tomcat secure

2001-06-06 Thread Phillip Gibb 

Hi,

I have a problem running tomcat with security manager, i.e. with the second
parameter "-security" added to startup.bat.

I edited the tomcat.policy file to contain all the directories that my web
app uses (like all the directorie under and including the context)

but I keep getting the following when I startup : 


2001-06-06 03:24:37 - PoolTcpConnector: Starting HttpConnectionHandler on
8080
FATAL:java.io.IOException: access denied (java.security.SecurityPermission
putProviderProperty.SunJSSE)
java.io.IOException: access denied (java.security.SecurityPermission
putProviderProperty.SunJSSE)
at
org.apache.tomcat.net.SSLSocketFactory.initProxy(SSLSocketFactory.java:191)
at
org.apache.tomcat.net.SSLSocketFactory.createSocket(SSLSocketFactory.java:11
8)
at
org.apache.tomcat.service.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoint.java
:239)
at
org.apache.tomcat.service.PoolTcpConnector.start(PoolTcpConnector.java:188)
at
org.apache.tomcat.core.ContextManager.start(ContextManager.java:527)
at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:202)
at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)

any ideas

Phill

RE: problems with sendRedirect() on relative path

2001-06-06 Thread Phillip Gibb 

try using getContext() and getRequestDispatcher() and then include(req, res)

you can set a context in the server.xml to point to a directory where you
keep these static pages eg "staticPages" with the path set to
"c:\staticPages"

then using the
config.getContext("/staticPages").getRequestDispatcher().include 'or
forward' (request, response)

will forward to the or include the static page

this is not the same as redirect but it's just another suggestion that might
help

Phill

-Original Message-
From: Ofer Baranes [mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 12:45
To: '[EMAIL PROTECTED]'
Subject: problems with sendRedirect() on relative path



 Hi 
 I am tring to use the HttpServletResponse sendRedirect() method to show a
static page but i can't use relative path  only static path (which include
the context).The problem occure because of the default '/servlet' prefix
which is used on tomcat conf\servel.xml.This  default prefix force that each
accses to servlet will contain the /servlet on the URI.
Does anyone know how to solve that ?

RE: Where to Place Bean files

2001-06-06 Thread Phillip Gibb 

to make things simplier change F:\jakarta-tomcat-3.2.1\jakarta-tomcat-3.2.1
to f:\tomcat

and make sure that TOMCAT_HOME is set to f:\tomcat

don't place them into WEB-INF\jsp\bean, put them into WEB-INF\classes. and
if they are package (eg jsp.bean) then place them in
WEB-INF\classes\jsp\bean

phill

-Original Message-
From: Manish Bhatnagar [mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 08:59
To: [EMAIL PROTECTED]
Subject: Re: Where to Place Bean files


Hello all!
I am facing the same problem. I created a bean that I am using in a JSP.
The JSPs are in
F:\jakarta-tomcat-3.2.1\jakarta-tomcat-3.2.1\webapps\manish\jsp

I tried putting the Bean in the same directory where my JSP is present. It
doesn't work. Also I placed it in

E:\jakarta-tomcat-3.2.1\jakarta-tomcat-3.2.1\webapps\manish\WEB-INF\jsp\bean
s
but that too of no avail.

Any suggestions?
Manish
- Original Message -
From: Hemant Singh <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, June 06, 2001 12:21 PM
Subject: Where to Place Bean files


> HI ALL:
> Where do i need to place the JSP bean which i m going
> to use in JSP files.
> Cheers
>
> __
> Do You Yahoo!?
> Get personalized email addresses from Yahoo! Mail - only $35
> a year!  http://personal.mail.yahoo.com/

RE: Where to Place Bean files

2001-06-05 Thread Phillip Gibb 

JSP Bean? don't you mean java bean, in that case use the  tag,
and you can place it anywhere in the page so long as you insert it before
any reference to the bean. It is good design to put it at the top.

be sure to place the java bean in the WEB-INF/classes dir of the context
that you are working with.

If you actually mean JSP Bean, then tell me more, I've never heard of this
before.

Phill

-Original Message-
From: Hemant Singh [mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 08:52
To: [EMAIL PROTECTED]
Subject: Where to Place Bean files


HI ALL:
Where do i need to place the JSP bean which i m going
to use in JSP files.
Cheers

__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

RE: file not gopund error..

2001-06-05 Thread Phillip Gibb 

Hi,

If you are running Apache then look at where your document Root is pointing
to in httpd.conf
there you must place your welcome file and any none jsp stuff.

also add you welcome file in httpd.conf if you don't want to type it when
going to your web site.

In an Apache-tomcat environment the jsps will be handled by tomcat(dynamic)
and the "normal" html and images, etc by apache(static)

In windows : check that your welcome file is added to the web.xml config
file in tomcat\conf\ (right at the bottom)

sorry I know nothing of war files

Phill

-Original Message-
From: vinod watni [mailto:[EMAIL PROTECTED]]
Sent: 06 June 2001 07:54
To: [EMAIL PROTECTED]
Subject: file not gopund error..





  hi friends ,

i tried to create the drectory structure as bellow

   " purejsp "

   "purejsp/web-inf"

  : purejsp/web-inf/classes"  in the webpages
directory.

  i did put some html and jsp pages in purejsp
directory and added purejsp in context path in
server.xml file.
  this i did as given in purejsp book , but when i try
to access the file from brouser i get error 404.  I
restarted the and tried but dosent work ?/

  where should  i  put my html , jsp and classes ,
beans intomact ???

  how can i create a web application without making
war file ???


 regards
 vinod

__
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

Tomcat with secuirity manager

2001-06-05 Thread Phillip Gibb 

Running tomcat with the -security option gives me the following exception :

FATAL:java.io.IOException: access denied (java.security.SecurityPermission
putPr
oviderProperty.SunJSSE)
java.io.IOException: access denied (java.security.SecurityPermission
putProvider
...

I take it that the tomcat.policy file is the culprit because that is where
the permissions are granted.

But I tried to edit this file and give myself permissions to the context
dir, it did not work.

Must I specify every subdirectory?

Thanks

Phill

RE: ssl handshake failure

2001-06-05 Thread Phillip Gibb 

but I am using a windows pc (for development purposes), so I don't have
Apache running. Later I am going over to linux.

-Original Message-
From: Tim O'Neil [mailto:[EMAIL PROTECTED]]
Sent: 05 June 2001 05:39
To: [EMAIL PROTECTED]
Subject: Re: ssl handshake failure


When it happened to me the cause (non-specifically, I
didn't spend a lot of time investigating it) was
because I was trying to use a regular (or not self-signed)
cert. I solved the problem by switching to Apache +
Tomcat as a platform. I personally found the combo much
easier ssl enable than Tomcat alone.

At 03:39 PM 6/5/2001 +0200, you wrote:
>Hi,
>
>reading further into the Java Secure Socket Extention I found a usfull
>command "-Djavax.net.debug=all", while I appending to the line in
tomcat.bat
>that starts the server.
>The result is a lot of information, it tells me further what my error
>actually is:
>i.e a handshake failure
>
>here is the screen dump :
>
>[read] MD5 and SHA1 hashes:  len = 3
>: 01 03 01   ...
>[read] MD5 and SHA1 hashes:  len = 67
>: 00 2D 00 00 00 10 8F 80   01 80 00 03 80 00 01 81  .-..
>0010: 00 01 81 00 03 82 00 01   00 00 64 00 00 62 00 00  ..d..b..
>0020: 03 00 00 06 83 00 04 84   28 40 02 00 80 04 00 80  (@..
>0030: 00 00 63 D5 76 DE 3D 71   3A 61 49 18 69 E3 70 AF  ..c.v.=q:aI.i.p.
>0040: 66 81 32   f.2
>Thread-20, READ:  SSL v2, contentType = 22, translated length = 53
>*** ClientHello, v3.1
>RandomCookie:  GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 213,
>118, 222, 61, 113
>, 58, 97, 73, 24, 105, 227, 112, 175, 102, 129, 50 }
>Session ID:  {}
>Cipher Suites:  { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99 }
>Compression Methods:  { 0 }
>***
>%% Created:  [Session-2, SSL_NULL_WITH_NULL_NULL]
>Thread-20, SEND SSL v3.1 ALERT:  fatal, description = handshake_failure
>Thread-20, WRITE:  SSL v3.1 Alert, length = 2
>2001-06-05 03:32:49 - Ctx(  ): 400 R( /) null
>2001-06-05 03:32:49 - Ctx(  ): IOException in: R( /) Socket closed
>
>does anyone have an idea as to why this is and maybe how I can overcome
>this?
>
>Phill

Secure tomcat

2001-06-05 Thread Phillip Gibb 

Hi,

if I try to run secure tomcat I get the following : 


FATAL:java.io.IOException: access denied (java.security.SecurityPermission
putPr
oviderProperty.SunJSSE)
java.io.IOException: access denied (java.security.SecurityPermission
putProvider
Property.SunJSSE)
at
org.apache.tomcat.net.SSLSocketFactory.initProxy(SSLSocketFactory.jav
a:191)
at
org.apache.tomcat.net.SSLSocketFactory.createSocket(SSLSocketFactory.
java:118)
at
org.apache.tomcat.service.PoolTcpEndpoint.startEndpoint(PoolTcpEndpoi
nt.java:239)
at
org.apache.tomcat.service.PoolTcpConnector.start(PoolTcpConnector.jav
a:188)
at
org.apache.tomcat.core.ContextManager.start(ContextManager.java:527)
at org.apache.tomcat.startup.Tomcat.execute(Tomcat.java:202)
at org.apache.tomcat.startup.Tomcat.main(Tomcat.java:235)

I guess I have to set the permissions on the tomcat.policy file, I did that
(indicting the directory of the context that I was working in) ...but still
nothing

is there somethings else I must do?

Phill

ssl handshake failure

2001-06-05 Thread Phillip Gibb 

Hi,

reading further into the Java Secure Socket Extention I found a usfull
command "-Djavax.net.debug=all", while I appending to the line in tomcat.bat
that starts the server.
The result is a lot of information, it tells me further what my error
actually is:
i.e a handshake failure

here is the screen dump :

[read] MD5 and SHA1 hashes:  len = 3
: 01 03 01   ...
[read] MD5 and SHA1 hashes:  len = 67
: 00 2D 00 00 00 10 8F 80   01 80 00 03 80 00 01 81  .-..
0010: 00 01 81 00 03 82 00 01   00 00 64 00 00 62 00 00  ..d..b..
0020: 03 00 00 06 83 00 04 84   28 40 02 00 80 04 00 80  (@..
0030: 00 00 63 D5 76 DE 3D 71   3A 61 49 18 69 E3 70 AF  ..c.v.=q:aI.i.p.
0040: 66 81 32   f.2
Thread-20, READ:  SSL v2, contentType = 22, translated length = 53
*** ClientHello, v3.1
RandomCookie:  GMT: 0 bytes = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 213,
118, 222, 61, 113
, 58, 97, 73, 24, 105, 227, 112, 175, 102, 129, 50 }
Session ID:  {}
Cipher Suites:  { 0, 100, 0, 98, 0, 3, 0, 6, 0, 99 }
Compression Methods:  { 0 }
***
%% Created:  [Session-2, SSL_NULL_WITH_NULL_NULL]
Thread-20, SEND SSL v3.1 ALERT:  fatal, description = handshake_failure
Thread-20, WRITE:  SSL v3.1 Alert, length = 2
2001-06-05 03:32:49 - Ctx(  ): 400 R( /) null
2001-06-05 03:32:49 - Ctx(  ): IOException in: R( /) Socket closed

does anyone have an idea as to why this is and maybe how I can overcome
this?

Phill

Socket closed in https session

2001-06-05 Thread Phillip Gibb 

Hi,

I have generated a keystore and a certificate, I have added a connector in
server.xml to handle ssl connections.

Starting tomcat correctly establishes the correct connction handlers for
normal http and for ssl(port 8443).

But if I try to start up a https session using https://localhost:8443

I get : IOException in: R( /) Socket closed.

please offer any suggestions

Phillip