Re: No response from Tomcat 5 when browser sends signed cookie

2005-01-06 Thread Leonard Sitongia 
On Jan 6, 2005, at 12:07 PM, Wade Chandler wrote:
I don't know the answer...figured I would try to give you help in 
thinking about the issue.

Thanks!  That was just the kind of thinking I was hoping to hear.  If 
not an answer, then it sure helps to get ideas of other ways of 
experimenting.

==Leonard
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: No response from Tomcat 5 when browser sends signed cookie

2005-01-06 Thread Leonard Sitongia 
On Jan 6, 2005, at 11:03 AM, Leonard Sitongia wrote:
Looks like this is not related the the secure nature (digitally 
signed) of the cookie, but the size.  A cookie over about 3k will 
trigger this problem.

Resolved this by increasing the bufferSize and maxHttpHeaderSize in the 
Tomcat configuration file.

Have no idea why there's no diagnostic information about this from 
Tomcat, but it simply appears to be a matter of the cookie size making 
the header too large, which only happened to come up when using SSL, 
and Tomcat simply didn't respond?

==Leonard E. Sitongia
Web Engineering Group
National Center for Atmospheric Research
P.O. Box 3000 Boulder CO 80307  USA
[EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1804
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: No response from Tomcat 5 when browser sends signed cookie

2005-01-06 Thread Leonard Sitongia 
More information:
Looks like this is not related the the secure nature (digitally signed) 
of the cookie, but the size.  A cookie over about 3k will trigger this 
problem.

Also, it looks like Tomcat doesn't receive the request, so the problem 
may be in SSL.  It is hard to tell, since it seems like it could be 
that Tomcat isn't logging in the part of the code that this is hitting.

Is this a problem in Java SSL?
Thanks for any help you can offer!
==Leonard
On Jan 5, 2005, at 10:58 AM, Leonard Sitongia wrote:
I have configured Tomcat 5.0.27 on the localhost to accept https 
connections (I  have configured an unsigned cert under the alias 
"tomcat" to allow this).

I can then get to the root Tomcat page at https://localhost:8443/.
If my browser happens to have a signed cookie in it (this cookie is a 
signed S/MIME message that contains the signing certificate and so is 
3765 bytes long - it is used by some homegrown Apache httpd apps that 
are unrelated to Tomcat), then Tomcat no longer responds on 8443.  I 
can still get to the Tomcat root page with http://localhost:8080/, but 
when I try https://localhost:8443/ then Netscape 7 says "document 
contains no data" and Safari says “bad server response” 
(NSURLErrorDomain:-1011).

Nothing is logged by Tomcat about this.  There are no error messages 
at any time from Tomcat.

My browser and server are on Mac OS X.
I tried puting the signing cert that is used to sign the S/MIME 
message into the keystore for Tomcat.  That didn't help.  I don't know 
how to put the signing key into the keystore... maybe that's 
inadvisable anyway?

Is this simply a matter of the size of the cookie, or will Tomcat try 
to do something with the cookie even though it is not intended to be 
used by any apps in Tomcat?  What should I investigate and try to 
resolve this?

Thanks for your help!
==Leonard E. Sitongia
Web Engineering Group
National Center for Atmospheric Research
P.O. Box 3000 Boulder CO 80307  USA
[EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1804
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

No response from Tomcat 5 when browser sends signed cookie

2005-01-05 Thread Leonard Sitongia 
I have configured Tomcat 5.0.27 on the localhost to accept https 
connections (I  have configured an unsigned cert under the alias 
"tomcat" to allow this).

I can then get to the root Tomcat page at https://localhost:8443/.
If my browser happens to have a signed cookie in it (this cookie is a 
signed S/MIME message that contains the signing certificate and so is 
3765 bytes long - it is used by some homegrown Apache httpd apps that 
are unrelated to Tomcat), then Tomcat no longer responds on 8443.  I 
can still get to the Tomcat root page with http://localhost:8080/, but 
when I try https://localhost:8443/ then Netscape 7 says "document 
contains no data" and Safari says “bad server response” 
(NSURLErrorDomain:-1011).

Nothing is logged by Tomcat about this.  There are no error messages at 
any time from Tomcat.

My browser and server are on Mac OS X.
I tried puting the signing cert that is used to sign the S/MIME message 
into the keystore for Tomcat.  That didn't help.  I don't know how to 
put the signing key into the keystore... maybe that's inadvisable 
anyway?

Is this simply a matter of the size of the cookie, or will Tomcat try 
to do something with the cookie even though it is not intended to be 
used by any apps in Tomcat?  What should I investigate and try to 
resolve this?

Thanks for your help!
==Leonard E. Sitongia
Web Engineering Group
National Center for Atmospheric Research
P.O. Box 3000 Boulder CO 80307  USA
[EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1804
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Clustering and Virtual Hosts

2004-09-07 Thread Leonard Sitongia 
Hi,
The server.xml in Tomcat 5 has  inside of .
Right now, I'm running one host in the Tomcat configuration on each of 
two computers.  server.xml in tomcat running on a computer named c1 has 
a  named c1, and computer c2 has a host named c2.

I'm planning to create several virtual hosts that will be clustered 
across two computers.  The virtual hosts, of course, have the same IP 
address.

Can I simply duplicate the  definition in each of the  
sections in the multiple virtual hosts that I define in each computer?  
In other words:

Computer 1:








Computer 2:








Where all the information in the  element is the same for 
each virtual host on each computer.

Seems like I end up with four virtual hosts that are all talking on the 
same TCP and multicast connections.

Do I need to define a different tcpListenAddress / tcpListenPort for 
each virtual host?

Thanks for your help!
==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Why so many sessions?

2004-06-03 Thread Leonard Sitongia 
On May 28, 2004, at 7:15 AM, Leonard Sitongia wrote:
On May 27, 2004, at 12:43 PM, Leonard Sitongia wrote:
On May 27, 2004, at 10:05 AM, Leonard Sitongia wrote:
But, the number of Sessions is 140.
The number appears to have fluctuations up and down, but the overall 
trend is to increase.  There are now 170 sessions.  Some sessions 
apparently expire but others do not, hence the overall increase.
Hello again,
The number of sessions is now over 250.
One week later, and the session count is 476.  Is the session count in 
the Tomcat Manager incorrect?
The memory utilization hasn't significantly increased.  Can I ignore 
the session count?

Thank you for any help you can offer me.
==Leonard
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Tomcat restart Thursday 8pm

2004-06-02 Thread Leonard Sitongia 
Tomcat will be restarted on Thursday, June 3rd, at 8pm, in order to 
switch to a new version of WEQC.

Applications affected:
www.people.ucar.edu (WEQC)
webmail
SKIL
Downtime should be less that 5 minutes.
==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Why so many sessions?

2004-05-28 Thread Leonard Sitongia 
On May 27, 2004, at 12:43 PM, Leonard Sitongia wrote:
On May 27, 2004, at 10:05 AM, Leonard Sitongia wrote:
But, the number of Sessions is 140.
The number appears to have fluctuations up and down, but the overall 
trend is to increase.  There are now 170 sessions.  Some sessions 
apparently expire but others do not, hence the overall increase.
Hello again,
The number of sessions is now over 250.  There are still only about 8 
hits in a five minute period.  There's no session information held 
here, as there's no login or other user-specific information handled.  
The pages simply display content from the OpenSymphony cache or invoke 
my JSP tag that goes through Hibernate to get data from MySQL.  So, 
sessions older than 5 minutes should be automatically removed, I would 
expect.

Can anyone offer me advice here?  Can the number of sessions shown in 
the Tomcat Manager simply be ignored?

Thanks for your help!
==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Why so many sessions?

2004-05-27 Thread Leonard Sitongia 
On May 27, 2004, at 10:05 AM, Leonard Sitongia wrote:
But, the number of Sessions is 140.
The number appears to have fluctuations up and down, but the overall 
trend is to increase.  There are now 170 sessions.  Some sessions 
apparently expire but others do not, hence the overall increase.

Is this going to eventually hit a wall?
Thanks for your help,
==Leonard
==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Why so many sessions?

2004-05-27 Thread Leonard Sitongia 
Hello,
I find that the number of Sessions displayed by the Manager is 
surprisingly high.  My application has the session timeout set to 5.   
The access_log shows 8 hits in the last five minutes.  But, the number 
of Sessions is 140.

I'm running Tomcat 5.0.19 on Solaris 5.9.  I use two servers in a 
Tomcat 5 session-replicated cluster.

My application is a few JSP pages that use custom tags I wrote that use 
Hibernate persistence to MySQL.
The pages use OpenSymphony cache tags to keep the number of hits to the 
database low.

The high session count doesn't seem to be a problem.  Still, I'd like 
to learn why the number is so high.

Thanks for your help!
==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Custom authentication plus Realm for just roles?

2004-05-14 Thread Leonard Sitongia 
Hi,

Could I get some pointers into incorporating my own authentication into 
Tomcat's container managed security while using a JDBC realm for just 
the role information?

We have a local authentication mechanism that provides an API with a 
class, for example, that returns a boolean given a username/password 
pair.  I'd like to use that, incorporating it into my own custom realm. 
 But, it doesn't have role information, so I want to supplement the 
authentication we have with the authorization part of it, in a way that 
works within Tomcat's container managed security.

Thanks for your help!

==Leonard E. Sitongia
  VETS / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Application-specific Manager access?

2003-12-02 Thread Leonard Sitongia 
On Monday 10 November 2003 6:26 pm, Tim Funk wrote:
> Few options ...
> 1) Place each group in its own virtual host. Then register a manager app
> per virtual host.

Hi,

I'm looking at this again.  The manager is a servlet container application (as 
I gather it's called) and is in server/webapps/manager, rather than an 
application under webapps.

How can this be associated with a particular virtual host?

I've created two virtual hosts with their own appBases, and put different 
applications in them.  I copied the webapp/ROOT
contents into the appBase of each virtual host so that I'd have an opening 
page.  That part is working.  

When I hit the manager/html on a virtual host, the resource is not available.  

What is the connection between webapps/ROOT, webapps/manager.xml,
manager/html and server/webapps/manager?

Thanks for your help!

> 2) Write a filter and add that to the manager web.xml to perform the extra
> acl needs
> 3) Write a perl(or pick your fav lang) wrapper that does all the ACL work
> then it calls the manager app URLS for you.
>
> -Tim
>
> Leonard Sitongia wrote:
> > Hi!
> >
> > I'm looking for ideas, conventions, or standard approaches to giving
> > people control over Tomcat Manager operations that are specific to
> > particular applications.  This could involve virtual hosts, realms, and
> > such, but I want to avoid setting up multiple servers, JVMs and such.
> >
> > I would like to set up a Tomcat server running multiple applications that
> > are being developed by particular groups.  I want to identify someone
> > responsible for each application and give them the authority to perform
> > Manager functions for their application, such as start/stop/reload.
> >
> > Tomcat has a rich set of ways of approaching this, but I haven't gotten a
> > vision of how to do this.
> >
> > Should I provide my own web pages that require authentication and provide
> > Manager URLs that are specific to the application?  Should I put the
> > applications in individual virtual hosts and provide a Manager for each
> > one, that has its own Manager authentication unique to that virtual host?
> >  Are there better ways of doing this?
>
> -
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]

-- 
==Leonard E. Sitongia   
  Visualization and Enabling Technologies / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1239


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Application-specific Manager access?

2003-11-10 Thread Leonard Sitongia 
Hi!

I'm looking for ideas, conventions, or standard approaches to giving people 
control over Tomcat Manager operations that are specific to particular 
applications.  This could involve virtual hosts, realms, and such, but I want 
to avoid setting up multiple servers, JVMs and such.

I would like to set up a Tomcat server running multiple applications that are 
being developed by particular groups.  I want to identify someone responsible 
for each application and give them the authority to perform Manager functions 
for their application, such as start/stop/reload.

Tomcat has a rich set of ways of approaching this, but I haven't gotten a 
vision of how to do this.

Should I provide my own web pages that require authentication and provide 
Manager URLs that are specific to the application?  Should I put the 
applications in individual virtual hosts and provide a Manager for each one, 
that has its own Manager authentication unique to that virtual host?  Are 
there better ways of doing this?

Thank you for your time and ideas!
-- 
==Leonard E. Sitongia   
  Visualization and Enabling Technologies / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1239


-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: How to set log file permissions?

2002-11-19 Thread Leonard Sitongia 
On Tuesday 19 November 2002 09:58 am, Leonard Sitongia wrote:
> Am I missing something obvious here?  Is it not possible to set the
> permissions?

I think the answer here is "yes", I'm missing something obvious.  Just dawned 
on me that it must be the umask setting the permissions.  Sorry to waste 
bandwidth.
-- 
==Leonard E. Sitongia   
  Visualization and Enabling Technologies / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

Re: How to set log file permissions?

2002-11-19 Thread Leonard Sitongia 
On Monday 18 November 2002 10:47 am, Leonard Sitongia wrote:
> How do I control the Unix file permissions that are set for the log files
> that are created by Tomcat?  They end up mode 600.  I would like them to be
> 644 so that developers can read the log files.

Hello again,

Am I missing something obvious here?  Is it not possible to set the 
permissions?  I thought I remembered the perms being 644 when I've run 
before, so maybe this is a change since 4.1.12?

Thank you for any help you can give me.
-- 
==Leonard E. Sitongia   
  Visualization and Enabling Technologies / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829


--
To unsubscribe, e-mail:   <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>

How to set log file permissions?

2002-11-18 Thread Leonard Sitongia 
Hello,

I'm running Tomcat 4.1.14 (not 4.1.12 due to the SSL problem there), although 
I don't know if this question is specific to that release.  It's running on 
Sun Solaris.

How do I control the Unix file permissions that are set for the log files that 
are created by Tomcat?  They end up mode 600.  I would like them to be 644 so 
that developers can read the log files.

I've searched all over the web, and read documentation about Tomcat.  I don't 
think it would be java.io.FilePermission, which I think is for the apps 
running within Tomcat.  Am I wrong about that?  I don't see configurables for 
the Logger or AccessLogValve for setting this.

Thank you for your help!
-- 
==Leonard E. Sitongia   
  Visualization and Enabling Technologies / Scientific Computing Division
  National Center for Atmospheric Research
  P.O. Box 3000 Boulder CO 80307  USA
  [EMAIL PROTECTED]voice: (303)497-2454   fax: (303)497-1829


--
To unsubscribe, e-mail:   
For additional commands, e-mail: