REPOST: Authentication: Use Tomcat and Apache

[Kevin Andryc]

I have an application that currently uses Apache's authentication. In order
for this to work with Tomcat I had to specify it in my server.xml, like so:



I also have another application running under Tomcat that I would like
Tomcat to handle the authentication. Is there a way to have both methods?

Thanks,
Kevin


Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]




--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: REPOST: Authentication: Use Tomcat and Apache

[Kevin Andryc]

I am not sure. I haven't tried it. Thanks for all the suggestions.

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Koes, Derrick [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 12:38 PM
To: 'Tomcat Users List'
Subject: RE: REPOST: Authentication: Use Tomcat and Apache


Does putting it under a different service name work?

-Original Message-----
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 12:16 PM
To: [EMAIL PROTECTED]
Subject: REPOST: Authentication: Use Tomcat and Apache

I have an application that currently uses Apache's authentication. In order
for this to work with Tomcat I had to specify it in my server.xml, like so:



I also have another application running under Tomcat that I would like
Tomcat to handle the authentication. Is there a way to have both methods?

Thanks,
Kevin


Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]




--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: REPOST: Authentication: Use Tomcat and Apache

[Kevin Andryc]

So I tried this and it still doesn't work. Here is how I have it set up:

Server.xml:





workers.properties:

worker.list=ajp13, test
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
worker.ajp13.lbfactor=1

worker.test.port=8011
worker.test.host=localhost
worker.test.type=ajp13
worker.test.lbfactor=1

worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=ajp13, test
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start

mod_jk.conf:

JkWorkersFile "/opt/tomcat/conf/jk/workers.properties"
JkLogFile "/opt/tomcat/logs/mod_jk.log"

JkLogLevel info

JkMount /examples/* ajp13

JkMount /protected/* test

It appears if I change the first connector in my server.xml file so that
tomcat authentication is set to true, my protected page works. Otherwise, in
the configuration shown above, it does not. I think I am doing everything
right. Any ideas??

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Reynir Hübner [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 12:29 PM
To: Tomcat Users List
Subject: RE: REPOST: Authentication: Use Tomcat and Apache

I think you must have two connectors (one as this one, and one with out
tomcatAuthentication="false" attribute, on another port). then you would
have to configure the mod_jk to handle different applications or hosts in
apache with correct connector (on different ports).

hope it helps
-reynir


> -Original Message-
> From: Koes, Derrick [mailto:[EMAIL PROTECTED]]
> Sent: 13. ágúst 2002 16:38
> To: 'Tomcat Users List'
> Subject: RE: REPOST: Authentication: Use Tomcat and Apache
>
>
>
> Does putting it under a different service name work?
>
> -Original Message-
> From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 13, 2002 12:16 PM
> To: [EMAIL PROTECTED]
> Subject: REPOST: Authentication: Use Tomcat and Apache
>
> I have an application that currently uses Apache's
> authentication. In order
> for this to work with Tomcat I had to specify it in my
> server.xml, like so:
>
> port="8009" minProcessors="5" maxProcessors="75"
>acceptCount="10" debug="0"
> tomcatAuthentication="false"/>
>
> I also have another application running under Tomcat that I would like
> Tomcat to handle the authentication. Is there a way to have
> both methods?
>
> Thanks,
> Kevin
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> [EMAIL PROTECTED]
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: REPOST: Authentication: Use Tomcat and Apache

[Kevin Andryc]

So I tried this and it still doesn't work. Here is how I have it set up:

Server.xml:





workers.properties:

worker.list=ajp13, test
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
worker.ajp13.lbfactor=1

worker.test.port=8011
worker.test.host=localhost
worker.test.type=ajp13
worker.test.lbfactor=1

worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=ajp13, test
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start

mod_jk.conf:

JkWorkersFile "/opt/tomcat/conf/jk/workers.properties"
JkLogFile "/opt/tomcat/logs/mod_jk.log"

JkLogLevel info

JkMount /examples/* ajp13

JkMount /protected/* test

It appears if I change the first connector in my server.xml file so that
tomcat authentication is set to true, my protected page works. Otherwise, in
the configuration shown above, it does not. I think I am doing everything
right. Any ideas??

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Reynir Hübner [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 12:29 PM
To: Tomcat Users List
Subject: RE: REPOST: Authentication: Use Tomcat and Apache

I think you must have two connectors (one as this one, and one with out
tomcatAuthentication="false" attribute, on another port). then you would
have to configure the mod_jk to handle different applications or hosts in
apache with correct connector (on different ports).

hope it helps
-reynir


> -Original Message-
> From: Koes, Derrick [mailto:[EMAIL PROTECTED]]
> Sent: 13. ágúst 2002 16:38
> To: 'Tomcat Users List'
> Subject: RE: REPOST: Authentication: Use Tomcat and Apache
>
>
>
> Does putting it under a different service name work?
>
> -Original Message-
> From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 13, 2002 12:16 PM
> To: [EMAIL PROTECTED]
> Subject: REPOST: Authentication: Use Tomcat and Apache
>
> I have an application that currently uses Apache's
> authentication. In order
> for this to work with Tomcat I had to specify it in my
> server.xml, like so:
>
> port="8009" minProcessors="5" maxProcessors="75"
>acceptCount="10" debug="0"
> tomcatAuthentication="false"/>
>
> I also have another application running under Tomcat that I would like
> Tomcat to handle the authentication. Is there a way to have
> both methods?
>
> Thanks,
> Kevin
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> [EMAIL PROTECTED]
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Help: Authentication: Use Tomcat and Apache

[Kevin Andryc]

So I tried this and it still doesn't work. Here is how I have it set up:

Server.xml:





workers.properties:

worker.list=ajp13, test
worker.ajp13.port=8009
worker.ajp13.host=localhost
worker.ajp13.type=ajp13
worker.ajp13.lbfactor=1

worker.test.port=8011
worker.test.host=localhost
worker.test.type=ajp13
worker.test.lbfactor=1

worker.loadbalancer.type=lb
worker.loadbalancer.balanced_workers=ajp13, test
worker.inprocess.type=jni
worker.inprocess.class_path=$(workers.tomcat_home)$(ps)lib$(ps)tomcat.jar
worker.inprocess.cmd_line=start

mod_jk.conf:

JkWorkersFile "/opt/tomcat/conf/jk/workers.properties"
JkLogFile "/opt/tomcat/logs/mod_jk.log"

JkLogLevel info

JkMount /examples/* ajp13

JkMount /protected/* test

It appears if I change the first connector in my server.xml file so that
tomcat authentication is set to true, my protected page works. Otherwise, in
the configuration shown above, it does not. I think I am doing everything
right. Any ideas??

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Reynir Hübner [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, August 13, 2002 12:29 PM
To: Tomcat Users List
Subject: RE: REPOST: Authentication: Use Tomcat and Apache

I think you must have two connectors (one as this one, and one with out
tomcatAuthentication="false" attribute, on another port). then you would
have to configure the mod_jk to handle different applications or hosts in
apache with correct connector (on different ports).

hope it helps
-reynir


> -Original Message-
> From: Koes, Derrick [mailto:[EMAIL PROTECTED]]
> Sent: 13. ágúst 2002 16:38
> To: 'Tomcat Users List'
> Subject: RE: REPOST: Authentication: Use Tomcat and Apache
>
>
>
> Does putting it under a different service name work?
>
> -Original Message-
> From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 13, 2002 12:16 PM
> To: [EMAIL PROTECTED]
> Subject: REPOST: Authentication: Use Tomcat and Apache
>
> I have an application that currently uses Apache's
> authentication. In order
> for this to work with Tomcat I had to specify it in my
> server.xml, like so:
>
> port="8009" minProcessors="5" maxProcessors="75"
>acceptCount="10" debug="0"
> tomcatAuthentication="false"/>
>
> I also have another application running under Tomcat that I would like
> Tomcat to handle the authentication. Is there a way to have
> both methods?
>
> Thanks,
> Kevin
>
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> [EMAIL PROTECTED]
>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>
>
> --
> To unsubscribe, e-mail:
> <mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
> <mailto:[EMAIL PROTECTED]>
>
>

--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Security Constraint in web.xml

[Kevin Andryc]

I was wondering how I can only protect certain classes in my application.
For example, if someone tries to access a servlet (i.e.:
http://localhost:8080/test/servlet/foo) then a login page comes up and the
person has to sign in. But, if the person tries to access a different
servlet (i.e.: http://localhost:8080/test/servlet/bar) then no login page
appears. Can this be done in the security constraint in my web.xml? If so,
how? I have tried before and keep getting errors!

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Access by IP Address

[Kevin Andryc]

I have an application that I would like to authenticate using IP address and
also username/password. For example, if a user has a username/password then
he/she could just log in as normal. If, however, the user is coming from a
known range of IP addresses, then I wish to assign them a temporary username
and have them connect to the application. Else, I just want to reject
everyone else. In my server.xml file, I have several context elements, so I
only this to apply to a certain context. How do I do this? If I assign a
temporary username, then do I store this in a session variable? Thanks for
all your help.

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Access by IP Address

[Kevin Andryc]

I have an application that I would like to authenticate using IP address and
also username/password. For example, if a user has a username/password then
he/she could just log in as normal. If, however, the user is coming from a
known range of IP addresses, then I wish to assign them a temporary username
and have them connect to the application. Else, I just want to reject
everyone else. In my server.xml file, I have several context elements, so I
only this to apply to a certain context. How do I do this? If I assign a
temporary username, then do I store this in a session variable? Thanks for
all your help.


Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Performance Manager

[Kevin Andryc]

I was just wondering if there was a performance tracking application for
Tomcat such that it will have statistics and graphs of usage. Is there also
one for Apache by any chance?

Thank You,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Errors when compiling Tomcat Connectors

[Kevin Andryc]

I downloaded the Tomcat connectors (jakarta-tomcat-connectors-4.1.12-src)
and Ant version 1.5.1. I unzipped that to an appropriate directory and then
edited the build.properties file located in
jakarta-tomcat-connectors-4.1.12/jk. Such that it looks like this:

tomcat40.home=%TOMCAT_HOME%
apache2.home=%APACHE2_HOME%
apr.include=${apache2.home}/include
apr.lib=${apache2.home}/lib
so.debug=true
so.optimize=false
so.profile=false

I then ran "Ant" in the same directory and it came up with a lot of compiler
errors saying that it could not import "org.apache.tomcat.util.*" and that
the package does not exist. Those classes are found in tomcat-util.jar and
is located in %TOMCAT_HOME%/server/lib. I tried to put that in my CLASSPATH
environment variable and then ran Ant again, but still it had the same
errors. I am new to Ant and would appreciate any help.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Errors when compiling Tomcat Connectors

[Kevin Andryc]

Both CATALINA_HOME and TOMCAT_HOME are set in my environment variables.
Still, when I try to build the connectors using Ant, it contains error. Here
is the error code:

BUILD FAILED
File:C:/Program Files/Apache Group/Tomcat
Connectors/v4.1.12/jk/build.xml:167: Compile failed; see the compiler error
output for details.

Here is one of the 100 errors:

[javac] C:\Program Files\Apache Group\Tomcat
Connectors\v4.1.12\jk\java\org\apache\jk\common\WorkerDummy.java:69: package
org.apache.tomcat.util.http does not exist
[javac] import org.apache.tomcat.util.http.*;
[javac]^

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]

-Original Message-
From: Paul Campbell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 27, 2002 2:51 PM
To: Tomcat Users List
Subject: Re: Errors when compiling Tomcat Connectors

1. Do you mean TOMCAT_HOME or CATALINA_HOME.
The docs refer to CATALINA_HOME..

2. from http://boats:8080/tomcat-docs/appdev/build.xml.txt
under External Dependencies
  Because we will automatically include all of the Java classes that Tomcat
4
  exposes to web applications, we will not need to explicitly list any of
those
  dependencies.

3. what is CATALINA_HOME ? I think this should bring in servlet.jar
 From the build.xml:
 fileset dir="${catalina.home}/common/lib"
  include name="*.jar"/
   /fileset

At 02:32 PM 11/27/02 -0500, you wrote:
>I downloaded the Tomcat connectors (jakarta-tomcat-connectors-4.1.12-src)
>and Ant version 1.5.1. I unzipped that to an appropriate directory and then
>edited the build.properties file located in
>jakarta-tomcat-connectors-4.1.12/jk. Such that it looks like this:
>
>tomcat40.home=%TOMCAT_HOME%
>apache2.home=%APACHE2_HOME%
>apr.include=${apache2.home}/include
>apr.lib=${apache2.home}/lib
>so.debug=true
>so.optimize=false
>so.profile=false
>
>I then ran "Ant" in the same directory and it came up with a lot of
compiler
>errors saying that it could not import "org.apache.tomcat.util.*" and that
>the package does not exist. Those classes are found in tomcat-util.jar and
>is located in %TOMCAT_HOME%/server/lib. I tried to put that in my CLASSPATH
>environment variable and then ran Ant again, but still it had the same
>errors. I am new to Ant and would appreciate any help.
>
>Thanks,
>Kevin
>
>Kevin Andryc
>Web Systems Engineer
>MISER
>http://www.umass.edu/miser/
>Phone: (413)-545-3460
>[EMAIL PROTECTED]
>
>
>
>--
>To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
>For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Database locked by Tomcat

[Kevin Andryc]

I am Running Tomcat 4.0 on Windows 2000. I have a servlet, which calls a
program that connects to a DBF database natively (not using JDBC-ODBC) and
updates records in the database. The problem I am having is that Tomcat does
not release the database until I restart the Tomcat service. I close the
connection and even do a "commit()".  Has anyone else had a problem and if
so, is there a solution? Below is some sample code:

Class.forName(dbfDriverName).newInstance();
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
Statement stmt = conn.createStatement();

// do some stuff

statement.close();
connection.commit();
Thanks,
Kevin


--
To unsubscribe, e-mail:   
For additional commands, e-mail: 

RE: Database locked by Tomcat

[Kevin Andryc]

Hi Jeff,
Thanks for the suggestion and code. I have tried this and Tomcat still
holds the database. I know this because I have a program from Sysinternals
that lists the files held by a process and the database is one of them. But
here is the weird part. After some amount of time, the database does get
released. I am lost at this point. Any more suggestions?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 11, 2002 01:54 PM
To: Tomcat Users List
Subject: Re: Database locked by Tomcat


Hi, Kevin.

 Correction: Database locked by YOU!  :)

You've closed the statement but not the connection.  You need a conn.close()
after the commit.  This shouldn't lock the database by itself, although if
you
keep leaving connections open, then you will eventually hit a connection max
limit, which could be what's hanging it.  I would also recommend that you
put
all that stuff in a try block and finally close the connection, something
like
this:

Statement stmt = null;
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
try {
 // do some stuff
 conn.commit();
}
catch(Exception e) {
 conn.rollback();
}
finally {
 if ( stmt != null ) {
  try {
   stmt.close();
  }
  catch(SQLException e) {
   // handle or ignore
  }
 }
 conn.close();
}

HTH,
Jeff




Kevin Andryc

umass.edu> cc:
   Subject: Database locked by
Tomcat
06/11/02 12:44
PM
Please respond
to "Tomcat
Users List"






I am Running Tomcat 4.0 on Windows 2000. I have a servlet, which calls a
program that connects to a DBF database natively (not using JDBC-ODBC) and
updates records in the database. The problem I am having is that Tomcat does
not release the database until I restart the Tomcat service. I close the
connection and even do a "commit()".  Has anyone else had a problem and if
so, is there a solution? Below is some sample code:

Class.forName(dbfDriverName).newInstance();
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
Statement stmt = conn.createStatement();

// do some stuff

statement.close();
connection.commit();
Thanks,
Kevin


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>






--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Database locked by Tomcat

[Kevin Andryc]

What is Toad?

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Scott Purcell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 03:36 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat

Have you updated any record using Toad?

I updated some records in toad and forgot to hit commit, and it screwed me
up for hours. My code that worked earlier stopped working and I was getting
all kinds of wierd problems. I went back to toad, hit commit, and all
problems disappeared.





-Original Message-
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 1:07 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat


Hi Jeff,
Thanks for the suggestion and code. I have tried this and Tomcat still
holds the database. I know this because I have a program from Sysinternals
that lists the files held by a process and the database is one of them. But
here is the weird part. After some amount of time, the database does get
released. I am lost at this point. Any more suggestions?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 11, 2002 01:54 PM
To: Tomcat Users List
Subject: Re: Database locked by Tomcat


Hi, Kevin.

 Correction: Database locked by YOU!  :)

You've closed the statement but not the connection.  You need a conn.close()
after the commit.  This shouldn't lock the database by itself, although if
you
keep leaving connections open, then you will eventually hit a connection max
limit, which could be what's hanging it.  I would also recommend that you
put
all that stuff in a try block and finally close the connection, something
like
this:

Statement stmt = null;
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
try {
 // do some stuff
 conn.commit();
}
catch(Exception e) {
 conn.rollback();
}
finally {
 if ( stmt != null ) {
  try {
   stmt.close();
  }
  catch(SQLException e) {
   // handle or ignore
  }
 }
 conn.close();
}

HTH,
Jeff




Kevin Andryc

umass.edu> cc:
   Subject: Database locked by
Tomcat
06/11/02 12:44
PM
Please respond
to "Tomcat
Users List"






I am Running Tomcat 4.0 on Windows 2000. I have a servlet, which calls a
program that connects to a DBF database natively (not using JDBC-ODBC) and
updates records in the database. The problem I am having is that Tomcat does
not release the database until I restart the Tomcat service. I close the
connection and even do a "commit()".  Has anyone else had a problem and if
so, is there a solution? Below is some sample code:

Class.forName(dbfDriverName).newInstance();
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
Statement stmt = conn.createStatement();

// do some stuff

statement.close();
connection.commit();
Thanks,
Kevin


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>






--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Database locked by Tomcat

[Kevin Andryc]

Unfortunately I am not using Oracle. I am connecting to a Dbase database
(.DBF).

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Scott Purcell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 03:46 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat

Toad is a terrific database tool, for Oracle:
http://www.toadsoft.com/

It is a 5 star product.




-Original Message-
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 2:41 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat


What is Toad?

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Scott Purcell [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 03:36 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat

Have you updated any record using Toad?

I updated some records in toad and forgot to hit commit, and it screwed me
up for hours. My code that worked earlier stopped working and I was getting
all kinds of wierd problems. I went back to toad, hit commit, and all
problems disappeared.





-Original Message-
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, June 12, 2002 1:07 PM
To: Tomcat Users List
Subject: RE: Database locked by Tomcat


Hi Jeff,
Thanks for the suggestion and code. I have tried this and Tomcat still
holds the database. I know this because I have a program from Sysinternals
that lists the files held by a process and the database is one of them. But
here is the weird part. After some amount of time, the database does get
released. I am lost at this point. Any more suggestions?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 11, 2002 01:54 PM
To: Tomcat Users List
Subject: Re: Database locked by Tomcat


Hi, Kevin.

 Correction: Database locked by YOU!  :)

You've closed the statement but not the connection.  You need a conn.close()
after the commit.  This shouldn't lock the database by itself, although if
you
keep leaving connections open, then you will eventually hit a connection max
limit, which could be what's hanging it.  I would also recommend that you
put
all that stuff in a try block and finally close the connection, something
like
this:

Statement stmt = null;
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
try {
 // do some stuff
 conn.commit();
}
catch(Exception e) {
 conn.rollback();
}
finally {
 if ( stmt != null ) {
  try {
   stmt.close();
  }
  catch(SQLException e) {
   // handle or ignore
  }
 }
 conn.close();
}

HTH,
Jeff




Kevin Andryc

umass.edu> cc:
   Subject: Database locked by
Tomcat
06/11/02 12:44
PM
Please respond
to "Tomcat
Users List"






I am Running Tomcat 4.0 on Windows 2000. I have a servlet, which calls a
program that connects to a DBF database natively (not using JDBC-ODBC) and
updates records in the database. The problem I am having is that Tomcat does
not release the database until I restart the Tomcat service. I close the
connection and even do a "commit()".  Has anyone else had a problem and if
so, is there a solution? Below is some sample code:

Class.forName(dbfDriverName).newInstance();
Connection conn = DriverManager.getConnection(dbfUrl, "", "");
Statement stmt = conn.createStatement();

// do some stuff

statement.close();
connection.commit();
Thanks,
Kevin


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>






--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Connection pooling doesn't work for me ... Help !!

[Kevin Andryc]

I apologize but I saw this post late. I had a problem with connection
pooling using Oracle and JNDI. To get around it I had to do something like
this:

In conf\server.xml


   
  
 user
 user
   

   password
   password


   driverClassName
   oracle.jdbc.driver.OracleDriver
 
 
 driverName
 jdbc:oracle:thin:@oracle.ds:1521:db

 

In WEB-INF/web.xml



   
  OracleConnectionPool
  aOracleConnectionPool
  1
   

   
  jdbc/mydb
  oracle.jdbc.pool.OracleConnectionPoolDataSource
  Container
   



OracleConnectionPool.java

try {
Context initCtx = new InitialContext();
OracleConnectionPoolDataSource ocpds = new
OracleConnectionPoolDataSource();
ResourceBundle rb = ResourceBundle.getBundle("database");
ocpds.setURL(rb.getString("url"));
ocpds.setUser(rb.getString("user"));
ocpds.setPassword(rb.getString("password"));
initCtx.rebind("axesdb", ocpds);
} catch (SQLException sqlex) {
sqlex.printStackTrace();
} catch (Exception ex) {
ex.printStackTrace();
}

In your code:

Context initCtx = new InitialContext();
OracleConnectionPoolDataSource ocpds =
(OracleConnectionPoolDataSource)initCtx.lookup("mydb");
PooledConnection pooledConnection = ocpds.getPooledConnection();
Connection connection = pooledConnection.getConnection();
Statement statement = connection.createStatement();
ResultSet resultSet = statement.executeQuery(sql);

Good Luck!

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 03:12 PM
To: Tomcat Users List
Subject: Re: Connection pooling doesn't work for me ... Help !!

Hi,

well I got stuck with the same problem as the others:
I cannot get a connect to the DB via JNDI.

Just a simple idea: can the problem be the MySQL Driver?
Is there maybe someone out there to give some hints how to look into this
"blackbox" JNDI to see what is going wrong(Craig ?)

Thanks for any help!

Rainer

- Original Message -
From: "Neil Milne" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Thursday, June 13, 2002 2:56 PM
Subject: Re: Connection pooling doesn't work for me ... Help !!


> I'm using the JNDI Datasource setup fine with Tomcat 4.0.3 and Sybase.
> In server.xml I have:
>
>  type="javax.sql.ConnectionPoolDataSource"/>
> 
>  driverClassName
> com.sybase.jdbc2.jdbc.SybDriver 
>  user user
> 
>  initialPoolSize 5
> 
>
> There's no need to specify a factory as Tomcat has a Datasource resource
> factory built in.
>
> Note that I've used the ConnectionPoolDataSource class - not sure if
> this makes a difference.
>
> HTH
> Neil.
>
> - Original Message -
> from: Martin Jacobson <[EMAIL PROTECTED]>
> date: Thursday, June 13, 2002 1:40 pm
> subject: Re: Connection pooling doesn't work for me ... Help !!
>
> > anthony.dodd wrote:
> >
> > > Hi
> > >
> > > I've posted a solution see "Generic DataSource Resource Factory
> > > Available. JDBC Data Source" on the tomcat user maillist.
> > >
> > > Tony
> > >
> > Yes, but...
> >
> >
> > Like many others on this list, I too have been unable to get the
> > std
> > JNDI DataSource thingy working; as an interim measure, I
> > implemented a
> > workaround (which does at least work!), but I refuse to be defeated!
> >
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Connection pooling doesn't work for me ... Help !!

[Kevin Andryc]

I wasn't aware of that. Thank you. When I was looking to do Oracle pooling I
did a search on Google groups and asked around in which 99% of the posts
used this method. I never heard of the Jdbc2PoolDataSource.

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: John McNally [mailto:[EMAIL PROTECTED]]
Sent: Thursday, June 13, 2002 05:25 PM
To: Tomcat Users List
Subject: Re: Connection pooling doesn't work for me ... Help !!


> >
> > In your code:
> >
> > Context initCtx = new InitialContext();
> > OracleConnectionPoolDataSource ocpds =
> > (OracleConnectionPoolDataSource)initCtx.lookup("mydb");
> > PooledConnection pooledConnection = ocpds.getPooledConnection();
> > Connection connection = pooledConnection.getConnection();
> > Statement statement = connection.createStatement();
> > ResultSet resultSet = statement.executeQuery(sql);
> >

This is not the correct way to to use a ConnectionPoolDataSource.  An
application should only interact with DataSource's.  I don't know oracle
jdbc drivers very well, but I assume that they provide a DataSource
implementation and if you do not care to have connection pooling you
should use that.

A ConnectionPoolDataSource does not provide connections that are pooled
somehow internally.  It is meant to be used by application servers or
other middle-ware software which might include connection pooling.  This
middle-ware layer will present a DataSource front-end for applications
to use and the ConnectionPoolDataSource will be used as its source of
physical connections.


If you are looking for a connection pool that will use the
ConnectionPoolDataSource provided by oracle, you can find one in
jakarta-commons-sandbox/jdbc2pool.  It is the Jdbc2PoolDataSource class.


john mcnally


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Authentication Example in Tomcat

[Kevin Andryc]

I was just wondering where I can find more information about the security
example found in Tomcat 4.0
(TOMCAT_HOME/webapps/examples/jsp/security/protected). I am not sure I
understand how it works. In the  element it calls "j_security_check".
Is this something unique to Tomcat? Also, I looked at some documentation on
Realms. How would I go about having a user register with a username and
password in which the password will be encrypted in a database and then when
the user logs in, have the password he/she typed in get validated versus the
encrypted password in my database. Thanks for the help!

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Authenticate using a JDBCRealm and servlets!!

[Kevin Andryc]

I was hoping someone could provide some code on how to have a servlet handle
the authentication using JDBCRealm. In other words, I want to have a login
page with ausername and password in which point to a servlet on submittal. I
then want the servlet to authenticate the user and handle the request.
Thanks!!

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Can't start Tomcat 4.0.4: Windows 98

[Kevin Andryc]

I am having troubles starting Tomcat 4.0.4 on windows 98. Here is the error
I get:

At Line 84 /Server/Service/Connector/
className=org.apache.ajp.tomcat4.Ajp13Conn

nnector
at java.net.URLClassLoader$1.run(URLClassLoader.java:198)
at java.security.AccessController.doPrivileged(Native Method)
at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:322)
at java.lang.Class.forName0(Native Method)
at java.lang.Class.forName(Class.java:130)
at
org.apache.catalina.util.xml.ObjectCreate.start(XmlMapper.java:616)
at
org.apache.catalina.util.xml.XmlMapper.matchStart(XmlMapper.java:412)

)
va:329)
at
org.apache.xerces.parsers.SAXParser.startElement(SAXParser.java:1376)

at
org.apache.xerces.validators.common.XMLValidator.callStartElement(XML
Validator.java:1284)
at
org.apache.xerces.framework.XMLDocumentScanner.scanElement(XMLDocumen
tScanner.java:1806)
at
org.apache.xerces.framework.XMLDocumentScanner$ContentDispatcher.disp
atch(XMLDocumentScanner.java:1182)
at
org.apache.xerces.framework.XMLDocumentScanner.parseSome(XMLDocumentS
canner.java:381)
at org.apache.xerces.framework.XMLParser.parse(XMLParser.java:1098)
at
org.xml.sax.helpers.XMLReaderAdapter.parse(XMLReaderAdapter.java:223)

at javax.xml.parsers.SAXParser.parse(SAXParser.java:362)
at javax.xml.parsers.SAXParser.parse(SAXParser.java:301)
at
org.apache.catalina.util.xml.XmlMapper.readXml(XmlMapper.java:228)
at org.apache.catalina.startup.Catalina.start(Catalina.java:725)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)

I had it working last week, and now...nothing. Any help is much appreciated!

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

JDBC Realm with Oracle

[Kevin Andryc]

I have searched the archives, but I have not seen a solution. I keep getting
an error (shown below) when I try to use the JDBC Realm with Oracle. I can
connect fine from within a Servlet, but not from the Realm. Here is my code
and the error:

server.xml


Error:
Catalina.start: LifecycleException:  Exception opening database connection:
jav
a.sql.SQLException: invalid arguments in call
LifecycleException:  Exception opening database connection:
java.sql.SQLExcepti
on: invalid arguments in call
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)

)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:506
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
- Root Cause -
at oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:168)
at oracle.jdbc.dbaccess.DBError.check_error(DBError.java:857)
at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:189)
at
oracle.jdbc.driver.OracleConnection.(OracleConnection.java:246)

at
oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.ja
va:365)
at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:260)
at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:548)
at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:613)
at
org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)

at
org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343
)
at
org.apache.catalina.core.StandardService.start(StandardService.java:3
88)
at
org.apache.catalina.core.StandardServer.start(StandardServer.java:506
)
at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: JDBC Realm with Oracle

[Kevin Andryc]

You are right on the money :)! Thanks!!

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Eddie Bush
Sent: Monday, July 01, 2002 11:41 AM
To: Tomcat Users List
Subject: Re: JDBC Realm with Oracle

I don't use Oracle, so I could be way off - but it sounds like it doesn't
know
how to deal well with the URL you've provided.  My suggestion would be to
try
using the connectionName="dbUsername" and connectionPassword="dbPassword"
attributes in your Realm element.

HTH,

Eddie

Kevin Andryc wrote:

> I have searched the archives, but I have not seen a solution. I keep
getting
> an error (shown below) when I try to use the JDBC Realm with Oracle. I can
> connect fine from within a Servlet, but not from the Realm. Here is my
code
> and the error:
>
> server.xml
>   driverName="oracle.jdbc.driver.OracleDriver"
>
>
connectionURL="jdbc:oracle:thin:@oracle.server.priv:1521:oracledb?user=usr;p
> assword=pass"
>   userTable="users" userNameCol="user_name"
> userCredCol="user_pass"
>   userRoleTable="user_roles" roleNameCol="role_name" />
>
> Error:
> Catalina.start: LifecycleException:  Exception opening database
connection:
> jav
> a.sql.SQLException: invalid arguments in call
> LifecycleException:  Exception opening database connection:
> java.sql.SQLExcepti
> on: invalid arguments in call
> at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:615)
>
> )
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:3
> 88)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:506
> at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
> at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
> - Root Cause -
> at
oracle.jdbc.dbaccess.DBError.throwSqlException(DBError.java:168)
> at oracle.jdbc.dbaccess.DBError.check_error(DBError.java:857)
> at oracle.jdbc.ttc7.TTC7Protocol.logon(TTC7Protocol.java:189)
> at
> oracle.jdbc.driver.OracleConnection.(OracleConnection.java:246)
>
> at
> oracle.jdbc.driver.OracleDriver.getConnectionInstance(OracleDriver.ja
> va:365)
> at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:260)
> at org.apache.catalina.realm.JDBCRealm.open(JDBCRealm.java:548)
> at org.apache.catalina.realm.JDBCRealm.start(JDBCRealm.java:613)
> at
> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1108)
>
> at
> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:343
> )
> at
> org.apache.catalina.core.StandardService.start(StandardService.java:3
> 88)
> at
> org.apache.catalina.core.StandardServer.start(StandardServer.java:506
> )
> at org.apache.catalina.startup.Catalina.start(Catalina.java:781)
> at org.apache.catalina.startup.Catalina.execute(Catalina.java:681)
> at org.apache.catalina.startup.Catalina.process(Catalina.java:179)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:243)
>
> Thanks,
> Kevin
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> [EMAIL PROTECTED]
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

j_security_check question

[Kevin Andryc]

I am using a servlet as a login form that uses  "j_security_check". When
submitted I would like it to return back to the same servlet with the person
now authenticated except that it gives me the error:

Type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page).

Here is my web.xml file:


  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
  


   

  FORM
  Example Form-Based Authentication Area
  
/servlet/CustomLogin
/jsp/security/error.jsp
  


I have searched through the archives and it appears no one responded. Anyone
have a solution?

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: j_security_check question

[Kevin Andryc]

When I type in the URL:

http://localhost:8080/dev/servlet/CustomLogin

The form loads with the respective "username" and "password" fields. But
when I submit the form to be authenticated, that is when the error appears.

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 12:58 PM
To: [EMAIL PROTECTED]
Subject: RE: j_security_check question

Does it load the login form for you?


-Original Message-
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 11:45 AM
To: Tomcat Users List
Subject: j_security_check question

I am using a servlet as a login form that uses  "j_security_check". When
submitted I would like it to return back to the same servlet with the person
now authenticated except that it gives me the error:

Type Status report
message Invalid direct reference to form login page
description The request sent by the client was syntactically incorrect
(Invalid direct reference to form login page).

Here is my web.xml file:


  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
  


   

  FORM
  Example Form-Based Authentication Area
  
/servlet/CustomLogin
/jsp/security/error.jsp
  


I have searched through the archives and it appears no one responded. Anyone
have a solution?

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: j_security_check question

[Kevin Andryc]

CustomLogin.class is a resource at a protected URL which also contains the
login form. So here is how it works (or how I would like it to work). I have
a CustomLogin class:

CustomLogin.class (located in /dev/WEB-INF/classes/)
public class CustomLogin extends HttpServlet  {
public CustomLogin() {
super();
}

public void doGet(HttpServletRequest request, HttpServletResponse response)
{
performTask(request, response);
}

public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}

public void performTask(HttpServletRequest request, HttpServletResponse
response) {

try {
String jspPage = "login.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);

}
catch(Exception e) {
e.printStackTrace();
}
}
}

login.jsp (located in /dev/jsp/security/)



Login Page for Examples


  

  Username:
  


  Password:
  


  
  

  




web.xml


  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
  


   

  FORM
  Example Form-Based Authentication Area
  
/servlet/CustomLogin
/jsp/security/error.jsp
  


The user will type in the URL:
http://localhost:8080/dev/servlet/CustomLogin. The login form does appear.
But once I enter the login information (username and password) the "Invalid
direct reference to form login page" appears. What I want it to have the
user type in http://localhost:8080/dev/servlet/CustomLogin and login. If
they are successful, then it should then direct them to the CustomLogin
servlet so I can get the user information and customize the page according
to who is logged in. I hope this makes sense. I just can't seem to get it to
work or how to make it work.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: John Gregg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 02:25 PM
To: 'Tomcat Users List'
Subject: RE: j_security_check question

Is CustomLogin a resource at a protected URL, or is it a servlet that itself
spits out a login page?  You can't access j_security_check directly.
Instead, you need to access a protected URL, the container sees that you're
not logged-in and redirects you to the login form, you submit the login
form, and finally the container sends you to the original resource you
requested.

john

-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Kevin Andryc
Sent: Tuesday, July 02, 2002 12:09 PM
To: Tomcat Users List
Subject: RE: j_security_check question


When I type in the URL:

http://localhost:8080/dev/servlet/CustomLogin

The form loads with the respective "username" and "password" fields. But
when I submit the form to be authenticated, that is when the error appears.

Sincerely,
Kevin


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: j_security_check question

[Kevin Andryc]

OK, so here is where I am at. I have such that, when a user tries to access
a servlet (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) they get
forwarded to a Login JSP page specified by my web.xml. Here is the problem,
when the user tries to login the Login form appears again, yet the URL is
shown as http://localhost:8080/dev/servlet/ProtectedPage. Why doesn't my
ProtectedPage servlet appear? I am really stuck. Below is my web.xml file:


  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 /jsp/security/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
 tomcat
  


   

  FORM
  Example Form-Based Authentication Area
  
/jsp/security/login.jsp
/jsp/security/error.jsp
  
    

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: John Gregg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 04:48 PM
To: 'Tomcat Users List'
Subject: RE: j_security_check question

No can do-ski.  The container needs to know where to send the user upon
successful authentication, but if your application presents a form to a user
that gets submitted to j_security_check, the Tomcat authentication stuff
won't know where to send the user when the operation completes.  Your
web.xml and login.jsp look ok.  You just don't want your application to
serve a page that goes to j_security_check directly.  Instead, Tomcat
decides automagically when you need to login.  It then inserts itself into
the application flow by remembering where the user was trying to go, sending
the login page that you specify, then redirecting (or forwarding?) the user
to that place upon successful login.  Before using container-managed
security I was so used to creating AND SERVING my own login pages that it
took a while to wrap my brain around the fact that I no longer had to do
stuff like "if (req.getSession(false)) == null) then send login page"
Just code your servlet to do what you want and let Tomcat worry about
when/if to present the login page.  The URL you'll access will be the
servlet or jsp that kicks off your business logic, not the login logic.

john


-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Kevin Andryc
Sent: Tuesday, July 02, 2002 1:40 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: RE: j_security_check question


CustomLogin.class is a resource at a protected URL which also contains the
login form. So here is how it works (or how I would like it to work). I have
a CustomLogin class:

CustomLogin.class (located in /dev/WEB-INF/classes/)
public class CustomLogin extends HttpServlet  {
public CustomLogin() {
super();
}

public void doGet(HttpServletRequest request, HttpServletResponse
response)
{
performTask(request, response);
}

public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}

public void performTask(HttpServletRequest request,
HttpServletResponse
response) {

try {
String jspPage = "login.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);

}
catch(Exception e) {
e.printStackTrace();
}
}
}

login.jsp (located in /dev/jsp/security/)



Login Page for Examples


  

  Username:
  


  Password:
  


  
  

  




web.xml


  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
  


   

  FORM
  Example Form-Based Authentication Area
  
/servlet/CustomLogin
/jsp/security/error.jsp
  


The user will type in the URL:
http://localhost:8080/dev/servlet/CustomLogin. The login form does appear.
But once I enter the login information (username and password) the "Invalid
direct reference to form login page" appears. What I want it to have the
user type in http://localhost:8080/dev/servlet/CustomLogin and login. If
they are successful, then it should then direct them to the CustomLogin
servlet so I can get the user information and customize the page according
to who is logged in. I hope this makes sense. I just can't seem to get it to
work or how to make it work.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]


--
To unsu

RE: j_security_check question: RequestDispatcher .forward!!

[Kevin Andryc]

OK,
So I found that I can access my servlet if I don't use the
RequestDispatcher .forward method. In other words, when I try and access my
page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
JSP form that I specified. When I login successfully,the login page
reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
.forward method instead of using a PrintWriter to send back the response.
Why can I not use the RequestDispatcher, if I can, how???

Below is some code.

Web.xml

  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 /jsp/security/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
 tomcat
  


   

  FORM
  Example Form-Based Authentication Area
  
/jsp/security/login.jsp
/jsp/security/error.jsp
  


ProtectedPage.java
public class ProtectedPage extends HttpServlet  {

// Default constructor
public ProtectedPage() {
super();
}

public void doGet(HttpServletRequest request, HttpServletResponse response)
{
performTask(request, response);
}

public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}

public void performTask(HttpServletRequest request, HttpServletResponse
response) {

try {
String jspPage = "index.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);
}
catch(Exception e) {
e.printStackTrace();
}
}
}

index.jsp


Protected Page for Examples



You are logged in as remote user <%= request.getRemoteUser() %>
in session <%= session.getId() %>

<%
  if (request.getUserPrincipal() != null) {
%>
Your user principal name is
<%= request.getUserPrincipal().getName() %>
<%
  } else {
%>
No user principal could be identified.
<%
  }
%>

<%
  String role = request.getParameter("role");
  if (role == null)
role = "";
  if (role.length() > 0) {
if (request.isUserInRole(role)) {
%>
  You have been granted role <%= role %>
<%
} else {
%>
  You have not been granted role <%= role %>
<%
}
  }
%>



Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: John Gregg [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 02, 2002 04:48 PM
To: 'Tomcat Users List'
Subject: RE: j_security_check question

No can do-ski.  The container needs to know where to send the user upon
successful authentication, but if your application presents a form to a user
that gets submitted to j_security_check, the Tomcat authentication stuff
won't know where to send the user when the operation completes.  Your
web.xml and login.jsp look ok.  You just don't want your application to
serve a page that goes to j_security_check directly.  Instead, Tomcat
decides automagically when you need to login.  It then inserts itself into
the application flow by remembering where the user was trying to go, sending
the login page that you specify, then redirecting (or forwarding?) the user
to that place upon successful login.  Before using container-managed
security I was so used to creating AND SERVING my own login pages that it
took a while to wrap my brain around the fact that I no longer had to do
stuff like "if (req.getSession(false)) == null) then send login page"
Just code your servlet to do what you want and let Tomcat worry about
when/if to present the login page.  The URL you'll access will be the
servlet or jsp that kicks off your business logic, not the login logic.

john


-Original Message-
From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED].
org]On Behalf Of Kevin Andryc
Sent: Tuesday, July 02, 2002 1:40 PM
To: Tomcat Users List; [EMAIL PROTECTED]
Subject: RE: j_security_check question


CustomLogin.class is a resource at a protected URL which also contains the
login form. So here is how it works (or how I would like it to work). I have
a CustomLogin class:

CustomLogin.class (located in /dev/WEB-INF/classes/)
public class CustomLogin extends HttpServlet  {
public CustomLogin() {
super();
}

public void doGet(HttpServletRequest request, HttpServletResponse
response)
{
performTask(request, response);
}

public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}

public vo

j_security_check question: RequestDispatcher .forward!! PLZ HELP!

[Kevin Andryc]

OK,
So I found that I can access my servlet if I don't use the
RequestDispatcher .forward method. In other words, when I try and access my
page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
JSP form that I specified. When I login successfully,the login page
reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
.forward method instead of using a PrintWriter to send back the response.
Why can I not use the RequestDispatcher, if I can, how???

Below is some code.

Web.xml

  Example Security Constraint
  
 Protected Area
 
 /servlet/*
 /jsp/security/*
 
 DELETE
 GET
 POST
 PUT
  
  
 
 user
 tomcat
  


   

  FORM
  Example Form-Based Authentication Area
  
/jsp/security/login.jsp
/jsp/security/error.jsp
  


ProtectedPage.java
public class ProtectedPage extends HttpServlet  {

// Default constructor
public ProtectedPage() {
super();
}

public void doGet(HttpServletRequest request, HttpServletResponse response)
{
performTask(request, response);
}

public void doPost(HttpServletRequest request, HttpServletResponse
response) {
performTask(request, response);
}

public void performTask(HttpServletRequest request, HttpServletResponse
response) {

try {
String jspPage = "index.jsp";
RequestDispatcher rd =
getServletContext().getRequestDispatcher("/jsp/security/" + jspPage);
rd.forward(request, response);
}
catch(Exception e) {
e.printStackTrace();
}
}
}

index.jsp


Protected Page for Examples



You are logged in as remote user <%= request.getRemoteUser() %>
in session <%= session.getId() %>

<%
  if (request.getUserPrincipal() != null) {
%>
Your user principal name is
<%= request.getUserPrincipal().getName() %>
<%
  } else {
%>
No user principal could be identified.
<%
  }
%>

<%
  String role = request.getParameter("role");
  if (role == null)
role = "";
  if (role.length() > 0) {
if (request.isUserInRole(role)) {
%>
  You have been granted role <%= role %>
<%
} else {
%>
  You have not been granted role <%= role %>
<%
}
  }
%>




Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: j_security_check question: RequestDispatcher .forward!! PLZ HELP!

[Kevin Andryc]

I was wondering if anyone had an answer to this or should I e-mail the
Developers group? I found this snippet on the web and tried what they
suggested and it still doesn't work:

[begin quote]

One approach that will work in Tomcat 4.0 (because it was planned that way
in
the servlet 2.3 spec) is based on the following reasoning:

* Security constraints are imposed only on the original request URI,
  not when doing RequestDispatcher.include or RequestDispatcher.forward

* Therefore, we can prohibit direct access to servlets (or JSP pages) by
  protecting them with a security constraint that disallowed access.

* In 2.3, if you define a security contraint that has an 
  element with no nested  elements, the container interprets
  this to mean that absolutely no direct access to the protected URIs
  is allowed via requests -- they can only be accessed indirectly via
  a RequestDispatcher.

* You can simulate this behavior in 2.2 by using a security constraint with
  a  to which no users have been assigned.

Doing this forces all requests to come through your controller servlet,
because
none of the JSP pages would be directly accessible.

[end quote]

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Kevin Andryc [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 04, 2002 05:31 PM
To: Tomcat Users List
Subject: RE: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!

I am currently using Tomcat 4.0.4. My problem is that when I use the
RequestDispatcher and forward the request to the index.jsp page, it does not
work. Instead I get the login page. If you look at ProtectedPage.java, you
can see I forward the request to the index.jsp page. If it worked correctly,
I would type in (http://localhost:8080/dev/servlet/ProtectedPage) and a
login prompt would appear (login.jsp). Once I successfully logged in, I
should then go to my servlet (ProtectedPage), which should show index.jsp.
Instead, I get the login.jsp form when I successfully log in. When I changed
the ProtectedPage.java code so that it doesn't use the RequestDispatcher and
instead used a PrintWriter, it works fine. My question is, why can I not use
the RequestDispatcher??

Thanks for your help :).

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Craig R. McClanahan [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 04, 2002 05:25 PM
To: Tomcat Users List
Subject: Re: j_security_check question: RequestDispatcher .forward!! PLZ
HELP!


On Thu, 4 Jul 2002, Kevin Andryc wrote:

> Date: Thu, 04 Jul 2002 15:46:04 -0400
> From: Kevin Andryc <[EMAIL PROTECTED]>
> Reply-To: Tomcat Users List <[EMAIL PROTECTED]>
> To: Tomcat Users List <[EMAIL PROTECTED]>
> Subject: j_security_check question: RequestDispatcher .forward!! PLZ HELP!
>
> OK,
> So I found that I can access my servlet if I don't use the
> RequestDispatcher .forward method. In other words, when I try and access
my
> page (e.g.: http://localhost:8080/dev/servlet/ProtectedPage) I get a login
> JSP form that I specified. When I login successfully,the login page
> reappears when, in my ProtectedPage servlet, I use the RequestDispatcher
> .forward method instead of using a PrintWriter to send back the response.
> Why can I not use the RequestDispatcher, if I can, how???
>

If you are using Tomcat 3.x, you'll have a problem with your example code
below, because you've got the form login page inside your protected area.
That works fine in Tomcat 4, however.  In Tomcat 3, move your login page
to some directory that is *not* protected by a security constraint.

What is not obvious from your question is what it is, exactly, that you
are asking.  You seem to claim that you cannot use a request dispatcher,
but your code is doing exactly that.  So what is the problem?

Craig


> Below is some code.
>
> Web.xml
> 
>   Example Security Constraint
>   
>  Protected Area
>
>  /servlet/*
>/jsp/security/*
>
>DELETE
>  GET
>  POST
>PUT
>   
>   
>  
>  user
>tomcat
>   
> 
>
>
> 
>   FORM
>   Example Form-Based Authentication Area
>   
>   /jsp/security/login.jsp
> /jsp/security/error.jsp
>   
> 
>
> ProtectedPage.java
> public class ProtectedPage extends HttpServlet  {
>
>   // Default constructor
>   public ProtectedPage() {
>   super();
>   }
>
>   public void doGet(HttpServletRequest request, HttpServletResponse
response)
> {
>   performTask(request, response);
>   }
>
>   pu

Tomcat 4.0.4 Realm Question

[Kevin Andryc]

I was wondering how I can protect certain servlet subdirectories. For
example, lets say that in WEB-INF/classes I have two subdirectories: app1
and app2. How do I use the security-constraint to protect (force the user to
login) app1 but not have them login to classes in app2? I have tried this in
my web.xml file, but the login page doesn't appear and I go directly to the
page:


  Example Security Constraint
  
 Protected Area
 /servlet/app1.*
 DELETE
 GET
 POST
 PUT
  
  
 usr
  


Is this possible? If so, how can this be achieved?

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 4.0.4 Realm Question

[Kevin Andryc]

I was wondering how I can protect certain servlet subdirectories. For
example, lets say that in WEB-INF/classes I have two subdirectories: app1
and app2. How do I use the security-constraint to protect (force the user to
login) app1 but not have them login to classes in app2? I have tried this in
my web.xml file, but the login page doesn't appear and I go directly to the
page:


  Example Security Constraint
  
 Protected Area
 /servlet/app1.*
 DELETE
 GET
 POST
 PUT
  
  
 usr
  


Is this possible? If so, how can this be achieved?

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Java Mail/IMAP

[Kevin Andryc]

I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
was wondering if anyone could provide help using an IMAP server instead. For
example, I need to authenticate and am not sure what I need to add in order
for that to happen.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Java Mail/IMAP

[Kevin Andryc]

Thanks! I appreciate everyone's help!

Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Rick Fincher [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 15, 2002 03:53 PM
To: Tomcat Users List
Subject: Re: Java Mail/IMAP

Hi Kevin,

If no one else can help with imap mail in Tomcat, Sun has a mail webapp on
their web site that supports IMAP and POP and enclosures of graphics and pdf
files, etc.

They use a tag library so it's easy to customize.

Details are at:
http://developer.java.sun.com/developer/technicalArticles/javaserverpages/em
ailapps/

Rick

- Original Message -----
From: "Kevin Andryc" <[EMAIL PROTECTED]>
To: "Tomcat Users List" <[EMAIL PROTECTED]>
Sent: Monday, July 15, 2002 3:34 PM
Subject: Java Mail/IMAP


> I was looking at "SendMailServlet.java" example provided by Tomcat 4.0, I
> was wondering if anyone could provide help using an IMAP server instead.
For
> example, I need to authenticate and am not sure what I need to add in
order
> for that to happen.
>
> Thanks,
> Kevin
>
> Kevin Andryc
> Web Systems Engineer
> MISER
> http://www.umass.edu/miser/
> Phone: (413)-545-3460
> [EMAIL PROTECTED]
>
>
>
>
>
> --
> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>
>
>


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

mod_jk for Linux (Tomcat 4.0.4/Apache 1.3.26)

[Kevin Andryc]

Where do I find mod_jk.so (Linux) along with the configuration files
(workers.properties, mod_jk.conf etc.) for Tomcat 4.0.4 for use with Apache
1.3.26?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Tomcat 4.0.4 not starting in Windows 2000

[Kevin Andryc]

I just installed Tomcat 4.0.4 on a Windows 2000 device as a service. Except
it won't start. There is nothing in the logs, but when I checked the Event
Viewer in the system log, it says:

"The Apache Tomcat service terminated unexpectedly. It has done this 1
time(s)."

I don't know if this is relevant, but I am trying to hook it in with Apache
1.3.26 and in the Application Log, the Apache service shows an error
stating:

"The Apache service named C:\Program Files\Apache Group\Apache\Apache.exe
reported the following error: >>>[warn] module jk_module already loaded,
skipping <<< before the error.log file could be opened."

That error is reported 2 seconds after there is a message stating that the
Apache Tomcat server has started. So in essence, here is the events:

2:05:31 pm Tomcat Server Starts
2:05:33 pm Apache has error with jk_module
2:06:15 pm Tomcat server terminates unexpectedly.

Anyone know why this is happening??

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Apache 2.0.39 + Tomcat 4.0.4 (mod_jk2.dll) on Windows 2000

[Kevin Andryc]

I can't seem to get them to work together. I have read archived posts but no
one has been able to answer how to exactly set them up to work properly. I
keep getting:

"Invalid command 'JkWorkersFile', perhaps mis-spelled or defined by a module
not included in the server configuration"

Does anyone have any ideas or have some documentation. The documents on
http://www.galatea.com/flashguides/ do not cover the mod_jk2.dll binary with
the latest Apache.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Apache Authentication

[Kevin Andryc]

I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using
Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that points
to a directory that uses Apache's authentication. In Tomcat 3.2.X, I used
mod_jserv which integrated well and I could get the remote user and use
Apache to authenticate. I was wondering how I could use mod_jk to do the
same. Right now, when I do a getRemoteUser() it returns null.

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

RE: Apache Authentication

[Kevin Andryc]

OK,
So what if I want in one application to use Tomcat Authentication and in
the other use Apache's Authentication. Is that possible??

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-Original Message-
From: Jacob Kjome [mailto:[EMAIL PROTECTED]]
Sent: Monday, July 22, 2002 02:07 PM
To: Tomcat Users List
Subject: Re: Apache Authentication

Hello Kevin,

You need to add tomcatAuthentication="false" to your jk connector
definition in server.xml.



Note that tomcatAuthentication does not seem to be implemented
properly in Coyote.  For instace, the analog to the above connection
for Coyote would be the following which currently doesn't work
(getRemoteUser() returns null):



Let me qualify that. It doesn't work when using mod_jk.  I haven't
gotten thing to work using mod_jk2, so it may work in that case, but
it should work in both.


To Tomcat Developers...

Is there another way that Coyote implemented to grab the auth info
from Apache?


Jake


Monday, July 22, 2002, 12:55:31 PM, you wrote:

KA> I just converted over from Tomcat 3.2.X to Tomcat 4.0.4 on Linux using
KA> Apache 1.3.26. In the Apache httpd.conf file, we have an Alias that
points
KA> to a directory that uses Apache's authentication. In Tomcat 3.2.X, I
used
KA> mod_jserv which integrated well and I could get the remote user and use
KA> Apache to authenticate. I was wondering how I could use mod_jk to do the
KA> same. Right now, when I do a getRemoteUser() it returns null.

KA> Thanks,
KA> Kevin

KA> Kevin Andryc
KA> Web Systems Engineer
KA> MISER
KA> http://www.umass.edu/miser/
KA> Phone: (413)-545-3460
KA> [EMAIL PROTECTED]





KA> --
KA> To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
KA> For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>



--
Best regards,
 Jacobmailto:[EMAIL PROTECTED]


--
To unsubscribe, e-mail:
<mailto:[EMAIL PROTECTED]>
For additional commands, e-mail:
<mailto:[EMAIL PROTECTED]>


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Servlets using old classes

[Kevin Andryc]

I updated a class file in my web application. The problem is that my servlet
that uses that class file isn't picking up the changes. It seems to be still
using the old class file. I restarted Tomcat, but when I access my servlet,
it still has signs that it is using the old class file. How is this so?
Anyone have any ideas?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Authentication: Use Tomcat and Apache

[Kevin Andryc]

I have an application that currently uses Apache's authentication. In order
for this to work with Tomcat I had to specify it in my server.xml, like so:



I also have another application running under Tomcat that I would like
Tomcat to handle the authentication. Is there a way to have both methods?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Authentication: Use Tomcat and Apache

[Kevin Andryc]

I have an application that currently uses Apache's authentication. In order
for this to work with Tomcat I had to specify it in my server.xml, like so:



I also have another application running under Tomcat that I would like
Tomcat to handle the authentication. Is there a way to have both methods?

Thanks,
Kevin


Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]





--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Slightly Off Topic: Web Site Content

[Kevin Andryc]

Hello,
I have been doing web programming for quite some time but what I have
yet to figure out is the best way to handle web site content. For example,
if I want to create a web sire with a vast number of pages, I would like to
have it easily maintained such that if a link changes in my navigation bar,
the rest gets updated rather than picking through every page. What is the
best way to do this? Do you guys use JSP pages and have the navigation or
content stored in a database and then retrieved by the JSP? How about
architecture? Are there any good books on this? Any help would be great.

Sincerely,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Security and url-pattern

[Kevin Andryc]

I have some questions about the  tag in web.xml. I would like
to restrict access to any reference of /servlet/app.test.*. However, I want
anything in the /servlet/ directory to be accessible. Is there anyway I can
do this? I tried this undert the security constraint tag:

/servlet/app.test.*

However this did not work and its lets me access any servlet with that
pattern to go through without a password. How does the pattern matching
work? I looked through the Tomcat docs and nothing is really documented
about web.xml. Is there anywhere I can go for this?

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]




-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Problem with Message Archives?

[Kevin Andryc]

Hi,
   I was wondering if anyone has problems obtaining archived messages when
performing a search? I have tried several times but have received a "403:
Forbidden" message on every message I have received back from the search.

Thanks,
Kevin



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat Authentication Nightmare

[Kevin Andryc]

Hi all,
In a previous project, I decided to use Tomcat authentication and just
had nightmarish troubles. Telling people they couldn't bookmark the logon
page just isn't a solution. Plus, many people had serious problems trying to
login. They would enter in their user name and passwords multiple times, and
still could not get in. I would honestly say 25-30% of the people had
problems, which did not reflect well on me. Previously I used Apache
authentication, but it is just not as flexible as Tomcat, but then again I
never had a problem with it. I was wondering if there are any suggestions
for authentication? I don't really want to use Apache for this upcoming
project and would really prefer a Tomcat-like authentication mechanism where
I could use a database to hole user names and passwords etc. Any suggestions
would be appreciated!

Thanks,
Kevin

Kevin Andryc
Web Systems Engineer
MISER
http://www.umass.edu/miser/
Phone: (413)-545-3460
[EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Security Announcements

[Kevin Andryc]

I was wondering if there is a security bulletin on the Tomcat website. Or
better yet, how can I get updated on the latest security announcements.

Thanks,
Kevin


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]