Tomcat + IE + pragma tag
Does anyone know why IE will not allow a file download from tomcat (and maybe other sources) when the connection is over SSL and the pragma HTTP Header tag is set to "no-cache"? I have been experiencing this and am puzzled as to why this is happening. If I set the pragma tag to "no-cache, blah", the file gets downloaded fine. thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat ssl doc download error in IE
This fix will only work if you have apache using the mod_headers
module. I do not have that module installed on my version of apache, so
I am not sure if there is any other work around. Do you have any other
ideas? I am quickly running out of ideas myself.
thank you.
Daniel wrote:
Hi,
I actually just got this working and the answer is unbelievably bizarre.
It all sorta boiled down to the Pragma header. I can't set the pragma
header in my servlet and must do it in the Apache httpd.conf like this:
Header append Pragma "blah"
And "blah" could be anything and would still work, it's just the fact
that it's set in the Apache httpd.conf! Weird, this isn't scientific, I
must be missing something. :)
Here's the combo I got it working with:
Pragma: no-cache, blah
Cache-Control: private
Content-Length: sizeof(stream)
Content-disposition: attachment; filename="doc.pdf"
Regards,
Daniel
On Thu, 5 Feb 2004, Mark W. Webb wrote:
I am seeing a very similar problem with Tomcat 4.1.24 and Apache over
SSL on Solaris 9. I am using Tomcat4.1.24, JDK 1.4.2 Apache
2.0.48(mod_ssl, mod_jk), OpenSSL 0.9.7c. Everything compiled from
source except JDK.
Hi,
I'm really stumped and hope someone can provide insight :(
We got a tomcat server connected behind a an apache web server via mod_jk.
when running without ssl, a user submits a form and is able to
retrieve a pdf document (they can save or open it) using IE6. But over
ssl they would get this error:
"Internet Explorer cannot download doc.pdf from myhost.com.
Internet EXplorer was not able to open this Internet site. The requested
site is either unavailable or cannnot be found. Please try again later."
This doesn't happen with Mozilla and it would work as expected.
Thing is, we've got a *solution* for this when using mod_python and
mod_perl...just not with Java/Tomcat. The solution for those were to set
special http headers so IE can interpret things correctly:
- Pragma = 'nocache'
- Expires = 'now'
- Cache-Control = 'private'
- Content-Length = sizeof(stream)
- Content-disposition = 'attachment; filename="doc.pdf"'
This was done by a co-worker of mine and it worked. I later saw something
about setting Cache-Control = public cuz IE won't "save" private stuff.
But even when I explicity setHeader("Cache-Control", "public") I still see
Cache-Control = private, public.
So I have 2 questions:
1. Does anyone know why there are two values even when I explicity call
setHeader(..) for the Cache-Control? Is Tomcat silently setting this?
The source doesn't seem to have that though... :(
2. Has anyone run into this and solved it? I'd be much more interested in
this answer :))
We're using:
- Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux.
- Turbine 2.3 framework
- JDK 1.4.x.
TIA,
Daniel
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: apache-tomcat ssl doc download error in IE
I am seeing a very similar problem with Tomcat 4.1.24 and Apache over
SSL on Solaris 9. I am using Tomcat4.1.24, JDK 1.4.2 Apache
2.0.48(mod_ssl, mod_jk), OpenSSL 0.9.7c. Everything compiled from
source except JDK.
Hi,
I'm really stumped and hope someone can provide insight :(
We got a tomcat server connected behind a an apache web server via mod_jk.
when running without ssl, a user submits a form and is able to
retrieve a pdf document (they can save or open it) using IE6. But over
ssl they would get this error:
"Internet Explorer cannot download doc.pdf from myhost.com.
Internet EXplorer was not able to open this Internet site. The requested
site is either unavailable or cannnot be found. Please try again later."
This doesn't happen with Mozilla and it would work as expected.
Thing is, we've got a *solution* for this when using mod_python and
mod_perl...just not with Java/Tomcat. The solution for those were to set
special http headers so IE can interpret things correctly:
- Pragma = 'nocache'
- Expires = 'now'
- Cache-Control = 'private'
- Content-Length = sizeof(stream)
- Content-disposition = 'attachment; filename="doc.pdf"'
This was done by a co-worker of mine and it worked. I later saw something
about setting Cache-Control = public cuz IE won't "save" private stuff.
But even when I explicity setHeader("Cache-Control", "public") I still see
Cache-Control = private, public.
So I have 2 questions:
1. Does anyone know why there are two values even when I explicity call
setHeader(..) for the Cache-Control? Is Tomcat silently setting this?
The source doesn't seem to have that though... :(
2. Has anyone run into this and solved it? I'd be much more interested in
this answer :))
We're using:
- Tomcat 4.0.6, via mod_jk to Apache 1.3.x with mod_ssl, on Linux.
- Turbine 2.3 framework
- JDK 1.4.x.
TIA,
Daniel
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5 embedded ?
where can I find some examples on embedding tomcat in a java app using JMX? thank you for your time and sorry for any inconvenience. Remy Maucherat wrote: Mark W. Webb wrote: Embedded tomcat 4 had an API that could be used to programatically start tomcat from within another application. I am wondering if the same API exists for tomcat 5. If not, how could I start tomcat in an existing process. I would guess that I could not take advantage of the JMX stuff in tomcat 5 by using this "startup" API. Tomcat 5 has the same Embedded API. The main difference (although you won't notice it) is that it is blended with the regular standalone Tomcat code. No more weird incompatibilities, and you can use some of each mode (ie, have a server.xml while using the Embedded API to manage contexts). The embedded dist also includes an Ant script, which is basically a set of JMX commands. You can use the same JMX commands to embed Tomcat 5. I used that to embed Tomcat 5 inside JBoss 3.2.x (actually, all the initial code was Costin's). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5 embedded ?
Sorry if I sounds like a complete idiot here. Are you saying that I can use the JMX API to start an instance of embedded tomcat? If so, where can I find sample code to do this? I did alot of work with the embedded tomcat with the 4.1.24 version, so I am familiar I had to place the embedded tomcat inside a C program :( I would like to write some documentation on this once I have it all working. It seems like very few people use the embedded tomcat. thank you. Remy Maucherat wrote: Mark W. Webb wrote: Embedded tomcat 4 had an API that could be used to programatically start tomcat from within another application. I am wondering if the same API exists for tomcat 5. If not, how could I start tomcat in an existing process. I would guess that I could not take advantage of the JMX stuff in tomcat 5 by using this "startup" API. Tomcat 5 has the same Embedded API. The main difference (although you won't notice it) is that it is blended with the regular standalone Tomcat code. No more weird incompatibilities, and you can use some of each mode (ie, have a server.xml while using the Embedded API to manage contexts). The embedded dist also includes an Ant script, which is basically a set of JMX commands. You can use the same JMX commands to embed Tomcat 5. I used that to embed Tomcat 5 inside JBoss 3.2.x (actually, all the initial code was Costin's). - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5 embedded ?
Embedded tomcat 4 had an API that could be used to programatically start tomcat from within another application. I am wondering if the same API exists for tomcat 5. If not, how could I start tomcat in an existing process. I would guess that I could not take advantage of the JMX stuff in tomcat 5 by using this "startup" API. Shapira, Yoav wrote: Howdy, Can you explain how embedded tomcat is easier? I would appreciate it greatly. Also, if there is any documentation on this I would like to read it. Thank you. I doubt you'd appreciate my explanation greatly: embedded tomcat 5 is easier than embedded tomcat 4 because there's a specific distribution for it (5.0.18 embed zip or tar.gz, available from the same location as the normal distribution). :) There are references to this in the tomcat-user and tomcat-dev mailing list archives, but without too many details. If you have specific questions you should ask them and we can try to help. If you feel like writing a comprehensive "embedding tomcat 5" document it would also be welcome. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: tomcat 5 embedded ?
Can you explain how embedded tomcat is easier? I would appreciate it greatly. Also, if there is any documentation on this I would like to read it. Thank you. Shapira, Yoav wrote: Howdy, Is there such a thing as an embedded tomcat 5? I need to "embed" tomcat into a C program, which I could do with 4.1.24 easily enough using the Startup examples that I found in the tomcat baseline. I now need to integrate tomcat 5.x.x into my C program, but not sure how I should approach this. Yes, there's such a thing, and it's not changed much since tomcat 4. If anything, it's easier. Download the tomcat5 "embed" distribution (it has "embed" in the distribution name. The next JBoss 3.x RC will also have an embedded tomcat 5 I think. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
apache.org down ?
can anyone get to apache.org? I cannot get there or jakarta - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5 embedded ?
Is there such a thing as an embedded tomcat 5? I need to "embed" tomcat into a C program, which I could do with 4.1.24 easily enough using the Startup examples that I found in the tomcat baseline. I now need to integrate tomcat 5.x.x into my C program, but not sure how I should approach this. Any ideas? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tomcat 5 mailing list
Is there a tomcat 5-specific mailing list? It seems that most of the mail deals with tomcat 4. thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setting up CVS dev environment
So if one were to get involved with tomcat development, where would they start? Is there a TODO list? of maybe a "nice feature to have" list? Shapira, Yoav wrote: Howdy, Is my bugzilla query right? I only see 17 New/Assigned/Reopened bugs. Yup, that's it for tomcat 5, and most of those issues are highly contentious as they derive from unclear sections of the servlet specification. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: setting up CVS dev environment
thank you. I guess I was looking at the wrong page. Is my bugzilla query right? I only see 17 New/Assigned/Reopened bugs. Shapira, Yoav wrote: Howdy, I followed the instructions for setting up a CVS environment using my fedora linux system found at http://jakarta.apache.org/site/cvsindex.html, and after checking out the jakarta-tomcat-5 module and reading the BUILDING.txt file, I found that it is much easier to get the file : http://jakarta.apache.org/tomcat/tomcat-5.0-doc/build.xml and just typing in 'ant', assuming you have ant installed. Should this be documented anywhere? Are the tomcat docs in CVS where this can be updated? This is documented already: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/building.html. PS. Is there a "TODO" page anywhere for tomcat 5, I would like to start dabbling in the source code, and try to help out. Run an open issues report for tomcat 5 in bugzilla. Yoav Shapira This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
setting up CVS dev environment
I just finished setting up a CVS environment, and wanted to pass along a tip that I found I followed the instructions for setting up a CVS environment using my fedora linux system found at http://jakarta.apache.org/site/cvsindex.html, and after checking out the jakarta-tomcat-5 module and reading the BUILDING.txt file, I found that it is much easier to get the file : http://jakarta.apache.org/tomcat/tomcat-5.0-doc/build.xml and just typing in 'ant', assuming you have ant installed. Should this be documented anywhere? Are the tomcat docs in CVS where this can be updated? thank you. PS. Is there a "TODO" page anywhere for tomcat 5, I would like to start dabbling in the source code, and try to help out. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Apache SSL again... those variables are getting me mad!
I use mod_jk with tomcat 4.1.x and apache from source. I have not had
any problems to date. Try mod_jk and see if that helps.
Federico Fernandez Cruz wrote:
Yes! It returns null.
The servlet (jsp) that executes this code is running in Tomcat
(obviously!) And the whole web application is mapped from apache to
tomcat.
The steps are the following:
1.- https:///UserMan (UserMan is a location in Apache
that is mapped to my web application that is called UserMan ;-) )
2.- Apache starts SSL negotiation and ask the browser to send a client
user certificate.
3.- I select a correct user certificate... apache continues with the
ssl negotiation...
4.- Now I have a secure connection with apache.
5.- Apache send my request to Tomcat through mod_jk2
6.- Tomcat presents UserMan contents. That's all!
My JSP is under UserMan in Tomcat. So If I type the URL to get
ssltest.jsp, the code executes over SSL through mod_jk2...
By the way, I have exported all variables in ssl.conf using...
SSLOptions +FakeBasicAuth +ExportCertData +CompatEnvVars +StrictRequire
I think mod_jk2 is not working properly with the ssl information but
is tunneling the communication in a correct manner from Apache to Tomcat.
Thanks again!
Mark W. Webb wrote:
Does the following return null? If so, your ssl.conf may be messed
up. Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate")
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute("javax.servlet.request.cipher_suite");
or the key size example.
I know that code won't compile... My intention was pointing you to
the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("org.apache.coyote.request.X509Certificate");
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not
be my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings
like /your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this
(/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for
changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#*
Re: Apache SSL again... those variables are getting me mad!
Does the following return null? If so, your ssl.conf may be messed up.
Is the servlet that executes this code running over SSL?
java.security.cert.X509Certificate[] certs =
(java.security.cert.X509Certificate[])req.getAttribute("javax.servlet.request.X509Certificate")
Federico Fernandez Cruz wrote:
That's was an example.
I allways get NULL for all calls regarding SSL, even with
String cipher =
(String)request.getAttribute("javax.servlet.request.cipher_suite");
or the key size example.
I know that code won't compile... My intention was pointing you to
the real problem... I can't access those variables.
Thanks!
Mark W. Webb wrote:
what is null? the certs object ? Why do you have the following 2
lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("org.apache.coyote.request.X509Certificate");
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be
my friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I
miss something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a
bug in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
JkUriSet worker ajp13:127.0.0.1:8009
JkUriSet worker ajp13:127.0.0.1:8009
JkUriSet worker ajp13:127.0.0.1:8009
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up
to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute("javax.servlet.request.cipher_suite");
Integer keysize =
(Integer)request.getAttribute("javax.servlet.request.key_size");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certifica
Re: Apache SSL again... those variables are getting me mad!
what is null? the certs object ? Why do you have the following 2 lines...
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("org.apache.coyote.request.X509Certificate");
do both of these methods return null?
Federico Fernandez Cruz wrote:
Sure! This is getting personal... ;-) Apache and Tomcat will not be my
friends anymore! :-D
Well, I'll try to be a little exhaustive just because sometimes I miss
something that is the real point of the question.
Let's go.
My target is an Apache + Tomcat integration using JK2.
Software!
Redhat 9.0
Apache 2.0.47 with modssl.
Tomcat 5.0.16.
JK2 2.0.2
This is what I have done:
1. Install apache properly. Configuration is in /etc/httpd
2. Install tomcat properly. /opt/jakarta-tomcat-5.0.16
3. Compile JK2 2.0.2 from jakarta-connectors because there is a bug
in the sources of tomcat that avoid recursivity in mappings like
/your_webapp/*
4. Configuration.
In httpd.conf I have added these lines:
#**
LoadModule jk2_module modules/mod_jk2.so
#**
My workers2.properties looks like this (/etc/httpd/workers2.properties)
[logger]
level=DEBUG
[config:]
file=/etc/httpd/conf/workers2.properties
debug=1
debugEnv=1
[uriMap:]
info=Maps the requests. Options: debug
debug=1
# Alternate file logger
[logger.file:0]
level=DEBUG
file=/var/log/httpd/jk2.log
[shm:]
info=Scoreboard. Required for reconfiguration and status with
multiprocess servers
file=/var/run/jk2.shm
size=100
debug=0
disabled=0
[workerEnv:]
info=Global server options
timing=1
debug=1
# Default Native Logger (apache2 or win32 )
# can be overriden to a file logger, useful
# when tracing win32 related issues
logger=logger.file:0
[channel.socket:127.0.0.1:8009]
info=Ajp13 forwarding over socket
debug=1
tomcatId=127.0.0.1:8009
[ajp13:127.0.0.1:8009]
channel=channel.socket:127.0.0.1:8009
[status:status]
info=Status worker, displays runtime informations
[vm:]
info=Parameters used to load a JVM in the server process
#JVM=C:\jdk\jre\bin\hotspot\jvm.dll
OPT=-Djava.class.path=${TOMCAT_HOME}/lib/tomcat-jni.jar;${TOMCAT_HOME}/server/lib/commons-logging.jar
OPT=-Dtomcat.home=${TOMCAT_HOME}
OPT=-Dcatalina.home=${TOMCAT_HOME}
OPT=-Xmx128M
#OPT=-Djava.compiler=NONE
disabled=1
[uri:/jkstatus/*]
info=Display status information and checks the config file for changes.
group=status:
worker=status:status
#*
In tomcat, my jk2.properties looks like this
#**
handler.list=request,container,channelSocket
channelSocket.port=8009
channelSocket.address=127.0.0.1
channelSocket.maxPort=port+10
#**
And in server.xml the jk connector is configured as this:
#**
#**
In my ssl.conf the configuration is: (UserMan is my web application)
#**
JkUriSet worker ajp13:127.0.0.1:8009
JkUriSet worker ajp13:127.0.0.1:8009
JkUriSet worker ajp13:127.0.0.1:8009
#**
I am using client authentication and everything goes fine. SSL
connection is OK and the server ask the web browser for a client
certificate. And my application is displayed properly! I am happy up
to this moment but...
What about asking for SSL parameters from my webapp?
I am doing something like this inside a JSP file:
String cipher =
(String)request.getAttribute("javax.servlet.request.cipher_suite");
Integer keysize =
(Integer)request.getAttribute("javax.servlet.request.key_size");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
String sessionId =
(String)request.getAttribute("javax.servlet.request.ssl_session");
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("org.apache.coyote.request.X509Certificate");
I ALLWAYS GET NULL!
What more can I do? Is there anybody that had succeded doing this?
What about developers?
Thanks in advance! And sorry for this long post, but...
Thanks again!
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
[OT] java 1.3 and Fedora
I am working on an old project using Sun JDK 1.3. I get an error message while using ant. The error is listed below: Error occurred during initialization of VM Unable to load native library: /usr/local/jdk1.3.1_08/jre/lib/i386/libjava.so: symbol __libc_wait, version GLIBC_2.0 not defined in file libc.so.6 with link time reference I have set the environment variable LD_ASSUME_KERNEL to 2.2.5. I even tried 2.4.1, as mentioned in an article I found online. Does anyone know how to get around this issue? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat & SSL ... more
Hart, Justin wrote: Is there a way to use SSL in tomcat without having to type the password to your keystore in plaintext in the server.conf file? Justin - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] you could write a C program to prompt for the password, and then use the Invocation API to lunch an embedded version of tomcat, whereby passing the password to the java class. This way, the password does not appear on the process list either. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL error -12229
James Rome wrote: I have installed Tomcat5 on Solaris in the Sun jwdsp-1.3. I created the certificates as per the instructions in the server.xml file, and uncommented the ssl server section. But when I try to connect to it, after the server presents me with its certificate, I get "error -12229" What is wrong? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] do you get this error from the browser? What browser are you using? Anything like this that I have seen had to do with the browser not having the proper cert, or trusted CA cert. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 as a static library
thanks for the info. I thought I looked at the INSTALL file and did not see anything. UNIXalways :) Christopher Schultz wrote: Mark, Thanks for getting back to me. Where can I get instructions for doing this? I can only find instructions for compiling the mod_jk2 as a shared object. Check the INSTALL file that came with the source code. It occurs to me that the instructions were pretty easy to follow. Of course, you'll also need the source code to Apache... I forgot to ask: are you using a UNIX flavor? I sure hope so, because win32 compiles are always such a pain. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: jk2 as a static library
Thanks for getting back to me. Where can I get instructions for doing this? I can only find instructions for compiling the mod_jk2 as a shared object. Christopher Schultz wrote: Mark, is it possible to compile mod_jk2 into apache statically? Absolutely! In fact, I would personally recommend it for any high-traffic production site. -chris - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
jk2 as a static library
is it possible to compile mod_jk2 into apache statically? ...thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
dropping upload of file too large
I have the ability to upload files using a servlet. I also enforce file size constraints, so people do not upload files that are too large. The problem is, that I cannot figure out how to determine the file size without uploading the file first. I could get the contentLength from the request, but won't things get messed up because the browser will have already started writing the data to tomcat/apache? Could I just close the ServletInputStream? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded Tomcat startup java class
Knowing that Tomcat is moving towards JMX, I was wondering if anyone has "ported" Embedded.java into the a format that will support the JMX integration. Knowing that there is a build.xml file that will launch tomcat in an embedded state, is there an equivalent .java file for doing this? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Embedded.java in Tomcat 5 - No Main
I am converting my program over from using Tomcat 4 to Tomcat 5. I wanted to try out the Embedded.java in the Tomcat 5 source, but there is no main function. I think this is a bug, since catalina.sh tries to call this class when trying to run in embedded mode. Anyone familiar with the embedded tomcat code ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [Off Topic] Ant OS conditionals
Mark W. Webb wrote: I have to compile some JNI stuff for tomcat, and the gcc compile is different for linux and solaris. Is there a way I can set this up in ant? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] figured it outthanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[Off Topic] Ant OS conditionals
I have to compile some JNI stuff for tomcat, and the gcc compile is different for linux and solaris. Is there a way I can set this up in ant? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: embedded tomcat 5
could you please give more information on the "JMX way". thanks Jean-Francois Arcand wrote: Shapira, Yoav wrote: Howdy, The docs are in the Embedded class' javadoc: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/ap ache/catalina/startup/Embedded.html It's largely the same for tomcat 5 as tomcat 4. There are several articles, references, etc online for using embedded tomcat 4: google. Or use the JMX way (only in Tomcat 5). The Embedded interface still work, but the JMX way is more easy (IMO). -- Jeanfrancois It's the same distribution (binary or source). Yoav Shapira Millennium ChemInformatics -Original Message- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 2:22 PM To: Tomcat Users List Subject: embedded tomcat 5 I want to used tomcat 5 in the embedded "format". Are there any docs/suggestions/hints to doing this? I especially want the source for this. Should I just use the standart tomcat 5 source tarball? thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: embedded tomcat 5
looking at the directory: http://ftp.epix.net/apache/jakarta/tomcat-5/v5.0.12-beta/bin/ there is more than one binary distribution. You have deployer, embed and standard. thank you for the help Shapira, Yoav wrote: Howdy, The docs are in the Embedded class' javadoc: http://jakarta.apache.org/tomcat/tomcat-5.0-doc/catalina/docs/api/org/ap ache/catalina/startup/Embedded.html It's largely the same for tomcat 5 as tomcat 4. There are several articles, references, etc online for using embedded tomcat 4: google. It's the same distribution (binary or source). Yoav Shapira Millennium ChemInformatics -Original Message----- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 21, 2003 2:22 PM To: Tomcat Users List Subject: embedded tomcat 5 I want to used tomcat 5 in the embedded "format". Are there any docs/suggestions/hints to doing this? I especially want the source for this. Should I just use the standart tomcat 5 source tarball? thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
embedded tomcat 5
I want to used tomcat 5 in the embedded "format". Are there any docs/suggestions/hints to doing this? I especially want the source for this. Should I just use the standart tomcat 5 source tarball? thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[slightly OT] Tomcat + JMS
I need to add some JMS functionality to my web app. I want to stick with Tomcat, since I have become very familiar with it, and like it. Has anyone had any experience with JMS and tomcat/servlets. I need to have a class/servlet recieve JMS messages. Thanks, - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: auto refresh pages and session timeout
I would like to see the code. Thank you. Peter Guyatt wrote: Hi There, I had a similar problem and basically started an internal timer that was only reset if the page requested was not the same as the previous page. I could forward you the code if required. Thanks Pete -Original Message- From: David Rees [mailto:[EMAIL PROTECTED] Sent: 06 October 2003 21:51 To: [EMAIL PROTECTED] Subject: Re: auto refresh pages and session timeout On Mon, October 6, 2003 1at 1:12 am, Mark W. Webb sent the following Is there a way to implement "" tag in HTML and still have the ability to timeout a session after X number of minutes ? Would there have to be some logic in place for the servlet that changes the session timeout for every refresh? Changing the JSP to not use a session might work: <[EMAIL PROTECTED] session="false"%> -Dave - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Is this still an issue with 4.1.24 ?
I came across this article and wondered if this is an issue with 4.1.24. Thanks for any thoughts on this issue. http://www.fawcette.com/javapro/2002_11/online/servletsjsp_bkurniawan_11_08_02/default_pf.aspx - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
auto refresh pages and session timeout
Is there a way to implement "" tag in HTML and still have the ability to timeout a session after X number of minutes ? Would there have to be some logic in place for the servlet that changes the session timeout for every refresh? thanks. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
tracking the download of a file
I am working on a program that checks the file download progress and audits the results. I have noticed with netscape browsers, that if a user starts downloading a file, and the "Save As" window comes up, there is a small amount ~200K worth of data that gets written to the browser. Is there a way to prevent this? Because if the file is small, less than 100K, I do not know if the user actually downloaded the entire file, or if they just cancelled the download. thanks in advance smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem with tomcat and ssl
...also, you do not need the ":8080" for https. it will default to port 443 Mark W. Webb wrote: do you have ssl turned on in apache? This is definitely an apache config issue [EMAIL PROTECTED] wrote: Greetings, This will work - http://placeanad.classifiedmarketplace.net:8080/AdWebster but this will not https://placeanad.classifiedmarketplace.net:8080/AdWebster - why is this? Thanks, Bobbie Bobbie Atristain Internet Systems Administrator Media General, INC. 804.649.6156 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Problem with tomcat and ssl
do you have ssl turned on in apache? This is definitely an apache config issue [EMAIL PROTECTED] wrote: Greetings, This will work - http://placeanad.classifiedmarketplace.net:8080/AdWebster but this will not https://placeanad.classifiedmarketplace.net:8080/AdWebster - why is this? Thanks, Bobbie Bobbie Atristain Internet Systems Administrator Media General, INC. 804.649.6156 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
load testing tomcat
does anyone have experience load testing tomcat? I am especially interested in mutually authenticate SSL load testing where tomcat runs in conjunction with apache 2.0.47. What tools are people using to test tomcat/apache? thank you. smime.p7s Description: S/MIME Cryptographic Signature
couple of questions concerning embedded tomcat 4.1.24
I have a few questions conceerning deploying a web application using an embedded version on tomcat 4.1.24 I hope someone can help me with 1. Is it possible to deploy a web app using a jar file? 2. Are any of the files in $TOMCAT/conf necessary if using an embedded tomcat? smime.p7s Description: S/MIME Cryptographic Signature
Re: performance of serving static data? apache or tomcat
Do you know of any load testing tools for apache/tomcat that support testing when a mutually authenticated SSL connnection is required ? Tim Funk wrote: yes and no. The browser makes a request to apache. Then the request is proxied to tomcat. When the servlet has been served, the browser issues a keep-alive and reuses the apache socket connection to get any other assets (such as images) needed. 2 requests, one connection. With the numerous speed improvements in tomcat 4.1 and 5 - there might not be much (if any) difference in speed for a low (relative term) volume site. You'll need to load test to see how things scale. -Tim [EMAIL PROTECTED] wrote: I am working on a servlet that will be served from tomcat which is connected to apache. Currently I have the servlet being handled by tomcat, and the image handled by apache. Won't this require 2 get requests by the browser? One being the image, and one being the servlet? Unfortunately, this is an SSL protected site and none of the pages are cached. So my question is, what is the best approach with performance in mind? What is the fasted way to get the image and dynamic HTML back to the browser ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] smime.p7s Description: S/MIME Cryptographic Signature
Re: Run as nonroot user
set reoadable to true Fabricio Machado wrote: Hi guys! I'm just starting work with Tomcat 4.1.24 and I want to run it with an unprivileged user. The webmasters are boring me every time they update some files in "webapps" directory... they ask me to shutdown/startup Tomcat... :-/ How can I solve this problem ? Some docs ? thanks, Fabricio. ___ Yahoo! Mail Mais espaço, mais segurança e gratuito: caixa postal de 6MB, antivÃrus, proteção contra spam. http://br.mail.yahoo.com/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I determine sessions within Tomcat?
All you need is the following in your context's web.xml file : my.own.SessionListener there should be an example in the examples context. That is where I got mine from Turansky, Mark wrote: ok, I see th session listener interface in the javadocs as well as the session event class. any advice regarding *how* I plug it into tomcat? Is your method a standard J2EE solution or will this be Tomcat specific? thanks for the quick reply, mark -Original Message- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 4:30 PM To: Tomcat Users List Subject: Re: How do I determine sessions within Tomcat? you would probably want to write a SessionListener, and plug it into tomcat. Turansky, Mark wrote: I am required to track users and their sessions in my web application. Is there a way to access all the sessions currently held in server memory? My application is tracking users in a database table. Upon login, I log the session id along with a timestamp and other pertinent information. If the user specifically clicks the "log out" button, I can update my table with another timestamp, but I assume many will simply timeout. How do I update my table with their logout timestamp in the event of timeout? I was hoping to make a simple maintenance thread in the background that would check existing sessions against my database table for this purpose. Thanks in advance, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: How do I determine sessions within Tomcat?
you would probably want to write a SessionListener, and plug it into tomcat. Turansky, Mark wrote: I am required to track users and their sessions in my web application. Is there a way to access all the sessions currently held in server memory? My application is tracking users in a database table. Upon login, I log the session id along with a timestamp and other pertinent information. If the user specifically clicks the "log out" button, I can update my table with another timestamp, but I assume many will simply timeout. How do I update my table with their logout timestamp in the event of timeout? I was hoping to make a simple maintenance thread in the background that would check existing sessions against my database table for this purpose. Thanks in advance, Mark - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: prompt for password at startup
how would this be handled at the OS level? Mike Curwen wrote: can that not be handled at an OS level? -Original Message- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Tuesday, July 08, 2003 3:23 PM To: [EMAIL PROTECTED] Subject: prompt for password at startup Is there an accepted way to prompt for a password upon startup of tomcat? thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: prompt for password at startup
what do you mean by "embedding" Tim Funk wrote: AFAIK, no Embedding tomcat would be the "simple" workaround. (But I have never embedded tomcat before) -Tim Mark W. Webb wrote: Is there an accepted way to prompt for a password upon startup of tomcat? thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
prompt for password at startup
Is there an accepted way to prompt for a password upon startup of tomcat? thanks - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL and URL rewriting problem
I am using 4.1.24 using mutually authenticated SSL, and having no problems with URL re-writing Mark Miller wrote: I am working on a web application for which one form must be submitted via HTTPS (while the rest of the application uses HTTP). When that one form is submitted (and URL rewriting is used for session tracking), the URL is not encoded, and the session does not survive. I have done much googling, and there are several postings that this has been fixed as of Tomcat 4.0 (we are on 4.1.18). Can someone clear this up for me? If it cannot be done this way, is there some way to switch protocols and still track sessions? Thanks, Mark Miller - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
help - problem loading classes on startup
If anyone could help me out, it would be greatly appreciated. I have been working this issue for 2 weeks and cannot figure out what the problem is. Thank you. Mark W. Webb wrote: I have wrote a C program that starts up tomcat using the Invocation API. The reason for this is so that I can prompt the user for a password that will open up a PKCS12 file If anyone has a better solution, please let me know). I have downloaded the tomcat 4.1.24, and commons-digester source and am trying to figure out why I cannot get my program to work. I have traced the problem to the Digester code. The Digeter class is having a problem finding classes : org.apache.catalina.core.StandardServer org.apache.catalina.deploy.NamingResources org.apache.catalina.deploy.ContextEnvironment When I turn on debugging in tomcat, I get the following output : ClassLoaderFactory:Including jar file /tmp/jakarta-tomcat-4.1.24-src/build/server/lib/catalina.jar which is where org.apache.catalina.core.StandardServer is, so I am confused. Although when I run tomcat in the standard way (startup.sh), all goes well. Could someone please help Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
problem loading classes on startup
I have wrote a C program that starts up tomcat using the Invocation API. The reason for this is so that I can prompt the user for a password that will open up a PKCS12 file If anyone has a better solution, please let me know). I have downloaded the tomcat 4.1.24, and commons-digester source and am trying to figure out why I cannot get my program to work. I have traced the problem to the Digester code. The Digeter class is having a problem finding classes : org.apache.catalina.core.StandardServer org.apache.catalina.deploy.NamingResources org.apache.catalina.deploy.ContextEnvironment When I turn on debugging in tomcat, I get the following output : ClassLoaderFactory:Including jar file /tmp/jakarta-tomcat-4.1.24-src/build/server/lib/catalina.jar which is where org.apache.catalina.core.StandardServer is, so I am confused. Although when I run tomcat in the standard way (startup.sh), all goes well. Could someone please help Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Tomcat security?
I can't believe that passwords for SSL are stored in the clear. That places all responsibility of security to the OS, which may not be a good idea. What happened to defense-in-depth ?? Nathan McMinn wrote: When was the last time Tomcat had a published exploit? On a related note, these kind of "contests" are fairly common, and usually don't produce any kind of real activity. --Nathan - Original Message - From: "Eugene Lee" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Sent: Thursday, July 03, 2003 10:51 AM Subject: Tomcat security? Anyone want to discuss hardening Tomcat servers? Hacking Contest Threatens Web Sites By George V. Hulme, InformationWeek Updated Wednesday, July 2, 2003, 3:00 PM EDT A hacking contest slated for this weekend could produce a rash of Web-site defacements worldwide, according to a warning issued Wednesday by security companies and government Internet security groups. The hacker defacement contest is expected to kick off on Sunday. The contest supposedly will award free hosting services, Web mail, unlimited E-mail forwarding, and a domain name of choice for the triumphant hackers, according to a Web site promoting the contest. ... More details at: http://www.internetweek.com/story/showArticle.jhtml?articleID=10818014 -- Eugene Lee http://www.coxar.pwp.blueyonder.co.uk/ - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
exporting certificate chain to tomcat
I have been researching this issue for a few days, and have come to the conclusion that apache 2.0.46 is not exporting the entire certificate chain to tomcat when I use mutually authenticated SSL. I have tried different configurations, and also some cgi-type programs to determine whether or not I am doing something wrong. So far, I have only been able to get apache to export the user certificate to tomcat. I want tomcat to have the entire certificate chain that was used in the SSL, and not just the user certificate. Does anyone know if this is a limitation of apache, a bug, or am I doing something wrong. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
prompting user for password at startup
Has anyone ever developed any code that would prompt a user for a password upon startup? I have read on the mailing list about many people configuring tomcat to perform mutually authenticated SSL, so I think a password would be required in order to open up the key information. How are people handling this? Any help would be greatly appreciated. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
writing JNI Invokation app in C to launch tomcat
I am writing a C program in Solaris 9 that will use the JNI Invocation API to launch tomcat. I am doing this because I want to prompt the user for a startup password that will open a PKCS12 file. I do not want the password echoed to the screen. My C program will load a class that I have written, take in the password to open the PKCS12 file, and then call org.apache.catalina.startup.Bootstrap.main( String[] args). I have looked at the catalina.sh file and am passing the following parameters into the JVM : -Djava.endorsed.dirs=/usr/local/tomcat/common/endorsed:/usr/local/tomcat/server/lib:/usr/local/tomcat/common/lib:/usr/local/tomcat/bin -Djava.class.path=/usr/java1.4/lib/tools.jar:/usr/local/tomcat/bin/bootstrap.jar:. -Dcatalina.base=/usr/local/tomcat -Dcatalina.home=/usr/local/tomcat -Djava.io.tmpdir=/usr/local/tomcat -Djava.library.path=/usr/java1.4/jre/lib/sparc I am running tomcat-4.1.24 binary distribution. java version "1.4.1_03" Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.1_03-b02) Java HotSpot(TM) Client VM (build 1.4.1_03-b02, mixed mode) I get the following error when I run my program. Any ideas would be greatly appreciated. Thank you. org.apache.commons.logging.LogConfigurationException: java.lang.NullPointerException at org.apache.commons.logging.LogFactory.newFactory(LogFactory.java:558) at org.apache.commons.logging.LogFactory.getFactory(LogFactory.java:355) at org.apache.commons.logging.LogFactory.getLog(LogFactory.java:409) at org.apache.commons.digester.Digester.(Digester.java:352) at org.apache.catalina.startup.Catalina.createStartDigester(Catalina.java:280) at org.apache.catalina.startup.Catalina.start(Catalina.java:441) at org.apache.catalina.startup.Catalina.execute(Catalina.java:400) at org.apache.catalina.startup.Catalina.process(Catalina.java:180) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:203) at my.class.startup.Startup.startup(Startup.java:21) Caused by: java.lang.NullPointerException at org.apache.commons.logging.LogFactory.newFactory(LogFactory.java:543) ... 13 more - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
prompting for password at tomcat startup
Hello - I have an SSL enabled system I am deploying using tomcat, and I would like to prompt the user for a password to open up an encrypted file. What is the easiest way to do this using tomcat 4.1.24 ? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
setting of session ID
I know that the setting of a session ID was taken out in servlet API 2.1, but is there a way to still set the session ID in tomcat 4.1.24? Is there some type of session manager that I can 'plug in' to tomcat ? ...thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question on creating a file download servlet
...thank you. Shapira, Yoav wrote: Howdy, Use the content-disposition header: http://www.onjava.com/pub/a/onjava/excerpt/jebp_3/index3.html Yoav Shapira Millennium ChemInformatics -Original Message- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Monday, June 09, 2003 3:34 PM To: [EMAIL PROTECTED] Subject: question on creating a file download servlet I need to write a servlet that handles file downloads, so that I can audit who downloaded from where, when..etc. When I click on the link to download a file, the "Save As" window comes up in my browser(Netscape), and as a default filename I get the servlet name. Is there a way to list the actual filename in the "Save As" window ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
question on creating a file download servlet
I need to write a servlet that handles file downloads, so that I can audit who downloaded from where, when..etc. When I click on the link to download a file, the "Save As" window comes up in my browser(Netscape), and as a default filename I get the servlet name. Is there a way to list the actual filename in the "Save As" window ? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: Issuing self-signed certificates to users for SSLv3
openssl is what I have been using. PS. If you are doing SSL using a tomcat connector, I could use some help. My servlets can only get the user's certificate when I run tomcat in stand-alone mode. I would like it if apache could handle the SSL, and pass of servlet processing to tomcat. [EMAIL PROTECTED] wrote: Hi there, I know it's not absolutely tomcat-specific, but maybe another Tomcat-user has come across this issue. We want to set up a Certificate Authority and issue self-signed certificates to users which then will use SSLv3 client certificate authentication to authenticate with Tomcat. Does anybody know an easy tool to generate certificates and package them into PKCS #12 files (PFX-files, password-protected). Thanks alot Johannes -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL
need more information. Galbayar Dorjgotov wrote: How to export private keystore file to a OpenSSL pem file? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
error while adding connector in admintool
I get the following error message when I try and add an AJP connector using the admin tool. HTTP Status 400 - Invalid path /connector/AddConnector was requested type Status report message Invalid path /connector/AddConnector was requested description The request sent by the client was syntactically incorrect (Invalid path /connector/AddConnector was requested). Can someone tell me what I am doing wrong ? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: getting browser certificate into servlet
any help you could give me would be greatly appreciated. I have tried
the changes you specify below, and am getting the same errors. I think
I am close, everything seems to work, except for getting the browser
cert into my servlet.
Thank you for all of your help!!
Ramsay Domloge wrote:
"SSLVerifyClient require" in httpd.conf
Also, you will have to specify the SSLCACertificate which must have
signed the user cert, and you probably want to specify the
SSLVerifyDepth as "1".
If you need any further help just ask - I am getting quite familiar
with the fun and games of setting up Apache SSL with Tomcat..!
Beware that there is/was a bug with Tomcat which caused Tomcat to
explode when converting the certificate bytes into a Certificate
object. This has been patched by Thorvald. He also was good enough to
send me a patched JAR which I can send to you if you would like.
Ramsay
Mark W. Webb wrote:
I have the code that you specified working. The problem is that the
request.getAttribute("javax.servlet.request.X509Certificate") call is
returning null. This leads me to believe that apache is only
performing server authentication. But netscape asks me for the
password for the key information. If netscape is asking for this
information, it must be opening up my key information to send to apache.
You mentioned that I have to configure apache to request the cert.
How do I get apache to do this? I thought I would just specify
+ExportCertData. Is there anything else ? I have tomcat 4.1.24
running with apache 2.0.44. thank you for your help.
Bill Barker wrote:
Well, the basics are simple:
import java.security.cert.X509Certificate;
.
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
Now comes the hard part :-). certs[0] is always the clients
certificate.
For the HTTP/1.1 connector (Coyote or otherwise), the remaining
elements in
the array are the signers. For the Ajp13 connector (Coyote or
otherwise),
certs.length = 1, and the signers are not available. Also, if you
haven't
separately configured Apache/IIS/iPlanet to request the cert, then
certs ==
null.
"Mark W. Webb" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I need to get the user certificate that the user's browser sends to
the
server in order to set up a mutually authenticated SSL connection.
Will
a non-SSL connector be able to perform this if I run tomcat with
apache
2.0.44?
Does anyone have any experience with SSL and tomcat? I am having a
really hard time with this. I would appreciate it greatly if someone
could help me out with this.
Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
A R K E M E D I A T E C H N O L O G I E S L T
D
VIEW POINTBASING VIEWBASINGSTOKEHAMPSHIRERG21
4RG
http://www.arkemedia.com
mailto:[EMAIL PROTECTED]
Tel : +44 1256 869 200 Fax : +44 1256 329
119
The information in this e-mail and in any attachments is confidential
and is intended solely for the attention and use of the named
addressee(s).
If you are not the intended recipient, or a person responsible for
passing it on to the intended recipient, you are not authorised to
hold a copy of this information and you must therefore not disclose,
copy, distribute, or retain this message or any part of it.
MAILTO:[EMAIL PROTECTED]
-
To unsubscribe,
Re: getting browser certificate into servlet
I have the code that you specified working. The problem is that the
request.getAttribute("javax.servlet.request.X509Certificate") call is
returning null. This leads me to believe that apache is only performing
server authentication. But netscape asks me for the password for the
key information. If netscape is asking for this information, it must be
opening up my key information to send to apache.
You mentioned that I have to configure apache to request the cert. How
do I get apache to do this? I thought I would just specify
+ExportCertData. Is there anything else ? I have tomcat 4.1.24 running
with apache 2.0.44.
thank you for your help.
Bill Barker wrote:
Well, the basics are simple:
import java.security.cert.X509Certificate;
.
X509Certificate [] certs = (X509Certificate
[])request.getAttribute("javax.servlet.request.X509Certificate");
Now comes the hard part :-). certs[0] is always the clients certificate.
For the HTTP/1.1 connector (Coyote or otherwise), the remaining elements in
the array are the signers. For the Ajp13 connector (Coyote or otherwise),
certs.length = 1, and the signers are not available. Also, if you haven't
separately configured Apache/IIS/iPlanet to request the cert, then certs ==
null.
"Mark W. Webb" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
I need to get the user certificate that the user's browser sends to the
server in order to set up a mutually authenticated SSL connection. Will
a non-SSL connector be able to perform this if I run tomcat with apache
2.0.44?
Does anyone have any experience with SSL and tomcat? I am having a
really hard time with this. I would appreciate it greatly if someone
could help me out with this.
Thank you.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--
Mark Webb
Software Engineer
Dolphin Technology
474 Phoenix Drive
Rome, NY 13441-4911
Phone : 315.838.7000
: 315.838.7024
Fax : 315.838.7096
Email : [EMAIL PROTECTED]
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
getting browser certificate into servlet
I need to get the user certificate that the user's browser sends to the server in order to set up a mutually authenticated SSL connection. Will a non-SSL connector be able to perform this if I run tomcat with apache 2.0.44? Does anyone have any experience with SSL and tomcat? I am having a really hard time with this. I would appreciate it greatly if someone could help me out with this. Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
jk2 and SSL
I am trying to set up JK2 to support SSL. I have a test servlet that I run in tomcat and on a call to HttpServletRequest.isSecure(), it returns true. The problem is that I get the following exception in catalina.out: Apr 2, 2003 1:57:06 PM org.apache.commons.modeler.Registry loadRegistry INFO: Loading registry information Apr 2, 2003 1:57:07 PM org.apache.commons.modeler.Registry getRegistry INFO: Creating new Registry instance Apr 2, 2003 1:57:09 PM org.apache.commons.modeler.Registry getServer INFO: Creating MBeanServer Starting service Tomcat-Standalone Apache Tomcat/4.1.24 Apr 2, 2003 1:57:21 PM org.apache.jk.common.ChannelSocket init INFO: JK2: ajp13 listening on /0.0.0.0:8009 Apr 2, 2003 1:57:21 PM org.apache.jk.server.JkMain start INFO: Jk running ID=0 time=2/156 config=/usr/local/tomcat/conf/jk2.properties Apr 2, 2003 1:57:24 PM org.apache.jk.server.JkCoyoteHandler action SEVERE: Certificate convertion failed java.security.cert.CertificateException: Unable to initialize, java.io.IOException: insufficient data at sun.security.x509.X509CertImpl.(X509CertImpl.java:289) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:94) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:389) at org.apache.jk.server.JkCoyoteHandler.action(JkCoyoteHandler.java:395) at org.apache.coyote.Response.action(Response.java:222) at org.apache.coyote.tomcat4.CoyoteAdapter.postParseRequest(CoyoteAdapter.java:310) at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:221) at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:261) at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:360) at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:604) at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:562) at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:679) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619) at java.lang.Thread.run(Thread.java:536) Caused by: java.io.IOException: insufficient data at sun.security.util.DerInputBuffer.truncate(DerInputBuffer.java:108) at sun.security.util.DerValue.(DerValue.java:249) at sun.security.util.DerInputStream.getDerValue(DerInputStream.java:358) at sun.security.x509.X509CertImpl.parse(X509CertImpl.java:1608) at sun.security.x509.X509CertImpl.(X509CertImpl.java:286) ... 13 more can someone help me to figure out what I am doing wrong? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
PKCS12 is a certificate storage file type. look at "openssl pkcs12" Jan Fetyko wrote: Sorry for the dump question but what is pkcs12 ? And how did you use the certification files with that ? Jf On Wed, 02 Apr 2003 10:34:34 -0500 "Mark W. Webb" <[EMAIL PROTECTED]> wrote: I ended up using a pkcs12 file instead of a java keystore. Not sure if this helps, but it looks like you are using openssl, so you should be able to use the openssl command line tools. Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Jan Fetyko ScriptFighter Phase 2 Development 4100 Perimeter Center, #310 Oklahoma City OK 73112 email: [EMAIL PROTECTED] (p) 405.917.3777 (p) direct line: 405.917.3779 (url) http://www.phase2online.com "Oklahoma City's fastest growing web development company" Today's "fortune": Kirk to Enterprise -- beam down yeoman Rand and a six-pack. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: SSL problem
I ended up using a pkcs12 file instead of a java keystore. Not sure if this helps, but it looks like you are using openssl, so you should be able to use the openssl command line tools. Giulia Hill wrote: Following the How-to, I have almost successfully activated SSL on tomcat 4.1. The problem I'm having is that I can't load the Verisign certificate, a certificate which I already have and that I'm using with Apache. this is what I have done % keytool -genkey -alias tomcat -keyalg RSA -keystore ./.keystore and entered the values of CN etc. as they appear also on the certificate I have downloaded the verisign.crt from the site indicated on the docs % keytool -import -alias root -keystore ./.keystore -trustcacerts -file verisign.crt However if I use my certificate as it is, I get the error % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.crt java.io.IOException: DerInputStream.getLength(): lengthTag=127, too big.at sun.security.util.DerInputStream.getLength(DerInputStream.java:513) I thougth it could be that the certificate was not in X509 format, so I have done the conversion as % /opt/openssl-0.9.6b/apps/openssl x509 -outform DER -in sunsite2.crt -out sunsite2.X509.crt But, when I try to load it into the keystore I get the error: % keytool -import -alias tomcat -keystore ./.keystore -trustcacerts -file sunsite2.X509crt keytool error: java.lang.Exception: Public keys in reply and keystore don't match What am I doing wrong? Generating a new certificate is not an option since we have already paid for the current one, so I need to be able to use what I already have Thank for your suggestions, Giulia - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
which connector to use in order to get client cert
Is there a way to have a servlet get the client certificate that was used to connect to apache? I have tomcat 4.1.24 running as the backend to apache 2.0.44. Clients set up a mutually authenticated SSL connection to apache, and all servlet requests get forwarded to tomcat. What connector should I use in order to allow the forwarding of not only the servlet request, but also the certificate so that the servlet can identify the user? thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: question on storing application level config information
thanks for the information. The serialized files would have a mapping from file->class. This would make the deserialization simple. Thank you for the information. This is what I had designed, but was hoping that tomcat had some way of telling the servlets to reload configuration information. Shapira, Yoav wrote: Howdy, It'd be very difficult for this mechanism to figure out what the object type in your serialized files is, wouldn't it? ;) What you can do: - Deserialize the files on startup, into some object (let's call it MyServletConfig). - Write or use (they are a dime a dozen out there) a FileWatchdog, which checks a file every x seconds to see if it has been modified. If so, it sends an event to your MyServletConfig or somewhere else, which re-reads the servlet config. Yoav Shapira Millennium ChemInformatics -Original Message----- From: Mark W. Webb [mailto:[EMAIL PROTECTED] Sent: Monday, March 31, 2003 9:55 AM To: [EMAIL PROTECTED] Subject: question on storing application level config information I have some config information that I set up for my servlets. This information is stored in serialized files. I will need my servlets to access this information in their normal processing. Is there some mechanism either in the servlet API or tomcat that will allow me to 'cache' this information and dynamically update the information as the serialized files are changed? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. -- Mark Webb Software Engineer Dolphin Technology 474 Phoenix Drive Rome, NY 13441-4911 Phone : 315.838.7000 : 315.838.7024 Fax : 315.838.7096 Email : [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
question on storing application level config information
I have some config information that I set up for my servlets. This information is stored in serialized files. I will need my servlets to access this information in their normal processing. Is there some mechanism either in the servlet API or tomcat that will allow me to 'cache' this information and dynamically update the information as the serialized files are changed? Thank you. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: mutual SSL authentication
Is there a way that I can have apache handle all of the SSL? This would allow tomcat to only handle the servlet processing. Also, if there is a way to do this, could tomcat still get the user certificate information? I do not want to get into storing client certs in the cacerts file. I am using tomcat in a PKI environment. If there are thousands of users accessing tomcat, this would mean that I would need to import 1000's of certs into this file. Thanks... Janne Ruuttunen wrote: Hi Mark, you need to use a Coyote HTTP1.1 connector, configured to use a org.apache.coyote.tomcat4.CoyoteServerSocketFactory with the clientAuth property set to true. See the Coyote part in the config reference. I agree that more should be said about this in the SSL howto. Note that Java validates the client certs against the CA keystore in $JAVA_HOME/jre/lib/security/cacerts. Hope this helps, Janne - Original Message - From: "Mark W. Webb" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 28, 2003 11:04 PM Subject: mutual SSL authentication How can I set up SSL on tomcat 4.1 that will allow the server and client to authenticate each other? from what I can tell, it looks like the SSL-HOWTO only addresses server authentication. I have this set up on apache, would I be better off just running tomcat on top of apache? thanks... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
mutual SSL authentication
How can I set up SSL on tomcat 4.1 that will allow the server and client to authenticate each other? from what I can tell, it looks like the SSL-HOWTO only addresses server authentication. I have this set up on apache, would I be better off just running tomcat on top of apache? thanks... - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
getting a context to run in SSL mode only
Is there a way to make a context run in SSL mode only? I can get the context to work in both. The context is also an apache SSL based virtual host. Should that matter? -- Mark Webb Dolphin Technology 1300B Floyd Ave Rome, NY 13440 Phone: (315) 334-4892 x222 Fax: (315) 339-4846 Email: [EMAIL PROTECTED]
classpath question
I have placed a prop.properties file in the WEB_INF/lib directory of my tomcat context. The servlet keep throwing an Exception saying that it cannot find the ResourceBundle. Where should I place this file? From what I have read, the prop.properties file should go into the WEB-INF/lib directory. Where exactly should this file go?? thanks for the help in advance
classpath question
I have placed a prop.properties file in the WEB_INF/lib directory of my tomcat context. The servlet keep throwing an Exception saying that it cannot find the ResourceBundle. Where should I place this file? From what I have read, the prop.properties file should go into the WEB-INF/lib directory. Where exactly should this file go?? thanks for the help in advance
error loading ResourceBundle in servlet
I have placed a .properties file in my TOMCAT_HOME/lib directory, and I get and error saying that it cannot find the .properties file. Is this the right place to put it? I have modified the SnoopServlet servlet to print out the claspath and that looks fine. The property file is in the classpath, and the SnoopServlet is in the same directory as the servlet that is trying to access the ResourceBundle. ...thanks for the help.
how can I get site wideSSL only
What do I do in order to get SSL only for the tomcat contexts? I have set up a SSL virtual host in apache, and my context points to the same directory for tomcat. The servlets and JSP load fine, but they load fine in http and https. I only want to be able to run the servlets and JSP in https. Anyone have any pointers
getting a context to run in SSL mode only
Is there a way to make a context run in SSL mode only? I can get the context to work in both. The context is also an apache SSL based virtual host. Should that matter? -- Mark Webb Dolphin Technology 1300B Floyd Ave Rome, NY 13440 Phone: (315) 334-4892 x222 Fax: (315) 339-4846 Email: [EMAIL PROTECTED]
admin username and password
I want to use the admin username and password, but I do not know what they are. Where can I find this information ?? -- Mark Webb Dolphin Technology 1300B Floyd Ave Rome, NY 13440 Phone: (315) 334-4892 x222 Fax: (315) 339-4846 Email: [EMAIL PROTECTED]
more information on SSL problems....
I am getting the following errors when I try and load a servlet from the webapps/servlets directory... 2001-03-19 09:23:06 - Ctx( /servlets ): 404 R( /servlets +/HelloWorldExample + null) null 2001-03-19 09:24:29 - Ctx( /servlets ): 404 R( /servlets + /SessionExample + null) null Here is the mod_jk.log file when I try and load the HelloWorldExample servlet: [jk_uri_worker_map.c (344)]: Into jk_uri_worker_map_t::map_uri_to_worker [jk_uri_worker_map.c (406)]: jk_uri_worker_map_t::map_uri_to_worker, Found a match ajp13 [jk_worker.c (123)]: Into wc_get_worker_for_name ajp13 [jk_worker.c (127)]: wc_get_worker_for_name, done found a worker [jk_ajp13_worker.c (653)]: Into jk_worker_t::get_endpoint [jk_ajp13_worker.c (538)]: Into jk_endpoint_t::service [jk_ajp13.c (346)]: Into ajp13_marshal_into_msgb [jk_ajp13.c (480)]: ajp13_marshal_into_msgb - Done [jk_connect.c (108)]: Into jk_open_socket [jk_connect.c (115)]: jk_open_socket, try to connect socket = 11 [jk_connect.c (124)]: jk_open_socket, after connect ret = 0 [jk_connect.c (132)]: jk_open_socket, set TCP_NODELAY to on [jk_connect.c (140)]: jk_open_socket, return, sd = 11 [jk_ajp13_worker.c (166)]: In jk_endpoint_t::connect_to_tomcat, connected sd = 11 [jk_ajp13.c (527)]: ajp13_unmarshal_response: status = 404 [jk_ajp13.c (534)]: ajp13_unmarshal_response: Number of headers is = 2 [jk_ajp13.c (576)]: ajp13_unmarshal_response: Header[0] [Content-Type] = [text/html] [jk_ajp13.c (576)]: ajp13_unmarshal_response: Header[1] [Content-Length] = [201] [jk_ajp13_worker.c (491)]: Into jk_endpoint_t::done
Re: Tomcat SSL context or directory
here are a few notes on where I am. 1. I have noticed that in the conf/jni_server.xml file, I have an entry that points to a file c:/jakarta-tomcat/bin/win32/i386/jni_connect.dll. I am running in linux, do this obviously is no good. I cannot find a linux equivalent to this file. The contect of this file in the jni_server.xml file is : 2. shoud each directory or servlet/jsp be a context? I see that when I startup tomcat, some servlets are loaded as contexts. 3. Here is s line from my /var/log/httpd/error_log file that I don't understand: [Mon Mar 19 07:39:14 2001] [error] [client 127.0.0.1] File does not exist: /usr/local/bin/tomcat/webapps/examples/HelloWorldExample when I do a ls -l /usr/local/bin/tomcat/webapps/examples/HelloWorldExample.class, it says that the file is there. And examples is a context: 2001-03-19 07:36:01 - ContextManager: Adding context Ctx( /examples ) so does anyone have any ideas as to what I am doing wrong. PS, html files load find in SSL mode from apache. thanks for the help !!
Re: Tomcat SSL context or directory
I am not sure how you can set up SSL for only certain context sections. If you use virtual hosts in apache you should be able to set up different directories with different security levels. This is what I am trying to do, but the virtual host in apache cannot server jsp or servlets right now. On Sunday 18 March 2001 02:42, you wrote: > I got Tomcat and SSL working great. However, I am wondering if it is > possible to use SSL in a specific directory only. As it is right now, the > whole site can be SSL, but what if I only want certain directory or > ? Without using Apache as well. Any thoughts? > > Thanks, > Tu-Thach Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1" Content-Transfer-Encoding: quoted-printable Content-Description:
tomcat 4.0b1 and SSL
I am trying to get SSL working with tomcat. I have been unsuccessful in getting tomcat 3.2.1 to work with SSL, I can get apache to use SSL, and I can get tomcat 3.2.1 to work with servlets and JSP(See posting from earlier today). My question is, is tomcat4 going to be any easier or better to work with SSL? I really want this to work and have been trying for the past 3 days almost nonstop to get this project going. I am looking at the tarball and do not see any SSL information or docs imilar to tomcat 3.2.1 in it. So if anyone could help out, it would be greatly appreciated.
SSL confiruation problems
Hello, I am trying to set up tomcat to work with apache in serving SSL based servlets. I have installed tomcat 3.2.1, and apache-1.3.14-11. I have also installed mod_ssl-2.7.1-11, and tomcat-mod-3.2.1-1. I start up tomcat, then apache, and I can load web pages(.html files) from the virtual host specified in httpd.conf, but cannot load any servlets, or jsp pages. I get the following error messages in the /var/log/httpd/error_log file : fri Mar 16 23:55:07 2001] [error] [client 127.0.0.1] File does not exist: /usr/local/bin/tomcat/webapps/HelloWorldExample although, when I do a ls -l /usr/local/bin/tomcat/webapps/HelloWorldExample.class, I get ls -l /usr/local/bin/tomcat/webapps/HelloWorldExample.class -rw-r--r--1 root root 2110 Feb 11 23:11 /usr/local/bin/tomcat/webapps/HelloWorldExample.class Also, I am getting the following error message in /var/log/httpd/mod_jk.log : [jk_uri_worker_map.c (344)]: Into jk_uri_worker_map_t::map_uri_to_worker [jk_uri_worker_map.c (434)]: jk_uri_worker_map_t::map_uri_to_worker, done without a match can someone help me to get servlets working, I would really appreciate the help. .thanks
