Re: tomcat and firefox ssl problem - no common encryption algorithms

[David Wall]

As I said, I have done this successfully before and I am baffled that it is not 
working fo me now.
 

Perhaps you need send your server.xml along so others can see what 
you've done.  It definitely works with Firefox and IE on 5.5.9


David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking in a context that contains JSP and servlets

[David Wall]

Mark wrote:


I want to create a webapp that will contain both servlets and JSP.  I
will be using a login page to authenticate users.  I will probably use
one of the Tomcat supported authentication modules.

I am wondering if it is possible for tomcat to properly manage session
information when going between servlet and JSP pages.
 

Of course.  After all, every JSP is compiled into a servlet.  Naturally, 
if the browser supports session cookies, all is very easy, but if they 
block such cookies, then you'll need to use URL rewriting for every 
reference to an URL within your web app so that the session id can be 
transmitted back.  Use response.encodeURL() and 
response.encodeRedirectURL() as necessary.


David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: AJP connector maxthreads problem

[David Wall]

1) We have only a moderately busy site with about 500 new visitors 
entering from outside every day, so it would have thought it would be 
fairly difficult for them to use up all the 75 connections at the same 
time, but I do have some programmes that create their own threads, 
though in a fairly limited way. In your expert view are 75 jk2 
connections sufficient for this kind of moderate use, or is it likely 
I've some kind of problem I've got to get to the bottom of?
I've been through my recent new applications, and there really is 
nothing that could have created this problem recently.



It sure sounds like something is not releasing the threads.  In low 
volume sites, having 75 concurrent requests would be high.  It sounds 
like they are not being properly released when done.




2) I've set connectionTimeout=2, which seems to be what everybody 
else was setting it to, can I reduce this without any problem? It 
seems quite long, 20 seconds, why hang on to connections for so long, 
or is there a lot of overhead in creating them?


I believe this value is how long Tomcat will wait to receive the actual 
HTTP requests after it establishes the connection.  So 20 seconds is 
more than adequate.  Making it too low may cause people are slower dial 
up or the like to get problems.




3) If I want to, can I increase my max connections to 125 without any 
qualms? - This would appear to be the simplest solution here.



That would certainly work, but if you are running out because threads 
are not being released, it just means you'll run out later than before.


Good luck,
David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5.5.9 TLD exception thrown

[David Wall]

I discovered the problem was that the TLD XML has also changed, so by 
getting rid of the DOCTYPE declaration and using the new taglib start, 
all was okay (it would have been nice to have a better error message to 
clue me in).


http://java.sun.com/xml/ns/j2ee";
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee/web-jsptaglibrary_2_0.xsd"; 


 version="2.0">

David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

TC 5.5.9 TLD exception thrown

[David Wall]

I am receiving the following TLD processing exception in Tomcat 5.5.9 
under JDK 1.5 (this application has worked well under TC 4).  I am using 
a security manager (via catalina.policy).  The TLD file parses just fine 
in Eclipse 3.1 and using XMLSpy, so I'm not sure why there's a problem.  
Is there any way to learn more about what is really going wrong here?  I 
cannot bring up any web pages until this is resolved.


I also found that TC 5.5.9 wouldn't start with the following added to 
the default grant in catalina.policy:


permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.catalina";
permission java.lang.RuntimePermission 
"accessClassInPackage.org.apache.catalina.*";permission 
java.lang.RuntimePermission 
"accessClassInPackage.org.apache.jasper.compiler";


Thanks,
David

Here's the TLD exception I am seeing...

From catalina.out and catalina.2005-08-08.log

Aug 8, 2005 5:36:34 PM org.apache.catalina.core.StandardContext processTlds
SEVERE: Error reading tld listeners javax.servlet.ServletException: 
Exception processing TLD at resource path /WEB-INF/yozons.tld in context 
/ssd
javax.servlet.ServletException: Exception processing TLD at resource 
path /WEB-INF/yozons.tld in context /ssd
   at 
org.apache.catalina.startup.TldConfig.tldScanTld(TldConfig.java:547)

   at org.apache.catalina.startup.TldConfig.execute(TldConfig.java:300)
   at 
org.apache.catalina.core.StandardContext.processTlds(StandardContext.java:4193)
   at 
org.apache.catalina.core.StandardContext.start(StandardContext.java:4049)
   at 
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:759)
   at 
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:121)
   at 
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.java:143)

   at java.security.AccessController.doPrivileged(Native Method)
   at 
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:737)
   at 
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
   at 
org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:589)
   at 
org.apache.catalina.startup.HostConfig.deployDescriptors(HostConfig.java:536)
   at 
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:471)
   at 
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1102)
   at 
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
   at 
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
   at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1020)
   at 
org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
   at 
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
   at 
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
   at 
org.apache.catalina.core.StandardService.start(StandardService.java:450)
   at 
org.apache.catalina.core.StandardServer.start(StandardServer.java:683)

   at org.apache.catalina.startup.Catalina.start(Catalina.java:537)
   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
   at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
   at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

   at java.lang.reflect.Method.invoke(Method.java:585)
   at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:271)
   at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:409)


From localhost.2005-08-08.log:

org.apache.jasper.JasperException: Unable to initialize 
TldLocationsCache: XML parsing error on file /WEB-INF/yozons.tld
   at 
org.apache.jasper.compiler.TldLocationsCache.init(TldLocationsCache.java:252)
   at 
org.apache.jasper.compiler.TldLocationsCache.getLocation(TldLocationsCache.java:223)
   at 
org.apache.jasper.JspCompilationContext.getTldLocation(JspCompilationContext.java:519)
   at 
org.apache.jasper.compiler.Parser.parseTaglibDirective(Parser.java:417)

   at org.apache.jasper.compiler.Parser.parseDirective(Parser.java:483)
   at org.apache.jasper.compiler.Parser.parseElements(Parser.java:1543)
   at org.apache.jasper.compiler.Parser.parse(Parser.java:126)
   at 
org.apache.jasper.compiler.ParserController.doParse(ParserController.java:211)
   at 
org.apache.jasper.compiler.ParserController.parse(ParserController.java:100)
   at 
org.apache.jasper.compiler.Compiler.generateJava(Compiler.java:146)

   at org.apache.jasper.compiler.Compiler.compile(Compiler.java:286)
   at org.apache.jasper.compiler.Compiler.compile(Compiler.java:267)
   at org.apache.jasper.compiler.Compiler.compile(Compiler.java:255)
   at 
org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:556)
   at 
org.apache.jasper.servlet.JspServletWrapper.service(J

mod_rewrite for Tomcat 5.5

[David Wall]

Can anybody recommend anything like mod_rewrite for Tomcat 5.5?  I know 
the FAQ says something about "why reinvent the wheel," but in this case, 
it's because we want to get rid of Apache just because we need one small 
feature.  I've got an application that now only needs Apache httpd for 
some mod_rewrites, especially for converting short URLs to longer ones, 
such as:


https://host.com/app/a?c=ehtU3vN9JWia6&m=borrower

gets rewritten to:

https://host.com/app/customer/SomeBigCustomer/loanApplicationToSign.jsp?c=ehtU3vN9JWia6&m=borrower

With mod_rewrite, this is something like:

RewriteRule ^/app/a(.*)$  
https://host.com/app/customer/SomeBigCustomer/loanApplicationToSign.jsp$1 
[R,L]


In practice, I don't even need the full power of mod_rewrite to rewrite 
the domain part, so it would be okay just to map


/app/a?c=ehtU3vN9JWia6&m=borrower

to

/app/customer/SomeBigCustomer/loanApplicationToSign.jsp?c=ehtU3vN9JWia6&m=borrower

and keep the "https://host.com"; part the same.  I won't be redirecting 
to another server (at least not initially).


Thanks,
David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Out of memory

[David Wall]

This is no doubt a java-related question, but it seems that with virtual 
memory, my JVM should never run out of memory (aside from a nasty bug 
and lack of swap disk space).  Is there a way to allow my web 
application to have as much memory as the OS will give it, yet not have 
the JVM attempt to consume all that space before the GC reclaims the 
space?  I'd like the JVM to start with 64M, max out around 1GB in terms 
of "holding the memory," yet allow it to use more memory when it needs 
it, and then have it attempt to release that memory so as not to cause 
swapping once the high memory need has disappeared.


Can this be done?

Thanks,
David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JSP-specific newsgroups/mailing list

[David Wall]

Can anybody recommend a good JSP/servlet newsgroups or mailing lists for 
questions.  Obviously, this list is directed towards Tomcat in 
particular, but while I'm using Tomcat, I'm trying to get an answer 
regarding some a way in JSP to allow a page developer to create his own 
bean that can be passed between JSP pages (such as by putting the object 
in the session or request object).


Thanks,
David

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: JSP too big to compile?

[David Wall]

The jsp:include is coming very close for us, but we're doing some tricks 
on these JSP pages that are causing us a problem with this approach. 

In the main JSP, we are creating a class inside that has the data 
elements for that page as well as a bunch of custom routines that act on 
the bean data.  In this case, we use a construct like:


<%!
public class BeanData
{
   public String field1;
   public String field2;
   public void method1()
   {  }
}

void doSomething(BeanData bean)
{}
%>

This has worked well.  Normally, we'd create a regular bean and use 
jsp:useBean to access it, but we did this so we could just upload the 
JSP and the bean would go together for ease of update without 
restarting, etc.  These JSP pages are bit "special" in that they are 
customer-defined pages that need to be changeable without having to 
upload a new JAR/WAR/.class file and have the application reload. 

Of course, a jsp:include page cannot access the BeanData defined in the 
other page because the BeanData class is nested inside the servlet class 
created from the JSP (even if we pass it as a parameter, the receiving 
end will get a security access exception).


First, is there a better way for a JSP to define a class that could be 
accessed outside of it rather than using the <%! %> mechanism to declare 
the code?  If not, are there any thoughts on how to pass such a private 
bean instance to the jsp:include page so it can also use it?


Thanks,
David



Pascal Gehl wrote:


It's a global java limitation.
You'are limited to around 10 000 lines of code in a try catch block.

Try to use dynamic includes instead of static includes. 



Pascal Gehl

-Original Message-
From: David Wall [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 03, 2005 16:31

To: tomcat-user@jakarta.apache.org
Subject: JSP too big to compile?

We have a web page that contains many business documents laid out one after
the other so a user can just click print and have all of them print together
(with a stylesheet that starts each contract on its own printed page). 


But we seem to be having an error that the generated servlet code is too big
because of service method's try block is too long.

Is there anything I can tweak to allow this to be bigger for the java
compiler, or is this just a limit of Java in general?

Thanks,
David


Generated servlet error:
   [javac] Compiling 1 source file
   [javac]
/home/tomcat/jakarta-tomcat-4.1.30/work/Standalone/localhost/app/application
_jsp.java:8946: 
compiler message file broken: 
key=compiler.err.compiler.err.limit.code.too.large.for.try.stmt

arguments=null, null, null, null, null, null, null
   [javac] } catch (Throwable t) {
   [javac]   ^
   [javac]
/home/tomcat/jakarta-tomcat-4.1.30/work/Standalone/localhost/app/application
_jsp.java:1118: 
compiler message file broken: 
key=compiler.err.compiler.err.limit.code.too.large.for.try.stmt

arguments=null, null, null, null, null, null, null
   [javac] try {
   [javac] ^

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

 



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JSP too big to compile?

[David Wall]

We have a web page that contains many business documents laid out one 
after the other so a user can just click print and have all of them 
print together (with a stylesheet that starts each contract on its own 
printed page). 

But we seem to be having an error that the generated servlet code is too 
big because of service method's try block is too long.


Is there anything I can tweak to allow this to be bigger for the java 
compiler, or is this just a limit of Java in general?


Thanks,
David


Generated servlet error:
   [javac] Compiling 1 source file
   [javac] 
/home/tomcat/jakarta-tomcat-4.1.30/work/Standalone/localhost/app/application_jsp.java:8946: 
compiler message file broken: 
key=compiler.err.compiler.err.limit.code.too.large.for.try.stmt 
arguments=null, null, null, null, null, null, null

   [javac] } catch (Throwable t) {
   [javac]   ^
   [javac] 
/home/tomcat/jakarta-tomcat-4.1.30/work/Standalone/localhost/app/application_jsp.java:1118: 
compiler message file broken: 
key=compiler.err.compiler.err.limit.code.too.large.for.try.stmt 
arguments=null, null, null, null, null, null, null

   [javac] try {
   [javac] ^

Re: 404 redirection question

[David Wall]

Fritz,
Well, that's a hyperlink to the image, not embedded.  In the case below, 
the image is not embedded in the HTML but is simply a link to the image 
that requires an HTTP(S) GET to retrieve.  With a relative URL like you 
used, it just constructs the complete URL by appending the current 
page's URL to the front, so "images/xxx.jpg" becomes something like 
"http(s)://www.host.com/app/images/xxx.jpg" assuming the HTML is located 
at http(s)://www.host.com/app.

David
Fritz Schneider wrote:
By having a page that is essentially:

 


Fritz Schneider wrote:
 

If you have hyperlinks
to images, as opposed to HTML pages with images embedded,
   

How would you embed images inside the HTML rather than using hyperlinks 
to the image?

David
 

Re: 404 redirection question

[David Wall]

Fritz Schneider wrote:
If you have hyperlinks
to images, as opposed to HTML pages with images embedded,
How would you embed images inside the HTML rather than using hyperlinks 
to the image?

David
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL on multiple IP addreses?

[David Wall]

That's very cool.   Didn't even know it was possible. 

I hope the original question has been answered in terms of creating 
multiple SSL connectors and having each point to a different keystore, 
since each keystore will hold the cert for each domain name.

Trung Nguyen wrote:
You can configure multiple IP adresses on a single NIC and add new IP/domain 
name to the server.xml
To configure multiple IP address on a single NIC on Linux (RHEL):
1.  cd /etc/sysconfig/network-scripts
2.  Make a copy of ifcfg-eth0 to ifcfg-eth0:0
3.  Edit ifcfg-eth0:0 and change DEVICE to eth0:0 and change the IPADDR to new 
IP
You can do this as many as you want by increase the last number by 1.
Hope this help.
Trung
 

 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSL on multiple IP addreses?

[David Wall]

How will you configure multiple IP addresses on a single NIC?  Normally, 
you have one NIC per IP address.  You will need to use two keystores for 
each system, and configure the keystores as you normally would under the 
SSL connector.  I'm not sure how to configure the CoyoteConnector so 
that it will listen on a particular IP address, but the docs no doubt 
explain how.

Good luck...
Paul Singleton wrote:
I'm trying to set up several SSL-enabled virtual hosts
under Tomcat 5.5.9 (Linux), each on a different IP address
(all via the same NIC).
I think I need a separate certificate (self-signed is OK)
for each, but cannot see how to associate them...
Do I have to create separate keystores? or is there a
neater way?
Paul Singleton
Jambusters Ltd

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Compressing file uploads with TC 4.1

[David Wall]

There was no response on this before, so I thought I'd check again.  Does 
anbody know if turning compression on in the Coyote HTTP connector will use 
the standard browser/http protocol for submitting data from the browser (for 
file uploads in particular) using gzip?

Thanks,
David
- Original Message - 
From: "David Wall" <[EMAIL PROTECTED]>
To: 
Sent: Tuesday, March 29, 2005 4:29 PM
Subject: Compressing file uploads with TC 4.1


As I undertand it, some browsers (which ones?) support GZIP compression. 
I'm not sure if the HTTP response needs to include anything to tell the 
browser that the server supports it or not.  Does anybody know if Tomcat 
will provide the right headers for that?

I read in the Coyote HTTP connector that I can set "compression=on".  Does 
that use the browser/http protocol for negotiating whether that's allowed 
or not?  Certainly, if the modern browsers support GZIP, that would be 
valuable for file uploads and the like, but we wouldn't want it to try to 
use compression if the browser didn't support it.

Is this the way to go or do I need to do something else?

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Compressing file uploads with TC 4.1

[David Wall]

As I undertand it, some browsers (which ones?) support GZIP compression. 
I'm not sure if the HTTP response needs to include anything to tell the 
browser that the server supports it or not.  Does anybody know if Tomcat 
will provide the right headers for that?

I read in the Coyote HTTP connector that I can set "compression=on".  Does 
that use the browser/http protocol for negotiating whether that's allowed or 
not?  Certainly, if the modern browsers support GZIP, that would be valuable 
for file uploads and the like, but we wouldn't want it to try to use 
compression if the browser didn't support it.

Is this the way to go or do I need to do something else?
Thanks,
David 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat 4.1 and auto-redirect/URL rewrite

[David Wall]

I have a page in a tomcat 4.1 webapp that has a rather lengthy path name, 
but I'd like to be able to email a much shorter link to avoid long links 
being broken across lines by some older email clients.

With Apache HTTPD's rewrite module, this could be accomplished.  Is there 
something similar in TC?  I'd like to map something like:

https://www.myhost.com/app/pickup?c=12345678901234567890
to
https://www.myhost.com/app/custom/customerName/applicationName/welcome.jsp?c=12345678901234567890
I know I could create a servlet that does an auto-redirect, but I'm looking 
to see if TC has anything that more directly will rewrite the URLs.

Thanks,
David 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: HTMLArea v. fckeditor

[David Wall]

> See http://www.fckeditor.net/ 

Aside from the odd name (we do have to give credit after all!), that does look 
like a nice one.  Has anybody used it enough to know how stable it is?  I noted 
that it's on 2.0, which is good, but it's not considered final.  I like that it 
appears to be a bit more active than HTMLArea.  

David

Re: HTMLArea and SpellCheck plugin

[David Wall]

Anybody successfully implemented a tomcat webapp that uses the HTMLArea
editor and the SpellChecker plugin (both free from Interactive Tools and
Dynarch) ?
What do people think about HTMLArea?  It seems one of the only free HTML 
textarea type widgets out there.  I think the latest has greater support 
than just IE, which is critical in a public web site.

David 

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: CSR in Tomcat 5.0

[David Wall]

It's not anything with Tomcat, but with JDK.

First ensure you've created the keys:

keytool -genkey -keyalg RSA -alias tomcat -keystore yourkeystorefilename

(You typically need to answer the questions, start with the web server name,
like www.host.com, and fully spell out the city, state, etc..  The password
and keystore file name you use will be configured into Tomcat.)

To generate the CSR:

keytool -certreq -alias tomcat -keyalg RSA -file certreq.csr -keystore
yourkeystorefilename

Then to import (assuming PKCS#7 encoded):

keytool -import -alias tomcat -trustcacerts -file
certfilegiventoyoubyCA -keystore yourkeystorefilename

Good luck,
David

- Original Message - 
From: "Richard Panek" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Friday, December 17, 2004 9:30 AM
Subject: RE: CSR in Tomcat 5.0


> Ben,
>
> The command line doesn't work and will not create the CSR.  What was the
> command line you used?
>
> Rich
>
> -Original Message-
> From: Ben Souther [mailto:[EMAIL PROTECTED]
> Sent: Friday, December 17, 2004 11:08 AM
> To: Tomcat Users List
> Subject: Re: CSR in Tomcat 5.0
>
> I've used the -keyalg with -certreq.
>
>
> On Fri, 2004-12-17 at 10:23, Richard Panek wrote:
> > Anyone have any idea how to properly create a CSR in Tomcat 5.0 to
> > submit to Verisign?
> >
> >
> >
> >
> >
> > The command line is:
> >
> >
> >
> > Keytool -certreq -keyalg RSA -alias tomcat -file certreq.csr \
> -keystore
> > 
> >
> >
> >
> > The problem is that the -keyalg switch does not exist with the syntax
> > for the -certreq switch.  I can create the CSR file without the
> -keyalg
> > switch.  What affect will this have when submitting this to the CA?
> > What encryption level?
> >
> >
> >
> >
> >
> > Richard Panek
> >
> > [EMAIL PROTECTED]
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

OFF TOPIC: Merging data into a PDF form

[David Wall]

I have an existing PDF form (actually lots of them) and my webapp is
querying a user for the "missing data" on the HTML form.  I'd like to merge
the POST data into the PDF document and end up with a new filled out PDF
document.  Has anybody done this or can point to tools that will help?

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Problem displaying PDF in IE6 from Tomcat using the ActiveX R eader Plug-in

[David Wall]

Have you tried using links like the following:

http://yourhost.com/webappcontext/download.jsp/Germany.pdf

The idea is that tomcat will find the JSP download.jsp and execute it, and
since the link ends with the file name, some browsers will better detect the
pdf reader launch.

If you need some params passed in, your link would look like:

http://yourhost.com/webappcontext/download.jsp/Germany.pdf?abc=xyz&xyz=abc

I don't know if your headers have a typo in your email or in production, but
you have an invalid Content-Disposition header (misspelled "attachment" as
"attachement") which would be a problem, too.

David

- Original Message - 
From: "Aman Raheja" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, November 18, 2004 8:47 AM
Subject: Re: Problem displaying PDF in IE6 from Tomcat using the ActiveX R
eader Plug-in


> Some more info to respond to the earlier responses
>
> 1) We're seeing more evidence this is a problem with Reader 6.0.1 (or
> the 6.0.2 patch).  We have a PC with Reader 6.0.0 that works Ok, as well
> as a PC with 5.0.  Our company has done a mass upgrade to Reader 6.0.1
> and IE 6.0.2, so these PCs are not the norm.
> 2) No SSL is being used at this point (but it will eventually).
> 3) No compression (that I know of -- unless Tomcat is doing it for us).
> 4) Our JSP is supposed to be a generic file downloader, handling Word,
> Excel, PDF, etc.   Hence the URL ends in ".jsp" vs. the real file
> extension.
> 5) Here's a typical response we're getting in IE:
>
> HTTP/1.0 200 OK
> Date: Wed, 17 Nov 2004 20:33:26 GMT
> Server: Apache Tomcat/4.0.6 (HTTP/1.1 Connector)
> Content-Type: application/pdf;charset=ISO-8859-1
> Content-Length: 156483
> Content-disposition: attachement; filename="Germany.pdf"
> expires: Thu, 01 Jan 1970 00:00:00 GMT
> Connection: close
>
>
> Thanks,
> Aman Raheja
>
>
>
> Phillip Qin wrote:
>
> >Where do you generate the pdf? In servlet? The link has to be end with
.pdf
> >(but before any query string) in order for acrobat reader active-x to
kick
> >in.
> >
> >-Original Message-
> >From: Aman Raheja [mailto:[EMAIL PROTECTED]
> >Sent: November 16, 2004 9:27 AM
> >To: Tomcat Users List
> >Subject: Re: Problem displaying PDF in IE6 from Tomcat using the ActiveX
R
> >eader Plug-in
> >
> >
> >We did set the Security level to low on IE.
> >More suggestions?
> >Thanks
> >Aman Raheja
> >
> >Phillip Qin wrote:
> >
> >
> >
> >>There are security and privacy settings in IE affect PDF generation.
> >>BTW, ensurethe link before query string ends with .pdf
> >>
> >>-Original Message-
> >>From: Aman Raheja [mailto:[EMAIL PROTECTED]
> >>Sent: November 15, 2004 1:40 PM
> >>To: [EMAIL PROTECTED]
> >>Subject: Problem displaying PDF in IE6 from Tomcat using the ActiveX
Reader
> >>Plug-in
> >>
> >>
> >>Problem:
> >>
> >>When we try to display a dynamically generated PDF file, IE launches
> >>the
> >>Adobe Acrobat Reader Plugin, but then just a blank page is displayed and
> >>the IE status says "Done".  No error message is displayed.  No error is
> >>generated in the System Event logs.
> >>
> >>The issue seems to be that every request to request to Tomcat for the
> >>PDF send back the request with "charset=ISO-8859-1" in the
> >>"Content-type" Header. We want to figure out a way to verify that this
> >>is the issue. One way might be to somehow get Tomcat to not append the
> >>Character Set in the header. Is there a way to do this?
> >>
> >>Environment:
> >>
> >>- Client: Windows XP or Windows 2000
> >>- Server: Tomcat 4.0.6/JDK 1.3.1 running on Solaris and Windows XP
> >>(problem exists on both)
> >>- Adobe Reader 6.0.1 (occurs with 6.0.2 patch as well)
> >>- IE 6.0.2800
> >>
> >>
> >>Additional Information:
> >>
> >>1) Our URLs are formed like this:
> >>
> >>http://app.ourserver.com/appname/docViewAGN.jsp?RepoType=C&ID=18698&Doc
> >>Name=
> >>Germany&entry=&DocType=pdf&category=Research
> >>
> >>2) Our app is issuing GETs, not POSTs.
> >>
> >>3) This is happening on multiple PCs.  One thing we noticed is this may
> >>be somewhat Reader version dependent -- we have a few machines left with
> >>Reader 5 installed, and they do not seem to have the problem.
> >>
> >>4) When the problem occurs, if you then launch Reader manually, the
> >>document that didn't display in the IE window is automatically displayed
> >>in the full client Reader app.!!!
> >>
> >>5) If we set Reader to not open up PDFs in browser windows, the Reader
> >>window launches and opens the PDF file just fine.   [This is a client
> >>solution, and not practical to implement across hundreds of PCs
> >>unfortunately.]
> >>
> >>6) We actually have one PC with Windows XP, Reader 6.0.1, and IE 6.0.2
> >>that works.  Could this problem be caused by some specific Windows or IE
> >>patch?
> >>
> >>7) We've scoured the forums and tried several things including setting
> >>all security levels to Low in IE, adding a dummy parm at the end of the
> >>URL to fool IE into launching the 

Re: Content-disposition for file downlaod with Mozilla/Firefox

[David Wall]

Most interesting!  I've given it a shot (just putting quotes around the
filename) and it does seem to fix things for all the browsers I test with
(Mozilla 1.7, Firefox 1.0, Netscape 7.1, IE 6 and Opera 7.11).

I was worried it was a browser thing, but it does appear to be something I
can fix in my servlet.  It is interesting that so many browsers have "fixed"
broken standards to make things appear to work that you get fat on such
simple errors.  After all, it was surprising that Netscape 7.1 worked fine
since it's Mozilla based, and because it worked with IE and Opera, too, it
surely seemed to be a Mozilla bug.

So I now use something like:

Content-Disposition: attachment;filename="Some Agreement 2004-11-15.doc"

Thanks again,
David

- Original Message - 
From: "Tim Funk" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, November 15, 2004 3:54 PM
Subject: Re: Content-disposition for file downlaod with Mozilla/Firefox


> Its not a bug.
>
> https://bugzilla.mozilla.org/show_bug.cgi?id=221028
>
> -Tim
>
> David Wall wrote:
> > The following are headers we send out for a given file that is being
> > downloaded:
> >
> > Content-Length: 28160
> > Content-Disposition: attachment;filename=Some Agreement 2004-11-15.doc
> > Content-Type: application/octet-stream
> >
> > I believe this used to work fine with Mozilla in an earlier version.
I'm
> > running Mozilla 1.7.3 and Firefox 1.0, but it doesn't work on them.   It
> > works just fine on Opera 7.11, IE 6, and Netscape 7.1.
> >
> > On Mozilla/Firefox, it is stopping at the space in the header, so it
thinks
> > the filename is just "Some" rather "Some Agreement 2004-11-15.doc".  My
> > impression is that HTTP headers are allowed to contain spaces and it's
only
> > a newline that should end the value of a header.  Is this something I
need
> > to concern myself with from the web application side, or is this just a
bug
> > with Mozilla/Firefox?
> >
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Content-disposition for file downlaod with Mozilla/Firefox

[David Wall]

The following are headers we send out for a given file that is being
downloaded:

Content-Length: 28160
content-disposition: attachment;filename=Some Agreement 2004-11-15.doc
Content-Type: application/octet-stream

I believe this used to work fine with Mozilla in an earlier version.  I'm
running Mozilla 1.7.3 and Firefox 1.0, but it doesn't work on them.   It
works just fine on Opera 7.11, IE 6, and Netscape 7.1.

On Mozilla/Firefox, it is stopping at the space in the header, so it thinks
the filename is just "Some" rather "Some Agreement 2004-11-15.doc".  My
impression is that HTTP headers are allowed to contain spaces and it's only
a newline that should end the value of a header.  Is this something I need
to concern myself with from the web application side, or is this just a bug
with Mozilla/Firefox?

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Response and file downloads

[David Wall]

> You should be aware that IFrames are an IE-only thing.  Won't work on
> any other browser AFAIK.

Is that true?  My impression is that iframes work on Mozilla, too.  Anyway,
I think you can accomplish the same thing as an IFRAME using an OBJECT tag,
so that may be another way to return a page that instructs the client to
automatically issue the GET to download the file when the page is returned.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Response and file downloads

[David Wall]

> I know there is only a single response, thats why I want to create a new
one :)

Then you need to have the client create another request.

> How do other sites generate files on the fly (take it out of a database,
or a report just run), on form submit, and send them down the line and not
run into this problem?

Which other sites?  Can you point to one that we'd all be able to see?
Often with a sample site, it's easier to tell you how they did it.

I've seen some sites that simply return a "thank you" or other updated page.
It often contains a link to the download, with a message that says a
download should trigger automatically within a few seconds.  In this
scenario, I believe they are returning a page with a link that would cause
the file to be downloaded (so the user could click it if the download didn't
start) along with an HTML HEAD refresh tag like: 

Such a refresh tag will cause the browser to wait a second (in this case 1
second because 1 is before the semicolon) and then issue a GET on the URL
provided.  Since the URL is for a file download, it appears that you've both
triggered a download AND returned a page, but in fact, you just returned a
page, and that page triggered the auto-GET that triggers the download.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> In my case it looks like I do have encode all URLs: firewall problem
> with stripping out sessionId left me with no choice ;) Is it right
> way of doing it?

ACK!  There's a firewall that's stripping out session ids from URLs but will
let cookies through?  There's a security no-brainer in charge...   Or
maybe it's just an Microsoft bigot in control, though "security no-brainer"
may still apply...  (Sorry -- sort of -- for my poor taste in jokes.)

I can't answer about "right way" since firewalls that block standard web
access will tend to cause standard web applications to no longer work.
That's like blocking port 80 and 443 and then saying that is it "right" to
make your web site work on port 8080.  It's the firewall that's messed up,
not your application.  Unfortunately, you may have to work with it
regardless of the poor decision of the firewall owner.

Certainly, if you want, you can use the redirect scheme to detect if the
cookie is there.  In fact, you can even just check if the session can be
maintained through the redirects since Tomcat will fall back to cookies if
it can for its session id.  And in the end, if your session works either
way, then you don't have to force people to use session cookies.  But people
who want to use ANY authenticated web application will have to allow session
cookeis or URL session ids because it's the way web applications handle
state management.  Good luck!

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> But that's details, the main point I made still holds, and that's that
> the Servlet Spec mandates Tomcat's behavior in this area.

Absolutely, Yoav!  I certainly didn't mean to imply anything negative about
your response, only that the original inquiry could be handled/checked by
his application fairly easily, even if the servlet spec doesn't allow it to
be enforced through configuration.  Besides, when using servlets, it's
really not much work to encode urls for those users who don't support
cookies, and then you can handle a wider range of clients as you accurately
pointed out.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: session tracking enforcement

[David Wall]

> >Is there any way to enforce a session cookie (JSESSIONID)to be send
> >to the client (browser) from servlet.
>
> No, because the Servlet Spec says Servlet Container must work even on
> clients that don't support cookies (or have cookies turned off, which is
> becoming a more and more common use-case).

Session cookies (those that don't persist) are becoming quite common
actually because even small devices are able to keep that bit of session
state quite easily.  Also, device makers want their devices to work on the
widest variety of systems, and session cookies are used just about
everywhere, whereas URL rewriting is less common.  Nost web users allow
cookies, and fewer still restrict session cookies that comes from the
primary site (as opposed to one generated by those advertising goofs).

While the container may not support this enforcement, you could at least
warn users using a series of redirects.

1) On first load, if no session cookie exists (or your own session-oriented
cookie if you like), add the cookie and redirect to a cookie checker page.

2) If the cookie checker page does not detect the cookie, then it can
display a warning/error to the user telling them that session cookies are
required to use your site. If it finds the cookie, then it can redirect
either back to the main page or to whatever page you want them to go to next
since you know they have the cookie.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Fw: Internet Explorer Bug under SSL Connection

[David Wall]

Our web site is entirely SSL.  Most users have IE.  Our application is used
to securely transfer and digitally sign attached files that must be
downloaded.  Yet, we've never seen this problem.  Who is putting in the
"Pragma" header in the response in the first place that you have to change
it this way?  And why does the Pragma setting have the negative effect
described?

Thanks,
David

- Original Message - 
From: "Jon Wingfield" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Friday, October 15, 2004 9:57 AM
Subject: Re: Internet Explorer Bug under SSL Connection


> Yep. This comes up every so often on the list.
>
> Whenever IE downloads content we change the Pragma response header to be
> public instead of no-cache:
>
> String userAgent = request.getHeader("user-agent");
> if (response.containsHeader("Pragma")
>  && userAgent!=null
>  && userAgent.toUpperCase().indexOf("MSIE")>-1) {
>  response.setHeader("Pragma", "public");
> }
>
>
> HTH,
>
> Jon
>
> Edouard Dalla-Costa wrote:
>
> > Hi,
> >
> > I am using a servlet that open an excel file from an output stream
> > which is working very well. However, I want to use it under SSL
> > connection which looks to be quite easy. I made the change in tomcat
> > and it is working very well. However when I try to open my excel file
> > using Internet Explorer under SSL connection, I am having a strange
> > error:
> >
> > impossible to open: https://myURL
> >
> > I am using exactley the same URL with non SSL connection and it is
> > working fine. But the funniest thing is that it is really well working
> > using FireFox or Opera explorer.
> > It makes me crazy. So if somebody as already see encounter this
> > problem or know what to do. PLEASE HELP ME
> >
> > Thank you very Much
> >
> > regards
> > Edouard


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to redirect http to https automatically?

[David Wall]

I don't know the answer to that.  It's unlikely, though.  You could put
something like Apache in the front and use URL rewriting, which can
basically force any URL with a given pattern to be redirected, either
forcing HTTP or HTTPS and doing the redirect only when the scheme is not
what you want.

In general, though, when you know you are shifting between secure and
insecure, you should perhaps create URLs that make this explicit.  In
general, you enter a secure mode when starting a secure set of transactions,
and then switch back when you are done.  Of course, you could just stay with
HTTPS once they enter secure mode since securing the communications may have
overhead, but it adds privacy.

David


- Original Message - 
From: "Antony Paul" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>; "David Wall"
<[EMAIL PROTECTED]>
Sent: Thursday, October 14, 2004 9:42 PM
Subject: Re: How to redirect http to https automatically?


> Is it possible to switch from https to http using this kind of
configuration ?
> I tried with NONE for user constraint but it still remains in https.
>
> rgds
> Antony Paul
>
>
> On Thu, 14 Oct 2004 08:40:31 -0700, David Wall <[EMAIL PROTECTED]>
wrote:
> > This is part of the servlet specs.  In  your WEB-INF/web.xml file, you
need
> > a security constraint that says the site should be secure, something
like:
> >
> > 
> >  
> >Entire site
> >/*
> >GET
> >POST
> >  
> >  
> >CONFIDENTIAL
> >  
> > 
> >
> > The "confidential" keyword ensures that the webapp will require https,
so if
> > you try to get it via http, then the redirect stuff specifed in your
> > server.xml will be applied.
> >
> > David
> >
> >
> >
> > - Original Message -
> > From: "Won Sim" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Wednesday, October 13, 2004 8:13 AM
> > Subject: How to redirect http to https automatically?
> >
> > > I set redirectPort attribute to 443, which is my SSL connector port
> > number,
> > > from port 80 connector in the server.xml. This doesn't redirect http
to
> > > https automatically. In other words, I still can access the
application
> > via
> > > http://server/myapp. I want to know how to redirect http to https
> > > automatically so when I enter http://server/myapp, Tomcat redirects to
> > > htts://server/myapp. I am using Tomcat 4.1.30.
> > >
> > > Thanks in advance.
> > > Won.
> > >
> > > _
> > > Don't just search. Find. Check out the new MSN Search!
> > > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> > >
> > >
> > > -
> > > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
> >


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to redirect http to https automatically?

[David Wall]

This is part of the servlet specs.  In  your WEB-INF/web.xml file, you need
a security constraint that says the site should be secure, something like:


  
Entire site
/*
GET
POST
  
  
CONFIDENTIAL
  


The "confidential" keyword ensures that the webapp will require https, so if
you try to get it via http, then the redirect stuff specifed in your
server.xml will be applied.

David

- Original Message - 
From: "Won Sim" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, October 13, 2004 8:13 AM
Subject: How to redirect http to https automatically?


> I set redirectPort attribute to 443, which is my SSL connector port
number,
> from port 80 connector in the server.xml. This doesn't redirect http to
> https automatically. In other words, I still can access the application
via
> http://server/myapp. I want to know how to redirect http to https
> automatically so when I enter http://server/myapp, Tomcat redirects to
> htts://server/myapp. I am using Tomcat 4.1.30.
>
> Thanks in advance.
> Won.
>
> _
> Don't just search. Find. Check out the new MSN Search!
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: request.getSession(false) randomly returns null in servlet

[David Wall]

Is it possible that your session has ended (too long between requests)?
Check how long you have configured sessions to be active (in web.xml).  Is
it possible you are losing the encoded session ids (if cookies are not being
used)? It's easy to miss an encoded URL on a page for get/post and thus lose
the session id on the next request.  Then again, I've seen bugs before in
which cookies are quite reliable, but encoded URLs don't always seem to
work.

David

- Original Message - 
From: "Mark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, October 12, 2004 8:36 AM
Subject: request.getSession(false) randomly returns null in servlet


> Hi All,
> I have unstable behavior in my web application when I try to get
> HttpSession.
> The problem is that the following code randomly returns _null_ for
> HttpSession.
>
> But next http request from different servlet using the same code is
> fine. and when I call servlet with problem I've got null again.
> Interesting, that if I wait for few minutes, this problem does not
> exists: I'm getting a session object with no problems
> Here the code:
>
> -- cut --
> public void doPost( HttpServletRequest req, HttpServletResponse resp
> )
>   throws IOException, ServletException
>   {
> String cPath = req.getContextPath();
> HttpSession ses = req.getSession(false);
> /* ... ses is null sometimes ;(*/
> 
> - end cut 
>
>
> Please note that I use req.getSession(true) in the login servlet and
> DO know that session is created.
>
> Tech spec:
>  Software: tomcat 5.0.24 on Redhat FS2
>  Hardware: AMD 2700+, 512Mb, 120 GB HDD.
>
>
> Any comments and suggestions are welcome.
>
> Thanks,
> Mark.
>
>
>
>
> __
> Do you Yahoo!?
> Take Yahoo! Mail with you! Get it on your mobile phone.
> http://mobile.yahoo.com/maildemo
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: StringBuffer memory optimization

[David Wall]

> Hello folks, i have a problem with StringBuffer, profiling my
> web-application i noticed, StringBuffer due to its creation and use
consumes
> too much memory. Does onyone here know a good way to solve that problem?

Not much to go on there, but a key factor to using StringBuffer "well" is if
you can estimate how big the resulting String will be beforehand.  This is
because StringBuffer starts out rather small (16 characters as I recall) and
grows as needed.  Each time it grows, it has to allocate a new buffer and
copy the previous buffer, so it can be wasteful if misused this way.

So, if you know before, do something like:

StringBuffer buf = new StringBuffer(4000);

Or, if you already have a buffer and you need to add another 500 characters,
you can use:

buf.ensureCapacity(buf.length()+500);

The second will ensure that the buffer is at least big enough to hold its
current contents plus another 500 characters so that if it's not big enough,
it will only do one reallocation as you add up to another 500 characters.

Good luck,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Capturing HTML using Tomcat 4

[David Wall]

That's not as "nice" only because most of the pages to be captured are JSPs,
and converting the JSP to a servlet for this purpose would defeat much of
the beauty of JSPs.  I saw a listing for using a "capture JSP tag" at
http://www.jguru.com/faq/view.jsp?EID=304022 that seems kind of interesting.
Of course, if this works well, it would only work on JSPs in which the tag
could be placed.

David

- Original Message - 
From: "Robert Harper" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>; "'David Wall'"
<[EMAIL PROTECTED]>
Sent: Wednesday, October 06, 2004 3:20 PM
Subject: RE: Capturing HTML using Tomcat 4


> One way is to write a servlet that builds the html and before you finish
with
> the response, save the text into a table and then send the response.
>
> Robert S. Harper
> 801.265.8800 ex. 255
> > -Original Message-
> > From: David Wall [mailto:[EMAIL PROTECTED]
> > Sent: Wednesday, October 06, 2004 4:10 PM
> > To: [EMAIL PROTECTED]
> > Subject: Capturing HTML using Tomcat 4
> >
> > I've been looking through archives and such for examples of how to
capture
> > the HTML output from a given JSP programmatically so I can archive or do
> > other things with that HTML.  For example, we might do this to record
the
> > text of an agreement that was displayed to a user, in which a JSP
generated
> > the agreement HTML page.  The pages may be generated from either HTTP
GET or
> > POST.
> >
> > It would be nice to perhaps just have a servlet "include" the response
from
> > a JSP, passing along the GET/POST request to that JSP, but then have the
> > servlet capture the JSP's response in a string for processing/storage.
> > O'Reilly has a caching servlet that may help, but I was wondering if
anybody
> > had come out with an elegant way to do this.
> >
> > Thanks,
> > David
> >
> >
> > -
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
> >
>
>
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Capturing HTML using Tomcat 4

[David Wall]

I've been looking through archives and such for examples of how to capture
the HTML output from a given JSP programmatically so I can archive or do
other things with that HTML.  For example, we might do this to record the
text of an agreement that was displayed to a user, in which a JSP generated
the agreement HTML page.  The pages may be generated from either HTTP GET or
POST.

It would be nice to perhaps just have a servlet "include" the response from
a JSP, passing along the GET/POST request to that JSP, but then have the
servlet capture the JSP's response in a string for processing/storage.
O'Reilly has a caching servlet that may help, but I was wondering if anybody
had come out with an elegant way to do this.

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to use ONLY cookie for session management?

[David Wall]

> The Servlet Container must obey the Servlet Specification as far as
session tracking mechanisms are concerned.  So you can't turn this off.
>
> You can build a custom version of Tomcat that doesn't do URL rewriting if
you'd like.  But I'm guessing you're not going to like this option ;)

Doesn't that URL rewriting require the use of response.encodeURL().  If I
don't include it around A-HREFs I don't get such session ids inserted.  And
if you have pages that don't need session tracking, you can turn it off on a
page-by-page basis.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Repost: java.security.AccessControlException

[David Wall]

The syntax is:

permission java.security.AllPermission;

Of course, why use a security manager at all if the default is no security
at all?

David

- Original Message - 
From: "Andre Legendre" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Tuesday, September 07, 2004 8:34 AM
Subject: Repost: java.security.AccessControlException


> Hi
>
> I post again my problem because I get stuck and I need some help.
>
> I had a servlet working using jwsdp 1.3. I changed to 1.4 and I get now
> a java.security.AccessControlException
>
> My classes are in a jar located in WEB-INF/lib/
> my policy is :
> grant {
> permission java.security.AllPermission "", "";
> };
>
> Any help welcome
>
> Andre Legendre
> Error is :
>
> INFO: Server startup in 20279 ms
> Setting controller properties
> Setting controller RMISecurityManager
> Setting controller RMISecurityManager Finish
> 127.0.0.1
> Setting controller startDiscovery
> java.security.AccessControlException: access denied
> (java.io.FilePermission
>
/home/rcs/Master/extern/java/jwsdp/tomcat-jwsdp-1.4/webapps/mfg_ServletToJsp
/WEB-INF/classes/com/sun/rio/resources/client/JiniClient.class
>
> read)
> at
>
java.security.AccessControlContext.checkPermission(AccessControlContext.java
:269)
> at
> java.security.AccessController.checkPermission(AccessController.java:401)
> at
> java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
> at java.lang.SecurityManager.checkRead(SecurityManager.java:863)
> at java.io.File.exists(File.java:678)
> at
> org.apache.naming.resources.FileDirContext.file(FileDirContext.java:881)
> at
> org.apache.naming.resources.FileDirContext.lookup(FileDirContext.java:263)
> at
>
org.apache.naming.resources.ProxyDirContext.lookup(ProxyDirContext.java:338)
> at
>
org.apache.catalina.loader.WebappClassLoader.findResourceInternal(WebappClas
sLoader.java:1729)
> at
>
org.apache.catalina.loader.WebappClassLoader.findClassInternal(WebappClassLo
ader.java:1597)
> at
>
org.apache.catalina.loader.WebappClassLoader.findClass(WebappClassLoader.jav
a:891)
> at
>
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1340)
> at
>
org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.jav
a:1220)
> at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:302)
> at WebMfgServiceManager.startDiscovery(Unknown Source)
> at WebMfgServiceManager.(Unknown Source)
> at servletToJsp.init(Unknown Source)
> at
>
org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:10
44)
> at
>
org.apache.catalina.core.StandardWrapper.allocate(StandardWrapper.java:712)
> at
>
org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.
java:719)
> at
>
org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDis
patcher.java:516)
> at
>
org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatch
er.java:453)
> at
>
org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher
.java:369)
> at
>
org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:717
)
> at
>
org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:687)
> at
>
org.apache.jsp.jsptoserv.jsptoservlet_jsp._jspService(jsptoservlet_jsp.java:
45)
> at
> org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:141)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:856)
> at
>
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:286)
> at
>
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:206)
> at
>
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:258)
> at
>
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:151)
> at
>
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
> at
>
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:256)
> at
>
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:210)
> at
>
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:151)
> at
>
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:513)
> at
>
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:149)
> at
>
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:564)
> at
>
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:196
)
> at
>
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:151)
> at
>
org.apache.catal

StandardClassLoader: Security Violation, attempt to use Restricted Class: org.apache.tomcat.util.net.SSLSupport$CipherData

[David Wall]

What do I have misconfigured to cause this security violation?  I am
using -security to start a security manager and the page is https secure.

Using TC 5.0.27 on Redhat Linux, I received the following error in
catalina.out:

StandardClassLoader: Security Violation, attempt to use Restricted Class:
org.apache.tomcat.util.net.SSLSupport$CipherData

My JSP page redirected to my error page, and this stack trace was shown:

org/apache/tomcat/util/net/SSLSupport$CipherDatajava.lang.NoClassDefFoundErr
or: org/apache/tomcat/util/net/SSLSupport$CipherData
at org.apache.tomcat.util.net.SSLSupport.(SSLSupport.java:55)
at
org.apache.tomcat.util.net.jsse.JSSESupport.getKeySize(JSSESupport.java:137)
at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:973)
at org.apache.coyote.Request.action(Request.java:363)
at
org.apache.coyote.tomcat5.CoyoteRequest.getAttribute(CoyoteRequest.java:934)
at
org.apache.coyote.tomcat5.CoyoteRequestFacade.getAttribute(CoyoteRequestFaca
de.java:214)
at org.apache.jsp.login_jsp._jspService(login_jsp.java:201)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:3
24)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:802)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:239)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:500)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:266)
at
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:15
7)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:231)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:50)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:140)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:136)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:214)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContext
Valve.java:198)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:152)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase
.java:540)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117
)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:102)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:109)
at
org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContex
t.java:104)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConne
ction(Http11Protocol.java:705)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.jav
a:683)
at java.lang.Thread.run(Thread.java:534)

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SOLVED: How to get the context path for a web application?

[David Wall]

>contextPath = path.substring(0, path.lastIndexOf("/"));
>contextPath = contextPath.substring(contextPath.lastIndexOf("/") +
1);

This looks like a reasonable hack, but isn't it true that the filesystem
path and the context path don't have to match?  For example, I can map "" to
/webapps/ROOT can't I?  Or map "/myapp" to "/webapps/somethingelse"?

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SOLVED: How to get the context path for a web application?

[David Wall]

> The cause for some of these specs is the fact servlet containers aren't
required to run on file systems.  For example, they may run entirely inside
a DBMS (and Oracle had such a container for a while), in which case you must
deploy in a packed WAR and the subset under a server's URL name space is not
a hard-drive path.

Nobody "cares" if this maps to a file system or not.  If your application
needs to create an URL that will take someone to a page on your site (let's
say it's the /login.jsp page), we need to be able to set the protocol,
domain, port and context path that will appear in front.

For example, we have lots of emails that go out with such links back to the
webapp, and today, we end up putting the complete URL in config files since
there's no easy way to set these up in an "init" type method.  That's just
too bad since the context path doesn't change from request to request.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SOLVED: How to get the context path for a web application?

[David Wall]

> No, and an archive search would reveal past discussions around this
> issue (though none recently).   Webapps are supposed to be independent
> of their server configuration including with regards to context path,
> and so the Servlet Spec actively discourages you from doing webapp
> initialization or configuration based on such data.  A lot of people
> debated for a long time what does and doesn't go into the
> ServletContext/ServletConfig objects as opposed to Request/Response
> objects.

True and it's mostly not a big issue.  However, is it possible for a
ServletContext to reference one context path and the Request objects to have
a different one?  Most webapps only operate under a single context path
(don't they?), so having it at initialization would be nice too.  Oh well...
With the path, I could build URLs for email and other logging info at
initialization that cannot be done dynamically without knowing the
host/port/contextpath.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SOLVED: How to get the context path for a web application?

[David Wall]

> Someone on the list suggested Request.getContextPath() and it works like a
> charm. Thanks to all.

Agreed, but my follow-up question was if there was such a call to be done
using a ServletContext/ServletConfig object so that you can get the context
path in initialization servlets, etc., before a request comes in.

David


> >> A ServletConfig reference is passed in the call to the init() method of
> > your
> >> servlet. From this you may use the getServletContext() method to get
the
> >> context. One thing to remember is that this does not get called until
the
> >> servlet is initialized and would be invalidated when it is destroyed. I
> > suggest
> >> you check the API docs for more information.
> >
> > But do any of those return the context path?  I didn't see it anywhere
in
> > the javadocs.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to get the context path for a web application?

[David Wall]

> A ServletConfig reference is passed in the call to the init() method of
your
> servlet. From this you may use the getServletContext() method to get the
> context. One thing to remember is that this does not get called until the
> servlet is initialized and would be invalidated when it is destroyed. I
suggest
> you check the API docs for more information.

But do any of those return the context path?  I didn't see it anywhere in
the javadocs.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to get the context path for a web application?

[David Wall]

> request.getContextPath();

Is there a way to do it when not serving a web page?  Like in a startup
servlet that has a ServletConfig/Context, but doesn't have a request?  This
way, the context could be retrieved once and cached and used in situations
unrelated to processing a specific HTTP request.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SunONE versus Tomcat performance

[David Wall]

Sun's update on the WSDP 1.4 
(http://java.sun.com/developer/technicalArticles/WebServices/JWSDP_1.4/) includes this 
note about web containers:

 It is worth noting that Sun Java Web Server has better performance than Apache 
Tomcat; you can learn more about this from Sun Java Web Server vs. Apache/Tomcat 
Benchmarks. 

The link to the KeyLabs report is at 
http://www.keylabs.com/results/sun/SunONEFinalReport_Solaris.pdf

Why would SunONE be anywhere from 2 to 5 times faster than Tomcat?

They also suggest that Tomcat would start to show errors when loading 200 users at a 
time, whereas SunONE could handle up to 500 users without any errors.

David

Re: TC 5 production use -- iptables to make it work without root

[David Wall]

> I'm curious, why don't you use Apache and JK
> connector?
>
> Evgeny Gesin

We currently do, but we're creating a new simpler version for smaller
offices and corporate departmental computing.  The fewer running parts the
better, and the fewer things that need to be patched going forward, the
easier to troubleshoot, etc..  Apache has lots of capabilities that are not
in Tomcat, and some believe that doing SSL in Apache, even with the added
overhead of the JK, is more efficient.  It's even nice when Apache runs on a
front-end web server connected to the Internet and Tomcat runs on a backend
app server that's not directly connected to the Internet.

However, if Tomcat does everything you need, it's a good platform.  By
running it as a normal user, the idea of starting/stopping as 'root' and
having to deal with Apache's security issues (nothing bad, but every
component connected is another component that can be exploited) makes things
simpler for our end customers.

There's nothing wrong with Apache+JK in my opinion.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5 production use -- iptables to make it work without root

[David Wall]

> Only for port redirection you don't need to buy any hardware.
> If you are running tomcat inside a linux box, you can configure iptables
> to do the port redirection. Everything via software, no hardware.
>
> Vitor

You are absolutely correct.  In fact, I've abandoned JSVC precisely because
I can do this.  This is great because not only do you need the extra JSVC,
but you don't need to start as root at all.

For example, here are the iptables rules I use under RH 9 to effect what
Vitor is saying:

(If you're using the /etc/rc.d/init.d/iptables script, this is the control
file for it -- of course, you could do this "manually" by simply putting the
command 'iptables' in front of these lines and assuming that your INPUT
chain jumps to the YOZONS-BPN-INPUT )

-A YOZONS-BPN-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j
ACCEPT
-A YOZONS-BPN-INPUT -p tcp -m tcp --dport 443 --tcp-flags SYN,RST,ACK SYN -j
ACCEPT
-A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8080 --tcp-flags SYN,RST,ACK
SYN -j ACCEPT
-A YOZONS-BPN-INPUT -p tcp -m tcp --dport 8443 --tcp-flags SYN,RST,ACK
SYN -j ACCEPT

The above lines are assuming you block all access to your system except for
what you let in.  This allows the INPUT packets to come in on the standard
ports of 80 and 443 (only 443 if you need HTTPS) as well as the "tomcat"
ports of 8080 and 8443.

Then, using the NAT commands (on iptables table "-t nat") to do port
redirecting:

-A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8443
-A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 8080

This maps the production ports to the tomcat listening ports.

In your tomcat server.xml file, continue to use the 8080/8443 Connector
ports, and if you need 8080 to redirect to SSL, I'd suggest you redirect to
443 (the standard port).  You could have it redirect to 8443, but then the
8443 will appear in all your URLs and if your visitors have an egress
firewall, they likely won't be able to reach your system, so it looks like:




Good luck,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Startup exception using security manager on TC 5.0.18

[David Wall]

When I startup Tomcat 5.0.18 with a security manager, I get the following
exception.  It talks about persisted sessions, something I didn't even
realize existed.  No doubt there's a permissions problem if it cannot read
where the sessions are stored.

Is there a way to make sure sessions are not persisted?  In general, we
wouldn't want that unless we were doing some sort of clustering or the like.
Or is this problem something else?

David


Feb 8, 2004 4:30:05 PM org.apache.catalina.session.StandardManager doLoad
SEVERE: IOException while loading persisted sessions: java.io.EOFException
java.io.EOFException
at
java.io.ObjectInputStream$PeekInputStream.readFully(ObjectInputStream.java:2
165)
at
java.io.ObjectInputStream$BlockDataInputStream.readShort(ObjectInputStream.j
ava:2631)
at
java.io.ObjectInputStream.readStreamHeader(ObjectInputStream.java:734)
at java.io.ObjectInputStream.(ObjectInputStream.java:253)
at
org.apache.catalina.util.CustomObjectInputStream.(CustomObjectInputStr
eam.java:104)
at
org.apache.catalina.session.StandardManager.doLoad(StandardManager.java:431)
at
org.apache.catalina.session.StandardManager$PrivilegedDoLoad.run(StandardMan
ager.java:123)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.session.StandardManager.load(StandardManager.java:377)
at
org.apache.catalina.session.StandardManager.start(StandardManager.java:703)
at
org.apache.catalina.core.ContainerBase.setManager(ContainerBase.java:542)
at
org.apache.catalina.startup.ContextConfig.managerConfig(ContextConfig.java:3
49)
at
org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:654)
at
org.apache.catalina.startup.ContextConfig.lifecycleEvent(ContextConfig.java:
253)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:166)
at
org.apache.catalina.core.StandardContext.start(StandardContext.java:4224)
at
org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:8
66)
at
org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java:164)
at
org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(ContainerBase.
java:186)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:848)
at
org.apache.catalina.core.StandardHost.addChild(StandardHost.java:638)
at
org.apache.catalina.core.StandardHostDeployer.install(StandardHostDeployer.j
ava:320)
at
org.apache.catalina.core.StandardHost.install(StandardHost.java:875)
at
org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:727
)
at
org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:477)
at
org.apache.catalina.startup.HostConfig.start(HostConfig.java:1008)
at
org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:394)
at
org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSuppor
t.java:166)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1133)
at
org.apache.catalina.core.StandardHost.start(StandardHost.java:832)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1125)
at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:518)
at
org.apache.catalina.core.StandardService.start(StandardService.java:519)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:2345)
at org.apache.catalina.startup.Catalina.start(Catalina.java:598)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:297)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:398)


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5 production use

[David Wall]

> We run Tomcat on 8080 using Cisco Routers for port redirection.
> Nobody has to type in a port number.

Well, I agree that would work for everyone who just buys some hardware to
give the illusion of using port 80.  Of course, running tomcat on port 80
itself would be nice if anybody knows if/whether JSVC can mimick the
"-security" argument of catalina.sh.

And the best part is that we're happy to know that some more heavily used
production sites are using TC 5, which was the original question and
interest!

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5 production use

[David Wall]

> You can have any port be the default http port. It doesn't have to be 80.
>
> If you change /etc/services and just tell tomcat or apache to listen on
> something else, it still works fine, and people don't have to remember
> the port.
>
> Right?
> Daniel

All true since no port number has to mean anything.  But I've yet to see any
actively used production web site that didn't use 80/443 because those are
the ONLY ONES that can be reached without specifying a port number in the
URL.   Considering the fact that absolutely nobody in the non-development
world ever types in a URL with a port number, you can rest assured that no
production web site relies on non-standardized port numbers.

Then when  you consider firewalls, the ability for many sites to reach
non-standard ports gets worse because many well-secured networks block
outgoing connections to arbitrary IP+ports.  Allowing outgoing connections
to be made to port 80 is common, but others are typically blocked (even
spyware and virus-introduced backdoors often use port 80 just for that
reason, even though the other end is not necessarily a web site).

So you can use any port number you want, even ones assigned to other systems
like DNS or SMTP, but the expected behavior won't occur.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5 production use

[David Wall]

> I don't, as we don't use port 80 for any of our apps.
>
> Yoav Shapira

I see.  Do you have a large internal user base then?  It doesn't sound like
a "classic production" use server if you're not even using the standard
ports.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: TC 5 production use

[David Wall]

> I'm using it in production, no issues.  But then again I steer clear of
> the practices that tend to cause issues frequently: I don't redeploy my
> apps in production (when I ship a new version I do so during our
> maintenance window and restart the server), I profile and test carefully
> for memory leaks, I don't use apache in front of tomcat, I do use a
> security manager, I do deploy and run only packed WARs, nothing
> reloadable or auto-deployed...

How do you run it in production with the security manager?  I've been
looking at this and can't tell how to configure JSVC to use the JVM options
that specify the security manager:

-Djava.security.manager -Djava.security.policy==$CATALINA_HOME/conf/catalina
.policy

I can only get the security manager working with the bin/startup.sh script,
but then since we don't run tomcat as root, I can't use ports 80 and 443.

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JSP reloading on Tomcat 5.0.18 question

[David Wall]

Often when I upload a new JSP, tomcat 5.0.18 under RH Linux 9 with JDK1.4.2
doesn't seem to always see it.  This is particularly true when doing
repeated uploads in short order (hack & test!).

I've configured tomcat's conf/web.xml with the following:


jsp
org.apache.jasper.servlet.JspServlet

fork
false


xpoweredBy
false


development
true


reloading
true


checkInterval
300

3



My impression is that the 'development=true' setting should cause the JSP to
be checked every time for modifications, and only if development=false do
the reloading/checkInterval values take meaning.  Is that not true?  Should
I just turn 'development=false' and then set the 'checkInterval' to '0'?

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Excel Mime problem - IE 6 changed behavior on file uploads for us

[David Wall]

It may not be related, but we've noted that IE 6 on XP (oddly enough) seems
to send the wrong content-type when .doc and .xls files are uploaded.  We
used to get the correct mime types, but now we get application/octet-stream.
We noted that our Mozilla 1.6 does the same, but Opera 7.11 gives the right
content-type.

When a file is uploaded, it appears that the content-type is set by the
browser, without respect to the web.xml or even apache's mime.types file.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Apache/Tomcat/SSL vs. Tomcat/SSL

[David Wall]

> My thought is that since Apache is written in C it may be more efficient =
> to have Apache handle the SSL.  However, I am not sure if the overhead =
> of the connector would negate any performance benefits gained from =
> having Apache handle the SSL rather than Tomcat.  If performance is the =
> same or only marginally better with Apache then I am not sure if the =
> added complexity of having Apache in the equation is warranted.  I have =
> not benchmarked to see if there is actually a performance difference.  =
> Does anyone have an opinion on this or any benchmarks they could share?

Great question.  I've got the same consideration, but without a way to drive
lots of SSL transactions from lots of different clients, it's hard to know.
SSL has a lot of overhead in setup, but there's some SSL persistence that
gives you a benefit for frequent requests that avoid the re-negotations.
But I know that consumes memory, so there's no doubt issues related to the
number of different concurrent clients using SSL at the same time.

Also, OpenSSL (why it's never reached the 1.0 level I can't say since it's
been in production for many years!) is probably more mature than the JSSE.
And while C code would surely be faster, the server VMs supposedly do a
great job on code that's constantly executed as would be the case for the
SSL java code.  And surely there are real costs associated with the memory
and thread/process overhead of running HTTPD on the same computer.  Of
course, there are some security advantages if the HTTPD runs on one machine
with a public IP addr and TOMCAT on an other server using a private IP addr.

And the Apache http engine is certainly more mature than Tomcat's, but I
don't have any benchmarks or other info to tell me if it's really that much
faster, or if either is more secure (after all, Java typically is less
vulerable than C code).

We're creating an office edition of our flagship Signed & Secured enterprise
software, and we're trying to simplify systems dramatically, so we'd like to
get rid of Apache just for the simplicity of it all.  We're even going to
buck the "no user threads" warning for servlet containers since Tomcat
allows them and it will make our system even simpler by removing the need
for a couple of standalone Java applications and a few batch java
applications.

I hope others can comment on real stats they've seen.

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JSVC and -server -security options

[David Wall]

In the JSVC (tomcat 5.0) docs, there's no mention of being able to use the
"-server" option to the JVM to get the server VM.

Also, when using the startup.sh script, I can add the "-security" option to
cause tomcat to run with a security manager.  But with JSVC, I cannot add
the -Djava.security.manager -Djava.security.policy==$CATALINA_HOME/conf/cata
lina.policy like the catalina.sh script does.  JSVC complains that both -D
options are missing the single '='.

Can I make these work with JSVC?  Does it happen implicitly when JSVC
launches the JVM inside itself?

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: jsvc and -config? What about other JVM options?

[David Wall]

How about passing the "-server" option to the JVM so that it uses the server
versus client VM?

How do you pass in security manager params like:

-Djava.security.manager -Djava.security.policy==$CATALINA_HOME/conf/catalina
.policy

The -server option is unknown.  The two -D options above are rejected
because neither has one '=' sign.

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

OFF TOPIC: email postage should be of interest to those who use OSS newslists

[David Wall]

Sorry for this off topic posting, but it should be of interest to those in the OSS 
communities since it threatens us.

The following story appeared in the New York Times as well as various local papers 
(like the one here in Seattle).

http://www.nytimes.com/2004/02/02/technology/02spam.html

The gist is that Microsoft, Yahoo and others are trying to create a scam in which they 
charge postage for email.  Note that this would be used against all open source 
projects that rely heavily on free emails going out to developers and users.  Note 
that spam filters in the big ISPs will only be made more restrictive in order to 
increase utilization of the postage scam.  After all, nearly every email sent arrives 
at its destination today, so nobody will pay.  But as they tighten the rules, more 
legit email will get blocked as spam, thus forcing us into paying for postage that 
provides no added services, and of course would cripple OSS projects that rely on 
email.

Below is my letter to the editor of the NYT and a few quotes from the article for 
those who aren't registered on the NYT site.

Thanks,
David



Re: "Gates Backs E-Mail Stamp in War on Spam," 
http://www.nytimes.com/2004/02/02/technology/02spam.html

Dear Mr. Hansell:

Postage for sending email?  That sounds like a greedy attempt to charge
twice without providing any added services.

Our tax dollars paid to create the Internet and the communications protocols
freely used by Microsoft and Yahoo.  But now there's a new land grab to try
to privatize our public, worldwide network that promotes freedom.

Our monthly ISP and telephone fees already pay for our usage of the Internet.

Now we're told that for our own good, we should pay for each email sent,
even though we've already paid for that privilege.  Open source projects
rely heavily on email for developer communications and for user support.  Is
it surprising that Microsoft likes such a scheme?  Will we next have to pay
for each instant message or each web page we visit?

A typical email, like this one, is about 2 KB in size.  Today's MSN homepage
is 100 KB, with lots of unsolicited ads.  Unsolicited popup ads often run in
the 13-20KB range.  Should Microsoft have to pay me to view these ads?
Their web page consumes 50 times more bandwidth than this email.

Lastly, there are commercials services today like Yozons.com that charge for
sending secure messages that have no spam or viruses, but at least they
offer lots of features beyond email (working return receipts, encrypted delivery
to ensure privacy, electronic signatures, status tracking of messages sent, etc.) 
so many find it worth the extra money spent.

We'll pay for services we want, but paying twice for no added service is bad
all around.

Sincerely,
David Wall

+

Some quotes from the NYT story, since I realize I cannot post the entire story here 
for copyright reasons:

"Ten days ago, Bill Gates, Microsoft's chairman, told the World Economic Forum in 
Davos, Switzerland, that spam would not be a problem in two years, in part because of 
systems that would require people to pay money to send e-mail. Yahoo, meanwhile, is 
quietly evaluating an e-mail postage plan being developed by Goodmail, a Silicon 
Valley start-up company."

""Damn if I will pay postage for my nice list," said David Farber, a professor at 
Carnegie Mellon University, who runs a mailing list on technology and policy with 
30,000 recipients. He said electronic postage systems are likely to be too complex and 
would charge noncommercial users who should be able to send e-mail free."

"But for the big Internet access providers, or I.S.P.'s, the prospect of e-mail 
postage creating a new revenue stream that could help offset the cost of their e-mail 
systems is undeniably attractive"

Re: setContentType() vs.

[David Wall]

> Yoav is correct that Tomcat (and probably most servlet containers) simply
> consider meta tags as just some text to push to the browser.  The problem is
> that (assuming the browser can read the tag at all), Tomcat is sending in
> iso-latin-1, not what is in your meta tag.

But is that really the "correct"  behavior.  I though that Apache httpd would note 
those and return the right header since a web page author in general has no way to 
control HTTP headers besides using meta tags.  Isn't the entire purpose of those tags 
to give hints to the http server what it should send back? 

I know that I use http headers set through meta tags for compact P3Ps and it seems to 
work.

David

Re: Javamail not working with non-Outlook Express users.

[David Wall]

Can you be more specific about the transfer failure?  A quick check seems to
indicate smtp.covad.net is a true SMTP server (at least I could do a basic
check over port 25), so the setup should be correct.

What is the "host computer name" you refer to?  Does your own system have an
SMTP server (that's common on Linux for example, with sendmail often
configured automatically)?  Obviously, if you have a local SMTP server, then
use it instead of the smtp.covad.net.  You just need to point to an SMTP
server that will let you send using the "FROM" email address you have.

David

- Original Message - 
From: "charles doweary" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Wednesday, January 14, 2004 5:11 PM
Subject: Re: Javamail not working with non-Outlook Express users.


> Changing  "props.put("smtp.covad.net", "XX-YY1");  to
>   "prop.put("mail.smtp.host","smtp.covad.net");  didn't work.
> That change caused the transfer to fail; I changed it back to the host
> computer name.
> Do you have any other suggestions as to why the transfer works for Outlook
> and not the other clients?
>
> Thanks,
> Charles


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Javamail not working with non-Outlook Express users.

[David Wall]

You need to check what you are doing.  It makes no sense that a text email gets an 
HTTP error.  What the heck is it doing coming back to your Tomcat anyway?  Email is 
sent via SMTP.

I don't know what you are trying to do with the following code fragment:
> Properties props = new Properties();
> props.put("smtp.covad.net", "XX-YY1");

Normally, you'd do something like:

Properties prop = new Properties();
prop.put("mail.smtp.host","mail.yourhost.com");

The SMTP server (mail.yourhost.com above) takes care of delivery, so there's no need 
to worry about which email client a person uses.

Perhaps you meant (if that's the smtp server you use to send email out):

prop.put("mail.smtp.host","smtp.covad.net");

Good luck,
David

Re: Webapp names and paths within JSPs for images

[David Wall]

Well, right now we have a hard-coded app name for the paths (when we can't
rely on relative path names) in the image tags since making all image tag
path names dynamic would be a bit of a pain, plus it would make those images
not appear in tools like Macromedia that need to be able to resolve the
paths locally.

It seems that we're either doing this "wrong" or the pretense that webapps
can be deployed using any name chosen at deployment time simply is not true.
I would not be surprised since I find a lot of plumbing type work is still
necessary when using JSPs.  Another one is having to encode all output so
it's HTML safe, including data values that appear in INPUT value="abc" type
tags as well as SELECT and TEXTAREA when 99.99% of the time we want our
output to be HTML safe.  While it's a pain coding-wise, there's also no
standard way to do that encoding so we all write our own routines that
convert " to " and the like.  It just seems like there's a lot more
marketing to JSPs right now than is delivered considering how mature
Java/JSPs are already.

David


- Original Message - 
From: "Green, Jeffrey" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>; "'David Wall'"
<[EMAIL PROTECTED]>
Sent: Thursday, January 08, 2004 12:53 PM
Subject: RE: Webapp names and paths within JSPs for images


> I'm running into the exact same issue.  It seems that you could use
> HttpServletRequest.getContextPath() or parse through
> HttpServletRequest.getRequestURI() to get the root-relative path of the
URL.
> Then prepend that with the image name (or do whatever manipulation is
> necessary).  I've found it tougher to actually get a webapp deployed
"using
> any 'name' I'd like".  Hod did you get that working?
>
> -Original Message-
> From: David Wall [mailto:[EMAIL PROTECTED]
> Sent: Thursday, January 08, 2004 3:43 PM
> To: Tomcat Users List
> Subject: Webapp names and paths within JSPs for images
>
>
> In theory I should be able to take my webapp (starting with the base
> directory that contains the WEB-INF subdirectory) and deploy it using any
> "name" I'd like, so I could easily deploy the same webapp with URLs like
> http://mydomain.com/ (using the root context) or http://mydomain.com/app1/
> or even http://mydomain.com/app2/ etc.
>
> However, JSPs can include files using the "/" root to indicate I'm talking
> about a file at the top of the webapp directory and that works fine.  But
> images need to include URLs that that aren't processed by tomcat (so it
> doesn't know about the webapp's "base" directory), so I have to use names
> like "/images/image.gif" or "/app1/images/image.gif" or
> "/app2/images/image.gif" depending on where the webapp was actually
> deployed.
>
> While I can use relative paths for such images much of the time, when
using
> servlets that redirect/forward or whatever, the "current directory" is not
> always the same, so you can't just use "images/image.gif" or
> "../images/image.gif" to make it work.
>
> How are people coding their JSPs and servlets that return IMG tags so that
> the images can always be defined without including the webapp path name?
>
> Thanks,
> David
>
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
> --

> This message is intended only for the personal and confidential use of the
> designated recipient(s) named above.  If you are not the intended
recipient of
> this message you are hereby notified that any review, dissemination,
> distribution or copying of this message is strictly prohibited.  This
> communication is for information purposes only and should not be regarded
as
> an offer to sell or as a solicitation of an offer to buy any financial
> product, an official confirmation of any transaction, or as an official
> statement of Lehman Brothers.  Email transmission cannot be guaranteed to
be
> secure or error-free.  Therefore, we do not represent that this
information is
> complete or accurate and it should not be relied upon as such.  All
> information is subject to change without notice.


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Webapp names and paths within JSPs for images

[David Wall]

In theory I should be able to take my webapp (starting with the base
directory that contains the WEB-INF subdirectory) and deploy it using any
"name" I'd like, so I could easily deploy the same webapp with URLs like
http://mydomain.com/ (using the root context) or http://mydomain.com/app1/
or even http://mydomain.com/app2/ etc.

However, JSPs can include files using the "/" root to indicate I'm talking
about a file at the top of the webapp directory and that works fine.  But
images need to include URLs that that aren't processed by tomcat (so it
doesn't know about the webapp's "base" directory), so I have to use names
like "/images/image.gif" or "/app1/images/image.gif" or
"/app2/images/image.gif" depending on where the webapp was actually
deployed.

While I can use relative paths for such images much of the time, when using
servlets that redirect/forward or whatever, the "current directory" is not
always the same, so you can't just use "images/image.gif" or
"../images/image.gif" to make it work.

How are people coding their JSPs and servlets that return IMG tags so that
the images can always be defined without including the webapp path name?

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Differences Between Apache and Tomcat

[David Wall]

> As always, I would say start with tomcat by itself.  It's the simplest
> setup -- don't add Apache until you're sure you need it.  Tomcat will
> serve your static HTML pages just fine and fast.

It's important to realize that Apache is basically C code rather than Java
code, so it tends to run faster and of course is much more mature.  Because
it's C code, though, it's more likely to have security issues related to
buffer overflows or the like.  This speed improvement may be even more
significant if you're using SSL.

Apache also has many other modules that may be useful, including proxy
support, URL rewriting and mass virtual hosting.

Apache supports lots of different plugin capabilities, so while Tomcat can
do static content (HTML, images, javascripts) as well as JSP/servlets, it
can't do CGI/Perl/PHP/Python, etc. that might be plugged into an Apache web
server.  Of course, Apache can't do JSP/servlets or the others directly,
only via plugins.

To use port 80/443 with Tomcat, you have to launch it from 'root' on
Linux/Unix.  There may be a way to resolve that nowadays, but the last I
heard, that was still the case, and some people use simple
firewall/portmapping to push all port 80 traffic to port 8080 (or whatever)
that Tomcat is actually listening on.

Many people use BOTH for performance reasons as well as security reasons.
Apache tends to be fastest for static content and SSL processing, but
there's a performance hit when it has to forward the requests through Tomcat
for JSP/servlet processing.  By putting Apache on the publicly accessible
web server and then putting Tomcat on a private network that can be reached
by the public web server only, only over the port configured for mod_jk, you
can create a very secure Tomcat environment that is much harder to hack
into.  That's typically a good thing since the Tomcat application uses a
database and has all the business logic and JSP web pages that you want to
protect the most.

Hope this helps...

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Threaded servlets okay in a compliant container?

[David Wall]

The use of a cron job that does a WGET on a URL that triggers the background
processing sounds nice, but what's the process that triggers that on a
Windows box that doesn't have cron?  A huge power of our application is that
it's written in Java and we can run it easily on Windows or Linux or
Solaris.  Linux and Solaris could allow a cron job, but I'm not a Windows
person so I don't know how I'd do the same there.

Also, if a process needs to be run every minute, or perhaps even every 5 to
15 seconds (like for processing a work queue), cron would be overkill
because it would launch a new process, that process would have to construct
the simple URL and the POST it to the system.  Also, if someone else also
did POSTs to that same URL, they'd also trigger the background processing
though it wouldn't be "on schedule" per se.

Using cron doesn't sound that much better than just writing a batch C/Java
program that does this in a loop so that a process doesn't have to be
started each time (though you then have the issue of what to do if the batch
program terminates unexpectedly).  The key for me is to have a very simple
to deploy and manage application, and keeping Tomcat and a database running
should be the minimum in our environment, though we probably will also have
an Apache web server handling the SSL and static content like javascripts,
images, URL rewriting, allowing for easy port 80/443 port listening without
having to run as root, and allowing other types of backend apps run, like
Perl/CGI or whatever.

By far the easiest way to deal with work queues is to allow one thread to
insert a transaction into a queue and then notify() the other waiting
threads that work has been inserted.  But that means that the "work queue
thread" is a background thread and thus has issues with being truly
compliant now and in the future.

By far the easiest way to deal with background tasks is to simply launch a
thread that waits() for a certain amount of time and then does work when
that times out.

Clearly, the cron type solution solves the thread issues, but at the expense
of creating another program that needs to be configured and must run and
must be checked if it's not running, and causes overhead each time it's
launched.

David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Threaded servlets okay in a compliant container?

[David Wall]

I recall reading that conformant servlets and such (EJBs?) do not create
their own threads, something about being a container issue.

Does anybody know the primary objection to launching threads that take
on a life of their own?  The container doesn't really need to manage it, per
se.
I suppose a container can drop servlet objects from memory, but as that
wouldn't necessarily affect a daemon thread, it seems that doesn't harm
 launching them at startup, and of course the servlet could even stop the
threads when told to destroy itself if that makes sense.

Does anybody know if most servlet containers today (Tomcat 4+, WebLogic,
WebSphere...) have a real problem with such new threads being created or
not?  What would be the risk in my using them?

I previously posted this by accident on the PostgreSQL JDBC list and I got
mixed answers.  Some say it's fine, others say there's no spec saying such
threads can't be used, and others say that BEA complained about support
issues related to apps that created their own threads.

Any feedback is much appreciated.

Thanks,
David


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat List Duplicates?

[David Wall]

Is anybody else getting duplicate emails from the Tomcat list?  I not only
seem to get duplicates, but I even get messages that I'm sure I saw
yesterday arrive again today (such as my own postings).

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Loading properties file for an external class

[David Wall]

> Where do I need to drop it?

webapps/yourappname/WEB-INF/classes if it's a standalone file -- remember
that's the base, so if the properties file is considered to be in a package,
it has to be a subdirectory of this base location.

webapps/yourappname/WEB-INF/lib/yourjar.jar  -- if you've put it in a JAR
file.

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Loading properties file for an external class

[David Wall]

> JSP page:
> <%@ page import="my.pkg.Class" %>
>
> Class source:
> try {
> InputStream is =
> this.getClass().getResourceAsStream(File.separatorChar +
"Prop.properties");
> this.props.load(is);
> } catch( Throwable t ) {
> }

Not sure about this method since we just use ResourceBundle and it does all
of the classpath searching for us:

   try
{
// if you put Prop.properties in your base
WEB-INF/classes/Prop.properties
java.util.ResouceBundle bundle =
java.util.ResourceBundle.getBundle("Prop"); // the .properties is assumed

// or if you put Prop.properties in a package name:
WEB-INF/classes/com/host/config/Prop.properties
java.util.ResouceBundle bundle =
java.util.ResourceBundle.getBundle("com.host.config.Prop"); // the
.properties is assumed
java.util.Enumeration keys = bundle.getKeys();

String oneProp = bundle.getString("oneprop");
}
catch( java.util.MissingResourceException e )
{
String msg = "PropertiesFile - Could not load properties file '"
+ bundleName + "': " + e.getMessage();
throw e;
}


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Loading properties file for an external class

[David Wall]

> Where do I need to drop it?

webapps/yourappname/WEB-INF/classes if it's a standalone file -- remember
that's the base, so if the properties file is considered to be in a package,
it has to be a subdirectory of this base location.

webapps/yourappname/WEB-INF/lib/yourjar.jar  -- if you've put it in a JAR
file.

David



--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Granting security permissions not working

[David Wall]

> I am not able to grant security permissions on individual jar files. Can
> someone tell me what I'm doing wrong?
>
> In my policy file (CATALINA_HOME/conf/catalina.policy) I have the
> following setting:
>
> grant codeBase "file:${catalina.home}/-" {
> permission java.security.AllPermission;
> };
>
> I would think this would grant all permissions to all jar files,
> classes, etc under the catalina directory, including webapps'
> classes/jars.

First, ensure you are running with the -security option that turns on Tomcat
with the security manager installed.  Often you need to modify the
startup.sh script to include that options between 'start' and '$@'.  In my
TC 4.1.12 startup.sh, I have:

exec "$PRGDIR"/"$EXECUTABLE" start -security "$@"

Second, you are granting your permissions far too low on the file path.  At
the very least, consider something like

grant codeBase "file:${catalina.base}/webapps/yourappname/-" {

Third, are you actually running multiple instances in which your
catalina.base is different than your catalina.home?  If so, make sure you
are modifying the right catalina.policy file (you want the one that's under
your catalina.base, not the one under catalina.home).  If you are only
running a single instance of TC, though, then this should not be an issue.

Hope something here helps...

David Wall
www.yozons.com Electronic signatures with secure document delivery


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: Processing form uploaded files

[David Wall]

>   I never saw anyone mentioning jakarta's upload servlet... what's wrong
> with it?

Good question.  When I took a look, it appeared to not really be at
production 1.0 yet.  I'd hope that the authors also looked over the many
nits discovered in the Jason Hunter version to ensure all of the bugs there
are also incorporated as many browsers have minor bugs that need to be
correctly handled (often related to boundaries improperly defined, etc.)

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Apache Index page jsp and sessionid with JKMount *.jsp

[David Wall]

> I don't think that's the issue.  My httpd.conf has the following, inside a
> VirtualHost tag, for the url http://virtualhost/myApp:
>
> 
> Options Indexes FollowSymLinks
> DirectoryIndex index.jsp index.html index.htm
> 
>
> JkMount /myApp/*.jsp  ajp13
> JkMount /myApp/servlet/*  ajp13
>
> There definitely is an index.jsp file in that folder, and its a folder
that
> Apache knows about, because it's in the Directory tag, and
> http://virtualhost/myApp/index.jsp is working on port 80.
>
> Apache does not serve index.jsp, nor does it direct requests to Tomcat
> unless you specifically put index.jsp on the URL.  If there's an Apache
tag
> or directive that I'm missing that would change this behavior, I'd love to
> know what it is, the salespeople here are on my back all the time about
not
> being able to specify the URL without index.jsp on the end.
>
> Perhaps putting the JkMounts before the Directory tag would change the
> behavior.

Hmmm.  I have my DirectoryIndex statement outside of the virtual host entry,
but otherwise it looks very similar to what you have and it works fine.  One
thing, though, is that my Apache directory is one level below the JSPs, so
I'd have an entry like



This is because the URLs will all have the myApp portion to specify the
correct webapp to use.  My Options also includes "MultiViews Includes" along
with Indexes and FollowSymLinks, but I'm not an Apache expert by any
means...

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Apache Index page jsp and sessionid with JKMount *.jsp

[David Wall]

> I have DirectoryIndex set to index.jsp.  My Apache has mod_dir.
>
> Calling a directory mapped to Tomcat (such as /myApp) with
> http://localhost/myApp doesn't return anything, definitely not
> index.jsp.
> This is on 4.0.4 and 4.1.12.

One problem is that for this to work is that Apache has to "see" an
index.jsp in your myApp directory.  Put an empty version of that file (or
touch index.jsp if using Unix/Linux) in and then Apache will see that the
index file exists and will then attempt to serve it, but then note the .jsp
suffix so it then passes it back to Tomcat.

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: Class loading issue with JavaMail 1.3 and Tomcat 4.1?

[David Wall]

> I know that JavaMail 1.2 is bundled with Tomcat and that seems to be the
> conflict.
> I've checked the classloader howto and I think that the
web-inf/lib/mail.jar
> classes
> should be loaded for my webapp before the common/lib/mail.jar.  I've also
> checked
> bugzilla and have seen similar sounding problems regarding xml related
jars.

I made this work by removing activation.jar and mail.jar from common/lib and
replaced them with the 1.3 mail 1.0.2 activation.  Then I removed those two
JARs from my web-inf and all seems okay right now.

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

Re: ParameterMap not found exception

[David Wall]

> That's a know bug with Tomcat 4.1.12 + Security Manager (you did not
> mention it, but I assume you are running under it)

Thanks for the update.  Yes, I am running with a security manager.

All of the permissions you showed were already there except for the two
"defineClassInPackage" entries.  I added those, and it does appear to be
working now.  Many thanks, indeed!   You mentioned it's a known bug.  Is
there a doc online that I should have read, or it is just in the bug list
for a fix in the next release -- obviously this is not a big problem since
it's just missing a couple of grant statements...?

David


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

ParameterMap not found exception

[David Wall]

I'm upgrading from Tomcat 3.2.4 to 4.1.12 and I have one webapp running okay
under a special CATALINA_BASE, but another webapp running under a different
CATALINA_BASE is throwing an exception when I first try to access it.

I do have a "startup servlet" in my web.xml and it's starting and I see my
entire web application initialize itself find (connecting to the database,
SMTP servers, decrypting private keys, doing some RMI calls, etc.).

A quick scan of the jar files shows that the "missing" class is indeed in
the file server/lib/catalina.jar -- not sure why it's not being found.

If it matters, I am running the AJP13Connector from Apache 2.0.43.  It also
throws an exception regarding "ManagedBean isnot found with Ajp13Connector"
but that's also thrown by my "working" webapp as well.  I'm not sure if
these are somehow related or not.

Here's the exception I see as found in the catalina_log.txt file:

2002-11-13 15:29:30 StandardWrapperValve[Login]: Servlet.service() for
servlet Login threw exception
javax.servlet.ServletException: Servlet execution threw an exception
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:269)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:98)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:172)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.ja
va:260)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.ja
va:191)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180
)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.
java:170)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172
)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:641)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java
:174)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invok
eNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.ajp.tomcat4.Ajp13Processor.process(Ajp13Processor.java:458)
at
org.apache.ajp.tomcat4.Ajp13Processor.run(Ajp13Processor.java:551)
at java.lang.Thread.run(Thread.java:479)
- Root Cause -
java.lang.NoClassDefFoundError: org/apache/catalina/util/ParameterMap
at
org.apache.catalina.connector.HttpRequestBase.parseParameters(HttpRequestBas
e.java:624)
at
org.apache.catalina.connector.HttpRequestBase.getParameterValues(HttpRequest
Base.java:764)
at
org.apache.catalina.connector.RequestFacade.getParameterValues(RequestFacade
.java:181)
at com.yozons.html.ServletUtil.getParam(ServletUtil.java:146)
at com.yozons.servlet.ssd.Login.doGet(Login.java:49)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Application
FilterChain.java:247)
at
org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilter
Chain.java:98)
at
org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain
.java:176)
at java.security.AccessController.doPrivileged(Native Method)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterCh
ain.java:172)
at
org.apac

Re: Sorry, I don't speak via HTTP GET error message

[David Wall]

SOAP requires you do a POST.  However, the GET error shows you likely have
things installed correctly.  You need to create a SOAP client and begin
testing.

David
E-Signatures Today by Yozons


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: BLOB FROM JSP PAGE

[David Wall]

> Is there a way to display images from database blob fields within only
jsp,
> i know that it is impossible because of you can not handle an another
> outputstream
> within jsp.

Your JSP needs to output an IMG tag with a 'src' that points back to your
application as another GET that will then return the image of interest.,
generally from a simple servlet that sets the content-type to image/gif or
whatever the image format is.

David


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: Can you view SSL without the "https" prefix?

[David Wall]

> If I type in "https://xx.xx.xx.xx/";, who knows that that should go to
> port 443?  Is it whatever server is listening to port 80 (i.e. I then
> must turn on redirection in Apache), or is this a "net standard"?

That's just the standard port assigned to HTTPS, just as 80 is for HTTP, 25
is for SMTP, etc.

David


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: Can you view SSL without the "https" prefix?

[David Wall]

> > I can change any references internal to my system (index.html, etc) to
> > use "https", but some clients have bookmarked the servlet page, rather
> > than the access page.  Is there a way to redirect
> > "http://xx.xx.xx.xx:8080/index.html"; to *actually* call up the page
> > "https://xx.xx.xx.xx:8080/index.html"; ?
>
> Can't you make whatever handles the http requests on 8080 return a
redirect
> to the same page but with an https protocol request?

You can't have http and https listen on the same port since https has an
entire SSL handshake that must take place before the GET/POST transfer takes
place.  But you could have the 8080 redirect to something like 8081 with
HTTPs running on that instead.  Of course, the "correct" way is to use port
80 for http, and redirect to 443 for https, since all other ports will
really have problems for just about anybody with a firewall "correctly"
configured.

David


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: Tomcat 3.2.3 and Linux JDK 1.3.1

[David Wall]

My ulimit already shows:

core file size (blocks)  100
data seg size (kbytes)   unlimited
file size (blocks)   unlimited
max memory size (kbytes) unlimited
stack size (kbytes)  8192
cpu time (seconds)   unlimited
max user processes   2048
pipe size (512 bytes)8
open files   1024
virtual memory (kbytes)  2105343

so doing 2048 won't help...

It's odd because Sun's JDK 1.3.0 is running fine, but 1.3.1 has this odd
problem.  I believe something dies in the JVM, perhaps a thread or the like,
though I don't see anything in the tomcat log where stderr ought to go.  I'm
running Redhat Linux 6.2, actually VA Linux's version 2.2.14-VA.2.1
([EMAIL PROTECTED]) (gcc version egcs-2.91.66 19990314/Linux
(egcs-1.1.2 release))

David



- Original Message -
From: "Michael Weissenbacher" <[EMAIL PROTECTED]>
To: "'Tomcat Users List'" <[EMAIL PROTECTED]>
Sent: Monday, November 19, 2001 10:50 PM
Subject: RE: Tomcat 3.2.3 and Linux JDK 1.3.1


> well, i tried this already. it didn't get me rid of the segmentation
faults
> on one machine (suse linux 6.3). and why use sun when ibm is about 100%
> faster :)
>
> michael
> -Original Message-
> From: Kwan, Kenneth Y [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, November 20, 2001 7:11 AM
> To: Tomcat Users List
> Subject: RE: Tomcat 3.2.3 and Linux JDK 1.3.1
>
>
>
> try "ulimit -s 2048"
>
> -Original Message-
> From: Michael Weissenbacher [ mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> ]
> Sent: Tuesday, November 20, 2001 2:00 PM
> To: '[EMAIL PROTECTED]'
> Subject: RE: Tomcat 3.2.3 and Linux JDK 1.3.1
>
>
> i've stopped using the sun jdk on linux and i am using the ibm jdk now
> because it has far better performance and i didn't expience any lockup
> problems with it.
>
> michael
>
> -Original Message-
> From: David Wall [ mailto:[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> ]
> Sent: Monday, November 19, 2001 10:59 PM
> To: Tomcat Users List
> Subject: Tomcat 3.2.3 and Linux JDK 1.3.1
>
>
> Have people found any problems running Tomcat 3.2.3 on JDK 1.3.1?  We
found
> that Tomcat seemed to get locked up under JDK 1.3.1 on Linux, but when
> reverting back to 1.3.0, the problem does not appear.
>
> Does anybody have any experience or know what's happening?  It sure would
be
>
> a pain to discover that Tomcat won't run reliably under a released JDK.
>
> Thanks,
> David
>
>
> --
> To unsubscribe:   < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
> For additional commands: < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
> Troubles with the list: < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
>
> --
> To unsubscribe:   < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
> For additional commands: < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
> Troubles with the list: < mailto:[EMAIL PROTECTED]
> <mailto:[EMAIL PROTECTED]> >
>
>


--
To unsubscribe:   <mailto:[EMAIL PROTECTED]>
For additional commands: <mailto:[EMAIL PROTECTED]>
Troubles with the list: <mailto:[EMAIL PROTECTED]>

Tomcat 3.2.3 and Linux JDK 1.3.1

[David Wall]

Have people found any problems running Tomcat 3.2.3 on JDK 1.3.1?  We found
that Tomcat seemed to get locked up under JDK 1.3.1 on Linux, but when
reverting back to 1.3.0, the problem does not appear.

Does anybody have any experience or know what's happening?  It sure would be
a pain to discover that Tomcat won't run reliably under a released JDK.

Thanks,
David


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: Byte Serving PDF's

[David Wall]

> Is this even possible?  From my understanding of the PDF format, it is
> inherently random-access and relies on the entire file being available
> before it can be displayed.

I don't know how it does it, but I've downloaded PDFs that seem to work
page-by-page because when I click down, I can see network activity a slow
response to paint the page as I've moved forward. But that might be a PDF
config item in which pages are defined so that they are really separate
parts.

David


--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

Re: cryptography - slow starting????

[David Wall]

It's the SecureRandom initialization.  You could just force such an
initialization at startup so that startup has a bit of a slowdown, but then
it runs fast the rest of the time.

David


- Original Message -
From: "Gerry Duhig" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, November 13, 2001 10:02 AM
Subject: cryptography - slow starting


Hi!

I have successfully built a servlet that uses JCE to encrypt data and
deployed it under JBoss Tomcat 2.4.1-3.2.2.

The very first access is VERY slow as the cryptography classes do some sort
of initialisation. I don't know what.

Subsequent actions seem very quick.

Is this to be expected? Can I speed it up? Can I get this initialisation to
take place at start-up before a user accesses the servlet?

Gerry




--
To unsubscribe:   
For additional commands: 
Troubles with the list: 

URL with servlet path and .jsp bug for jasper or "per spec"?

[David Wall]

I've got a problem with a URL that includes both the /servlet/ path AND ends
with .jsp, though the .jsp file in this case is not a java serverpages file.

I'm running Tomcat 3.2.3 using Apache with mod_jk.  The mod_jk mount
configuration for Apache is:

JkMount /ssd/servlet/* ajp13
JkMount /ssd/*.jsp ajp13

 I have an URL that is designed such that it's supposed to run my servlet,
but still contain a file name since it's for a file download servlet.  Some
browsers use the name from the URL to select the "save as" name when you do
a download (yes, we also set the Content-disposition for those browsers that
 will deal with it).  The URL will look like:

 /ssd/servlet/GA/file.txt -- which would download a file called 'file.txt'
 from our servlet mapped at /ssd/servlet/GA.  Normally, the 'file.txt' is
 returned as the query string for my servlet.

 But, if I have a file that ends in .JSP:

 /ssd/servlet/GA/file.jsp

 Tomcat doesn't run the GA servlet with 'file.jsp' as the query string.
 Instead. Tomcat thinks this must be a JSP and of course doesn't like it and
 produces an error.  The Jasper log shows the confusion:

 2001-10-05 18:27:44 -ServletPath: /servlet/GA/file.jsp
 2001-10-05 18:27:44 -   PathInfo: null
 2001-10-05 18:27:44 -   RealPath:
/home/tomcat/jakarta-tomcat-3.2.3/WebSsd2/remoteapps/ssd/servlet/GA/file.jsp
 2001-10-05 18:27:44 - RequestURI: /ssd/servlet/GA/file.jsp

 Is this a bug in jasper, in that it doesn't recognize that it should find
 the GA servlet, or is this the way it's supposed to work according to spec
 since the URL ends with .jsp?  In my case, it's complicated by the fact
that
 the filename part is not under my direct control since it reflects the name
 of
 a file that user uploaded earlier and is now downloading.

 David

URL bug for jasper or "per spec"?

[David Wall]

I'm running Tomcat 3.2.3 using Apache with mod_jk.  The mod_jk mount
configuration for Apache is:

JkMount /ssd/servlet/* ajp13
JkMount /ssd/*.jsp ajp13

I have an URL that is designed such that it's supposed to run my servlet,
but still contain a file name since it's for a file download servlet.  Some
browsers use the name from the URL to select the "save as" name when you do
a download (yes, we also set the Content-disposition for those browsers that
will deal with it).  The URL will look like:

/ssd/servlet/GA/file.txt -- which would download a file called 'file.txt'
from our servlet mapped at /ssd/servlet/GA.  Normally, the 'file.txt' is
returned as the query string for my servlet.

But, if I have a file that ends in .JSP:

/ssd/servlet/GA/file.jsp

Tomcat doesn't run the GA servlet with 'file.jsp' as the query string.
Instead. Tomcat thinks this must be a JSP and of course doesn't like it and
produces an error.  The Jasper log shows the confusion:

2001-10-05 18:27:44 -ServletPath: /servlet/GA/file.jsp
2001-10-05 18:27:44 -   PathInfo: null
2001-10-05 18:27:44 -   RealPath:
/home/tomcat/jakarta-tomcat-3.2.3/WebSsd2/remoteapps/ssd/servlet/GA/file.jsp
2001-10-05 18:27:44 - RequestURI: /ssd/servlet/GA/file.jsp

Is this a bug in jasper, in that it doesn't recognize that it should find
the GA servlet, or is this the way it's supposed to work according to spec
since the URL ends with .jsp?

David

Re: Forward to different website.

[David Wall]

You can't forward across contexts, I don't think.  You can
response.sendRedirect() to any URL if that's all you need.

David

- Original Message -
From: "Bob Byron" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, October 04, 2001 4:11 PM
Subject: Forward to different website.


> I need to forward to a different website entirely from inside my servlet.
>
> I tried using the following code:
> RequestDispatcher rd =
getServletContext().getRequestDispatcher("//otherwebsite.com/page.html");
> rd.forward(request, response);
>
> But it didn't seem to want to forward anywhere.  I was able to
successfully
> forward inside my own site though.  But I do need to forward to a
different
> site.  Is there any way for me to do this?
>
> I am in "http://websiteone.com/someservlet"; and want to forward back to
> "http://anotherwebsite.com/somepage.html";.
>
> Thank You,
> Bob Byron

Re: Any reason to use Apache w/ Tomcat for webapp with all dynamic web pages?

[David Wall]

> * If you have lots of static content that can be served from a directory
>   other than the webapp's context path  (right now, current Tomcat
>   versions serve static content within the webapp directory faster
>   stand-alone than they do behind Apache).

Craig, what happens if the images are IN the webapp's context path?  Seems
like Apache still serves them up without Tomcat, though I don't know if
there's a performance hit (like Apache asks Tomcat, tomcat says not found,
and then Apache looks for it in its directories) or not.

I know that Apache will serve up an image in a path like
/app/images/pretty.gif even if /app is mapped to Tomcat (maybe I answered my
own question, since I map /app/*.jsp and /app/servlet/* rather than /app/*).

David

Re: Any reason to use Apache w/ Tomcat for webapp with all dynamic web pages?

[David Wall]

> * If you have Apache already installed, and don't want users to use
>   a non-port-80 URL for JSP/servlet based applications.

Very true, otherwise you need to run Tomcat as root.

Also, Apache itself has some nice features, like mod_rewrite that can be
helpful to handles changes in structure and such.

I guess these days we also need to know if we're talking about the 3.2 or
4.0 versions of Tomcat since there are things like HTTP 1.1 in Tomcat 4.0.
I'm still in 3.2 land and investigating whether 3.3 or 4.0 will work better
for me in the future.  The "fear" is that 4.0 is not as well tested yet.

I also recall that there was (is?) a problem if lots of concurrent requests
came in and Tomcat had to service them all using threads, whereas Apache
will stop at a maximum rather than continue to try to service.  DoS attacks
are nasty no matter what, though.

Also, if you use tools like WebTrends and such, they all know how to work
off of Apache log files, so that format of log message can be quite
important to analyze a site's usage, errors and performance.  And can you
roll log files with Tomcat yet?  With Apache you can roll your log files so
that they don't just keep getting bigger.

David

Re: Any reason to use Apache w/ Tomcat for webapp with all dynamic web pages?

[David Wall]

Hey David,

Don't know if you remember me from GTE NMO or not...  Hope all's well with
you and BEST.

Apache supports HTTP 1.1 whereas the last I heard, Tomcat was only HTTP 1.0,
so each request comes over it's own connection rather than sharing as with
Apache.  This means that Apache is still a good idea because it serves image
files a bit more nicely along with the JSP generated page, and most web
sites have a fair amount of image files.

Apache is generally more robust and secure having been tested in production
environments for a long time, and it will allow you to serve up other kinds
of files nicely in the future (PHP, Perl, Python, CGI, etc.), and I'm sure
it's SSL is must faster because it's native C code.  Tomcat probably uses
JSSE, and even Sun doesn't claim it's a production-quality SSL package,
though it seems to work well enough for me (I use it for SOAP calls from the
client side to our web service).

Lastly, I use Apache+modSSL to run on a front-end server with the Tomcat
system on a different computer (using NAT and a firewall to limit
connections to the app server as through the connector ports).  This
provides some added security because Tomcat can run on a private network
instead of the publicly accessible web server.

David
-
David A. E. Wall
Chief Software Architect
Yozons, Inc.
724 17th Avenue
Kirkland, WA 98033 USA
Tel 425.822.4465[EMAIL PROTECTED]
Fax 425.827.9415www.yozons.com


- Original Message -
From: "David M. Karr" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, October 01, 2001 6:20 PM
Subject: Any reason to use Apache w/ Tomcat for webapp with all dynamic web
pages?


> If you're committed to a project where virtually all of the pages will be
> dynamically generated, through JSP most likely, and you're committed to
using
> Tomcat, is there ANY good reason to use Apache, in addition to Tomcat?
>
> I surveyed the FAQ, and I didn't notice this question being specifically
> addressed.  AFAIU, Apache is good for serving static pages or resources.
If
> you're only serving dynamic content, it only serves to complicate the
> deployment, and serves no useful purpose.
>
> Can anyone give me any opposing viewpoint, assuming a dynamic webapp with
> Tomcat?
>
> --
> ===
> David M. Karr  ; Best Consulting
> [EMAIL PROTECTED]   ; Java/Unix/XML/C++/X ; BrainBench CJ12P (#12004)

Tomcat in production - Yozons e-signature and secure document delivery

[David Wall]

Some people have wondered about Tomcat in production environments.  Rather
than bore everyone on this list, I'll just include a link to a story that I
wrote about my experiences creating a startup company based primarily on
open source and/or free software.  It may be of interest since we're in
production running on a four distributed servers (two web and two app).

The story is at: http://myeastside.com/mes/showFullStory.jsp?sid=1720

David
Yozons Inc - Signed & Secured

Re: [ANNOUNCEMENT] Apache Tomcat 4.0 Final Release

[David Wall]

What are people using the 3.2 branch doing to upgrade?  Are most going to
"wait and see" for a 4.1, or do most people think 4.0 is going to be as
stable (or more) than the 3.2 code?

David

Re: error 404 with a GET request

[David Wall]

>  GET http://localhost/index.vxml HTTP/1.0
>  Accept: */*
>  User-Agent: myClientHttp
>  Connection: close
>
> The tomcat web server answers : error 404

The GET should not include the HTTP URL part.  You should connect to port 80
(the http:// part) of 'localhost''s IP address and do a get on just
'/index.vxml'

David

Debugging Linux TC from Win98 VisualCafe 4.1

[David Wall]

Has anybody successfully configured their systems to allow for distributed
debugging using VisualCafe 4.1?

I'm running VC4.1 on Win98, with Tomcat 3.2 (JDk1.3) running on Linux
(RH6.2).  I don't seem to get it to work, though I thought this was possible
these days.  println debugging is a pain, so if you'd done it, can you give
me the right pointers to help me out?

Regards,
David
Yozons Signed & Secured

Re: Re[4]: Reverse DNS lookup

[David Wall]

Thanks for all the help.  It wasn't my code or my ISP, but a security
manager problem...

Turns out the problem was a security permission I needed to define:

 permission java.net.SocketPermission "*", "resolve";

What's unusual is that no exception was thrown to make that clear.  It just
"failed silently."

David

Re: Re[2]: Reverse DNS lookup

[David Wall]

> RL> The InetAddress...getHostName() call will use the DNS
databases.
> RL> For most computers, however, this won't return anything useful.
>
> That is not true. Most of US IPs have PTR records. That includes your
> own IP, that you had when sending your msg. By far, most servers have
rDNS,
> most dynamic IPs do, most static IPs for cable/DSL do, and even most
routers
> do.

The IP address I was testing is 216.122.43.90 and I am able to do a reverse
lookup using dig from the webserver.  It just seems to me that the
InetAddress class is perhaps not using whatever it needs to do to use DNS.
Does anybody know what the implementation of InetAddress is actually doing
under the hood?

David

Re: Reverse DNS lookup

[David Wall]

> InetAddress.getByName().getHostName() will do what you
> want, if the info is available.

Where would the info have to be available?  Is there anything comparable to
a "dig -x" command under Unix?  For most IP addresses, there will not be
anything configured on my computer, but I know that ARPA reverse lookups are
possible.

The method you show above still returns the IP address on my system, yet a
"dig -x" will show the host name resolved.

David

Remove DNS lookup

[David Wall]

Is there a class that can do a reverse DNS lookup, giving me the hostname
that matches a given IP address?  I'm able to retrieve the IP address of an
HTTP request just fine using request.getRemoteAddr() (and getRemoteHost()
returns the same IP address dotted numbers), but the java.net package
doesn't seem to have
anything that returns a name based on an IP address, unless I'm just
misreading InetAddress...

David