunicationException: localhost:389 [Root exception is java. net.ConnectException: Connection refused: connect] LifecycleException: Exception opening directory server connection: javax.namin g.CommunicationException: localhost:389 [Root exception is java.net.ConnectExcep tion: Connection refused: connect] Does anyone have any idea what may be wrong with this? Thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/Verisign Confusion
www.openssl.org is the website for OpenSSL. It's an open source implementation of SSL / TLS together with a tremendous amount of other stuff (such as X.509, S/MIME, every cryptographic algorithm you ever heard of). You can also use it to set up your own CA - it's not the easiest software to use as it takes a terrific number of command line switches, but it's probably more convenient than having to wait on Verisign and renew your certificates every couple of weeks. - Original Message - From: Adam Hardy [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Sunday, September 07, 2003 10:43 AM Subject: Re: SSL/Verisign Confusion Hi Dave, how much does it cost at Verisign, and how long is it valid for? And is this 'openssl' you mentioned a free alternative? Adam On 09/06/2003 03:21 PM Dave Wood wrote: FINALLY! I still don't know what I did wrong in the first place, but after starting over with VeriSign, all is well now. I thought I'd share the (simple!) steps I took to get SSL running using keytool/tomcat in case anyone else might find this useful: # keytool -genkey -alias tomcat -keyalg RSA [enter a password and all necessary information, then just enter at next password prompt] # cp ~/.keystore ~/.keystore-backup # keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr [enter same password] [give contents of certreq.csr to VeriSign and wait for response...] [NOTE: when asked to select my server software, I chose apache since they didn't have Tomcat in their list...I don't know if this matters, but it worked] # keytool -import -trustcacerts -file intermediate.crt -alias root [enter same password] [NOTE: intermediate.crt is the file found here: http://www.verisign.com/support/install/intermediate.html] # keytool -import trustcacerts -file public.crt -alias tomcat [enter same password] [where public.crt is the certificate sent from VeriSign after they complete their approval process] [finally, edit ...tomcat/conf/server.xml and enable the SSL connector section, adding keystorePass=[password] as an attribute to the Factory tag] Hope this helps. Thanks to all who provided suggestions along the way. Dave -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 11:40 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Well, after all this, I just discovered that VeriSign will basically let you start over if it's within 30 days (which it is). So, for now, I'm going down this path. Just talked to someone at V/S who said it would take just a couple hours. Oh, and I made a BACKUP of my new keystore file this time that now contains a single keyEntry with the alias tomcat. I try to avoid being stupid in the same way more than once! :) As for the programmatic approach, FWIW, I started down that path as well, but somehow I had no private key entry in the keystore (best I can tell). Still not sure how I got in that messed up state. Thanks, Dave -Original Message- From: Christopher Williams [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 9:43 AM To: Tomcat Users List Subject: Re: SSL/Verisign Confusion Have you thought of manipulating the keystore programmatically? Here's what you'd do: 1. Open your existing keystore 2. Find the entry with your private key and (presumably) a temporary self-signed certificate. 3. Open the certificate you got from Versign. 4. Change the certificate in your key entry to your Verisign certificate. 5. Save and close the keystore. OpenSSL doesn't understand most of the Java keystore formats, although it can manipulate PKCS#12 files which Keytool can handle. If you download the BouncyCastle crypto provider, then you can use keytool to write PKCS#12 files as well. Also, if the person who originally posted the question doesn't feel up to monkeying around with the Keystore classes, I have some code that I can adapt to stick your Verisign certificate in your keystore. Get in touch with me personally and I'll see what I can do. - Original Message - From: Jay Garala [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, September 05, 2003 3:36 PM Subject: RE: SSL/Verisign Confusion NOTE: You cannot export private key from keystore. -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:32 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks. With the exception of the openssl doc, I've been over these quite a bit. The result is the problem I've mentioned where keytool says it can't import my certificate because the alias already exists. After some help I got last night, I think the question boils down to this: * once I have extracted my private key from keytool (haven't done this yet
Using OpenSSL to set up your own CA
Tons of people seem to have wondered whether they can use OpenSSL to set up their own CA and server certificates. The answer is most certainly and for people who've never encountered it before, I'll tell you how. SETTING UP YOUR CA --- Step 1. Go to www.openssl.org and download the source code. Even Windows users need to build it, so you'll need access to a C compiler. You may be able to get hold of prebuilt binaries on the web and you can certainly get hold of the GNU C compiler or you can use Borland and Microsoft compilers. There are good build instructions included with the source distribution, so I won't go into build details. Step 2. Create directories to hold your CA keys, your server keys and, if you want to use SSL client authentication, your client keys. For the sake of argument let's assume that these directories are called ssl/ca, ssl/server and ssl/client. Step 3. Create a private key and certificate request for your own CA: openssl req -new -newkey rsa:1024 -nodes -out ssl/ca/ca.csr -keyout ssl/ca/ca.key Step 4. Create your CA's self-signed certificate (note lasts one year - increase the days setting to whatever you want): openssl x509 -trustout -signkey ssl/ca/ca.key -days 365 -req -in ssl/ca/ca.csr -out ssl/ca/ca.pem WINDOWS USERS:If you copy the ca.pem file to ca.crt and edit the file so that the strings TRUSTED CERTIFICATE read CERTIFICATE, you can import your CA certificate into your trusted root certificates store. Step 5. Import the CA certificate into the JDK certificate authorities keystore: keytool -import -keystore $JAVA_JOME/jre/lib/security/cacerts -file ssl/ca/ca.pem -alias my_ca Windows users need to replace $JAVA_HOME with %JAVA_HOME%. Step 6. Create a file to hold your CA's serial numbers. This file starts with the number 2: echo 02 ssl/ca/ca.srl SETTING UP YOUR WEB SERVER Step 7. Create a keystore for your web server. keytool -genkey -alias tomcat -keyalg RSA -keysize 1024 -keystore ssl/server/server.ks -storetype JKS Step 8. Create a certificate request for your web server. keytool -certreq -keyalg RSA -alias tomcat -file ssl/server/server.csr -keystore ssl/server/server.ks You need to edit the certificate request file slightly. Open it up in a text editor and amend the text which reads NEW CERTIFICATE REQUEST to CERTIFICATE REQUEST Step 9. Have your CA sign your certificate request: openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/server/server.csr -out ssl/server/server.crt -days 365 Step 10. Import your signed server certificate into your server keystore: keytool -import -alias tomcat -keystore ssl/server/server.ks -trustcacerts -file ssl/server/server.crt You should see a message Certificate reply was installed in keystore. Step 11. Import your CA certificate into your server keystore: keytool -import -alias my_ca -keystore ssl/server/server.ks -trustcacerts -file ssl/ca/ca.pem This step is only necessary if you wish to use SSL client authentication with Tomcat. Step 12. Set up an SSL connector for Tomcat. I assume that you know, or can find out, how to do this. Open up conf/server.xml in a text editor and search for the text keystoreFile. Ensure that the attribute value is the keystore you've created above. SETTING UP AN SSL CLIENT --- Step 13. Create a client certificate request: openssl req -new -newkey rsa:512 -nodes -out ssl/client/client1.req -keyout ssl/client/client1.key The common name of the client must match a user in Tomcat's user realm (e.g. an entry in conf/tomcat-users.xml). Step 14. Have your CA sign your client certificate. openssl x509 -CA ssl/ca/ca.pem -CAkey ssl/ca/ca.key -CAserial ssl/ca/ca.srl -req -in ssl/client/client1.req -out ssl/client/client1.pem -days 365 Step 15. Generate a PKCS12 file containing your server key and server certificate. openssl pkcs12 -export -clcerts -in ssl/client/client1.pem -inkey ssl/client/client1.key -out ssl/client/client1.p12 -name my_client_certificate Step 16. Import the PKCS12 file into your web browser to use as your client certificate and key. Repeat steps 13-16 as often as required. Step 17. Enable client certificate authentication in Tomcat. Open up conf/server.xml and search for the text clientAuth. Set the value of the attribute to true. I apologize in advance for any typing errors. Hopefully, it's all correct and you should all be able to get up to speed with OpenSSL. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Simple question about JSP page
Have you verified that the record IS getting added correctly to the DB? Have you hit the refresh button to check that your browser isn't displaying a stale page? If an old page is getting displayed you can turn off page cacheing by calling: response.setHeader(Pragma, no-cache); - Original Message - From: engp0510 [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, September 06, 2003 3:30 AM Subject: Simple question about JSP page Hi, Maybe it's a stupid question. Built jsps for addingsearching with MySQL. First listing all existing records in db and then adding a new one into database, then listing all records again. Now the list is the same as previous. How to solve it? THX - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
OT: Annoying autresponses to posts
Does anybody else have this problem: Whenever I make a post to this mailing list, I quickly get a reply from a mail server called [EMAIL PROTECTED], with the subject The email you authored contained a violation (either a virus or inappropriate content). The message body reckons that The internet domain violated the content filtering rule Blocked Domains 2. It is seriously annoying. If anybody reading this uses the quebecorworld.com mail server, will they please ask their mail admin to pass this mailing list. Presumably, however, they can't read anything, so is there any chance that the list admin can unsubscribe quebecorworld.com users? While I'm at it, another annoying autoresponse frequently posted to the mailing list is the Inquiry receieved one from [EMAIL PROTECTED] Their website says that Alset's HelpExpressTM Service enables its partners to send customers messages that are helpful, timely and relevant. Hmm, not in this case they aren't. Can anybody at Alset Support do something about this? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Memory leaks?
It's simple good practice to close objects that have close methods when you no longer need them (as you do with stream objects, for example). The spec says that ResultSet objects are closed when their Statement objects are closed and that Statement objects are closed when their Connection objects are closed. I personally like to keep hold of a Connection object for the lifetime of my application (or until it fails), because connecting to a database is an expensive operation. Also, if you use Connection pooling, Connection objects can be kept open for as long as your application server or whatever is running, so that unclosed Statements with their open ResultSets simply sit around hogging resources (and some of the resources that they hog, such as database cursors, are not lightweight). This is what I do for JDBC calls: // Assume a connection has been made Connection conn...; PreparedStatement ps = null; ResultSet rs = null; try { // Create a PreparedStatement and use it to open a ResultSet ... // Clean up rs.close(); } catch (SQLException e) { // Do something with the error } finally { try { if (null != ps) { ps.close(); } catch (SQLException e) {} } This guarantees that the objects are always closed (assuming, of course, that the close() operations succeed). The rs.close() is, in theory, unnecessary as the ps.close() call is supposed to close it implicitly, but my background is in C and I always tried to free anything that I'd malloced. It's a habit that's stuck. In short, ALWAYS CLOSE YOUR STATEMENT OBJECTS. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How to use classes from another webapp/context?
Easiest method: Put JSPs in WAR and stick in webapps Put classes in JAR and stick in common\lib - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL/Verisign Confusion
Have you thought of manipulating the keystore programmatically? Here's what you'd do: 1. Open your existing keystore 2. Find the entry with your private key and (presumably) a temporary self-signed certificate. 3. Open the certificate you got from Versign. 4. Change the certificate in your key entry to your Verisign certificate. 5. Save and close the keystore. OpenSSL doesn't understand most of the Java keystore formats, although it can manipulate PKCS#12 files which Keytool can handle. If you download the BouncyCastle crypto provider, then you can use keytool to write PKCS#12 files as well. Also, if the person who originally posted the question doesn't feel up to monkeying around with the Keystore classes, I have some code that I can adapt to stick your Verisign certificate in your keystore. Get in touch with me personally and I'll see what I can do. - Original Message - From: Jay Garala [EMAIL PROTECTED] To: 'Tomcat Users List' [EMAIL PROTECTED] Sent: Friday, September 05, 2003 3:36 PM Subject: RE: SSL/Verisign Confusion NOTE: You cannot export private key from keystore. -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 10:32 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks. With the exception of the openssl doc, I've been over these quite a bit. The result is the problem I've mentioned where keytool says it can't import my certificate because the alias already exists. After some help I got last night, I think the question boils down to this: * once I have extracted my private key from keytool (haven't done this yet), how do I take that key, the VeriSign intermediate certificate and my public key certificate and get them to play together. I'm hoping the openssl stuff will take care of this, because keytool doesn't really seem to recognize private keys as things that you can work with directly. Thanks again, Dave -Original Message- From: Jay Garala [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:12 AM To: 'Tomcat Users List' Subject: RE: SSL/Verisign Confusion Try the Java keytool help: http://java.sun.com/j2se/1.4.2/docs/tooldocs/windows/keytool.html Tomcat how-to: http://jakarta.apache.org/tomcat/tomcat-4.1-doc/ssl-howto.html If you have OpenSSL: http://forum.java.sun.com/thread.jsp?forum=2thread=4240 Jay -Original Message- From: Dave Wood [mailto:[EMAIL PROTECTED] Sent: Friday, September 05, 2003 1:04 AM To: Tomcat Users List Subject: RE: SSL/Verisign Confusion Thanks Bill. I think this highlights something I'm really not understanding... Didn't I generate an important private key somewhere along the line that I can't just regenerate if I blow away my keystore? I assumed the certificate I got back from verisign would only work if I still had the original private key I generated before sending them my request. Is that wrong? (I'll take a look at the link you sent...at first glance, it looks a little hard to follow, but hopefully not). Thanks again. Dave -Original Message- From: news [mailto:[EMAIL PROTECTED] Behalf Of Bill Barker Sent: Thursday, September 04, 2003 11:06 PM To: [EMAIL PROTECTED] Subject: Re: SSL/Verisign Confusion Firstly, it looks like you should wipe you keystore and start again. To use a VS cert with Tomcat, the two options I know are: 1) Follow the instructions at http://www.comu.de/docs/tomcat_ssl.htm. 2) Using openssl or otherwise, convert your cert+key to a pkcs12 file, and use that as your keystore (remember to set 'keystoreType=pkcs12' on the Factory in server.xml). Dave Wood [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] I'm having a problem getting an SSL certificate from Verisign working correctly. I'm going to include everything I can think of that MIGHT be a problem. Unfortunately, there are a couple things I can't quite remember for certain. Here's the situation: 1. I generated the initial key using an alias other than tomcat (we'll call it company) 2. I generated the CSR and sent it to verisign. I still have this file. 3. Verisign changed the company name during the verification process (from an acronym to the full spelling of the name) 4. I now have the certificate that they sent back after the validation process. 5. One thing I can't account for is why when I see this: $ keytool -list Keystore type: jks Keystore provider: SUN Your keystore contains 4 entries: (...others removed...) company, Fri Aug 22 08:47:04 MDT 2003, trustedCertEntry, Certificate fingerprint (MD5): 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:00 (the numbers aren't really 0's) ...I think I must have self-signed or something (I was doing a couple of these things and don't recall exactly), but I'm surprised to see trustedCertEntry here. The problem I'm having is this: $ keytool -import -trustcacerts -alias company -file public.crt Enter keystore password: xxx keytool error: java.lang.Exception:
Re: setting external classes in the classpath
I guess that about a hundred people will respond to this. Tomcat, for reasons better known to itself, ignores your classpath. The easiest solution is to put your JAR in the Tomcat common\lib directory. Alternatively, you can put them in WEB-INF\lib. Question to any Tomcat developers reading: why does Tomcat ignore the class path (and jre\lib\ext and all the other places that Java loads classes from). Having to stick JARs in multiple locations so that different Java programs can find them is a serious headache, not to mention a version-mismatch hazard. - Original Message - From: Pradeep Gummi [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Friday, September 05, 2003 6:30 PM Subject: Re:setting external classes in the classpath Hi all, I am tring to include external classes that are needed for my servlet class. I tried to modify classpath in setclasspath.bat file by set CLASSPATH=%JAVA_HOME% \lib\tools.jar;c:\mindbridge\classes\saclasses.jar I needed all the classes in the saclasses.jar file for my servlet. When i restart the tomcat server, it just shows a blank page with out showing the default page. Is this the right way of including classes? pradeep - Original Message - From: Pradeep Gummi [EMAIL PROTECTED] Date: Friday, September 5, 2003 8:28 am Subject: Re: How to use classes from another webapp/context? Hi Ulrich, I think you should get them working by placing the classes in the CATALINA_HOME/common/classes folder or the jars in the lib folder. This would share the classes in all web apps. There you would be giving the information of the catalina and system class loaders. grant codeBase file:${catalina.home}/common/- { permission java.security.AllPermission; }; I am not sure if this is what you want. Actually I am trying to use classes from outside catalina.home and am trying to figure out if that is practically possible. Please update me if you have any solutions thanks pradeep - Original Message - From: Ulrich Mayring [EMAIL PROTECTED] Date: Friday, September 5, 2003 4:19 am Subject: How to use classes from another webapp/context? Hello, I know that Tomcat has seperate classloaders for each webapp, but what I would like to do is have JSPs in one webapp and the classes they use in another. I tried enabling the crossContext feature for the relevant contexts, but that didn't work, the classes weren't found. Background: we have editors, who write and deploy JSP files, and programmers, who write and deploy classes used by JSP files. I would like to have the editors manage their webapps with the JSP files via the HTML manager and the programmers to do the same for their webapps. I know that I could put the classes under the shared directory, but then they would not be in a webapp anymore and thus management via the HTML manager would not work anymore. Tomcat would need to be restarted on every change. I could also have the programmers give JAR files to the editors and have the editors deploy them with their webapps, but then the classes would be duplicated across many webapps and also I don't want the editors handling JAR files. Is there any solution? Thanks in advance for any pointers, Ulrich - -- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --- -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: response.sendRedirect
Say you're accessing pages on localhost, so your URLs take the form http://localhost:8080/war-file/jsp-file then the servlet container root is http://localhost:8080/ and a redirect to /another-war-file/another.jsp would be a redirect to: http://localhost:8080/another-war-file/another.jsp In sendRedirect, I'm fairly sure that you simply use /cal/form/index.jsp. That sort of pattern always works for my webapps. - Original Message - From: Charlie Toohey [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 05, 2003 7:07 PM Subject: response.sendRedirect The Servlet API doc for the sendRedirect method states: If the location is relative with a leading '/' the container interprets it as relative to the servlet container root. I've looked thru the Servlet Spec and can not quite figure out what they mean by servlet container root ? Is this a typo and supposed to be servlet context root ? Or is there really such a thing as the servlet container root, and if so, what is it ? e.g. if my context path is /cal and I want to redirect to /cal/form/index.jsp, what would I use in sendRedirect ? (I know I could do a forward, but want to redirect in my situation) Thanks, Charlie - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Debugging outbound SSL communications?
You need to specify the keystore in conf\server.xml. I assume that you've set up the SSL connector. Do a search on the string keystoreFile and set the value to the correct keystore. - Original Message - From: Ert [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, September 05, 2003 5:10 PM Subject: Debugging outbound SSL communications? I'm using a poorly-supported external service that interacts over SSL. I can connect fine to their production environment, but their developer environment apparently uses a less-well-known certifying authority, and when I try to use it I am thwarted: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Could not find trusted certificate at com.sun.net.ssl.internal.ssl.SSLSocketImpl.d(DashoA6275) at com.sun.net.ssl.internal.ssl.AppInputStream.read(DashoA6275) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:406) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:446) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:180) at java.io.InputStreamReader.read(InputStreamReader.java:167) The vendor informs me that I merely need to add the appropriate key: The Equifax Key is not in Java by default. You need to add it. Example: 1) cd $JAVA_HOME/jre/lib/security/cacerts 2) copy the GeoTrust root from here: http://www.geotrust.com/resources/roots/ Equifax_Secure_Certificate_Authority.cer to the file geotrustroot.cer in this directory 3) Run this command: keytool -import -trustcacerts -alias geotrustroot -keystore cacerts -file geotrustroot.cer -storepass changeit I've imported this key to every keystore I can find or think of on my Mac OS X system (keytool's default one, /Library/Java/Home/lib/security/cacerts, ~/.keystore, ~root/.keystore) and I continue to get the same error. So now I'm trying to figure out if a default Tomcat 4.1.24 install uses its own keystore. If not I'm hoping to find some way I can figure out what key the SSL connection is being presented with, and what keystore it's attempting to find a matching key in. I don't know if I just have the wrong certificate, or if I've put it in the wrong place. Any thoughts from the gallery? - Ert - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setting the field focus with a servlet
Easily done, but needs Javascript. Do something like the following in your JSP: html head.../head body onload=setFormFocus(); ... form name=my_form... ... /form ... script language=JavaScript !-- function setFormFocus() { // Set the focus to the first empty input var eCount = this.my_form.elements.length; for (var i = 0; i eCount; i++) { var e = this.my_form.elements[i]; if ((e.type == text) || (e.type == password)) { if ((e.value == null) || (e.value == )) { e.focus(); break; } } } } -- /script /body /html This will set focus to the first empty field on your page's form. Award yourself bonus usability marks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JDBC, SQL Server 2000 and Tomcat Error
Have you tried using the native SQL Server driver from Microsoft? The JDBC-ODBC bridge is simply awful. You can the native driver from Microsoft: http://msdn.microsoft.com/library/default.asp?url=/downloads/list/sqlserver.asp - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache Tomcat Performance Handbook
The book was never published and Wrox have gone bust, I believe. - Original Message - From: Flat Juas [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 03, 2003 10:49 PM Subject: Apache Tomcat Performance Handbook Hi! I'm looking for the Apache Tomcat Performance Handbook, but in every shop I check it's out of print. There are no used copies in ebay neither. Where can I get a copy of this book (I don't mind if it's a used one) or buy a pdf version of it ? Can you recommend me other books about tomcat performance or guide me to online resources about this subject ? Thanks in advance __ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat+j2sdk+mysql-connecto+mysql
Try to isolate the problem. Check that you can get a Connection object by doing something like the following: String driver = ...; String url = ...; String userName = ...; String pw = ...; Connection conn = null; try { Class.forName(driver); conn = DriverManager.getConnection(url, userName, pw); } catch (Exception e) { e.printStackTrace(); } // Do something with conn... if (null != conn) { ... try { conn.close(); } catch (Exception e) {} conn = null; } This will enable you to isolate where your problem lies. If you can get a Connection object then your database and JDBC driver are set up correctly, you have the correct URL for the data source, you have a valid user name and password and the problem lies with the Wrox ConnectionPool class. Otherwise some element of your database setup is incorrect. Check that you are referencing the driver class correctly. When I need to talk to MySQL I use the Connector /J driver available from the MySQL web site: http://www.mysql.com/downloads/api-jdbc-stable.html The name of the driver is: com.mysql.jdbc.Driver Check that you have spelt it correctly. Assume that you are accessing a MySQL database called my_db on localhost. The URL to the datasource takes the form: jdbc:mysql://localhost:3306/im_audit If MySQL is not listening on port 3306, you will need to change the port value. I leave user name and password to you - you can always use root during development. Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: JAASRealm with Basic Authentication
Quoting from the recent 'Tomcat: The Definitive Guide' book: At the time of this writing, this realm (i.e. JAAS) implementation does not seem to work Possibly it still doesn't. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Sundararaman] [Help me]
I would strongly advise against using the Swing timer object. Try using a java.util.Timer object instead. I use this in a servlet to perform automatic daily backups and other automated tasks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat and MsSQL
Question: Are you certain that SQL Server is listening on port 1433? I've seen it using port 1141. Use the SQL Server network utility to check the TCP port. - Original Message - From: Frank von Daak [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, August 30, 2003 10:51 AM Subject: Tomcat and MsSQL Hi, maybe, someone of you can help me... I try to port a webapplication from asp to java... First, I have used Websphere for this and everything worked ok, but then I decided to use tomcat4 (both under debian-linux) My problem is the connection to a MSSQL-Database. As JDBC-Driver I'm using the Microsoft SQL Server 2000 Driver for JDBC, which has an official linux-support. And I cn say, that it is working very well with websphere... When I use the same jsp-files under tomcat, I get the following error, when trying to connect the sql-server: [Microsoft][SQLServer 2000 Driver for JDBC]Error establishing socket. I have copied the 3 files msbase.jar, mssqlserver.jar and msutil.jar to $CATALINA_HOME/common/lib and it seems, that tomcat can find them (as the error message says) Here is the code, that I use to connect to the database: -- %@ page language=java import=javax.sql.DataSource,java.sql.*% % Connection db_con; Statement db; try { Class.forName(com.microsoft.jdbc.sqlserver.SQLServerDriver); } catch (ClassNotFoundException e) { out.println(h1Der Datenbanktreiber konnte nicht gefunden werden: + e + e.getMessage() + /h1 ); } String con = jdbc:microsoft:sqlserver://192.168.0.199:1433;User=sa; Password=bla;DatabaseName=testdb; try { db_con = DriverManager.getConnection (con); } catch ( SQLException se ) { out.println(Exception...( + se.getMessage() + )br--); } % -- What do I have to do, to get it working with tomcat ? Thank you very much for your help !!! Greetings, Frank -- Name: Frank von Daak eMail: [EMAIL PROTECTED] Homepage: http://www.kpage.de eMail: [EMAIL PROTECTED] Homepage: http://www.linux-dev.de If Bill Gates had a nickel for every time Windows crashed... - oh wait, he does. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: how to make a scheduled event on tomcat
Use a java.util.Timer. Store the next scheduled event time in a Preferences object. If Tomcat isn't running when your event is due, run it on next startup. Then update the event time in Preferences. Chris Williams. - Original Message - From: Vladimer Shioshvili [EMAIL PROTECTED] To: Tomcat Users List [EMAIL PROTECTED] Sent: Tuesday, August 26, 2003 9:14 PM Subject: how to make a scheduled event on tomcat i would like to have a method that would run every-so-often (let's say two weeks). i am guessing listener could be an option.. is there a better solution to achieve this? thanks Vlad Vladimer Shioshvili QRC Division of Macro International Inc. 7315 Wisconsin Avenue, Suite 400W Bethesda, MD 20814 Phone: (301) 657 3077 ext. 155 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: request.getRemoteUser() only non-null on protected pages
Which type of authentication are you using. I find that SSL-Slient authentication causes getUserPrincipal() (or getRemoteUser()) to return null. I don't know why this is. BASIC or DIGEST authentication should work OK, though. If you describe your problem to me again, I may have some insights as I am currently working on something similar. Kind regards, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
SSL-CLIENT authentication causes getUserPrincipal() to return null. Any idea why?
My setup: JWSDP 1.2 Windows XP Pro JDK 1.4.2 I want to know who's accessing a certain web page after they've authenticated to Tomcat. No problem if I use BASIC authentication. However, when I use SSL-CLIENT authentication, calling getUserPrincipal() on the incoming Request object returns null, which is no use at all. Question: is this intended behaviour (it's pretty dumb if it is)? If not, how do I get information about the authenticated user? TIA, Chris Williams. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat Userdatabase
Try in conf/tomcat-users.xml. - Original Message - From: Sjoerd van Leent [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, August 20, 2003 8:58 PM Subject: RE: Tomcat Userdatabase I installed the last binary build on my system, however, I need access to the manager web application, but I don't know the username/password. Where can I find this, or what is this password in general? Sjoerd van Leent - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]